Translating synchronous Petri Nets into PROMELA for verifying behavioural properties

For developing embedded systems, the design process may benefit in some contexts from the usage of formal methods, namely to find critical errors and flaws, before final design and implementation decisions are taken. The Synchronous and Interpreted Petri Net (SIP-net) modelling language is considered in this article to model embedded systems. This model of computation is based on safe Petri nets with guarded transitions and synchronous transitions firing, and also includes enabling and inhibitor arcs. The Spin tool, whose input language is PROMELA, is a verification system based on model checking techniques. This article presents a program to translate SIP-net models into PROMELA code and discusses in detail the adequacy of the created PROMELA specification for verification through model checking techniques.Fundação para a Ciência e a Tecnologia (FCT) - bolsa SFRH/BD/19718/200

Towards an integrated tool support for the analysis of IOPT Nets using the Spin Model Checker

This paper presents a model translation to allow automatic simulation and verification of controller models for cyber-physical systems. The models are constructed using IOPT nets, a non-autonomous Petri nets class. Those models are then translated into Promela models to be executed by the Spin model checker, a widely used open-source software verification tool. Three illustrative examples are presented: one autonomous model and two non-autonomous models. As future work, it is foreseen the integration with the freely available IOPT-Tools framework

Animation-based validation of reactive software systems using behavioural models

Tese de doutoramento em InformáticaDuring the development of software systems, validation is a crucial activity to guarantee that the software system ful lls the users' needs and expectations. A key issue to have a successful validation consists in adopting a process where users and clients can actively discuss the requirements of the system under development. A reactive system is expected to continuously interact with its environment. Usually, the interaction of a reactive system with its environment is supported by a set of nonterminating processes that operate in parallel. During the interaction, the reactive system must answer to high-priority events, even when the system is executing something else. Due to above characteristics, the behaviour of reactive systems can be very complex. The approach suggested in this thesis assumes that the requirements of reactive software systems are partially described by use case diagrams, and each use case is detailed by a collection of scenario descriptions. Within this approach, one can obtain, from a set of behavioural scenarios of a given system, an executable behavioural model that can support, when complemented with animation- and domain-speci c elements, a graphical animation for reproducing that set of scenarios for validation purposes. Animating the scenarios using graphical elements from the application domain ensures an e ective involvement of the users in the system's validation. The Coloured Petri nets (CPNs) modelling language is used as the notation to obtain the behavioural models, due to its natural support for mechanisms like concurrency, synchronisation, and resource sharing and its tool support. The obtained CPN model is guaranteed to be (1) parametric, allowing an easy modi cation of the initial conditions of the scenarios, (2) environment-descriptive, meaning that it includes the state of the relevant elements of the environment, and (3) animation-separated, implying that the elements related to the animation are separated from the other ones. We validate our approach based on its application to three case studies of reactive systems.Durante o desenvolvimento de sistemas de software, a validação é uma actividade crucial para garantir que o sistema de software satisfaz as necessidades e expectativas do utilizador. O sucesso na validação consiste na utilização de um processo onde os utilizadores e os clientes possam discutir de uma forma activa os requisitos do sistema que está a ser desenvolvido. Um sistema reactivo está continuamente em interacção com o seu ambiente, que é geralmente suportada por um conjunto de processos intermináveis que operam em paralelo. Durante a interacção, o sistema reactivo dever a responder aos eventos com alta prioridade, mesmo quando o sistema está a executar algo diferente. Devido às características anteriores, o comportamento dos sistemas reactivos pode ser muito complexo. A abordagem sugerida nesta tese assume que os requisitos de sistemas reactivos são em parte descritos por diagramas de casos de uso e que cada caso de uso é detalhado por uma colecção de descrições de cenários. Nesta abordagem, é possível obter, a partir de um conjunto de cenários de um dado sistema, um modelo comportamental que seja executável e que suporte, quando complementado com elementos específicos, uma animação gráfica que reproduza aquele conjunto de cenários para fins de validação. A animação dos cenários utilizando elementos gráficos do domínio da aplicação garante um envolvimento efectivo dos utilizadores na validação do sistema. A linguagem de modelação redes de Petri coloridas (CPNs) é usada como a notação para obter os modelos comportamentais, devido ao seu suporte natural a mecanismos como a concorrência, sincronização e partilha de recursos, e às suas ferramentas de suporte. Se as recomendações da abordagem proposta foram seguidas, temos a garantia que o modelo CPN: (1) parametriza as condições iniciais dos cenários, (2) contém uma descrição do ambiente, incluindo o estado dos seus elementos, e (3) separa os elementos relacionados com a animação dos outros elementos do modelo. A validação da nossa abordagem tem por base a sua aplicação a três casos de estudo de sistemas reactivos.Fundação para a Ciência e a Tecnologia (FCT) SFRH/BD/19718/200

Design-time formal verification for smart environments: an exploratory perspective

Smart environments (SmE) are richly integrated with multiple heterogeneous devices; they perform the operations in intelligent manner by considering the context and actions/behaviors of the users. Their major objective is to enable the environment to provide ease and comfort to the users. The reliance on these systems demands consistent behavior. The versatility of devices, user behavior and intricacy of communication complicate the modeling and verification of SmE's reliable behavior. Of the many available modeling and verification techniques, formal methods appear to be the most promising. Due to a large variety of implementation scenarios and support for conditional behavior/processing, the concept of SmE is applicable to diverse areas which calls for focused research. As a result, a number of modeling and verification techniques have been made available for designers. This paper explores and puts into perspective the modeling and verification techniques based on an extended literature survey. These techniques mainly focus on some specific aspects, with a few overlapping scenarios (such as user interaction, devices interaction and control, context awareness, etc.), which were of the interest to the researchers based on their specialized competencies. The techniques are categorized on the basis of various factors and formalisms considered for the modeling and verification and later analyzed. The results show that no surveyed technique maintains a holistic perspective; each technique is used for the modeling and verification of specific SmE aspects. The results further help the designers select appropriate modeling and verification techniques under given requirements and stress for more R&D effort into SmE modeling and verification researc

A Design-by-Contract based Approach for Architectural Modelling and Analysis

Research on software architectures has been active since the early nineties, leading to a number of different architecture description languages (ADL). Given their importance in facilitating the communication of crucial system properties to different stakeholders and their analysis early on in the development of a system this is understandable. However, practitioners rarely use ADLs, and, instead, they insist on using the Unified Modelling Language (UML) for specifying software architectures. I attribute this to three main issues that have not been addressed altogether by the existing ADLs. Firstly, in their attempt to support formal analysis, current ADLs employ formal notations (i.e., mostly process algebras) that are rarely used among practitioners. Secondly, many ADLs focus on components in specifying software architectures, neglecting the first-class specification of complex interaction protocols as connectors. They view connectors as simple interaction links that merely identify the communicating components and their basic communication style (e.g., procedure call). So, complex interaction protocols are specified as part of components, which however reduce the re-usability of both. Lastly, there are also some ADLs that do support complex connectors. However, these include a centralised glue element in their connector structure that imposes a global ordering of actions on the interacting components. Such global constraints are not always realisable in a decentralised manner by the components that participate in these protocols. In this PhD thesis, I introduce a new architecture description language called XCD that supports the formal specification of software architectures without employing a complex formal notation and offers first-class connectors for maximising the re-use of components and protocols. Furthermore, by omitting any units for specifying global constraints (i.e., glue), the architecture specifications in XCD are guaranteed to be realisable in a decentralised manner. I show in the thesis how XCD extends Design-by-Contract (DbC) for specifying (i) protocol-independent components and (ii) complex connectors, which can impose only local constraints to guarantee their realisability. Use of DbC will hopefully make it easier for practitioners to use the language, compared to languages using process algebras. I also show the precise translation of XCD into SPIN’s formal ProMeLa language for formally verifying software architectures that (i) services offered by components are always used correctly, (ii) the component behaviours are always complete, (iii)there are no race-conditions, (iv) there is no deadlock, and (v) for components having event communications, there is no overflow of event buffers. Finally, I evaluate XCD via five well-known case studies and illustrate XCD’s enhanced modularity, expressive DbC-based notation, and guaranteed realisability for architecture specifications

Formal verification techniques for model transformations: A tridimensional classification

In Model Driven Engineering (Mde), models are first-class citizens, and model transformation is Mde's "heart and soul". Since model transformations are executed for a family of (conforming) models, their validity becomes a crucial issue. This paper proposes to explore the question of the formal verification of model transformation properties through a tridimensional approach: the transformation involved, the properties of interest addressed, and the formal verification techniques used to establish the properties. This work is intended for a double audience. For newcomers, it provides a tutorial introduction to the field of formal verification of model transformations. For readers more familiar with formal methods and model transformations, it proposes a literature review (although not systematic) of the contributions of the field. Overall, this work allows to better understand the evolution, trends and current practice in the domain of model transformation verification. This work opens an interesting research line for building an engineering of model transformation verification guided by the notion of model transformation intent

A state/event-based model-checking approach for the analysis of abstract system properties.

AbstractWe present the UMC framework for the formal analysis of concurrent systems specified by collections of UML state machines. The formal model of a system is given by a doubly labelled transition system, and the logic used to specify its properties is the state-based and event-based logic UCTL. UMC is an on-the-fly analysis framework which allows the user to interactively explore a UML model, to visualize abstract behavioural slices of it and to perform local model checking of UCTL formulae. An automotive scenario from the service-oriented computing (SOC) domain is used as case study to illustrate our approach