Applying SMT Solvers to the Test Template Framework

The Test Template Framework (TTF) is a model-based testing method for the Z notation. In the TTF, test cases are generated from test specifications, which are predicates written in Z. In turn, the Z notation is based on first-order logic with equality and Zermelo-Fraenkel set theory. In this way, a test case is a witness satisfying a formula in that theory. Satisfiability Modulo Theory (SMT) solvers are software tools that decide the satisfiability of arbitrary formulas in a large number of built-in logical theories and their combination. In this paper, we present the first results of applying two SMT solvers, Yices and CVC3, as the engines to find test cases from TTF's test specifications. In doing so, shallow embeddings of a significant portion of the Z notation into the input languages of Yices and CVC3 are provided, given that they do not directly support Zermelo-Fraenkel set theory as defined in Z. Finally, the results of applying these embeddings to a number of test specifications of eight cases studies are analysed.Comment: In Proceedings MBT 2012, arXiv:1202.582

Experiences with the GENE-AUTO Code Generator in the Aerospace Industry

International audienceThis paper gives an overview of the most recent experimentations that Astrium and Airbus conducted with the GENE AUTO code generator during 2009. GENE-AUTO is an open source automatic and qualifiable C code generator taking as input Simulink ® /Stateflow ® and Scilab/Scicos models. It was developed in the context of an ITEA European project that ended in December 2008 (www.geneauto.org). The GENE-AUTO toolset is currently maintained by its developers and evaluated for industrial usage by several end-users. This paper presents the case studies that we used for evaluation purposes, explains the organisation between the users and technology providers with respect to the toolset maintenance and summarizes the experimentation results

On the Verification of Parametric Systems

We present an approach to the verification of systems for whose description some elements - constants or functions - are underspecified and can be regarded as parameters, and, in particular, describe a method for automatically generating constraints on such parameters under which certain safety conditions are guaranteed to hold. We present an implementation and illustrate its use on several examples.Comment: 26 pages. arXiv admin note: text overlap with arXiv:1910.0520

Estudo da dinâmica ferroviária de uma maquete em escala H0

TCC (graduação) - Universidade Federal de Santa Catarina. Campus Joinville. Engenharia Ferroviária.O Brasil é um país de proporções continentais, o que torna o modal ferroviário uma opção essencial para a matriz de transportes. Para manter e garantir a expansão da ferrovia se faz necessário formação contínua de mão de obra qualificada. Para tal formação é necessário que o país possua um sistema educacional competente e habilitado no ensino da engenharia ferroviária. As ferramentas para o ensino de dinâmica ferroviária são muito escassas, por isso esse trabalho tem como finalidade avaliar se modelos de ferromodelismo apresentam comportamentos dinâmicos equivalentes à realidade. Por meio de ensaios realizados em uma maquete de escala H0 considerou-se a escalabilidade de algumas variáveis principais para a dinâmica. Este trabalho teve sua conclusão no indício de viabilidade do uso de ferromodelos para o ensino de noções de dinâmica ferroviária.Brazil is a country of continental proportions, which makes the railway modal an essential option for the transport matrix. In order to maintain and guarantee the expansion of the railway, continuous training of qualified labor is necessary. For such training it is necessary that the country has a competent and qualified educational system in the teaching of railway engineering. The tools for teaching railway dynamics are very scarce, so this work aims to assess whether model railroad models have dynamic behaviors equivalent to reality. Through tests performed on an H0 scale model, the scalability of some main variables for the dynamics was considered. This work had its conclusion in the indication of the viability of the use of model trains for the teaching of notions of railway dynamics

A Refinement-based compiler development for synchronous languages

In this paper, we are concerned by the elaboration of generic development steps for the code generation for synchronous languages. Our aim is to provide a correct by construction solution. For that purpose, we adopt a refinement-based approach where proof obligations for each step guarantee properties preservation. We use the Event-B formal method. We start with a big step semantics specified by an Event-B machine. Through a sequence of refinements, expressed as Event-B refinement machines, we end up with a code generation step which implements a small step semantics preserving the properties of the big step semantics

A method for rigorous development of fault-tolerant systems

PhD ThesisWith the rapid development of information systems and our increasing dependency on computer-based systems, ensuring their dependability becomes one the most important concerns during system development. This is especially true for the mission and safety critical systems on which we rely not to put signi cant resources and lives at risk. Development of critical systems traditionally involves formal modelling as a fault prevention mechanism. At the same time, systems typically support fault tolerance mechanisms to mitigate runtime errors. However, fault tolerance modelling and, in particular, rigorous de nitions of fault tolerance requirements, fault assumptions and system recovery have not been given enough attention during formal system development. The main contribution of this research is in developing a method for top-down formal design of fault tolerant systems. The re nement-based method provides modelling guidelines presented in the following form: a set of modelling principles for systematic modelling of fault tolerance, a fault tolerance re nement strategy, and a library of generic modelling patterns assisting in disciplined integration of error detection and error recovery steps into models. The method supports separation of normal and fault tolerant system behaviour during modelling. It provides an environment for explicit modelling of fault tolerance and modal aspects of system behaviour which ensure rigour of the proposed development process. The method is supported by tools that are smoothly integrated into an industry-strength development environment. The proposed method is demonstrated on two case studies. In particular, the evaluation is carried out using a medium-scale industrial case study from the aerospace domain. The method is shown to provide support for explicit modelling of fault tolerance, to reduce the development e orts during modelling, to support reuse of fault tolerance modelling, and to facilitate adoption of formal methods.DEPLOY: The TrAmS Grant: The School of Computing Science, Newcastle University

Deductive Verification of Concurrent Programs

Verification of concurrent programs still poses one of the major challenges in computer science. Several techniques to tackle this problem have been proposed. However, they often do not scale. We present an adaptation of the rely/guarantee methodology in dynamic logic. Rely/guarantee uses functional specification to symbolically describe the behavior of concurrently running threads: while each thread guarantees adherence to a specified property at any point in time, all other threads can rely on this property being established. This allows to regard threads largely in isolation--only w.r.t. an environment constrained by these specifications. While rely/guarantee based approaches often suffer from a considerable specification overhead, we complement functional thread specifications with frame conditions. We will explain our approach using a simple, but concurrent programing language. Besides the usual constructs for sequential programs, it caters for dynamic thread creation. We define semantics of concurrent programs w.r.t. an underspecified deterministic scheduling function. To formally reason about programs of this language, we introduce a novel multi-modal logic, Concurrent Dynamic Trace Logic (CDTL). It combines the strengthes of dynamic logic with those of linear temporal logic and allows to express temporal properties about symbolic program traces. We first develop a sound and complete sequent calculus for the logic subset that uses the sequential part of the language, based on symbolic execution. In a second step, we extend this to a calculus for the complete logic by adding symbolic execution rules for concurrent interleavings and dynamic thread creation based on the rely/guarantee methodology. Again, this calculus is proven sound and complete