47,553 research outputs found
Formal Specification and Verification for Automated Production Systems
Complex industrial control software often drives safety- and mission-critical
systems, like automated production plants or control units embedded into devices in automotive systems. Such controllers have in common that they are reactive systems, i.e., that they periodically read sensor stimuli and cyclically execute the same program to produce actuator signals.
The correctness of software for automated production is rarely verified using
formal techniques. Although, due to the Industrial Revolution 4.0 (IR4.0), the
impact and importance of software have become an important role in industrial automation.
What is used instead in industrial practice today is testing and simulation,
where individual test cases are used to validate an automated production system.
Three reasons why formal methods are not popular are: (a) It is difficult to
adequately formulate the desired temporal properties. (b) There is a lack of
specification languages for reactive systems that are both sufficiently
expressive and comprehensible for practitioners. (c) Due to the lack of an
environment model the obtained results are imprecise. Nonetheless, formal
methods for automated production systems are well studied academically---mainly on the verification of safety properties via model checking.
In this doctoral thesis we present the concept of (1) generalized test tables
(GTTs), a new specification language for functional properties, and their
extension (2) relational test tables (RTTs) for relational properties. The
concept includes the syntactical notion, designed for the intuition of
engineers, and the semantics, which are based on game theory. We use RTTs for a novel confidential property on reactive systems, the provably forgetting of information. Moreover, for regression verification, an important relational
property, we are able to achieve performance improvements by (3) creating
a decomposing rule which splits large proofs into small sub-task. We implemented the verification procedures and evaluated them against realistic case studies, e.g., the Pick-and-Place-Unit from the Technical University of Munich.
The presented contribution follows the idea of lowering the obstacle of
verifying the dependability of reactive systems in general, and automated
production systems in particular for the engineer either by introducing a new
specification language (GTTs), by exploiting existing programs for the
specification (RTTs, regression verification), or by improving the verification
performance
Generic Expression in B of the Influence/Reaction Model: Specifying and Verifying Situated Multi-Agent Systems
This paper addresses the formal specification and verification of situated multi-agent systems that can be formulated within the influence-reaction model as proposed in 1996 by Ferber & Muller. In this framework our objective is to prove the correctness of reactive multi-agent systems with respect to a certain formal specification or property, using formal methods. This is an important step to bring multi-agent systems to high quality standards as required for critical applications encountered in domains such as transport systems. A generic B writing of systems instantiating the influence reaction model is proposed, using patterns of specification. An illustration is then presented on the formal specification of a system operating electrical vehicles under precise automatic control at close spacings to form a platoon. The papers ends with considerations about further improvements of the framework, involving simulation and study of the properties of the system
Specifying in B the Influence/Reaction Model to Study Situated MAS: Application to vehicles platooning
International audienceThis paper addresses the formal specification and verification of situated Multi-Agent Systems (MAS) that can be formulated within the Influence/Reaction model as proposed in 1996 by Ferber \& Muller. In this model, our objective is to prove the correctness of reactive MAS with respect to a certain formal specification or property, using formal methods. This is an important step to bring MAS to high quality standards as required for critical applications encountered in domains such as transport systems. A generic B representation of systems instantiating the Influence/Reaction model is proposed, using patterns of specification. We illustrate our approach with a MAS to control unmanned land vehicles to form a platoon. The papers ends with considerations about further improvements of the framework, involving simulation and study of the properties of the system
Compositional Reactive Synthesis for Multi-Agent Systems
With growing complexity of systems and guarantees they are required to provide, the need for automated and formal design approaches that can guarantee safety and correctness of the designed system is becoming more evident. To this end, an ambitious goal in system design and control is to automatically synthesize the system from a high-level specification given in a formal language such as linear temporal logic. The goal of this dissertation is to investigate and develop the necessary tools and methods for automated synthesis of controllers from high-level specifications for multi-agent systems. We consider systems where a set of controlled agents react to their environment that includes other uncontrolled, dynamic and potentially adversarial agents. We are particularly interested in studying how the existing structure in systems can be exploited to achieve more efficient synthesis algorithms through compositional reasoning.
We explore three different frameworks for compositional synthesis of controllers for multi-agent systems. In the first framework, we decompose the global specification into local ones, we then refine the local specifications until they become realizable, and we show that under certain conditions, the strategies synthesized for the local specifications guarantee the satisfaction of the global specification. In the second framework, we show how parametric and reactive controllers can be specified and synthesized, and how they can be automatically composed to enforce a high-level objective. Finally, in the third framework, we focus on a special but practically useful class of multi-agent systems, and show how by taking advantage of the structure in the system and its objective we can achieve significantly better scalability and can solve problems where the centralized synthesis algorithm is infeasible
Animation and formal verification of real-time reactive systems in an object-oriented environment
Real-time reactive systems are characterized by their continuous interaction with their environment through stimulus-response behavior. The safety-critical nature of their domain and their inherent complexity advocate the use of formal methods in the software development process. TROMLAB development environment supports a process model adequate for dealing with the complexity of reactive systems. The foundation of the TROMLAB environment is the Timed Reactive Object Model (TROM), which combines object-oriented and real-time technologies. Simulation is essential in the behavioral analysis of real-time reactive systems; animation allows a visualization of the simulation process. A rigorous trace analysis of simulation scenarios provides insight into the behavior of the collaborating entities in the configuration. This supports validation of systems designed incrementally and iteratively in the software development life-cycle. Moreover, safety-critical systems need to be verified for adherence to stringent safety and liveness properties. The scope of this thesis is two-fold. We first present an animation tool supporting simulation of reactive systems described in the TROM formalism. We include formal specifications of the functionalities of the simulator in VDM specification language. We then introduce a methodology for formal verification of TROM subsystems. The novelty of the methodology lies in the formal verification approach embedded within an object-oriented framework. The simulator and the verification methodology conform respectively to the operational and logical semantics of TROMs
Synthesizing Adaptive Test Strategies from Temporal Logic Specifications
Constructing good test cases is difficult and time-consuming, especially if
the system under test is still under development and its exact behavior is not
yet fixed. We propose a new approach to compute test strategies for reactive
systems from a given temporal logic specification using formal methods. The
computed strategies are guaranteed to reveal certain simple faults in every
realization of the specification and for every behavior of the uncontrollable
part of the system's environment. The proposed approach supports different
assumptions on occurrences of faults (ranging from a single transient fault to
a persistent fault) and by default aims at unveiling the weakest one. Based on
well-established hypotheses from fault-based testing, we argue that such tests
are also sensitive for more complex bugs. Since the specification may not
define the system behavior completely, we use reactive synthesis algorithms
with partial information. The computed strategies are adaptive test strategies
that react to behavior at runtime. We work out the underlying theory of
adaptive test strategy synthesis and present experiments for a safety-critical
component of a real-world satellite system. We demonstrate that our approach
can be applied to industrial specifications and that the synthesized test
strategies are capable of detecting bugs that are hard to detect with random
testing
CoFI: The Common Framework Initiative for Algebraic Specification and Development
An open collaborative effort has been initiated: to design acommon framework for algebraic specification and development of software. The rationale behind this initiative is that the lack of such a common framework greatly hinders the dissemination and application of researchresults in algebraic specification. In particular, the proliferationof specification languages, some differing in only quite minor ways from each other, is a considerable obstacle for the use of algebraic methods in industrial contexts, making it difficult to exploit standard examples, case studies and training material. A common framework with widespread acceptancethroughout the research community is urgently needed.The aim is to base the common framework as much as possible on a critical selection of features that have already been explored in various contexts. The common framework will provide a family of specificationlanguages at different levels: a central, reasonably expressive language, called CASL, for specifying (requirements, design, and architecture of) conventional software; restrictions of CASL to simpler languages, for use primarily in connection with prototyping and verification tools; and extensionsof CASL, oriented towards particular programming paradigms,such as reactive systems and object-based systems. It should also be possibleto embed many existing algebraic specification languages in members of the CASL family. A tentative design for CASL has already been proposed. Task groupsare studying its formal semantics, tool support, methodology, and other aspects, in preparation for the finalization of the design
Efficient CTL Verification via Horn Constraints Solving
The use of temporal logics has long been recognised as a fundamental approach
to the formal specification and verification of reactive systems. In this
paper, we take on the problem of automatically verifying a temporal property,
given by a CTL formula, for a given (possibly infinite-state) program. We
propose a method based on encoding the problem as a set of Horn constraints.
The method takes a program, modeled as a transition system, and a property
given by a CTL formula as input. It first generates a set of forall-exists
quantified Horn constraints and well-foundedness constraints by exploiting the
syntactic structure of the CTL formula. Then, the generated set of constraints
are solved by applying an off-the-shelf Horn constraints solving engine. The
program is said to satisfy the property if and only if the generated set of
constraints has a solution. We demonstrate the practical promises of the method
by applying it on a set of challenging examples. Although our method is based
on a generic Horn constraint solving engine, it is able to outperform
state-of-art methods specialised for CTL verification.Comment: In Proceedings HCVS2016, arXiv:1607.0403
- …