Family-Based Model Checking with mCRL2

\u3cp\u3eFamily-based model checking targets the simultaneous verfication of multiple system variants, a technique to handle feature-based variability that is intrinsic to software product lines (SPLs). We present an approach for family-based verification based on the feature μ-calculus μL\u3csub\u3ef\u3c/sub\u3e, which combines modalities with feature expressions. This logic is interpreted over featured transition systems, a well-accepted model of SPLs, which allows one to reason over the collective behavior of a number of variants (a family of products). Via an embedding into the modal μ-calculus with data, underpinned by the general-purpose mCRL2 toolset, off-the-shelf tool support for μLf becomes readily available. We illustrate the feasibility of our approach on an SPL benchmark model and show the runtime improvement that family-based model checking with mCRL2 offers with respect to model checking the benchmark product-by-product.\u3c/p\u3

Variability Abstraction and Refinement for Game-Based Lifted Model Checking of Full CTL

One of the most promising approaches to fighting the configuration space explosion problem in lifted model checking are variability abstractions. In this work, we define a novel game-based approach for variability-specific abstraction and refinement for lifted model checking of the full CTL, interpreted over 3-valued semantics. We propose a direct algorithm for solving a 3-valued (abstract) lifted model checking game. In case the result of model checking an abstract variability model is indefinite, we suggest a new notion of refinement, which eliminates indefinite results. This provides an iterative incremental variability-specific abstraction and refinement framework, where refinement is applied only where indefinite results exist and definite results from previous iterations are reused. The practicality of this approach is demonstrated on several variability models

Statistical Model Checking for Product Lines

International audienceWe report on the suitability of statistical model checking forthe analysis of quantitative properties of product line models by an extendedtreatment of earlier work by the authors. The type of analysis thatcan be performed includes the likelihood of specific product behaviour,the expected average cost of products (in terms of the attributes of theproducts’ features) and the probability of features to be (un)installed atruntime. The product lines must be modelled in QFLan, which extendsthe probabilistic feature-oriented language PFLan with novel quantitativeconstraints among features and on behaviour and with advancedfeature installation options. QFLan is a rich process-algebraic specifi-cation language whose operational behaviour interacts with a store ofconstraints, neatly separating product configuration from product behaviour.The resulting probabilistic configurations and probabilistic behaviourconverge in a discrete-time Markov chain semantics, enablingthe analysis of quantitative properties. Technically, a Maude implementationof QFLan, integrated with Microsoft’s SMT constraint solver Z3,is combined with the distributed statistical model checker MultiVeStA,developed by one of the authors. We illustrate the feasibility of our frameworkby applying it to a case study of a product line of bikes

The 2020 Expert Survey on Formal Methods

International audienc

A hybrid dynamic logic for event/data-based systems

We propose E↓ -logic as a formal foundation for the specification and development of event-based systems with local data states. The logic is intended to cover a broad range of abstraction levels from abstract requirements specifications up to constructive specifications. Our logic uses diamond and box modalities over structured actions adopted from dynamic logic. Atomic actions are pairs Open image in new window where e is an event and /ψ a state transition predicate capturing the allowed reactions to the event. To write concrete specifications of recursive process structures we integrate (control) state variables and binders of hybrid logic. The semantic interpretation relies on event/data transition systems; specification refinement is defined by model class inclusion. For the presentation of constructive specifications we propose operational event/data specifications allowing for familiar, diagrammatic representations by state transition graphs. We show that E↓-logic is powerful enough to characterise the semantics of an operational specification by a single E↓-sentence. Thus the whole development process can rely on E↓-logic and its semantics as a common basis. This includes also a variety of implementation constructors to support, among others, event refinement and parallel composition.publishe