Model checking medium access control for sensor networks

We describe verification of S-MAC, a medium access control protocol designed for wireless sensor networks, by means of the PRISM model checker. The S-MAC protocol is built on top of the IEEE 802.11 standard for wireless ad hoc networks and, as such, it uses the same randomised backoff procedure as a means to avoid collision. In order to minimise energy consumption, in S-MAC, nodes are periodically put into a sleep state. Synchronisation of the sleeping schedules is necessary for the nodes to be able to communicate. Intuitively, energy saving obtained through a periodic sleep mechanism will be at the expense of performance. In previous work on S-MAC verification, a combination of analytical techniques and simulation has been used to confirm the correctness of this intuition for a simplified (abstract) version of the protocol in which the initial schedules coordination phase is assumed correct. We show how we have used the PRISM model checker to verify the behaviour of S-MAC and compare it to that of IEEE 802.11

Construction and Analysis of Petri Net Model for Distributed Cyber Physical Systems

A Distributed Cyber-Physical System (DCPS) composition poses challenges in determining its emergent behaviour. These challenges occur due to (1) the appearance of causal loops of information and energy flow through cyber and physical channels and (2) inherent non-determinism in the temporally ordered flow of events within independently evolving interacting processes of Constituent Systems (CSs). Hence, there is a need to construct a model of the envisaged schematic of DCPS composition for analysis and verification of its significant properties in the conceptual design stage of the system development life cycle. This paper presents a procedure to construct DCPS composition models in Petri net formalism using distributed abstractions. The model for each CS is obtained from elementary constructs using compositional operators. The interaction among CSs occurs through channels obtained by connecting send and receive constructs of two CSs participating in an interaction. The internal processing within a CS characterizing its primary function is abstracted in a generic passthrough construct. Representing these constructs with compositional operators results in the complete DCPS model in Petri net formalism. A toolchain with Reference net workshop (Renew) as an integrated Petri net editing and analysis platform is configured to support DCPS modelling, simulation and analysis. The Renew tool functionality has been enhanced with a plugin designed and developed by authors to facilitate the drawing of the distributed composition model. A low-level Petri net analysis (Lola) v2.0 plugin is employed to verify the Petri net and temporal properties of the modelled DCPS scenarios. The properties of the resultant model are verified using well-established algorithms to analyze Petri nets. Further, system properties specified using temporal logic can be verified using model-checking algorithms for Petri nets. A moderately complex scenario involving interactions among six CSs illustrates the presented approach

The early bird catches the worm: First verify, then monitor!

© 2018 Elsevier B.V. Trace expressions are a compact and expressive formalism, initially devised for runtime verification of agent interactions in multiagent systems, which has been successfully employed to model real-world protocols, and to generate monitors for mainstream multiagent system platforms, and generalized to support runtime verification of different kinds of properties and systems. In this paper, we propose an algorithm to check Linear Temporal Logic (LTL) properties satisfiability on trace expressions. To do this, we show how to translate a trace expression into a Büchi Automaton in order to realize an Automata-Based Model Checking. We show that this translation generates an over-approximation of our trace expression leading us to obtain a sound procedure to verify LTL properties. Once we have statically checked a set of LTL properties, we can conclude that: (1) our trace expression is formally correct (2) since we use this trace expression to generate monitors checking the runtime behavior of the system, the LTL properties verified by this trace expression are also verified by the monitored system

Strong Induction in Hardware Model Checking

Symbolic Model checking is a widely used technique for automated verification of both hardware and software systems. Unbounded SAT-based Symbolic Model Checking (SMC) algorithms are very popular in hardware verification. The principle of strong induction is one of the first techniques for SMC. While elegant and simple to apply, properties as such can rarely be proven using strong induction and when they can be strengthened, there is no effective strategy to guess the depth of induction. It has been mostly displaced by techniques that compute inductive strengthenings based on interpolation and property directed reachability (PDR). In this thesis, we prove that strong induction is more concise than induction. We then present kAvy, an SMC algorithm that effectively uses strong induction to guide interpolation and PDR-style incremental inductive invariant construction. Unlike pure strong induction, kAvy uses PDR-style generalization to compute and strengthen an inductive trace. Unlike pure PDR, kAvy uses relative strong induction to construct an inductive invariant. The depth of induction is adjusted dynamically by minimizing a proof of unsatisfiability. We have implemented kAvy within the Avy Model Checker and evaluated it on HWMCC instances. Our results show that kAvy is more effective than both Avy and PDR, and that using strong induction leads to faster running time and solving more instances. Further, on a class of benchmarks, called shift, kAvy is orders of magnitude faster than Avy, PDR and pure strong induction

Efficient almost wait-free parallel accesible dynamic hashtables

Abstract In multiprogrammed systems, synchronization often turns out to be a performance bottleneck and the source of poor fault-tolerance. Wait-free and lock-free algorithms can do without locking mechanisms, and therefore do not suffer from these problems. We present an efficient almost wait-free algorithm for parallel accessible hashtables, which promises more robust performance and reliability than conventional lock-based implementations. Our solution is as efficient as sequential hashtables. It can easily be implemented using C-like languages and requires on average only constant time for insertion, deletion or accessing of elements. Apart from that, our new algorithm allows the hashtables to grow and shrink dynamically when needed. A true problem of lock-free algorithms is that they are hard to design correctly, even when apparently straightforward. Ensuring the correctness of the design at the earliest possible stage is a major challenge in any responsible system development. Our algorithm contains 81 atomic statements. In view of the complexity of the algorithm and its correctness properties, we turned to the interactive theorem prover PVS for mechanical support. We employ standard deductive verification techniques to prove around 200 invariance properties of our almost wait-free algorithm, and describe how this is achieved using the theorem prover PVS. CR Subject Classification (1991): D.1 Programming techniques AMS Subject Classification (1991): 68Q22 Distributed algorithms, 68P20 Information storage and retrieval Keywords & Phrases: Hashtables, Distributed algorithms, Lock-free, Wait-fre

Improving Performance of Feedback-Based Real-Time Networks using Model Checking and Reinforcement Learning

Traditionally, automatic control techniques arose due to need for automation in mechanical systems. These techniques rely on robust mathematical modelling of physical systems with the goal to drive their behaviour to desired set-points. Decades of research have successfully automated, optimized, and ensured safety of a wide variety of mechanical systems. Recent advancement in digital technology has made computers pervasive into every facet of life. As such, there have been many recent attempts to incorporate control techniques into digital technology. This thesis investigates the intersection and co-application of control theory and computer science to evaluate and improve performance of time-critical systems. The thesis applies two different research areas, namely, model checking and reinforcement learning to design and evaluate two unique real-time networks in conjunction with control technologies. The first is a camera surveillance system with the goal of constrained resource allocation to self-adaptive cameras. The second is a dual-delay real-time communication network with the goal of safe packet routing with minimal delays.The camera surveillance system consists of self-adaptive cameras and a centralized manager, in which the cameras capture a stream of images and transmit them to a central manager over a shared constrained communication channel. The event-based manager allocates fractions of the shared bandwidth to all cameras in the network. The thesis provides guarantees on the behaviour of the camera surveillance network through model checking. Disturbances that arise during image capture due to variations in capture scenes are modelled using probabilistic and non-deterministic Markov Decision Processes (MDPs). The different properties of the camera network such as the number of frame drops and bandwidth reallocations are evaluated through formal verification.The second part of the thesis explores packet routing for real-time networks constructed with nodes and directed edges. Each edge in the network consists of two different delays, a worst-case delay that captures high load characteristics, and a typical delay that captures the current network load. Each node in the network takes safe routing decisions by considering delays already encountered and the amount of remaining time. The thesis applies reinforcement learning to route packets through the network with minimal delays while ensuring the total path delay from source to destination does not exceed the pre-determined deadline of the packet. The reinforcement learning algorithm explores new edges to find optimal routing paths while ensuring safety through a simple pre-processing algorithm. The thesis shows that it is possible to apply powerful reinforcement learning techniques to time-critical systems with expert knowledge about the system

Nutzerfreundliche Modellierung mit hybriden Systemen zur symbolischen Simulation in CLP

Die Dissertation beinhaltet die Sprachen MODEL-HS und VYSMO zur modularen, deklarativen Beschreibung hybrider Systeme, die dem Nachweis zeit- und sicherheitskritischer Eigenschaften für die symbolische Simulation in CLP dienen. Zum Erlangen sprachtheoretischer Erkenntnisse wie Entscheidbarkeit wurden hybride Systeme neu unter formal nachweisbaren Akzeptanzbedingungen definiert, welche durch praktische Beispiele belegt sind. Weitere Ergebnisse sind eine neue Klassifikation hybrider Systeme, ein Werkzeug ROSSY, Anfragebeschreibungen und deren Transformation in temporal-logische Ausdrücke, Anfragemasken und Anwendungen für Studiensysteme und parallele Programme.The dissertation includes the languages MODEL-HS and VYSMO for modular, declarative description of hybrid systems that serve the proof of time- and safety-critical properties for symbolic simulation in CLP. For coming to language-theoretical conclusions like decidability hybrid systems are newly defined under acceptance conditions that can be formally proved and for which practical examples bear witness. A new classification of hybrid systems, a tool ROSSY, query descriptions and their transformation into temporal-logic expressions, query forms and applications for study systems and parallel programs are further results

An Unexpected Journey: Towards Runtime Verification of Multiagent Systems and Beyond

The Trace Expression formalism derives from works started in 2012 and is mainly used to specify and verify interaction protocols at runtime, but other applications have been devised. More specically, this thesis describes how to extend and apply such formalism in the engineering process of distributed articial intelligence systems (such as Multiagent systems). This thesis extends the state of the art through four dierent contributions: 1. Theoretical: the thesis extends the original formalism in order to represent also parametric and probabilistic specications (parametric trace expressions and probabilistic trace expressions respectively). 2. Algorithmic: the thesis proposes algorithms for verifying trace expressions at runtime in a decentralized way. The algorithms have been designed to be as general as possible, but their implementation and experimentation address scenarios where the modelled and observed events are communicative events (interactions) inside a multiagent system. 3. Application: the thesis analyzes the relations between runtime and static verication (e.g. model checking) proposing hybrid integrations in both directions. First of all, the thesis proposes a trace expression model checking approach where it shows how to statically verify LTL property on a trace expression specication. After that, the thesis presents a novel approach for supporting static verication through the addition of monitors at runtime (post-process). 4. Implementation: the thesis presents RIVERtools, a tool supporting the writing, the syntactic analysis and the decentralization of trace expressions