Jia Lv,Jing Ying,Minghui Wu,Tao Jiang,Fanwei Zhu

DOI: https://doi.org/10.1109/ssiri.2009.20

2009-01-01

Abstract:The behavior model of traditional temporal logic is closed and symmetrical, while the behavior model of aspect-oriented programs is open and asymmetrical. When the programmer designs the base-code, he is not sure what aspects will be woven to it. It is indirect and difficult to specify and verify the behavior of aspect-oriented programs by using traditional temporal logic. In this paper, we propose a new temporal logic named open temporal logic, which introduced some new path operators and one new temporal operator. Since paths are divided into two kinds: internal parts and external parts, the behavioral model of open temporal logic is open and asymmetrical. Base on open temporal logic and the proof system of traditional rely-guarantee method, a new proof system is given to verify the behavior of aspect-oriented programs.

Yongwang Zhao,Dianfu Ma,Jing Li,Zhuqing Li

DOI: https://doi.org/10.1109/EASe.2011.13

2011-01-01

Abstract:Increasingly, software needs to dynamically adapt its structure and behavior at runtime in response to changing conditions in the supporting computing, network infrastructure, and in the surrounding physical environments. By high complexity, adaptive programs are generally difficult to specify, verify, and validate. Assurance of high dependability of these programs is a great challenge. Efficiently and precisely specifying requirements and flexible model checking for adaptation are the key issues for developing dependably adaptive software. This paper introduces a formal model for adaptive programs which have different behavioral modes. We consider that adaptive programs have two behavioral level, functional behavior and adaptation. State machine is used to describe functional behavior in different modes and mode automata is proposed for adaptations. Specifications of adaptive programs are classified into three categories, local, adaptation and global properties from their different scope of dynamic adaptation. To specify and verify specifications on our model, We propose the Mode-extended Linear Temporal Logic (mLTL) and its model checking approach. mLTL extends Linear Temporal Logic (LTL) by adding mode related element and enables describing properties on different modes. Our formal model and mLTL formulae are translated to SMV language and verified in NuSMV model checker.

Yongwang Zhao,Zhuqing Li,Hualei Shen,Dianfu Ma

DOI: https://doi.org/10.1007/s00607-013-0295-3

2013-01-01

Computing

Abstract:As software systems are becoming increasingly complex, they need to dynamically and continually adapt their behavior to changing conditions in the long-term running. There will be large numbers of adaptations in these systems when evolving and the adaptations may be unknowable until system operation. To specify these adaptations, this paper proposes the mode-supported Linear Temporal Logic (mLTL) that is an effective way to describe global specifications of adaptive software. The global specifications are defined for adaptive software as requirements from the perspective of global adapting process. The model checking problem of mLTL is also resolved using Linear Temporal Logic (LTL) and Labelled Transition System Analyser (LTSA). Finally, we provide a prototype implementation for modelling and analyzing adaptive programs, and experimental evaluation shows feasibility and scalability of our approach.

Jingyi Wang,Jun Sun,Shengchao Qin,Cyrille Jegourel

DOI: https://doi.org/10.1109/tse.2018.2886898

IF: 7.4

2018-01-01

IEEE Transactions on Software Engineering

Abstract:Precisely modeling complex systems like cyber-physical systems is challenging, which often renders model-based system verification techniques like model checking infeasible. To overcome this challenge, we propose a method called LAR to automatically ‘verify’ such complex systems through a combination of learning, abstraction and refinement from a set of system log traces. We assume that log traces and sampling frequency are adequate to capture ‘enough’ behaviour of the system. Given a safety property and the concrete system log traces as input, LAR automatically learns and refines system models, and produces two kinds of outputs. One is a counterexample with a bounded probability of being spurious. The other is a probabilistic model based on which the given property is ‘verified’. The model can be viewed as a proof obligation, i.e., the property is verified if the model is correct. It can also be used for subsequent system analysis activities like runtime monitoring or model-based testing. Our method has been implemented as a self-contained software toolkit. The evaluation on multiple benchmark systems as well as a real-world water treatment system shows promising results.

Tang Shan,Peng Xin,Zhao Wen-yun,Liu Yi-ming

2006-01-01

Abstract:One of the urgent problems in software engineering is how to guarantee the correctness of software architecture evolution. Model checking is an approach which is used to verify properties of systems. Generally, it checks whether a given model satisfies some special property which are expressed by linear temporal logic through checking all of states of the target model. Since the complexity of the model checking mainly depends on the amount of number of the states, the most intractable problems of the approach are lack of memory and the state space explosion. There are few effective model checking approaches for large scale dynamic software architecture, this paper proposes a modular model checking strategy based on linear temporal logic. From two different levels: the component composing the system and the whole system, this paper discusses how to verify dynamic software architecture in detail, gives the corresponding algorithms and introduces an e-business case to illustrate the availability of our approach. Keyword: Dynamic Software Architecture, Model Checking, Linear Temporal Logic, Automaton

Niklas Kochdumper,Stanley Bak

2024-04-08

Abstract:While reachability analysis is one of the most promising approaches for formal verification of dynamic systems, a major disadvantage preventing a more widespread application is the requirement to manually tune algorithm parameters such as the time step size. Manual tuning is especially problematic if one aims to verify that the system satisfies complicated specifications described by signal temporal logic formulas since the effect the tightness of the reachable set has on the satisfaction of the specification is often non-trivial to see for humans. We address this problem with a fully-automated verifier for linear systems, which automatically refines all parameters for reachability analysis until it can either prove or disprove that the system satisfies a signal temporal logic formula for all initial states and all uncertain inputs. Our verifier combines reachset temporal logic with dependency preservation to obtain a model checking approach whose over-approximation error converges to zero for adequately tuned parameters. While we in this work focus on linear systems for simplicity, the general concept we present can equivalently be applied for nonlinear and hybrid systems.

Logic in Computer Science,Systems and Control,Dynamical Systems

Zhuoqun Yang,Zhi Jin,Zhi Li

DOI: https://doi.org/10.48550/arxiv.1704.00869

2017-01-01

Abstract:Self-adaptive systems (SASs) are capable of adjusting its behavior in response to meaningful changes in the operational con-text and itself. The adaptation needs to be performed automatically through self-managed reactions and decision-making processes at runtime. To support this kind of automatic behavior, SASs must be endowed by a rich runtime support that can detect requirements violations and reason about adaptation decisions. Requirements Engineering for SASs primarily aims to model adaptation logic and mechanisms. Requirements models will guide the design decisions and runtime behaviors of sys-tem-to-be. This paper proposes a model-driven approach for achieving adaptation against non-functional requirements (NFRs), i.e. reliability and performances. The approach begins with the models in RE stage and provides runtime support for self-adaptation. We capture adaptation mechanisms as graphical elements in the goal model. By assigning reliability and performance attributes to related system tasks, we derive the tagged sequential diagram for specifying the reliability and performances of system behaviors. To formalize system behavior, we transform the requirements model to the corresponding behavior model, expressed by Label Transition Systems (LTS). To analyze the reliability requirements and performance requirements, we merged the sequential diagram and LTS to a variable Discrete-Time Markov Chains (DTMC) and a variable Continuous-Time Markov Chains (CTMC) respectively. Adaptation candidates are characterized by the variable states. The optimal decision is derived by verifying the concerned NFRs and reducing the decision space. Our approach is implemented through the demonstration of a mobile information system.

Eleftherios Ioannidis,Yannick Zakowski,Steve Zdancewic,Sebastian Angel

2024-10-19

Abstract:Mechanized verification of liveness properties for programs with effects, nondeterminism, and nontermination is difficult. Existing temporal reasoning frameworks operate on the level of models (traces, automata) not executable code, creating a verification gap and losing the benefits of modularity and composition enjoyed by structural program logics. Reasoning about infinite traces and automata requires complex (co-)inductive proof techniques and familiarity with proof assistant mechanics (e.g., guardedness checker). We propose a structural approach to the verification of temporal properties with a new temporal logic that we call ictl. Using ictl, we internalize complex (co-)inductive proof techniques to structural lemmas and reasoning about variants and invariants. We show that it is possible to perform mechanized proofs of general temporal properties, while working in a high-level of abstraction. We demonstrate the benefits of ictl by giving mechanized proofs of safety and liveness properties for programs with queues, secure memory, and distributed consensus.

Programming Languages,Logic in Computer Science

Taolue Chen,Jian Lu

DOI: https://doi.org/10.1109/fskd.2007.458

2007-01-01

Abstract:Last decade witnesses an impressive development of embedded reactive systems, which motivates the research of open systems, where multiple components interact with each other and their environment and these interactions decide the behavior of the system. A natural "common-denominator" model for open systems is the concurrent game structure, in which several players can concurrently decide on the behavior of the system. Alternating-time temporal logic (ATL), is a temporal logic geared towards the specification and verification of properties in open systems, which allows to reason on the existence of strategies for coalitions of players in order to enforce a given property. Probabilistic systems, i.e. system models where transitions are equipped with random information, receive increasingly attention in recent years. In this paper, we propose to study the open probabilistic system. We extend the framework of ATL in the probabilistic setting, following the style of probabilistic computation tree logic (PCTL), and obtain two probabilistic alternating-time temporal logics, i.e. PATL and PATL*. They are interpreted over probabilistic concurrent game structures, which is a probabilistic extension of multi-player concurrent game structure. We develop model checking algorithms for both PATL and PATL*.

Craig Innes,Subramanian Ramamoorthy

DOI: https://doi.org/10.48550/arXiv.2109.08071

2022-02-23

Abstract:Many robot control scenarios involve assessing system robustness against a task specification. If either the controller or environment are composed of "black-box" components with unknown dynamics, we cannot rely on formal verification to assess our system. Assessing robustness via exhaustive testing is also often infeasible if the space of environments is large compared to experiment cost. Given limited budget, we provide a method to choose experiment inputs which give greatest insight into system performance against a given specification across the domain. By combining smooth robustness metrics for signal temporal logic with techniques from adaptive experiment design, our method chooses the most informative experimental inputs by incrementally constructing a surrogate model of the specification robustness. This model then chooses the next experiment to be in an area where there is either high prediction error or uncertainty. Our experiments show how this adaptive experimental design technique results in sample-efficient descriptions of system robustness. Further, we show how to use the model built via the experiment design process to assess the behaviour of a data-driven control system under domain shift.

Robotics

Zhou Conghua,Chen Zhenyu,Ju Shiguang

2008-01-01

Journal of Computer Research and Development

Abstract:For concurrent software systems, linear temporal logic SE-LTL is a specification language with high expressive power and the ability to reason about both states and events. Until now, the SE-LTL model checking algorithm is still explicit, and the state explosion is the primary verification difficulty. A bounded model checking procedure is introduced for SE-LTL which reduces model checking to propositional satisfiability. This new technique avoids the space blow up of BDDs, and sometimes speeds up the verification. For SE-LTL-X the procedure and stuttering equivalent technique is further integrated. The experiment result shows that the integration can reduce the verification time very much.

Loizos Hadjiloizou,Frank J. Jiang,Amr Alanwar,Karl H. Johansson

2024-04-04

Abstract:In this paper, we introduce a hybrid zonotope-based approach for formally verifying the behavior of autonomous systems operating under Linear Temporal Logic (LTL) specifications. In particular, we formally verify the LTL formula by constructing temporal logic trees (TLT)s via backward reachability analysis (BRA). In previous works, TLTs are predominantly constructed with either highly general and computationally intensive level set-based BRA or simplistic and computationally efficient polytope-based BRA. In this work, we instead propose the construction of TLTs using hybrid zonotope-based BRA. By using hybrid zonotopes, we show that we are able to formally verify LTL specifications in a computationally efficient manner while still being able to represent complex geometries that are often present when deploying autonomous systems, such as non-convex, disjoint sets. Moreover, we evaluate our approach on a parking example, providing preliminary indications of how hybrid zonotopes facilitate computationally efficient formal verification of LTL specifications in environments that naturally lead to non-convex, disjoint geometries.

Systems and Control,Logic in Computer Science

Hengfeng Wei,Yu Huang,Jiannong Cao,Xiaoxing Ma,Jian Lu

DOI: https://doi.org/10.1109/PerCom.2012.6199846

2012-01-01

Abstract:Formal specification and runtime detection of temporal properties for pervasive context is one of the primary approaches to achieving context-awareness. Though temporal logics have been widely used in specification of temporal properties, they are faced with severe challenges in Pervasive Computing (PvC) scenarios. First, temporal logics are traditionally defined over infinite traces of possible system behavior. However in PvC scenarios, applications observe finite prefixes of (potentially infinite) traces of environment state evolution, and adapt their behavior accordingly. Second, specification and detection of temporal properties are challenged by the intrinsic asynchrony of PvC environments. Discussions above necessitate a systematic approach to formal specification and runtime detection of temporal properties for asynchronous context. To this end, we propose CTL3 (3-valued Computation Tree Logic), which i) adopts 3-valued semantics to capture the inconclusiveness when applications only observe finite prefixes of environment state evolution; ii) inherits the notion of branching time to capture the uncertainty resulting from the asynchrony of PvC environments. A case study is conducted to demonstrate how CTL3 supports context-awareness in PvC scenarios. The runtime checking algorithm of CTL3 is implemented and evaluated over MIPA - the open-source context-aware middleware we developed. The case study demonstrates the necessity of adopting CTL3 in PvC scenarios, while the performance measurements show the cost-effectiveness of runtime checking contextual properties in CTL3.

zhibin yang,kai hu,yongwang zhao,dianfu ma,jeanpaul bodeveix

DOI: https://doi.org/10.13328/j.cnki.jos.004776

2015-01-01

Abstract:This paper presents a formal verification method for AADL (architecture analysis and design language) models by TASM (timed abstract state machine) translation. The abstract syntax of the chosen subset of AADL and of TASM are given. The translation rules are defined clearly by the semantic functions expressed in a ML-like language. Furthermore, the translation is implemented in the model transformation tool AADL2TASM, which provides model checking and simulation for AADL models. Finally, a case study of space GNC (guidance, navigation and control) system is provided.

R. Wang,X. Song,M. Gu

DOI: https://doi.org/10.1049/iet-sen:20070009

2007-01-01

IET Software

Abstract:Validation is an important task in complex embedded system designs. A method of modelling and analysing embedded systems with programmable logic controllers is presented. Controllers and physical plants are modelled using timed automata. The system requirements are specified and formalised as computational tree logic properties. It is demonstrated that the designed model satisfies the required properties by resorting to a symbolic model checker, Uppaal, for real-time systems. A realistic example, the steeve controller of a theatre, illustrates the strategies. The safety and time constraint requirements are validated by Uppaal. The experimental results demonstrate the effectiveness of the approach presented here.

Feng Zhang,Yongwang Zhao,Dianfu Ma,Wensheng Niu

DOI: https://doi.org/10.1109/access.2017.2770323

IF: 3.9

2017-01-01

IEEE Access

Abstract:AADL along with its Behavior Annex is an architecture and behavior description language for safety-critical domains, e.g. avionics, aerospace, and defence. In order to formally analyze behavior properties of AADL models, it is necessary to transform the AADL language into formal languages supported by formal verification tools. Moreover, comprehensive formal verification of AADL models highly requires that the transformation supports larger subset of the AADL language, as well as verification tools are able to capture various behavior of AADL, such as concurrency and timing. As an extended communicating sequential process (CSP), stateful timed CSP with its model checker-PAT provide an strongly expressive language and verification tool for real-time systems, distributed systems, and concurrent systems. This paper introduces a model transformation approach from a comparatively complete subset of AADL to stateful timed CSP, in particular supporting major components of AADL Behavior Annex. We propose a comprehensive set of transformation rules for AADL to stateful timed CSP. Then, we perform formal verification in PAT to analyze concurrent behavior properties of AADL models, such as safety, liveness, and trace refinement with various fairness assumptions, in which we consider time capacities, deadlines, periods of AADL threads and durations of AADL processes. As a study case, we develop an AADL model of F-16 “Auto Pilot Controller”and transform the model into Stateful Timed CSP. We specify a set of critical properties of the model and perform formal verification in PAT.

Alessandro Gianola,Marco Montali,Sarah Winkler

2023-10-17

Abstract:The need to model and analyse dynamic systems operating over complex data is ubiquitous in AI and neighboring areas, in particular business process management. Analysing such data-aware systems is a notoriously difficult problem, as they are intrinsically infinite-state. Existing approaches work for specific datatypes, and/or limit themselves to the verification of safety properties. In this paper, we lift both such limitations, studying for the first time linear-time verification for so-called data-aware processes modulo theories (DMTs), from the foundational and practical point of view. The DMT model is very general, as it supports processes operating over variables that can store arbitrary types of data, ranging over infinite domains and equipped with domain-specific predicates. Specifically, we provide four contributions. First, we devise a semi-decision procedure for linear-time verification of DMTs, which works for a very large class of datatypes obeying to mild model-theoretic assumptions. The procedure relies on a unique combination of automata-theoretic and cover computation techniques to respectively deal with linear-time properties and datatypes. Second, we identify an abstract, semantic property that guarantees the existence of a faithful finite-state abstraction of the original system, and show that our method becomes a decision procedure in this case. Third, we identify concrete, checkable classes of systems that satisfy this property, generalising several results in the literature. Finally, we present an implementation and a first experimental evaluation.

Logic in Computer Science

Tzanis Anevlavis,Matthew Philippe,Daniel Neider,Paulo Tabuada

DOI: https://doi.org/10.1145/3491216

2022-04-30

ACM Transactions on Computational Logic

Abstract:While most approaches in formal methods address system correctness, ensuring robustness has remained a challenge. In this article, we present and study the logic rLTL, which provides a means to formally reason about both correctness and robustness in system design. Furthermore, we identify a large fragment of rLTL for which the verification problem can be efficiently solved, i.e., verification can be done by using an automaton, recognizing the behaviors described by the rLTL formula φ, of size at most O(3 |φ |), where |φ | is the length of φ. This result improves upon the previously known bound of O(5|φ |) for rLTL verification and is closer to the LTL bound of O(2|φ |). The usefulness of this fragment is demonstrated by a number of case studies showing its practical significance in terms of expressiveness, the ability to describe robustness, and the fine-grained information that rLTL brings to the process of system verification. Moreover, these advantages come at a low computational overhead with respect to LTL verification.

computer science, theory & methods,logic

Muhammad Syifa'ul Mufid,Andrea Micheli,Alessandro Abate,Alessandro Cimatti

2023-08-21

Abstract:Max-Plus Linear (MPL) systems are an algebraic formalism with practical applications in transportation networks, manufacturing and biological systems. In this paper, we investigate the problem of automatically analyzing the properties of MPL, taking into account both structural properties such as transient and cyclicity, and the open problem of user-defined temporal properties. We propose Time-Difference LTL (TDLTL), a logic that encompasses the delays between the discrete time events governed by an MPL system, and characterize the problem of model checking TDLTL over MPL. We first consider a framework based on the verification of infinite-state transition systems, and propose an approach based on an encoding into model checking. Then, we leverage the specific features of MPL systems to devise a highly optimized, combinational approach based on Satisfiability Modulo Theory (SMT). We experimentally evaluate the features of the proposed approaches on a large set of benchmarks. The results show that the proposed approach substantially outperforms the state of the art competitors in expressiveness and effectiveness, and demonstrate the superiority of the combinational approach over the reduction to model checking.

Formal Languages and Automata Theory