|
||||
University of Oregon
|
This is the home page of CIS 607, CS seminar, for winter term 2001. This course was listed in the catalog as a seminar in run-time checking, but after discussion with students it has been retargeted primarily as an introduction to model-checking (although we may look at checking of individual execution traces as well.) Many course "handouts" will appear only here and will not be distributed in hardcopy form.
New reading: Alloy (pdf format)
Most model-checking research and literature concerns concurrent systems. Alloy is a notation and an associated model-checker for the logic of data modeling, as one might find in database design or in object-oriented program design. Model-checking in Alloy is really model-finding: Given a set of formulae M describing the data model, and some specification formulae S (called "assertions" in Alloy), can we find a model for (M and not S)? Since the logic is first-order, we cannot check this exhaustively, so the Alloy checker (previously known as Alcoa) looks for models up to a bounded size.
Let's get our hands dirty with a little model-checking exercise to get started. The Spin model-checker is conceptually straightforward (it explicitly enumerates states in a finite-state model described as a set of communicating finite-state processes), but it has been carefully engineered over many years and is now among the most robust and widely used model checking tools.
Readings. The paper from TSE is a bit of a hodge-podge of theory, design details, and case studies with Spin, which makes it a little difficult to read. On the other hand, you can learn "just enough" about all of these to get a start, rather than reading several different papers and trying to weave the information together.
Exercise. >>here<< Let's do this by Feb 9, and be ready to discuss it. Meanwhile we'll start reading papers on underlying techniques for explicit and symbolic model-checking.
