223 research outputs found
A Model-Derivation Framework for Software Analysis
Model-based verification allows to express behavioral correctness conditions
like the validity of execution states, boundaries of variables or timing at a
high level of abstraction and affirm that they are satisfied by a software
system. However, this requires expressive models which are difficult and
cumbersome to create and maintain by hand. This paper presents a framework that
automatically derives behavioral models from real-sized Java programs. Our
framework builds on the EMF/ECore technology and provides a tool that creates
an initial model from Java bytecode, as well as a series of transformations
that simplify the model and eventually output a timed-automata model that can
be processed by a model checker such as UPPAAL. The framework has the following
properties: (1) consistency of models with software, (2) extensibility of the
model derivation process, (3) scalability and (4) expressiveness of models. We
report several case studies to validate how our framework satisfies these
properties.Comment: In Proceedings MARS 2017, arXiv:1703.0581
A Model-Derivation Framework for Software Analysis
Model-based verification allows to express behavioral correctness conditions
like the validity of execution states, boundaries of variables or timing at a
high level of abstraction and affirm that they are satisfied by a software
system. However, this requires expressive models which are difficult and
cumbersome to create and maintain by hand. This paper presents a framework that
automatically derives behavioral models from real-sized Java programs. Our
framework builds on the EMF/ECore technology and provides a tool that creates
an initial model from Java bytecode, as well as a series of transformations
that simplify the model and eventually output a timed-automata model that can
be processed by a model checker such as UPPAAL. The framework has the following
properties: (1) consistency of models with software, (2) extensibility of the
model derivation process, (3) scalability and (4) expressiveness of models. We
report several case studies to validate how our framework satisfies these
properties.Comment: In Proceedings MARS 2017, arXiv:1703.0581
A Forward Reachability Algorithm for Bounded Timed-Arc Petri Nets
Timed-arc Petri nets (TAPN) are a well-known time extension of the Petri net
model and several translations to networks of timed automata have been proposed
for this model. We present a direct, DBM-based algorithm for forward
reachability analysis of bounded TAPNs extended with transport arcs, inhibitor
arcs and age invariants. We also give a complete proof of its correctness,
including reduction techniques based on symmetries and extrapolation. Finally,
we augment the algorithm with a novel state-space reduction technique
introducing a monotonic ordering on markings and prove its soundness even in
the presence of monotonicity-breaking features like age invariants and
inhibitor arcs. We implement the algorithm within the model-checker TAPAAL and
the experimental results document an encouraging performance compared to
verification approaches that translate TAPN models to UPPAAL timed automata.Comment: In Proceedings SSV 2012, arXiv:1211.587
Modelling and Simulation of Asynchronous Real-Time Systems using Timed Rebeca
In this paper we propose an extension of the Rebeca language that can be used
to model distributed and asynchronous systems with timing constraints. We
provide the formal semantics of the language using Structural Operational
Semantics, and show its expressiveness by means of examples. We developed a
tool for automated translation from timed Rebeca to the Erlang language, which
provides a first implementation of timed Rebeca. We can use the tool to set the
parameters of timed Rebeca models, which represent the environment and
component variables, and use McErlang to run multiple simulations for different
settings. Timed Rebeca restricts the modeller to a pure asynchronous
actor-based paradigm, where the structure of the model represents the service
oriented architecture, while the computational model matches the network
infrastructure. Simulation is shown to be an effective analysis support,
specially where model checking faces almost immediate state explosion in an
asynchronous setting.Comment: In Proceedings FOCLASA 2011, arXiv:1107.584
Towards WCET Analysis of Multicore Architectures Using UPPAAL
To take full advantage of the increasingly used shared-memory multicore architectures, software algorithms will need to be parallelized over multiple threads. This means that threads will have to share resources (e.g. some level of cache) and communicate and synchronize with each other. There already exist software libraries (e.g. OpenMP) used to explicitly parallelize available sequential C/C++ and Fortran code, which means that parallel code could be easily obtained.
To be able to use parallel software running on multicore architectures in embedded systems with hard real-time constraints, new WCET (Worst-Case Execution Time) analysis methods and tools must be developed. This paper investigates a method based on model-checking a system of timed automata using the UPPAAL tool box. It is found that it is possible to perform WCET analysis on (small) parallel systems using UPPAAL. We also show how to model thread synchronization using spinlock-like primitives
A model-derivation framework for timing analysis of Java software Systems
One of the main challenges in developing a software system is to assure that its properties fulfill the specifications. In the context of this paper, we are especially interested in timing properties. Model-based software verification is one of the approaches to achieve this. However, model-based verification requires expressive models of software systems and deriving such models is not a trivial task. Although there are a few model derivation tool proposals for the purpose of model-checking timing properties, these are dedicated tools supporting a selected set of verification techniques and as such they are not explicitly designed for coping with new demands. This paper presents a framework that derives models from Java programs in an automated way for analyzing timing properties. The framework has the following properties that are not provided by the previous proposals: (1) Efficiency in model development, (2) consistency of models with software, (3) expressiveness of models, (4) scalability and (5) extensibility of the model derivation process
How to stop time stopping
Zeno-timelocks constitute a challenge for the formal verification of timed automata: they are difficult to detect, and the verification of most properties (e.g., safety) is only correct for timelock-free models. Some time ago, Tripakis proposed a syntactic check on the structure of timed automata: If a certain condition (called strong non-zenoness) is met by all the loops in a given automaton, then zeno-timelocks are guaranteed not to occur. Checking for strong non-zenoness is efficient, and compositional (if all components in a network of automata are strongly non-zeno, then the network is free from zeno-timelocks). Strong non-zenoness, however, is sufficient-only: There exist non-zeno specifications which are not strongly non-zeno. A TCTL formula is known that represents a sufficient-and-necessary condition for non-zenoness; unfortunately, this formula requires a demanding model-checking algorithm, and not all model-checkers are able to express it. In addition, this algorithm provides only limited diagnostic information. Here we propose a number of alternative solutions. First, we show that the compositional application of strong non-zenoness can be weakened: Some networks can be guaranteed to be free from Zeno-timelocks, even if not every component is strongly non-zeno. Secondly, we present new syntactic, sufficient-only conditions that complement strong non-zenoness. Finally, we describe a sufficient-and-necessary condition that only requires a simple form of reachability analysis. Furthermore, our conditions identify the cause of zeno-timelocks directly on the model, in the form of unsafe loops. We also comment on a tool that we have developed, which implements the syntactic checks on Uppaal models. The tool is also able to derive, from those unsafe loops in a given automaton (in general, an Uppaal model representing a product automaton of a given network), the reachability formulas that characterise the occurrence of zeno-timelocks. A modified version of the CSMA/CD protocol is used as a case-study
An Object-Oriented Framework for Explicit-State Model Checking
This paper presents a conceptual architecture for an object-oriented framework to support the development of formal veriļ¬cation tools (i.e. model checkers). The objective of the architecture is to support the reuse of algorithms and to encourage a modular design of tools. The conceptual framework is accompanied by a C++ implementation which provides reusable algorithms for the simulation and veriļ¬cation of explicit-state models as well as a model representation for simple models based on guard-based process descriptions. The framework has been successfully used to develop a model checker for a subset of PROMELA
Optimal Scheduling Using Branch and Bound with SPIN 4.0
The use of model checkers to solve discrete optimisation problems is appealing. A model checker can first be used to verify that the model of the problem is correct. Subsequently, the same model can be used to find an optimal solution for the problem. This paper describes how to apply the new PROMELA primitives of SPIN 4.0 to search effectively for the optimal solution. We show how Branch-and-Bound techniques can be added to the LTL property that is used to find the solution. The LTL property is dynamically changed during the verification. We also show how the syntactical reordering of statements and/or processes in the PROMELA model can improve the search even further. The techniques are illustrated using two running examples: the Travelling Salesman Problem and a job-shop scheduling problem
- ā¦