Quantitative Verification: Formal Guarantees for Timeliness, Reliability and Performance

Computerised systems appear in almost all aspects of our daily lives, often in safety-critical scenarios such as embedded control systems in cars and aircraft or medical devices such as pacemakers and sensors. We are thus increasingly reliant on these systems working correctly, despite often operating in unpredictable or unreliable environments. Designers of such devices need ways to guarantee that they will operate in a reliable and efficient manner. Quantitative verification is a technique for analysing quantitative aspects of a system's design, such as timeliness, reliability or performance. It applies formal methods, based on a rigorous analysis of a mathematical model of the system, to automatically prove certain precisely specified properties, e.g. ``the airbag will always deploy within 20 milliseconds after a crash'' or ``the probability of both sensors failing simultaneously is less than 0.001''. The ability to formally guarantee quantitative properties of this kind is beneficial across a wide range of application domains. For example, in safety-critical systems, it may be essential to establish credible bounds on the probability with which certain failures or combinations of failures can occur. In embedded control systems, it is often important to comply with strict constraints on timing or resources. More generally, being able to derive guarantees on precisely specified levels of performance or efficiency is a valuable tool in the design of, for example, wireless networking protocols, robotic systems or power management algorithms, to name but a few. This report gives a short introduction to quantitative verification, focusing in particular on a widely used technique called model checking, and its generalisation to the analysis of quantitative aspects of a system such as timing, probabilistic behaviour or resource usage. The intended audience is industrial designers and developers of systems such as those highlighted above who could benefit from the application of quantitative verification,but lack expertise in formal verification or modelling

Reo + mCRL2: A Framework for Model-checking Dataflow in Service Compositions

The paradigm of service-oriented computing revolutionized the field of software engineering. According to this paradigm, new systems are composed of existing stand-alone services to support complex cross-organizational business processes. Correct communication of these services is not possible without a proper coordination mechanism. The Reo coordination language is a channel-based modeling language that introduces various types of channels and their composition rules. By composing Reo channels, one can specify Reo connectors that realize arbitrary complex behavioral protocols. Several formalisms have been introduced to give semantics to Reo. In their most basic form, they reflect service synchronization and dataflow constraints imposed by connectors. To ensure that the composed system behaves as intended, we need a wide range of automated verification tools to assist service composition designers. In this paper, we present our framework for the verification of Reo using the toolset. We unify our previous work on mapping various semantic models for Reo, namely, constraint automata, timed constraint automata, coloring semantics and the newly developed action constraint automata, to the process algebraic specification language of , address the correctness of this mapping, discuss tool support, and present a detailed example that illustrates the use of Reo empowered with for the analysis of dataflow in service-based process models

Reo + mCRL2: A Framework for Model-Checking Dataflow in Service Compositions

The paradigm of service-oriented computing revolutionized the field of software engineering. According to this paradigm, new systems are composed of existing stand-alone services to support complex cross-organizational business processes. Correct communication of these services is not possible without a proper coordination mechanism. The Reo coordination language is a channel-based modeling language that introduces various types of channels and their composition rules. By composing Reo channels, one can specify Reo connectors that realize arbitrary complex behavioral protocols. Several formalisms have been introduced to give semantics to Reo. In their most basic form, they reflect service synchronization and dataflow constraints imposed by connectors. To ensure that the composed system behaves as intended, we need a wide range of automated verification tools to assist service composition designers. In this paper, we present our framework for the verification of Reo using the mCRL2 toolset. We unify our previous work on mapping various semantic models for Reo, namely, constraint automata, timed constraint automata, coloring semantics and the newly developed action constraint automata, to the process algebraic specification language of mCRL2, address the correctness of this mapping, discuss tool support, and present a detailed example that illustrates the use of Reo empowered with mCRL2 for the analysis of dataflow in service-based process models

Influence of different abstractions on the performance analysis of distributed hard real-time systems

System level performance analysis plays a fundamental role in the design process of hard real-time embedded systems. Several different approaches have been presented so far to address the problem of accurate performance analysis of distributed embedded systems in early design stages. The existing formal analysis methods are based on essentially different concepts of abstraction. However, the influence of these different models on the accuracy of the system analysis is widely unknown, as a direct comparison of performance analysis methods has not been considered so far. We define a set of benchmarks aimed at the evaluation of performance analysis techniques for distributed systems. We apply different analysis methods to the benchmarks and compare the results obtained in terms of accuracy and analysis times, highlighting the specific effects of the various abstractions. We also point out several pitfalls for the analysis accuracy of single approaches and investigate the reasons for pessimistic performance prediction

Contract Aware Components, 10 years after

The notion of contract aware components has been published roughly ten years ago and is now becoming mainstream in several fields where the usage of software components is seen as critical. The goal of this paper is to survey domains such as Embedded Systems or Service Oriented Architecture where the notion of contract aware components has been influential. For each of these domains we briefly describe what has been done with this idea and we discuss the remaining challenges.Comment: In Proceedings WCSI 2010, arXiv:1010.233

A virtual factory for smart city service integration

Tese de Doutoramento em Informática (MAP-i)In the context of smart cities, governments are investing efforts on creating public value through the development of digital public services (DPS) focusing on specific policy areas, such as transport. Main motivations to deliver DPS include reducing administrative burdens and costs, increasing effectiveness and efficiency of government processes, and improving citizens’ quality of life through enhanced services and simplified interactions with governments. To ensure effective planning and design of DPS in a given domain, governments face several challenges, like the need of specialized tools to facilitate the effective planning and the rapid development of DPS, as well as, tools for service integration, affording high development costs, and ensuring DPS conform with laws and regulations. These challenges are exacerbated by the fact that many public administrations develop tailored DPS, disregarding the fact that services share common functionality and business processes. To address the above challenges, this thesis focuses on leveraging the similarities of DPS and on applying a Software Product Line (SPL) approach combined with formal methods techniques for specifying service models and verifying their behavioural properties. In particular, the proposed solution introduces the concept of a virtual factory for the planning and rapid development of DPS in a given smart city domain. The virtual factory comprises a framework including software tools, guidelines, practices, models, and other artefacts to assist engineers to automate and make more efficient the development of a family of DPS. In this work the virtual factory is populated with tools for government officials and software developers to plan and design smart mobility services, and to rapidly model DPS relying on SPLs and components-base development techniques. Specific contributions of the thesis include: 1) the concept of virtual factory; 2) a taxonomy for planning and designing smart mobility services; 3) an ontology to fix a common vocabulary for a specific family of DPS; 4) a compositional formalism to model SPLs, to serve as a specification language for DPS; and 5) a variable semantics for a coordination language to simplify coordination of services in the context of SPLs.No contexto das cidades inteligentes, os governos investem esforços na criação de valor público através do desenvolvimento de serviços públicos digitais (DPS), concentrandose em áreas políticas específicas, como os transportes. As principais motivações para entregar o DPS incluem a redução de custos administrativos, o aumento da eficácia dos processos do governo e a melhoria da qualidade de vida dos cidadãos através de serviços melhorados e interações simplificadas com os governos. Para garantir um planeamento efetivo do DPS num determinado domínio, os governos enfrentam vários desafios, como a necessidade de ferramentas especializadas para facilitar o planeamento eficaz e o rápido desenvolvimento do DPS, bem como ferramentas para integração de DPS, reduzindo altos custos de desenvolvimento e garantindo que os DPS estejam em conformidade com as leis e regulamentos. Esses desafios são exacerbados pelo fato de que muitas administrações públicas desenvolvem o DPS sob medida, desconsiderando o fato de que os serviços compartilham funcionalidade e processos de negócios comuns. Para enfrentar os desafios, esta tese concentra-se em aproveitar as semelhanças dos DPS aplicando uma abordagem de Software Product Lines (SPL) combinada com métodos formais para especificar modelos de DPS e verificar propriedades. Em particular, introduz o conceito de uma fábrica virtual (VF) para o planeamento e desenvolvimento rápido de DPS num domínio de cidade inteligente. A VF compreende ferramentas de software, diretrizes, modelos e outros artefatos para auxiliar os engenheiros a automatizar e tornar mais eficiente o desenvolvimento de uma família de DPS. Neste trabalho, a VF é preenchida com ferramentas para várias partes para planear e projetar serviços de mobilidade inteligente (MI), e modelar rapidamente o DPS com base em SPLs e técnicas de desenvolvimento baseadas em componentes. Contribuições específicas da tese incluem: 1) o conceito de VF; 2) uma taxonomia para planear serviços de MI; 3) uma ontologia para fixar um vocabulário comum para uma família específica de DPS; 4) um formalismo composicional para modelar SPLs, e servir como uma linguagem de especificação para DPS; e 5) uma semântica variável para uma linguagem de coordenação para simplificar a coordenação.This work was funded by FCT – Foundation for Science and Technology, the Portuguese Ministry of Science, Technology and Higher Education, through the Operational Programme for Human Capital (POCH). Grant reference: PD/BD/52238/201

Temporal Reasoning Through Automatic Translation of tock-CSP into Timed Automata

In this work, we present an approach for automatic translation of tock-CSP into Timed Automata (TA) for Uppaal to facilitate using Uppaal in reasoning about temporal specifications of tock-CSP models. The process algebra tock-CSP provides textual notations for modelling discrete-time behaviours, with the support of tools for automatic verification. Automatic verification of TA with a graphical notation is supported by Uppaal. The two approaches provide facilities for automatic verification. For instance, liveness requirements are difficult to specify with the constructs of tock-CSP, but they are easy to specify and verify in Uppaal. We have developed a translation technique and a tool based for translating tock-CSP into a network of small TAs for capturing the compositional structure of tock-CSP. For validating the rules, we begin with an experimental approach based on finite approximations to trace sets. Then, we explore using structural induction to establish the correctness