SlideShare uma empresa Scribd logo

Uppaal

U
Ulrik Hørlyk Hjort

The document discusses model checking and its advantages over traditional software testing. It describes how model checking uses formal mathematical models and model verification to check for errors early in the development process. The UPPAAL model checking tool is also summarized, including how it allows modeling systems as networks of automata and verifying properties through reachability, safety, and liveness checks. An example ATM system model in UPPAAL is provided to illustrate these concepts.

Tecnologia
1 de 43
Baixar para ler offline
Model Checking with UPPAAL Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BestPractice Consulting — Thursday 31st May, 2012
Background Ulrik Hørlyk Hjort Safety Critical and High Integrity system development since 1997 Defence industry from 1997 Space industry from 2003 Medical industry from 2006 Formal software development since 2003 VDM, Z, B-Method and UPPAAL Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
Overview Use of Model Checking to add value to traditional testing. Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
Traditional Testing Testing involves running a program with a set of inputs and comparing the actual outputs from the program against the expected outputs (as defined in the specification). There are several limitations to using testing as the sole approach to software error detection: Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
Testing Limitations Testing cannot take place until some implementation is available. Correcting errors uncovered by testing could involve retracing many steps and undoing work previously done. If testing is the only approach to error detection then errors in the specification involve the greatest amount of work to rectify. Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
Testing Limitations Testing can only help to uncover errors it cannot guarantee the absence of them. Since, for any application, it is impossible to test every set of input values, residual errors will always have to be accepted. Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
Testing Limitations Testing is always carried out with respect to requirements as laid down in the specification. If the specification document is in any way ambiguous it is open to interpretation, and hence misinterpretation, making testing a rather inexact science. Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
Ambiguous Specification Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
Testing Problems Clearly the specification plays a vital role in the reliability of the software produced. The design, and subsequent implementation, is based upon the information in the specification. The testing process relies upon the developers understanding of the specification to determine whether or not the software is behaving correctly. Misunderstandings in the specification can lead to the delivery of final applications that do not match user requirements. Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
Formal Methods A formal method provides a formal language in which to express the initial specification and all future design steps towards the final program in a unambiguous way. More than just a specification language —it also includes a proof system for demonstrating that each design step preserves the formal meaning captured in the previous step. Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
Formal Methods advantages The discipline required in producing a formal specification of user requirements and the ability to analyse a specification (which only arises if the specification language has a well-defined semantics) allows for feedback on system specifications at early development stages, increasing confidence that the specification accurately captures the real system requirements. Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
Formal Methods advantages Important properties (such as internal consistency) of the initial specification can be checked mathematically and incorporated as run-time checks in the final program. Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
Formal Methods advantages Proofs can help uncover design errors as soon as they are made, rather than having to wait for testing of the final implementation. Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
Formal Methods advantages A proof of program correctness can be constructed that is a much more robust method of achieving program correctness than is testing alone. Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
Formal Methods advantages Formal specifications can help considerably in generating suitable test cases. Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
Model Checking In a model-based approach an abstract mathematical model is built of the data, using abstract mathematical types such as sets and abstract state machines. The behaviour of the operations is then specified directly with respect to this model. Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
The UPPAAL System Integrated tool environment for: System Modelling Simulation of the model Verification of the model Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
The System Editor The system editor is used to create and edit the system model to be analyzed A system model describe a network of a finite number of non-deterministic finite state automata Edges between states may be labeled with: Guards Synchronizations Assignment statements Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
UPPAAL Model Items Initial Location Location Edge Synchronization Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
UPPAAL Model Items class _Factorial { int result; public void Factorial() { for (int i = result-1; i > 1; i--) { result *= i; } } public _Factorial() { result = 5; } public voidShowResult() { System.out.println("Result:" + result); } public static void main(String args[]) { _Factorial fac = new _Factorial(); fac.Factorial(); fac.ShowResult(); } } Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
UPPAAL Model Items Subprogram Synchronization class Hello { private void Put_Line() { System.out.println("Hello World!n"); } public Hello() { Put_Line(); } public static void main(String args[]) { Hello hello = new Hello(); } } Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
UPPAAL Model Items Ada Tasks task body TaskA is begin TaskB.WriteTaskName; end TaskA; task body TaskB is begin accept WriteTaskName do Put_Line("Task B"); end WriteTaskName; end TaskB; Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
UPPAAL Model Items Parametrised Synchronization class Factorial { int result; public int Factorial(int N) { int result = 1; for (int i = N; i > 1; i--) { result *= i; } return result; } public static void main(String args[]) { Factorial fac = new Factorial(); int result = fac.Factorial(5); System.out.println(result); } } Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
The Model Checker (Verifier) The main purpose of a model checker is to verify the model with respect to a requirement specification. Like the model, the requirement specification must be expressed in a formally well-defined and machine readable language. The model checker support three path formulae expressed by temporal logic quantifiers: Reachability : Is the state formular ϕ satisfied from any reachable state ? Safety : ϕ is invariantly true in all reachable states Liveness : ϕ is eventually sastified Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
Quantifiers E : There exists a path A : For all paths G (♦ in UPPAAL) : All states in a path F ( in UPPAAL) : Some states in a path The following combinations are supported: A , A♦, E♦, and E Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
Reachability Properties: E ϕ “ϕ Reachable” E ϕ: It is possible from the initial state to reach a state in which ϕ is satisfied ϕ is true in at least one reachable state Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
Safety Properties: A ϕ “Invariantly ϕ” A ϕ: ϕ holds invariantly ϕ is true in all reachable states Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
Liveness Properties: A ♦ ϕ “Inevitable ϕ” A ♦ ϕ: ϕ will inevitable become true The automaton is guaranteed to eventually reach a state in which ϕ is true ϕ is true in some states of all paths Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
E ϕ “Potentially always ϕ” E ϕ: ϕ is potentially always true There exists a path in which ϕ is true in all states Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
The Simulator The simulator can be used in three ways: Running the system manually and manually choose the transitions to take Going through a trace generated by the verifier Running the system at is own in random mode Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
ATM System E X A M P L E Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
Actors: Customer, Bank System: ATM Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
Customer Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
ATM Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
Bank Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
ATM System Requirements: 1 Transaction is only valid with a bank balance greater than 10 euro 2 Customer gets cash when transaction is done 3 System may not be able to enter a deadlock state Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
Requirement 1 Transaction is only valid with a bank balance greater than 10 euro A (Customer.READY and Bank.TRANSACTION OK) imply Bank.balance >10 Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
Requirement 2 Customer gets cash when transaction is done E ♦ Customer.GET CASH and Bank.TRANSACTION DONE Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
Requirement 3 System may not be able to enter a deadlock state A not deadlock Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
System Automatic test of requirements and MMI flow of insulin pump Javascript with user actions commands and verification of expected result of these First manually written from UML diagrams, MMI flows and requirements Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
System UPPAAL model made from UML diagrams, MMI flows and requirements UPPAAL system locations was annotated with test script actions Full coverages paths of the model found by verifier A full coverage package of test Javascript generated from the model Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
System Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
Test script example expect_mainScreen() { expect(Label(Welcome); expect(Label(BatteryIndicator); } expect_callScreen() { expect(Label(Calling ...); } // Main Script: expect_mainScreen(); insert_card() expect_enter_pincode_screen(); key(5); expect(5); key(1); expect(1); expect_trasactionscreen(); . . . Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking

Recomendados

Software engineering a practitioners approach 8th edition pressman solutions ...
Software engineering a practitioners approach 8th edition pressman solutions ...Software engineering a practitioners approach 8th edition pressman solutions ...
Software engineering a practitioners approach 8th edition pressman solutions ...Drusilla918
 
Unified process model
Unified process modelUnified process model
Unified process modelRyndaMaala
 
SWE-401 - 2. Software Development life cycle (SDLC)
SWE-401 - 2. Software Development life cycle (SDLC)SWE-401 - 2. Software Development life cycle (SDLC)
SWE-401 - 2. Software Development life cycle (SDLC)ghayour abbas
 
Slides chapters 26-27
Slides chapters 26-27Slides chapters 26-27
Slides chapters 26-27Priyanka Shetty
 
Software Engineering Basics.pdf
Software Engineering Basics.pdfSoftware Engineering Basics.pdf
Software Engineering Basics.pdfPriyajit Sen
 
Non Functional Requirement.
Non Functional Requirement.Non Functional Requirement.
Non Functional Requirement.Khushboo Shaukat
 
Language translator
Language translatorLanguage translator
Language translatorSumitSumit26
 
Print function in PHP
Print function in PHPPrint function in PHP
Print function in PHPVineet Kumar Saini
 

Recomendados

Software engineering a practitioners approach 8th edition pressman solutions ...
Software engineering a practitioners approach 8th edition pressman solutions ...Software engineering a practitioners approach 8th edition pressman solutions ...
Software engineering a practitioners approach 8th edition pressman solutions ...Drusilla918
 
Unified process model
Unified process modelUnified process model
Unified process modelRyndaMaala
 
SWE-401 - 2. Software Development life cycle (SDLC)
SWE-401 - 2. Software Development life cycle (SDLC)SWE-401 - 2. Software Development life cycle (SDLC)
SWE-401 - 2. Software Development life cycle (SDLC)ghayour abbas
 
Slides chapters 26-27
Slides chapters 26-27Slides chapters 26-27
Slides chapters 26-27Priyanka Shetty
 
Software Engineering Basics.pdf
Software Engineering Basics.pdfSoftware Engineering Basics.pdf
Software Engineering Basics.pdfPriyajit Sen
 
Non Functional Requirement.
Non Functional Requirement.Non Functional Requirement.
Non Functional Requirement.Khushboo Shaukat
 
Language translator
Language translatorLanguage translator
Language translatorSumitSumit26
 
Print function in PHP
Print function in PHPPrint function in PHP
Print function in PHPVineet Kumar Saini
 
Introduction to Compilers
Introduction to CompilersIntroduction to Compilers
Introduction to CompilersAkhil Kaushik
 
Introducing Uml And Development Process
Introducing Uml And Development ProcessIntroducing Uml And Development Process
Introducing Uml And Development ProcessTerry Cho
 
Compiler Construction Course - Introduction
Compiler Construction Course - IntroductionCompiler Construction Course - Introduction
Compiler Construction Course - IntroductionMuhammad Sanaullah
 
Automation - web testing with selenium
Automation - web testing with seleniumAutomation - web testing with selenium
Automation - web testing with seleniumTzirla Rozental
 
CSE Final Year Project Presentation on Android Application
CSE Final Year Project Presentation on Android ApplicationCSE Final Year Project Presentation on Android Application
CSE Final Year Project Presentation on Android ApplicationAhammad Karim
 
Chapter 1 introduction
Chapter 1 introductionChapter 1 introduction
Chapter 1 introductionPiyush Gogia
 
Project report format computer science
Project report format computer scienceProject report format computer science
Project report format computer scienceThesis Scientist Private Limited
 
FIT-Unit3 chapter2- Computer Languages
FIT-Unit3 chapter2- Computer LanguagesFIT-Unit3 chapter2- Computer Languages
FIT-Unit3 chapter2- Computer Languagesraksharao
 
IGNOU BCS-051 Software Engineering December 2022 - Exam Solutions.docx
IGNOU BCS-051 Software Engineering December 2022 - Exam Solutions.docxIGNOU BCS-051 Software Engineering December 2022 - Exam Solutions.docx
IGNOU BCS-051 Software Engineering December 2022 - Exam Solutions.docxAnilVhatkar
 
Java database connectivity with MYSQL
Java database connectivity with MYSQLJava database connectivity with MYSQL
Java database connectivity with MYSQLAdil Mehmoood
 
Introduction to JavaFX
Introduction to JavaFXIntroduction to JavaFX
Introduction to JavaFXMindfire Solutions
 
Flask
FlaskFlask
FlaskMamta Kumari
 
Computer Graphics 471 Project Report Final
Computer Graphics 471 Project Report FinalComputer Graphics 471 Project Report Final
Computer Graphics 471 Project Report FinalAli Ahmed
 
SE CHAPTER 2 PROCESS MODELS
SE CHAPTER 2 PROCESS MODELSSE CHAPTER 2 PROCESS MODELS
SE CHAPTER 2 PROCESS MODELSAbrar ali
 
Software architecture patterns
Software architecture patternsSoftware architecture patterns
Software architecture patternsRiccardo Cardin
 
UNIT CONVERTER
UNIT CONVERTERUNIT CONVERTER
UNIT CONVERTERNishita Kaptak
 
Introduction Programming Languages
Introduction Programming LanguagesIntroduction Programming Languages
Introduction Programming LanguagesManish Kharotia
 
Software testing ppt
Software testing pptSoftware testing ppt
Software testing pptHeritage Institute Of Tech,India
 
Debugging in visual studio (basic level)
Debugging in visual studio (basic level)Debugging in visual studio (basic level)
Debugging in visual studio (basic level)Larry Nung
 
Compiler
CompilerCompiler
CompilerAchyuth Dorasala
 
International Journal of Engineering Research and Development
International Journal of Engineering Research and DevelopmentInternational Journal of Engineering Research and Development
International Journal of Engineering Research and DevelopmentIJERD Editor
 
Keynote SBST 2014 - Search-Based Testing
Keynote SBST 2014 - Search-Based TestingKeynote SBST 2014 - Search-Based Testing
Keynote SBST 2014 - Search-Based TestingLionel Briand
 

Mais conteúdo relacionado

Mais procurados

Introduction to Compilers
Introduction to CompilersIntroduction to Compilers
Introduction to CompilersAkhil Kaushik
 
Introducing Uml And Development Process
Introducing Uml And Development ProcessIntroducing Uml And Development Process
Introducing Uml And Development ProcessTerry Cho
 
Compiler Construction Course - Introduction
Compiler Construction Course - IntroductionCompiler Construction Course - Introduction
Compiler Construction Course - IntroductionMuhammad Sanaullah
 
Automation - web testing with selenium
Automation - web testing with seleniumAutomation - web testing with selenium
Automation - web testing with seleniumTzirla Rozental
 
CSE Final Year Project Presentation on Android Application
CSE Final Year Project Presentation on Android ApplicationCSE Final Year Project Presentation on Android Application
CSE Final Year Project Presentation on Android ApplicationAhammad Karim
 
Chapter 1 introduction
Chapter 1 introductionChapter 1 introduction
Chapter 1 introductionPiyush Gogia
 
FIT-Unit3 chapter2- Computer Languages
FIT-Unit3 chapter2- Computer LanguagesFIT-Unit3 chapter2- Computer Languages
FIT-Unit3 chapter2- Computer Languagesraksharao
 
IGNOU BCS-051 Software Engineering December 2022 - Exam Solutions.docx
IGNOU BCS-051 Software Engineering December 2022 - Exam Solutions.docxIGNOU BCS-051 Software Engineering December 2022 - Exam Solutions.docx
IGNOU BCS-051 Software Engineering December 2022 - Exam Solutions.docxAnilVhatkar
 
Java database connectivity with MYSQL
Java database connectivity with MYSQLJava database connectivity with MYSQL
Java database connectivity with MYSQLAdil Mehmoood
 
Computer Graphics 471 Project Report Final
Computer Graphics 471 Project Report FinalComputer Graphics 471 Project Report Final
Computer Graphics 471 Project Report FinalAli Ahmed
 
SE CHAPTER 2 PROCESS MODELS
SE CHAPTER 2 PROCESS MODELSSE CHAPTER 2 PROCESS MODELS
SE CHAPTER 2 PROCESS MODELSAbrar ali
 
Software architecture patterns
Software architecture patternsSoftware architecture patterns
Software architecture patternsRiccardo Cardin
 
Introduction Programming Languages
Introduction Programming LanguagesIntroduction Programming Languages
Introduction Programming LanguagesManish Kharotia
 
Debugging in visual studio (basic level)
Debugging in visual studio (basic level)Debugging in visual studio (basic level)
Debugging in visual studio (basic level)Larry Nung
 

Mais procurados (20)

Introduction to Compilers
Introduction to CompilersIntroduction to Compilers
Introduction to Compilers
 
Introducing Uml And Development Process
Introducing Uml And Development ProcessIntroducing Uml And Development Process
Introducing Uml And Development Process
 
Compiler Construction Course - Introduction
Compiler Construction Course - IntroductionCompiler Construction Course - Introduction
Compiler Construction Course - Introduction
 
Automation - web testing with selenium
Automation - web testing with seleniumAutomation - web testing with selenium
Automation - web testing with selenium
 
CSE Final Year Project Presentation on Android Application
CSE Final Year Project Presentation on Android ApplicationCSE Final Year Project Presentation on Android Application
CSE Final Year Project Presentation on Android Application
 
Chapter 1 introduction
Chapter 1 introductionChapter 1 introduction
Chapter 1 introduction
 
Project report format computer science
Project report format computer scienceProject report format computer science
Project report format computer science
 
FIT-Unit3 chapter2- Computer Languages
FIT-Unit3 chapter2- Computer LanguagesFIT-Unit3 chapter2- Computer Languages
FIT-Unit3 chapter2- Computer Languages
 
IGNOU BCS-051 Software Engineering December 2022 - Exam Solutions.docx
IGNOU BCS-051 Software Engineering December 2022 - Exam Solutions.docxIGNOU BCS-051 Software Engineering December 2022 - Exam Solutions.docx
IGNOU BCS-051 Software Engineering December 2022 - Exam Solutions.docx
 
Java database connectivity with MYSQL
Java database connectivity with MYSQLJava database connectivity with MYSQL
Java database connectivity with MYSQL
 
Introduction to JavaFX
Introduction to JavaFXIntroduction to JavaFX
Introduction to JavaFX
 
Flask
FlaskFlask
Flask
 
Computer Graphics 471 Project Report Final
Computer Graphics 471 Project Report FinalComputer Graphics 471 Project Report Final
Computer Graphics 471 Project Report Final
 
SE CHAPTER 2 PROCESS MODELS
SE CHAPTER 2 PROCESS MODELSSE CHAPTER 2 PROCESS MODELS
SE CHAPTER 2 PROCESS MODELS
 
Software architecture patterns
Software architecture patternsSoftware architecture patterns
Software architecture patterns
 
UNIT CONVERTER
UNIT CONVERTERUNIT CONVERTER
UNIT CONVERTER
 
Introduction Programming Languages
Introduction Programming LanguagesIntroduction Programming Languages
Introduction Programming Languages
 
Software testing ppt
Software testing pptSoftware testing ppt
Software testing ppt
 
Debugging in visual studio (basic level)
Debugging in visual studio (basic level)Debugging in visual studio (basic level)
Debugging in visual studio (basic level)
 
Compiler
CompilerCompiler
Compiler
 

Semelhante a Uppaal

International Journal of Engineering Research and Development
International Journal of Engineering Research and DevelopmentInternational Journal of Engineering Research and Development
International Journal of Engineering Research and DevelopmentIJERD Editor
 
Keynote SBST 2014 - Search-Based Testing
Keynote SBST 2014 - Search-Based TestingKeynote SBST 2014 - Search-Based Testing
Keynote SBST 2014 - Search-Based TestingLionel Briand
 
Agile in Medical Software Development
Agile in Medical Software DevelopmentAgile in Medical Software Development
Agile in Medical Software DevelopmentBernhard Kappe
 
Hardware In Loop - Hil Testing Syste For Firmware Tests.ppt
Hardware In Loop - Hil Testing Syste For Firmware Tests.pptHardware In Loop - Hil Testing Syste For Firmware Tests.ppt
Hardware In Loop - Hil Testing Syste For Firmware Tests.pptTMCS India
 
Basic of Software Testing.pptx
Basic of Software Testing.pptxBasic of Software Testing.pptx
Basic of Software Testing.pptxaparna14patil
 
Bloor: Test Design Automation
Bloor: Test Design AutomationBloor: Test Design Automation
Bloor: Test Design AutomationTestplant
 
Foundations of Software Testing Lecture 4
Foundations of Software Testing Lecture 4Foundations of Software Testing Lecture 4
Foundations of Software Testing Lecture 4Iosif Itkin
 
Agile for Software as a Medical Device
Agile for Software as a Medical DeviceAgile for Software as a Medical Device
Agile for Software as a Medical DeviceOrthogonal
 
Zero-bug Software, Mathematically Guaranteed
Zero-bug Software, Mathematically GuaranteedZero-bug Software, Mathematically Guaranteed
Zero-bug Software, Mathematically GuaranteedAshley Zupkus
 
Hardware-In-Loop (Hil) Testing System for Firmware Tests.docx
Hardware-In-Loop (Hil) Testing System for Firmware Tests.docxHardware-In-Loop (Hil) Testing System for Firmware Tests.docx
Hardware-In-Loop (Hil) Testing System for Firmware Tests.docxTMCS India
 
Deciding what and when to automate in testing: Experience from multiple projects
Deciding what and when to automate in testing: Experience from multiple projectsDeciding what and when to automate in testing: Experience from multiple projects
Deciding what and when to automate in testing: Experience from multiple projectsVahid Garousi
 
Model-based Conformance Testing of Security Properties
Model-based Conformance Testing of Security PropertiesModel-based Conformance Testing of Security Properties
Model-based Conformance Testing of Security PropertiesAchim D. Brucker
 
Quality Assurance with Manual Testing
Quality Assurance with Manual TestingQuality Assurance with Manual Testing
Quality Assurance with Manual TestingEdureka!
 
Software Modeling and Verification
Software Modeling and VerificationSoftware Modeling and Verification
Software Modeling and VerificationRamnGonzlezRuiz2
 
Automating The Process For Building Reliable Software
Automating The Process For Building Reliable SoftwareAutomating The Process For Building Reliable Software
Automating The Process For Building Reliable Softwareguest8861ff
 
Study material for machenicql engenering student
Study material for machenicql engenering studentStudy material for machenicql engenering student
Study material for machenicql engenering studentWasifAli366658
 
Staroletov testing TDD BDD MBT
Staroletov testing TDD BDD MBTStaroletov testing TDD BDD MBT
Staroletov testing TDD BDD MBTSergey Staroletov
 

Semelhante a Uppaal (20)

International Journal of Engineering Research and Development
International Journal of Engineering Research and DevelopmentInternational Journal of Engineering Research and Development
International Journal of Engineering Research and Development
 
Keynote SBST 2014 - Search-Based Testing
Keynote SBST 2014 - Search-Based TestingKeynote SBST 2014 - Search-Based Testing
Keynote SBST 2014 - Search-Based Testing
 
Agile in Medical Software Development
Agile in Medical Software DevelopmentAgile in Medical Software Development
Agile in Medical Software Development
 
Hardware In Loop - Hil Testing Syste For Firmware Tests.ppt
Hardware In Loop - Hil Testing Syste For Firmware Tests.pptHardware In Loop - Hil Testing Syste For Firmware Tests.ppt
Hardware In Loop - Hil Testing Syste For Firmware Tests.ppt
 
Basic of Software Testing.pptx
Basic of Software Testing.pptxBasic of Software Testing.pptx
Basic of Software Testing.pptx
 
Bloor: Test Design Automation
Bloor: Test Design AutomationBloor: Test Design Automation
Bloor: Test Design Automation
 
PHP_eVoting
PHP_eVotingPHP_eVoting
PHP_eVoting
 
Foundations of Software Testing Lecture 4
Foundations of Software Testing Lecture 4Foundations of Software Testing Lecture 4
Foundations of Software Testing Lecture 4
 
Project P Open Workshop
Project P Open WorkshopProject P Open Workshop
Project P Open Workshop
 
Agile for Software as a Medical Device
Agile for Software as a Medical DeviceAgile for Software as a Medical Device
Agile for Software as a Medical Device
 
Zero-bug Software, Mathematically Guaranteed
Zero-bug Software, Mathematically GuaranteedZero-bug Software, Mathematically Guaranteed
Zero-bug Software, Mathematically Guaranteed
 
Hardware-In-Loop (Hil) Testing System for Firmware Tests.docx
Hardware-In-Loop (Hil) Testing System for Firmware Tests.docxHardware-In-Loop (Hil) Testing System for Firmware Tests.docx
Hardware-In-Loop (Hil) Testing System for Firmware Tests.docx
 
Deciding what and when to automate in testing: Experience from multiple projects
Deciding what and when to automate in testing: Experience from multiple projectsDeciding what and when to automate in testing: Experience from multiple projects
Deciding what and when to automate in testing: Experience from multiple projects
 
Model-based Conformance Testing of Security Properties
Model-based Conformance Testing of Security PropertiesModel-based Conformance Testing of Security Properties
Model-based Conformance Testing of Security Properties
 
Quality Assurance with Manual Testing
Quality Assurance with Manual TestingQuality Assurance with Manual Testing
Quality Assurance with Manual Testing
 
Software Modeling and Verification
Software Modeling and VerificationSoftware Modeling and Verification
Software Modeling and Verification
 
Automating The Process For Building Reliable Software
Automating The Process For Building Reliable SoftwareAutomating The Process For Building Reliable Software
Automating The Process For Building Reliable Software
 
Study material for machenicql engenering student
Study material for machenicql engenering studentStudy material for machenicql engenering student
Study material for machenicql engenering student
 
Staroletov testing TDD BDD MBT
Staroletov testing TDD BDD MBTStaroletov testing TDD BDD MBT
Staroletov testing TDD BDD MBT
 
Ch8.Testing.pptx
Ch8.Testing.pptxCh8.Testing.pptx
Ch8.Testing.pptx
 

Último

2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamUiPathCommunity
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Angeliki Cooney
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024The Digital Insurer
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 

Último (20)

2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 

Uppaal

  • 1. Model Checking with UPPAAL Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BestPractice Consulting — Thursday 31st May, 2012
  • 2. Background Ulrik Hørlyk Hjort Safety Critical and High Integrity system development since 1997 Defence industry from 1997 Space industry from 2003 Medical industry from 2006 Formal software development since 2003 VDM, Z, B-Method and UPPAAL Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
  • 3. Overview Use of Model Checking to add value to traditional testing. Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
  • 4. Traditional Testing Testing involves running a program with a set of inputs and comparing the actual outputs from the program against the expected outputs (as defined in the specification). There are several limitations to using testing as the sole approach to software error detection: Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
  • 5. Testing Limitations Testing cannot take place until some implementation is available. Correcting errors uncovered by testing could involve retracing many steps and undoing work previously done. If testing is the only approach to error detection then errors in the specification involve the greatest amount of work to rectify. Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
  • 6. Testing Limitations Testing can only help to uncover errors it cannot guarantee the absence of them. Since, for any application, it is impossible to test every set of input values, residual errors will always have to be accepted. Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
  • 7. Testing Limitations Testing is always carried out with respect to requirements as laid down in the specification. If the specification document is in any way ambiguous it is open to interpretation, and hence misinterpretation, making testing a rather inexact science. Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
  • 8. Ambiguous Specification Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
  • 9. Testing Problems Clearly the specification plays a vital role in the reliability of the software produced. The design, and subsequent implementation, is based upon the information in the specification. The testing process relies upon the developers understanding of the specification to determine whether or not the software is behaving correctly. Misunderstandings in the specification can lead to the delivery of final applications that do not match user requirements. Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
  • 10. Formal Methods A formal method provides a formal language in which to express the initial specification and all future design steps towards the final program in a unambiguous way. More than just a specification language —it also includes a proof system for demonstrating that each design step preserves the formal meaning captured in the previous step. Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
  • 11. Formal Methods advantages The discipline required in producing a formal specification of user requirements and the ability to analyse a specification (which only arises if the specification language has a well-defined semantics) allows for feedback on system specifications at early development stages, increasing confidence that the specification accurately captures the real system requirements. Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
  • 12. Formal Methods advantages Important properties (such as internal consistency) of the initial specification can be checked mathematically and incorporated as run-time checks in the final program. Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
  • 13. Formal Methods advantages Proofs can help uncover design errors as soon as they are made, rather than having to wait for testing of the final implementation. Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
  • 14. Formal Methods advantages A proof of program correctness can be constructed that is a much more robust method of achieving program correctness than is testing alone. Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
  • 15. Formal Methods advantages Formal specifications can help considerably in generating suitable test cases. Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
  • 16. Model Checking In a model-based approach an abstract mathematical model is built of the data, using abstract mathematical types such as sets and abstract state machines. The behaviour of the operations is then specified directly with respect to this model. Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
  • 17. The UPPAAL System Integrated tool environment for: System Modelling Simulation of the model Verification of the model Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
  • 18. The System Editor The system editor is used to create and edit the system model to be analyzed A system model describe a network of a finite number of non-deterministic finite state automata Edges between states may be labeled with: Guards Synchronizations Assignment statements Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
  • 19. UPPAAL Model Items Initial Location Location Edge Synchronization Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
  • 20. UPPAAL Model Items class _Factorial { int result; public void Factorial() { for (int i = result-1; i > 1; i--) { result *= i; } } public _Factorial() { result = 5; } public voidShowResult() { System.out.println("Result:" + result); } public static void main(String args[]) { _Factorial fac = new _Factorial(); fac.Factorial(); fac.ShowResult(); } } Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
  • 21. UPPAAL Model Items Subprogram Synchronization class Hello { private void Put_Line() { System.out.println("Hello World!n"); } public Hello() { Put_Line(); } public static void main(String args[]) { Hello hello = new Hello(); } } Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
  • 22. UPPAAL Model Items Ada Tasks task body TaskA is begin TaskB.WriteTaskName; end TaskA; task body TaskB is begin accept WriteTaskName do Put_Line("Task B"); end WriteTaskName; end TaskB; Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
  • 23. UPPAAL Model Items Parametrised Synchronization class Factorial { int result; public int Factorial(int N) { int result = 1; for (int i = N; i > 1; i--) { result *= i; } return result; } public static void main(String args[]) { Factorial fac = new Factorial(); int result = fac.Factorial(5); System.out.println(result); } } Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
  • 24. The Model Checker (Verifier) The main purpose of a model checker is to verify the model with respect to a requirement specification. Like the model, the requirement specification must be expressed in a formally well-defined and machine readable language. The model checker support three path formulae expressed by temporal logic quantifiers: Reachability : Is the state formular ϕ satisfied from any reachable state ? Safety : ϕ is invariantly true in all reachable states Liveness : ϕ is eventually sastified Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
  • 25. Quantifiers E : There exists a path A : For all paths G (♦ in UPPAAL) : All states in a path F ( in UPPAAL) : Some states in a path The following combinations are supported: A , A♦, E♦, and E Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
  • 26. Reachability Properties: E ϕ “ϕ Reachable” E ϕ: It is possible from the initial state to reach a state in which ϕ is satisfied ϕ is true in at least one reachable state Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
  • 27. Safety Properties: A ϕ “Invariantly ϕ” A ϕ: ϕ holds invariantly ϕ is true in all reachable states Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
  • 28. Liveness Properties: A ♦ ϕ “Inevitable ϕ” A ♦ ϕ: ϕ will inevitable become true The automaton is guaranteed to eventually reach a state in which ϕ is true ϕ is true in some states of all paths Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
  • 29. E ϕ “Potentially always ϕ” E ϕ: ϕ is potentially always true There exists a path in which ϕ is true in all states Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
  • 30. The Simulator The simulator can be used in three ways: Running the system manually and manually choose the transitions to take Going through a trace generated by the verifier Running the system at is own in random mode Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
  • 31. ATM System E X A M P L E Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
  • 32. Actors: Customer, Bank System: ATM Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
  • 33. Customer Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
  • 34. ATM Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
  • 35. Bank Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
  • 36. ATM System Requirements: 1 Transaction is only valid with a bank balance greater than 10 euro 2 Customer gets cash when transaction is done 3 System may not be able to enter a deadlock state Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
  • 37. Requirement 1 Transaction is only valid with a bank balance greater than 10 euro A (Customer.READY and Bank.TRANSACTION OK) imply Bank.balance >10 Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
  • 38. Requirement 2 Customer gets cash when transaction is done E ♦ Customer.GET CASH and Bank.TRANSACTION DONE Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
  • 39. Requirement 3 System may not be able to enter a deadlock state A not deadlock Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
  • 40. System Automatic test of requirements and MMI flow of insulin pump Javascript with user actions commands and verification of expected result of these First manually written from UML diagrams, MMI flows and requirements Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
  • 41. System UPPAAL model made from UML diagrams, MMI flows and requirements UPPAAL system locations was annotated with test script actions Full coverages paths of the model found by verifier A full coverage package of test Javascript generated from the model Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
  • 42. System Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
  • 43. Test script example expect_mainScreen() { expect(Label(Welcome); expect(Label(BatteryIndicator); } expect_callScreen() { expect(Label(Calling ...); } // Main Script: expect_mainScreen(); insert_card() expect_enter_pincode_screen(); key(5); expect(5); key(1); expect(1); expect_trasactionscreen(); . . . Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking