222,850 research outputs found
AsmetaF: A Flattener for the ASMETA Framework
Abstract State Machines (ASMs) have shown to be a suitable high-level
specification method for complex, even industrial, systems; the ASMETA
framework, supporting several validation and verification activities on ASM
models, is an example of a formal integrated development environment. Although
ASMs allow modeling complex systems in a rather concise way -and this is
advantageous for specification purposes-, such concise notation is in general a
problem for verification activities as model checking and theorem proving that
rely on tools accepting simpler notations.
In this paper, we propose a flattener tool integrated in the ASMETA framework
that transforms a general ASM model in a flattened model constituted only of
update, parallel, and conditional rules; such model is easier to map to
notations of verification tools. Experiments show the effect of applying the
tool to some representative case studies of the ASMETA repository.Comment: In Proceedings F-IDE 2018, arXiv:1811.09014. The first two authors
are supported by ERATO HASUO Metamathematics for Systems Design Project (No.
JPMJER1603), JST. Funding Reference number: 10.13039/501100009024 ERAT
Context Aware Model-Checking for Embedded Software
Reactive systems are becoming extremely complex with the huge increase in high technologies. Despite technical improvements, the increasing size of the systems makes the introduction of a wide range of potential errors easier. Among reactive systems, the asynchronous systems communicating by exchanging messages via buffer queues are often characterized by a vast number of possible behaviors. To cope with this difïŹculty, manufacturers of industrial systems make signiïŹcant efforts in testing and simulation to successfully pass the certiïŹcation process. Nevertheless revealing errors and bugs in this huge number of behaviors remains a very difïŹcult activity. An alternative method is to adopt formal methods, and to use exhaustive and automatic veriïŹcation tools such as model-checkers. Model-checking algorithms can be used to verify requirements of a model formally and automatically. Several model checkers as (Berthomieu et al., 2004; Holzmann, 1997; Larsen et al., 1997), have been developed to help the veriïŹcation of concurrent asynchronous systems. It is well known that an important issue that limits the application of model checking techniques in industrial software projects is the combinatorial explosion problem (Clarke et al., 1986; Holzmann & Peled, 1994; Park & Kwon, 2006). Because of the internal complexity of developed software, model checking of requirements over the system behavioral models could lead to an unmanageable state space. The approach described in this chapter presents an exploratory work to provide solutions to the problems mentioned above. It is based on two joint ideas: ïŹrst, to reduce behaviors system to be validated during model-checking and secondly, help the user to specify the formal properties to check. For this, we propose to specify the behavior of the entities that compose the system environment. These entities interact with the system. Their behaviors are described by use cases (scenarios) called here contexts. They describe how the environment interacts with the system. Each context corresponds to an operational phase identiïŹed as system initialization, reconïŹguration, graceful degradation, etc.. In addition, each context is associated with a set of properties to check. The aim is to guide the model-checker to focus on a restriction of the system behavior for veriïŹcation of speciïŹc properties instead on exploring the global system automaton
"The fridge door is open" : temporal verification of a robotic assistant's behaviours
Robotic assistants are being designed to help, or work with, humans in a variety of situations from assistance within domestic situations, through medical care, to industrial settings. Whilst robots have been used in industry for some time they are often limited in terms of their range of movement or range of tasks. A new generation of robotic assistants have more freedom to move, and are able to autonomously make decisions and decide between alternatives. For people to adopt such robots they will have to be shown to be both safe and trustworthy. In this paper we focus on formal verification of a set of rules that have been developed to control the Care-O-bot, a robotic assistant located in a typical domestic environment. In particular, we apply model-checking, an automated and exhaustive algorithmic technique, to check whether formal temporal properties are satisfied on all the possible behaviours of the system. We prove a number of properties relating to robot behaviours, their priority and interruptibility, helping to support both safety and trustworthiness of robot behaviours
Robustness-Driven Resilience Evaluation of Self-Adaptive Software Systems
An increasingly important requirement for certain classes of software-intensive systems is the ability to self-adapt their structure and behavior at run-time when reacting to changes that may occur to the system, its environment, or its goals. A major challenge related to self-adaptive software systems is the ability to provide assurances of their resilience when facing changes. Since in these systems, the components that act as controllers of a target system incorporate highly complex software, there is the need to analyze the impact that controller failures might have on the services delivered by the system. In this paper, we present a novel approach for evaluating the resilience of self-adaptive software systems by applying robustness testing techniques to the controller to uncover failures that can affect system resilience. The approach for evaluating resilience, which is based on probabilistic model checking, quantifies the probability of satisfaction of system properties when the target system is subject to controller failures. The feasibility of the proposed approach is evaluated in the context of an industrial middleware system used to monitor and manage highly populated networks of devices, which was implemented using the Rainbow framework for architecture-based self-adaptation
Using Flow Specifications of Parameterized Cache Coherence Protocols for Verifying Deadlock Freedom
We consider the problem of verifying deadlock freedom for symmetric cache
coherence protocols. In particular, we focus on a specific form of deadlock
which is useful for the cache coherence protocol domain and consistent with the
internal definition of deadlock in the Murphi model checker: we refer to this
deadlock as a system- wide deadlock (s-deadlock). In s-deadlock, the entire
system gets blocked and is unable to make any transition. Cache coherence
protocols consist of N symmetric cache agents, where N is an unbounded
parameter; thus the verification of s-deadlock freedom is naturally a
parameterized verification problem. Parametrized verification techniques work
by using sound abstractions to reduce the unbounded model to a bounded model.
Efficient abstractions which work well for industrial scale protocols typically
bound the model by replacing the state of most of the agents by an abstract
environment, while keeping just one or two agents as is. However, leveraging
such efficient abstractions becomes a challenge for s-deadlock: a violation of
s-deadlock is a state in which the transitions of all of the unbounded number
of agents cannot occur and so a simple abstraction like the one above will not
preserve this violation. In this work we address this challenge by presenting a
technique which leverages high-level information about the protocols, in the
form of message sequence dia- grams referred to as flows, for constructing
invariants that are collectively stronger than s-deadlock. Efficient
abstractions can be constructed to verify these invariants. We successfully
verify the German and Flash protocols using our technique
USER CONTEXT MODELS : A FRAMEWORK TO EASE SOFTWARE FORMAL VERIFICATIONS
This article is accepted to appear in ICEIS 2010 proceedingsInternational audienceSeveral works emphasize the difficulties of software verification applied to embedded systems. In past years, formal verification techniques and tools were widely developed and used by the research community. However, the use of formal verification at industrial scale remains difficult, expensive and requires lot of time. This is due to the size and the complexity of manipulated models, but also, to the important gap between requirement models manipulated by different stackholders and formal models required by existing verification tools. In this paper, we fill this gap by providing the UCM framework to automatically generate formal models used by formal verification tools. At this stage of our work, we generate behavior models of environment actors interacting with the system directly from an extended form of use cases. These behavioral models can be composed directly with the system automata to be verified using existing model checking tools
Modular interpretation of heterogeneous modeling diagrams into synchronous equations using static single assignment
The ANR project SPACIFY develops a domain-specific programming environment, Synoptic, to engineer embedded software for space applications. Synoptic is an Eclipse-based modeling environment which supports all aspects of aerospace software design. As such, it is a domain-specific environment consisting of heterogeneous modeling and programming principles defined in collaboration with the industrial partners and end users of the project : imperative synchronous programs, data-flow diagrams, mode automata, blocks, components, scheduling, mapping and timing. This article focuses on the essence and distinctive features of its behavioral or programming aspects : actions, flows and automata, for which we use the code generation infrastructure of the synchronous modeling environment SME. It introduces an efficient method for transforming a hierarchy of blocks consisting of actions (sequential Esterel-like programs), data-flow diagrams (to connect and time modules) and mode automata (to schedule or mode blocks) into a set of synchronous equations. This transformation minimizes the needed state variables and block synchronizations. It consists of an inductive static-single assignment transformation algorithm across a hierarchy of blocks that produces synchronous equations. The impact of this new transformation technique is twofold. With regards to code generation objectives, it minimizes the needed resynchronization of each block in the system with respects to its parents, potentially gaining substantial performance from way less synchronizations. With regards to verification requirements, it minimizes the number of state variables across a hierarchy of automata and hence maximizes model checking performances
Developing a distributed electronic health-record store for India
The DIGHT project is addressing the problem of building a scalable and highly available information store for the Electronic Health Records (EHRs) of the over one billion citizens of India
- âŠ