Rare event simulation for dynamic fault trees

Fault trees (FT) are a popular industrial method for reliability engineering, for which Monte Carlo simulation is an important technique to estimate common dependability metrics, such as the system reliability and availability. A severe drawback of Monte Carlo simulation is that the number of simulations required to obtain accurate estimations grows extremely large in the presence of rare events, i.e., events whose probability of occurrence is very low, which typically holds for failures in highly reliable systems. This paper presents a novel method for rare event simulation of dynamic fault trees with complex repairs that requires only a modest number of simulations, while retaining statistically justified confidence intervals. Our method exploits the importance sampling technique for rare event simulation, together with a compositional state space generation method for dynamic fault trees. We demonstrate our approach using two parameterized sets of case studies, showing that our method can handle fault trees that could not be evaluated with either existing analytical techniques, nor with standard simulation techniques

IF: an intermediate representation for SDL and its applications

We present work of a project for the improvement of a specification/validation toolbox integrating a commercial toolset ObjectGEODE and different validation tools such as the verification tool CADP and the test sequence generator TGV. The intrinsic complexity of most protocol specifications lead us to study combinations of techniques such as static analysis and abstraction together with classical model-checking techniques. Experimentation and validation of our results in this context motivated the development of an intermediate representation for SDL called IF. In IF, a system is represented as a set of timed automata communicating asynchronously through a set of buffers or by rendez-vous through a set of synchronization gates. The advantage of the use of such a program level intermediate representation is that it is easier to interface with various existing tools, such as static analysis, abstraction and compositional state space generation. Moreover, it allows to define for SDL different, but mathematically sound, notions of tim

Automatic interface generation for enumerative model checking

Explicit state model checking techniques suffer from the state explosion problem [7]. Interfaces [6, 2] can provide a partial solution to this problem by means of compositional state space reduction and can thus be applied when verifying interestingly large examples. Interface generation has till now been largely a manual process, were experts in the system or protocol to be verified describe the interface. This can lead to errors appearing in the verification process unless overheads to check the correctness of the interface are carried out. We address this issue by looking at automatic generation of interfaces, which by the very nature of their construction can be guaranteed to be correct. This report outlines preliminary experiments carried out on automatic techniques for interface generation together with their proofs of correctness.peer-reviewe

Model-checking Synthesizable SystemVerilog Descriptions of Asynchronous Circuits

International audienceAsynchronous circuits have key advantages in terms of low energy consumption, robustness, and security. However , the absence of a global clock makes the design prone to deadlock, livelock, synchronization, and resource-sharing errors. Formal verification is thus essential for designing such circuits, but it is not widespread enough, as many hardware designers are not familiar with it and few verification tools can cope with asyn-chrony on complex designs. This paper suggests how an industrial design flow for asynchronous circuits, based upon the standard HDL SystemVerilog, can be supplemented with formal verification capabilities rooted in concurrency theory and model-checking technology. We demonstrate the practicality of our approach on an industrial asynchronous circuit (4000 lines of SystemVerilog) implementing a memory protection unit

Computer-aided verification : how to trust a machine with your life

Mathematical predictive analysis of the behaviour of circuits and computer pro- grams is a core problem in computer science. Research in formal verification and semantics of programming languages has been an active field for a number of decades, but it was only through techniques developed over these past twenty years that they have been scaled up to work on non-trivial case-studies. This report gives an overview of a number of computer- aided formal verification areas I have been working on over these past couple of years in such a way to be accessible to computer scientists in other disciplines. Brief mention is made of problems in these areas I am actively working on. It does not purport to be an overview of the whole field of computer-aided formal verification or a detailed technical account of my research.peer-reviewe

Modular µ-calculus model-checking with formula-dependent hierarchical abstractions

International audienceThis paper defines a formal framework for the modular and hierarchical model-checking of µ-calculus against modular transitions systems. Given a formula ϕ, a module can be analysed alone, in such a way that the truth value of ϕ may be decided without the need to analyse other modules. If no conclusion can be drawn locally, the analysis provides information allowing to reduce the module to a smaller one that is equivalent with respect to the truth value of ϕ. This way, modules can be incrementally analysed, reduced and composed to other reduced modules until a conclusion is reached. On the one hand, modular analysis allows to avoid modules compositions and thus the corresponding combinatorial explosion; on the other hand, hierarchical analysis allows to reduce the modules that must be composed, which limits combinatorial explosion. Moreover, by proposing three complementary formula-dependent reductions, we expect better reductions than general approaches like bisimulation or τ * reductions. The current paper is focused on defining the theoretical tools for this approach; finding interesting strategies to apply them efficiently is left to future work

Calculating τ-confluence compositionally

τ-confluence is a reduction technique used in enumerative model-checking of labeled transition systems to avoid the state explosion problem. In this paper, we propose a new on-the-fly algorithm to calculate partial τ-confluence, and propose new techniques to do so on large systems in a compositional manner. Using information inherent in the way a large system is composed of smaller systems, we show how we can deduce partial τ-confluence in a computationally cheap manner. Finally, these techniques are applied to a number of case studies, including the rel/REL atomic multicast protocol.peer-reviewe

Automatic interface generation for compositional verification

Compositional verification, the incremental generation and composition of the state graphs of individual processes to produce the global state graph, tries to address the state explosion problem for systems of communicating processes. The main problem with this approach is that intermediate state graphs are sometimes larger than the overall global system. To overcome this problem, interfaces, and refined interfaces, which take into account a system’s environment have been developed. The number of states of these interfaces plays a vital role in their applicability in terms of computational complexity, which is proportional to the number of states in the interface. The direct use of complete subcomponents of the global system as interfaces, thus usually fails, and it is up to the system designer to describe smaller interfaces to be used in the reduction. To avoid having to verify the correctness of such manually generated interfaces, we propose automatic techniques to generate correct interfaces. The challenge is to produce interfaces small in size, yet effective for reduction. In this paper, we present techniques to structurally produce language over-approximations of labelled transition systems which can be used as correct interfaces, and combine them with refined interfaces. The techniques are applied to a number of case-studies, analysing the trade-off between interface size and effectiveness.peer-reviewe

CADP: A Toolbox for the Construction and Analysis of Distributed Processes

International audienceAsynchronous concurrency is becoming increasingly present in a large spectrum of systems, spanning from the level of systems- and networks-on-chip, over multi-processor architectures, up to the level of grid and cloud computing. Due to the intrinsic complexity of asynchronous concurrency, the correct design of such systems is notoriously difficult, requiring the support of formal methods and verification tools. CADP (Construction and Analysis of Distributed Processes) is a toolbox for the design, functional verification, and performance evaluation of asynchronous concurrent systems. Currently, CADP consists of about fifty interconnected tools and software libraries. The toolbox is distributed free of charge to academia and public research institutes, and is already used by more than 440 research institutions and companies worldwide in many application domains. Given the increasing number of systems featuring asynchronous concurrency, CADP could be used still more widely in research, industry, and education (in particular for teaching the concepts of concurrency theory). This tutorial presents the architecture and main functionalities of CADP, with a twofold objective. On the one hand, the tutorial illustrates the application of CADP to the modeling, functional verification, and performance evaluation. On the other hand, the tutorial presents various input languages accepted as input by CADP, together with software libraries that enable users to develop their own analysis tools. The well-known, but fundamental problem of mutual exclusion will serve as support to illustrate the principal functionalities of CADP: formal modeling of protocols, compositional state space generation, graph visualization, interactive step-by-step simulation, formulation and verification of temporal logic properties, as well as performance evaluation by compositional insertion of latency constraints and transformation into interactive Markov chains