Preservation of timed properties during an incremental development by components

International audienceWe are interested in the preservation of local properties of timed components during their integration in a timed system. Timed components are modeled as timed automata or timed automata with deadlines. Properties considered are all safety and liveness properties which can be expressed with the timed linear logic Mitl (Metric Interval Linear Logic), as well as non-zenoness and deadlock-freedom. Integration of components is a kind of incremental development which consists in checking locally the properties of the components, before integrating them in the complete system, using some composition operator. Of course, established properties have to be preserved by this integration. Checking preservation can be achieved by means of the verification of timed tau-simulation relations. Composability, compatibility and compositionality of these relations w.r.t. composition operators are properties which allow to reduce the cost of this verification. We examine these properties when integration is achieved with two different timed composition operators: the classic operator usually taken for timed systems and which uses a CSP-like composition paradigm, and a non-blocking operator closer to the CCS paradigm

Incremental Verification of Component-Based Timed Systems

International audienceWe are interested in the incremental development, by integration of components, of component-based timed systems, and in particular, in the preservation of their properties during such a development process. We model timed components with timed automata. Their composition is achieved with the classic parallel composition operator for timed automata. The specifications of these timed systems are expressed with the timed linear logic Mitl (Metric Interval Temporal Logic). To guarantee the preservation of properties during an incremental development process, we propose to use ? -simulation relations, adapted for timed systems. First, we extend the classic notion of ? -simulation with timed aspects. As in the untimed case, this relation, called timed ? -simulation, preserves safety properties. To preserve more properties, in particular liveness ones, we present another relation, called divergencesensitive and stability-respecting (DS) timed ? -simulation. This last relation preserves all Mitl properties (and thus liveness ones), but also strong non-zenoness and deadlockfreedom. Moreover, as we put ourselves in a component-based framework, we study if the relations are appropriate to the use of the composition operator that we consider. For this purpose, we study if the relations are compatible with this operator, and if composability and compositionality hold. These three properties are a way to reduce the cost of the verification of the preservation, or even to get it for free. It results that the timed ? -simulation is appropriate with the classic operator since the properties hold without any assumption. However, this is not the case for the DS timed ? - simulation. We implemented the algorithmic verification of the simulations in a tool called Vesta (Verification of Simulation for Timed Automata). The structure of the tool was inspired from the one of the Open-Kronos tool. This allows, as additionnal feature, to connect the models considered in Vesta to the modules of the verification platform Open-Caesar. We show the interest of our method by applying it on a case study, concerning a production cell example

Partitioned {PLTL} Model-Checking for Refined Transition Systems

International audienceThis paper is about the verification of dynamic properties by model-checking for finite state reactive systems. Properties are expressed as PLTL formulae. Systems are specified through a top-down refinement process. In order to cope with the state explosion problem, we propose partitioning the state space to be verified and to verify the properties independently on each part. Properties that are such that if they hold on every part then they hold for the whole system are called verifiable by parts. In a previous paper, we presented a class of interesting PLTL properties that are always verifiable by parts. That is, they are verifiable by parts with any partitioning of the state space. In addition to these properties, some properties are verifiable by parts on a system provided with a particular partitioning. In this paper, we propose a partitioning of the state space of a system that is guided by the refinement process. We introduce an extended class of PLTL properties that are verifiable by parts with regard to this partitioning. This class includes the first one. In particular, the new class includes liveness properties under fairness assumptions. This class is defined from Buchi automata that accept the language of the negations of the properties. Our work is illustrated by its application to a chip card protocol called T=1. This protocol is specified through successive refinements

Bisimulator 2.0: An On-the-Fly Equivalence Checker based on Boolean Equation Systems

International audienceEquivalence checking is a classical verification method determining if a finite-state concurrent system (protocol) satisfies its desired external behaviour (service) by comparing their underlying labeled transition systems (LTSs) modulo an appropriate equivalence relation. Local (or on-the-fly) equivalence checking explores the synchronous product of the LTSs incrementally, allowing an efficient detection of errors in complex systems. In this paper, we consider the technique based on translating the equivalence checking problem in terms of the local resolution of a boolean equation system (BES). We propose two enhancements of this technique in the case of equivalent LTSs: a new, faster BES encoding of weak equivalence relations, and a new local BES resolution algorithm with a good average complexity. These enhancements were incorporated into the BISIMULATOR 2.0 equivalence checker of the CADP toolbox, and led to significant performance improvements

VETESS : IDM, Test et SysML

Selected paper from the 7-th NEPTUNE WorkshopNational audienceIl apparaît souvent que les processus d'ingénierie système sont en fait décomposés en phases discontinues oùtrop peu d'informations sont partagées entre les différentes équipes, par exemple entre les équipes de design et de tests.Cette faiblesse peut être palliée par l’utilisation de modèles de spécifications qui jouent alors le rôle de référentiel pourl’ensemble des équipes participant au cycle de vie du logiciel. Ce type de modèle est couramment utilisé comme basedans les activités de conception, de vérification, ou encore de test. Le test basé sur les modèles est une approcheoriginale où sont automatiquement générés des cas de test et des scripts de test exécutables à partir d'une spécificationdu système sous test. Cette spécification prend la forme d'un modèle comportemental, permettant ainsi au générateur detests de déterminer, d'une part, quels sont les contextes d'exécution pertinents et, d'autre part, de prédire les effets sur lesystème de ces exécutions. Le but du projet VETESS est de rendre possible cette approche pour valider les systèmesembarqués automobiles. Il s’agit ainsi de mettre en œuvre et d’outiller un processus automatique permettant de dériver,d'un modèle de spécification décrit avec un sous-ensemble du langage de modélisation SysML, des cas de test, et deproduire ensuite les scripts de test correspondants à exécuter sur banc de test automobiles

Improved on-the-fly equivalence checking using boolean equation systems

Abstract. Equivalence checking is a classical verification method for ensuring the compatibility of a finite-state concurrent system (protocol) with its desired external behaviour (service) by comparing their underlying labeled transition systems (Ltss) modulo an appropriate equivalence relation. The local (or on-the-fly) approach for equivalence checking combats state explosion by exploring the synchronous product of the Ltss incrementally, thus allowing an efficient detection of errors in complex systems. However, when the two Ltss being compared are equivalent, the on-the-fly approach is outperformed by the global one, which completely builds the Ltss and computes the equivalence classes between states using partition refinement. In this paper, we consider the approach based on translating the on-the-fly equivalence checking problem in terms of the local resolution of a boolean equation system (Bes). We propose two enhancements of the approach in the case of equivalent Ltss: a new, faster encoding of equivalence relations in terms of Bess, and a new local Bes resolution algorithm with a better average complexity. These enhancements were incorporated into the Bisimulator 2.0 equivalence checker of the Cadp toolbox, and they led to significant performance improvements w.r.t. existing on-the-fly equivalence checking algorithms.

Experiments in the use of τ-simulations for the components-verification of real-time systems

We present a verification framework exploiting τ-simulations as a way to preserve local linear properties checked on the components of real-time systems. Therefore, we consider a component-based modeling of real-time systems. Their properties are expressed in a timed logic, Mitl (Metric Interval Temporal Logic). For component-based models, traditional verification techniques are generally applied to the complete composed model, even if some properties only concern some components of the system, if not only one. We show that it is possible to check such local linear properties (safety as well as liveness) on the components they concern, and then to ensure their preservation using τ-simulation relations. We show the interest of the method by applying it on two real-time systems examples and by comparing the results with traditional verification techniques