113,351 research outputs found
Automated Verification of Specifications with Typestates and Access Permissions
We propose an approach to formally verify Plural specifications based on access permissions and typestates, by model-checking automatically generated abstract state-machines. Our exhaustive approach captures all the possible behaviors of abstract concurrent programs implementing the specification. We describe the formal methodology employed by our technique and provide an example as proof of concept for the state-machine construction rules. The implementation of a fully automated algorithm to generate and verify models, currently underway, provides model checking support for the Plural tool, which currently supports only program verification via data flow analysis (DFA)
A state/event-based model-checking approach for the analysis of abstract system properties.
AbstractWe present the UMC framework for the formal analysis of concurrent systems specified by collections of UML state machines. The formal model of a system is given by a doubly labelled transition system, and the logic used to specify its properties is the state-based and event-based logic UCTL. UMC is an on-the-fly analysis framework which allows the user to interactively explore a UML model, to visualize abstract behavioural slices of it and to perform local model checking of UCTL formulae. An automotive scenario from the service-oriented computing (SOC) domain is used as case study to illustrate our approach
AsmetaF: A Flattener for the ASMETA Framework
Abstract State Machines (ASMs) have shown to be a suitable high-level
specification method for complex, even industrial, systems; the ASMETA
framework, supporting several validation and verification activities on ASM
models, is an example of a formal integrated development environment. Although
ASMs allow modeling complex systems in a rather concise way -and this is
advantageous for specification purposes-, such concise notation is in general a
problem for verification activities as model checking and theorem proving that
rely on tools accepting simpler notations.
In this paper, we propose a flattener tool integrated in the ASMETA framework
that transforms a general ASM model in a flattened model constituted only of
update, parallel, and conditional rules; such model is easier to map to
notations of verification tools. Experiments show the effect of applying the
tool to some representative case studies of the ASMETA repository.Comment: In Proceedings F-IDE 2018, arXiv:1811.09014. The first two authors
are supported by ERATO HASUO Metamathematics for Systems Design Project (No.
JPMJER1603), JST. Funding Reference number: 10.13039/501100009024 ERAT
Counter-constrained finite state machines: modelling component protocols with resource-dependencies
This report deals with the specification of software component
protocols (i.e., the set of service call sequences). The
contribution of this report is twofold: (a) We discuss specific
requirements of real-world protocols, especially in the presence
of components wich make use of limited resources. (b) We define
counter-constrained finite state machines (CC-FSMs), a novel
extension of finite state machines, specifically created to
model protocols having dependencies between services due to
their access to shared resources. We provide a theoretical
framework for reasoning and analysing CC-FSMs. Opposed to finite
state machines and other approaches, CC-FSMs combine two
valuable properties: (a) CC-FSMs are powerful enough to model
realistic component protocols with resource allocation, usage,
and de-allocation dependencies between methods (as occurring in
common abstract datatypes such as stacks or queues) and (b)
CC-FSMs have a decidabile equivalence- and inclusion problem as
proved in this report by providing algorithms for efficient
checking equivalence and inclusion. These algorithms directly
lead to efficient checks for component interoperability and
substitutability.
Keywords: software component protocols, finite state machine
extension, decidable inclusion check, interoperability,
substitutability
An Abort-Aware Model of Transactional Programming
Abstract. There has been a lot of recent research on transaction-based concurrent programming, aimed at offering an easier concurrent programming paradigm that enables programmers to better exploit the parallelism of modern multi-processor machines, such as multi-core microprocessors. We introduce Transactional State Machines (TSMs) as an abstract finite-data model of transactional shared-memory concurrent programs. TSMs are a variant of concurrent boolean programs (or concurrent extended recursive state machines) augmented with additional constructs for specifying potentially nested transactions. Namely, some procedures (or code segments) can be marked as transactions and are meant to be executed “atomically”, and there are also explicit commit and abort operations for transactions. The TSM model is non-blocking and allows interleaved executions where multiple processes can simultaneously be executing inside transactions. It also allows nested transactions, transactions which may never terminate, and transactions which may be aborted explicitly, or aborted automatically by the run-time environment due to memory conflicts. We show that concurrent executions of TSMs satisfy a correctness criterion closely related to serializability, which we call stutter-serializability, with respect to shared memory. We initiate a study of model checking problems for TSMs. Model checking arbitrary TSMs is easily seen to be undecidable, but we show it is decidable in the following case: when recursion is exclusively used inside transactions in all (but one) of the processes, we show that model checking such TSMs against all stutterinvariant ω-regular properties of shared memory is decidable.
Automated Verification of Specifications with Typestates and Access Permissions
We propose an approach to formally verify Plural specifications of concurrent programs based on access permissions and typestates, by model-checking automatically generated abstract state-machines. Our approach captures all possible relevant behaviors of abstract concurrent programs implementing the specification. We describe the formal methodology employed in our technique and provide an example as proof of concept for the state-machine construction rules. We implemented the fully automated algorithm to generate and verify models as a freely available plug-in of the Plural tool, called Pulse. We tested Pulse on the full specification of a Multi Threaded Task Server commercial application and showed that this approach scales well and is efficient in finding errors in specifications that could not be previously detected with the Data Flow Analysis (DFA) capabilities of Plural
An abort-aware model of transactional programming
Abstract There has been a lot of recent research on transaction-based concurrent programming, aimed at offering an easier concurrent programming paradigm that enables programmers to better exploit the parallelism of modern multi-processor machines, such as multi-core microprocessors. We introduce Transactional State Machines (TSMs) as an abstract finite-data model of transactional shared-memory concurrent programs. TSMs are a variant of concurrent boolean programs (or concurrent extended recursive state machines) augmented with additional constructs for specifying potentially nested transactions. Namely, some procedures (or code segments) can be marked as transactions and are meant to be executed “atomically”, and there are also explicit commit and abort operations for transactions. The TSM model is non-blocking and allows interleaved executions where multiple processes can simultaneously be executing inside transactions. It also allows nested transactions, transactions which may never terminate, and transactions which may be aborted explicitly, or aborted automatically by the run-time environment due to memory conflicts. We show that concurrent executions of TSMs satisfy a correctness criterion closely related to serializability, which we call stutter-serializability, with respect to shared memory. We initiate a study of model checking problems for TSMs. Model checking arbitrary TSMs is easily seen to be undecidable, but we show it is decidable in the following case: when recursion The work of K. Etessami was done partly while visiting Microsof
A Toolset for Supporting UML Static and Dynamic Model Checking
The Unified Modeling Language has become widely accepted as a standard in software development. Several tools have been produced to support UML model validation. However, most of them support either static or dynamic model checking; and no tools support to check both static and dynamic aspects of a UML model . But a UML model should include the static and dynamic aspects of a software system. Furthermore, these UML tools translate a UML model into a validation language such as PROMELA. But they have some shortcomings: there is no proof of correctness (with respect to the UML semantics) for these tools. In order to overcome these shortcomings, we present a toolset which can validate both static and dynamic aspects of a model; and this toolset is based on the semantic model using Abstract State Machines. Since the toolset is derived from the semantic model, the toolset is correct with respect to the semantic model
On the Transformation of SystemC to AsmL Using Abstract Interpretation
SystemC is among a group of system level design languages proposed to raise the abstraction level for embedded system design and verification. A straight and sound verification by model checking or theorem proving of SystemC designs is, however, infeasible given the object-oriented nature of this library and the complexity of its simulation environment. We illustrated, in a previous work, the feasibility and success of performing model checking and assertions monitors generation of SystemC using a variant of Abstract State Machines (ASM) languages (AsmL). In this paper, we establish the soundness of our approach by proving the correctness of the transformation from SystemC to AsmL
First order model checking of w-Automata using multiway decision graphs
As the complexity of hardware digital systems increases, their correctness becomes a major concern. Traditional verification by simulation is infeasible to exhaustively test and guarantee correctness. More than a decade ago, however, formal verification has been introduced as complement technique to simulation. Formal methods establish that a design implementation satisfies its specification by mathematical reasoning. Among several techniques, model checking is one of the most successful technology, which is based on the exploration of the design state space. In this thesis, we propose a new model checking method based on the theory of }-automata and multiway decision graphs (MDGs). Unlike reduced ordered binary decision diagrams (ROBDDs), MDGs allow system models to be described using abstract state machines (ASMs) through abstract data sorts and uninterpreted function symbols, hence enabling the verification of larger designs independent of the datapath width. Given an ASM and a first-order linear time temporal logic property, the model checking problem proposed in this thesis is reduced to a language emptiness checking of an }-automaton that accepts all }-words produced by the system violating the property formula. The checking method comprises four steps: (1) transforming the first-order property into a propositional formula by constructing ASMs for the atomic formulas of the property; (2) generating an }-automaton from the negation of the transformed propositional formula; (3) computing the product of the generated automaton, the system model ASM and the constructed ASMs; and (4) applying a language emptiness checking algorithm on the product automaton. Three different checking algorithms have been developed, implemented, and proved correct in this thesis. To evaluate the performance of the proposed model checking method and implemented tool, we conducted several experimentations and case studies. We also compared the efficiency of our tool with an existing MDG regular model checking application, as well as with popular ROBDD-based automata model checking tools such as VIS. Our model checker was found to be outperforming the above tools
- …