ZHANG Pin,LUO Gui-ming

2007-01-01

Journal of Computer Applications

Abstract:Unified Modeling Language(UML)is the most commonly used method in software system design and analysis,and how to verify that the UML model satisfies some properties is a very important issue.Model Checking is an efficient automatic technique for the improvement of system's reliability,and this paper is a research into how to check UML model through the Simple PROMELA Interpreter(SPIN)model-checker.After describing the UML model using formal method,we first used hierarchical automata to express statecharts diagram.In addition,we translated the statecharts and part of the class diagram into PROMELA based on the operational semantic of hierarchical automata,and verified the model by using Simple Promela Interpreter(SPIN)to test if it satisfied the LTL properties.We also verified the consistency between sequence diagram and statecharts diagram by using LTL formula to express sequence diagram.Finally,based on the method,we developed a model checker tool called UMLChecker.

Martin Kardos,Yuhong Zhao

DOI: https://doi.org/10.1007/1-4020-8149-9_3

2004-01-01

Abstract:System level design incorporating system modeling and formal specification in combination with formal verification can substantially contribute to the correctness and quality of the embedded systems and consequently help reduce the development costs. Ensuring the correctness of the designed system is, of course, a crucial design criterion especially when complex distributed (realtime) embedded systems are considered. Therefore, this paper aims at presenting a verification framework designated for formal verification and validation of UML-based design of embedded systems. It first introduces an approach of using the AsmL language for acquiring formal models of the UML semantics and consequently presents an on-the-fly model checking technique designed to run the formal verification directly over those semantic models.

Weigang Ma,Xinhong Hei

DOI: https://doi.org/10.1109/ICCASM.2010.5620084

2010-01-01

Abstract:A modeling and verification methodology is presented for railway interlocking system which is regarded as a safety-critical system. The methodology utilizes UML (Unified Modeling Language) to model the function requirement and FSM (Finite State Machine) to verify the safety requirements of the specification. The device specifications of railway interlocking system are modeled with UML, and dynamic behaviors of the device and whole system are modeled with FSM, the safety specification is translated LTL (Linear Temporal Logic) and analyzed with NuSMV. We try to show the feasibility of improving the reliability and reducing revalidation efforts when designing and developing a decentralized railway signaling system.

YANG Jun,GE Hai-tong,ZHENG Fei-jun,YAN Xiao-lang

DOI: https://doi.org/10.3321/j.issn:1008-9497.2006.04.012

2006-01-01

Abstract:Being a formal verification method,model checking is used frequently in hardware and software design.Firstey the Kripke structure which is used to describe the behavior of a system and the CTL logic which is used to describe the property of a system were introduced.Then two model checking algorithms were introduced: one is the labeling algorithm,the other is the algorithm based on fixpoint.In the end,the symbolic model checking which can reduce the possibility of memory explosion was introduced.

Weigang Ma,Xinhong Hei

DOI: https://doi.org/10.2991/iccasm.2012.212

2012-01-01

Abstract:A verification methodology is presented for railway interlocking system which is regarded as a safety-critical system.The methodology utilizes UML to model the function requirement and LTL to verify the safety requirements of the specification.The device specifications of railway interlocking system are modeled with UML, then translate into FSM.The safety specification is translated LTL and analyzed with NuSMV.We try to show the feasibility of improving the reliability and reducing revalidation efforts when designing and developing a decentralized railway signaling system.

Lu Chen,Jian Jiao,Jiping Fan,Fuchun Ren

DOI: https://doi.org/10.1109/rams.2016.7447978

2016-01-01

Abstract:Fault propagation identification is an indispensable task in complex system safety analysis. With the growing of system scale and complexity, it is hard for the traditional safety analysis techniques, which depend mainly on analysts' personal skills and experiences, to keep completeness and timeliness; moreover, some failure modes may be neglected and failure effects misjudged during the analysis. Formal science provides a new way to solve this problem, where formal verification method such as model checking can automatically validate whether the system design satisfies the given safety requirements, which can reduce an analysts' repetitive work and design cost, and improve the efficiency and quality of safety analysis. However, there is lack of a deliberate and reasonable way to build system models because of the diversity and flexibility of languages used for model checking, which results in that it is difficult to specify and model system quickly and accurately, and leads to some deviation in model checking. In this paper, a system modeling and safety property specifying approach using symbolic language SMV is proposed, including guidance on the mapping relationships between the formal language elements and system functions, architecture and failure modes; moreover, how to define system specifications and safety requirements using temporal logic formulas is discussed as well. Finally, a case study about airborne system safety analysis is provided, in which the counter-examples that do not meet system specifications can be identified automatically using model checker NuSMV to find out fault events and their propagation that can result in accidents.

ZHOU Ying,ZHENG Guo-liang,LI Xuan-dong

DOI: https://doi.org/10.3321/j.issn:0372-2112.2003.z1.034

2003-01-01

Abstract:The state machine formalism in UML is used for modeling discrete behavior of various system elements.Its rich notation provides a powerful description mechanism which meanwhile decreases modality of its structure and increases verifying complexity.Model checking is a technique for automatically verifying finite-state concurrent systems.By model checking the behavior of various system elements described by SM,we can find design errors as soon as possible.This paper defines an operational semantics for SM using Kripke structure in order to model checking SM.Different from existing SM semantics definitions,this paper takes undetermined factors in SM into consideration .SM is translated into kripke structure that describes all possible evolving traces on which model checker checks.

Junyan Qian,Baowen Xu,Yingzhou Zhang

2007-01-01

Journal of Computational Information Systems

Abstract:Model checking is an automatic formal verification technique for a finite state system. Iterative abstraction refinement has emerged recently as the leading approach to software model checking. We present a methodology for automatically verifying programs against safety specifications based on finite state machine. As the first step, an initial abstract model is automatically extracted from source code using predicate abstraction and theorem proving. In order to reduce time complexities of this process, we partition the set of candidate predicates into subsets, and then construct abstract model independently.

Étienne André,Shuang Liu,Yang Liu,Christine Choppy,Jun Sun,Jin Song Dong

DOI: https://doi.org/10.1145/3579821

2024-07-24

Abstract:The Unified Modeling Language (UML) is a standard for modeling dynamic systems. UML behavioral state machines are used for modeling the dynamic behavior of object-oriented designs. The UML specification, maintained by the Object Management Group (OMG), is documented in natural language (in contrast to formal language). The inherent ambiguity of natural languages may introduce inconsistencies in the resulting state machine model. Formalizing UML state machine specification aims at solving the ambiguity problem and at providing a uniform view to software designers and developers. Such a formalization also aims at providing a foundation for automatic verification of UML state machine models, which can help to find software design vulnerabilities at an early stage and reduce the development cost. We provide here a comprehensive survey of existing work from 1997 to 2021 related to formalizing UML state machine semantics for the purpose of conducting model checking at the design stage.

Software Engineering,Logic in Computer Science

Étienne André,Shuang Liu,Yang Liu,Christine Choppy,Jun Sun,Jin Song Dong

DOI: https://doi.org/10.1145/3579821

IF: 16.6

2023-01-17

ACM Computing Surveys

Abstract:The Unified Modeling Language (UML) is a standard for modeling dynamic systems. UML behavioral state machines are used for modeling the dynamic behavior of object-oriented designs. The UML specification, maintained by the Object Management Group (OMG), is documented in natural language (in contrast to formal language). The inherent ambiguity of natural languages may introduce inconsistencies in the resulting state machine model. Formalizing UML state machine specification aims at solving the ambiguity problem and at providing a uniform view to software designers and developers. Such a formalization also aims at providing a foundation for automatic verification of UML state machine models, which can help to find software design vulnerabilities at an early stage and reduce the development cost. We provide here a comprehensive survey of existing work from 1997 to 2021 related to formalizing UML state machine semantics for the purpose of conducting model checking at the design stage.

computer science, theory & methods

Tieming Chen,Zhenbo Yu,Shijian Li,Bo Chen

DOI: https://doi.org/10.1155/2016/8797568

IF: 2.336

2016-01-01

Journal of Sensors

Abstract:Model checking has successfully been applied on verification of security protocols, but the modeling process is always tedious and proficient knowledge of formal method is also needed although the final verification could be automatic depending on specific tools. At the same time, due to the appearance of novel kind of networks, such as wireless sensor networks (WSN) and wireless body area networks (WBAN), formal modeling and verification for these domain-specific systems are quite challenging. In this paper, a specific and novel formal modeling and verification method is proposed and implemented using an expandable tool called PAT to do WSN-specific security verification. At first, an abstract modeling data structure for CSP#, which is built in PAT, is developed to support the nodemobility related specification for modeling location-based node activity. Then, the traditional Dolev Yao model is redefined to facilitate modeling of location-specific attack behaviors on security mechanism. A throughout formal verification application on a location-based security protocol in WSN is described in detail to show the usability and effectiveness of the proposed methodology. Furthermore, also a novel location-based authentication security protocol in WBAN can be successfully modeled and verified directly using our method, which is, to the best of our knowledge, the first effort on employing model checking for automatic analysis of authentication protocol for WBAN.

ZHANG Yu-qing,WANG Lei,XIAO Guo-zhen,WU Jian-ping

2000-01-01

Journal of Software

Abstract:It is an important and hard problem in the area of computer network security to analyze cryptographic protocols. A methodology is presented using a model checke r of formal methods, SMV (symbolic model verifier), to analyze the well known Ne edham-Schroeder Public-Key Protocol. The SMV is used to discover an attack upo n the protocol, which has never been discovered by BAN logic. Finally, the proto col is adapted, and then the SMV is used to show that the new protocol is secure .

Xiangpeng Zhao,Quan Long,Zongyan Qiu

DOI: https://doi.org/10.1007/11901433_24

2006-01-01

Abstract:UML is widely accepted and extensively used in software modeling. However, using different diagrams to model different aspects of a system brings the risk of inconsistency among diagrams. In this paper, we investigate an approach to check the consistency between the sequence diagrams and statechart diagrams using the SPIN model checker. To deal with the hierarchy structure of statechart diagrams, we propose a formalism called Split Automata, a variant of automata, which is helpful to bridge the statechart diagrams to SPIN efficiently. Compared with the existing work on model checking UML which do not have formal verification for their translation from UML to the model checker, we formally define the semantics and prove that the automatically translated model (i.e. Split Automata) does simulate the UML model. In this way, we can guarantee that the translated model does represent the original model.

Mo Xia,Guiming Luo,Mian Sun

DOI: https://doi.org/10.1145/2591062.2591149

2014-01-01

Abstract:Model checking is a common formal verification technique, but it is only applicable to white box systems. In order to allow users without much formal verification expertise to use model checking easily, this paper proposes a modular approach for software modeling and model checking. Efficiency, correctness, and reusability are our main concerns. A hierarchical model is constructed for a system by modules, and it is translated into the specific model checking codes. The M^3C tool is implemented to support our approach, and it is successfully applied to actual industrial cases, as well as to some cases in the literature.

Lu Chen,Jian Jiao,Qianxin Wei,Tingdi Zhao

DOI: https://doi.org/10.1016/j.engfailanal.2017.06.034

IF: 4

2017-01-01

Engineering Failure Analysis

Abstract:It is important to analyze the failure in safety-critical system because a disaster may occur once any type of failure mode and/or failure effect is neglected or misjudged. In order to conduct the failure analysis more effectively and efficiently, the concept of formal modeling is introduced. This paper improved the model-based safety analysis (MBSA) working process to optimize the formal failure analysis approach of safety-critical system. As the core works of MBSA process, the formal modeling and model extension aim to build an integrated system model which can be used for analyzing the failure behaviors in the system by model checking. However, in order to automatically check if there are any potential failures in the structured system model and whether the model satisfies the specified system properties and requirements using model checker, model transformation is normally needed, which can introduced potential errors during the transformation. Moreover, different model checkers generally require the system models to be expressed in a particular input language, which increases the difficulty of modeling as well. In order to avoid these problems and improve the efficiency of failure analysis work, this paper focused on how to build an unified model of safety-critical system quickly and accurately using symbolic language SMV, and conduct automatic verification using the corresponding open-source model checker NuSMV soon afterwards. After the model checking, the formal verification results such as counter-examples generated by model checking need to be transformed into traditional failure analysis artifacts, such as FMEA and/or FTA, to guide the iterative improvement of system development conveniently. Therefore, to solve the transformation from formal verification conclusions to traditional failure analysis results is another key point of this paper. Finally, a case study about airborne equipment is provided to validate the proposed method.

Hezhen Liu,Jiacheng Yin,Chengqiang Huang,Hao Lan,Zhi Jin,Zheng,Xun Zhang

DOI: https://doi.org/10.1109/issrew60843.2023.00045

2023-01-01

Abstract:Previous studies suggest that the combination of model-based fault injection and model checking can effectively detect the dependability bottlenecks and verify the fault-tolerance capability of systems at very early phases of their lifecycles. However, a challenge of applying such techniques in the industry is that semi-formal modeling languages like UML cannot easily support automated analysis and formal verification. To address this challenge, we propose a fault injection and verification framework based on UML sequence diagrams. The idea is to create formal models from sequence diagrams as well as predefined fault models, and then run a model checker to check if specific properties are violated. With an exhaustive exploration of a system’s states and fault space by the model checker, the approach ensures complete, automated reasoning on failure modes and effects. The framework also allows the designs of additional recovery actions to tolerate faults and then the verification of the updated models. The framework separates manual and automated activities, providing a guide to the practices of developers and the development of the support tool. We conduct a study on an industrial case and demonstrate that by the proposed approach, critical design flaws are revealed.

Xiangyu Luo,Yan Chen,Ming Gu,Lijun Wu

DOI: https://doi.org/10.1109/nswctc.2009.384

2009-01-01

Abstract:Formal verification approaches can guarantee the correctness of security protocols. In this paper we take the well-known Needham-Schroeder public-key authentication protocol as an example, to show how we can apply the symbolic model checker for multiagent systems MCTK, which is developed by us, to the verification of security protocols. One temporal epistemic property is checked successfully both in the original version and the Lowe's revised version of the Needham-Schroeder protocol. The experimental result shows that our method is an effective way to the verification of security protocol.

Gang Ren,Pan Deng,Chao Yang,Jianwei Zhang,Qingsong Hua

DOI: https://doi.org/10.1007/978-3-319-38904-2_33

2015-01-01

Abstract:In recent year, distributed systems have become a mainstream paradigm in industry and how to ensure correctness and reliability is a great challenge for practicing engineers. Therefore, in this paper a formal approach is proposed for modelling and verification of distributed systems, which integrates UML sequence diagram, pi-calculus and NuSMV within one framework. Moreover, the practicality of the proposed approach is illuminated though a case study of scheduling road emergency service.

HU Bin,LI Yang,GAO Ji

DOI: https://doi.org/10.3785/j.issn.1008-973x.2011.09.008

2011-01-01

Abstract:Towards the difficulty of property verification in the norm-governed trustworthy cross-organizational collaboration system,this work introduced a verification method based on symbolic model checking.This method includes three different parts: the syntax and semantics of norms,the Abstract system model and the verification algorithm.The semantics of norms constitute the core of the whole method.It maps norms into the state sets or the state transition sets that satisfy them,thus eliminates the semantics gap between norms and the system model.The Abstract model,which includes the definition of normative Kripke structure,normative traces,and the computation tree logic(CTL) semantics under the system model,provides the framework for formally modeling the collaboration systems.The verification algorithm is the implementation of the method.In contrast to the theorem-proven based verification,this method can effectively reduce the verification time,thus improve the verification efficiency.

Xiaopu Huang,Qingqing Sun,Jiangwei Li,Tian Zhang

DOI: https://doi.org/10.1007/978-3-642-35795-4_62

2012-01-01

Abstract:State Machine Diagram (SMD) is one of the SysML behavior diagrams, but it is a kind of semi-formal model language. As a consequence, models can not be verified conveniently and efficiently, especially in real-time embedded system (RTES) field as there are no descriptions of time and probability in SMD. To address these problems, we extend SMD with time and probability elements extracted from MARTE and propose a transformation algorithm based on MDE. With the algorithm, we transform the extended SMD to timed automata (TA) and then analyze and verify the transformation result using existing tools. So at the very beginning of system design, errors and deficiencies can be found. At last, we construct an instance to illustrate the validity of our approach.