Yu Jiang,Yixiao Yang,Han Liu,Hui Kong,Ming Gu,Jiaguang Sun,Lui Sha

DOI: https://doi.org/10.1109/rtas.2016.7461337

2016-01-01

Abstract:Simulink is widely used for model driven development (MDD) of industrial software systems. Typically, the Simulink based development is initiated from Stateflow modeling, followed by simulation, validation and code generation mapped to physical execution platforms. However, recent industrial trends have raised the demands of rigorous verification on safety-critical applications, which is unfortunately challenging for Simulink. In this paper, we present an approach to bridge the Stateflow based model driven development and a well- defined rigorous verification. First, we develop a self- contained toolkit to translate Stateflow model into timed automata, where major advanced modeling features in Stateflow are supported. Taking advantage of the strong verification capability of Uppaal, we can not only find bugs in Stateflow models which are missed by Simulink Design Verifier, but also check more important temporal properties. Next, we customize a runtime verifier for the generated nonintrusive VHDL and C code of Stateflow model for monitoring. The major strength of the customization is the flexibility to collect and analyze runtime properties with a pure software monitor, which opens more opportunities for engineers to achieve high reliability of the target system compared with the traditional act that only relies on Simulink Polyspace. We incorporate these two parts into original Stateflow based MDD seamlessly. In this way, safety-critical properties are both verified at the model level, and at the consistent system implementation level with physical execution environment in consideration. We apply our approach on a train controller design, and the verified implementation is tested and deployed on a real hardware platform.

Miao Tian,Jianqi Shi,Zhe Hou,Yanhong Huang,Shengchao Qin

DOI: https://doi.org/10.1109/tase52547.2021.00018

2021-01-01

Abstract:Simulink has been widely used in model-based design and development. While we witness a growing demand on testing and verification for safety-critical systems, it remains a challenge to verify Simulink models, due largely to a lack of standardized formal semantics for Simulink. In this paper, we propose a comprehensive framework that allows us to automatically verify Simulink models. Our proposed framework is equipped with Signal Temporal Logic (STL) for system requirements specification and employs a formal method to translate Simulink models into UPPAAL timed automata, which can then be verified automatically by UPPAAL (against their STL specification). A novelty of our work is the integration of Simulink models with STL, allowing us to express and then verify complex time properties that may be found difficult by existing work. In our translation of Simulink models, we adopt symbolic execution to reduce the size of the translated automata that can produce accurate results. We also demonstrate the feasibility and effectiveness of the proposed framework via a case study of an autonomous driving system.

R. Wang,X. Song,M. Gu

DOI: https://doi.org/10.1049/iet-sen:20070009

2007-01-01

IET Software

Abstract:Validation is an important task in complex embedded system designs. A method of modelling and analysing embedded systems with programmable logic controllers is presented. Controllers and physical plants are modelled using timed automata. The system requirements are specified and formalised as computational tree logic properties. It is demonstrated that the designed model satisfies the required properties by resorting to a symbolic model checker, Uppaal, for real-time systems. A realistic example, the steeve controller of a theatre, illustrates the strategies. The safety and time constraint requirements are validated by Uppaal. The experimental results demonstrate the effectiveness of the approach presented here.

Junyan Qian,Baowen Xu

DOI: https://doi.org/10.1007/11562436_20

2005-01-01

Abstract: Timed Statecharts, which can efficiently specify explicit dense time, is an extension to the visual specification language Statecharts with real-time constructs. We give a definition of timed Statecharts that specifies explicit temporal behavior as timed automata does. It is very difficult to verify directly whether timed Statecharts satisfies the required properties. However, by compiling it into timed automata, timed Statecharts may be checked using Uppaal tool. In the paper, the state of timed Statecharts is represented by inductive term, and a step semantics of timed Statecharts is briefly described. The translation rules are shown by a compositional approach for formalizing the timed Statecharts semantics directly on sequences of micro steps. Timed automata corresponding to timed Statecharts was also discussed.

Ting Wang,Jun Sun,Xinyu Wang,Yang Liu,Yuanjie Si,Jin Song Dong,Xiaohu Yang,Xiaohong Li

DOI: https://doi.org/10.1109/tse.2014.2359893

IF: 7.4

2014-01-01

IEEE Transactions on Software Engineering

Abstract:Zeno runs, where infinitely many actions occur within finite time, may arise in Timed Automata models. Zeno runs are not feasible in reality and must be pruned during system verification. Thus it is necessary to check whether a run is Zeno or not so as to avoid presenting Zeno runs as counterexamples during model checking. Existing approaches on non-Zenoness checking include either introducing an additional clock in the Timed Automata models or additional accepting states in the zone graphs. In addition, there are approaches proposed for alternative timed modeling languages, which could be generalized to Timed Automata. In this work, we investigate the problem of non-Zenoness checking in the context of model checking LTL properties, not only evaluating and comparing existing approaches but also proposing a new method. To have a systematic evaluation, we develop a software toolkit to support multiple non-Zenoness checking algorithms. The experimental results show the effectiveness of our newly proposed algorithm, and demonstrate the strengths and weaknesses of different approaches.

Qian-Qian Lin,Shu-Ling Wang,Bo-Hua Zhan,Bin Gu

DOI: https://doi.org/10.1007/s11390-020-0537-8

IF: 1.871

2020-11-01

Journal of Computer Science and Technology

Abstract:Real-Time Publish and Subscribe (RTPS) protocol is a protocol for implementing message exchange over an unreliable transport in data distribution service (DDS). Formal modelling and verification of the protocol provide stronger guarantees of its correctness and efficiency than testing alone. In this paper, we build formal models for the RTPS protocol using Uppaal and Simulink/Stateflow. Modelling using Simulink/Stateflow allows analyzing the protocol through simulation, as well as generate executable code. Modelling using Uppaal allows us to verify properties of the model stated in TCTL (Timed Computation Tree Logic), as well as estimate its performance using statistical model checking. We further describe a procedure for translation from Stateflow to timed automata, where a subset of major features in Stateflow is supported, and prove the soundness statement that the Stateflow model is a refinement of the translated timed automata model. As a consequence, any property in a certain fragment of TCTL that we have verified for the timed automata model in Uppaal is preserved for the original Stateflow model.

computer science, software engineering, hardware & architecture

Shaopeng Wang,Jianqi Shi,Yanhong Huang,Yang

DOI: https://doi.org/10.1109/smc53992.2023.10394302

2023-01-01

Abstract:SysML state machine (SysML-STM) is a modeling tool used in the Systems Modeling Language (SysML) to describe the behavior of a system. It is widely used in model-driven development (MDD). Formal methods are mathematical techniques to ensure the correctness, reliability and safety of software systems and hardware designs. In this paper, we introduce formal methods into MDD by transforming a SysML-STM model into a Uppaal timed automata. By formally verifying the system at an early stage of the development life-cycle, we aim to enhance the system's robustness. We design the mapping rules between the two models and have developed a tool, STMTU, to transform them directly. Our tool effectively leverage the benefits of formal verification techniques to ensure the correctness and reliability of the system. And the direct transformation of these models not only reduces the learning cost for developers but also helps to promote the wider adoption of formal methods.

Xiaopu Huang,Qingqing Sun,Jiangwei Li,Tian Zhang

DOI: https://doi.org/10.1007/978-3-642-35795-4_62

2012-01-01

Abstract:State Machine Diagram (SMD) is one of the SysML behavior diagrams, but it is a kind of semi-formal model language. As a consequence, models can not be verified conveniently and efficiently, especially in real-time embedded system (RTES) field as there are no descriptions of time and probability in SMD. To address these problems, we extend SMD with time and probability elements extracted from MARTE and propose a transformation algorithm based on MDE. With the algorithm, we transform the extended SMD to timed automata (TA) and then analyze and verify the transformation result using existing tools. So at the very beginning of system design, errors and deficiencies can be found. At last, we construct an instance to illustrate the validity of our approach.

Yunwei Dong,Zhe Li,Yibo Cheng,Hongbin Zhao

DOI: https://doi.org/10.1109/TSA.2015.15

2015-01-01

Abstract:The Simulink/Stateflow is a commonly used approach in modeling embedded systems. This paper presents a model driven testing method for embedded systems using Simulink/Stateflow model, where a test model of a system constructed with Simulink/Stateflow is to be converted to hierarchical interface automata. Dependencies within hierarchical interface automata and test sequences are acquired through analyzing model state coverage. And then a solver tool, named Yices, is used to solve linear constraints in test sequences for the purpose of selecting test cases that conform to the constraints. The impact of states of test model is studied using test coverage criteria and the validity of the obtained test cases will also be evaluated.

Xiaomin Wei,Yunwei Dong,Hong Ye

DOI: https://doi.org/10.1109/TASE.2015.10

2015-01-01

Abstract:Quantitative verification is an effective technique for analyzing quantitative aspects of a safety critical system's design, and safety analysis is a significant aspect of safety critical system. However, they are often conducted separately. In this paper, we propose a new methodology, QaSten, fastens quantitative verification to safety analysis for Architecture Analysis and Design Language (AADL) model (including error model). QaSten formalizes a set of rigorous transformation rules that transform AADL model to PRISM model using formal method. In addition, QaSten can generate two safety property formulas automatically to check against the PRISM model for each hazardous state. Therefore, the occurrence probability of hazardous states can be calculated, which can help system designers understand the impact of parameters in the model. Furthermore, combining the probability and the severity of potential consequence of a hazardous state, QaSten determines the hazard risk acceptance level that can help engineers to identify critical hazard and modify or redesign architecture model to control it in an acceptable level. Two case studies, based on the Gas Leakage Alarm systems, are utilized to demonstrate QaSten's feasibility and effectiveness.

Qianchuan Zhao,Bruce H. Krogh

DOI: https://doi.org/10.1109/TCST.2006.876921

2006-01-01

Abstract:This paper presents a new approach to the formal verification of properties of discrete control specifications given by Statecharts. Specifications for the Statechart behavior are given by temporal logic expressions for the Statechart computation tree, that is, the tree of possible sequences of Statechart configurations. To take advantage of existing model checking technology, the Statechart is converted into a finite-state representation and the Statechart specification is converted into an equivalent specification for the finite-state system. The definitions and general procedure applies for arbitrary Statechart semantics (a specific semantics results in a particular realization of the procedure). The results are illustrated with examples using the Math-Works Stateflow Toolbox (for Statecharts) and the SMV model checking program. The procedure is realized in an extension of the MATLAB sf2smv command presented in previous papers

Xinxiu Wen,Huiqun Yu

2012-01-01

Abstract:The modeling and verification of real-time systems is a challenging task in the area of software engineering. This paper proposes a formal method for modeling and verification of real-time systems based on aspect-oriented timed statecharts and linear-time temporal logic. Behaviors of real-time systems are modeled by aspect-oriented timed statecharts, while key properties of systems are specified by linear-time temporal logic. Moreover, aspect-oriented timed statecharts are translated to timed automata with guards to simulate the executable paths of systems and model checking technologies are applied to the verification of models. An elevator example illustrates our modeling and verification method.

CHEN Feng,LI Weihua,CHEN Hao,L(U) Zheng

2011-01-01

Abstract:In order to improve the analysis and design of software safety,on the basis of current researches on safety model and verification technology,a modeling and checking method is proposed for object-oriented software safety.Establishing non-formal UML models of software safety,safety extended deterministic finite automata and linear temporal logic are used to create the formal models and describe the safety properties separately.Through a model checker,we get the verification result.This approach realizes the combination of software safety model and verification technology.Experimental results show that the method can analyze and verify the safety properties effectively in the early stage of software design.

Kai Hu,Teng Zhang,YANG Zhi-bin,Bin Gu,Shu Jiang,JIANG Pan-chang,胡凯,张腾,杨志斌,顾斌,蒋树,姜泮昌

2012-01-01

Abstract:Timed abstract state machine (TASM) is a formal specification language used to specify and simulate the behavior of real-time systems. Formal verification of TASM model can be fulfilled through model checking activities by translating into UPPAAL. Firstly, the translational semantics from TASM to UPPAAL is presented through atlas transformation language (ATL). Secondly, the implementation of the proposed model transformation tool TASM2UPPAAL is provided. Finally, a case study is given to illustrate the automatic transformation from TASM model to UPPAAL model. Copyright © 2012 Editorial Department of Journal of Donghua University.

Eun-Young Kang,Dongrui Mu,Li Huang,Qianqing Lan

DOI: https://doi.org/10.48550/arXiv.1803.06103

2018-03-16

Software Engineering

Abstract:The software development for Cyber-Physical Systems (CPS), e.g., autonomous vehicles, requires both functional and non-functional quality assurance to guarantee that the CPS operates safely and effectively. EAST-ADL is a domain specific architectural language dedicated to safety-critical automotive embedded system design. We have previously modified EAST-ADL to include energy constraints and transformed energy-aware real-time (ERT) behaviors modeled in EAST-ADL/STATEFLOW into UPPAAL models amenable to formal verification. Previous work is extended in this paper by including support for SIMULINK and an integration of Simulink/Stateflow within a same tool-chain. Simulink/Stateflow models are transformed, based on extended ERT constraints in EAST-ADL, into verifiable UPPAAL models with stochastic semantics and integrate the translation with formal statistical analysis techniques: Probabilistic extension of EAST-ADL constraints is defined as a semantics denotation. A set of mapping rules is proposed to facilitate the guarantee of translation. Formal analysis on both functional- and non-functional properties is performed using SIMULINK DESIGN VERIFIER/UPPAAL-SMC. The analysis techniques are validated and demonstrated on the autonomous traffic sign recognition vehicle case study.

Chen Hai-yan,Dong Wei,Wang Ji,Chen Huo-wang

DOI: https://doi.org/10.1007/bf03160241

2001-01-01

Abstract:Formal verification has been widely needed in the development of safety critical systems. In order to introduce the design verification activity in UML developing process, we have developed a verifier of UML Statecharts by using the model checker SMV. The approach is to transform a system model in UML Statecharts to one in SMV input language via an intermediate language and then to verify the system properties specified in CTL by invoking SMV. The current experiences, including the formal verification of a simplified directory based cache coherence protocol in UML Statecharts, show that automatic verification can be integrated as a new step of the software process nicely.

J. Y. Qian,B. W. Xu

2006-01-01

Abstract:Timed Statecharts is an extension to the visual specification language with real-time constructs, and efficiently specify explicit dense time. The paper firstly defines timed Statecharts that extends to specify explicit continued time, such as clock constraint of timed automata. It is very difficult for timed Statecharts to directly verify its property. However, timed Statecharts may be checked by compiling it into region Statecharts as input to model checking Statecharts tool. As Alur and Dill's algorithm exist a lot of states which can't be reached or can be reached but useless, an improvement constructed algorithm to eliminate useless states during calculating clock region and time-successor by analyzing the clock constraint was discussed. Finally region Statecharts corresponding to time Statecharts was given.

HOU Gang,ZHOU Kuan-Jiu,CHANG Jun-Wang,WANG Jie,LI Ming-Chu

DOI: https://doi.org/10.13328/j.cnki.jos.004777

2015-01-01

Abstract:State transition matrix(STM), designed for modeling software system, is a table-based modeling language in which the front-end is expressed in the table form and the back-end has strict formalized definition. At present, however, STM has no time semantics, which greatly limits the application of this method in real-time embedded software modeling. In order to solve this problem, this paper proposes a time STM(TSTM) modeling method attained by adding time semantics and constraint for each cell in STM, making it suitable for describing real-time system behavior. In addition, a time computation tree logic(TCTL) model checking method is presented based on bounded model checking(BMC) technology for verification of time and logic properties of TSTM model. At last, the effectiveness of the proposed method is validated by modeling and verifying certain type train control software.

Predrag Filipovikj,Gustav Ung,Dilian Gurov,Mattias Nyberg

DOI: https://doi.org/10.4204/EPTCS.371.3

2022-09-28

Abstract:Stateflow models are complex software models, often used as part of industrial safety-critical software solutions designed with Matlab Simulink. Being part of safety-critical solutions, these models require the application of rigorous verification techniques for assuring their correctness. In this paper, we propose a refutation-based formal verification approach for analyzing Stateflow models against invariant properties, based on bounded model checking (BMC). The crux of our technique is: i) a representation of the state space of Stateflow models as a symbolic transition system (STS) over the symbolic configurations of the model, and ii) application of incremental BMC, to generate verification results after each unrolling of the next-state relation of the transition system. To this end, we develop a symbolic structural operational semantics (SSOS) for Stateflow, starting from an existing structural operational semantics (SOS), and show the preservation of invariant properties between the two. We define bounded invariant checking for STS over symbolic configurations as a satisfiability problem. We develop an automated procedure for generating the initial and next-state predicates of the STS, and a prototype implementation of the technique in the form of a tool utilising standard, off-the-shelf satisfiability solvers. Finally, we present preliminary performance results by applying our tool on an illustrative example and two industrial models.

Software Engineering,Formal Languages and Automata Theory

Jie Wang,Xintao Wu,Gang Hou,Pengfei Li,Ao Gao,Zhichao Chen,Haoyu Gao

DOI: https://doi.org/10.1002/dac.5140

2022-01-01

International Journal of Communication Systems

Abstract:SummaryWith the improvement of industrial informatization, various industrial control system network protocols have also been widely used. The reliability of these protocols will directly affect the safety of industrial control systems. As an effective method that can automatically analyze system reliability, model checking has been widely used in the verification of various safety‐critical systems. In this paper, we propose a modeling design method for industrial control network protocol based on time semantic reconstruction of time state transition matrix (TSTM). In addition, we provide a TSTM model checking method based on linear temporal logic (LTL). In order to effectively alleviate the state space explosion, the method adopts bounded model checking (BMC) technology. Furthermore, we implement a TSTM model verification tool called ICPV. Finally, we apply the above method to the modeling and verification of the industrial control network protocol Powerlink and through a comparison experiment with UPPAAL to illustrate the effectiveness of the method proposed in this paper.