Formal Verification of Device State Chart Models by Corno F., Sanaullah M.
Formal Veriﬁcation of
Device State Chart Models











































Agents Fuzzy Rules Algorithm
SmartphoneWall switch Tangible PC
Model
General Goals
 Adopt formal representations to allow a sound design 
process
 Enable validation and verification throughout the design 
process
 Integrate the solution in the Dog2.1gateway toolset
Formal VerificationIE'2011, Nottingham UK5
Adopted formalisms








State machines UML Statecharts
Middleware











Formal VerificationIE'2011, Nottingham UK6
The DogOnt ontology






























 Ontologies are declarative formalisms: device properties
 For device behavior we need an operational formalism
 Statecharts (Harel, 1987, now in UML 2.0)









 Ontologies are declarative formalisms: device properties
 For device behavior we need an operational formalism
 Statecharts (Harel, 1987, now in UML 2.0)
 We use Statecharts for
 Modeling the behavior of each device type
 Implementing the Intelligent Algorithms within the gateway
 Building a whole-system model allowing simulation and 
emulation
 Statecharts have a formal semantics: formal verification is
possible
Formal VerificationIE'2011, Nottingham UK11
Overall system components



















































 UMC Model Checker
 Supports Statecharts as a model








































But… (goal of this paper)
 Formal verification relies on the composition of device
state charts
 Environment control relies on information in DogOnt
device properties
 How to ensure their consistency?
 Solution: use formal verification, too
Formal VerificationIE'2011, Nottingham UK16
The problem
Formal VerificationIE'2011, Nottingham UK17
The problem
Formal VerificationIE'2011, Nottingham UK18
• Naming consistency for states
• Naming consistency for commands
• Naming consistency for notifications
• Acceptance of commands
• Reachability of declared states
• Generation of declared notification
• Range of numeric status variables
Approach
 From DogOnt, extract
UCTL properties
 From DogOnt, build a 
synthetic environment for
the device
 Integrate Device State 
Chart in the synthetic
environment
 For every property
 Run Model checher














 From DogOnt, extract
UCTL properties
 From DogOnt, build a 
synthetic environment for
the device
 Integrate Device State 
Chart in the synthetic
environment
 For every property
 Run Model checher













Building a closed system model, ready for verification
Approach
 From DogOnt, extract
UCTL properties
 From DogOnt, build a 
synthetic environment for
the device
 Integrate Device State 
Chart in the synthetic
environment
 For every property
 Run Model checher













Example: DimmerLamp generated & verified
properties
--Action Properties







EF {accepting (stepDown)} true
EF {accepting (stepUp)} true
EF {accepting (set)} true
EF {accepting (off)} true
EF {accepting (on)} true









 UCTL Model Checker
 Dog2.1 standard device classes
 Device classes verified: 11
 Number of verifies properties: 114
 Some design errors found and corrected
 CPU time: < 1 sec / property
 Formally validated device statechart library in 
Dog2.1
Formal VerificationIE'2011, Nottingham UK22
Conclusions
 Engineering the Design 
Process for Intelligent
Environments
 Formalisms and tools are 
needed
 Ontologies, Statecharts, 
Temporal Logics
Formal VerificationIE'2011, Nottingham UK23
http://elite.polito.it
http://domoticdog.sourceforge.net 
fulvio.corno@polito.it
