Leyuan Liu,Weiqiang Kong,Shijie Zhou,Zhiguang Qin,Akira Fukuda

DOI: https://doi.org/10.1109/cit.2012.91

2012-01-01

Abstract:State Transition Matrix (STM) is a table-based modeling language for developing software system designs. Each STM abstracts a function module of the design in the form of a table, in which the behavior of the module is specified according to the dispatch of certain events on certain states. A Hierarchical STM (HSTM) consists of several STMs that are structured in a hierarchical way. A HSTM Design denote a system developed with HSTM. The STMs in a HSTM design execute asynchronously and communicate with each other through shared variables or message passing. In this paper, we present a formalization of HSTM designs that utilize message passing as the means of communication in the first place. Furthermore, based on this formalization, we propose a symbolic encoding approach, through which correctness of a HSTM design with respect to LTL properties could be represented as Bounded Model Checking (BMC) problems that could consequentially be determined by Satisfiability Modulo Theories (SMT) solving. Moreover we have implemented our encoding approach in a tool called Garakabu2 with the SMT solver CVC3 as its back-ended solver. Preliminary experiments show that counterexamples (design errors) could be discovered effectively with our method.

Weigang Ma,Xinhong Hei

DOI: https://doi.org/10.1109/ICCASM.2010.5620084

2010-01-01

Abstract:A modeling and verification methodology is presented for railway interlocking system which is regarded as a safety-critical system. The methodology utilizes UML (Unified Modeling Language) to model the function requirement and FSM (Finite State Machine) to verify the safety requirements of the specification. The device specifications of railway interlocking system are modeled with UML, and dynamic behaviors of the device and whole system are modeled with FSM, the safety specification is translated LTL (Linear Temporal Logic) and analyzed with NuSMV. We try to show the feasibility of improving the reliability and reducing revalidation efforts when designing and developing a decentralized railway signaling system.

Yong Li,Yu Zhang,Yi-Yun Chen,Ming Fu

DOI: https://doi.org/10.1007/s11390-010-9369-2

2010-01-01

Abstract:Transactional memory (TM) is an easy-using parallel programming model that avoids common problems associated with conventional locking techniques. Several researchers have proposed a large amount of alternative hardware and software TM implementations. However, few ones focus on formal reasoning about these TM programs. In this paper, we propose a framework at assembly level for reasoning about lazy software transactional memory (STM) programs. First, we give a software TM implementation based on lightweight locks. These locks are also one part of the shared memory. Then we define the semantics of the model operationally, and the lightweight locks in transaction are non-blocking, avoiding deadlocks among transactions. Finally we design a logic — a combination of permission accounting in separation logic and concurrent separation logic — to verify various properties of concurrent programs based on this machine model. The whole framework is formalized using a proof-carrying-code (PCC) framework.

Daisuke Ishii,Takashi Tomita,Toshiaki Aoki,Quyen Ngo,Thi Bich Ngoc Do,Hideaki Takai

DOI: https://doi.org/10.48550/arXiv.2206.02992

2022-06-07

Abstract:The development of embedded systems requires formal analysis of models such as those described with MATLAB/Simulink. However, the increasing complexity of industrial models makes analysis difficult. This paper proposes a model checking method for Simulink models using SMT solvers. The proposed method aims at (1) automated, efficient and comprehensible verification of complex models, (2) numerically accurate analysis of models, and (3) demonstrating the analysis of Simulink models using an SMT solver (we use Z3). It first encodes a target model into a predicate logic formula in the domain of mathematical arithmetic and bit vectors. We explore how to encode various Simulink blocks exactly. Then, the method verifies a given invariance property using the k-induction-based algorithm that extracts a subsystem involving the target block and unrolls the execution paths incrementally. In the experiment, we applied the proposed method and other tools to a set of models and properties. Our method successfully verified most of the properties including those unverified with other tools.

Logic in Computer Science

Zhou Conghua,Chen Zhenyu,Ju Shiguang

2008-01-01

Journal of Computer Research and Development

Abstract:For concurrent software systems, linear temporal logic SE-LTL is a specification language with high expressive power and the ability to reason about both states and events. Until now, the SE-LTL model checking algorithm is still explicit, and the state explosion is the primary verification difficulty. A bounded model checking procedure is introduced for SE-LTL which reduces model checking to propositional satisfiability. This new technique avoids the space blow up of BDDs, and sometimes speeds up the verification. For SE-LTL-X the procedure and stuttering equivalent technique is further integrated. The experiment result shows that the integration can reduce the verification time very much.

Yongyi Yan,Daizhan Cheng,Jun-E. Feng,Haitao Li,Jumei Yue

DOI: https://doi.org/10.1007/s11432-022-3538-4

2023-01-05

Science China Information Sciences

Abstract:Algebraic state space theory (ASST) of logical systems, developed based on the semi-tensor product (STP) which is a new matrix analysis tool built in recent ten years, provides an algebraic analysis approach for many fields of science, such as logical dynamical systems, finite-valued systems, discrete event dynamic systems, and networked game systems. This study focuses on comprehensively surveying the applications of the ASST method to the field of finite state machines (FSMs). Some necessary preliminaries on the method are first reviewed. Then the applications of the method in the FSM field are reviewed, including deterministic FSMs, nondeterministic FSMs, probabilistic FSMs, networked FSMs, and controlled and combined FSMs. In addition, other applications related to both STP and FSMs are surveyed, such as the application of FSM to Boolean control networks and the application of graph theory to FSMs. Finally, some potential research directions with respect to the ASST method in the FSM field are predicted.

computer science, information systems,engineering, electrical & electronic

Keijo Heljanko,Ilkka Niemelä

DOI: https://doi.org/10.48550/arXiv.cs/0305040

2003-05-24

Abstract:In this paper bounded model checking of asynchronous concurrent systems is introduced as a promising application area for answer set programming. As the model of asynchronous systems a generalisation of communicating automata, 1-safe Petri nets, are used. It is shown how a 1-safe Petri net and a requirement on the behaviour of the net can be translated into a logic program such that the bounded model checking problem for the net can be solved by computing stable models of the corresponding program. The use of the stable model semantics leads to compact encodings of bounded reachability and deadlock detection tasks as well as the more general problem of bounded model checking of linear temporal logic. Correctness proofs of the devised translations are given, and some experimental results using the translation and the Smodels system are presented.

Logic in Computer Science,Artificial Intelligence

G Xu,ZM Wu

DOI: https://doi.org/10.1109/icsmc.2003.1244690

2003-01-01

Abstract:A modeling method for controller in FMS is presented This method is based upon the timed automata. Model checker tool UPPAAL is used to model, simulate and verify the FMS model. In the previous work about FMS modeling, the behavior of FMS is more emphasized than the performance, or vice versa. Because the time is included into the modeling method in this paper the scheduling and controlling problems in FMS can be integrated into this model. The performance of the system can be guaranteed while the system behavior is controlled. Upon this model, the optimal scheduling and optimal controlling can also be checked and verified.

Jette Petzold,Reinhard von Hanxleden

2024-04-05

Abstract:Model checking is a proven approach for checking whether the behavior model of a safety-critical system fulfills safety properties that are stated as LTL formulas.We propose rules for generating such LTL formulas automatically based on the result of the risk analysis technique System-Theoretic Process Analysis (STPA). Additionally, we propose a synthesis of a Safe Behavior Model from these generated LTL formulas. To also cover liveness properties in the model, we extend STPA with Desired Control Actions. We demonstrate our approach on an example system using SCCharts for the behavior model. The resulting model is not necessarily complete but provides a good foundation that already covers safety and liveness properties.

Software Engineering

Zhengwei Qi,Liang Liu,Alei Liang,Hao Wang,Ying Chen

DOI: https://doi.org/10.1109/ICPADS.2008.73

2008-01-01

Abstract:Modern software model checkers are usually used to find safety violations. However, checking liveness properties can offer a more natural and effective way to detect errors, particularly in complex concurrent and distributed e-business systems. Specifying global liveness properties which should always eventually be true proves to be more desirable, but it is hard for existing software model checkers to verify liveness in real codes because doing so requires finding an infinite execution. For solving such a challenge, this paper proposes an online checking tool to verify the safety and liveness properties of complex systems. We adopt the linear temporal logic to describe the semantics of the finite model checking, use binary instrumentation to obtain the distribute states and apply a checking engine to dynamically verify the finite trace linear temporal logic properties. At last, we demonstrate the method in a distributed system using distributed protocol Paxos and achieve good results by experiments.

Sota Sato,Jie An,Zhenya Zhang,Ichiro Hasuo

2024-08-13

Abstract:We present a bounded model checking algorithm for signal temporal logic (STL) that exploits mixed-integer linear programming (MILP). A key technical element is our novel MILP encoding of the STL semantics; it follows the idea of stable partitioning from the recent work on SMT-based STL model checking. Assuming that our (continuous-time) system models can be encoded to MILP -- typical examples are rectangular hybrid automata (precisely) and hybrid dynamics with closed-form solutions (approximately) -- our MILP encoding yields an optimization-based model checking algorithm that is scalable, is anytime/interruptible, and accommodates parameter mining. Experimental evaluation shows our algorithm's performance advantages especially for complex STL formulas, demonstrating its practical relevance e.g. in the automotive domain.

Systems and Control

Qianchuan Zhao,Bruce H. Krogh

DOI: https://doi.org/10.1109/TCST.2006.876921

2006-01-01

Abstract:This paper presents a new approach to the formal verification of properties of discrete control specifications given by Statecharts. Specifications for the Statechart behavior are given by temporal logic expressions for the Statechart computation tree, that is, the tree of possible sequences of Statechart configurations. To take advantage of existing model checking technology, the Statechart is converted into a finite-state representation and the Statechart specification is converted into an equivalent specification for the finite-state system. The definitions and general procedure applies for arbitrary Statechart semantics (a specific semantics results in a particular realization of the procedure). The results are illustrated with examples using the Math-Works Stateflow Toolbox (for Statecharts) and the SMV model checking program. The procedure is realized in an extension of the MATLAB sf2smv command presented in previous papers

Weigang Ma,Xinhong Hei

DOI: https://doi.org/10.2991/iccasm.2012.212

2012-01-01

Abstract:A verification methodology is presented for railway interlocking system which is regarded as a safety-critical system.The methodology utilizes UML to model the function requirement and LTL to verify the safety requirements of the specification.The device specifications of railway interlocking system are modeled with UML, then translate into FSM.The safety specification is translated LTL and analyzed with NuSMV.We try to show the feasibility of improving the reliability and reducing revalidation efforts when designing and developing a decentralized railway signaling system.

Shujun Deng,Weimin Wu,Jinian Bian

DOI: https://doi.org/10.1007/978-3-540-72863-4_31

2007-01-01

Abstract:Bounded Model Checking (BMC) based on SAT is a complementary technique to BDD-based Symbolic Model Checking, and it is useful for finding counterexamples of minimum length. However, for model checking of large real world systems, BMC is still limited by the state explosion problem, thus abstraction is essential. In this paper, BMC is implemented on a higher abstraction level - Register Transfer Level (RTL) within an abstraction framework of symbolic trajectory evaluation and hybrid three-valued SAT solving. An efficient SAT solver for RTL circuits is presented, and it is modified into a three-valued solver for the cooperative BMC application. The experimental results comparing with the ordinary BMC without abstraction show the efficiency of our method.

XD He,HQ Yu,TJ Shi,JH Ding,Y Deng

DOI: https://doi.org/10.1016/s0164-1212(02)00087-0

2004-01-01

Abstract:In the past decade, software architecture has emerged as a major research area in software engineering. Many architecture description languages have been proposed and some analysis techniques have also been explored. In this paper, we present a graphical formal software architecture description model called software architecture model (SAM). SAM is a general software architecture development framework based on two complementary formalisms--Petri nets and temporal logic. Petri nets are used to visualize the structure and model the behavior of software architectures while temporal logic is used to specify the required properties of software architectures. These two formal methods are nicely integrated through the SAM software architecture framework. Furthermore, SAM provides the flexibility to choose different compatible Petri net and temporal logic models according to the nature of system under study. Most importantly, SAM supports formal analysis of software architecture properties in a variety of well-established techniques--simulation, reachability analysis, model checking, and interactive proving, In this paper, we show how to formally analyze SAM software architecture specifications using two well-known techniques--symbolic model checking with tool Symbolic Model Verifier, and theorem proving with tool STeP.

Hq Yu,Xd He,Y Deng,La Mo

DOI: https://doi.org/10.1007/3-540-36103-0_30

2002-01-01

Abstract:The Software Architecture Model (SAM) is a general software architecture model based on a dual formalism combining Petri nets and temporal logic. This paper proposes a formal method for modeling and analyzing real-time systems with SAM. A high level Petri net and a linear time temporal logic are used as the theoretical basis for SAM. Behaviors of real-time systems are modeled by Petri nets, while their properties are specified by temporal logic. By translating Petri nets into clocked transition systems, we can apply the Stanford Temporal Prover to automating the analysis of real-time systems. A case study of interactive multimedia documents demonstrates our approach to modeling and analyzing real-time systems with SAM.

Jun Sun,Yang Liu,Jin Song Dong,Jing Sun

DOI: https://doi.org/10.1109/tase.2008.12

2008-01-01

Abstract:Verification techniques like SAT-based bounded model checking have been successfully applied to a variety of system models. Applying bounded model checking to compositional process algebras is, however, not a trivial task. One challenge is that the number of system states for process algebra models is not statically known, whereas exploring the full state space is computationally expensive. This paper presents a compositional encoding of hierarchical processes as SAT problems and then applies state-of-the-art SAT solvers for bounded model checking. The encoding avoids exploring the full state space for complex systems so as to deal with state space explosion. We developed an automated analyzer which combines complementing model checking techniques (i.e., bounded model checking and explicit on-the-fly model checking) to validate system models against event-based temporal properties. The experiment results show the analyzer handles large systems.

Shujun Deng,Weimin Wu,Jinian Bian

DOI: https://doi.org/10.1109/cscwd.2006.253184

2006-01-01

Abstract:This paper presents a cooperative bounded model checking (BMC) method for RTL designs. The method firstly extends the Boolean DPLL algorithm into a unified procedure to solve hybrid satisfiability problems for RTL circuits, and then changes this solver to a hybrid three-valued SAT solver. Symbolic trajectory evaluation (STE) assertions are transformed to a three-valued problem combining the expansion method in BMC and the abstraction of STE. The experimental results comparing with ordinary BMC which based on an ordinary hybrid SAT solver demonstrate the efficiency of our approach

Lei Bu,Hui Jiang,Xin Chen,Enyi Tang,Xuandong Li

DOI: https://doi.org/10.1007/978-3-030-01461-2_5

2018-01-01

Abstract:Linear Hybrid Automata (LHA) is a natural modeling language for real-time embedded systems. However, due to the existences of both discrete and continuous behaviors, formal analysis of LHA is recognized as a very challenging task. Despite decades of active research, the kinds of LHA problems that can be efficiently analyzed is rather limited. On the other hand, Labelled Linear Transition System (LTS) is a widely used modeling language to describe the state changes of the system before and after certain transitions. Lots of research efforts have been devoted into the verification of LTS models. Many off-the-shelf formal techniques and tools are available for analyzing different kinds of problems for LTS systems. In this paper, we propose to express an LHA as an equivalent LTS model explicitly. Then, we can take advantage of all the off-the-shelf formal checkers of LTS to answer different problems of the LHA model. A prototype tool HAT is implemented under this idea. By integrating typical LTS checkers like ARMC and Interproc, we conduct considerably difficult checking problems like reachability verification, termination analysis, and invariant generation of LHA successfully and efficiently. It shows the open possibility of analyzing more kinds of difficult problems of LHA by LTS checkers easily in the future.

ZHOU Ying,ZHENG Guo-liang,LI Xuan-dong

DOI: https://doi.org/10.3321/j.issn:0372-2112.2003.z1.034

2003-01-01

Abstract:The state machine formalism in UML is used for modeling discrete behavior of various system elements.Its rich notation provides a powerful description mechanism which meanwhile decreases modality of its structure and increases verifying complexity.Model checking is a technique for automatically verifying finite-state concurrent systems.By model checking the behavior of various system elements described by SM,we can find design errors as soon as possible.This paper defines an operational semantics for SM using Kripke structure in order to model checking SM.Different from existing SM semantics definitions,this paper takes undetermined factors in SM into consideration .SM is translated into kripke structure that describes all possible evolving traces on which model checker checks.