Testing real-time systems using TINA

The paper presents a technique for model-based black-box conformance testing of real-time systems using the Time Petri Net Analyzer TINA. Such test suites are derived from a prioritized time Petri net composed of two concurrent sub-nets specifying respectively the expected behaviour of the system under test and its environment.We describe how the toolbox TINA has been extended to support automatic generation of time-optimal test suites. The result is optimal in the sense that the set of test cases in the test suite have the shortest possible accumulated time to be executed. Input/output conformance serves as the notion of implementation correctness, essentially timed trace inclusion taking environment assumptions into account. Test cases selection is based either on using manually formulated test purposes or automatically from various coverage criteria specifying structural criteria of the model to be fulfilled by the test suite. We discuss how test purposes and coverage criterion are specified in the linear temporal logic SE-LTL, derive test sequences, and assign verdicts

A Generic Tool for Tracing Executions Back to a DSML's Operational Semantics

International audienceThe increasing complexity of software development requires rigorously defined domain specific modeling languages (DSML). Model-driven engineering (\mde) allows users to define a DSML's syntax in terms of metamodels. The behaviour of a language can also be described, either operationally, or via transformations to other languages (e.g., by code generation). If the first approach requires to redefine analysis tools for each DSML (simulator, model-checker...), the second approach allows to reuse existing tools in the targeted language. However, the second approach (also called translational semantics) imply that the results (e.g., a program crash log, or a counterexample returned by a model checker) may not be straightforward to interpret by the users of a DSML. We propose in this paper a generic tool for formally tracing such analysis/execution results back to the original DSML's syntax and operational semantics, and we illustrate it on xSPEM, a timed process modeling language

Modeling Bitcoin Contracts by Timed Automata

Bitcoin is a peer-to-peer cryptographic currency system. Since its introduction in 2008, Bitcoin has gained noticeable popularity, mostly due to its following properties: (1) the transaction fees are very low, and (2) it is not controlled by any central authority, which in particular means that nobody can "print" the money to generate inflation. Moreover, the transaction syntax allows to create the so-called contracts, where a number of mutually-distrusting parties engage in a protocol to jointly perform some financial task, and the fairness of this process is guaranteed by the properties of Bitcoin. Although the Bitcoin contracts have several potential applications in the digital economy, so far they have not been widely used in real life. This is partly due to the fact that they are cumbersome to create and analyze, and hence risky to use. In this paper we propose to remedy this problem by using the methods originally developed for the computer-aided analysis for hardware and software systems, in particular those based on the timed automata. More concretely, we propose a framework for modeling the Bitcoin contracts using the timed automata in the UPPAAL model checker. Our method is general and can be used to model several contracts. As a proof-of-concept we use this framework to model some of the Bitcoin contracts from our recent previous work. We then automatically verify their security in UPPAAL, finding (and correcting) some subtle errors that were difficult to spot by the manual analysis. We hope that our work can draw the attention of the researchers working on formal modeling to the problem of the Bitcoin contract verification, and spark off more research on this topic

Formal Verification Integration Approach for DSML

International audienceThe application of formal methods (especially, model check- ing and static analysis techniques) for the verification of safety critical embedded systems has produced very good results and raised the inter- est of system designers up to the application of these technologies in real size projects. However, these methods usually rely on specific verifica- tion oriented formal languages that most designers do not master. It is thus mandatory to embed the associated tools in automated verification toolchains that allow designers to rely on their usual domain-specific modeling languages (DSMLs) while enjoying the benefits of these power- ful methods. More precisely, we propose a language to formally express system requirements and interpret verification results so that system designers (DSML end-users) avoid the burden of learning some formal verification technologies. Formal verification is achieved through trans- lational semantics. This work is based on a metamodeling pattern for executable DSML that favors the definition of generative tools and thus eases the integration of tools for new DSML

The derivation of performance expressions for communication protocols from timed Petri net models

Petri Net models have been extended in a variety of ways and have been used to prove the correctness and evaluate the performance of communication protocols. Several extensions have been proposed to model time. This work uses a form of Timed Petri Nets and presents a technique for symbolically deriving expressions which describe system performance. Unlike past work on performance evaluation of Petri Nets which assumes a priori knowledge of specific time delays, the technique presented here applies to a wide range of time delays so long as the delays satisfy a set of timing constraints. The technique is demonstrated using a simple communication protocol

Better abstractions for timed automata

We consider the reachability problem for timed automata. A standard solution to this problem involves computing a search tree whose nodes are abstractions of zones. These abstractions preserve underlying simulation relations on the state space of the automaton. For both effectiveness and efficiency reasons, they are parametrized by the maximal lower and upper bounds (LU-bounds) occurring in the guards of the automaton. We consider the aLU abstraction defined by Behrmann et al. Since this abstraction can potentially yield non-convex sets, it has not been used in implementations. We prove that aLU abstraction is the biggest abstraction with respect to LU-bounds that is sound and complete for reachability. We also provide an efficient technique to use the aLU abstraction to solve the reachability problem.Comment: Extended version of LICS 2012 paper (conference paper till v6). in Information and Computation, available online 27 July 201

Efficient Emptiness Check for Timed B\"uchi Automata (Extended version)

The B\"uchi non-emptiness problem for timed automata refers to deciding if a given automaton has an infinite non-Zeno run satisfying the B\"uchi accepting condition. The standard solution to this problem involves adding an auxiliary clock to take care of the non-Zenoness. In this paper, it is shown that this simple transformation may sometimes result in an exponential blowup. A construction avoiding this blowup is proposed. It is also shown that in many cases, non-Zenoness can be ascertained without extra construction. An on-the-fly algorithm for the non-emptiness problem, using non-Zenoness construction only when required, is proposed. Experiments carried out with a prototype implementation of the algorithm are reported.Comment: Published in the Special Issue on Computer Aided Verification - CAV 2010; Formal Methods in System Design, 201

Proper orthogonal decomposition of solar photospheric motions

The spatio-temporal dynamics of the solar photosphere is studied by performing a Proper Orthogonal Decomposition (POD) of line of sight velocity fields computed from high resolution data coming from the MDI/SOHO instrument. Using this technique, we are able to identify and characterize the different dynamical regimes acting in the system. Low frequency oscillations, with frequencies in the range 20-130 microHz, dominate the most energetic POD modes (excluding solar rotation), and are characterized by spatial patterns with typical scales of about 3 Mm. Patterns with larger typical scales of 10 Mm, are associated to p-modes oscillations at frequencies of about 3000 microHz.Comment: 8 figures in jpg in press on PR