15,391 research outputs found
Compositional Verification for Object-Z
This paper presents a framework for compositional verification of Object-Z specifications. Its key feature is a proof rule based on decomposition of hierarchical Object-Z models. For each component in the hierarchy local properties are proven in a single proof step. However, we do not consider components in isolation. Instead, components are envisaged in the context of the referencing super-component and proof steps involve assumptions on properties of the sub-components. The framework is defined for linear temporal logic (LTL)
A Compositional Approach for Schedulability Analysis of Distributed Avionics Systems
This work presents a compositional approach for schedulability analysis of
Distributed Integrated Modular Avionics (DIMA) systems that consist of
spatially distributed ARINC-653 modules connected by a unified AFDX network. We
model a DIMA system as a set of stopwatch automata in UPPAAL to verify its
schedulability by model checking. However, direct model checking is infeasible
due to the large state space. Therefore, we introduce the compositional
analysis that checks each partition including its communication environment
individually. Based on a notion of message interfaces, a number of message
sender automata are built to model the environment for a partition. We define a
timed selection simulation relation, which supports the construction of
composite message interfaces. By using assume-guarantee reasoning, we ensure
that each task meets the deadline and that communication constraints are also
fulfilled globally. The approach is applied to the analysis of a concrete DIMA
system.Comment: In Proceedings MeTRiD 2018, arXiv:1806.09330. arXiv admin note: text
overlap with arXiv:1803.1105
Compositional Falsification of Cyber-Physical Systems with Machine Learning Components
Cyber-physical systems (CPS), such as automotive systems, are starting to
include sophisticated machine learning (ML) components. Their correctness,
therefore, depends on properties of the inner ML modules. While learning
algorithms aim to generalize from examples, they are only as good as the
examples provided, and recent efforts have shown that they can produce
inconsistent output under small adversarial perturbations. This raises the
question: can the output from learning components can lead to a failure of the
entire CPS? In this work, we address this question by formulating it as a
problem of falsifying signal temporal logic (STL) specifications for CPS with
ML components. We propose a compositional falsification framework where a
temporal logic falsifier and a machine learning analyzer cooperate with the aim
of finding falsifying executions of the considered model. The efficacy of the
proposed technique is shown on an automatic emergency braking system model with
a perception component based on deep neural networks
An algorithm for weak synthesis observation equivalence for compositional supervisor synthesis
This paper proposes an algorithm to simplify automata in such a way that compositional synthesis results are preserved in every possible context. It relaxes some requirements of synthesis observation equivalence from previous work, so that better abstractions can be obtained. The paper describes the algorithm, adapted from known bisimulation equivalence algorithms, for the improved abstraction method. The algorithm has been implemented in the DES software tool Supremica and has been used to compute modular supervisors for several large benchmark examples. It successfully computes modular supervisors for systems with more than 1012 reachable states
Provably Correct Control-Flow Graphs from Java Programs with Exceptions
We present an algorithm to extract flow graphs from Java bytecode, focusing on exceptional control flows. We prove its correctness, meaning that the behaviour of the extracted control-flow graph is an over-approximation of the behaviour of the original program. Thus any safety property that holds for the extracted control-flow graph also holds for the original program. This makes control-flow graphs suitable for performing different static analyses. For precision and efficiency, the extraction is performed in two phases. In the first phase the program is transformed into a BIR program, where BIR is a stack-less intermediate representation of Java bytecode; in the second phase the control-flow graph is extracted from the BIR representation. To prove the correctness of the two-phase extraction, we also define a direct extraction algorithm, whose correctness can be proven immediately. Then we show that the behaviour of the control-flow graph extracted via the intermediate representation is an over-approximation of the behaviour of the directly extracted graphs, and thus of the original program
- ā¦