45 research outputs found
Formal Methods: From Academia to Industrial Practice. A Travel Guide
For many decades, formal methods are considered to be the way forward to help
the software industry to make more reliable and trustworthy software. However,
despite this strong belief and many individual success stories, no real change
in industrial software development seems to be occurring. In fact, the software
industry itself is moving forward rapidly, and the gap between what formal
methods can achieve and the daily software-development practice does not appear
to be getting smaller (and might even be growing).
In the past, many recommendations have already been made on how to develop
formal-methods research in order to close this gap. This paper investigates why
the gap nevertheless still exists and provides its own recommendations on what
can be done by the formal-methods-research community to bridge it. Our
recommendations do not focus on open research questions. In fact,
formal-methods tools and techniques are already of high quality and can address
many non-trivial problems; we do give some technical recommendations on how
tools and techniques can be made more accessible. To a greater extent, we focus
on the human aspect: how to achieve impact, how to change the way of thinking
of the various stakeholders about this issue, and in particular, as a research
community, how to alter our behaviour, and instead of competing, collaborate to
address this issue.Comment: 22 pages, 0 figure
Complete Agent-driven Model-based System Testing for Autonomous Systems
In this position paper, a novel approach to testing complex autonomous
transportation systems (ATS) in the automotive, avionic, and railway domains is
described. It is intended to mitigate some of the most critical problems
regarding verification and validation (V&V) effort for ATS. V&V is known to
become infeasible for complex ATS, when using conventional methods only. The
approach advocated here uses complete testing methods on the module level,
because these establish formal proofs for the logical correctness of the
software. Having established logical correctness, system-level tests are
performed in simulated cloud environments and on the target system. To give
evidence that 'sufficiently many' system tests have been performed with the
target system, a formally justified coverage criterion is introduced. To
optimise the execution of very large system test suites, we advocate an online
testing approach where multiple tests are executed in parallel, and test steps
are identified on-the-fly. The coordination and optimisation of these
executions is achieved by an agent-based approach. Each aspect of the testing
approach advocated here is shown to either be consistent with existing
standards for development and V&V of safety-critical transportation systems, or
it is justified why it should become acceptable in future revisions of the
applicable standards.Comment: In Proceedings FMAS 2021, arXiv:2110.1152
Generating Distributed Programs from Event-B Models
Distributed algorithms offer challenges in checking that they meet their
specifications. Verification techniques can be extended to deal with the
verification of safety properties of distributed algorithms. In this paper, we
present an approach for combining correct-by-construction approaches and
transformations of formal models (Event-B) into programs (DistAlgo) to address
the design of verified distributed programs. We define a subset LB (Local
Event-B) of the Event-B modelling language restricted to events modelling the
classical actions of distributed programs as internal or local computations,
sending messages and receiving messages. We define then transformations of the
various elements of the LB language into DistAlgo programs. The general
methodology consists in starting from a statement of the problem to program and
then progressively producing an LB model obtained after several refinement
steps of the initial LB model. The derivation of the LB model is not described
in the current paper and has already been addressed in other works. The
transformation of LB models into DistAlgo programs is illustrated through a
simple example. The refinement process and the soundness of the transformation
allow one to produce correct-by-construction distributed programs.Comment: In Proceedings VPT/HCVS 2020, arXiv:2008.0248
On the connection of probabilistic model checking, planning, and learning for system verification
This thesis presents approaches using techniques from the model checking, planning, and learning community to make systems more reliable and perspicuous. First, two heuristic search and dynamic programming algorithms are adapted to be able to check extremal reachability probabilities, expected accumulated rewards, and their bounded versions, on general Markov decision processes (MDPs). Thereby, the problem space originally solvable by these algorithms is enlarged considerably. Correctness and optimality proofs for the adapted algorithms are given, and in a comprehensive case study on established benchmarks it is shown that the implementation, called Modysh, is competitive with state-of-the-art model checkers and even outperforms them on very large state spaces. Second, Deep Statistical Model Checking (DSMC) is introduced, usable for quality assessment and learning pipeline analysis of systems incorporating trained decision-making agents, like neural networks (NNs). The idea of DSMC is to use statistical model checking to assess NNs resolving nondeterminism in systems modeled as MDPs. The versatility of DSMC is exemplified in a number of case studies on Racetrack, an MDP benchmark designed for this purpose, flexibly modeling the autonomous driving challenge. In a comprehensive scalability study it is demonstrated that DSMC is a lightweight technique tackling the complexity of NN analysis in combination with the state space explosion problem.Diese Arbeit prĂ€sentiert AnsĂ€tze, die Techniken aus dem Model Checking, Planning und Learning Bereich verwenden, um Systeme verlĂ€sslicher und klarer verstĂ€ndlich zu machen. Zuerst werden zwei Algorithmen fĂŒr heuristische Suche und dynamisches Programmieren angepasst, um Extremwerte fĂŒr Erreichbarkeitswahrscheinlichkeiten, Erwartungswerte fĂŒr Kosten und beschrĂ€nkte Varianten davon, auf generellen Markov Entscheidungsprozessen (MDPs) zu untersuchen. Damit wird der Problemraum, der ursprĂŒnglich mit diesen Algorithmen gelöst wurde, deutlich erweitert. Korrektheits- und OptimalitĂ€tsbeweise fĂŒr die angepassten Algorithmen werden gegeben und in einer umfassenden Fallstudie wird gezeigt, dass die Implementierung, namens Modysh, konkurrenzfĂ€hig mit den modernsten Model Checkern ist und deren Leistung auf sehr groĂen ZustandsrĂ€umen sogar ĂŒbertrifft. Als Zweites wird Deep Statistical Model Checking (DSMC) fĂŒr die QualitĂ€tsbewertung und Lernanalyse von Systemen mit integrierten trainierten Entscheidungsgenten, wie z.B. neuronalen Netzen (NN), eingefĂŒhrt. Die Idee von DSMC ist es, statistisches Model Checking zur Bewertung von NNs zu nutzen, die Nichtdeterminismus in Systemen, die als MDPs modelliert sind, auflösen. Die Vielseitigkeit des Ansatzes wird in mehreren Fallbeispielen auf Racetrack gezeigt, einer MDP Benchmark, die zu diesem Zweck entwickelt wurde und die Herausforderung des autonomen Fahrens flexibel modelliert. In einer umfassenden Skalierbarkeitsstudie wird demonstriert, dass DSMC eine leichtgewichtige Technik ist, die die KomplexitĂ€t der NN-Analyse in Kombination mit dem State Space Explosion Problem bewĂ€ltigt
SCCharts: The Mindstorms Report
SCCharts are a visual language proposed in 2012 for specifying safety-critical reactive systems. This is the second SCCharts report towards the usability of the SCCharts visual language and its KIELER SCCharts implementation. KIELER is an open-source project which researches the pragmatics of model-based languages and related fields. Nine case-studies that were conducted between 2015 and 2019 evaluate the pros and cons in the context of small-scale Lego Mindstorms models and similar projects. Par-ticipants of the studies included undergraduate and graduate students from our local and also external facilities, as well as academics from the synchronous community. In the surveys, both the SCCharts language and the SCCharts tools are compared to other modeling and classical programming languages and tools