Junyan Qian,Baowen Xu

2007-01-01

Journal of Computational Information Systems

Abstract:Model checking is one of the most practical techniques for automatic formal verification to ensure the correctness of design specifications. Statecharts that extends the finite state machine is a visual language for specifying the behavior of complex reactive system. Model checking whether Statecharts model satisfies the required properties has become an important issue. The usual way to model checking Statecharts is to flat it and apply a model checking tool to verify the resulting model, but it exists state space explosion problem. In order to avoid the problem, we present an approach to model checking directly Statecharts without the flattening, a straightforward way to verify Statecharts. Based on the automata theory of model checking and the Statecharts operational semantics used labeled transition system, an algorithm for verifying LTL properties of the system, whose complexity is polynomial in the size of the Statecharts, was developed.

Junyan Qian,Baowen Xu

2006-01-01

WSEAS TRANSACTIONS ON INFORMATION SCIENCE AND APPLICATIONS

Abstract:Symbolic model checking based on binary decision diagrams (OBDD) is a powerful automatic formal verification technique to ensure the correctness of design specifications. Statecharts that extends the finite state machine is a visual language for specifying the behavior of complex reactive system. We develop an algorithm for symbolic model checking Statecharts. Firstly, term syntax and semantics of Statecharts is briefly introduced. Based on process algebra and Statecharts semantics, Statecharts are translated into a labelled transition system by concurrent interleaving sequences and Statecharts transition rules, and then the labelled transition system is symbolically represented by OBDD as an implicit data structure. Finally, a forward CTL model-checking algorithm to verify if Statecharts satisfies the properties described in computer tree logic is discussed by using guided hints for under-approximation and over-approximation. The results suggest that symbolic model checking Statecharts is more efficient based on LTS result from Statecharts.

LV Yun-hua,ZHANG San-yuan,YE Xiu-zi

DOI: https://doi.org/10.3969/j.issn.1002-6886.2006.03.012

2006-01-01

Abstract:Finite state machine is needed in nearly all the CAD system. switch,case clause are used to design the corresponding statechart diagrams in normal CAD systems. But it can easily cause logical confusion and it is difficult for developers to design and test the modules of the statemachine. To some extent,it will prevent us from synactic developing. A normal finite state machine can be designed just as draw a statechart diagrams with the machine class mentioned in the paper,and with lesslogical confusion. The nested state machine based on the normal state machine allows synatic developing and module testing, it can improve the efficiency of development.

Junyan Qian,Baowen Xu

DOI: https://doi.org/10.1007/11562436_20

2005-01-01

Abstract: Timed Statecharts, which can efficiently specify explicit dense time, is an extension to the visual specification language Statecharts with real-time constructs. We give a definition of timed Statecharts that specifies explicit temporal behavior as timed automata does. It is very difficult to verify directly whether timed Statecharts satisfies the required properties. However, by compiling it into timed automata, timed Statecharts may be checked using Uppaal tool. In the paper, the state of timed Statecharts is represented by inductive term, and a step semantics of timed Statecharts is briefly described. The translation rules are shown by a compositional approach for formalizing the timed Statecharts semantics directly on sequences of micro steps. Timed automata corresponding to timed Statecharts was also discussed.

Yixiao Yang,Yu Jiang,Ming Gu,Jiaguang Sun

DOI: https://doi.org/10.1145/2970276.2970293

2016-01-01

Abstract:Simulink Stateflow is widely used for the model-driven development of software. However, the increasing demand of rigorous verification for safety critical applications brings new challenge to the Simulink Stateflow because of the lack of formal semantics. In this paper, we present STU, a self-contained toolkit to bridge the Simulink Stateflow and a well-defined rigorous verification. The tool translates the Simulink Stateflow into the Uppaal timed automata for verification. Compared to existing work, more advanced and complex modeling features in Stateflow such as the event stack, conditional action and timer are supported. Then, with the strong verification power of Uppaal, we can not only find design defects that are missed by the Simulink Design Verifier, but also check more important temporal properties. The evaluation on artificial examples and real industrial applications demonstrates the effectiveness.

E. M. Clarke,E. A. Emerson,A. P. Sistla

DOI: https://doi.org/10.1145/5397.5399

IF: 1.714

1986-04-01

ACM Transactions on Programming Languages and Systems

Abstract:We give an efficient procedure for verifying that a finite-state concurrent system meets a specification expressed in a (propositional, branching-time) temporal logic. Our algorithm has complexity linear in both the size of the specification and the size of the global state graph for the concurrent system. We also show how this approach can be adapted to handle fairness. We argue that our technique can provide a practical alternative to manual proof construction or use of a mechanical theorem prover for verifying many finite-state concurrent systems. Experimental results show that state machines with several hundred states can be checked in a matter of seconds.

computer science, software engineering

YANG Jun,GE Hai-tong,ZHENG Fei-jun,YAN Xiao-lang

DOI: https://doi.org/10.3321/j.issn:1008-9497.2006.04.012

2006-01-01

Abstract:Being a formal verification method,model checking is used frequently in hardware and software design.Firstey the Kripke structure which is used to describe the behavior of a system and the CTL logic which is used to describe the property of a system were introduced.Then two model checking algorithms were introduced: one is the labeling algorithm,the other is the algorithm based on fixpoint.In the end,the symbolic model checking which can reduce the possibility of memory explosion was introduced.

Shengchao Qin,Wei-Ngan Chin,Jifeng He,Zongyan Qiu

DOI: https://doi.org/10.1007/s11334-005-0020-2

2006-01-01

Innovations in Systems and Software Engineering

Abstract:Hardware/software co-specification is a critical phase in co-design. Our co-specification process starts with a high level graphical description in Statecharts and ends with an equivalent parallel composition of hardware and software descriptions in Verilog. In this paper, we first investigate the Statecharts formalism by providing it a formal syntax and a compositional operational semantics. Based on that, a semantics-preserving linking function is designed to compile specifications written in Statecharts into Verilog. The obtained Verilog specifications are then passed to a partitioning process to generate hardware and software subspecifications, where the correctness is guaranteed by algebraic laws of Verilog.

张学军,谢剑英,张苗苗

DOI: https://doi.org/10.3321/j.issn:1001-0920.2001.02.017

2001-01-01

Abstract:Aiming at reliability of programmable logic controller forcontinuous plants, an approach is presented to make the hybrid systems′ formal verification. The model is given out by using hybrid rectangular automata and the analysis of its quotient transition system′s reachability is presented. The principles of verification are given. The method is illustrated by an example of chemical process control.

ZHOU Ying,ZHENG Guo-liang,LI Xuan-dong

DOI: https://doi.org/10.3321/j.issn:0372-2112.2003.z1.034

2003-01-01

Abstract:The state machine formalism in UML is used for modeling discrete behavior of various system elements.Its rich notation provides a powerful description mechanism which meanwhile decreases modality of its structure and increases verifying complexity.Model checking is a technique for automatically verifying finite-state concurrent systems.By model checking the behavior of various system elements described by SM,we can find design errors as soon as possible.This paper defines an operational semantics for SM using Kripke structure in order to model checking SM.Different from existing SM semantics definitions,this paper takes undetermined factors in SM into consideration .SM is translated into kripke structure that describes all possible evolving traces on which model checker checks.

Yu Jiang,Yixiao Yang,Han Liu,Hui Kong,Ming Gu,Jiaguang Sun,Lui Sha

DOI: https://doi.org/10.1109/rtas.2016.7461337

2016-01-01

Abstract:Simulink is widely used for model driven development (MDD) of industrial software systems. Typically, the Simulink based development is initiated from Stateflow modeling, followed by simulation, validation and code generation mapped to physical execution platforms. However, recent industrial trends have raised the demands of rigorous verification on safety-critical applications, which is unfortunately challenging for Simulink. In this paper, we present an approach to bridge the Stateflow based model driven development and a well- defined rigorous verification. First, we develop a self- contained toolkit to translate Stateflow model into timed automata, where major advanced modeling features in Stateflow are supported. Taking advantage of the strong verification capability of Uppaal, we can not only find bugs in Stateflow models which are missed by Simulink Design Verifier, but also check more important temporal properties. Next, we customize a runtime verifier for the generated nonintrusive VHDL and C code of Stateflow model for monitoring. The major strength of the customization is the flexibility to collect and analyze runtime properties with a pure software monitor, which opens more opportunities for engineers to achieve high reliability of the target system compared with the traditional act that only relies on Simulink Polyspace. We incorporate these two parts into original Stateflow based MDD seamlessly. In this way, safety-critical properties are both verified at the model level, and at the consistent system implementation level with physical execution environment in consideration. We apply our approach on a train controller design, and the verified implementation is tested and deployed on a real hardware platform.

Weigang Ma,Xinhong Hei

DOI: https://doi.org/10.1109/ICCASM.2010.5620084

2010-01-01

Abstract:A modeling and verification methodology is presented for railway interlocking system which is regarded as a safety-critical system. The methodology utilizes UML (Unified Modeling Language) to model the function requirement and FSM (Finite State Machine) to verify the safety requirements of the specification. The device specifications of railway interlocking system are modeled with UML, and dynamic behaviors of the device and whole system are modeled with FSM, the safety specification is translated LTL (Linear Temporal Logic) and analyzed with NuSMV. We try to show the feasibility of improving the reliability and reducing revalidation efforts when designing and developing a decentralized railway signaling system.

Karthika Venkatesan,Sujit Kumar Chakrabarti

2023-07-11

Abstract:Statechart is a visual modelling language for systems. In this paper, we extend our earlier work on modular statecharts with local variables and present an updated operational semantics for statecharts with concurrency. Our variant of the statechart has local variables, which interact significantly with the remainder of the language semantics. Our semantics does not allow transition conflicts in simulations and is stricter than most other available semantics of statecharts in that sense. It allows arbitrary interleaving of concurrently executing action code, which allows more precise modelling of systems and upstream analysis of the same. We present the operational semantics in the form of the simulation algorithm. We also establish the criteria based on our semantics for defining conflicting transitions and valid simulations. Our semantics is executable and can be used to simulate statechart models and verify their correctness. We present a preliminary setup to carry out fuzz testing of Statechart models, an idea that does not seem to have a precedent in literature. We have used our simulator in conjunction with a well-known fuzzer to do fuzz testing of statechart models of non-trivial sizes and have found issues in them that would have been hard to find through inspection.

Software Engineering

Elaheh Ghassabani,Mohammad Abdollahi Azgomi

DOI: https://doi.org/10.48550/arXiv.1603.03535

2016-03-11

Abstract:Verification of large and complicated concurrent programs is an important issue in the software world. Stateless model checking is an appropriate method for systematically and automatically testing of large programs, which has proved its power in verifying code of large programs. Another well-known method in this area is runtime verification. Both stateless model checking and runtime verification are similar in some ways. One common approach in runtime verification is to construct runtime monitors for properties expressed in linear temporal logic. Currently, there are some semantics to check linear temporal logic formulae on finite paths proposed in the field of runtime verification, which can also be applied to stateless model checking. However, existing stateless model checkers do not support LTL formulae. In some settings, it is more advantageous to make use of stateless model checking instead of runtime verification. This paper proposes a novel encoding of one of the recent LTL semantics on finite paths into an actor-based system. We take a truly parallel approach without saving any program states or traces, which not only addresses important problems in runtime verification, but can also be applied to stateless model checking.

Programming Languages

Zhifeng Liu,Yun Ge,Dong Zhang

2011-01-01

Journal of Computational Information Systems

Abstract:The state exploration space is the major obstacle making model checking the computation tree logic CTL failure. In this paper, we present a new on the fly CTL model checking approach. Given a finite state machine we construct its reachable state space gradually and define the bounded semantics of CTL such that if the bounded semantics holds then there exists a witness or a counterexample for a given CTL formula in the reachable state space. Experimental results show that our method can verify actual CTL properties of large industrial models which can not be handled by conventional checkers. © 2011 Binary Information Press December, 2011.

J. Y. Qian,B. W. Xu

2006-01-01

Abstract:Timed Statecharts is an extension to the visual specification language with real-time constructs, and efficiently specify explicit dense time. The paper firstly defines timed Statecharts that extends to specify explicit continued time, such as clock constraint of timed automata. It is very difficult for timed Statecharts to directly verify its property. However, timed Statecharts may be checked by compiling it into region Statecharts as input to model checking Statecharts tool. As Alur and Dill's algorithm exist a lot of states which can't be reached or can be reached but useless, an improvement constructed algorithm to eliminate useless states during calculating clock region and time-successor by analyzing the clock constraint was discussed. Finally region Statecharts corresponding to time Statecharts was given.

Carlos Ivan Castro Marquez,M. Strum,J. Wang

DOI: https://doi.org/10.1109/IDT.2013.6727074

2013-12-01

Abstract:Formal techniques allow exhaustive verification on circuit design (at least in theory), but due to actual computational limitations, workarounds must always be adopted to check only a portion of the design at a time. Sequential equivalence checking is an effective approach, but it can only be applied between circuit descriptions where a one-to-one correspondence for states, as well as for memory elements, is expected. This paper presents a formal methodology to verify RTL descriptions through direct comparison with high-level reference models. By doing so, there is no need to specify or analyze formal properties, as the complete behavior is already contained in the reference model. We also consider the natural discrepancies between system level and RTL code, including non-matching interface and memory elements, and state mapping. In this manner, we are able to prove the functional coherence for the overall sequential behavior of the design under verification.

Engineering,Computer Science

Junyan Qian,Baowen Xu,Yingzhou Zhang

2007-01-01

Journal of Computational Information Systems

Abstract:Model checking is an automatic formal verification technique for a finite state system. Iterative abstraction refinement has emerged recently as the leading approach to software model checking. We present a methodology for automatically verifying programs against safety specifications based on finite state machine. As the first step, an initial abstract model is automatically extracted from source code using predicate abstraction and theorem proving. In order to reduce time complexities of this process, we partition the set of candidate predicates into subsets, and then construct abstract model independently.

Xiangpeng Zhao,Quan Long,Zongyan Qiu

DOI: https://doi.org/10.1007/11901433_24

2006-01-01

Abstract:UML is widely accepted and extensively used in software modeling. However, using different diagrams to model different aspects of a system brings the risk of inconsistency among diagrams. In this paper, we investigate an approach to check the consistency between the sequence diagrams and statechart diagrams using the SPIN model checker. To deal with the hierarchy structure of statechart diagrams, we propose a formalism called Split Automata, a variant of automata, which is helpful to bridge the statechart diagrams to SPIN efficiently. Compared with the existing work on model checking UML which do not have formal verification for their translation from UML to the model checker, we formally define the semantics and prove that the automatically translated model (i.e. Split Automata) does simulate the UML model. In this way, we can guarantee that the translated model does represent the original model.

Lu Chen,Jian Jiao,Jiping Fan,Fuchun Ren

DOI: https://doi.org/10.1109/rams.2016.7447978

2016-01-01

Abstract:Fault propagation identification is an indispensable task in complex system safety analysis. With the growing of system scale and complexity, it is hard for the traditional safety analysis techniques, which depend mainly on analysts' personal skills and experiences, to keep completeness and timeliness; moreover, some failure modes may be neglected and failure effects misjudged during the analysis. Formal science provides a new way to solve this problem, where formal verification method such as model checking can automatically validate whether the system design satisfies the given safety requirements, which can reduce an analysts' repetitive work and design cost, and improve the efficiency and quality of safety analysis. However, there is lack of a deliberate and reasonable way to build system models because of the diversity and flexibility of languages used for model checking, which results in that it is difficult to specify and model system quickly and accurately, and leads to some deviation in model checking. In this paper, a system modeling and safety property specifying approach using symbolic language SMV is proposed, including guidance on the mapping relationships between the formal language elements and system functions, architecture and failure modes; moreover, how to define system specifications and safety requirements using temporal logic formulas is discussed as well. Finally, a case study about airborne system safety analysis is provided, in which the counter-examples that do not meet system specifications can be identified automatically using model checker NuSMV to find out fault events and their propagation that can result in accidents.