CSE584: Software Engineering Lecture 7 (November 17, 1998)
This week
Formal methods (reprise)
Potential benefits
C.A.R. Hoare, 1988
Z (“zed”)
The basic idea
The classic example
To the whiteboard
Z/CICS
1992 Queen’s Award for Technological Achievement
...
Finite state machines
Many, many models
Walkman example (due to Alistair Kilgour, Heriot-Watt University)
A common problem
Statecharts (Harel)
PPT Slide
Tools
i-Logix screenshot
Analysis
Model checking
State Transition Graph
Example
A computation tree
Temporal formulae
Mutual exclusion example
How does it work? (in brief)
Symbolic model checking
Binary decision diagrams (BDDs)
BDD-based model checking
BDD-based successes in HW
Software model checking
Why might it fail?
An approach at UW—try it!
TCAS
TCAS specification
TCAS—high-level structure
Using SMV
Iterative process
Use of non-determinism
Translating RSML to SMV
State encoding
Synchrony hypothesis
Transitions
Non-deterministic transitions
Checking properties
Property checking
Disclaimer
Deterministic transitions
Function consistency
Display_Model_Goal
Output agreement
Output agreement check
Limitations
Whence formulae?
More criteria
What about infinite state?
A middle ground
Nitpick
Explicit vs. symbolic
Model checking wrap up
Formal methods
Email: notkin@cs.washington.edu
Home Page: http://www.cs.washington.edu/education/courses/584/CurrentQtr/
Download presentation source