865 research outputs found
Quantitative Verification: Formal Guarantees for Timeliness, Reliability and Performance
Computerised systems appear in almost all aspects of our daily lives, often in safety-critical scenarios such as embedded control systems in cars and aircraft
or medical devices such as pacemakers and sensors. We are thus increasingly reliant on these systems working correctly, despite often operating in unpredictable or unreliable environments. Designers of such devices need ways to guarantee that they will operate in a reliable and efficient manner.
Quantitative verification is a technique for analysing quantitative aspects of a system's design, such as timeliness, reliability or performance. It applies formal methods, based on a rigorous analysis of a mathematical model of the system, to automatically prove certain precisely specified properties, e.g. ``the airbag will always deploy within 20 milliseconds after a crash'' or ``the probability of both sensors failing simultaneously is less than 0.001''.
The ability to formally guarantee quantitative properties of this kind is beneficial across a wide range of application domains. For example, in safety-critical systems, it may be essential to establish credible bounds on the probability with which certain failures or combinations of failures can occur. In embedded control systems, it is often important to comply with strict constraints on timing or resources. More generally, being able to derive guarantees on precisely specified levels of performance or efficiency is a valuable tool in the design of, for example, wireless networking protocols, robotic systems or power management algorithms, to name but a few.
This report gives a short introduction to quantitative verification, focusing in particular on a widely used technique called model checking, and its generalisation to the analysis of quantitative aspects of a system such as timing, probabilistic behaviour or resource usage.
The intended audience is industrial designers and developers of systems such as those highlighted above who could benefit from the application of quantitative verification,but lack expertise in formal verification or modelling
A Modeling Framework for Schedulability Analysis of Distributed Avionics Systems
This paper presents a modeling framework for schedulability analysis of
distributed integrated modular avionics (DIMA) systems that consist of
spatially distributed ARINC-653 modules connected by a unified AFDX network. We
model a DIMA system as a set of stopwatch automata (SWA) in UPPAAL to analyze
its schedulability by classical model checking (MC) and statistical model
checking (SMC). The framework has been designed to enable three types of
analysis: global SMC, global MC, and compositional MC. This allows an effective
methodology including (1) quick schedulability falsification using global SMC
analysis, (2) direct schedulability proofs using global MC analysis in simple
cases, and (3) strict schedulability proofs using compositional MC analysis for
larger state space. The framework is applied to the analysis of a concrete DIMA
system.Comment: In Proceedings MARS/VPT 2018, arXiv:1803.0866
A Web-Based Tool for Analysing Normative Documents in English
Our goal is to use formal methods to analyse normative documents written in
English, such as privacy policies and service-level agreements. This requires
the combination of a number of different elements, including information
extraction from natural language, formal languages for model representation,
and an interface for property specification and verification. We have worked on
a collection of components for this task: a natural language extraction tool, a
suitable formalism for representing such documents, an interface for building
models in this formalism, and methods for answering queries asked of a given
model. In this work, each of these concerns is brought together in a web-based
tool, providing a single interface for analysing normative texts in English.
Through the use of a running example, we describe each component and
demonstrate the workflow established by our tool
Recommended from our members
Software integration testing based on communication coverage criteria and partial model generation
This paper considers the problem of integration testing the components of a timed distributed software system. We assume that communication between the components is specified using timed interface automata and use computational tree logic (CTL) to define communication-based coverage criteria that refer to send- and receive-statements and communication paths. The proposed method enables testers to focus during component integration on such parts of the specification, e.g. behaviour specifications or Markovian usage models, that are involved in the communication between components to be integrated. A more specific application area of this approach is the integration of test-models, e.g. a transmission gear can be tested based on separated models for the driver behaviour, the engine condition, and the mechanical and hydraulical transmission states. Given such a state-based specification of a distributed system and a concrete coverage goal, a model checker is used in order to determine the coverage or generate test sequences that achieve the goal. Given the generated test sequences we derive a partial test-model of the components from which the test sequences are derived. The partial model can be used to drive further testing and can also be used as the basis for producing additional partial models in incremental integration testing. While the process of deriving the test sequences could suffer from a combinatorial explosion, the effort required to generate the partial model is polynomial in the number of test sequences and their length. Thus, where it is not feasible to produce test sequences that achieve a given type of coverage it is still possible to produce a partial model on the basis of test sequences generated to achieve some other criterion. As a result, the process of generating a partial model has the potential to scale to large industrial software systems. While a particular model checker, UPPAAL, was used, it should be relatively straightforward to adapt the approach for use with other CTL based model checkers. A potential additional benefit of the approach is that it provides a visual description of the state-based testing of distributed systems, which may be beneficial in other contexts such as education and comprehension
Combining SysML and AADL for the design, validation and implementation of critical systems
The realization of critical systems goes through multiple phases of specification, design, integration, validation, and testing. It starts from high-level sketches down to the final product. Model-Based Design has been acknowledged as a good conveyor to capture these steps. Yet, there is no universal solution to represent all activities. Two candidates are the OMG-based SysML to perform high-level modeling tasks, and the SAE AADL to perform lower-level ones, down to the implementation. The paper shares an experience on the seamless use of SysML and the AADL to model, validate/verify and implement a flight management system
Evaluating the Stream Control Transmission Protocol Using Uppaal
The Stream Control Transmission Protocol (SCTP) is a Transport Layer protocol
that has been proposed as an alternative to the Transmission Control Protocol
(TCP) for the Internet of Things (IoT). SCTP, with its four-way handshake
mechanism, claims to protect the Server from a Denial-of-Service (DoS) attack
by ensuring the legitimacy of the Client, which has been a known issue
pertaining to the three-way handshake of TCP. This paper compares the
handshakes of TCP and SCTP to discuss its shortcomings and strengths. We
present an Uppaal model of the TCP three-way handshake and SCTP four-way
handshake and show that SCTP is able to cope with the presence of an
Illegitimate Client, while TCP fails. The results confirm that SCTP is better
equipped to deal with this type of attack.Comment: In Proceedings MARS 2017, arXiv:1703.0581
Formal Modeling of Connectionism using Concurrency Theory, an Approach Based on Automata and Model Checking
This paper illustrates a framework for applying formal methods techniques, which are symbolic in nature, to specifying and verifying neural networks, which are sub-symbolic in nature. The paper describes a communicating automata [Bowman & Gomez, 2006] model of neural networks. We also implement the model using timed automata [Alur & Dill, 1994] and then undertake a verification of these models using the model checker Uppaal [Pettersson, 2000] in order to evaluate the performance of learning algorithms. This paper also presents discussion of a number of broad issues concerning cognitive neuroscience and the debate as to whether symbolic processing or connectionism is a suitable representation of cognitive systems. Additionally, the issue of integrating symbolic techniques, such as formal methods, with complex neural networks is discussed. We then argue that symbolic verifications may give theoretically well-founded ways to evaluate and justify neural learning systems in the field of both theoretical research and real world applications
Constraint-Based Heuristic On-line Test Generation from Non-deterministic I/O EFSMs
We are investigating on-line model-based test generation from
non-deterministic output-observable Input/Output Extended Finite State Machine
(I/O EFSM) models of Systems Under Test (SUTs). We propose a novel
constraint-based heuristic approach (Heuristic Reactive Planning Tester (xRPT))
for on-line conformance testing non-deterministic SUTs. An indicative feature
of xRPT is the capability of making reasonable decisions for achieving the test
goals in the on-line testing process by using the results of off-line bounded
static reachability analysis based on the SUT model and test goal
specification. We present xRPT in detail and make performance comparison with
other existing search strategies and approaches on examples with varying
complexity.Comment: In Proceedings MBT 2012, arXiv:1202.582
- …