94 research outputs found

    Refinement-based verification of sequential implementations of Stateflow charts

    Get PDF
    Simulink/Stateflow charts are widely used in industry for the specification of control systems, which are often safety-critical. This suggests a need for a formal treatment of such models. In previous work, we have proposed a technique for automatic generation of formal models of Stateflow blocks to support refinement-based reasoning. In this article, we present a refinement strategy that supports the verification of automatically generated sequential C implementations of Stateflow charts. In particular, we discuss how this strategy can be specialised to take advantage of architectural features in order to allow a higher level of automation.Comment: In Proceedings Refine 2011, arXiv:1106.348

    SCJ-Circus : a refinement-oriented formal notation for Safety-Critical Java

    Get PDF
    Safety-Critical Java (SCJ) is a version of Java whose goal is to support the development of real-time, embedded, safety-critical software. In particular, SCJ supports certification of such software by introducing abstractions that enforce a simpler architecture, and simpler concurrency and memory models. In this paper, we present SCJ-Circus, a refinement-oriented formal notation that supports the specification and verification of low-level programming models that include the new abstractions introduced by SCJ. SCJ-Circus is part of the family of state-rich process algebra Circus, as such, SCJ-Circus includes the Circus constructs for modelling sequential and concurrent behaviour, real-time and object orientation. We present here the syntax and semantics of SCJ-Circus, which is defined by mapping SCJ-Circus constructs to those of standard Circus. This is based on an existing approach for modelling SCJ programs. We also extend an existing Circus-based refinement strategy that targets SCJ programs to account for the generation of SCJ-Circus models close to implementations in SCJ

    Semantic mutation testing

    Get PDF
    This is the Pre-print version of the Article. The official published version can be obtained from the link below - Copyright @ 2011 ElsevierMutation testing is a powerful and flexible test technique. Traditional mutation testing makes a small change to the syntax of a description (usually a program) in order to create a mutant. A test suite is considered to be good if it distinguishes between the original description and all of the (functionally non-equivalent) mutants. These mutants can be seen as representing potential small slips and thus mutation testing aims to produce a test suite that is good at finding such slips. It has also been argued that a test suite that finds such small changes is likely to find larger changes. This paper describes a new approach to mutation testing, called semantic mutation testing. Rather than mutate the description, semantic mutation testing mutates the semantics of the language in which the description is written. The mutations of the semantics of the language represent possible misunderstandings of the description language and thus capture a different class of faults. Since the likely misunderstandings are highly context dependent, this context should be used to determine which semantic mutants should be produced. The approach is illustrated through examples with statecharts and C code. The paper also describes a semantic mutation testing tool for C and the results of experiments that investigated the nature of some semantic mutation operators for C

    From Verified Models to Verified Code for Safe Medical Devices

    Get PDF
    Medical devices play an essential role in the care of patients around the world, and can have a life-saving effect. An emerging category of autonomous medical devices like implantable pacemakers and implantable cardioverter defibrillators (ICD) diagnose conditions of the patient and autonomously deliver therapies. Without trained professionals in the loop, the software component of autonomous medical devices is responsible for making critical therapeutic decisions, which pose a new set of challenges to guarantee patient safety. As regulation effort to guarantee patient safety, device manufacturers are required to submit evidence for the safety and efficacy of the medical devices before they can be released to the market. Due to the closed-loop interaction between the device and the patient, the safety and efficacy of autonomous medical devices must ultimately be evaluated within their physiological context. Currently the primary closed-loop validation of medical devices is in form of clinical trials, in which the devices are evaluated on real patients. Clinical trials are expensive and expose the patients to risks associated with untested devices. Clinical trials are also conducted after device development, therefore issues found during clinical trials are expensive to fix. There is urgent need for closed-loop validation of autonomous medical devices before the devices are used in clinical trials. In this thesis, I used implantable cardiac devices to demonstrate the applications of model-based approaches during and after device development to provide confidence towards the safety and efficacy of the devices. A heart model structure is developed to mimic the electrical behaviors of the heart in various heart conditions. The heart models created with the model structure are capable of interacting with implantable cardiac devices in closed-loop and can provide physiological interpretations for a large variety of heart conditions. With the heart models, I demonstrated that closed-loop model checking is capable of identifying known and unknown safety violations within the pacemaker design. More importantly, I developed a framework to choose the most appropriate heart models to cover physiological conditions that the pacemaker may encounter, and provide physiological context to counter-examples returned by the model checker. A model translation tool UPP2SF is then developed to translate the pacemaker design in UPPAAL to Stateflow, and automatically generated to C code. The automated and rigorous translation ensures that the properties verified during model checking still hold in the implementation, which justifies the model checking effort. Finally, the devices are evaluated with a virtual patient cohort consists of a large number of heart models before evaluated in clinical trials. These in-silico pre-clinical trials provide useful insights which can be used to increase the success rate of a clinical trial. The work in this dissertation demonstrated the importance and challenges to represent physiological behaviors during closed-loop validation of autonomous medical devices, and demonstrated the capability of model-based approaches to provide safety and efficacy evidence during and after device development

    Proceedings of the First NASA Formal Methods Symposium

    Get PDF
    Topics covered include: Model Checking - My 27-Year Quest to Overcome the State Explosion Problem; Applying Formal Methods to NASA Projects: Transition from Research to Practice; TLA+: Whence, Wherefore, and Whither; Formal Methods Applications in Air Transportation; Theorem Proving in Intel Hardware Design; Building a Formal Model of a Human-Interactive System: Insights into the Integration of Formal Methods and Human Factors Engineering; Model Checking for Autonomic Systems Specified with ASSL; A Game-Theoretic Approach to Branching Time Abstract-Check-Refine Process; Software Model Checking Without Source Code; Generalized Abstract Symbolic Summaries; A Comparative Study of Randomized Constraint Solvers for Random-Symbolic Testing; Component-Oriented Behavior Extraction for Autonomic System Design; Automated Verification of Design Patterns with LePUS3; A Module Language for Typing by Contracts; From Goal-Oriented Requirements to Event-B Specifications; Introduction of Virtualization Technology to Multi-Process Model Checking; Comparing Techniques for Certified Static Analysis; Towards a Framework for Generating Tests to Satisfy Complex Code Coverage in Java Pathfinder; jFuzz: A Concolic Whitebox Fuzzer for Java; Machine-Checkable Timed CSP; Stochastic Formal Correctness of Numerical Algorithms; Deductive Verification of Cryptographic Software; Coloured Petri Net Refinement Specification and Correctness Proof with Coq; Modeling Guidelines for Code Generation in the Railway Signaling Context; Tactical Synthesis Of Efficient Global Search Algorithms; Towards Co-Engineering Communicating Autonomous Cyber-Physical Systems; and Formal Methods for Automated Diagnosis of Autosub 6000

    Sequence-Based Specification of Embedded Systems

    Get PDF
    Software has become integral to the control mechanism of modern devices. From transportation and medicine to entertainment and recreation, embedded systems integrate fundamentally with time and the physical world to impact our lives; therefore, product dependability and safety are of paramount importance. Model-based design has evolved as an effective way to prototype systems and to analyze system function through simulation. This process mitigates the problems and risks associated with embedding software into consumer and industrial products. However, the most difficult tasks remain: Getting the requirements right and reducing them to precise specifications for development, and providing compelling evidence that the product is fit for its intended use. Sequence-based specification of discrete systems, using well-chosen abstractions, has proven very effective in exposing deficiencies in requirements, and then producing precise specifications for good requirements. The process ensures completeness, consistency, and correctness by tracing each specification decision precisely to the requirements. Likewise, Markov chain based testing has proven effective in providing evidence that systems are fit for field use. Model-based designs integrate discrete and continuous behavior; models have both hybrid and switching properties. In this research, we extend sequence-based specification to explicitly include time, continuous functions, nondeterminism, and internal events for embedded real-time systems. The enumeration is transformed into an enumeration hybrid automaton that acts as the foundation for an executable model-based design and an algebraic hybrid I/O automaton with valuable theoretical properties. Enumeration is a step-wise problem solving technique that complements model-based design by converting ordinary requirements into precise specifications. The goal is a complete, consistent, and traceably correct design with a basis for automated testing

    Tagungsband Dagstuhl-Workshop MBEES: Modellbasierte Entwicklung eingebetteter Systeme 2005

    Get PDF

    SCJ-Circus: specification and refinement of Safety-Critical Java programs

    Get PDF
    Safety-Critical Java (SCJ) is a version of Java for real-time, embedded, safety-critical applications. It supports certification via abstractions that enforce a particular program architecture, with controlled concurrency and memory models. SCJ is an Open Group standard, with a reference implementation, but little support for reasoning. Here, we present SCJ-Circus, a refinement notation for specification and verification of low-level models of SCJ programs. SCJ-Circus is part of the Circus family of state-rich process algebras: it includes the Circus constructs for modelling of sequential and concurrent behaviour based on Z and CSP, and the real-time and object-oriented extensions of Circus, in addition to the SCJ abstractions. We present the syntax of SCJ-Circus and its semantics, defined by mapping SCJ-Circus constructs to those of Circus. We also detail a refinement strategy that takes a Circus design that adheres to a multiprocessor cyclic executive pattern and produces an SCJ program design, described in SCJ-Circus. Finally, we show how this refinement strategy can be extended for more complex program architectures

    Adapting modeling environments to domain specific interactions

    Full text link
    Software tools are being used by experts in a variety of domains. There are numerous software modeling environments tailored to a specific domain expertise. However, there is no consistent approach to generically synthesize a product line of such modeling environments that also take into account the user interaction and experience adapted to the domain. The focus of my thesis is the proposal of a solution to explicitly model user interfaces and interaction of modeling environments so that they can be tailored to the habits and preferences of domain experts. We extend current model-driven engineering techniques that synthesize graphical modeling environments to also take interaction models into account. The formal semantics of our language framework is based on statecharts. We define a development process for generating such modeling environments to maximize reuse through a novel statechart refinement technique.Les outils logiciels sont utilisés par des experts dans une variété de domaines. Il existe de nombreux environnements de modélisation logicielle adaptés á une expertise spécifique. Cependant, il n’existe pas d’approche cohérente pour synthétiser génériquement une ligne de produits de tels environnements de modélisation qui prennent également en compte l’interaction et l’expérience utilisateur adaptées au domaine. L’objectif de ma thése est la proposition d’une solution pour modéliser explicitement les interfaces utilisateur et l’interaction des environnements de modélisation afin qu’ils puissent étre adaptés aux habitudes et aux préférences des experts du domaine. Nous étendons les techniques d’ingénierie actuelles pilotées par un modéle qui synthétisent des environnements de modélisation graphique pour prendre également en compte les modèles d’interaction. La sémantique formelle de notre cadre linguistique est basée sur des statecharts. Nous définissons un processus de développement pour générer de tels environnements de modélisation afin de maximiser la réutilisation à travers une nouveau technique de raffinement de statecharts
    • …
    corecore