XFM: An incremental methodology for developing formal models

We present an agile formal methodology named eXtreme Formal Modeling (XFM), based on Extreme Programming (XP) concepts to construct abstract models from natural language specifications of complex systems. In particular, we focus on Prescriptive Formal Models (PFMs) that capture the specification of the system under design in a mathematically precise manner. Such models can be used as golden reference models for formal verification, test generation, coverage monitor generation, etc. This methodology for incrementally building PFMs works by adding user stories expressed as LTL formulae gleaned from the natural language specifications, one by one, into the model. XFM builds the models, retaining correctness with respect to incrementally added properties by regressively model-checking all the LTL properties captured theretofore in the model. We illustrate XFM with a graded set of examples consisting of a traffic light controller and a DLX pipeline. To make the regressive model-checking steps feasible with current model-checking tools, we need to control the model size increments at each subsequent step in the process. We therefore analyze the effects of ordering the LTL properties in XFM on the statespace growth rate of the model. We compare three different property-ordering methodologies: ad hoc ordering, property-based ordering, and predicate-based ordering. We experiment on the models of the ISA bus monitor and the arbitration phase of the Pentium Pro bus. We experimentally show and mathematically reason that the predicate-based ordering is the best among these orderings. Finally, we present a GUI-based toolbox that we implemented to build PFMs using XFM.

[1]  David A. Patterson,et al.  Computer Architecture - A Quantitative Approach (4. ed.) , 2007 .

[2]  Facultad de Ingenieria,et al.  Oxygen: Pervasive Human-Centered Computing , 2006 .

[3]  Sandeep K. Shukla,et al.  Effects of property ordering in an incremental formal modeling methodology , 2004, Proceedings. Ninth IEEE International High-Level Design Validation and Test Workshop (IEEE Cat. No.04EX940).

[4]  Sandeep K. Shukla,et al.  Extreme formal modeling (XFM) for hardware models , 2004, Fifth International Workshop on Microprocessor Test and Verification (MTV'04).

[5]  Binoy Ravindran,et al.  A formally verified application-level framework for real-time scheduling on POSIX real-time operating systems , 2004, IEEE Transactions on Software Engineering.

[6]  Doron A. Peled,et al.  Formal Verification of a Partial-Order Reduction Technique for Model Checking , 2004, Journal of Automated Reasoning.

[7]  Ronak Singhal,et al.  Performance Analysis and Validation of the Intel Pentium 4 Processor on 90nm Technology , 2004 .

[8]  Sandeep K. Shukla,et al.  Formal Methods and Models for System Design , 2004, Springer US.

[9]  Sandeep K. Shukla,et al.  XFM: extreme formal method for capturing formal specification into abstract models , 2004 .

[10]  Andreas Meyer Principles of Functional Verification , 2003 .

[11]  Gerard J. Holzmann,et al.  The SPIN Model Checker - primer and reference manual , 2003 .

[12]  Juan José Moreno-Navarro,et al.  Rapid prototyping and incremental evolution using SLAM , 2003, 14th IEEE International Workshop on Rapid Systems Prototyping, 2003. Proceedings..

[13]  Hiren D. Patel,et al.  Systematic abstractions of microprocessor RTL models to enhance simulation efficiency , 2003, Proceedings. 4th International Workshop on Microprocessor Test and Verification - Common Challenges and Solutions.

[14]  Juan José Moreno-Navarro,et al.  Formal Extreme (and Extremely Formal) Programming , 2003, XP.

[15]  William L. Kleb,et al.  Exploring XP for Scientific Research , 2003, IEEE Softw..

[16]  Laurie A. Williams,et al.  The xp programmer: the few-minutes programmer , 2003, IEEE Software.

[17]  Donald C. Wells Extreme Programming: A gentle introduction , 2003 .

[18]  Juan José Moreno-Navarro,et al.  Formal Agility . How much of each ? , 2003 .

[19]  Thomas A. Henzinger,et al.  Extreme Model Checking , 2003, Verification: Theory and Practice.

[20]  S. Shukla,et al.  Automated Extraction of Multi-Threaded Graph Models for Formal Verification of System Level Models , 2003 .

[21]  Scott Henninger,et al.  Advances in Learning Software Organizations , 2002, Lecture Notes in Computer Science.

[22]  K. Beck,et al.  Extreme Programming Explained , 2002 .

[23]  Bob Bentley,et al.  Validating the Intel(R) Pentium(R) 4 microprocessor , 2001, Proceedings of the 38th Design Automation Conference (IEEE Cat. No.01CH37232).

[24]  Bob Bentley Validating the Intel(R) Pentium(R) 4 microprocessor , 2001, Proceedings of the 38th Design Automation Conference (IEEE Cat. No.01CH37232).

[25]  Ilan Beer,et al.  Efficient Detection of Vacuity in Temporal Model Checking , 2001, Formal Methods Syst. Des..

[26]  Joseph Sifakis,et al.  Model checking , 1996, Handbook of Automated Reasoning.

[27]  Alan J. Hu,et al.  Monitor-Based Formal Specification of PCI , 2000, FMCAD.

[28]  Helmut Veith,et al.  Executable Protocol Specification in ESL , 2000, FMCAD.

[29]  Francky Catthoor,et al.  Modeling, Verification and Exploration of Task-Level Concurrency in Real-Time Embedded Systems , 1999, Springer US.

[30]  Jesper Gulmann Henriksen,et al.  Logics and Automata for Verification: Expressiveness and Decidability Issues , 2000 .

[31]  George S. Avrunin,et al.  Patterns in property specifications for finite-state verification , 1999, Proceedings of the 1999 International Conference on Software Engineering (IEEE Cat. No.99CB37002).

[32]  Thomas Kropf,et al.  Introduction to Formal Hardware Verification , 1999, Springer Berlin Heidelberg.

[33]  B. Hamber Publications , 1998, Weed Technology.

[34]  Shi-Yu Huang,et al.  Formal Equivalence Checking and Design Debugging , 1998 .

[35]  Tom Shanley Pentium Pro and Pentium II system architecture , 1998 .

[36]  Gerard J. Holzmann,et al.  The Model Checker SPIN , 1997, IEEE Trans. Software Eng..

[37]  Tiziana Margaria,et al.  Automatic Synthesis of Linear Process Models from Temporal Constraints: An Incremental Approach , 1997 .

[38]  Steve Furber,et al.  ARM System Architecture , 1996 .

[39]  Hasan Ural,et al.  An improvement in partial-order model-checking with ample sets , 1996 .

[40]  John Rushby,et al.  A Less Elementary Tutorial for the PVS Specification and Verification System , 1996 .

[41]  Joël Ouaknine,et al.  Model-Checking for Real-Time Systems , 1995, FCT.

[42]  Tom Shanley,et al.  ISA system architecture (3. ed.) , 1995 .

[43]  John K. Ousterhout,et al.  Tcl and the Tk Toolkit , 1994 .

[44]  Sérgio Vale Aguiar Campos,et al.  Symbolic Model Checking , 1993, CAV.

[45]  Pierre Wolper,et al.  Reliable Hashing without Collosion Detection , 1993, CAV.

[46]  Tom Shanley,et al.  ISA system architecture , 1993 .

[47]  Kent L. Beck,et al.  Extreme programming explained - embrace change , 1990 .

[48]  A. P. Sistla,et al.  Automatic verification of finite-state concurrent systems using temporal logic specifications , 1986, TOPL.

[49]  C. A. R. Hoare,et al.  Communicating sequential processes , 1978, CACM.

[50]  Amir Pnueli,et al.  The temporal logic of programs , 1977, 18th Annual Symposium on Foundations of Computer Science (sfcs 1977).

[51]  Sharon Sickel Automatic Theorem Proving. , 1977 .

[52]  総説 心筋の Active State , 1974 .

[53]  David A. Patterson,et al.  Computer Architecture: A Quantitative Approach , 1969 .

[54]  Zdzisław Pawlak,et al.  Automatic Theorem-Proving , 1967 .