Pruning, Pushdown Exception-Flow Analysis

Statically reasoning in the presence of exceptions and about the effects of exceptions is challenging: exception-flows are mutually determined by traditional control-flow and points-to analyses. We tackle the challenge of analyzing exception-flows from two angles. First, from the angle of pruning control-flows (both normal and exceptional), we derive a pushdown framework for an object-oriented language with full-featured exceptions. Unlike traditional analyses, it allows precise matching of throwers to catchers. Second, from the angle of pruning points-to information, we generalize abstract garbage collection to object-oriented programs and enhance it with liveness analysis. We then seamlessly weave the techniques into enhanced reachability computation, yielding highly precise exception-flow analysis, without becoming intractable, even for large applications. We evaluate our pruned, pushdown exception-flow analysis, comparing it with an established analysis on large scale standard Java benchmarks. The results show that our analysis significantly improves analysis precision over traditional analysis within a reasonable analysis time.Comment: 14th IEEE International Working Conference on Source Code Analysis and Manipulatio

Simulation of dynamic systems with uncertain parameters

This dissertation describes numerical methods for representation and simulation of dynamic systems with time invariant uncertain parameters. Simulation is defined as computing a boundary of the system response that contains all the possible behaviors of an uncertain system. This problem features many challenges, especially those associated with minimizing the computational cost due to global optimization. To reduce computational cost, an approximation or surrogate of the original system model is constructed by employing Moving Least Square (MLS) Response Surface Method for non-convex global optimization. For more complicated systems, a gradient enhanced moving least square (GEMLS) response surface is used to construct the surrogate model more accurately and efficiently. This method takes advantage of the fact that parametric sensitivity of an ODE system can be calculated as a by-product with less computational cost when solving the original system. Furthermore, global sensitivity analysis for monotonic testing can be introduced in some cases to further reduce the number of samples. The proposed method has been applied to two engineering applications. The first is hybrid system verification by reachable set computing/approximation. First, the computational burden of using polyhedron for reachable set approximation is reviewed. It is then proven that the boundary of a reachable set is formed only by the trajectories from the boundary of an initial state region. This result reduces the search space from R n to R n−1 . Finally, the GEMLS method proposed is integrated with oriented rectangular hull for reachable set representation and an approximation with improved accuracy and efficiency can be achieved. Another engineering application is model-based fault detection. In this case, a fault free system is modeled as a parametric uncertain system whose parameters belong to a given bounded set. The performance boundary of a fault free system can be acquired by using the proposed approach and then employed as an adaptive threshold. A fault is defined when system parameters do not belong to the set due to malfunction or degradation. Once such a fault occurs, the monitored system performance will extend beyond the normal system boundary predicted.Mechanical Engineerin

Interaction in Concurrent Systems

This dissertation is concerned with the theoretical analysis of component-based models for concurrent systems. We focus on interaction systems, which were introduced by Sifakis et al. in 2003. Centered around interaction systems, we also cover Minsky machines, Petri nets and the Linda calculus and establish relations between the models by giving translations from one to the other. Thus, we gain an insight concerning the expressiveness of the models and learn, given a system described in one syntax, how to simulate it in another. Additionally, these translations allow us to deduce complexity and undecidability results. Namely, we show that the questions whether a LinCa process terminates or diverges under a maximum progress semantics are undecidable. We also prove that the problems of reachability, progress, local and global deadlock and availability are PSPACE-complete in interaction systems. This complexity-theoretic classification serves as a motivation for the sufficient condition approach that is presented in the second half of this work: We present a generic approach to prove properties for component-based systems that allow for decomposition into subsystems. To avoid the problem of state space explosion, we consider overlapping projections and thus compute over-approximations of the reachable global state space. We enhance the quality of these over-approximations by a technique we call Cross-Checking. Based on the enhanced over-approximations, we may then prove properties of the global system in polynomial time. We demonstrate our ideas by means of interaction systems and for the property of local deadlock

Formale Verifikationsmethodiken für nichtlineare analoge Schaltungen

The objective of this thesis is to develop new methodologies for formal verification of nonlinear analog circuits. Therefore, new approaches to discrete modeling of analog circuits, specification of analog circuit properties and formal verification algorithms are introduced. Formal approaches to verification of analog circuits are not yet introduced into industrial design flows and still subject to research. Formal verification proves specification conformance for all possible input conditions and all possible internal states of a circuit. Automatically proving that a model of the circuit satisfies a declarative machine-readable property specification is referred to as model checking. Equivalence checking proves the equivalence of two circuit implementations. Starting from the state of the art in modeling analog circuits for simulation-based verification, discrete modeling of analog circuits for state space-based formal verification methodologies is motivated in this thesis. In order to improve the discrete modeling of analog circuits, a new trajectory-directed partitioning algorithm was developed in the scope of this thesis. This new approach determines the partitioning of the state space parallel or orthogonal to the trajectories of the state space dynamics. Therewith, a high accuracy of the successor relation is achieved in combination with a lower number of states necessary for a discrete model of equal accuracy compared to the state-of-the-art hyperbox-approach. The mapping of the partitioning to a discrete analog transition structure (DATS) enables the application of formal verification algorithms. By analyzing digital specification concepts and the existing approaches to analog property specification, the requirements for a new specification language for analog properties have been discussed in this thesis. On the one hand, it shall meet the requirements for formal specification of verification approaches applied to DATS models. On the other hand, the language syntax shall be oriented on natural language phrases. By synthesis of these requirements, the analog specification language (ASL) was developed in the scope of this thesis. The verification algorithms for model checking, that were developed in combination with ASL for application to DATS models generated with the new trajectory-directed approach, offer a significant enhancement compared to the state of the art. In order to prepare a transition of signal-based to state space-based verification methodologies, an approach to transfer transient simulation results from non-formal test bench simulation flows into a partial state space representation in form of a DATS has been developed in the scope of this thesis. As has been demonstrated by examples, the same ASL specification that was developed for formal model checking on complete discrete models could be evaluated without modifications on transient simulation waveforms. An approach to counterexample generation for the formal ASL model checking methodology offers to generate transition sequences from a defined starting state to a specification-violating state for inspection in transient simulation environments. Based on this counterexample generation, a new formal verification methodology using complete state space-covering input stimuli was developed. By conducting a transient simulation with these complete state space-covering input stimuli, the circuit adopts every state and transition that were visited during stimulus generation. An alternative formal verification methodology is given by retransferring the transient simulation responses to a DATS model and by applying the ASL verification algorithms in combination with an ASL property specification. Moreover, the complete state space-covering input stimuli can be applied to develop a formal equivalence checking methodology. Therewith, the equivalence of two implementations can be proven for every inner state of both systems by comparing the transient simulation responses to the complete-coverage stimuli of both circuits. In order to visually inspect the results of the newly introduced verification methodologies, an approach to dynamic state space visualization using multi-parallel particle simulation was developed. Due to the particles being randomly distributed over the complete state space and moving corresponding to the state space dynamics, another perspective to the system's behavior is provided that covers the state space and hence offers formal results. The prototypic implementations of the formal verification methodologies developed in the scope of this thesis have been applied to several example circuits. The acquired results for the new approaches to discrete modeling, specification and verification algorithms all demonstrate the capability of the new verification methodologies to be applied to complex circuit blocks and their properties.Gegenstand dieser Dissertation ist die Entwicklung neuer Methodiken zur formalen Verifikation nichtlinearer analoger elektronischer Schaltungen. Dazu werden im Rahmen dieser Arbeit entstandene neue Ansätze in den Bereichen verifikationsgerechte diskrete Modellierung analoger Schaltungen, Spezifikation analoger Schaltungseigenschaften und formale Verifikationsalgorithmen vorgestellt. Ausgehend vom Stand der Technik der Modellierung analoger Schaltungen für die simulationsbasierte Verifikation wird im Rahmen dieser Arbeit die diskrete Modellierung analoger Schaltungen für zustandsraumbasierte formale Verifikationsverfahren betrachtet. Dazu wurde ein neuer Ansatz zur diskreten Modellierung entwickelt, der die Aufteilungsstruktur anhand der Trajektorien der Vektorfelddynamik bestimmt. So wird eine hohe Genauigkeit der Nachfolgerrelation ermöglicht, woraus eine niedrigere Zahl an Zuständen für ein diskretes Modell gleicher Genauigkeit im Vergleich mit dem bisherigen Stand der Technik folgt. Die Abbildung der Trajektorien-gesteuerten Partitionierung auf eine diskrete analoge Transitionsstruktur (DATS) erlaubt die Anwendung von formalen Verifikationsalgorithmen. Die formale Spezifikation von Eigenschaften in ersten Ansätzen zum Model Checking analoger Schaltungen hat sich stark an den bestehenden temporallogischen Verfahren aus dem Bereich digitaler Hardware orientiert. Ausgehend von einer Analyse digitaler Spezifikationskonzepte und der bestehenden Ansätze für analoge Eigenschaften wurden Anforderungen an eine neue Spezifikationssprache in dieser Arbeit abgeleitet. Die aus diesen Anforderungen im Rahmen dieser Arbeit entwickelte analoge Spezifikationssprache "Analog Specification Language" (ASL) basiert auf einer natürlichsprachlichen Kapselung temporallogischer Operationen, die mit erweiterten Algorithmen zur Transitionspfadbestimmung, Durchführung von Berechnungen auf Zustandsparametern und Oszillationsbestimmung eine hohe Ausdrucksstärke analoger Eigenschaften mit einer anwenderfreundlichen Syntax kombinieren konnte. Die zusammen mit ASL entwickelten Model Checking-Verifikationsalgorithmen zur Auswertung von ASL-Spezifikationen auf einem mit dem Trajektorien-gesteuerten Diskretisierungsverfahren erzeugten DATS-Modell bilden eine wesentliche Erweiterung zum Stand der Technik. Um einen Übergang der Verifikation von signalbasierten zu zustandsraumbasierten Methodiken zu ermöglichen, wurde im Rahmen dieser Arbeit ein Ansatz entwickelt, der die Übertragung von transienten Simulationsergebnissen aus nicht-formalen Testbench-Simulationsumgebungen in eine partielle DATS-Zustandsraumdarstellung ermöglicht. Damit kann, wie anhand von Beispielen gezeigt werden konnte, die gleiche ASL-Spezifikation für Eigenschaften eines vollständigen diskreten Modells ohne Modifikation auch auf Simulationsergebnissen ausgewertet werden. Ein für das formale ASL-basierte Model Checking entwickelter Ansatz zur Erzeugung von Gegenbeispielen für als spezifikationsverletzend identifizierte Zustandsraumgebiete erlaubt es, Transitionsfolgen von einem definierten Startzustand zu einem spezifikationsverletzenden Zustand zu ermitteln. Auf Basis dieses Gegenbeispiel-Verfahrens wurde eine neue formale Eigenschaftsverifikationsmethodik mittels vollständig den Zustandsraum einer Schaltung abdeckenden Eingangsstimuli entwickelt. Die vollständig den Zustandsraum abdeckenden Eingangsstimuli bieten noch eine weitere Anwendungsmöglichkeit im Bereich des Äquivalenzvergleichs. Die im Rahmen dieser Arbeit entwickelte Methodik zum formalen Äquivalenzvergleich auf Basis der vollständig den Zustandsraum abdeckenden Eingangsstimuli ersetzt die anwenderdefinierten Eingangsstimuli durch die vollständig den Zustandsraum abdeckenden. So kann die Äquivalenz für jeden möglichen Zustand der zu vergleichenden Implementierungen anhand eines automatisierten Vergleichs der Simulationsergebnisse beider Implementierungen gezeigt werden. Um die Ergebnisse der neu eingeführten formalen Verifikationsmethodiken visuell zu untersuchen wurde ein Verfahren entwickelt, das den Zustandsraum und seine Dynamik mittels eines Partikel-Simulationsansatzes visualisiert. Da die Partikel über den gesamten Zustandsraum randomisiert verteilt werden und sich dann gemäß der Vektorfelddynamik fortbewegen, kann auch hier ein Einblick in das Systemverhalten gewonnen werden, der eine weitestgehend vollständige und somit formale Repräsentation des Zustandsraums bietet. Die prototypische Implementierung der im Rahmen dieser Arbeit entwickelten formalen Verifikationsmethodiken wurde auf zahlreiche Beispielschaltungen angewendet. Die Ergebnisse für die neuen Ansätze zur diskreten Modellierung, zur Spezifikation und zu Verifikationsalgorithmen analoger Schaltungen zeigen, dass die aus diesen Ansätzen erzeugten Verifikationsmethodiken erfolgreich auf komplexe Zustandsraumstrukturen angewendet werden können

Model Checking Spatial Logics for Closure Spaces

Spatial aspects of computation are becoming increasingly relevant in Computer Science, especially in the field of collective adaptive systems and when dealing with systems distributed in physical space. Traditional formal verification techniques are well suited to analyse the temporal evolution of programs; however, properties of space are typically not taken into account explicitly. We present a topology-based approach to formal verification of spatial properties depending upon physical space. We define an appropriate logic, stemming from the tradition of topological interpretations of modal logics, dating back to earlier logicians such as Tarski, where modalities describe neighbourhood. We lift the topological definitions to the more general setting of closure spaces, also encompassing discrete, graph-based structures. We extend the framework with a spatial surrounded operator, a propagation operator and with some collective operators. The latter are interpreted over arbitrary sets of points instead of individual points in space. We define efficient model checking procedures, both for the individual and the collective spatial fragments of the logic and provide a proof-of-concept tool

Modeling and Analyzing Cyber-Physical Systems Using Hybrid Predicate Transition Nets

Cyber-Physical Systems (CPSs) are software controlled physical devices that are being used everywhere from utility features in household devices to safety-critical features in cars, trains, aircraft, robots, smart healthcare devices. CPSs have complex hybrid behaviors combining discrete states and continuous states capturing physical laws. Developing reliable CPSs are extremely difficult. Formal modeling methods are especially useful for abstracting and understanding complex systems and detecting and preventing early system design problems. To ensure the dependability of formal models, various analysis techniques, including simulation and reachability analysis, have been proposed in recent decades. This thesis aims to provide a unified formal modeling and analysis methodology for studying CPSs. Firstly, this thesis contributes to the modeling and analysis of discrete, continuous, and hybrid systems. This work enhances modeling of discrete systems using predicate transition nets (PrTNs) by fully realizing the underlying specification through incorporating the first-order logic with set theory, improving the type system, and providing incremental model composition. This work enhances the technique of analyzing discrete systems using PrTN by improving the simulation algorithm and its efficient implementation. This work also improves the analysis of discrete systems using SPIN by providing a more accurate and complete translation method. Secondly, this work contributes to the modeling and analysis of hybrid systems by proposing an extension of PrTNs, hybrid predicate transition nets (HPrTNs). The proposed method incorporates a novel concept of token evolution, which nicely addresses the continuous state evolution and the conflicts present in other related works. This work presents a powerful simulation capability that can handle linear, non-linear dynamics, transcendental functions through differential equations. This work also provides a complementary technique for reachability analysis through the translation of HPrTN models for analysis using SpaceEx

Quality and Quantity in Robustness-Checking Using Formal Techniques

Fault tolerance is one of the main challenges for future technology scaling to tolerate transient faults. Various techniques at design level are available to catch and handle transient faults, e.g., Triple Modular Redundancy. An important but missing step is to verify the implementation of those techniques since the implementation might be buggy itself. The thesis is focusing on formally verifying digital circuits with respect to fault-tolerant aspects. It considers transient faults and basically checks whether these faults can influence the output behavior of sequential circuits for any kind of scenarios. As a result the designer is pin-pointed directly to critical parts of the design and gets a prove about the absence of faulty behavior for non-critical parts. The focus of the verification is completeness with respect to the analysis. Three issues need to be adequately addressed: 1) cover all input stimuli, 2) all possible transient faults, and, 3) all possibly exponential long (wrt. to number of state bits) propagation paths. All three issues are addressed in different engines. A tool called RobuCheck has been implemented and evaluated on different academic benchmarks from ITC'99 and industrial benchmarks from IBM

Complexity Results for Reachability in Cooperating Systems and Approximated Reachability by Abstract Over-Approximations

This work deals with theoretic aspects of cooperating systems, i.e., systems that consists of cooperating subsystems. Our main focus lies on the complexity theoretic classification of deciding the reachability problem and on efficiently establishing deadlock-freedom in models of cooperating systems. The formal verification of system properties is an active field of research, first attempts of which go back to the late 60's. The behavior of cooperating systems suffers from the state space explosion problem and can become very large. This is, techniques that are based on an analysis of the reachable state space have a runtime exponential in the number of subsystems. The consequence is that even modern techniques that decide whether or not a system property holds in a system can become unfeasible. We use interaction systems, introduced by Sifakis et al. in 2003, as a formalism to model cooperating systems. The reachability problem and deciding deadlock-freedom in interaction systems was proved to be PSPACE-complete. An approach to deal with this issue is to investigate subclasses of systems in which these problems can be treated efficiently. We show here that the reachability problem remains PSPACE-complete in subclasses of interaction systems with a restricted communication structure. We consider structures that from trees, stars and linear arrangements of subsystems. Our result motivates the research of techniques that treat the reachability problem in these subclasses based on sufficient conditions which exploit characteristics of the structural restrictions. In a second part of this work we investigate an approach to efficiently establish the reachability of states and deadlock-freedom in general interaction systems. We introduce abstract over-approximations -- a concept of compact representations of over-approximations of the reachable behavior of interaction systems. Families of abstract over-approximations are the basis for our approach to establish deadlock-freedom in interaction systems in polynomial time in the size of the underlying interaction system. We introduce an operator called Edge-Match for refining abstract over-approximations. The strength of our approach is illustrated on various parametrized instances of interaction systems. Furthermore, we establish a link between our refinement approach and the field of relational database theory and use this link in order to make a preciseness statement about our refinement approach