6CCS3VER

【6CCS3VER】6CCS3VER 2020-21
Project – 30% of your mark
Deadline 18/12/2020
? Please make sure you read the instructions fully before you start implementing the
project.
? The project is done on the Xchek tool, available as a part of the KCL VM installation
or as a standalone software http://www.cs.toronto.edu/~ar... , and it works on
Linux and Mac machines.
? The final product of the project is the report accompanied by appropriate source code
files for the models and the sets of properties. The source code files should be written
in GCLang and compile in Xchek. Executing the properties should have the result
described in your report.
? In the project, you will implement a system that simulates a counter (modulo 8 and
then modulo 16) interacting with the environment as a binary model for Xchek and a
set of properties. The stages of the project are as follows:

  1. Build a model for the counter that counts the number of times a variable
    has the value 1 modulo 8 with binary variables in GCLang. In other words,
    one of your variables should be a free variable, and the transitions of the
    counter should depend on the value of this free variable. Keep in mind that
    you will have to extend your model to a counter modulo 16 with minimum
    changes to the code.
  2. Write an initial set of CTL properties to check correctness of your model.
    Argue that the set represents the intuitive specification of what we can
    expect from the counter. For each property, indicate whether it is a safety
    property or a liveness property and explain why.
  3. Show that one of your properties passes vacuously in the system; explain
    the reason for the vacuous pass and fix the model or the property.
    Clarification: answer “none of my properties pass vacuously” will not be
    accepted – please have one of the properties passing vacuously.
  4. Introduce a bug in your model that is not caught by any of the properties.
  5. Explain why this happened and write an additional property that exposes
    this bug. Demonstrate a counterexample.
  6. Does your initial model satisfy this additional property? If no, explain why
    not and fix the model.
  7. Extend your model to a counter modulo 16 (that counts the number of
    times the free variable has the value 1). Your initial design should have
    been general enough to allow this with a small number of changes. Explain
    the changes.
  8. Out of the list of the properties you wrote, indicate which ones pass in
    counter modulo 16 and which fail. If none fail, introduce a new property
    that distinguishes between the counter modulo 8 and counter modulo 16
    (that is, passes in one of them and fails in the other).
    ? In your report, include figures of your models as Kripke structures. If the model is
    too large, include a part of the figure and explain how the rest of the model looks
    like.
    ? Models that do not compile or do not run on Xchek will receive 0 for the relevant
    subquestions (subquestions 1,3,4,5,6 for the model of counter modulo 8,
    subquestion 7 for the model of counter modulo 16; for subquestion 8 both models
    should compile and run). Properties that are grammatically incorrect and hence
    cannot be understood by Xchek will lead to reduction in the mark (depending on
    the number of grammatically incorrect properties). Reports without Kripke
    structures will receive reduced marks for the matching subquestions 1.
    ? Marking scheme: 30% for the model (question 1), 10% for each of the questions

    推荐阅读