Alexander Elenga Gärtner,Dietmar Göhlich

DOI: https://doi.org/10.1007/s10515-024-00452-x

IF: 1.677

2024-06-08

Automated Software Engineering

Abstract:This paper introduces ALICE (Automated Logic for Identifying Contradictions in Engineering), a novel automated contradiction detection system tailored for formal requirements expressed in controlled natural language. By integrating formal logic with advanced large language models (LLMs), ALICE represents a significant leap forward in identifying and classifying contradictions within requirements documents. Our methodology, grounded on an expanded taxonomy of contradictions, employs a decision tree model addressing seven critical questions to ascertain the presence and type of contradictions. A pivotal achievement of our research is demonstrated through a comparative study, where ALICE's performance markedly surpasses that of an LLM-only approach by detecting 60% of all contradictions. ALICE achieves a higher accuracy and recall rate, showcasing its efficacy in processing real-world, complex requirement datasets. Furthermore, the successful application of ALICE to real-world datasets validates its practical applicability and scalability. This work not only advances the automated detection of contradictions in formal requirements but also sets a precedent for the application of AI in enhancing reasoning systems within product development. We advocate for ALICE's scalability and adaptability, presenting it as a cornerstone for future endeavors in model customization and dataset labeling, thereby contributing a substantial foundation to requirements engineering.

computer science, software engineering

Shaobin Liu,Xiaohong Chen,Zhi Jin,Min Zhang

DOI: https://doi.org/10.1109/hpcc-dss-smartcity-dependsys57074.2022.00175

2022-01-01

Abstract:Many safety-critical systems need to meet increasing real-time requirements, which asks for formal inconsistency analysis. However, most of the current formal approaches are unfriendly to domain experts. It is a heavy burden for them to formalize the natural language requirements and use formal methods to analyze the inconsistency. To help the domain experts, in this paper, we define a real-time requirements pattern language, and propose an automated real-time requirements inconsistency analysis approach based on constraint solving. A case study on automotive lighting systems shows the feasibility of our approach.

Frank Dordowsky

DOI: https://doi.org/10.4204/EPTCS.187.3

2015-08-17

Abstract:Safety critical avionics software is a natural application area for formal verification. This is reflected in the formal method's inclusion into the certification guideline DO-178C and its formal methods supplement DO-333. Airbus and Dassault-Aviation, for example, have conducted studies in using formal verification. A large German national research project, Verisoft XT, also examined the application of formal methods in the avionics domain. However, formal methods are not yet mainstream, and it is questionable if formal verification, especially formal deduction, can be integrated into the software development processes of a resource constrained small or medium enterprise (SME). ESG, a Munich based medium sized company, has conducted a small experimental study on the application of formal verification on a small portion of a real avionics project. The low level specification of a software function was formalized with ACSL, and the corresponding source code was partially verified using Frama-C and the WP plugin, with Alt-Ergo as automated prover. We established a couple of criteria which a method should meet to be fit for purpose for industrial use in SME, and evaluated these criteria with the experience gathered by using ACSL with Frama-C on a real world example. The paper reports on the results of this study but also highlights some issues regarding the method in general which, in our view, will typically arise when using the method in the domain of embedded real-time programming.

Software Engineering,Logic in Computer Science

Alessandro Cimatti,Marco Roveri,Angelo Susi,Stefano Tonetta

DOI: https://doi.org/10.4204/EPTCS.20.7

2012-06-27

Abstract:The validation of requirements is a fundamental step in the development process of safety-critical systems. In safety critical applications such as aerospace, avionics and railways, the use of formal methods is of paramount importance both for requirements and for design validation. Nevertheless, while for the verification of the design, many formal techniques have been conceived and applied, the research on formal methods for requirements validation is not yet mature. The main obstacles are that, on the one hand, the correctness of requirements is not formally defined; on the other hand that the formalization and the validation of the requirements usually demands a strong involvement of domain experts. We report on a methodology and a series of techniques that we developed for the formalization and validation of high-level requirements for safety-critical applications. The main ingredients are a very expressive formal language and automatic satisfiability procedures. The language combines first-order, temporal, and hybrid logic. The satisfiability procedures are based on model checking and satisfiability modulo theory. We applied this technology within an industrial project to the validation of railways requirements.

Software Engineering

Yike Huang,Xiaohong Chen,Zhi Jin,Tingliang Zhou

DOI: https://doi.org/10.1109/rew61692.2024.00035

2024-01-01

Abstract:The importance of real-time requirements inconsistency detection is increasingly manifested in safety -critical system development. Most existing tools use state-based detection methods for real-time requirements verification, but they sometimes struggle to efficiently detect results when faced with complex system requirements. Moreover, adding device properties into the verification has increased the complexity of the state space. As a complementary, in this paper, we present a lightweight efficient method for real-time requirements existence inconsistency detection for safety-critical systems. We reduce the real-time existential inconsistencies detection problem into a constraint solving problem. The real-time requirements and involved device properties are encoded into SMT formulas, which can be detected quickly by using a constraint solver such as Z3. Through a case study and experimental evaluation, it is shown that our method can efficiently detect real-time existential inconsistencies in requirements. This provides a practical solution to detect certain types of errors in the early stage, avoiding possible future expensive costs.

Nick Feng,Lina Marsso,Marsha Chechik

DOI: https://doi.org/10.1145/3691620.3695522

2024-09-14

Abstract:Satisfiability-based automated reasoning is an approach that is being successfully used in software engineering to validate complex software, including for safety-critical systems. Such reasoning underlies many validation activities, from requirements analysis to design consistency to test coverage. While generally effective, the back-end constraint solvers are often complex and inevitably error-prone, which threatens the soundness of their application. Thus, such solvers need to be validated, which includes checking correctness and explaining (un)satisfiability results returned by them. In this work, we consider satisfiability analysis based on First-Order Logic with relational objects (FOL*) which has been shown to be effective for reasoning about time- and data-sensitive early system designs. We tackle the challenge of validating the correctness of FOL* unsatisfiability results and deriving diagnoses to explain the causes of the unsatisfiability. Inspired by the concept of proofs of UNSAT from SAT/SMT solvers, we define a proof format and proof rules to track the solvers' reasoning steps as sequences of derivations towards UNSAT. We also propose an algorithm to verify the correctness of FOL* proofs while filtering unnecessary derivations and develop a proof-based diagnosis to explain the cause of unsatisfiability. We implemented the proposed proof support on top of the state-of-the-art FOL* satisfiability checker to generate proofs of UNSAT and validated our approach by applying the proof-based diagnoses to explain the causes of well-formedness issues of normative requirements of software systems.

Software Engineering

Xiaohong Chen,Zhiwei Zhong,Zhi Jin,Min Zhang,Tong Li,Xiang Chen,Tingliang Zhou

DOI: https://doi.org/10.1109/re.2019.00040

2019-01-01

Abstract:Consistency verification of safety requirements is an important but still challenging task for safety-critical systems such as rail transit systems. That is mainly because requirements are typically written in natural language and with strong time constraints. Driven by the practical need from industry, in this paper we propose a systematic approach to specify safety requirements in a quasi-natural language and automatically verify their consistency using formal methods. Specifically, we define a domain specific language SafeNL to specify safety requirements, and then automatically transform them into formal constraints defined in the Clock Constraint Specification Language (CCSL). The transformed constraints can be automatically and efficiently verified by model checking. We conduct two practical case studies to analyze the safety requirements of an interlocking system in CASCO Signal Ltd. Results of the studies show the validity and utility of our approach can pragmatically contribute to industrial practice. We also report some lessons learned from case studies.

Dejanira Araiza-Illan,Kerstin Eder,Arthur Richards

DOI: https://doi.org/10.1109/ECC.2015.7330941

2015-05-26

Abstract:This paper presents the verification of control systems implemented in Simulink. The goal is to ensure that high-level requirements on control performance, like stability, are satisfied by the Simulink diagram. A two stage process is proposed. First, the high-level requirements are decomposed into specific parametrized sub-requirements and implemented as assertions in Simulink. Second, the verification takes place. On one hand, the sub-requirements are verified through assertion checks in simulation. On the other hand, according to their scope, some of the sub-requirements are verified through assertion checks in simulation, and others via automatic theorem proving over an ideal mathematical model of the diagram. We compare performing only assertion checks against the use of theorem proving, to highlight the advantages of the latter. Theorem proving performs verification by computing a mathematical proof symbolically, covering the entire state space of the variables. An automatic translation tool from Simulink to the language of the theorem proving tool Why3 is also presented. The paper demonstrates our approach by verifying the stability of a simple discrete linear system.

Systems and Control,Software Engineering

Zhou Conghua,Chen Zhenyu,Ju Shiguang

2008-01-01

Journal of Computer Research and Development

Abstract:For concurrent software systems, linear temporal logic SE-LTL is a specification language with high expressive power and the ability to reason about both states and events. Until now, the SE-LTL model checking algorithm is still explicit, and the state explosion is the primary verification difficulty. A bounded model checking procedure is introduced for SE-LTL which reduces model checking to propositional satisfiability. This new technique avoids the space blow up of BDDs, and sometimes speeds up the verification. For SE-LTL-X the procedure and stuttering equivalent technique is further integrated. The experiment result shows that the integration can reduce the verification time very much.

Matt Luckcuck,Marie Farrell,Oisín Sheridan,Rosemary Monahan

DOI: https://doi.org/10.48550/arXiv.2110.09277

2021-10-18

Software Engineering

Abstract:Verification of complex, safety-critical systems is a significant challenge. Manual testing and simulations are often used, but are only capable of exploring a subset of the system's reachable states. Formal methods are mathematically-based techniques for the specification and development of software, which can provide proofs of properties and exhaustive checks over a system's state space. In this paper, we present a formal requirements-driven methodology, applied to a model of an aircraft engine controller that has been provided by our industrial partner. Our methodology begins by formalising the controller's natural-language requirements using the (pre-existing) Formal Requirements Elicitation Tool (FRET), iteratively, in consultation with our industry partner. Once formalised, FRET can automatically translate the requirements to enable their verification alongside a Simulink model of the aircraft engine controller; the requirements can also guide formal verification using other approaches. These two parallel streams in our methodology seek to combine the results from formal requirements elicitation, classical verification approaches, and runtime verification; to support the verification of aerospace systems modelled in Simulink, from the requirements phase through to execution. Our methodology harnesses the power of formal methods in a way that complements existing verification techniques, and supports the traceability of requirements throughout the verification process. This methodology streamlines the process of developing verifiable aircraft engine controllers, by ensuring that the requirements are formalised up-front and useable during development. In this paper we give an overview of (FRET), describe our methodology and work to-date on the formalisation and verification of the requirements, and outline future work using our methodology.

Xiaohong Chen,Zhi Jin,Min Zhang,Frederic Mallet,Xiaoshan Liu,Tingliang Zhou

DOI: https://doi.org/10.1109/tits.2024.3418864

IF: 8.5

2024-01-01

IEEE Transactions on Intelligent Transportation Systems

Abstract:Dealing with the ever-growing complexity of railway systems requires scalable approaches for detecting inconsistent safety requirements in practice. Despite significant efforts to automate the requirements consistency detection, current inconsistency analysis techniques of railway safety requirements still suffer from scalability issues. This paper proposes a two-layer approach for detecting inconsistencies in time-related safety requirements of railway systems, integrating two distinct formal methods from a pragmatic perspective. At the SafeNL layer, we employ an SMT-based approach to extract conflict patterns and use them to filter out inconsistent requirements descriptions, thus avoiding the more expensive general use of the SMT-based approach. At the CCSL layer, temporal dependencies in requirements are transformed into causal relations, which are then detected for circular inconsistencies using a graph search technique. Our evaluations demonstrate the utility and scalability of our approach.

Xiaohong Chen,Juan Zhang,Zhi Jin,Min Zhang,Tong Li,Xiang Chen,Tingliang Zhou

DOI: https://doi.org/10.1109/tits.2023.3324022

IF: 8.5

2023-12-05

IEEE Transactions on Intelligent Transportation Systems

Abstract:Consistency verification of safety requirements is crucial for the success of safety-critical systems, particularly railway systems. However, this task often requires significant time spent on interaction and communication between domain experts, who possess in-depth knowledge of safety requirements in a specific domain, and formal experts, who have the necessary skills to apply verification tools and techniques. To enhance time efficiency and productivity, we propose an approach to empower domain experts with formal methods for verifying safety requirements' consistency. This involves transforming natural requirements into formal models and using formal methods for verification. The approach also localizes inconsistent requirements to provide feedback to domain experts. Communication between domain experts and formal experts can be facilitated through the pattern language SafeNL. By adopting this approach, domain experts can utilize formal verification without extensive consultation with formal experts. Two practical case studies with CASCO Signal Ltd. validate its effectiveness, practicality, as well as a significant reduction of time compared to traditional methods (at least 90% reduction). This reduction in time is primarily due to reduced communication needs and more efficient localization. Evaluations show that SafeNL is user-friendly and the approach performs well in modular systems while scalability is somewhat limited.

engineering, electrical & electronic,transportation science & technology, civil

Nick Feng,Lina Marsso,Sinem Getir Yaman,Yesugen Baatartogtokh,Reem Ayad,Victória Oldemburgo de Mello,Beverley Townsend,Isobel Standen,Ioannis Stefanakos,Calum Imrie,Genaína Nunes Rodrigues,Ana Cavalcanti,Radu Calinescu,Marsha Chechik

DOI: https://doi.org/10.1145/3597503.3639093

2024-01-11

Abstract:As software systems increasingly interact with humans in application domains such as transportation and healthcare, they raise concerns related to the social, legal, ethical, empathetic, and cultural (SLEEC) norms and values of their stakeholders. Normative non-functional requirements (N-NFRs) are used to capture these concerns by setting SLEEC-relevant boundaries for system behavior. Since N-NFRs need to be specified by multiple stakeholders with widely different, non-technical expertise (ethicists, lawyers, regulators, end users, etc.), N-NFR elicitation is very challenging. To address this challenge, we introduce N-Check, a novel tool-supported formal approach to N-NFR analysis and debugging. N-Check employs satisfiability checking to identify a broad spectrum of N-NFR well-formedness issues (WFI), such as conflicts, redundancy, restrictiveness, insufficiency, yielding diagnostics which pinpoint their causes in a user-friendly way that enables non-technical stakeholders to understand and fix them. We show the effectiveness and usability of our approach through nine case studies in which teams of ethicists, lawyers, philosophers, psychologists, safety analysts, and engineers used N-Check to analyse and debug 233 N-NFRs comprising 62 issues for the software underpinning the operation of systems ranging from assistive-care robots and tree-disease detection drones to manufacturing collaborative robots.

Software Engineering

Anitha Murugesan,Isaac Wong,Joaquín Arias,Robert Stroud,Srivatsan Varadarajan,Elmer Salazar,Gopal Gupta,Robin Bloomfield,John Rushby

2024-10-02

Abstract:Assurance cases offer a structured way to present arguments and evidence for certification of systems where safety and security are critical. However, creating and evaluating these assurance cases can be complex and challenging, even for systems of moderate complexity. Therefore, there is a growing need to develop new automation methods for these tasks. While most existing assurance case tools focus on automating structural aspects, they lack the ability to fully assess the semantic coherence and correctness of the assurance arguments. In prior work, we introduced the Assurance 2.0 framework that prioritizes the reasoning process, evidence utilization, and explicit delineation of counter-claims (defeaters) and counter-evidence. In this paper, we present our approach to enhancing Assurance 2.0 with semantic rule-based analysis capabilities using common-sense reasoning and answer set programming solvers, specifically s(CASP). By employing these analysis techniques, we examine the unique semantic aspects of assurance cases, such as logical consistency, adequacy, indefeasibility, etc. The application of these analyses provides both system developers and evaluators with increased confidence about the assurance case.

Logic in Computer Science,Software Engineering

Zhi Ma,Cheng Wen,Jie Su,Ming Zhao,Bin Yu,Xu Lu,Cong Tian

2024-04-01

Abstract:IP-based software design is a crucial research field that aims to improve efficiency and reliability by reusing complex software components known as intellectual property (IP) components. To ensure the reusability of these components, particularly in security-sensitive software systems, it is necessary to analyze the requirements and perform formal verification for each IP component. However, converting the requirements of IP components from natural language descriptions to temporal logic and subsequently conducting formal verification demands domain expertise and non-trivial manpower. This paper presents a case study on software IP components derived from aerospace embedded systems, with the objective of automating the requirement analysis and verification process. The study begins by employing Large Language Models to convert unstructured natural language into formal specifications. Subsequently, three distinct verification techniques are employed to ascertain whether the source code meets the extracted temporal logic properties. By doing so, five real-world IP components from the China Academy of Space Technology (CAST) have been successfully verified.

Software Engineering

Philipp Berger,Johanna Nellen,Joost-Pieter Katoen,Erika Abraham,Md Tawhid Bin Waez,Thomas Rambow

DOI: https://doi.org/10.48550/arXiv.1906.07083

2019-06-17

Logic in Computer Science

Abstract:In industrial model-based development (MBD) frameworks, requirements are typically specified informally using textual descriptions. To enable the application of formal methods, these specifications need to be formalized in the input languages of all formal tools that should be applied to analyse the models at different development levels. In this paper we propose a unified approach for the computer-assisted formal specification of requirements and their fully automated translation into the specification languages of different verification tools. We consider a two-stage MBD scenario where first Simulink models are developed from which executable code is generated automatically. We (i) propose a specification language and a prototypical tool for the formal but still textual specification of requirements, (ii) show how these requirements can be translated automatically into the input languages of Simulink Design Verifier for verification of Simulink models and BTC EmbeddedValidator for source code verification, and (iii) show how our unified framework enables besides automated formal verification also the automated generation of test cases.

Wenjuan Wu,Dianfu Ma,Yongwang Zhao,Xianqi Zhao

DOI: https://doi.org/10.1007/978-3-319-12096-6_23

2014-01-01

Abstract:Airborne airworthiness certification DO-178C software release proposes a higher safety and reliability demands of airborne software. This raises great challenges to airborne software modeling and verification. In order to achieve airborne software high-level requirements objectives, we propose a formal method of modeling high-level requirements based on knowledge graph. The method gives a formal language to describe knowledge graph and constructs knowledge graph collaboratively. Then we represents high-level requirements by causal model and formal modeling of high-level functional requirements and non-functional requirements by knowledge graph. These improve the requirement traceability, namely these are helpful to trace the high-level requirements to system requirements so as to achieve high-level requirements' traceability objective that DO-178C demands. Additionally, we provide the modeling tool for domain experts to construct knowledge graph collaboratively and realize their high-level requirements modeling. We also give some high-level requirements verification. These are significant to generate safe, reliable, accurate and high-quality airborne software.

Ondřej Vašíček,Joaquin Arias,Jan Fiedor,Gopal Gupta,Brendan Hall,Bohuslav Křena,Brian Larson,Sarat Chandra Varanasi,Tomáš Vojnar

2024-08-19

Abstract:This paper proposes a new methodology for early validation of high-level requirements on cyber-physical systems with the aim of improving their quality and, thus, lowering chances of specification errors propagating into later stages of development where it is much more expensive to fix them. The paper presents a transformation of a real-world requirements specification of a medical device$-$a PCA pump$-$into an Event Calculus model that is then evaluated using answer set programming and the s(CASP) system. The evaluation under s(CASP) allowed deductive as well as abductive reasoning about the specified functionality of the PCA pump on the conceptual level with minimal implementation or design dependent influences, and led to fully-automatically detected nuanced violations of critical safety properties. Further, the paper discusses scalability and non-termination challenges that had to be faced in the evaluation and techniques proposed to (partially) solve them. Finally, ideas for improving s(CASP) to overcome its evaluation limitations that still persist as well as to increase its expressiveness are presented.

Logic in Computer Science,Software Engineering

Radoslaw Klimek

DOI: https://doi.org/10.48550/arXiv.1402.1985

2014-02-10

Abstract:The work concerns automatic generation of logical specifications from requirements models. Logical specifications obtained in such a way can be subjected to formal verification using deductive reasoning. Formal verification concerns correctness of a model behaviour. Reliability of the requirements engineering is essential for all phases of software development processes. Deductive reasoning is an important alternative among other formal methods. However, logical specifications, considered as sets of temporal logic formulas, are difficult to specify manually by inexperienced users and this fact can be regarded as a significant obstacle to practical use of deduction-based verification tools. A method of building requirements models using some UML diagrams, including their logical specifications, is presented step by step. Organizing activity diagrams into predefined workflow patterns enables automated extraction of logical specifications. The crucial aspect of the presented approach is integrating the requirements engineering phase and the automatic generation of logical specifications. A system of the deduction-based verification is proposed. The reasoning process could be based on the semantic tableaux method. A simple yet illustrative example of the requirements elicitation and verification is provided.

Software Engineering

Adam Naumowicz

DOI: https://doi.org/10.1007/s10817-015-9332-6

2015-06-16

Journal of Automated Reasoning

Abstract:In this paper we present the results of an experiment with employing an external SAT solver to strengthen the notion of obviousness of the Mizar proof checker. The presented extension of the Mizar system is based on a version of MiniSAT, called Logic2CNF. The SAT-enhanced Mizar checker is programmed to automatically spawn a new Logic2CNF process whenever it needs to justify any goal that can be solved by reducing it into a corresponding propositional satisfiability problem (equalities based on Boolean operations or set inclusion). The external tool is interfaced within the implementation of Mizar’s requirements directives.

computer science, artificial intelligence