Jia Lv,Jing Ying,Minghui Wu,Tao Jiang,Fanwei Zhu

DOI: https://doi.org/10.1109/ssiri.2009.20

2009-01-01

Abstract:The behavior model of traditional temporal logic is closed and symmetrical, while the behavior model of aspect-oriented programs is open and asymmetrical. When the programmer designs the base-code, he is not sure what aspects will be woven to it. It is indirect and difficult to specify and verify the behavior of aspect-oriented programs by using traditional temporal logic. In this paper, we propose a new temporal logic named open temporal logic, which introduced some new path operators and one new temporal operator. Since paths are divided into two kinds: internal parts and external parts, the behavioral model of open temporal logic is open and asymmetrical. Base on open temporal logic and the proof system of traditional rely-guarantee method, a new proof system is given to verify the behavior of aspect-oriented programs.

Jingyi Wang,Jun Sun,Shengchao Qin,Cyrille Jegourel

DOI: https://doi.org/10.1109/tse.2018.2886898

IF: 7.4

2018-01-01

IEEE Transactions on Software Engineering

Abstract:Precisely modeling complex systems like cyber-physical systems is challenging, which often renders model-based system verification techniques like model checking infeasible. To overcome this challenge, we propose a method called LAR to automatically ‘verify’ such complex systems through a combination of learning, abstraction and refinement from a set of system log traces. We assume that log traces and sampling frequency are adequate to capture ‘enough’ behaviour of the system. Given a safety property and the concrete system log traces as input, LAR automatically learns and refines system models, and produces two kinds of outputs. One is a counterexample with a bounded probability of being spurious. The other is a probabilistic model based on which the given property is ‘verified’. The model can be viewed as a proof obligation, i.e., the property is verified if the model is correct. It can also be used for subsequent system analysis activities like runtime monitoring or model-based testing. Our method has been implemented as a self-contained software toolkit. The evaluation on multiple benchmark systems as well as a real-world water treatment system shows promising results.

Ting Wang,Jun Sun,Xinyu Wang,Yang Liu,Yuanjie Si,Jin Song Dong,Xiaohu Yang,Xiaohong Li

DOI: https://doi.org/10.1109/tse.2014.2359893

IF: 7.4

2014-01-01

IEEE Transactions on Software Engineering

Abstract:Zeno runs, where infinitely many actions occur within finite time, may arise in Timed Automata models. Zeno runs are not feasible in reality and must be pruned during system verification. Thus it is necessary to check whether a run is Zeno or not so as to avoid presenting Zeno runs as counterexamples during model checking. Existing approaches on non-Zenoness checking include either introducing an additional clock in the Timed Automata models or additional accepting states in the zone graphs. In addition, there are approaches proposed for alternative timed modeling languages, which could be generalized to Timed Automata. In this work, we investigate the problem of non-Zenoness checking in the context of model checking LTL properties, not only evaluating and comparing existing approaches but also proposing a new method. To have a systematic evaluation, we develop a software toolkit to support multiple non-Zenoness checking algorithms. The experimental results show the effectiveness of our newly proposed algorithm, and demonstrate the strengths and weaknesses of different approaches.

Victor Roussanaly,Ocan Sankur,Nicolas Markey

DOI: https://doi.org/10.48550/arXiv.1905.07365

2019-05-17

Formal Languages and Automata Theory

Abstract:We present abstraction-refinement algorithms for model checking safety properties of timed automata. The abstraction domain we consider abstracts away zones by restricting the set of clock constraints that can be used to define them, while the refinement procedure computes the set of constraints that must be taken into consideration in the abstraction so as to exclude a given spurious counterexample. We implement this idea in two ways: an enumerative algorithm where a lazy abstraction approach is adopted, meaning that possibly different abstract domains are assigned to each exploration node; and a symbolic algorithm where the abstract transition system is encoded with Boolean formulas.

Junyan Qian,Baowen Xu,Yingzhou Zhang

2007-01-01

Journal of Computational Information Systems

Abstract:Model checking is an automatic formal verification technique for a finite state system. Iterative abstraction refinement has emerged recently as the leading approach to software model checking. We present a methodology for automatically verifying programs against safety specifications based on finite state machine. As the first step, an initial abstract model is automatically extracted from source code using predicate abstraction and theorem proving. In order to reduce time complexities of this process, we partition the set of candidate predicates into subsets, and then construct abstract model independently.

R. Wang,X. Song,M. Gu

DOI: https://doi.org/10.1049/iet-sen:20070009

2007-01-01

IET Software

Abstract:Validation is an important task in complex embedded system designs. A method of modelling and analysing embedded systems with programmable logic controllers is presented. Controllers and physical plants are modelled using timed automata. The system requirements are specified and formalised as computational tree logic properties. It is demonstrated that the designed model satisfies the required properties by resorting to a symbolic model checker, Uppaal, for real-time systems. A realistic example, the steeve controller of a theatre, illustrates the strategies. The safety and time constraint requirements are validated by Uppaal. The experimental results demonstrate the effectiveness of the approach presented here.

Junyan Qian,Baowen Xu

2007-01-01

Abstract:we present a methodology for automatically verifying programs against safety specifications based on finite state machine. Firstly, computing the abstract transition between abstract states is done by calling a theorem prover, and then an initial abstract model automatically is extracted from concrete program using predicate abstraction. However, the process of abstraction can be exponential in the number of predicates used. Program slicing, predicate inference and partitioning the set of candidate predicates into subsets make abstract model construction effective. By counterexample-guided abstraction refinement scheme, the abstraction refines incrementally until the specification is either satisfied or refuted. Finally, our methods can be extended to verifying concurrency programs by parallel composition.

Tuba Yavuz,Chelsea Metcalf

DOI: https://doi.org/10.48550/arXiv.1801.02457

2017-12-31

Abstract:In this paper we consider the problem of configuring partial predicate abstraction that combines two techniques that have been effective in analyzing infinite-state systems: predicate abstraction and fixpoint approximations. A fundamental problem in partial predicate abstraction is deciding the variables to be abstracted and the predicates to be used. In this paper, we consider systems modeled using linear integer arithmetic and investigate an alternative approach to counter-example guided abstraction refinement. We devise two heuristics that search for predicates that are likely to be precise. The first heuristic performs the search on the problem instance to be verified. The other heuristic leverages verification results on the smaller instances of the problem. We report experimental results for CTL model checking and discuss advantages and disadvantages of each approach.

Logic in Computer Science

Taolue Chen,Tingting Han,Joost-Pieter Katoen

DOI: https://doi.org/10.1109/tase.2008.29

2008-01-01

Abstract:This paper focuses on probabilistic timed automata (PTA), an extension of timed automata with discrete probabilistic branchings. As the regions of these automata often lead to an exponential blowup, reduction techniques are of utmost importance. In this paper, we investigate probabilistic time-abstracting bisimulation (PTaB), an equivalence notion that abstracts from exact time delays. PTaB is proven to preserve probabilistic computational tree logic (PCTL). The region equivalence is a (very refined) PTaB. Furthermore, we provide a non-trivial adaptation of the traditional partition-refinement algorithm to compute the quotient under PTaB. This algorithm is symbolic in the sense that equivalence classes are represented as polyhedra.

zhibin yang,kai hu,yongwang zhao,dianfu ma,jeanpaul bodeveix

DOI: https://doi.org/10.13328/j.cnki.jos.004776

2015-01-01

Abstract:This paper presents a formal verification method for AADL (architecture analysis and design language) models by TASM (timed abstract state machine) translation. The abstract syntax of the chosen subset of AADL and of TASM are given. The translation rules are defined clearly by the semantic functions expressed in a ML-like language. Furthermore, the translation is implemented in the model transformation tool AADL2TASM, which provides model checking and simulation for AADL models. Finally, a case study of space GNC (guidance, navigation and control) system is provided.

Fei He,He Zhu,William N. N. Hung,Xiaoyu Song,Ming Gu

DOI: https://doi.org/10.1109/tase.2010.27

2010-01-01

Abstract:Model checking suffers from the state explosion problem. Compositional abstraction and abstraction refinement have been investigated in many areas to address this problem. This paper considers the compositional model checking for timed systems. We present an automated approach which combines compositional abstraction and counter-example guided abstraction refinement (CEGAR). The proposed approach exploits the semantics of a timed automaton to procure its over-approximative abstraction. Any safety property which holds on the abstraction is guaranteed to hold on the concrete model. In the case of a spurious counter-example, our proposed approach refines and strengthens the abstraction in a component-wise method. We implemented our method with the model checking tool Uppaal. Experimental results show promising improvements.

Zhenyu Chen,Conghua Zhou,Decheng Ding

DOI: https://doi.org/10.1109/HLDVT.2005.1568832

2005-01-01

Abstract:Model checking has emerged as a promising and powerful approach to analyze Petri nets automatically, but a main challenge is the state explosion problem. To obtain an efficient state space, we implement a series of formalisms based on Petri nets to achieve automatically predicate abstraction and refinement via new predicate discovery. However, the complicated predicates would slow down the abstraction refinement process. Novel Feature of our approach is minimizing the support of predicates, via diagnosing the failure reasons of transitions and projecting places on predicates to eliminate the dumb variables. In addition, a demonstrative example shows that our techniques could work efficiently on Petri nets.

CAo Yunan,ZHANG Hui,YE Peiqing,WANG Tianmiao

DOI: https://doi.org/10.3901/jme.2011.01.108

2011-01-01

Abstract:A novel modeling method called timed transition model/all-time real-time temporal logic(TTM/ATRTTL) for specifying open architecture CNC(OAC) systems is proposed.TTM/ATRTTL provides full support for specifying hard real-time property and feed-back characteristics needed for modeling OAC systems.The formal method is used to model OAC systems from different aspects by specifying the TTM structure of an open-loop OAC,a system-level logic controller,and task communication and synchronization,and obtain the closed-loop OAC TTM with scheduling mechanism is given,which is the foundation of the verification framework.Finally,a verification framework is proposed and implemented with STeP and SF2STeP.In the verification,several problems are solved including rewrite rule,verification rule,state explosion problem,and time bound restriction when STeP is used for verification,and then experiments are conducted for verifying an OAC system for dead-lock and system time bound checking.The results show that the method can effectively model and verify OAC systems.

Silvano Dal Zilio,Bernard Berthomieu

DOI: https://doi.org/10.48550/arXiv.1509.06507

2015-09-22

Abstract:A classical method for model-checking timed properties-such as those expressed using timed extensions of temporal logic-is to rely on the use of observers. In this context, a major problem is to prove the correctness of observers. Essentially, this boils down to proving that: (1) every trace that contradicts a property can be detected by the observer; but also that (2) the observer is innocuous, meaning that it cannot interfere with the system under observation. In this paper, we describe a method for automatically testing the correctness of realtime observers. This method is obtained by automating an approach often referred to as visual verification, in which the correctness of a system is performed by inspecting a graphical representation of its state space. Our approach has been implemented on the tool Tina, a model-checking toolbox for Time Petri Net.

Logic in Computer Science

Jianhua Zhao,Bin Lei,Xuandong Li,Guoliang Zheng

DOI: https://doi.org/10.1109/ISoLA.2006.28

2006-01-01

Abstract:In this paper, we present a timed automaton reachability analysis algorithm which can use some other properties to improve the model checking efficiency. If the model checker aborts because of memory or CPU time limitation when checking a property P, the users can still use a set of auxiliary properties P_1, P_2, \dots, P_n about the system to reduce the space and time requirement. People can verify these auxiliary properties by either model checking or other methods like theorem proving. This algorithm gives the users a way to reduce the space and time requirement of model checking using their knowledge about the system under check.

Tingting Han,Christian Krause,Marta Kwiatkowska,Holger Giese

DOI: https://doi.org/10.4204/EPTCS.117.5

2013-06-12

Abstract:Modal automata are a classic formal model for component-based systems that comes equipped with a rich specification theory supporting abstraction, refinement and compositional reasoning. In recent years, quantitative variants of modal automata were introduced for specifying and reasoning about component-based designs for embedded and mobile systems. These respectively generalize modal specification theories for timed and probabilistic systems. In this paper, we define a modal specification language for combined probabilistic timed systems, called abstract probabilistic timed automata, which generalizes existing formalisms. We introduce appropriate syntactic and semantic refinement notions and discuss consistency of our specification language, also with respect to time-divergence. We identify a subclass of our models for which we define the fundamental operations for abstraction, conjunction and parallel composition, and show several compositionality results.

Logic in Computer Science,Formal Languages and Automata Theory

ZHOU Cong-hua,SUN Bo,LIU Zhi-feng,GE Yun

DOI: https://doi.org/10.3969/j.issn.0372-2112.2012.10.025

2012-01-01

Abstract:In order to overcome the state explosion problem in model checking the probabilistic temporal logic of knowledge,a three-valued Abstraction is proposed.Our work includes three parts:first the three-value semantics of the probabilistic temporal logic of knowledge is defined on the Abstract model,and the initial Abstract model is build according to the equivalence partition of state space,and the preservation of satisfaction under the Abstraction is proved;second the model checking algorithm of the probabilistic temporal logic of knowledge is proposed;third how to refine the Abstraction by the minimal witnesses and counterexamples generated in model checking is shown.Finally,the Abstraction is applied in model checking the Dining Cryptographer protocols.

Linna Pang,Chen-Wei Wang,Mark Lawford,Alan Wassyng,Josh Newell,Vera Chow,David Tremaine

DOI: https://doi.org/10.4204/EPTCS.184.5

2015-06-11

Abstract:A critical step towards certifying safety-critical systems is to check their conformance to hard real-time requirements. A promising way to achieve this is by building the systems from pre-verified components and verifying their correctness in a compositional manner. We previously reported a formal approach to verifying function blocks (FBs) using tabular expressions and the PVS proof assistant. By applying our approach to the IEC 61131-3 standard of Programmable Logic Controllers (PLCs), we constructed a repository of precise specification and reusable (proven) theorems of feasibility and correctness for FBs. However, we previously did not apply our approach to verify FBs against timing requirements, since IEC 61131-3 does not define composite FBs built from timers. In this paper, based on our experience in the nuclear domain, we conduct two realistic case studies, consisting of the software requirements and the proposed FB implementations for two subsystems of an industrial control system. The implementations are built from IEC 61131-3 FBs, including the on-delay timer. We find issues during the verification process and suggest solutions.

Software Engineering,Logic in Computer Science

Taolue Chen,Tingting Han,Joost-Pieter Katoen,Alexandru Mereacre

DOI: https://doi.org/10.2168/lmcs-7(1:12)2011

2011-01-01

Logical Methods in Computer Science

Abstract:We study the verification of a finite continuous-time Markov chain (CTMC) C against a linear real-time specification given as a deterministic timed automaton (DTA) A with finite or Muller acceptance conditions. The central question that we address is: what is the probability of the set of paths of C that are accepted by A, i.e., the likelihood that C satisfies A? It is shown that under finite acceptance criteria this equals the reachability probability in a finite piecewise deterministic Markov process (PDP), whereas for Muller acceptance criteria it coincides with the reachability probability of terminal strongly connected components in such a PDP. Qualitative verification is shown to amount to a graph analysis of the PDP. Reachability probabilities in our PDPs are then characterized as the least solution of a system of Volterra integral equations of the second type and are shown to be approximated by the solution of a system of partial differential equations. For single-clock DTA, this integral equation system can be transformed into a system of linear equations where the coefficients are solutions of ordinary differential equations. As the coefficients are in fact transient probabilities in CTMCs, this result implies that standard algorithms for CTMC analysis suffice to verify single-clock DTA specifications.

Guilan Dai,Xiaoying Bai,Chongchong Zhao

DOI: https://doi.org/10.1109/GCC.2007.9

2007-01-01

Abstract:The paper presents a timing constraint modeling and analyzing method for Web processes based on annotated OWL-S. The method allows us to find whether Web processes are schedulable and which processes in Web processes are not schedulable without actual execution based on its specification. This also suggests replacement of corresponding components or relaxing timing constraints. The contributions of the paper mainly include two aspects: 1) The paper presents a method for extending OWL-S model based on annotation layers. By using annotation layers, the OWL-S model is extended with auxiliary information such as time constraints. This method can be extended to verify other properties of the Web processes by using different annotation layers. 2) The paper describes how to model Web services based systems and determine whether the specification satisfies time consistency. First, we model a Web process in extended OWL-S with timing constraints. Then, we transform the system specification along with its imposed timing constraints into a TPPN (Time Predicate Petri Net) model. Final, TPPN analyzer can automatically simulate and analyze to verify whether the system specification is schedulable under the imposed timing constraints.