64,956 research outputs found
Generic Methodology for Formal Verification of UML Models
This paper discusses a Unified Modelling Language (UML) based formal verification methodology for early error detection in the model-based software development cycle. Our approach proposes a UML-based formal verification process utilising functional and behavioural modelling artifacts of UML. It reinforces these artifacts with formal model transition and property verification. The main contribution is a UML to Labelled Transition System (LTS) Translator application that automatically converts UML Statecharts to formal models. Property specifications are derived from system requirements and corresponding Computational Tree Logic (CTL)/Linear Temporal Logic (LTL) model checking procedure verifies property entailment in LTS. With its ability to verify CTL and LTL specifications, the methodology becomes generic for verifying all types of embedded system behaviours. The steep learning curve associated with formal methods is avoided through the automatic formal model generation and thus reduces the reluctance of using formal methods in software development projects. A case study of an embedded controller used in military applications validates the methodology. It establishes how the methodology finds its use in verifying the correctness and consistency of UML models before implementation
Combining behavioural types with security analysis
Today's software systems are highly distributed and interconnected, and they
increasingly rely on communication to achieve their goals; due to their
societal importance, security and trustworthiness are crucial aspects for the
correctness of these systems. Behavioural types, which extend data types by
describing also the structured behaviour of programs, are a widely studied
approach to the enforcement of correctness properties in communicating systems.
This paper offers a unified overview of proposals based on behavioural types
which are aimed at the analysis of security properties
PLACES'10: The 3rd Workshop on Programmng Language Approaches to concurrency and Communication-Centric Software
Paphos, Cyprus. March 201
Model-Checking Process Equivalences
Process equivalences are formal methods that relate programs and system
which, informally, behave in the same way. Since there is no unique notion of
what it means for two dynamic systems to display the same behaviour there are a
multitude of formal process equivalences, ranging from bisimulation to trace
equivalence, categorised in the linear-time branching-time spectrum.
We present a logical framework based on an expressive modal fixpoint logic
which is capable of defining many process equivalence relations: for each such
equivalence there is a fixed formula which is satisfied by a pair of processes
if and only if they are equivalent with respect to this relation. We explain
how to do model checking, even symbolically, for a significant fragment of this
logic that captures many process equivalences. This allows model checking
technology to be used for process equivalence checking. We show how partial
evaluation can be used to obtain decision procedures for process equivalences
from the generic model checking scheme.Comment: In Proceedings GandALF 2012, arXiv:1210.202
Hybrid Session Verification through Endpoint API Generation
© Springer-Verlag Berlin Heidelberg 2016.This paper proposes a new hybrid session verification methodology for applying session types directly to mainstream languages, based on generating protocol-specific endpoint APIs from multiparty session types. The API generation promotes static type checking of the behavioural aspect of the source protocol by mapping the state space of an endpoint in the protocol to a family of channel types in the target language. This is supplemented by very light run-time checks in the generated API that enforce a linear usage discipline on instances of the channel types. The resulting hybrid verification guarantees the absence of protocol violation errors during the execution of the session. We implement our methodology for Java as an extension to the Scribble framework, and use it to specify and implement compliant clients and servers for real-world protocols such as HTTP and SMTP
A Formal Framework for Concrete Reputation Systems
In a reputation-based trust-management system, agents maintain information about the past behaviour of other agents. This information is used to guide future trust-based decisions about interaction. However, while trust management is a component in security decision-making, many existing reputation-based trust-management systems provide no formal security-guarantees. In this extended abstract, we describe a mathematical framework for a class of simple reputation-based systems. In these systems, decisions about interaction are taken based on policies that are exact requirements on agents’ past histories. We present a basic declarative language, based on pure-past linear temporal logic, intended for writing simple policies. While the basic language is reasonably expressive (encoding e.g. Chinese Wall policies) we show how one can extend it with quantification and parameterized events. This allows us to encode other policies known from the literature, e.g., ‘one-out-of-k’. The problem of checking a history with respect to a policy is efficient for the basic language, and tractable for the quantified language when policies do not have too many variables
Petri nets for systems and synthetic biology
We give a description of a Petri net-based framework for
modelling and analysing biochemical pathways, which uni¯es the qualita-
tive, stochastic and continuous paradigms. Each perspective adds its con-
tribution to the understanding of the system, thus the three approaches
do not compete, but complement each other. We illustrate our approach
by applying it to an extended model of the three stage cascade, which
forms the core of the ERK signal transduction pathway. Consequently
our focus is on transient behaviour analysis. We demonstrate how quali-
tative descriptions are abstractions over stochastic or continuous descrip-
tions, and show that the stochastic and continuous models approximate
each other. Although our framework is based on Petri nets, it can be
applied more widely to other formalisms which are used to model and
analyse biochemical networks
Modular session types for objects
Session types allow communication protocols to be specified
type-theoretically so that protocol implementations can be verified by static
type checking. We extend previous work on session types for distributed
object-oriented languages in three ways. (1) We attach a session type to a
class definition, to specify the possible sequences of method calls. (2) We
allow a session type (protocol) implementation to be modularized, i.e.
partitioned into separately-callable methods. (3) We treat session-typed
communication channels as objects, integrating their session types with the
session types of classes. The result is an elegant unification of communication
channels and their session types, distributed object-oriented programming, and
a form of typestate supporting non-uniform objects, i.e. objects that
dynamically change the set of available methods. We define syntax, operational
se-mantics, a sound type system, and a sound and complete type checking
algorithm for a small distributed class-based object-oriented language with
structural subtyping. Static typing guarantees that both sequences of messages
on channels, and sequences of method calls on objects, conform to
type-theoretic specifications, thus ensuring type-safety. The language includes
expected features of session types, such as delegation, and expected features
of object-oriented programming, such as encapsulation of local state.Comment: Logical Methods in Computer Science (LMCS), International Federation
for Computational Logic, 201
Clafer: Lightweight Modeling of Structure, Behaviour, and Variability
Embedded software is growing fast in size and complexity, leading to intimate
mixture of complex architectures and complex control. Consequently, software
specification requires modeling both structures and behaviour of systems.
Unfortunately, existing languages do not integrate these aspects well, usually
prioritizing one of them. It is common to develop a separate language for each
of these facets. In this paper, we contribute Clafer: a small language that
attempts to tackle this challenge. It combines rich structural modeling with
state of the art behavioural formalisms. We are not aware of any other modeling
language that seamlessly combines these facets common to system and software
modeling. We show how Clafer, in a single unified syntax and semantics, allows
capturing feature models (variability), component models, discrete control
models (automata) and variability encompassing all these aspects. The language
is built on top of first order logic with quantifiers over basic entities (for
modeling structures) combined with linear temporal logic (for modeling
behaviour). On top of this semantic foundation we build a simple but expressive
syntax, enriched with carefully selected syntactic expansions that cover
hierarchical modeling, associations, automata, scenarios, and Dwyer's property
patterns. We evaluate Clafer using a power window case study, and comparing it
against other notations that substantially overlap with its scope (SysML, AADL,
Temporal OCL and Live Sequence Charts), discussing benefits and perils of using
a single notation for the purpose
Tau Be or not Tau Be? - A Perspective on Service Compatibility and Substitutability
One of the main open research issues in Service Oriented Computing is to
propose automated techniques to analyse service interfaces. A first problem,
called compatibility, aims at determining whether a set of services (two in
this paper) can be composed together and interact with each other as expected.
Another related problem is to check the substitutability of one service with
another. These problems are especially difficult when behavioural descriptions
(i.e., message calls and their ordering) are taken into account in service
interfaces. Interfaces should capture as faithfully as possible the service
behaviour to make their automated analysis possible while not exhibiting
implementation details. In this position paper, we choose Labelled Transition
Systems to specify the behavioural part of service interfaces. In particular,
we show that internal behaviours (tau transitions) are necessary in these
transition systems in order to detect subtle errors that may occur when
composing a set of services together. We also show that tau transitions should
be handled differently in the compatibility and substitutability problem: the
former problem requires to check if the compatibility is preserved every time a
tau transition is traversed in one interface, whereas the latter requires a
precise analysis of tau branchings in order to make the substitution preserve
the properties (e.g., a compatibility notion) which were ensured before
replacement.Comment: In Proceedings WCSI 2010, arXiv:1010.233
- …