7 research outputs found
GSTE is partitioned model checking
Verifying whether an ω-regular property is satisfied by a finite-state system is a core problem in model checking. Standard techniques build an automaton with the complementary language, compute its product with the system, and then check for emptiness. Generalized symbolic trajectory evaluation (GSTE) has been recently proposed as an alternative approach, extending the computationally efficient symbolic trajectory evaluation (STE) to general ω-regular properties. In this paper, we show that the GSTE algorithms are essentially a partitioned version of standard symbolic model-checking (SMC) algorithms, where the partitioning is driven by the property under verification. We export this technique of property-driven partitioning to SMC and show that it typically does speed up SMC algorithm
A Faithful Semantics for Generalised Symbolic Trajectory Evaluation
Generalised Symbolic Trajectory Evaluation (GSTE) is a high-capacity formal
verification technique for hardware. GSTE uses abstraction, meaning that
details of the circuit behaviour are removed from the circuit model. A
semantics for GSTE can be used to predict and understand why certain circuit
properties can or cannot be proven by GSTE. Several semantics have been
described for GSTE. These semantics, however, are not faithful to the proving
power of GSTE-algorithms, that is, the GSTE-algorithms are incomplete with
respect to the semantics.
The abstraction used in GSTE makes it hard to understand why a specific
property can, or cannot, be proven by GSTE. The semantics mentioned above
cannot help the user in doing so. The contribution of this paper is a faithful
semantics for GSTE. That is, we give a simple formal theory that deems a
property to be true if-and-only-if the property can be proven by a GSTE-model
checker. We prove that the GSTE algorithm is sound and complete with respect to
this semantics
GSTE is Partitioned Model Checking
Verifying whether an ?-regular property is satisfied by a finite-state system is a core problem in model checking. Standard techniques build an automaton with the complementary language, compute its product with the system, and then check for emptiness. Generalized symbolic trajectory evaluation (GSTE) has been recently proposed as an alternative approach, extending the computationally efficient symbolic trajectory evaluation (STE) to general ?-regular properties. In this paper, we show that the GSTE algorithms are essentially a partitioned version of standard symbolic model-checking (SMC) algorithms, where the partitioning is driven by the property under verification. We export this technique of property-driven partitioning to SMC and show that it typically does speed up SMC algorithms
Detection of Feature Interactions in Automotive Active Safety Features
With the introduction of software into cars, many
functions are now realized with reduced cost,
weight and energy. The development of these software
systems is done in a distributed manner independently
by suppliers, following the traditional approach of
the automotive industry, while the car maker takes
care of the integration. However, the integration can
lead to unexpected and unintended interactions among
software systems, a phenomena regarded as feature
interaction. This dissertation addresses the problem
of the automatic detection of feature interactions
for automotive active safety features.
Active safety features control the vehicle's motion
control systems independently from the driver's request,
with the intention of increasing passengers' safety
(e.g., by applying hard braking in the case of an
identified imminent collision), but their unintended
interactions could instead endanger the passengers
(e.g., simultaneous throttle increase and sharp narrow
steering, causing the vehicle to roll over).
My method decomposes the problem into three parts:
(I) creation of a definition of feature interactions
based on the set of actuators and domain expert knowledge;
(II) translation of automotive active safety features
designed using a subset of Matlab's Stateflow into the
input language of the model checker SMV;
(III) analysis using model checking at design time to
detect a representation of all feature interactions
based on partitioning the counterexamples into
equivalence classes.
The key novel characteristic of my work is exploiting
domain-specific information about the feature interaction
problem and the structure of the model to produce a
method that finds a representation of all different
feature interactions for automotive active safety
features at design time.
My method is validated by a case study with the set
of non-proprietary automotive feature design models
I created. The method generates a set of counterexamples
that represent the whole set of feature interactions in
the case study.By showing only a set of representative
feature interaction cases, the information is concise
and useful for feature designers. Moreover, by generating
these results from feature models designed in Matlab's
Stateflow translated into SMV models, the feature
designers can trace the counterexamples generated by SMV
and understand the results in terms of the Stateflow
model. I believe that my results and techniques will
have relevance to the solution of the feature
interaction problem in other cyber-physical systems,
and have a direct impact in assessing the safety of
automotive systems