187 research outputs found
Towards Model Checking Executable UML Specifications in mCRL2
We describe a translation of a subset of executable UML (xUML) into the process algebraic specification language mCRL2. This subset includes class diagrams with class generalisations, and state machines with signal and change events. The choice of these xUML constructs is dictated by their use in the modelling of railway interlocking systems. The long-term goal is to verify safety properties of interlockings modelled in xUML using the mCRL2 and LTSmin toolsets. Initial verification of an interlocking toy example demonstrates that the safety properties of model instances depend crucially on the run-to-completion assumptions
Modelling and Verification of a Cluster-tree Formation Protocol Implementation for the IEEE 802.15.4 TSCH MAC Operation Mode
Correct and efficient initialization of wireless sensor networks can be
challenging in the face of many uncertainties present in ad hoc wireless
networks. In this paper we examine an implementation for the formation of a
cluster-tree topology in a network which operates on top of the TSCH MAC
operation mode of the IEEE 802.15.4 standard, and investigate it using formal
methods. We show how both the mCRL2 language and toolset help us in identifying
scenarios where the implementation does not form a proper topology. More
importantly, our analysis leads to the conclusion that the cluster-tree
formation algorithm has a super linear time complexity. So, it does not scale
to large networks.Comment: In Proceedings MARS 2017, arXiv:1703.0581
Bridging formal models : an engineering perspective
The thesis presents different techniques that can be used to build formal behavioral models. If modal properties are formulated, the models can be subjected to verification techniques to determine whether a model possesses the desired properties. However many native environments do not facilitate tools or techniques to verify them. Hence, these models need to be transformed into other models that provide suitable techniques for a formal analysis. The transformations are classified into two engineering approaches, namely syntactically engineered models and semantically engineered models. Syntactically engineered models are constructed from input specifications without explicitly considering the semantics. Semantically engineered models are constructed from input specifications by explicitly considering the semantics. The syntactic engineering approach presents four dedicated modeling techniques that construct or disseminate verification results for formal models. The first modeling technique describes a way to create models from system descriptions that specify concurrent behavior. Here, we model three variations of a 2Ć2 switch, for which the models are subsequently compared to models created in the specification languages: TLA+, Bluespec, Statecharts, and ACP. The comparison validates that mCRL2 is a suitable specification language to model descriptions or specify the behavior for prototype systems. The second syntactic technique constructs an mCRL2 model from a software implementation that operates a printer for printing Printed Circuit Boards. The model is used to advise (other) software engineers on dangerous language constructs in the control software. Hence, the model is model checked for various safety properties. The implementation is modeled through an over-approximation on the behavior by abstracting from program variables, such that only interface calls between processes and non-deterministic choices in procedures remain. The third modeling technique describes a language transformation from the language Chi 2.0 language to the mCRL2 language. The purpose of the transformation is to facilitate model checking techniques to the discrete part of the Chi 2.0 language
Generating and Solving Symbolic Parity Games
We present a new tool for verification of modal mu-calculus formulae for
process specifications, based on symbolic parity games. It enhances an existing
method, that first encodes the problem to a Parameterised Boolean Equation
System (PBES) and then instantiates the PBES to a parity game. We improved the
translation from specification to PBES to preserve the structure of the
specification in the PBES, we extended LTSmin to instantiate PBESs to symbolic
parity games, and implemented the recursive parity game solving algorithm by
Zielonka for symbolic parity games. We use Multi-valued Decision Diagrams
(MDDs) to represent sets and relations, thus enabling the tools to deal with
very large systems. The transition relation is partitioned based on the
structure of the specification, which allows for efficient manipulation of the
MDDs. We performed two case studies on modular specifications, that demonstrate
that the new method has better time and memory performance than existing PBES
based tools and can be faster (but slightly less memory efficient) than the
symbolic model checker NuSMV.Comment: In Proceedings GRAPHITE 2014, arXiv:1407.767
XACML2mCRL2 : automatic transformation of XACML policies into mCRL2 specifications
The eXtensible Access Control Markup Language (XACML) is a popular OASIS standard for the specification of fine-grained access control policies. However, the standard does not provide a proper solution for the verification of XACML access control policies before their deployment. The first step for the formal verification of XACML policies is to formally specify such policies. Hence, this paper presents XACML2mCRL2, a tool for the automatic translation of XACML access control policies into mCRL2. The mCRL2 specifications generated by our tool can be used for formal verification of important properties of access control policies, such as completeness or inconsistency, using the well-known mCRL2 toolset
Design of asynchronous supervisors
One of the main drawbacks while implementing the interaction between a plant
and a supervisor, synthesised by the supervisory control theory of
\citeauthor{RW:1987}, is the inexact synchronisation. \citeauthor{balemiphdt}
was the first to consider this problem, and the solutions given in his PhD
thesis were in the domain of automata theory. Our goal is to address the issue
of inexact synchronisation in a process algebra setting, because we get
concepts like modularity and abstraction for free, which are useful to further
analyze the synthesised system. In this paper, we propose four methods to check
a closed loop system in an asynchronous setting such that it is branching
bisimilar to the modified (asynchronous) closed loop system. We modify a given
closed loop system by introducing buffers either in the plant models, the
supervisor models, or the output channels of both supervisor and plant models,
or in the input channels of both supervisor and plant models. A notion of
desynchronisable closed loop system is introduced, which is a class of
synchronous closed loop systems such that they are branching bisimilar to their
corresponding asynchronous versions. Finally we study different case studies in
an asynchronous setting and then try to summarise the observations (or
conditions) which will be helpful in order to formulate a theory of
desynchronisable closed loop systems
Prototyping the Semantics of a DSL using ASF+SDF: Link to Formal Verification of DSL Models
A formal definition of the semantics of a domain-specific language (DSL) is a
key prerequisite for the verification of the correctness of models specified
using such a DSL and of transformations applied to these models. For this
reason, we implemented a prototype of the semantics of a DSL for the
specification of systems consisting of concurrent, communicating objects. Using
this prototype, models specified in the DSL can be transformed to labeled
transition systems (LTS). This approach of transforming models to LTSs allows
us to apply existing tools for visualization and verification to models with
little or no further effort. The prototype is implemented using the ASF+SDF
Meta-Environment, an IDE for the algebraic specification language ASF+SDF,
which offers efficient execution of the transformation as well as the ability
to read models and produce LTSs without any additional pre or post processing.Comment: In Proceedings AMMSE 2011, arXiv:1106.596
- ā¦