introducing-formal-methods

ܗࣜख๏(formal-methods)ೖ໳
hbstyle 2016/06/09 - Yoshikawa Ryota ( @rrreeeyyy ) 1

View Slide

ܗࣜख๏(formal-methods)
• ਺ֶΛج൫ͱͨ͠ιϑτ΢ΣΞͷ࢓༷هड़ɾ։ൃɾݕূͷٕज़
• ଞͷ޻ֶ෼໺(ػց޻ֶͱ͔Ͷ)ಉ༷ʹ਺ֶతղੳΛ৘ใ޻ֶͰ΋ग़དྷΔʁ
• ઃܭͷ৴པੑɾݎ࿚ੑͷ޲্Λ໨తͱ͍ͯ͠Δ
• ܗࣜݴޠɾ਺ཧ࿦ཧֶɾܕγεςϜɾ୅਺తσʔλܕͳͲΛ࢖༻
• ͜ͷลͷ͜ͱʹ΋ڵຯ͕͋Δ
• ֶ෦࣌୅ʹ TaPL 1 ͱ͍͏ຊΛྠಡͨ͠ܦݧΑΓ
• ݎ࿚Ͱґଘੑͷඇৗʹߴ͍γεςϜ(ۜߦͱ͔ߤۭػͱ͔ϩέοτͱ͔)ͰΑ͘༻͍ΒΕΔ
• NASA/AWS/FeliCa/TradeOne(ূ݊)/SHOLIS(ߤۭ) [^2]
• ਎ۙͳͱ͜ΖͰݴ͑͹ CCS Injection(OpenSSL) ͷ੬ऑੑͳΜ͔΋
1 https://www.cis.upenn.edu/~bcpierce/tapl/
[^2]: http://www.ipa.go.jp/ﬁles/000026875.pdf

View Slide

ܗࣜख๏ͷछྨ
• Ͳͷਫ४Ͱ΍Δ͔ɺͱ͍͏ͷ͕େ͖͘෼͚ͯ 3 ͭ
• ܗࣜ࢓༷هड़ (Formal speciﬁcation)
• ܗࣜత։ൃ͓Αͼݕূ (Formal development and formal veriﬁcation)
• ࣗಈݕূ (Theorem provers)
• Ξϓϩʔν͕େ͖͘෼͚ͯ 2 ͭ
• ఆཧূ໌ (Explicit Model Checker)
• Ϟσϧݕࠪ (Symbolic Model Checker)

View Slide

ܗࣜख๏ͷਫ४
• ܗࣜ࢓༷هड़ (Formal speciﬁcation)
• ܗࣜख๏Λ༻͍ͯ࢓༷Λهड़͢Δ
• ϓϩάϥϜͷ։ൃࣗମ͸ܗࣜख๏ͱরΒ͠߹Θͤͳ͕Βߦ͏
• ܗࣜత։ൃ͓Αͼݕূ (Formal development and formal veriﬁcation)
• ܗࣜख๏Λ༻͍ͯ࢓༷Λهड़͢Δ(B-method3 ͳͲ)
• هड़ͨ͠࢓༷ΛߋʹৄࡉԽ͍͖ͯ͠ϓϩάϥϜΛ࡞੒͢ΔͳͲ
• ࣗಈݕূ (Theorem provers)
• ࣗಈఆཧূ໌ʹͯػցతͳূ໌Λߦ͏
• ఆཧΛ༩͑ΔͱϓϩάϥϜ͕ؤுͬͯূ໌ͯ͘͠ΕΔΑ͏ͳ΋ͷ
3 ύϦͷϝτϩ 14 ߸ઢͳͲͰ࢖ΘΕ͍ͯΔΒ͍͠

View Slide

ܗࣜख๏ͷΞϓϩʔν
• ఆཧূ໌
• γεςϜΛ࿦ཧࣜͷू߹ͱͯ͠هड़͢Δ
• ࿦ཧࣜΛެཧͱਪ࿦نଇʹ΋ͱ͍ͮͯূ໌͍ͯ͘͠
• େମͷ৔߹ͰࣗಈͰ͸ূ໌Ͱ͖ͳ͍ͷͰਓ͕ؒࢧԉ͠ͳ͕Βূ໌͢Δ
• B-method ͳͲ͕༗໊
• Ϟσϧݕࠪ
• ର৅ͱ͢ΔγεςϜΛঢ়ଶભҠਤͰϞσϧԽ
• ࣌૬࿦ཧࣜ4ͱݺ͹ΕΔࣜͰੑ࣭Λهड़
• ঢ়ଶભҠͷঢ়ଶΛ໢ཏ୳ࡧͯ࣌͠૬࿦ཧࣜΛຬ͔ͨ͢ݕࠪ͢Δ
• SPIN ͳͲ͕༗໊
4 ࣌ؒͱͷؔ܎ͰมԽ͢Δঢ়ଶΛهड़͢Δ࿦ཧࣜͷ͜ͱ

View Slide

ܰྔͳܗࣜख๏
• ܗࣜख๏͸೉͍͠
• Ϟσϧݕࠪ͸૊Έ߹Θͤരൃ͕ى͖Δ
• ఆཧূ໌͸େମͷ৔߹ͰࣗಈͰূ໌Ͱ͖ͳ͍
• ιϑτ΢ΣΞͷҰ෦ͷঢ়ଶΛ໢ཏతʹݕࠪ͢Δ
• ΄ͱΜͲͷܽؕ͸ɺখ͍͞୳ࡧൣғͰ͋ͬͯ΋൓ྫͱͯ͠ൃݟ͞ΕΔ (Small Scope Hypothesis)
• ࠷΋ܽؕͷى͖ͦ͏ͳ৔ॴΛूதతʹݕࠪ͢Δͷ͕ྑ͍ͩΖ͏ͱ͍͏ൃ૝ (Daniel Jackson)
• Alloy Analyzer ͳͲ͕༗໊
• Πϯϑϥߏ੒Ͱ΋ܗࣜख๏ΛऔΓೖΕΑ͏ͱ͢Δਓ΋͍Δ 5
5 http://ccvanishing.hateblo.jp/entry/2016/06/06/051120

View Slide

AWS ͷྫ
• AWS Ͱ͸ 2011 ೥͔Βܗࣜख๏Λ࠾༻͍ͯ͠Δ 6
• ෼ࢄγεςϜͷΞϧΰϦζϜઃܭͳͲ
• DynamoDB/S3/EBS ͳͲ
• AWS Ͱ͸ TLA+ ͱ͍͏΋ͷΛ࢖ͬͯܗࣜख๏Λѻ͍ͬͯΔ
• ࠷ॳʹ༗༻ੑ͕࣮ূ͞Εͨͷ͸ DynamoDB
• େମೋि͙ؒΒ͍Ͱ TLA+ ͰΞϧΰϦζϜ͕ॻ͚ͨΒ͍͠
• ݕূ༷ͯ͠ʑͳো֐ύλʔϯͷચ͍ग़͠ʹ੒ޭ
• DynamoDB ͷ੒ޭΛड͚ͯ S3/EBS ͳͲͰ΋ܗࣜख๏͕औΓೖΕΒΕΔ
6 How Amazon web services uses formal methods: http://dl.acm.org/citation.cfm?id=2749359.2699417

View Slide

Raft Λ TLA+ Ͱهड़ͨ͠ྫ
• https://github.com/ongardie/raft.tla/blob/master/raft.tla
CONSTANTS RequestVoteRequest, RequestVoteResponse,
AppendEntriesRequest, AppendEntriesResponse
Quorum == {i \in SUBSET(Server) : Cardinality(i) * 2 > Cardinality(Server)}
InitHistoryVars == /\ elections = {}
/\ allLogs = {}
/\ voterLog = [i \in Server |-> [j \in {} |-> <<>>]]
InitServerVars == /\ currentTerm = [i \in Server |-> 1]
/\ state = [i \in Server |-> Follower]
/\ votedFor = [i \in Server |-> Nil]
InitCandidateVars == /\ votesResponded = [i \in Server |-> {}]
/\ votesGranted = [i \in Server |-> {}]

View Slide

ܕγεςϜ΍ฒྻॲཧͱ͔ͷྫ
• ܕγεςϜ: ू߹࿦ͱͯ͠ߟ͑Δ
• ܕ(Int ͱ͔)͸ू߹ɾͦͷܕʹॴଐ͢Δม਺͸ू߹ཁૉ
• ܭࢉϞσϧ: ϥϜμܭࢉͱ͍͏ܭࢉ໛ܕΛ࢖͏
• (͜Ε͸ Python ͷ lambda x: x ͷҙຯ)
• ฒߦܭࢉϞσϧ: πܭࢉͳͲͷܭࢉ໛ܕΛ࢖͏
• (͜Ε͸νϟωϧ x ʹ஋ ΛૹΔͱ͍͏ҙຯ)

View Slide

·ͱΊ
• ܗࣜख๏ʹೖ໳ͨ͠
• ΑΓ҆શͰݎ࿚ͳιϑτ΢ΣΞΛ࡞Δʹ͸ܗࣜख๏͕༗ޮͰ͋Δ
• ݱঢ়͸೉͗͢͠Δ͕೔ʑͷۀ຿ͳͲʹ΋ద༻Ͱ͖ΔͷͰ͸ʁ
• ιϑτ΢ΣΞςετͰঢ়ଶΛ͢΂ͯ໢ཏ͢Δͷ͸೉͍͠
• ܕγεςϜ΍ϥϜμܭࢉ΍πܭࢉ΋ීஈͷϓϩάϥϛϯάͱؔ࿈͍ͯͯ͠໘ന͍
• ͳͥ Rust ͸ܕ҆શͱ͞Ε͍ͯΔͷ͔ʁͳͥ C ͸ܕ҆શͰ͸ͳ͍ͷ͔ʁ
• ΋ͬͱܗࣜख๏͕؆୯ʹͳΕ͹͍͍ͳ͋ͱࢥ͍ͬͯΔ

View Slide

ࢀߟࢿྉ
• http://dl.acm.org/citation.cfm?id=2749359.2699417
• http://research.microsoft.com/en-us/um/people/lamport/tla/
amazon.html
• https://brooker.co.za/blog/2014/08/09/formal-methods.html
• http://brooker.co.za/blog/2015/03/29/formal.html
• https://www.infoq.com/presentations/aws-testing-tla
• http://perspectives.mvdirona.com/2014/07/challenges-in-designing-
at-scale-formal-methods-in-building-robust-distributed-systems/

View Slide

introducing-formal-methods

introducing-formal-methods

rrreeeyyy

More Decks by rrreeeyyy

Other Decks in Technology

Featured

Transcript