Yuhong Zhao,Franz J. Rammig

DOI: https://doi.org/10.1109/isorc.2012.28

2012-01-01

Abstract:This paper presents a lightweight verification technique, which is applicable to dependable real-time systems, provided that the (abstract) model and the (concrete) implementation of the system under test are given in advance. In addition to the usual quality assurance techniques at design time (e.g., formal verification) and at implementation time (e.g., testing), we provide a special form of model checking at run time. That is, we check the correctness of an actual system execution by means of exploring a partial model space covering the current execution trace. In doing so, concrete state information is observed from time to time while the system to be checked is running. This runtime information is used to guide model checking to reduce the model space to be explored. In this sense, we call this method online model checking. Since we do not directly check the execution trace itself, our online checking at model level is capable of checking a running system some steps ahead of the actual state of execution. In this paper, we describe online model checking as well as the underlying system architecture in general, explain the basic algorithm and its extension to improve performance, and provide experimental results.

Haibin Shen,Jimin Wang,Lingdi Ping,Kang Sun

DOI: https://doi.org/10.1007/11689522_32

2006-01-01

Abstract:Flexible features of C can be misused and result in potential vulnerabilities which are hard to detect by performing only static checking. Existing tools either give up run-time type checking or employ a type system whose granularity is too coarse (it does not differentiate between pointer types) so that many errors may go undetected. This paper presents a dynamic checking approach to conquer them. A type system that is based on the physical layout of data types and has the proper granularity has been employed. Rules for propagating dynamic types and checking for compatibility of types during execution of the target program are also set up. Then a model of dynamic type checking on this type system to capture run-time type errors is built. Experimental results show that it can catch most errors, including those may become system vulnerabilities and the overhead is moderate.

DONG Wei,WANG Ji,QI Zhi-Chang

2001-01-01

Abstract:Model checking is an important technology of automatic verification. It verifies the modal/proposition properties of concurrent or real-time systems through explicit state exploration or implicit fixpoint computation. It can ensure the correctness of critical application such as communication protocol and digital circuit. In this paper, the development and state-of-art of model checking are expatiated. Two main tactics separately based on automata theory and symbolic structure for concurrent systems are described and the methods to solve state explosion problem are given. Then the methods of model checking for real-time systems and object-oriented designs are introduced. The corresponding known tools for every method are also presented. Finally, the difficulties faced by model checking and its developing trend are analyzed.

HU Jun,YU Xiao-Feng,ZHANG Yan,LI Xuan-Dong,ZHENG Guo-Liang

DOI: https://doi.org/10.1360/jos170048

2006-01-01

Journal of Software

Abstract:For real-time software systems, this paper considers the problem of checking component-based designs for timing scenario-based specifications, which is one of the challenges in real-time computing domain. Firstly the timing scenario-based specifications are specified by UML sequence diagrams with a set of boolean expressions, then the interface automata for modeling real time systems through adding time intervals on the actions is extened. The component-based designs are modeled by a real-time interface automaton network which contains a set of real-time interface automata synchronized by shared actions. Based on analyzing the compatible integer state space of a real-time interface automata network, a corresponding reachability graph is constructed and finally an algorithm for checking the consistency between the real-time component-based designs and the timing scenario-based specifications is developed.

Yike Huang,Xiaohong Chen,Zhi Jin,Tingliang Zhou

DOI: https://doi.org/10.1109/rew61692.2024.00035

2024-01-01

Abstract:The importance of real-time requirements inconsistency detection is increasingly manifested in safety -critical system development. Most existing tools use state-based detection methods for real-time requirements verification, but they sometimes struggle to efficiently detect results when faced with complex system requirements. Moreover, adding device properties into the verification has increased the complexity of the state space. As a complementary, in this paper, we present a lightweight efficient method for real-time requirements existence inconsistency detection for safety-critical systems. We reduce the real-time existential inconsistencies detection problem into a constraint solving problem. The real-time requirements and involved device properties are encoded into SMT formulas, which can be detected quickly by using a constraint solver such as Z3. Through a case study and experimental evaluation, it is shown that our method can efficiently detect real-time existential inconsistencies in requirements. This provides a practical solution to detect certain types of errors in the early stage, avoiding possible future expensive costs.

Haiying Sun,Jing Liu,Dehui Du

DOI: https://doi.org/10.1109/apsec.2012.92

2012-01-01

Abstract:In the paper, we propose a method that can be applied to verify implementation in real-time reactive system. Different from other software model checking approaches, our method is based on testing. This approach allows the verification of safety property to be conducted directly on real code instead of models extracted from final implementation. Verifying that kind of models is a hard work and can only be applied to parts of the implementation. The method is done by establishing a connection between safety verification and conformance testing in real-time system. We first prove a theorem that in real-time system, under the input enabled precondition, if an implementation conforms to its specification and the specification satisfies the safety properties, the implementation satisfies it either. Then, based on contropositivity of the former conclusion, we present a test case generation framework which forms basis for generating test cases that can be used to detect violations of safety properties in the implementation. In addition, this test generation framework can also detect more nonconformance defects when compared with other real time test generation methods. The method is illustrated with a train gate control system.

Sufyan Samara,Yuhong Zhao,Franz J. Rammig

DOI: https://doi.org/10.1007/978-3-642-15234-4_11

2010-01-01

Abstract:This paper presents a novel flexible, dependable, and reliable operating system design for distributed reconfigurable system on chip. The dependability and reliability are achieved by integrating online model checking technique. Each OS service has different implementations which are further partitioned into small blocks. This operating system design allows the OS service to be adapted at runtime according to the given resource requirements and response time. Such adaptable services may be required by real time safety-critical applications. The flexibility introduced in executing adaptable OS services also gives rise to a potential safety problem. Thus, online model checking is integrated to the operating system so as to improve the dependability, reliability, and fault tolerance of these adaptable OS services.

Krishna Sudhakar,Yuhong Zhao,Franz-Josef Rammig

DOI: https://doi.org/10.1109/isorc.2014.21

2015-01-01

Concurrency and Computation Practice and Experience

Abstract:In this paper we discuss how an efficient online model checker and a small-footprint RTOS can be integrated. Alternative approaches are discussed, leading to the decision for a federated approach. An implemented prototype is described and some analytical as well as experimental evaluations are presented.

Tang Shan,Peng Xin,Zhao Wen-yun,Liu Yi-ming

2006-01-01

Abstract:One of the urgent problems in software engineering is how to guarantee the correctness of software architecture evolution. Model checking is an approach which is used to verify properties of systems. Generally, it checks whether a given model satisfies some special property which are expressed by linear temporal logic through checking all of states of the target model. Since the complexity of the model checking mainly depends on the amount of number of the states, the most intractable problems of the approach are lack of memory and the state space explosion. There are few effective model checking approaches for large scale dynamic software architecture, this paper proposes a modular model checking strategy based on linear temporal logic. From two different levels: the component composing the system and the whole system, this paper discusses how to verify dynamic software architecture in detail, gives the corresponding algorithms and introduces an e-business case to illustrate the availability of our approach. Keyword: Dynamic Software Architecture, Model Checking, Linear Temporal Logic, Automaton

Yuhong Zhao,Franz Rammig

DOI: https://doi.org/10.1016/j.entcs.2009.09.035

2009-01-01

Electronic Notes in Theoretical Computer Science

Abstract:Model-based runtime verification is an extension to the state-of-the-art runtime verification, aimed at checking at runtime the system implementation against the system model (consistency checking) and the system model against the system specification (safety checking). Notice that our runtime verification works at the model level, thus, we do not need to strictly synchronize this runtime verification with the system execution. In fact, we mainly use the runtime information (current states) obtained from the system execution to reduce the state space (of the system model) to be explored. It means that this model-based runtime verification might run before or after the system execution, i.e., switch alternately between a preventive pre-checking mode and a maintaining post-checking mode. In order to make it run ahead of the system execution for as long time as possible, we present two possible strategies so that this runtime verification can selectively reduce the state space (of the system model) to be explored by making the system model enriched with probabilities and additional information derived and learned at the system testing phase.

Zhengwei Qi,Liang Liu,Alei Liang,Hao Wang,Ying Chen

DOI: https://doi.org/10.1109/ICPADS.2008.73

2008-01-01

Abstract:Modern software model checkers are usually used to find safety violations. However, checking liveness properties can offer a more natural and effective way to detect errors, particularly in complex concurrent and distributed e-business systems. Specifying global liveness properties which should always eventually be true proves to be more desirable, but it is hard for existing software model checkers to verify liveness in real codes because doing so requires finding an infinite execution. For solving such a challenge, this paper proposes an online checking tool to verify the safety and liveness properties of complex systems. We adopt the linear temporal logic to describe the semantics of the finite model checking, use binary instrumentation to obtain the distribute states and apply a checking engine to dynamically verify the finite trace linear temporal logic properties. At last, we demonstrate the method in a distributed system using distributed protocol Paxos and achieve good results by experiments.

Xiao Yang,Xiaohong Chen,Jiangtao Wang

DOI: https://doi.org/10.1109/REW57809.2023.00037

2023-01-01

Abstract:With the development of embedded techniques, embedded systems are becoming more and more complex along with complex requirements. Automatic software requirements specification approach is urgently required for embedded systems. Existing researches on automatic specification do not address timed-systems which are required in embedded systems. Therefore, this paper proposes a time related model checking based approach for software requirements specification in embedded systems. It tries to use a time related model checking technique to give a possible path of software behaviors to achieve expected effects. Specifically, this approach involves creating a domain-specific device library, expressing the system requirements, modeling the embedded system using timed automata, and deriving software requirements specifications through reachability analysis in the model checking tool UPPAAL. Additionally, a case study is conducted on a sun search control system to verify the feasibility of this approach.

CHEN Feng,LI Weihua,CHEN Hao,L(U) Zheng

2011-01-01

Abstract:In order to improve the analysis and design of software safety,on the basis of current researches on safety model and verification technology,a modeling and checking method is proposed for object-oriented software safety.Establishing non-formal UML models of software safety,safety extended deterministic finite automata and linear temporal logic are used to create the formal models and describe the safety properties separately.Through a model checker,we get the verification result.This approach realizes the combination of software safety model and verification technology.Experimental results show that the method can analyze and verify the safety properties effectively in the early stage of software design.

Meng Wang,Cong Tian,Nan Zhang,Zhenhua Duan,Hongwei Du

DOI: https://doi.org/10.1007/s10878-018-0343-1

2018-01-01

Journal of Combinatorial Optimization

Abstract:It is of great importance to ensure safety and reliability of the scheduling protocol of safety-critical systems since the failure will cause serious damage. This paper analyzes a real-time scheduling protocol of a safety-critical system and models it using a Modeling, Simulation and Verification Language program. Further, the schedulability and other desired properties are specified using Propositional Projection Temporal Logic formulas. As a result, these properties are proved with theorem proving and further verified using the runtime verification approach at code level.

dingkun yang,fei hu

DOI: https://doi.org/10.1007/978-3-642-54900-7_55

2014-01-01

Abstract:A real-time system consists of various tasks and dependencies between these tasks. Due to the time sensitive nature of such tasks, both time constraints and dependencies should be satisfied. To ensure each task running correctly and completely, especially critical tasks that affect the safety of system, some tasks will have to be missed, a reasonable algorithm is needed to find a compromise between task dependencies and system safety. In order to illustrate the algorithm, a typical real-time system - small unmanned helicopter onboard software system is introduced as an example. Through discussing the task model of onboard software and the task dependencies sequence, the problems caused by task dependencies is shown, a new task model and an algorithm based on the new model to solve above problems is discussed and proposed. Experiments show the improved results, finally is the further discussion on the algorithm.

Li-Jun SHAN,Xing-She ZHOU,Yu-Ying WANG,Lei ZHAO,Li-Jing WAN,Lei QIAO,Jian-Xin CEHN

DOI: https://doi.org/10.13328/j.cnki.jos.004788

2015-01-01

Abstract:Cyber physical systems (CPS) typically employ real-time multitasking systems as their control software. This paper proposes an approach to formally analyzing such control software using statistical model checking of UPPAAL. The main contribution of this study is a model in timed automata which modularly describes the major components of a multitasking system. The model supports the analysis of timing-related functional properties as well as schedulability analysis, and can easily be adapted and extended for verifying different properties of various multitasking systems. A case study on an early version of the Chinese Lunar Rover control software shows that the proposed method is able to track down undesired behavior in real-world industrial CPS.

Hao Wang,Wendy MacCaull

DOI: https://doi.org/10.4204/EPTCS.13.6

2009-12-10

Abstract:Timed model checking has been extensively researched in recent years. Many new formalisms with time extensions and tools based on them have been presented. On the other hand, Explicit-Time Description Methods aim to verify real-time systems with general untimed model checkers. Lamport presented an explicit-time description method using a clock-ticking process (Tick) to simulate the passage of time together with a group of global variables for time requirements. This paper proposes a new explicit-time description method with no reliance on global variables. Instead, it uses rendezvous synchronization steps between the Tick process and each system process to simulate time. This new method achieves better modularity and facilitates usage of more complex timing constraints. The two explicit-time description methods are implemented in DIVINE, a well-known distributed-memory model checker. Preliminary experiment results show that our new method, with better modularity, is comparable to Lamport's method with respect to time and memory efficiency.

Logic in Computer Science,Software Engineering

Jun Hu,Xiaofeng Yu,Yan Zhang,Tian Zhang,Xuandong Li,Guoliang Zheng

DOI: https://doi.org/10.1007/11596356_41

2005-01-01

Abstract:In this paper, for real-time embedded software we consider the problem of checking component-based designs for scenario-based timing specifications. By adding time intervals on the actions, we extend the interface automata for modelling real-time systems. The component-based designs are modelled by real-time interface automaton networks, which includes a set of real-time interface automata synchronized by shared actions, and the scenario-based timing specifications are specified by UML sequence diagrams with a set of boolean expressions. Based on analyzing the compatible integer state space of a real-time interface automaton network and its compatible reachability graph, we develop an algorithm to check the consistency between real-time component-based designs and the scenario-based timing specifications.

LIAN Zhi-chao,OUYANG Dan-tong

DOI: https://doi.org/10.3321/j.issn:1671-5489.2007.06.016

2007-01-01

Abstract:We proposed a real-time method to diagnose dynamic systems with model checking.This method utilizes the efficiency of verification of model checking on a large state space to diagnose.It enhances real time diagnosis in AI region.We built a platform based model checking to integrate modeling,testing diagnosability and performing diagnosis,the result proves that our method is feasible.

Zhengwei Qi,Alei Liang,Haibing Guan,Ming Wu,Zheng Zhang

DOI: https://doi.org/10.1109/NCM.2009.191

2009-01-01

Abstract:Traditional model checking methods to find safety and liveness violations are usually applied in the abstract model, while existing runtime monitoring methods to check the predicates can not obtain the high path coverage. This paper presents a hybrid model checking and runtime monitoring method to check the safety and liveness properties in real complex distributed C/C++ Web service systems,which can offer both a richer and more efficient way to search violations specified by linear temporal logic. Based on our model checking engine to walk different paths, we adopt the finite linear temporal logic engine to dynamically verify properties in C/C++ Web service systems. Then, we use the practical examples to illustrate its usage and applications in real C/C++ Web service systems.