Compositional Verification for Timed Systems Based on Automatic Invariant Generation

We propose a method for compositional verification to address the state space explosion problem inherent to model-checking timed systems with a large number of components. The main challenge is to obtain pertinent global timing constraints from the timings in the components alone. To this end, we make use of auxiliary clocks to automatically generate new invariants which capture the constraints induced by the synchronisations between components. The method has been implemented in the RTD-Finder tool and successfully experimented on several benchmarks

Compositional Verification of Parameterised Timed Systems

International audienceIn this paper we address the problem of uniform verification of parameterised timed systems (PTS): " does a given safety state property hold for a system containing n identical timed components regardless of the value of n? ". Our approach is compositional and consequently it suits quite well such systems in that it presents the advantage of reusing existing local characterisations at the global level of system characteri-sation. Additionally, we show how a direct consequence of the modelling choices adopted in our framework leads to an elegant application of the presented method to topologies such as stars and rings

Compositional Invariant Generation for Timed Systems

International audienceIn this paper we address the state space explosion problem inherent to model-checking timed systems with a large number of components. The main challenge is to obtain pertinent global timing constraints from the timings in the components alone. To this end, we make use of auxiliary clocks to automatically generate new invariants which capture the constraints induced by the synchronisations between components. The method has been implemented as an extension of the D-Finder tool and successfully experimented on several benchmarks

Towards a formal reference computational model for cloud configuration management

The multiplication of models, languages, APIs and tools for cloud and network configuration management raises heterogeneity issues that can be tackled by introducing a reference model. A reference model provides a common basis for interpretation for various models and languages, and for bridging different APIs and tools.This report formally specifies, in the Alloy specification language, a reference model for cloud configuration management, we call the Cloudnet Computational Model. We show how to formally interpret several configuration languages in it, including the TOSCA configuration language, the OpenStack Heat Orchestration Template, the Docker Compose configuration language, and the Aeolus cloud deployment model. We show in particular how the formal operational semantics of our Cloudnet computation modelallows us to extend the TOSCA standard with Aeolus concepts for deployment lifecycle,and how the Alloy formalization allowed us to discover several classes of errors in the OpenStack HOT specification

Vérification compositionnelle des systèmes temps-réel à base de composants et applications

The compositional Verification aims at breaking down the complexity of the verification task by relying on the separate analysis of the sub-components and inferring global properties of the system from their local properties.In the framework of real-time systems, one main obstacle for developing fully compositional methods is the synchronous model of time.We propose a verification method based on the deductive approach where the setof reachable states of the system is over-approximated by an invariant computedin a fully compositional manner. It comprises local component invariants andan interaction invariant characterizing the interactions between the components.In addition, we introduce auxiliary clocks, called history clocks which allow toautomatically generate new invariants capturing the constraints induced by thetime-synchronizations between the different components. We completed this com-positional invariant generation approach with a counterexample-based invariantenforcement module analyzing iteratively the generated counterexamples.Besides its scalability, the method can be extended to the uniform verification of parameterized timed systems.Our compositional verification method was implemented in the RTD-Finder tool.The experimental results show that the verification time for large systems is drastically reduced in comparison with exploration techniques, especially when the global invariant catches the safety property of interest.Dans le cas des systèmes temps-réels, une difficulté majeure pour le développement d’une approche compositionnelle consiste au modèle synchrone du temps où les horloges des différents composants avancent simultanément.Cet aspect est, pourtant, difficile à considérer dans un cadre compositionnel.Nous proposons une méthode basée sur l’approche déductive et consistant à calculer d’une manière purement compositionnelle une sur-approximation de l’ensemble des états atteignables du système à travers un invariant.Ce dernier se compose d’invariants locaux propres aux composants, un invariantd’interaction caractérisant les interactions entre les composants. En plus, afin de considérer le modèle synchrone du temps, nous introduisons des horloges auxiliaires appelées « Horloges d’Histoire ». Elles permettent de générer des invariants supplémentaires permettant de détecter des relations induites par les synchronisations temporelles des différents composants. Appliqué à plusieurs exemples de systèmes, l’invariant s’est avéré souvent suffisamment fort avec une réduction importante de la complexité de vérification.Toutefois, puisque la méthode est basée sur une sur-approximation, des faux contre-exemples peuvent être générés. Nous avons complété la méthode avec un module destiné pour leur analyse.Au delà de son passage à l’échelle, la méthode est étendue pour la vérification uniforme des systèmes paramétrés, où certains composants sont identiques. La validité de la propriété peut être affirmée indépendamment de leur nombre.Cette méthode compositionnelle est implémentée dans l’outil RTD-Finder conçu pour la vérification des systèmes modélisés au langage BIP (Behavior-Interaction-Priority).Les résultats d’expérimentation montrent la réduction de la complexité de vérification en comparaison avec l’approche monolithique, surtout quand l’invariant global est en mesure de détecter la propriété d’intérêt

A Non-Quadratic Criterion for FIR MIMO Channel Equalization

International audienc

RTD-Finder: A Tool for Compositional Verification of Real-Time Component-based Systems

International audienceIn this paper we present RTD-Finder, a tool which applies a fully compositional and automatic method for the verification of safety properties for real-time component-based systems modeled in the RT-BIP language. The core method is based on the compositional computation of a global invariant which over-approximates the set of reachable states of the system. The verification results show that when the invariant catches the safety property, the verification time for large systems is drastically reduced in comparison with exploration techniques. Nevertheless, the above method is based on an over-approximation of the reachable states set expressed by the invariant, hence false positives may occur in some cases. We completed our compositional verification method with a counterexample-based invariant refinement algorithm analyzing iteratively the generated counterexamples. The spurious counterexamples which are detected serve to strengthen incrementally the global invariant until a true counterexample is found or until it is proven that all the counterexamples are spurious