I'm learning model-checking and NuSMV for my education. I can edit and run NuSMV code and I have a fair understanding of what UART is and does.
My task is to formally model UART with NuSMV but at this time I'm not sure how to do it. I understand that UART transmits one byte as eight sequential bits but how can I model that?
I have a mutex code as a starting point:
>NuSMV.exe mutex.smv
*** This is NuSMV 2.6.0 (compiled on Wed Oct 14 15:37:51 2015)
*** Enabled addons are: compass
*** For more information on NuSMV see <http://nusmv.fbk.eu>
*** or email to <nusmv-users#list.fbk.eu>.
*** Please report bugs to <Please report bugs to <nusmv-users#fbk.eu>>
*** Copyright (c) 2010-2014, Fondazione Bruno Kessler
*** This version of NuSMV is linked to the CUDD library version 2.4.1
*** Copyright (c) 1995-2004, Regents of the University of Colorado
*** This version of NuSMV is linked to the MiniSat SAT solver.
*** See http://minisat.se/MiniSat.html
*** Copyright (c) 2003-2006, Niklas Een, Niklas Sorensson
*** Copyright (c) 2007-2010, Niklas Sorensson
-- specification EF (state1 = c1 & state2 = c2) is false
-- as demonstrated by the following execution sequence
Trace Description: CTL Counterexample
Trace Type: Counterexample
-> State: 1.1 <-
state1 = n1
state2 = n2
turn = 1
-- specification AG (state1 = t1 -> AF state1 = c1) is true
-- specification AG (state2 = t2 -> AF state2 = c2) is true
The code
MODULE main
VAR
state1: {n1, t1, c1};
ASSIGN
init(state1) := n1;
next(state1) :=
case
(state1 = n1) & (state2 = t2): t1;
(state1 = n1) & (state2 = n2): t1;
(state1 = n1) & (state2 = c2): t1;
(state1 = t1) & (state2 = n2): c1;
(state1 = t1) & (state2 = t2) & (turn = 1): c1;
(state1 = c1): n1;
TRUE : state1;
esac;
VAR
state2: {n2, t2, c2};
ASSIGN
init(state2) := n2;
next(state2) :=
case
(state2 = n2) & (state1 = t1): t2;
(state2 = n2) & (state1 = n1): t2;
(state2 = n2) & (state1 = c1): t2;
(state2 = t2) & (state1 = n1): c2;
(state2 = t2) & (state1 = t1) & (turn = 2): c2;
(state2 = c2): n2;
TRUE : state2;
esac;
VAR
turn: {1, 2};
ASSIGN
init(turn) := 1;
next(turn) :=
case
(state1 = n1) & (state2 = t2): 2;
(state2 = n2) & (state1 = t1): 1;
TRUE : turn;
esac;
SPEC
EF((state1 = c1) & (state2 = c2))
SPEC
AG((state1 = t1) -> AF (state1 = c1))
SPEC
AG((state2 = t2) -> AF (state2 = c2))
Before jumping into the smv model, you need to understand at what level of detail you are interested in modeling the UART component. It can be helpful to first model the component in a different formalism, so that you do not get stuck with syntactical issues. What are the inputs of the component? What are the outputs? Is there internal state? How does the internal state change over time and, in particular, in one step?
If you are familiar with hardware description languages (e.g., Verilog and VHDL), this would be a very good starting point, since a transition in SMV can be seen as a clock tick. If you do not know those languages, you can try to write a piece of software instead; this will help you understand input/outputs of the system, but the translation into SMV will not be so immediate.
For components that are very stateful, manually drawing the corresponding automata might help.
Related
I am using rbx.lua. Everything works except for the color changing at the bottom.
Please note that the script is not finished, I just stopped at p1.
--Variables--
local r1 = math.random(100)
local r2 = math.random(100)
local r3 = math.random(100)
local p1 = workspace.Part1
local p2 = workspace.Part2
local p3 = workspace.Part3
local c1 = game.ServerStorage.green
local c2 = game.ServerStorage.yellow
local c3 = game.ServerStorage.red
local grn = NumberRange.new(0, 45)
local ylw = NumberRange.new(46, 75)
local red = NumberRange.new(76, 100)
--Randomizing Y Vector Between 0 and 100--
p1.Size = Vector3.new(4, r1, 4)
p2.Size = Vector3.new(4, r2, 4)
p3.Size = Vector3.new(4, r3, 4)
--Setting up colors--
if p1.Size.Y == grn then
p1.BrickColor = c1
end
if p1.Size.Y == ylw then
p1.BrickColor = c2
end
if p1.Size.Y == red then
p1.BrickColor = c3
end
Try this instead:
Remove the NumberRange variables, and replace the if blocks with this:
if p1.Size.Y <= 45 then
p1.BrickColor = c1
elseif p1.Size.Y <=75 then
p1.BrickColor = c2
else
p1.BrickColor = c3
end
The elseif block won’t be checked unless the p1.Size.Y value is above 45. Same for the else block: it won’t be entered unless the value is above 75.
Hope that helps! You were checking to see if a specific value was equal to (==) a range...not if the value was in the range.
I want to model a symmetric distributed four processor three coloring protocol with nuSMV. My specification - which I am sure about its correctness - must be true but when I use keyword "F" for "Finally" property, nuSMV gives me a counterexample at very first step and stops processing next states.
What should I do to make it fixed and check Finally property in LTL?
Here is my SMV code:
MODULE proc(former_proc ,further_proc )
VAR
self_proc : {zero, on, two};
ASSIGN
init(self_proc) :={zero, on, two};
next(self_proc) :=
case
(self_proc = two) & (further_proc = two | further_proc = zero) & (former_proc = two) : on;
(self_proc = two) & (further_proc = two) & (former_proc = zero) : zero;
(self_proc = on) & (further_proc = two | further_proc = on) & (former_proc = on) : zero;
(self_proc = on | self_proc = zero) & (further_proc = on) & (former_proc = zero) : two;
(self_proc = on) & (further_proc = zero) & (former_proc = on) : two;
(self_proc = zero) & (further_proc = zero) & (former_proc = on | former_proc = zero) : two;
TRUE : self_proc;
esac;
MODULE main
VAR
p1 : process proc( p4.self_proc ,p2.self_proc );
p2 : process proc( p1.self_proc ,p3.self_proc );
p3 : process proc( p2.self_proc ,p4.self_proc );
p4 : process proc( p3.self_proc ,p1.self_proc );
FAIRNESS running
LTLSPEC F((p1.self_proc != p2.self_proc) & (p1.self_proc != p4.self_proc) & (p2.self_proc != p3.self_proc) & (p3.self_proc != p4.self_proc))
and here is my counterexample from nuSMV:
-- specification F (((p1.self_proc != p2.self_proc & p1.self_proc != p4.self_proc) & p2.self_proc != p3.self_proc) & p3.self_proc != p4.self_proc) is false
-- as demonstrated by the following execution sequence
Trace Description: LTL Counterexample
Trace Type: Counterexample
-- Loop starts here
-> State: 1.1 <-
p1.self_proc = on
p2.self_proc = on
p3.self_proc = zero
p4.self_proc = zero
-> Input: 1.2 <-
_process_selector_ = main
running = TRUE
p4.running = FALSE
p3.running = FALSE
p2.running = FALSE
p1.running = FALSE
-- Loop starts here
-> State: 1.2 <-
-> Input: 1.3 <-
-> State: 1.3 <-
Thank you.
Can anyone on here help me on decrypting the SSL encryption that protects this LUA script linked at the end of this topic? Basically they are encoded with Base64 then SSL, but I have no idea how to do the SSL portion. They are used with a program called Bot of Legends, and someone told me that it is possible to break the encryption by dumping the decryption function of said program and using that to get the SSL key, but I have no clue where to even start on that. Basically these scripts work by connecting to an authentication server that is coded into the script, and I have gotten a few on my own by sniffing the traffic to their auth server from network packets to get their server link and essentially created my own auth server with Apache, then redirected the network traffic that goes to their server to my own from the script to get the script validated response. For some scripts that have stronger encryption, its not that easy and I would have to get to the source code to remove the coding that runs the auth server checks. Up until a few days ago I had no knowledge on how lua coding worked and how to even compute how auth server checks could be even possible for coding in a simple text file due to lua obfuscation. So bear with me, I would like if someone can chime in and give me an idea on what I can do.
Regards,
Chris
*** PasteBin link to the script in question in raw format: http://pastebin.com/raw.php?i=bG0VqQGW
The Base64 section is first with the SSL section at the bottom.
print("SSL Decoder version 2.0")
print("Copyright (C) 2015")
print("Decoding Started...")
local infilename = select(1,...)
local outfilename = select(2,...)
local infile = io.open(infilename, "r")
if not infile then
error("Failed to open input file.")
end
local intext = infile:read("*a")
infile:close()
local ssltabletext = intext:match("SSL%s*%(%s*%{([%s,0-9]*)%}%s*%)")
if not ssltabletext then
error("Could not find ssl table in source file.")
end
local ssltable = load("return {"..ssltabletext.."}")()
if #ssltable < 255 then
error("SSL table is too short -- can't find table encryption key.")
end
-- find decryption key for the ssl table
local decrypt = {}
decrypt[0] = 0
for i = 1,255 do
local dec = i
local enc = ssltable[i]
assert(decrypt[enc] == nil)
decrypt[enc] = dec
end
-- decrypt ssl table
for i = 256, #ssltable - 256 do -- not sure what last 256 bytes are
ssltable[i] = decrypt[ssltable[i] ]
end
-- If this does a stack overflow, easy to change to something dumb but more robust
local sslcode = string.char(table.unpack(ssltable, 256, #ssltable - 256))
-- This is interesting --
--print(sslcode)
local keyindex = sslcode:match("local Key%s*=%s*'()")
if not keyindex then
error("Could not find key in decoded ssl table.")
end
local key = sslcode:sub(keyindex)
local length = 0
while true do
local c = key:sub(length+1, length+1)
if c == "" then
error("Key string was not terminated.")
elseif c == "'" then
break
elseif c == "\\" then
local c2 = key:sub(length+2, length+2)
if c2:match("%d") then
local c3 = key:sub(length+3, length+3)
if c3:match("%d") then
local c4 = key:sub(length+4, length+4)
if c4:match("%d") then
length = length + 4
else
length = length + 3
end
else
length = length + 2
end
elseif c2 == "x" then
length = length + 4
else
length = length + 2
end
else
length = length + 1
end
end
key = key:sub(1, length)
if #key == 0 then
error("Key is empty")
end
print("Key Found! > " .. key)
print("Decoding finished, outfile is at > " .. outfilename)
-- find base64
local b64 = intext:match("_G.ScriptCode%s*=%s*Base64Decode%s*%(%s*\"([a-zA-Z0-9/+]*=*)\"%s*%)")
if not b64 then
error("Could not find Base-64 encrypted code in source file.")
end
-- base64 decode
local b64val = {}
for i = 0, 25 do
do
local letter = string.byte("A")
b64val[string.char(letter+i)] = i
end
do
local letter = string.byte("a")
b64val[string.char(letter+i)] = i + 26
end
end
for i = 0, 9 do
local numeral = string.byte("0")
b64val[string.char(numeral+i)] = i + 52
end
b64val["+"] = 62
b64val["/"] = 63
b64val["="] = 0
local encoded = b64:gsub("(.)(.)(.)(.)",function(a,b,c,d)
local n = b64val[a] * (64 * 64 * 64) + b64val[b] * (64 * 64) + b64val[c] * 64 + b64val[d]
local b1 = n % 256; n = (n - b1) / 256
local b2 = n % 256; n = (n - b2) / 256
local b3 = n
if d == "=" then
if c == "=" then
assert(b1 == 0 and b2 == 0)
return string.char(b3)
else
assert(b1 == 0)
return string.char(b3, b2)
end
else
return string.char(b3, b2, b1)
end
end)
-- decode
local decoded = encoded:gsub("()(.)", function(i, c)
local b = c:byte()
local ki = ((i - 1) % #key) + 1
local k = key:byte(ki,ki)
b = b - k
if b < 0 then b = b + 256 end
return string.char(b)
end)
-- verify
local result, err = load(decoded)
if not result then
error("Decoded file could not be loaded -- it may be corrupt... ("..tostring(err)..")")
end
-- output
local outfile = io.open(outfilename, "wb")
if not outfile then
error("Failed to open output file.")
end
outfile:write(decoded)
outfile:close()
This code is by Extreme Coders (https://reverseengineering.stackexchange.com/users/1413/extreme-coders)
how to use it , u need to get lua52.exe
save the code into a text file and name it ssl.lua (for example)
now run cmd and type lua52 ssl yourscript.lua decryptedscript.lua
it will run and decrypt it.
No, I need the shortest possible solution, preferably with macro folding.
Here is how I did this, cascading Repeat macros:
Name 8-bit counter ;
PartNo MIC20181 ;
Date 2015/2/8 ;
Revision 01 ;
Designer Engineer ;
Company Donghua University ;
Assembly None ;
Location ;
Device g16v8 ;
/* Input pins */
Pin 1 = CLK;
Pin 11 = GND;
/* Output pins */
PinNode [12..19] = [Q7..0];
Append Q0.D = !Q0;
Append Q1.D = !Q1 & Q0;
Append Q1.D = Q0 & !Q1;
$Repeat P = [2..7]
$Repeat R = [{P - 1}..0]
Append Q{P}.D = Q{P} & !Q{R};
$RepEnd
Append Q{P}.D = !Q{P} & !([Q{P-1}..0]:#);
$RepEnd
The trick here is how I (ab)used $Repeat macros.
I've been doing past paper questions and keep coming up against these questions that deal with 3 valued logic. My notes mention it but don't give examples that relate to those asked in exams.
I understand the basis that True = 1, False = 0 & Unknown = 1/2 as well as And = Min, Or = Max and Not(x) = 1-x. However I do not know how to apply it to questions such as those below:
In SQL, discuss the possible truth values of the following expression:
R.a > R.b OR R.a <= 0 OR R.b >= 0
Justify your answer.
And:
The phone and age fields of the Owner table might have null values in
them. Considering all possible combinations, show which of the three
truth values might be returned by the expression:
phone = ’141-3304913’ OR age <50 OR age >= 50
Any help in clarifying these for me would be really appreciated :)
I will focus on the concrete example, which is more proper for clarifying things.
Put simply, your logical expression is made of a conjunction of three clauses
C1: phone = '141-3304913'
C2: age < 50
C3: age >= 50
for which tri-boolean logic states that the result is
True, if any clause is true
False, if all clauses are false
Unknown, in all the other cases
Consequently, if the value associated with True is the largest, with False is the smallest, and with Unknown is any intermediate value, then taking the MAX for a conjunction proves correct. Similarly, a disjunction works with the MIN function. Negation works as long as we interpret any value between 0 and 1 (excluded) as Unknown; clearly, if we take 1/2 then the negation function is "stable", but that does not really matter in mathematical terms.
More operatively, the clauses clearly react to the following values (instances) of your phone variable P and your age variable A:
P1 such that P1 = '141-3304913'
P2 such that P2 <> '141-3304913'
P3 such that P3 = NULL
A1 such that A1 < 50
A2 such that A2 >= 50
A3 such that A3 = NULL
In terms of satisfaction of the clauses, we have
P1 -> C1 = 1
P2 -> C1 = 0
P3 -> C1 = 1/2
A1 -> C2 = 1, C3 = 0
A2 -> C2 = 0, C3 = 1
A3 -> C2 = C3 = 1/2
In general there exist 3*3 possible combinations, since each of your two variables takes three possible values:
P1 A1: C1 = 1, C2 = 1, C3 = 0 -> MAX(1,1,0) = 1 -> true
P1 A2: C1 = 1, C2 = 0, C3 = 1 -> MAX(1,0,1) = 1 -> true
P1 A3: C1 = 1, C2 = 1/2, C3 = 1/2 -> MAX(1,1/2,1/2) = 1 -> true
P2 A1: C1 = 0, C2 = 1, C3 = 0 -> MAX(0,1,0) = 1 -> true
P2 A2: C1 = 0, C2 = 0, C3 = 1 -> MAX(0,0,1) = 1 -> true
P2 A3: C1 = 0, C2 = 1/2, C3 = 1/2 -> MAX(0,1/2,1/2) = 1/2 -> unknown
P3 A1: C1 = 1/2, C2 = 1, C3 = 0 -> MAX(1/2,1,0) = 1 -> true
P3 A2: C1 = 1/2, C2 = 0, C3 = 1 -> MAX(1/2,0,1) = 1 -> true
P3 A3: C1 = 1/2, C2 = 1/2, C3 = 1/2 -> MAX(1/2,1/2,1/2) = 1/2 -> unknown
In particular, since C2 and C3 are mutually exclusive, you never get False as a result of the conjunction.
The expression R.a > R.b OR R.a <= 0 OR R.b >= 0 instead presents these cases:
R.a <= 0, R.a > 0, R.a = unknown
R.b >= 0, R.b < 0, R.b = unknown
R.a - R.b > 0, R.a - R.b <= 0, R.a - R.b = unknown
Apparently we have three variables and 27 possible cases, but several related to R.a - R.b can be trivially ruled out.