Test & Verifikation - Aalborg...
Transcript of Test & Verifikation - Aalborg...
![Page 1: Test & Verifikation - Aalborg Universitetpeople.cs.aau.dk/~bnielsen/TOV07/lektioner/TOV07Lecture1.pdf · HW&K Kontrol SW Mekatr. HW&K SW Kontrol Mekatr. IIS 1) 2) 3) DaNES Danish](https://reader033.fdocuments.net/reader033/viewer/2022060313/5f0b52f97e708231d42ff40b/html5/thumbnails/1.jpg)
UCb
Kim Guldstrand LarsenBrian NielsenArne Skou
Test & Test & VerifikationVerifikation
![Page 2: Test & Verifikation - Aalborg Universitetpeople.cs.aau.dk/~bnielsen/TOV07/lektioner/TOV07Lecture1.pdf · HW&K Kontrol SW Mekatr. HW&K SW Kontrol Mekatr. IIS 1) 2) 3) DaNES Danish](https://reader033.fdocuments.net/reader033/viewer/2022060313/5f0b52f97e708231d42ff40b/html5/thumbnails/2.jpg)
2Kim G. Larsen
UCbPlan for kursus
![Page 3: Test & Verifikation - Aalborg Universitetpeople.cs.aau.dk/~bnielsen/TOV07/lektioner/TOV07Lecture1.pdf · HW&K Kontrol SW Mekatr. HW&K SW Kontrol Mekatr. IIS 1) 2) 3) DaNES Danish](https://reader033.fdocuments.net/reader033/viewer/2022060313/5f0b52f97e708231d42ff40b/html5/thumbnails/3.jpg)
3Kim G. Larsen
UCbPlan for kursus
![Page 4: Test & Verifikation - Aalborg Universitetpeople.cs.aau.dk/~bnielsen/TOV07/lektioner/TOV07Lecture1.pdf · HW&K Kontrol SW Mekatr. HW&K SW Kontrol Mekatr. IIS 1) 2) 3) DaNES Danish](https://reader033.fdocuments.net/reader033/viewer/2022060313/5f0b52f97e708231d42ff40b/html5/thumbnails/4.jpg)
4Kim G. Larsen
UCb
Plan
Background Research Group and Projects
Why (and what) test and verificationModel-based approach
Finite State Machines (review)Interacting State Machines
Verification=Model Checking (1st glance)Model-based Testing (1st glance)
![Page 5: Test & Verifikation - Aalborg Universitetpeople.cs.aau.dk/~bnielsen/TOV07/lektioner/TOV07Lecture1.pdf · HW&K Kontrol SW Mekatr. HW&K SW Kontrol Mekatr. IIS 1) 2) 3) DaNES Danish](https://reader033.fdocuments.net/reader033/viewer/2022060313/5f0b52f97e708231d42ff40b/html5/thumbnails/5.jpg)
5Kim G. Larsen
UCbResearch ProfileDistributed Systems & Semantics Unit
Info
rmationst
eknolo
gi
Research Evaluation, Sæby, January 12, 2006 5
Concurrency TheoryFoundation for system behavior
Verification and ValidationTools for model checking
Networks and Operating SystemsImplementation and constructionof platforms
Embedded Systems MethodologyMethods for specification, design, analysis, testing …
Industrial applications
![Page 6: Test & Verifikation - Aalborg Universitetpeople.cs.aau.dk/~bnielsen/TOV07/lektioner/TOV07Lecture1.pdf · HW&K Kontrol SW Mekatr. HW&K SW Kontrol Mekatr. IIS 1) 2) 3) DaNES Danish](https://reader033.fdocuments.net/reader033/viewer/2022060313/5f0b52f97e708231d42ff40b/html5/thumbnails/6.jpg)
6Kim G. Larsen
UCbBRICS MachineBasic Research in Computer Science, 1993-2006
30+40+40 Millkr
100
100
Aalborg Aarhus
Tools
Other revelvant projectsARTIST, AMETIST
![Page 7: Test & Verifikation - Aalborg Universitetpeople.cs.aau.dk/~bnielsen/TOV07/lektioner/TOV07Lecture1.pdf · HW&K Kontrol SW Mekatr. HW&K SW Kontrol Mekatr. IIS 1) 2) 3) DaNES Danish](https://reader033.fdocuments.net/reader033/viewer/2022060313/5f0b52f97e708231d42ff40b/html5/thumbnails/7.jpg)
7Kim G. Larsen
UCb
Tools and BRICS
Logic• Temporal Logic• Modal Logic• MSOL ••
Algorithmic• (Timed) Automata Theory• Graph Theory• BDDs• Polyhedra Manipulation••
Semantics• Concurrency Theory• Abstract Interpretation• Compositionality• Models for real-time
& hybrid systems••
HOL TLP
Applications
PVS ALFSPIN
visualSTATE UPPAAL
Semantics & Verification(DAT4)Every Thursday afternoon
![Page 8: Test & Verifikation - Aalborg Universitetpeople.cs.aau.dk/~bnielsen/TOV07/lektioner/TOV07Lecture1.pdf · HW&K Kontrol SW Mekatr. HW&K SW Kontrol Mekatr. IIS 1) 2) 3) DaNES Danish](https://reader033.fdocuments.net/reader033/viewer/2022060313/5f0b52f97e708231d42ff40b/html5/thumbnails/8.jpg)
IDA foredrag 20.4.99 8
Center for Indlejrede Software Systemer
![Page 9: Test & Verifikation - Aalborg Universitetpeople.cs.aau.dk/~bnielsen/TOV07/lektioner/TOV07Lecture1.pdf · HW&K Kontrol SW Mekatr. HW&K SW Kontrol Mekatr. IIS 1) 2) 3) DaNES Danish](https://reader033.fdocuments.net/reader033/viewer/2022060313/5f0b52f97e708231d42ff40b/html5/thumbnails/9.jpg)
Why CISS ?
80% of all software is embedded Demands for
increased functionality with minimal resources
Requires multitude of skillsSoftware constructionHardware platformsControl theoryComm. technology
Goal:Give a qualitative lift to current industrial practice
!!!!!
![Page 10: Test & Verifikation - Aalborg Universitetpeople.cs.aau.dk/~bnielsen/TOV07/lektioner/TOV07Lecture1.pdf · HW&K Kontrol SW Mekatr. HW&K SW Kontrol Mekatr. IIS 1) 2) 3) DaNES Danish](https://reader033.fdocuments.net/reader033/viewer/2022060313/5f0b52f97e708231d42ff40b/html5/thumbnails/10.jpg)
CISS Structure
Institut for Datalogi
Institut for Datalogi
Institut for Elektroniske Systemer
Institut for Elektroniske Systemer
BRICS@AalborgModelling and Validation;Programming Languages;
Software Engineering
BRICS@AalborgModelling and Validation;Programming Languages;
Software Engineering
Embedded SystemsCommunication;
HW/SWPower Management
Embedded SystemsCommunication;
HW/SWPower Management
DistributedReal Time Systems
Control Theory;Real Time Systems;
Networking.
DistributedReal Time Systems
Control Theory;Real Time Systems;
Networking.
IKT VirksomhederIKT Virksomheder
Eksterne kontakter:EE&CS BerkeleyES OldenborgES HollandARTIST
Eksterne kontakter:EE&CS BerkeleyES OldenborgES HollandARTIST
MVTU25.5 MDKK
MVTU25.5 MDKK
Nordjyllands AmtAalborg Kommune12 MDKK
Nordjyllands AmtAalborg Kommune12 MDKK
AAU12.75 MDKK
AAU12.75 MDKK
Virksomheder12.75 MDKK
Virksomheder12.75 MDKK
![Page 11: Test & Verifikation - Aalborg Universitetpeople.cs.aau.dk/~bnielsen/TOV07/lektioner/TOV07Lecture1.pdf · HW&K Kontrol SW Mekatr. HW&K SW Kontrol Mekatr. IIS 1) 2) 3) DaNES Danish](https://reader033.fdocuments.net/reader033/viewer/2022060313/5f0b52f97e708231d42ff40b/html5/thumbnails/11.jpg)
Partners
S-Card
RTX Telecom
Analog Devices
Aeromark
Simrad
Danfoss
Grundfos
IAR Systems
GateHouse
Ericsson Telebit
MAN B&W
Aalborg Industries
Motorola
SkovBlip Systems
Novo Nordisk
FOSS
Exhausto
ETI
TK Systemtest
SpaceCom
Panasonic
TDC Totalløsninger
![Page 12: Test & Verifikation - Aalborg Universitetpeople.cs.aau.dk/~bnielsen/TOV07/lektioner/TOV07Lecture1.pdf · HW&K Kontrol SW Mekatr. HW&K SW Kontrol Mekatr. IIS 1) 2) 3) DaNES Danish](https://reader033.fdocuments.net/reader033/viewer/2022060313/5f0b52f97e708231d42ff40b/html5/thumbnails/12.jpg)
CISS on the way
Kick-start, 2001: 700.000 DKK
Northern Jutland Region & City of Aalborg
35 projects20 CISS employees25 CISS associatedresearcher at 3 differentresearch groups at AAU.
50% over budgetteret industrial financing
19 industrial Ph.D.’sinitiated
Jutland-Fun IT-initiative, 2002:
25,5 mil. kr Ministry6 mil. kr North Jutland6 mil. kr Aalborg City
12,75 mil. kr Companies12,75 mil. kr AAU
![Page 13: Test & Verifikation - Aalborg Universitetpeople.cs.aau.dk/~bnielsen/TOV07/lektioner/TOV07Lecture1.pdf · HW&K Kontrol SW Mekatr. HW&K SW Kontrol Mekatr. IIS 1) 2) 3) DaNES Danish](https://reader033.fdocuments.net/reader033/viewer/2022060313/5f0b52f97e708231d42ff40b/html5/thumbnails/13.jpg)
Focus Areas
Applications
Technology
Tools
Modeling
MethodsProtokoller
Design- ogProg.sprog
Operativsystem
HW platform
GPSOpen source
Home automationMobile robotter
Intelligente sensorerAd hoc netværk
MobiltlfAudio/Video
Konsum elektrKontrolsystemer
AutomobileX-by wire
Algo
ritm
ik
SW-u
dvikl
ingRe
souc
e(P
ower
) Man
gem
ent
Relia
bility
Test
& Va
lider
ingHy
bride
syste
mer
Kom
mun
ikatio
nste
ori
![Page 14: Test & Verifikation - Aalborg Universitetpeople.cs.aau.dk/~bnielsen/TOV07/lektioner/TOV07Lecture1.pdf · HW&K Kontrol SW Mekatr. HW&K SW Kontrol Mekatr. IIS 1) 2) 3) DaNES Danish](https://reader033.fdocuments.net/reader033/viewer/2022060313/5f0b52f97e708231d42ff40b/html5/thumbnails/14.jpg)
Focus Areas
Applications
Technology
Tools
Modeling
MethodsProtokoller
Design- ogProg.sprog
Operativsystem
HW platform
GPSOpen source
Home automationMobile robotter
Intelligente sensorerAd hoc netværk
MobiltlfAudio/Video
Konsum elektrKontrolsystemer
AutomobileX-by wire
Algo
ritm
ik
SW-u
dvikl
ingRe
souc
e(P
ower
) Man
gem
ent
Relia
bility
Test
& Va
lider
ingHy
bride
syste
mer
Kom
mun
ikatio
nste
ori
Model based development
Intellingent sensor networkIT in automation
Embedded and RT OS
RT
RT Java Lab
Resource Optimal Scheduling
Testing and Verification
HW/SW Co-design / Design Space Exploration
Embedded Security
![Page 15: Test & Verifikation - Aalborg Universitetpeople.cs.aau.dk/~bnielsen/TOV07/lektioner/TOV07Lecture1.pdf · HW&K Kontrol SW Mekatr. HW&K SW Kontrol Mekatr. IIS 1) 2) 3) DaNES Danish](https://reader033.fdocuments.net/reader033/viewer/2022060313/5f0b52f97e708231d42ff40b/html5/thumbnails/15.jpg)
Local Regional National
HW&K
Kontrol
SW
Mekatr.
HW&K
SW
Mekatr.Kontrol
IIS
1)
2)
3)
DaNESDanish Network for Intelligent Embedded SystemsPARTNERS
CISS, IMM, MCI, PAJ SystemteknikGateHouse A/SICE Power Skov A/S Terma A/SNovo Nordisk A/S IO Technologies
Funded by Højteknologifonden
Budget63 MDKK / 4 years
![Page 16: Test & Verifikation - Aalborg Universitetpeople.cs.aau.dk/~bnielsen/TOV07/lektioner/TOV07Lecture1.pdf · HW&K Kontrol SW Mekatr. HW&K SW Kontrol Mekatr. IIS 1) 2) 3) DaNES Danish](https://reader033.fdocuments.net/reader033/viewer/2022060313/5f0b52f97e708231d42ff40b/html5/thumbnails/16.jpg)
Local Regional National
DaNES
![Page 17: Test & Verifikation - Aalborg Universitetpeople.cs.aau.dk/~bnielsen/TOV07/lektioner/TOV07Lecture1.pdf · HW&K Kontrol SW Mekatr. HW&K SW Kontrol Mekatr. IIS 1) 2) 3) DaNES Danish](https://reader033.fdocuments.net/reader033/viewer/2022060313/5f0b52f97e708231d42ff40b/html5/thumbnails/17.jpg)
Local Regional National International
Testing & VerificationCISS koordinator
Network of Excellence
EU’s 7th Framework
ARTEMIS Research Platform
Centers of Excellence
6,5MEuro, 32 partners
![Page 18: Test & Verifikation - Aalborg Universitetpeople.cs.aau.dk/~bnielsen/TOV07/lektioner/TOV07Lecture1.pdf · HW&K Kontrol SW Mekatr. HW&K SW Kontrol Mekatr. IIS 1) 2) 3) DaNES Danish](https://reader033.fdocuments.net/reader033/viewer/2022060313/5f0b52f97e708231d42ff40b/html5/thumbnails/18.jpg)
18Kim G. Larsen
UCbHvorfor T&V ?
Fejl i indlejret software forbundet med voldsommeudgifter.
Michael WilliamsResearch Director, Ericsson,
SE
![Page 19: Test & Verifikation - Aalborg Universitetpeople.cs.aau.dk/~bnielsen/TOV07/lektioner/TOV07Lecture1.pdf · HW&K Kontrol SW Mekatr. HW&K SW Kontrol Mekatr. IIS 1) 2) 3) DaNES Danish](https://reader033.fdocuments.net/reader033/viewer/2022060313/5f0b52f97e708231d42ff40b/html5/thumbnails/19.jpg)
19Kim G. Larsen
UCb
![Page 20: Test & Verifikation - Aalborg Universitetpeople.cs.aau.dk/~bnielsen/TOV07/lektioner/TOV07Lecture1.pdf · HW&K Kontrol SW Mekatr. HW&K SW Kontrol Mekatr. IIS 1) 2) 3) DaNES Danish](https://reader033.fdocuments.net/reader033/viewer/2022060313/5f0b52f97e708231d42ff40b/html5/thumbnails/20.jpg)
20Kim G. Larsen
UCb
Hvorfor T&V ? Fejl i indlejret software forbundet med voldsommeudgifter.
30-40% af udviklingstidbruges på tidskrævende, ad-hoc aftestning.
Potentialet for forbedredede metoder ogværktøjer enormt.
“Time-to-market” kanreduces betydeligt vedbrug af tidlig verifikation ogperformanceanalyseMichael Williams
Research Director, Ericsson, SE
Hvorfor T&V ?
![Page 21: Test & Verifikation - Aalborg Universitetpeople.cs.aau.dk/~bnielsen/TOV07/lektioner/TOV07Lecture1.pdf · HW&K Kontrol SW Mekatr. HW&K SW Kontrol Mekatr. IIS 1) 2) 3) DaNES Danish](https://reader033.fdocuments.net/reader033/viewer/2022060313/5f0b52f97e708231d42ff40b/html5/thumbnails/21.jpg)
21Kim G. Larsen
UCb
System
Verifikation og Test
/* Wait for events */void OS_Wait(void);
/* Operating system visualSTATE process. Mimics a OS process for a* visualSTATE system. In this implementation this is the mainloop* interfacing to the visualSTATE basic API. */void OS_VS_Process(void);
/* Define completion code variable. */unsigned char cc;
void HandleError(unsigned char ccArg){printf("Error code %c detected, exiting application.\n", ccArg);exit(ccArg);
}
/* In d-241 we only use the OS_Wait call. It is used to simulate a* system. It purpose is to generate events. How this is done is up to* you.*/void OS_Wait(void){/* Ignore the parameters; just retrieve events from the keyboard and* put them into the queue. When EVENT_UNDEFINED is read from the* keyboard, return to the calling process. */SEM_EVENT_TYPE event;int num;
/* Wait for events */void OS_Wait(void);
/* Operating system visualSTATE process. Mimics a OS process for a* visualSTATE system. In this implementation this is the mainloop* interfacing to the visualSTATE basic API. */void OS_VS_Process(void);
/* Define completion code variable. */unsigned char cc;
void HandleError(unsigned char ccArg){printf("Error code %c detected, exiting application.\n", ccArg);exit(ccArg);
}
/* In d-241 we only use the OS_Wait call. It is used to simulate a* system. It purpose is to generate events. How this is done is up to* you.*/void OS_Wait(void){/* Ignore the parameters; just retrieve events from the keyboard and* put them into the queue. When EVENT_UNDEFINED is read from the* keyboard, return to the calling process. */SEM_EVENT_TYPE event;int num;
Kode
Spec
ΦΦΦΦ
• VerifikationKode/Model mht Spec
• Test System mht Model/Spec
• VerifikationKode/Model mht Spec
• Test System mht Model/Spec
Model
![Page 22: Test & Verifikation - Aalborg Universitetpeople.cs.aau.dk/~bnielsen/TOV07/lektioner/TOV07Lecture1.pdf · HW&K Kontrol SW Mekatr. HW&K SW Kontrol Mekatr. IIS 1) 2) 3) DaNES Danish](https://reader033.fdocuments.net/reader033/viewer/2022060313/5f0b52f97e708231d42ff40b/html5/thumbnails/22.jpg)
22Kim G. Larsen
UCbTest versus VerifikationAirbus Control Panel
T1 T3 T5 T1 … T4 T3
E F E E G H … H A
A
A
A A
A
A A
B
B B
B BBB
2n sekvenser af lgd n
TEST VERIFIKATION
Deadlock identificeret vedVERIFIKATIONefter sekvens på
2000 telegrammer / < 1min.
UPPAAL
![Page 23: Test & Verifikation - Aalborg Universitetpeople.cs.aau.dk/~bnielsen/TOV07/lektioner/TOV07Lecture1.pdf · HW&K Kontrol SW Mekatr. HW&K SW Kontrol Mekatr. IIS 1) 2) 3) DaNES Danish](https://reader033.fdocuments.net/reader033/viewer/2022060313/5f0b52f97e708231d42ff40b/html5/thumbnails/23.jpg)
23Kim G. Larsen
UCb
Introducing, Detecting and Repairing Errors Liggesmeyer 98
![Page 24: Test & Verifikation - Aalborg Universitetpeople.cs.aau.dk/~bnielsen/TOV07/lektioner/TOV07Lecture1.pdf · HW&K Kontrol SW Mekatr. HW&K SW Kontrol Mekatr. IIS 1) 2) 3) DaNES Danish](https://reader033.fdocuments.net/reader033/viewer/2022060313/5f0b52f97e708231d42ff40b/html5/thumbnails/24.jpg)
24Kim G. Larsen
UCb
Introducing, Detecting and Repairing Errors Liggesmeyer 98
![Page 25: Test & Verifikation - Aalborg Universitetpeople.cs.aau.dk/~bnielsen/TOV07/lektioner/TOV07Lecture1.pdf · HW&K Kontrol SW Mekatr. HW&K SW Kontrol Mekatr. IIS 1) 2) 3) DaNES Danish](https://reader033.fdocuments.net/reader033/viewer/2022060313/5f0b52f97e708231d42ff40b/html5/thumbnails/25.jpg)
25Kim G. Larsen
UCb
A very complex system
Klaus Havelund, NASA
![Page 26: Test & Verifikation - Aalborg Universitetpeople.cs.aau.dk/~bnielsen/TOV07/lektioner/TOV07Lecture1.pdf · HW&K Kontrol SW Mekatr. HW&K SW Kontrol Mekatr. IIS 1) 2) 3) DaNES Danish](https://reader033.fdocuments.net/reader033/viewer/2022060313/5f0b52f97e708231d42ff40b/html5/thumbnails/26.jpg)
26Kim G. Larsen
UCb
Rotterdam Storm Surge Barrier
![Page 27: Test & Verifikation - Aalborg Universitetpeople.cs.aau.dk/~bnielsen/TOV07/lektioner/TOV07Lecture1.pdf · HW&K Kontrol SW Mekatr. HW&K SW Kontrol Mekatr. IIS 1) 2) 3) DaNES Danish](https://reader033.fdocuments.net/reader033/viewer/2022060313/5f0b52f97e708231d42ff40b/html5/thumbnails/27.jpg)
27Kim G. Larsen
UCbSpectacular software bugsAriane 5
The first Ariane 5 rocket was launched in June, 1996. It used software developed for the successful Ariane 4. The rocket carried two computers, providing a backup in case one computer failed during launch. Forty seconds into its maiden flight, the rocket veered off course and exploded. The rocket, along with $500 million worth of satellites, was destroyed.
Ariane 5 was a much more powerful rocket and generated forces that were larger than the computer could handle. Shortly after launch, it received an input value that was too large. The main and backup computers shut down, causing the rocket to veer off course.
![Page 28: Test & Verifikation - Aalborg Universitetpeople.cs.aau.dk/~bnielsen/TOV07/lektioner/TOV07Lecture1.pdf · HW&K Kontrol SW Mekatr. HW&K SW Kontrol Mekatr. IIS 1) 2) 3) DaNES Danish](https://reader033.fdocuments.net/reader033/viewer/2022060313/5f0b52f97e708231d42ff40b/html5/thumbnails/28.jpg)
28Kim G. Larsen
UCbSpectacular software bugsU.S.S. Yorktown, U.S. Navy
When the sailor entered the mistaken number, the computer tried to divide by zero, which isn't possible. The software didn't check to see if the inputs were valid before computing and generated an invalid answer that was used by another computer. The error cascaded several computers and eventually shut down the ship's engines.
In 1998, the USS Yorktown became the first ship to test the US Navy's Smart Ship program. The Navy planned to use off-the-shelf computers and software instead of expensive U.S.S. Yorktown, courtesy of U.S. Navy custom-made machines. A sailor mistakenly entered a zero for a data value on a computer. Within minutes, Yorktown was dead in the water. It was several hours before the ship could move again.
![Page 29: Test & Verifikation - Aalborg Universitetpeople.cs.aau.dk/~bnielsen/TOV07/lektioner/TOV07Lecture1.pdf · HW&K Kontrol SW Mekatr. HW&K SW Kontrol Mekatr. IIS 1) 2) 3) DaNES Danish](https://reader033.fdocuments.net/reader033/viewer/2022060313/5f0b52f97e708231d42ff40b/html5/thumbnails/29.jpg)
29Kim G. Larsen
UCbSpectacular software bugsMoon or MissilesThe United States established the Ballistic Missile Early Warning System (BMEWS) during the Cold War to detect a Soviet missile attack. On October 5, 1960 the BMEWS radar at Thule, Greenland detected something. Its computer control system decided the signal was made by hundreds of missiles coming toward the US.
The radar had actually detected the Moon rising over the horizon. Unfortunately, the BMEWS computer had not been programmed to understand what the moon looked like as it rose in the eastern sky, so it interpreted the huge signal as Soviet missiles. Luckily for all of us, the mistake was realized in time.
![Page 30: Test & Verifikation - Aalborg Universitetpeople.cs.aau.dk/~bnielsen/TOV07/lektioner/TOV07Lecture1.pdf · HW&K Kontrol SW Mekatr. HW&K SW Kontrol Mekatr. IIS 1) 2) 3) DaNES Danish](https://reader033.fdocuments.net/reader033/viewer/2022060313/5f0b52f97e708231d42ff40b/html5/thumbnails/30.jpg)
30Kim G. Larsen
UCbSpectacular Software Bugs…. continued
INTEL Pentium II floating-point division 470 Mill US $
Baggage handling system, Denver 1.1 Mill US $/day for 9 months
Mars Pathfinder…….
![Page 31: Test & Verifikation - Aalborg Universitetpeople.cs.aau.dk/~bnielsen/TOV07/lektioner/TOV07Lecture1.pdf · HW&K Kontrol SW Mekatr. HW&K SW Kontrol Mekatr. IIS 1) 2) 3) DaNES Danish](https://reader033.fdocuments.net/reader033/viewer/2022060313/5f0b52f97e708231d42ff40b/html5/thumbnails/31.jpg)
31Kim G. Larsen
UCbSpectacular software bugsTherac 25
The Therac-25 was withdrawn from use after it was determined that it could deliver fatal overdoses under certain conditions. The software would shut down the machine before delivering an overdose, but the error messages it displayed were so unhelpful that operators couldn't tell what the error was, or how serious it was. In some cases, operators ignored the message completely.
The Therac-25 radiation therapy machine was a medical device that used beams of electrons or photons to kill cancer cells. Between 1985-1987, at least six people got very sick after Therac-25 treatments. Four of them died. The manufacturer was confident that their software made it impossible for the machine to harm patients.
“Malfunction 54”
““Malfunction 54
Malfunction 54””“H-tilt”““HH--tilttilt””
IEEE Computer, Vol. 26, No. 7, July 1993, pp. 18-41IEEE ComputerIEEE Computer, Vol. 26, No. 7, July 1993, pp. 18, Vol. 26, No. 7, July 1993, pp. 18--4141
![Page 32: Test & Verifikation - Aalborg Universitetpeople.cs.aau.dk/~bnielsen/TOV07/lektioner/TOV07Lecture1.pdf · HW&K Kontrol SW Mekatr. HW&K SW Kontrol Mekatr. IIS 1) 2) 3) DaNES Danish](https://reader033.fdocuments.net/reader033/viewer/2022060313/5f0b52f97e708231d42ff40b/html5/thumbnails/32.jpg)
32Kim G. Larsen
UCb
More complex systems
![Page 33: Test & Verifikation - Aalborg Universitetpeople.cs.aau.dk/~bnielsen/TOV07/lektioner/TOV07Lecture1.pdf · HW&K Kontrol SW Mekatr. HW&K SW Kontrol Mekatr. IIS 1) 2) 3) DaNES Danish](https://reader033.fdocuments.net/reader033/viewer/2022060313/5f0b52f97e708231d42ff40b/html5/thumbnails/33.jpg)
33Kim G. Larsen
UCb
A simple program int x=100;
Process INCdo:: x<200 --> x:=x+1od
Process DECdo:: x>0 --> x:=x-1od
Process RESETdo:: x=200 --> x:=0od
( INC || DEC || RESET )
int x=100;
Process INCdo:: x<200 --> x:=x+1od
Process DECdo:: x>0 --> x:=x-1od
Process RESETdo:: x=200 --> x:=0od
( INC || DEC || RESET )
Which values mayx take ?
Questions/Properties:E<>(x>100)E<>(x>200)A[](x<=200)E<>(x<0)A[](x>=0)Possibly
Always
![Page 34: Test & Verifikation - Aalborg Universitetpeople.cs.aau.dk/~bnielsen/TOV07/lektioner/TOV07Lecture1.pdf · HW&K Kontrol SW Mekatr. HW&K SW Kontrol Mekatr. IIS 1) 2) 3) DaNES Danish](https://reader033.fdocuments.net/reader033/viewer/2022060313/5f0b52f97e708231d42ff40b/html5/thumbnails/34.jpg)
34Kim G. Larsen
UCb
Another simple program
int x=0;
Process Pdo
x:=x+1 10 times
( P || P )
int x=0;
Process Pdo
x:=x+1 10 times
( P || P )
What are the possible final values of x ?
int x=0;
Process Pint r
dor:=x; r++; x:=r
10 times
( P || P )
int x=0;
Process Pint r
dor:=x; r++; x:=r
10 times
( P || P )Atomic stm.
![Page 35: Test & Verifikation - Aalborg Universitetpeople.cs.aau.dk/~bnielsen/TOV07/lektioner/TOV07Lecture1.pdf · HW&K Kontrol SW Mekatr. HW&K SW Kontrol Mekatr. IIS 1) 2) 3) DaNES Danish](https://reader033.fdocuments.net/reader033/viewer/2022060313/5f0b52f97e708231d42ff40b/html5/thumbnails/35.jpg)
35Kim G. Larsen
UCb
Yet another simple program
int x=1;
Process Pdo
x:=x+xforever
( P || P )
int x=1;
Process Pdo
x:=x+xforever
( P || P )
What are the possible values that x may posses during execution?
int x=1;
Process Pint r
dor:=x; r:=x+r; x:=r
forever
( P || P )
int x=1;
Process Pint r
dor:=x; r:=x+r; x:=r
forever
( P || P )Atomic stm.
![Page 36: Test & Verifikation - Aalborg Universitetpeople.cs.aau.dk/~bnielsen/TOV07/lektioner/TOV07Lecture1.pdf · HW&K Kontrol SW Mekatr. HW&K SW Kontrol Mekatr. IIS 1) 2) 3) DaNES Danish](https://reader033.fdocuments.net/reader033/viewer/2022060313/5f0b52f97e708231d42ff40b/html5/thumbnails/36.jpg)
UCb
Model-basedApproach
![Page 37: Test & Verifikation - Aalborg Universitetpeople.cs.aau.dk/~bnielsen/TOV07/lektioner/TOV07Lecture1.pdf · HW&K Kontrol SW Mekatr. HW&K SW Kontrol Mekatr. IIS 1) 2) 3) DaNES Danish](https://reader033.fdocuments.net/reader033/viewer/2022060313/5f0b52f97e708231d42ff40b/html5/thumbnails/37.jpg)
37Kim G. Larsen
UCb
Suggested Solution?
Model based validation, verfication and testing of
software and hardware
![Page 38: Test & Verifikation - Aalborg Universitetpeople.cs.aau.dk/~bnielsen/TOV07/lektioner/TOV07Lecture1.pdf · HW&K Kontrol SW Mekatr. HW&K SW Kontrol Mekatr. IIS 1) 2) 3) DaNES Danish](https://reader033.fdocuments.net/reader033/viewer/2022060313/5f0b52f97e708231d42ff40b/html5/thumbnails/38.jpg)
38Kim G. Larsen
UCb
Verification & Validation
Design Model Specification
Analysis
Implementation
Testing
![Page 39: Test & Verifikation - Aalborg Universitetpeople.cs.aau.dk/~bnielsen/TOV07/lektioner/TOV07Lecture1.pdf · HW&K Kontrol SW Mekatr. HW&K SW Kontrol Mekatr. IIS 1) 2) 3) DaNES Danish](https://reader033.fdocuments.net/reader033/viewer/2022060313/5f0b52f97e708231d42ff40b/html5/thumbnails/39.jpg)
39Kim G. Larsen
UCb
Verification & Validation
Design Model SpecificationVerification & Refusal
AnalysisValidation
Implementation
Testing
UML
SDL
![Page 40: Test & Verifikation - Aalborg Universitetpeople.cs.aau.dk/~bnielsen/TOV07/lektioner/TOV07Lecture1.pdf · HW&K Kontrol SW Mekatr. HW&K SW Kontrol Mekatr. IIS 1) 2) 3) DaNES Danish](https://reader033.fdocuments.net/reader033/viewer/2022060313/5f0b52f97e708231d42ff40b/html5/thumbnails/40.jpg)
40Kim G. Larsen
UCb
Verification & Validation
Design Model SpecificationVerification & Refusal
AnalysisValidation
Implementation
Testing
UML
SDL
ModelExtraction
AutomaticCode generation
![Page 41: Test & Verifikation - Aalborg Universitetpeople.cs.aau.dk/~bnielsen/TOV07/lektioner/TOV07Lecture1.pdf · HW&K Kontrol SW Mekatr. HW&K SW Kontrol Mekatr. IIS 1) 2) 3) DaNES Danish](https://reader033.fdocuments.net/reader033/viewer/2022060313/5f0b52f97e708231d42ff40b/html5/thumbnails/41.jpg)
41Kim G. Larsen
UCb
Verification & Validation
Design Model SpecificationVerification & Refusal
AnalysisValidation
Implementation
Testing
UML
AutomaticCode generation
AutomaticTest generation
SDL
ModelExtraction
![Page 42: Test & Verifikation - Aalborg Universitetpeople.cs.aau.dk/~bnielsen/TOV07/lektioner/TOV07Lecture1.pdf · HW&K Kontrol SW Mekatr. HW&K SW Kontrol Mekatr. IIS 1) 2) 3) DaNES Danish](https://reader033.fdocuments.net/reader033/viewer/2022060313/5f0b52f97e708231d42ff40b/html5/thumbnails/42.jpg)
42Kim G. Larsen
UCb
How?
Unified Model = State Machine!
a
b
x
ya?
b?
x!
y!b?
Control states
Inputports
Outputports
![Page 43: Test & Verifikation - Aalborg Universitetpeople.cs.aau.dk/~bnielsen/TOV07/lektioner/TOV07Lecture1.pdf · HW&K Kontrol SW Mekatr. HW&K SW Kontrol Mekatr. IIS 1) 2) 3) DaNES Danish](https://reader033.fdocuments.net/reader033/viewer/2022060313/5f0b52f97e708231d42ff40b/html5/thumbnails/43.jpg)
43Kim G. Larsen
UCb
TamagotchiA C
Health=0 or Age=2.000
B
Passive Feeding Light
Clean
PlayDisciplineMedicine
Care
Tick
Health:=Health-1; Age:=Age+1
AA
A
A
AA
A
A
Meal
Snack
B
B
ALIVE
DEAD
Health:=Health-1
![Page 44: Test & Verifikation - Aalborg Universitetpeople.cs.aau.dk/~bnielsen/TOV07/lektioner/TOV07Lecture1.pdf · HW&K Kontrol SW Mekatr. HW&K SW Kontrol Mekatr. IIS 1) 2) 3) DaNES Danish](https://reader033.fdocuments.net/reader033/viewer/2022060313/5f0b52f97e708231d42ff40b/html5/thumbnails/44.jpg)
44Kim G. Larsen
UCb
SYNCmaster
![Page 45: Test & Verifikation - Aalborg Universitetpeople.cs.aau.dk/~bnielsen/TOV07/lektioner/TOV07Lecture1.pdf · HW&K Kontrol SW Mekatr. HW&K SW Kontrol Mekatr. IIS 1) 2) 3) DaNES Danish](https://reader033.fdocuments.net/reader033/viewer/2022060313/5f0b52f97e708231d42ff40b/html5/thumbnails/45.jpg)
45Kim G. Larsen
UCb
Digital Watch
![Page 46: Test & Verifikation - Aalborg Universitetpeople.cs.aau.dk/~bnielsen/TOV07/lektioner/TOV07Lecture1.pdf · HW&K Kontrol SW Mekatr. HW&K SW Kontrol Mekatr. IIS 1) 2) 3) DaNES Danish](https://reader033.fdocuments.net/reader033/viewer/2022060313/5f0b52f97e708231d42ff40b/html5/thumbnails/46.jpg)
46Kim G. Larsen
UCb
The SDL EditorThe SDL EditorThe SDL Editor
Process levelProcess level
![Page 47: Test & Verifikation - Aalborg Universitetpeople.cs.aau.dk/~bnielsen/TOV07/lektioner/TOV07Lecture1.pdf · HW&K Kontrol SW Mekatr. HW&K SW Kontrol Mekatr. IIS 1) 2) 3) DaNES Danish](https://reader033.fdocuments.net/reader033/viewer/2022060313/5f0b52f97e708231d42ff40b/html5/thumbnails/47.jpg)
47Kim G. Larsen
UCbSPIN
, Gerald H
olzmann A
T&T
![Page 48: Test & Verifikation - Aalborg Universitetpeople.cs.aau.dk/~bnielsen/TOV07/lektioner/TOV07Lecture1.pdf · HW&K Kontrol SW Mekatr. HW&K SW Kontrol Mekatr. IIS 1) 2) 3) DaNES Danish](https://reader033.fdocuments.net/reader033/viewer/2022060313/5f0b52f97e708231d42ff40b/html5/thumbnails/48.jpg)
48Kim G. Larsen
UCbvisualSTATE
Hierarchical state systemsFlat state systemsMultiple and inter-related state machinesSupports UML notationDevice driver access
VVSw Baan Visualstate, DTU (CIT project)
![Page 49: Test & Verifikation - Aalborg Universitetpeople.cs.aau.dk/~bnielsen/TOV07/lektioner/TOV07Lecture1.pdf · HW&K Kontrol SW Mekatr. HW&K SW Kontrol Mekatr. IIS 1) 2) 3) DaNES Danish](https://reader033.fdocuments.net/reader033/viewer/2022060313/5f0b52f97e708231d42ff40b/html5/thumbnails/49.jpg)
49Kim G. Larsen
UCb
Rhapsody
![Page 50: Test & Verifikation - Aalborg Universitetpeople.cs.aau.dk/~bnielsen/TOV07/lektioner/TOV07Lecture1.pdf · HW&K Kontrol SW Mekatr. HW&K SW Kontrol Mekatr. IIS 1) 2) 3) DaNES Danish](https://reader033.fdocuments.net/reader033/viewer/2022060313/5f0b52f97e708231d42ff40b/html5/thumbnails/50.jpg)
50Kim G. Larsen
UCbESTEREL
![Page 51: Test & Verifikation - Aalborg Universitetpeople.cs.aau.dk/~bnielsen/TOV07/lektioner/TOV07Lecture1.pdf · HW&K Kontrol SW Mekatr. HW&K SW Kontrol Mekatr. IIS 1) 2) 3) DaNES Danish](https://reader033.fdocuments.net/reader033/viewer/2022060313/5f0b52f97e708231d42ff40b/html5/thumbnails/51.jpg)
51Kim G. Larsen
UCbU
PPAA
L
![Page 52: Test & Verifikation - Aalborg Universitetpeople.cs.aau.dk/~bnielsen/TOV07/lektioner/TOV07Lecture1.pdf · HW&K Kontrol SW Mekatr. HW&K SW Kontrol Mekatr. IIS 1) 2) 3) DaNES Danish](https://reader033.fdocuments.net/reader033/viewer/2022060313/5f0b52f97e708231d42ff40b/html5/thumbnails/52.jpg)
52Kim G. Larsen
UCb‘State Explosion’problem
a
cb
1 2
43
1,a 4,a
3,a 4,a
1,b 2,b
3,b 4,b
1,c 2,c
3,c 4,c
All combinations = exponential in no. of components
M1 M2
M1 x M2
Provably theoretical
intractable
![Page 53: Test & Verifikation - Aalborg Universitetpeople.cs.aau.dk/~bnielsen/TOV07/lektioner/TOV07Lecture1.pdf · HW&K Kontrol SW Mekatr. HW&K SW Kontrol Mekatr. IIS 1) 2) 3) DaNES Danish](https://reader033.fdocuments.net/reader033/viewer/2022060313/5f0b52f97e708231d42ff40b/html5/thumbnails/53.jpg)
53Kim G. Larsen
UCb
Train Simulator1421 machines11102 transitions2981 inputs2667 outputs3204 local statesDeclare state sp.: 10^476
BUGS ?
VVSvisualSTATE
Our techniuqes has reduced verification
time with several orders of magnitude
(ex 14 days to 6 sec)
![Page 54: Test & Verifikation - Aalborg Universitetpeople.cs.aau.dk/~bnielsen/TOV07/lektioner/TOV07Lecture1.pdf · HW&K Kontrol SW Mekatr. HW&K SW Kontrol Mekatr. IIS 1) 2) 3) DaNES Danish](https://reader033.fdocuments.net/reader033/viewer/2022060313/5f0b52f97e708231d42ff40b/html5/thumbnails/54.jpg)
54Kim G. Larsen
UCb
Modelling and Analysis
Software Model A
Requirement F Yes, PrototypesExecutable CodeTest sequences
No!Debugging Information
Tools: UPPAAL, visualSTATE, ESTEREL, SPIN, Statemate, FormalCheck, VeriSoft, Java Pathfinder,…
TOOLTOOL
![Page 55: Test & Verifikation - Aalborg Universitetpeople.cs.aau.dk/~bnielsen/TOV07/lektioner/TOV07Lecture1.pdf · HW&K Kontrol SW Mekatr. HW&K SW Kontrol Mekatr. IIS 1) 2) 3) DaNES Danish](https://reader033.fdocuments.net/reader033/viewer/2022060313/5f0b52f97e708231d42ff40b/html5/thumbnails/55.jpg)
55Kim G. Larsen
UCb
Modelling and Analysis
Software Model A
Requirement F Yes, PrototypesExecutable CodeTest sequences
No!Debugging Information
TOOLTOOL
BRICSBRICS
Semantics
Logic
Algorithmics
Tools: UPPAAL, visualSTATE, ESTEREL, SPIN, Statemate, FormalCheck, VeriSoft, Java Pathfinder,…
![Page 56: Test & Verifikation - Aalborg Universitetpeople.cs.aau.dk/~bnielsen/TOV07/lektioner/TOV07Lecture1.pdf · HW&K Kontrol SW Mekatr. HW&K SW Kontrol Mekatr. IIS 1) 2) 3) DaNES Danish](https://reader033.fdocuments.net/reader033/viewer/2022060313/5f0b52f97e708231d42ff40b/html5/thumbnails/56.jpg)
56Kim G. Larsen
UCb
Finite State Machines
• Language versus behaviour• Determinism versus non-determinism• Composition and operations• Variants of state machines
Moore, Mealy, IO automater, UML ….
Most fundamentaemodel in Computer Science:
Kleene og Moore
![Page 57: Test & Verifikation - Aalborg Universitetpeople.cs.aau.dk/~bnielsen/TOV07/lektioner/TOV07Lecture1.pdf · HW&K Kontrol SW Mekatr. HW&K SW Kontrol Mekatr. IIS 1) 2) 3) DaNES Danish](https://reader033.fdocuments.net/reader033/viewer/2022060313/5f0b52f97e708231d42ff40b/html5/thumbnails/57.jpg)
57Kim G. Larsen
UCb
State Machines
Model of Computation• Set of states• A start state• An input-alfabet• A transition funktion, mapping
input symbols and state to next state
• One ore more accept states.• Computation starts from start
state with a given input string(read from left to right)
inc
inc
inc
dec
dec
dec
Modulo 3 counter
inc inc dec inc inc dec inc
inc inc dec inc dec inc dec incinput string
☺
![Page 58: Test & Verifikation - Aalborg Universitetpeople.cs.aau.dk/~bnielsen/TOV07/lektioner/TOV07Lecture1.pdf · HW&K Kontrol SW Mekatr. HW&K SW Kontrol Mekatr. IIS 1) 2) 3) DaNES Danish](https://reader033.fdocuments.net/reader033/viewer/2022060313/5f0b52f97e708231d42ff40b/html5/thumbnails/58.jpg)
58Kim G. Larsen
UCb
State Machines
Variants
Machines may have actions/output associated withstate– Moore Machines. 0
1
2
inc
inc
inc
dec
dec
dec
inc inc dec inc inc dec inc
0 1 2 1 2 0 2 1
inputstreng
outputstreng
![Page 59: Test & Verifikation - Aalborg Universitetpeople.cs.aau.dk/~bnielsen/TOV07/lektioner/TOV07Lecture1.pdf · HW&K Kontrol SW Mekatr. HW&K SW Kontrol Mekatr. IIS 1) 2) 3) DaNES Danish](https://reader033.fdocuments.net/reader033/viewer/2022060313/5f0b52f97e708231d42ff40b/html5/thumbnails/59.jpg)
59Kim G. Larsen
UCb
State Machines
Varianter
Machines may have actions/output associated withmed transitions – MealyMaskiner.
Transitions unconditional of af input (nul-transitions).
Several transitions for given for input and state(non-determinisme).
inc/0
inc/1
inc/2
dec/1
dec/0
dec/2
inc inc dec inc inc dec inc
1 2 1 2 0 2 1
inputstreng
outputstreng
![Page 60: Test & Verifikation - Aalborg Universitetpeople.cs.aau.dk/~bnielsen/TOV07/lektioner/TOV07Lecture1.pdf · HW&K Kontrol SW Mekatr. HW&K SW Kontrol Mekatr. IIS 1) 2) 3) DaNES Danish](https://reader033.fdocuments.net/reader033/viewer/2022060313/5f0b52f97e708231d42ff40b/html5/thumbnails/60.jpg)
60Kim G. Larsen
UCb
State Machines
Variants
Symbols of alphabet patitioned in input- and output-actions
(IO-automata)
inc?
inc?
inc?
dec?
dec?
dec?
0! 1!
2!
0! 0! 0! inc? inc? 2! 2! dec? 1!
interaction
![Page 61: Test & Verifikation - Aalborg Universitetpeople.cs.aau.dk/~bnielsen/TOV07/lektioner/TOV07Lecture1.pdf · HW&K Kontrol SW Mekatr. HW&K SW Kontrol Mekatr. IIS 1) 2) 3) DaNES Danish](https://reader033.fdocuments.net/reader033/viewer/2022060313/5f0b52f97e708231d42ff40b/html5/thumbnails/61.jpg)
61Kim G. Larsen
UCb
Bankbokskode
To open a bank boxthe code most contain at least 2
To open a bank boxthe code most end with
To open a bank boxthe code most end with a palindrome.g:. O
BG
……..
?
To open a bank boxthe code most end with
or with
![Page 62: Test & Verifikation - Aalborg Universitetpeople.cs.aau.dk/~bnielsen/TOV07/lektioner/TOV07Lecture1.pdf · HW&K Kontrol SW Mekatr. HW&K SW Kontrol Mekatr. IIS 1) 2) 3) DaNES Danish](https://reader033.fdocuments.net/reader033/viewer/2022060313/5f0b52f97e708231d42ff40b/html5/thumbnails/62.jpg)
62Kim G. Larsen
UCb
Fundamental Results
Every FSM may be determinized accepting the same language (potential explosion in size).
For each FSM there exist a language-equivalentminimal deterministic FSM.
FSM’s are closed under ∩ and ∪
FSM’s may be described as regular expressions (and vise versa)
![Page 63: Test & Verifikation - Aalborg Universitetpeople.cs.aau.dk/~bnielsen/TOV07/lektioner/TOV07Lecture1.pdf · HW&K Kontrol SW Mekatr. HW&K SW Kontrol Mekatr. IIS 1) 2) 3) DaNES Danish](https://reader033.fdocuments.net/reader033/viewer/2022060313/5f0b52f97e708231d42ff40b/html5/thumbnails/63.jpg)
UCb
Interacting State Machines
![Page 64: Test & Verifikation - Aalborg Universitetpeople.cs.aau.dk/~bnielsen/TOV07/lektioner/TOV07Lecture1.pdf · HW&K Kontrol SW Mekatr. HW&K SW Kontrol Mekatr. IIS 1) 2) 3) DaNES Danish](https://reader033.fdocuments.net/reader033/viewer/2022060313/5f0b52f97e708231d42ff40b/html5/thumbnails/64.jpg)
64Kim G. Larsen
UCbHome-Banking?
Are the accounts in balance after the transactions?
int accountA, accountB; //Shared global variables//Two concurrent bank costumers
Thread costumer1 () { int a,b; //local tmp copy
a=accountA;b=accountB;a=a-10;b=b+10;accountA=a;accountB=b;
}
Thread costumer2 () { int a,b;
a=accountA;b=accountB;a=a-20; b=b+20;accountA=a;accountB=b;
}
![Page 65: Test & Verifikation - Aalborg Universitetpeople.cs.aau.dk/~bnielsen/TOV07/lektioner/TOV07Lecture1.pdf · HW&K Kontrol SW Mekatr. HW&K SW Kontrol Mekatr. IIS 1) 2) 3) DaNES Danish](https://reader033.fdocuments.net/reader033/viewer/2022060313/5f0b52f97e708231d42ff40b/html5/thumbnails/65.jpg)
65Kim G. Larsen
UCbHome Banking
A[] (pc1.finished and pc2.finished) imply (accountA+accountB==200)?
![Page 66: Test & Verifikation - Aalborg Universitetpeople.cs.aau.dk/~bnielsen/TOV07/lektioner/TOV07Lecture1.pdf · HW&K Kontrol SW Mekatr. HW&K SW Kontrol Mekatr. IIS 1) 2) 3) DaNES Danish](https://reader033.fdocuments.net/reader033/viewer/2022060313/5f0b52f97e708231d42ff40b/html5/thumbnails/66.jpg)
66Kim G. Larsen
UCbHome Banking
int accountA, accountB; //Shared global variablesSemaphore A,B; //Protected by sem A,B//Two concurrent bank costumers
Thread costumer1 () { int a,b; //local tmp copy
wait(A);wait(B);a=accountA;b=accountB;a=a-10;b=b+10;accountA=a;accountB=b;signal(A);signal(B);
}
Thread costumer2 () { int a,b;
wait(B);wait(A);a=accountA;b=accountB;a=a-20; b=b+20;accountA=a;accountB=b;signal(B);signal(A);
}
![Page 67: Test & Verifikation - Aalborg Universitetpeople.cs.aau.dk/~bnielsen/TOV07/lektioner/TOV07Lecture1.pdf · HW&K Kontrol SW Mekatr. HW&K SW Kontrol Mekatr. IIS 1) 2) 3) DaNES Danish](https://reader033.fdocuments.net/reader033/viewer/2022060313/5f0b52f97e708231d42ff40b/html5/thumbnails/67.jpg)
67Kim G. Larsen
UCbSemaphore FSM Model
Binary Semaphore Counting Semaphore
![Page 68: Test & Verifikation - Aalborg Universitetpeople.cs.aau.dk/~bnielsen/TOV07/lektioner/TOV07Lecture1.pdf · HW&K Kontrol SW Mekatr. HW&K SW Kontrol Mekatr. IIS 1) 2) 3) DaNES Danish](https://reader033.fdocuments.net/reader033/viewer/2022060313/5f0b52f97e708231d42ff40b/html5/thumbnails/68.jpg)
68Kim G. Larsen
UCbComposition
IO Automater (2-vejs synkronisering)
A
B
X
Y
h! h?
AX
BY
![Page 69: Test & Verifikation - Aalborg Universitetpeople.cs.aau.dk/~bnielsen/TOV07/lektioner/TOV07Lecture1.pdf · HW&K Kontrol SW Mekatr. HW&K SW Kontrol Mekatr. IIS 1) 2) 3) DaNES Danish](https://reader033.fdocuments.net/reader033/viewer/2022060313/5f0b52f97e708231d42ff40b/html5/thumbnails/69.jpg)
69Kim G. Larsen
UCbComposition
IO Automater
A
B
X
Y
h! h?
AX
BYC
k!
CX
k!
![Page 70: Test & Verifikation - Aalborg Universitetpeople.cs.aau.dk/~bnielsen/TOV07/lektioner/TOV07Lecture1.pdf · HW&K Kontrol SW Mekatr. HW&K SW Kontrol Mekatr. IIS 1) 2) 3) DaNES Danish](https://reader033.fdocuments.net/reader033/viewer/2022060313/5f0b52f97e708231d42ff40b/html5/thumbnails/70.jpg)
70Kim G. Larsen
UCbSemaphore Solution?
1. A[] (mc1.finished and mc2.finished) imply (accountA+accountB==200)2. E<> mc1.critical_section and mc2.critical_section3. A[] not (mc1.finished and mc2.finished) imply not deadlock ÷
1. Consistency? (Balance)2. Race conditions?3. Deadlock?
![Page 71: Test & Verifikation - Aalborg Universitetpeople.cs.aau.dk/~bnielsen/TOV07/lektioner/TOV07Lecture1.pdf · HW&K Kontrol SW Mekatr. HW&K SW Kontrol Mekatr. IIS 1) 2) 3) DaNES Danish](https://reader033.fdocuments.net/reader033/viewer/2022060313/5f0b52f97e708231d42ff40b/html5/thumbnails/71.jpg)
71Kim G. Larsen
UCbPlan for kursus
![Page 72: Test & Verifikation - Aalborg Universitetpeople.cs.aau.dk/~bnielsen/TOV07/lektioner/TOV07Lecture1.pdf · HW&K Kontrol SW Mekatr. HW&K SW Kontrol Mekatr. IIS 1) 2) 3) DaNES Danish](https://reader033.fdocuments.net/reader033/viewer/2022060313/5f0b52f97e708231d42ff40b/html5/thumbnails/72.jpg)
72Kim G. Larsen
UCbPlan for kursus