1 / 24

VeriSoft

VeriSoft. A Tool for the Automatic Analysis of Concurrent Reactive Software. Represents By Miller Ofer. ***. Content. Demo of simple reactive system. Motivation for using automatic tools. The main idea of the VeriSoft application. Motivation. What is it concurrent system ? :

urbana
Télécharger la présentation

VeriSoft

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. VeriSoft A Tool for the Automatic Analysis of Concurrent Reactive Software Represents By Miller Ofer

  2. *** Content • Demo of simple reactive system. • Motivation for using automatic tools. • The main idea of the VeriSoft application.

  3. Motivation • What is it concurrent system ? : • Concurrent system composes of elements that can be operate concurrently and communicate with each other. • Each component can be view as ‘reactive system’ , i.e ., a system that continuously interacts with its environment . • Example : • Communication protocols.

  4. Motivation • Reactive systems are notably hard to test : • Traditional test are of limited help since test coverage is bound to be only minute of the possible behaviors of the system. • Their components may interact in many unexpected way. • Scenarios leading to errors are often extremely difficult to reproduce.

  5. * The VeriSoft tool • Purposes : • Systematically exploring the state space of systems composed of several concurrent processes executing arbitrary code.

  6. The VeriSoft tool • Purposes : (continuance) • Automatically detect coordinate problems between concurrent processes. • Interactive graphical simulator /debugger is available for following the execution of all the processes.

  7. * The VeriSoft tool • How does its work ? • Each process execute a sequence of operation that can be written by any of c /c++ program • Process communicate with each other by performing operations on communication objects. (i.e. shared variables , semaphores , FIFO buffers) s.v Pi =1 Pi =2

  8. The VeriSoft tool • Basic definitions: • Definition : operations on communication objects are called Visible operations , while other operations are by default called invisibleoperations. • Definition : execution of an operation is said to be blocking if it can not be completed.

  9. The VeriSoft tool • Basic definitions (continuance) : • Definition : global state defined when the next operation to be executed by every process in the system is a visible operation. • Definition :transitionis a visible operation followed by a finite sequence of invisible operation performed by a single process. • Definition : transition whose visible operation is blocking in a global state s is said to be disable in s. Otherwise, the transition is said to be enable in s.

  10. The VeriSoft tool • Basic assumptions : • Assumption : only executions of visible operations may be blocking. • Assumption : every process in the system always eventually attempts to execute a visible operation.

  11. The VeriSoft tool • Once the execution of t from s is complete , the system reaches a global state s` , called the successor of s by t . • The state space of the concurrent system is compose of a global states that are reachable from the initial global state s0 , and of the transitions that are possible between these.

  12. The VeriSoft tool • The “VS__toss” • In case of single “open” reactive system the environment has to be represented ,in practice such environment may not be available . • VS_toss is a simplified representation for the environment to simulate its observable behavior. • VS_toss takes takes as argument a positive integer n , and returns an integer in [0,n]. • This operation consider as a visible and nondeterministic and operation.

  13. ** The VeriSoft tool • What kind of bugs does the application find : • Deadlocks • States where the execution of the next operation of every process in the system is blocking. deadlock

  14. The VeriSoft tool • What kind of bugs does the application find : • Assertion violations • Can be specified by the user with the special operation “VS_assert”. This operation consider as a visible operation. • If the expression evaluate to false , the assertion is said to be violation.

  15. The VeriSoft tool • What kind of bugs does the application find : • Divergence • Occurs when a process does not attempt to execute any visible operation for more than a give (user-specified) amount of time. • Livelocks • Occurs when a process has no enable transition during a sequence of more than a given (user-specified) number of successive global states.

  16. Example • Content • A program of an air conditioning controller. • An environment. • The manual simulation mode. • The automatic simulation mode. • The guided simulation mode.

  17. * First stage Example void AC_controller() { char *message; int is_room_hot=0; /* initially, room is not hot */ int is_door_closed=1; /* and door is closed */ int ac=0; /* so, ac is off */ while (1) { message=(char *)rcv_from_queue(to_me,QSZ); if (strcmp(message,"room_is_hot") == 0) { is_room_hot=1; }; if (strcmp(message,"room_is_cool") == 0) { is_room_hot=0; }; if (strcmp(message,"open_door") == 0) { is_door_closed=0; ac=0; }; Visible Operation on a communication object

  18. * First stage if ((strcmp(message,"close_door") == 0)){ is_door_closed=1; if (is_room_hot) ac=1; }; /* test */ if (is_room_hot && is_door_closed) VS_assert(ac); }; Visible operation of ‘VeriSoft’

  19. * Second stage void Environment() { char *message; message=(char *)malloc(100); while (1) { switch(VS_toss(3)) { case 0: sprintf(message,"room_is_cool"); break; case 1: sprintf(message,"room_is_hot"); break; case 2: sprintf(message,"open_door"); break; case 3: sprintf(message,"close_door"); break; }; send_to_queue(from_me, QSZ, message); }; } Visible operation of ‘VeriSoft’

  20. *** Third stage Trace View : this part display the operations that are visible according to the verisoft terminology: “VS_toss” , “VS_assert” and communication objects like : “send_to_queue” , “rcv_from queue”. Each “process view” shows the current state of the corresponding process. A process whose next instruction is colored in red is currently blocked. 20

  21. *** Third stage The red horizontal bar indicates the current position in this scenario. Process 1 will be colored in blue when the process will be the next process to be scheduled according to the scenario being played. Process 2 will be colored in yellow when another process (e.g. process 1) is about to execute a non-visible operation.

  22. Forth stage • The automatic simulate mode. • In this mode the application explores all possible executions of the system that represented by graph called the “state space” of the system. • By default the application performs a sort of breadth-first search (bfs) in the space state. • In our case the ‘VeriSoft’ application immediately found a scenario leading to an assertion violation. This error trace will be save in a special file named “error1.path”.

  23. Fifth stage The guided simulation mode of the file “error1.path”.

  24. * void AC_controller() { while (1) { message=(char *)rcv_from_queue(to_me,QSZ); if (strcmp(message,"room_is_hot") == 0) { is_room_hot=1; }; if (strcmp(message,"room_is_cool") == 0) { is_room_hot=0; }; if (strcmp(message,"open_door") == 0) { is_door_closed=0; ac=0; }; if ((strcmp(message,"close_door") == 0)){ is_door_closed=1; if (is_room_hot) ac=1; }; if (is_room_hot && is_door_closed) VS_assert(ac); }; Inintialization int is_room_hot=0; int is_door_closed=1; int ac=0;

More Related