A tool for model-checking Markov chains

Markov chains are widely used in the context of the performance and reliability modeling of various systems. Model checking of such chains with respect to a given (branching) temporal logic formula has been proposed for both discrete [34, 10] and continuous time settings [7, 12]. In this paper, we describe a prototype model checker for discrete and continuous-time Markov chains, the Erlangen-Twente Markov Chain Checker EÎMC2, where properties are expressed in appropriate extensions of CTL. We illustrate the general benefits of this approach and discuss the structure of the tool. Furthermore, we report on successful applications of the tool to some examples, highlighting lessons learned during the development and application of EÎMC2

Quickstrom: property-based acceptance testing with LTL specifications

We present Quickstrom, a property-based testing system for acceptance testing of interactive applications. Using Quickstrom, programmers can specify the behaviour of web applications as properties in our testing-oriented dialect of Linear Temporal Logic (LTL) called QuickLTL, and then automatically test their application against the given specification with hundreds of automatically generated interactions. QuickLTL extends existing finite variants of LTL for the testing use-case, determining likely outcomes from partial traces whose minimum length is itself determined by the LTL formula. This temporal logic is embedded in our specification language, Specstrom, which is designed to be approachable to web programmers, expressive for writing specifications, and easy to analyse. Because Quickstrom tests only user-facing behaviour, it is agnostic to the implementation language of the system under test. We therefore formally specify and test many implementations of the popular TodoMVC benchmark, used for evaluation and comparison across various web frontend frameworks and languages. Our tests uncovered bugs in almost half of the available implementations.Comment: 13 pages, this is a technical report of a paper to appear at Programming Languages Design and Implementation (PLDI 2022

Combining type checking with model checking for system verification

Type checking is widely used in mainstream programming languages to detect programming errors at compile time. Model checking is gaining popularity as an automated technique for systematically analyzing behaviors of systems. My research focuses on combining these two software verification techniques synergically into one platform for the creation of correct models for software designs. This thesis describes two modeling languages ATS/PML and ATS/Veri that inherit the advanced type system from an existing programming language ATS, in which both dependent types of Dependent ML style and linear types are supported. A detailed discussion is given for the usage of advanced types to detect modeling errors at the stage of model construction. Going further, various modeling primitives with well-designed types are introduced into my modeling languages to facilitate a synergic combination of type checking with model checking. The semantics of ATS/PML is designed to be directly rooted in a well-known modeling language PROMELA. Rules for translation from ATS/PML to PROMELA are designed and a compiler is developed accordingly so that the SPIN model checker can be readily employed to perform checking on models constructed in ATS/PML. ATS/Veri is designed to be a modeling language, which allows a programmer to construct models for real-world multi-threaded software applications in the same way as writing a functional program with support for synchronization, communication, and scheduling among threads. Semantics of ATS/Veri is formally defined for the development of corresponding model checkers and a compiler is built to translate ATS/Veri into CSP# and exploit the state-of-the-art verification platform PAT for model checking ATS/Veri models. The correctness of such a transformational approach is illustrated based on the semantics of ATS/Veri and CSP#. In summary, the primary contribution of this thesis lies in the creation of a family of modeling languages with highly expressive types for modeling concurrent software systems as well as the related platform supporting verification via model checking. As such, we can combine type checking and model checking synergically to ensure software correctness with high confidence

Dependability modeling and optimization of triple modular redundancy partitioning for SRAM-based FPGAs

SRAM-based FPGAs are popular in the aerospace industry for their field programmability and low cost. However, they suffer from cosmic radiation-induced Single Event Upsets (SEUs). Triple Modular Redundancy (TMR) is a well-known technique to mitigate SEUs in FPGAs that is often used with another SEU mitigation technique known as configuration scrubbing. Traditional TMR provides protection against a single fault at a time, while partitioned TMR provides improved reliability and availability. In this paper, we present a methodology to analyze TMR partitioning at early design stage using probabilistic model checking. The proposed formal model can capture both single and multiple-cell upset scenarios, regardless of any assumption of equal partition sizes. Starting with a high-level description of a design, a Markov model is constructed from the Data Flow Graph (DFG) using a specified number of partitions, a component characterization library and a user defined scrub rate. Such a model and exhaustive analysis captures all the considered failures and repairs possible in the system within the radiation environment. Various reliability and availability properties are then verified automatically using the PRISM model checker exploring the relationship between the scrub frequency and the number of TMR partitions required to meet the design requirements. Also, the reported results show that based on a known voter failure rate, it is possible to find an optimal number of partitions at early design stages using our proposed method.Comment: Published in Reliability Engineering & System Safety Volume 182, February 2019, Pages 107-11

Towards model checking electrum specifications with LTSmin

Dissertação de mestrado integrado em Engenharia InformáticaModel checking é uma técnica comum de verificação; garante a consistência e integridade de qualquer sistema fazendo uma exploração exaustiva de todos os possíveis estados. Devido à grande quantidade de intercalações possíveis entre eventos, modelos de sistemas distribuídos muitas vezes acabam por gerar um número de estados muito grande. Nesta dissertação vamos explorar os efeitos de partial order reduction — uma técnica para mitigar os efeitos da explosão de estados — implementando uma linguagem semelhante ao Electrum com LTSmin. Vamos também propor um event layer por cima do Electrum e uma análise sintática para extrair informação necessária para que esta técnica possa ser implementada.Model checking is a common verification technique to guarantee the consistency and integrity of any system by an exhaustive exploration of all possible states. Due to the large amount of interleavings, models on distributed systems often end up with a huge state-space. In this dissertation we will explore the effects of partial order reduction — a technique to mitigate the effects of this state-explosion problem — by implementing an electrum-like language with LTSmin. We will also propose an event layer over Electrum and a syntactic analysis to extract valuable information for this technique to be implemented.This work is financed by the ERDF – European Regional Development Fund through the Operational Programme for Competitiveness and Internationalisation - COMPETE 2020 Programme and by National Funds through the Portuguese funding agency, FCT - Fundação para a Ciência e a Tecnologia, within project POCI-01-0145-FEDER-01682

Fundamental Approaches to Software Engineering

This open access book constitutes the proceedings of the 23rd International Conference on Fundamental Approaches to Software Engineering, FASE 2020, which took place in Dublin, Ireland, in April 2020, and was held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2020. The 23 full papers, 1 tool paper and 6 testing competition papers presented in this volume were carefully reviewed and selected from 81 submissions. The papers cover topics such as requirements engineering, software architectures, specification, software quality, validation, verification of functional and non-functional properties, model-driven development and model transformation, software processes, security and software evolution

Performance evaluation and model checking of probabilistic real-time actors

This dissertation is composed of two parts. In the first part, performance evaluation and verification of safety properties are provided for real-time actors. Recently, the actor-based language, Timed Rebeca, was introduced to model distributed and asynchronous systems with timing constraints and message passing communication. A toolset was developed for automated translation of Timed Rebeca models to Erlang. The translated code can be executed using a timed extension of McErlang for model checking and simulation. In the first part of this dissertation, we induce a new toolset that provides statistical model checking of Timed Rebeca models. Using statistical model checking, we are now able to verify larger models against safety properties comparing to McErlang model checking. We examine the typical case studies of elevators and ticket service to show the efficiency of statistical model checking and applicability of our toolset. In the second part of this dissertation, we enhance our modeling ability and cover more properties by performance evaluation and model checking of probabilistic real-time actors. Distributed systems exhibit probabilistic and nondeterministic behaviors and may have time constraints. Probabilistic Timed Rebeca (PTRebeca) is introduced as a timed and probabilistic actor-based language for modeling distributed real-time systems with asynchronous message passing. The semantics of PTRebeca is a Timed Markov Decision Process (TMDP). We provide SOS rules for PTRebeca, and develop two toolsets for analyzing PTRebeca models. The first toolset automatically generates a TMDP model from a PTRebeca model in the form of the input language of the PRISM model checker. We use PRISM for performance analysis of PTRebeca models against expected reachability and probabilistic reachability properties. Additionally, we develop another toolset to automatically generate a Markov Automaton from a PTRebeca model in the form of the input language of the Interactive Markov Chain Analyzer (IMCA). The IMCA can be used as the back-end model checker for performance analysis of PTRebeca models against expected reachability and probabilistic reachability properties. We present the needed time for the analysis of different case studies using PRISM-based and IMCA-based approaches. The IMCA-based approach needs considerably less time, and so has the ability of analyzing significantly larger models. We show the applicability of both approaches and the efficiency of our tools by analyzing a few case studies and experimental results.Þessi ritgerð er tvískipt. Í fyrri hlutanum er farið í mat og sannprófun á eiginleikum öryggis í rauntímalíkönum. Fyrir stuttu síðan var leikendabyggða málið, Timed Rebeca, notað við líkana dreifingu og ósamstillt kerfi með tímastillingu og samskipti í skilaboðum. Búið var til verkfærasett fyrir sjálfvirka þýðingu á Timed Rebeca líkön yfir í Erlang. Hægt er að nota þýdda kóðann með því að nota tímastillta framlengingu af McErlang fyrir líkanaprófun og hermun. Í fyrri hluta þessarar ritgerðar, ætlum við að kynna verkfærasettið sem veitir tölfræðilega prófun á líkön á Timed Rebeca líkön. Með því að nota tölfræðileg próf á líkön er núna hægt að sannreyna stærri líkön eins og í öryggiskröfum McErlang. Við rannsökum dæmigerðar ferilsathuganir af lyftum og miðasölu til að sýna fram á skilvirkni tölfræðilegra líkana og beitingu verkfærasettsins okkar. Í seinni hluta þessarar ritgerðar aukum við við getu líkanagerðarinnar og við náum yfir fleiri eiginleika með mati á framkvæmd og prófunum á líkönum á líkinda rauntíma leikara. Dreifð kerfi sýna líkindi og brigðgenga hegðun sem kunna að hafa tímamörk. Probabilistic Timed Rebeca (PTRebeca) er kynnt sem tímastillt og líkinda leikarabyggt mál líkindadreifðra rauntímakerfa með ósamstillta sendingu skilaboða. Merkingarfræði PTRebeca er Timed Markov Decision Process (TMDP). Við verðum með SOS reglur fyrir PTRebeca, og þróum tvö verkfærasett til að greina PTRebeca líkön.The work on this dissertation was supported by the project "Timed Asynchronous Reactive Objects in Distributed Systems: TARO" (nr.110020021) of the Icelandic Research Fund