Formal Verification of Device State Chart Models by Corno F. & Sanaullah M.
03 August 2020
POLITECNICO DI TORINO
Repository ISTITUZIONALE
Formal Verification of Device State Chart Models / Corno F.; Sanaullah M.. - STAMPA. - Proceedings 2011 Seventh
International Conference on Intelligent Environments(2011), pp. 66-73. ((Intervento presentato al convegno The 7th
International Conference on Intelligent Environments tenutosi a Nottingham (UK) nel 25-28/07/2011.
Original
Formal Verification of Device State Chart Models
Publisher:
Published
DOI:10.1109/IE.2011.36
Terms of use:
openAccess
Publisher copyright
(Article begins on next page)
This article is made available under terms and conditions as specified in the  corresponding bibliographic description in
the repository
Availability:
This version is available at: 11583/2402456 since:
IEEE Computer Society
Formal Verification of
Device State Chart Models
Fulvio Corno, Muhammad Sanaullah
Politecnico di Torino
Dipartimento di
Automatica e Informatica
Torino, Italy
http://elite.polito.it
Outline
Formal VerificationIE'2011, Nottingham UK2
 Design process
 Formalisms
 Verification Methodology
 Results
 Conclusions
Design process for IE
 Intelligent environments
gaining acceptance
 More installations
 Standard solutions
 Need more structured
design process
 Less “art”
 More “engineering”
Formal VerificationIE'2011, Nottingham UK3
Requirements
Project
Analysis, Design
Implementation
HW SW
System
Verification
Simulation
Validation
Emulation
Reference model
Formal VerificationIE'2011, Nottingham UK4
Devices
Middleware
Intelligence
User Interface
Sensor Actuator Bus WirelessMeter
GatewayAccess point Framework
Wearable
Protocols
Agents Fuzzy Rules Algorithm
SmartphoneWall switch Tangible PC
Model
General Goals
 Adopt formal representations to allow a sound design 
process
 Enable validation and verification throughout the design 
process
 Integrate the solution in the Dog2.1gateway toolset
Formal VerificationIE'2011, Nottingham UK5
Adopted formalisms
Level Design artifact Technique Formalism
User Interface
System 
requirements
Temporal Logics UCTL
Intelligence
Intelligent
algorithms
State machines UML Statecharts
Middleware
Device categories Ontology DogOnt classes
System
configuration
Ontology DogOnt instances
Devices
Device models State machines UML Statecharts
Whole system 
behavior
Parallel state 
machines
UML Statecharts
Formal VerificationIE'2011, Nottingham UK6
The DogOnt ontology
Formal VerificationIE'2011, Nottingham UK7
Formalism
UCTL
UML Statecharts
DogOnt classes
DogOnt instances
UML Statecharts
UML Statecharts
DogOnt instances: DimmerLamp
Formal VerificationIE'2011, Nottingham UK8
Formalism
UCTL
UML Statecharts
DogOnt classes
DogOnt instances
UML Statecharts
UML Statecharts
Overall system components
Formal VerificationIE'2011, Nottingham UK9
System 
Configuration  
DogOnt
Gateway
Real devices
Load
model
Sense &
Control
…to be continued…
Device modeling
 Ontologies are declarative formalisms: device properties
 For device behavior we need an operational formalism
 Statecharts (Harel, 1987, now in UML 2.0)
Formal VerificationIE'2011, Nottingham UK10
Formalism
UCTL
UML Statecharts
DogOnt classes
DogOnt instances
UML Statecharts
UML Statecharts
Use cases
 Ontologies are declarative formalisms: device properties
 For device behavior we need an operational formalism
 Statecharts (Harel, 1987, now in UML 2.0)
 We use Statecharts for
 Modeling the behavior of each device type
 Implementing the Intelligent Algorithms within the gateway
 Building a whole-system model allowing simulation and 
emulation
 Statecharts have a formal semantics: formal verification is
possible
Formal VerificationIE'2011, Nottingham UK11
Overall system components
Formal VerificationIE'2011, Nottingham UK12
System 
Configuration  
DogOnt
Gateway
Real devices
Load
model
Sense &
Control
Intelligent
Algorithms
Run
…to be continued…
Overall system components
Formal VerificationIE'2011, Nottingham UK13
System 
Configuration  
DogOnt
Gateway
Real devices
Load
model
Sense &
Control
Whole 
Environment Model
Device
Statechart
Composition
Simulation
Emulation
Intelligent
Algorithms
Run
Whole System 
Model
Composition
Simulation
…to be continued…
Temporal logic
 UCTL logic
 Branching-time
 State-based and action-based
 Operators
 Next (X,N)
 Future (F)
 Globally (G)
 All (A)
 Exists (E)
 Until (U)
 UMC Model Checker
 Supports Statecharts as a model
Formal VerificationIE'2011, Nottingham UK14
Formalism
UCTL
UML Statecharts
DogOnt classes
DogOnt instances
UML Statecharts
UML Statecharts
Examples
Overall system components
Formal VerificationIE'2011, Nottingham UK15
System 
Configuration  
DogOnt
Gateway
Real devices
Load
model
Sense &
Control
Whole 
Environment Model
Device
Statechart
Composition
Simulation
Emulation
Intelligent
Algorithms
Run
Whole System 
Model
Composition
System 
requirements
Formal
Verification
Simulation
Formal
Verification
But… (goal of this paper)
 Formal verification relies on the composition of device
state charts
 Environment control relies on information in DogOnt
device properties
 How to ensure their consistency?
 Solution: use formal verification, too
Formal VerificationIE'2011, Nottingham UK16
The problem
Formal VerificationIE'2011, Nottingham UK17
The problem
Formal VerificationIE'2011, Nottingham UK18
• Naming consistency for states
• Naming consistency for commands
• Naming consistency for notifications
• Acceptance of commands
• Reachability of declared states
• Generation of declared notification
• Range of numeric status variables
Approach
 From DogOnt, extract
UCTL properties
 From DogOnt, build a 
synthetic environment for
the device
 Integrate Device State 
Chart in the synthetic
environment
 For every property
 Run Model checher
Formal VerificationIE'2011, Nottingham UK19
DogOnt
Device
Statechart
UCTL
properties
Hostile synthetic 
environment
Closed system 
model
Model
Checking
OK ERR
Approach
 From DogOnt, extract
UCTL properties
 From DogOnt, build a 
synthetic environment for
the device
 Integrate Device State 
Chart in the synthetic
environment
 For every property
 Run Model checher
Formal VerificationIE'2011, Nottingham UK20
DogOnt
Device
Statechart
UCTL
properties
Hostile synthetic 
environment
Closed system 
model
Model
Checking
OK ERR
Building a closed system model, ready for verification
Approach
 From DogOnt, extract
UCTL properties
 From DogOnt, build a 
synthetic environment for
the device
 Integrate Device State 
Chart in the synthetic
environment
 For every property
 Run Model checher
Formal VerificationIE'2011, Nottingham UK21
DogOnt
Device
Statechart
UCTL
properties
Hostile synthetic 
environment
Closed system 
model
Model
Checking
OK ERR
Example: DimmerLamp generated & verified
properties
--Action Properties
--the acceptance of all the commands in DSC
EF {sending(stepDown)} true
EF {sending(stepUp)} true
EF {sending(set)} true
EF {sending(off)} true
EF {sending(on)} true
--
EF {accepting (stepDown)} true
EF {accepting (stepUp)} true
EF {accepting (set)} true
EF {accepting (off)} true
EF {accepting (on)} true
--the generation of all the notifications in DSC
EF {sending(stateChanged)} true
EF {accepting(stateChanged)} true
--State Properties
--the reachability of all the states in DSC 
EF (offState) 
EF (onState) 
EF (LightIntensityState)
Experimental Results
 UCTL Model Checker
 Dog2.1 standard device classes
 Device classes verified: 11
 Number of verifies properties: 114
 Some design errors found and corrected
 CPU time: < 1 sec / property
 Formally validated device statechart library in 
Dog2.1
Formal VerificationIE'2011, Nottingham UK22
Conclusions
 Engineering the Design 
Process for Intelligent
Environments
 Formalisms and tools are 
needed
 Ontologies, Statecharts, 
Temporal Logics
Formal VerificationIE'2011, Nottingham UK23
http://elite.polito.it
http://domoticdog.sourceforge.net 
fulvio.corno@polito.it
