Component Substitution through Dynamic Reconfigurations

Component substitution has numerous practical applications and constitutes an active research topic. This paper proposes to enrich an existing component-based framework--a model with dynamic reconfigurations making the system evolve--with a new reconfiguration operation which "substitutes" components by other components, and to study its impact on sequences of dynamic reconfigurations. Firstly, we define substitutability constraints which ensure the component encapsulation while performing reconfigurations by component substitutions. Then, we integrate them into a substitutability-based simulation to take these substituting reconfigurations into account on sequences of dynamic reconfigurations. Thirdly, as this new relation being in general undecidable for infinite-state systems, we propose a semi-algorithm to check it on the fly. Finally, we report on experimentations using the B tools to show the feasibility of the developed approach, and to illustrate the paper's proposals on an example of the HTTP server.Comment: In Proceedings FESCA 2014, arXiv:1404.043

Refinement and Verification of Synchronized Component-based Systems

This article deals with specification, refinement and verification approaches for systems designed with synchronized components. First of all, we define a synchronized composition of components. Transition systems are used to specify or/and to model synchronized component-based systems. Second, we give refinement semantics for these component-based systems before proposing a method to verify the refinement of a whole system from the weak refinement of its components. We also present SynCo (for Synchronized Component-based Systems): a tool we are implementing using our method. Third, a compositional way to verify safety properties is proposed: the unreachability of a (set of) state(s) can be efficiently ensured for a synchronized component-based system. The different aspects of our work are illustrated on an industrial example of a wind-screen wipers system composed of a control lever, a rain sensor and two (left and right) wind-screen wipers

Probabilistic Opacity in Refinement-Based Modeling

Given a probabilistic transition system (PTS) $\cal A$ partially observed by an attacker, and an $\omega$-regular predicate $\varphi$over the traces of $\cal A$, measuring the disclosure of the secret $\varphi$ in $\cal A$ means computing the probability that an attacker who observes a run of $\cal A$ can ascertain that its trace belongs to $\varphi$. In the context of refinement, we consider specifications given as Interval-valued Discrete Time Markov Chains (IDTMCs), which are underspecified Markov chains where probabilities on edges are only required to belong to intervals. Scheduling an IDTMC $\cal S$ produces a concrete implementation as a PTS and we define the worst case disclosure of secret $\varphi$ in ${\cal S}$ as the maximal disclosure of $\varphi$ over all PTSs thus produced. We compute this value for a subclass of IDTMCs and we prove that refinement can only improve the opacity of implementations

Practical Analysis Framework for Component Systems with Dynamic Reconfigurations

Long version of the paper accepted at ICFEM 2015, the 17th International Conference on Formal Engineering MethodsInternational audienceDynamic reconfigurations that modify the architecture of component-based systems without incurring any system downtime need to preserve the architectural consistency. In this context, we propose a reconfiguration model based on Hoare logic using sequences and (unlike most of the related work on reconfigurations) the alternative and the repetitive constructs. Using primitive reconfiguration operations as building blocks, this model takes advantage of the predicate-based semantics of programming language constructs and weakest preconditions to treat dynamic reconfigurations in a manner that preserves configuration consistency. Then, after enriching the model with interpreted configurations and reconfigurations in a consistency compatible manner, a conformance relation is exploited to validate component systems' implementations within the environment supporting the Fractal and FraSCAti frameworks. A practical contribution consists of promising experimental results obtained thanks to our implementations, notably on a cloud-based multi-tier hosting environment model managed as a component system

Using Temporal Logic for Dynamic Reconfigurations of Components

International audienceDynamic reconfigurations increase the availability and the reliability of component-based systems by allowing their architectures to evolve at run-time. This paper deals with the formal specification and verification of dynamic reconfigurations of those systems using architectural constraints and temporal logic patterns. The proposals of the paper are applied to the Fractal component model. Given a Fractal reference implementation of a component-based system, we specify its dynamic reconfigurations using a temporal pattern logic for Fractal, called FTPL, characterizing the correct behaviour of the system under some architectural constraints. We study system reconfigurations on which we verify these requirements, in particular by reusing the FPath and FScript tools

Politiques d'adaptation pour la reconfiguration du composant de localisation

International audienceLes approches à base de composants sont intensivement étudiées dans le cadre des systèmes complexes. Ces approches visent à concevoir des systèmes et des applications par assemblage de composants préfabriqués, réutilisables et faciles à maintenir. Afin de répondre à des besoins spécifiques, une des approches est l'utilisation de politiques d'adaptation permettant de reconfigurer dynamiquement le modèle à composants par rapport au contexte de son environnement. Le travail présenté dans cet article repose sur un cadre formel permettant de décrire des politiques d'adaptation appliquées à un composant de localisation. Ce composant, que nous spécifions en Fractal, permet de fournir une position optimale, obtenue à partir de plusieurs positions fournies par plusieurs systèmes de localisation (GPS, Wifi). Nous définissons deux politiques d'adaptation pour ce composant et simulons son fonctionnement sur une extension de Fractal. Suite aux expérimentations, nous proposons une extension des politiques d'adaptation pour prendre en compte de nouveaux aspects non fonctionnels

Specifying and Proving a Sorting Algorithm

Rapport de recherche LIFCThis work investigates the question of automaticity of algorithm proofs, through the typical example of a sorting algorithm. The first part introduces two specification languages for Java programs. In the second part one of them is used to specify a sorting algorithm by selection. The suggested specifications are enhanced until obtaining a complete solution by the current automated theorem provers. This report is a part of Elena Tushkanova's diploma project (equivalent to a master thesis) entitled “Modular Specification of Object Oriented Programs” from the Yaroslavl State University, Russia, translated from Russian into English

Using Acceleration to Compute Parameterized System Refinement

In this paper, we present a verification approach for a class of parameterized systems. These systems are composed of an arbitrary number of similar processes. As in \cite{abdulla99b} we represent the states by regular languages and the transitions by transducers over regular languages. If we can compute a symbolic model by acceleration of the actions, then we can also verify a refinement relation R between the symbolic models. We show that, under some conditions, if R is verified between two symbolic models, then refinement is verified between concrete parameterized systems. Then, we can take advantage the property (safety and PLTL properties) preservation by refinement for their verification

{JML}-based Verification of Liveness Properties on a Class in isolation

International audienceThis paper proposes a way to verify temporal properties of a Java class in an extension of JML (Java Modeling Language) called JTPL (Java Temporal Pattern Language). We particularly address the verification of liveness properties by automatically translating the temporal properties into JML annotations for this class. This automatic translation is implemented in a tool called JAG (JML Annotation Generator). Correctness of the generated annotations ensures that the temporal property is established for the executions of the class in isolation

Runtime Verification of Temporal Patterns for Dynamic Reconfigurations of Components

International audienceDynamic reconfigurations increase the availability and the reliability of component-based systems by allowing their architectures to evolve at runtime. Recently we have proposed a temporal pattern logic, called FTPL, to characterize the correct reconfigurations of component-based systems under some temporal and architectural constraints. As component-based architectures evolve at runtime, there is a need to check these FTPL constraints on the fly, even if only a partial information is expected. Firstly, given a generic component-based model, we review FTPL from a runtime verification point of view. To this end we introduce a new four-valued logic, called RV-FTPL (Runtime Verification for FTPL), characterizing the "potential" (un)satisfiability of the architectural constraints in addition to the basic FTPL semantics. Potential true and potential false values are chosen whenever an observed behaviour has not yet lead to a violation or satisfiability of the property under consideration. Secondly, we present a prototype developed to check at runtime the satisfiability of RV-FTPL formulas when reconfiguring a Fractal component-based system. The feasability of a runtime property enforcement is also shown. It consists in supervising on the fly the reconfiguration execution against desired RV-FTPL properties. The main contributions are illustrated on the example of a HTTP server architecture