Cheng-Hao Cai,Jing Sun,Gillian Dobbie

DOI: https://doi.org/10.1007/s10515-019-00264-4

IF: 1.677

2019-01-01

Automated Software Engineering

Abstract:The B-method, which provides automated verification for the design of software systems, still requires users to manually repair faulty models. This paper proposes B-repair, an approach that supports automated repair of faulty models written in the B formal specification language. After discovering a fault in a model using the B-method, B-repair is able to suggest possible repairs for the fault, estimate the quality of suggested repairs and use a suitable repair to revise the model. The suggestion of repairs is produced using the Isolation method, which suggests changing the pre-conditions of operations, and the Revision method, which suggests changing the post-conditions of operations. The estimation of repair quality makes use of machine learning techniques that can learn the features of state transitions. After estimating the quality of suggested repairs, the repairs are ranked, and a best repair is selected according to the result of ranking and is used to revise the model. This approach has been evaluated using a set of finite state machines seeded with faults and a case study. The evaluation has revealed that B-repair is able to repair a large number of faults, including invariant violations, assertion violations and deadlock states, and gain high accuracies of repair. Using the combination of model checking and machine learning-guided techniques, B-repair saves development time by finding and repairing faults automatically during design.

Chenghao Cai,Jing Sun,Gillian Dobbie

DOI: https://doi.org/10.1109/ICECCS2018.2018.00012

2018-01-01

Abstract:The B-method provides facilities for the design, development and automated verification of software systems, but the repair of faulty abstract machines of B is still a manual task. This paper proposes B-repair, a method that supports the computer-assisted repair of faulty abstract machines. Based on model checking, the B-repair system can generate possible repairs, evaluate the repairs and apply the repairs to faulty B machines. The generation of repairs is based on two formal templates, namely isolation and revision. Moreover, the evaluation of repairs is based on machine learning techniques, such as logistic models, residual neural networks and random forests. The machine learning models learn from the state graph of the original abstract machine, which are used to estimate the quality of repairs. Users are able to select satisfactory repairs and apply the selected repairs to the original machine. Using such a computer-assisted methodology, the B-repair method improves the efficiency of software development using the B-method. The B-repair method has been validated using different real-world models, and the validation result has shown that B-repair can suggest a number of repairs with realistic meanings.

Cheng-Hao Cai,Jing Sun,Gillian Dobbie

DOI: https://doi.org/10.1016/j.scico.2021.102732

IF: 1.039

2021-01-01

Science of Computer Programming

Abstract:In software engineering, formal methods are often used to specify and verify design models of software products. Whether design models are consistent with required properties can significantly impact the quality of final software products. In this work, we study B model quality measurements based on the ISO/IEC 25010 standard. These measurements are formulated as domain-independent formulae and computed by model checking. Moreover, we study how to enable machines to automatically solve unreachable goals in B models. We suggest to use constraint solvers and semantic learners to discover state transitions to the goals. To demonstrate the effectiveness of the model repair technique, a set of experiments are conducted based on the model quality measurements. The results demonstrate that the model repair technique can solve unreachable goals while preserving the quality of models.

Cheng-Hao Cai,Jing Sun,Gillian Dobbie,Zhe Hou,Hadrien Bride,Jin Song Dong,Scott Uk-Jin Lee

DOI: https://doi.org/10.1145/3536430

2022-01-01

Formal Aspects of Computing

Abstract:Automated model repair techniques enable machines to synthesise patches that ensure models meet given requirements. B-repair, which is an existing model repair approach, assists users in repairing erroneous models in the B formal method, but repairing large models is inefficient due to successive applications of repair. In this work, we improve the performance of B-repair using simultaneous modifications, repair refactoring, and better classifiers. The simultaneous modifications can eliminate multiple invariant violations at a time so the average time to repair each fault can be reduced. Further, the modifications can be refactored to reduce the length of repair. The purpose of using better classifiers is to perform more accurate and general repairs and avoid inefficient brute-force searches. We conducted an empirical study to demonstrate that the improved implementation leads to the entire model process achieving higher accuracy, generality, and efficiency.

Paul C. Attie,Jad Saklawi

DOI: https://doi.org/10.48550/arXiv.0710.3332

2008-04-15

Abstract:We consider the following \emph{model repair problem}: given a finite Kripke structure $M$ and a specification formula $\eta$ in some modal or temporal logic, determine if $M$ contains a substructure $M'$ (with the same initial state) that satisfies $\eta$. Thus, $M$ can be ``repaired'' to satisfy the specification $\eta$ by deleting some transitions. We map an instance $(M, \eta)$ of model repair to a boolean formula $\repfor(M,\eta)$ such that $(M, \eta)$ has a solution iff $\repfor(M,\eta)$ is satisfiable. Furthermore, a satisfying assignment determines which transitions must be removed from $M$ to generate a model $M'$ of $\eta$. Thus, we can use any SAT solver to repair Kripke structures. Furthermore, using a complete SAT solver yields a complete algorithm: it always finds a repair if one exists. We extend our method to repair finite-state shared memory concurrent programs, to solve the discrete event supervisory control problem \cite{RW87,RW89}, to check for the existence of symmettric solutions \cite{ES93}, and to accomodate any boolean constraint on the existence of states and transitions in the repaired model. Finally, we show that model repair is NP-complete for CTL, and logics with polynomial model checking algorithms to which CTL can be reduced in polynomial time. A notable example of such a logic is Alternating-Time Temporal Logic (ATL).

Logic in Computer Science

YANG Jun,GE Hai-tong,ZHENG Fei-jun,YAN Xiao-lang

DOI: https://doi.org/10.3321/j.issn:1008-9497.2006.04.012

2006-01-01

Abstract:Being a formal verification method,model checking is used frequently in hardware and software design.Firstey the Kripke structure which is used to describe the behavior of a system and the CTL logic which is used to describe the property of a system were introduced.Then two model checking algorithms were introduced: one is the labeling algorithm,the other is the algorithm based on fixpoint.In the end,the symbolic model checking which can reduce the possibility of memory explosion was introduced.

Martin Kardos,Yuhong Zhao

DOI: https://doi.org/10.1007/1-4020-8149-9_3

2004-01-01

Abstract:System level design incorporating system modeling and formal specification in combination with formal verification can substantially contribute to the correctness and quality of the embedded systems and consequently help reduce the development costs. Ensuring the correctness of the designed system is, of course, a crucial design criterion especially when complex distributed (realtime) embedded systems are considered. Therefore, this paper aims at presenting a verification framework designated for formal verification and validation of UML-based design of embedded systems. It first introduces an approach of using the AsmL language for acquiring formal models of the UML semantics and consequently presents an on-the-fly model checking technique designed to run the formal verification directly over those semantic models.

Ruirui Chen,Yusheng Liu,Jianjun Zhao,Xiaoping Ye

DOI: https://doi.org/10.1002/sys.21470

IF: 2.034

2018-08-24

Systems Engineering

Abstract:Increasing complexity of mechatronic products leads to more challenging designs. As the most important stage, system design determines the overall product architecture. Defects in this stage are difficult to rectify in future stages, thus requiring greater model accuracy. With the development of model‐based systems engineering (MBSE), model verification can detect design defects, reduce development costs, improve development efficiency, and ensure system reliability. Currently, conventional verifications are performed only after design processes, which makes it difficult to make systematic modifications. To solve this problem, a model verification method implemented in the design stage is proposed in this study. Using this method, designers are able to detect defects earlier, thereby reducing modification costs. The proposed method is as follows: first, a language named Relation‐based Modeling for Static Properties (RMSP) is proposed to formalize the static properties of requirements; second, the representation of “Conceptual Graphs” is extended to meet the needs of model verification of mechatronic products; finally, requirements in RMSP and system design in Systems Modeling Language (SysML) are transformed into the Extension of Conceptual Graphs. In this manner, the incorrectness and inconsistencies between requirements and system design can be found through projection in the system design stage. The omitted or improperly designed requirement items would be found and redesigned to fulfill the product requirements.

engineering, industrial,operations research & management science

Lu Chen,Jian Jiao,Jiping Fan,Fuchun Ren

DOI: https://doi.org/10.1109/rams.2016.7447978

2016-01-01

Abstract:Fault propagation identification is an indispensable task in complex system safety analysis. With the growing of system scale and complexity, it is hard for the traditional safety analysis techniques, which depend mainly on analysts' personal skills and experiences, to keep completeness and timeliness; moreover, some failure modes may be neglected and failure effects misjudged during the analysis. Formal science provides a new way to solve this problem, where formal verification method such as model checking can automatically validate whether the system design satisfies the given safety requirements, which can reduce an analysts' repetitive work and design cost, and improve the efficiency and quality of safety analysis. However, there is lack of a deliberate and reasonable way to build system models because of the diversity and flexibility of languages used for model checking, which results in that it is difficult to specify and model system quickly and accurately, and leads to some deviation in model checking. In this paper, a system modeling and safety property specifying approach using symbolic language SMV is proposed, including guidance on the mapping relationships between the formal language elements and system functions, architecture and failure modes; moreover, how to define system specifications and safety requirements using temporal logic formulas is discussed as well. Finally, a case study about airborne system safety analysis is provided, in which the counter-examples that do not meet system specifications can be identified automatically using model checker NuSMV to find out fault events and their propagation that can result in accidents.

Weigang Ma,Xinhong Hei

DOI: https://doi.org/10.1109/ICCASM.2010.5620084

2010-01-01

Abstract:A modeling and verification methodology is presented for railway interlocking system which is regarded as a safety-critical system. The methodology utilizes UML (Unified Modeling Language) to model the function requirement and FSM (Finite State Machine) to verify the safety requirements of the specification. The device specifications of railway interlocking system are modeled with UML, and dynamic behaviors of the device and whole system are modeled with FSM, the safety specification is translated LTL (Linear Temporal Logic) and analyzed with NuSMV. We try to show the feasibility of improving the reliability and reducing revalidation efforts when designing and developing a decentralized railway signaling system.

Aoxue Yu,Zhenyu Liu,Guifang Duan,Jianrong Tan,Lamei Che,Xiaodi Chen

DOI: https://doi.org/10.1016/j.procir.2016.02.134

2016-01-01

Procedia CIRP

Abstract:The machining precision of composite material parts is usually not very high, thus for virtual assembly of composite material parts, it is difficult to simulate the actual assembly situation only by using geometric design models. This paper proposes a virtual assembly and repair analysis method based on both geometric design model and object scanning model. By matching the scanned cloud point model to the design model, the virtual assembly process is constructed, and the repair analysis is implemented according to the results of virtual assembly. The proposed method is investigated by truss structure, and the results show the effectiveness of the proposed method.

Yue Cao,Yusheng Liu,Xujia Qin

DOI: https://doi.org/10.1016/j.aei.2023.102201

IF: 8.8

2023-01-01

Advanced Engineering Informatics

Abstract:Model-based systems engineering (MBSE) has been adopted as a mainstream design methodology for complex mechatronic systems. According to this paradigm, structured models, typically represented in SysML are used to describe the system of interest from various aspects. Among these models, the system behavior model is fundamental for the subsequent design and hence should be verified against system functions in the early design stage. However, due to the lack of formal semantics of the involved SysML models and software-physical hybrid characteristics of the mechatronic systems, it is not a trivial task to apply existing formal verification methods to solve this problem. In this study, a novel approach relying on hybrid functional semantics is proposed. First, this verification problem is formally defined based on an in-depth analysis of the architectures and traceability between the involved SysML models. Then, a graphical modeling language to represent the hybrid functional semantics in SysML is defined so that the function and behavior models can be enhanced and explicitly correlated by the formal semantics. Finally, based on the semantically enhanced models, the model verification problem is formally re-defined as a semantics verification problem and further divided into two sub-problems, i.e., continuous and discrete semantics verification problems, which are automatically solved by leveraging existing verification techniques including functional-effect compatibility check and symbolic model checking. A mobile robot is illustrated to show the effectiveness of the proposed approach.

Xu Gao,Rongxi Wang,Jianmin Gao,Zhiyong Gao,Wei Deng

DOI: https://doi.org/10.1002/qre.2382

2019-01-01

Quality and Reliability Engineering International

Abstract:Due to the propagation, amplification, and concatenation in a failure process, the reliabilities of repairable multistate complex mechanical systems (RMCMSs) may be affected by a significant fluctuation due to a small exception associated with a reliability indicator. Focused on the problems arising from the lack of propagation relationships among fault modes, functional components, and failure causes in conventional reliability models, a novel framework for reliability modelling is proposed to comprehensively analyse the reliabilities of RMCMSs. First, the reliability models are abstracted as weighted and directed networks with five layers. Second, an improved failure mode and effects analysis (IFMEA) method combined with the D-number method and VIKOR approach is presented to determine the importance of reliability nodes. Third, a cut set of the reliability model is generated by any exception of a reliability indicator by considering the propagation relationships, and the reliability sensibility index is defined to characterize the fluctuations in system reliability. The effectiveness of the proposed framework is demonstrated in an actual reliability modelling application. As an intuitive method, the proposed framework inherits the advantages of conventional models but overcomes the drawbacks of these existing methods. Therefore, this method can be flexibly and efficiently used in the reliability modelling of RMCMSs. Moreover, the approach provides a foundation for comprehensive and dynamic reliability analysis and the failure mechanism mining of RMCMSs, and it can be used in other engineering applications.

NING Ke,LI Qing,CHEN Yuliu

DOI: https://doi.org/10.3321/j.issn:1000-0054.2005.04.030

2005-01-01

Abstract:In business process modeling, model verification is the basis for the analysis and optimization of business processes. However, existing verification methods mainly focus on algorithm efficiency and can only detect some structural conflicts in process models. So current methods are unable to verify complicated business process models. This paper presents an efficient verification method based on discrete event simulation technology that can detect three logic mistakes in IDEF3 process models: structural deadlock, lack of synchronization, and objects not matching each other. Therefore, the method recognizes not only structural conflicts, but also mistakes brought about by the objects participating in the processes.

Hezhen Liu,Jiacheng Yin,Chengqiang Huang,Hao Lan,Zhi Jin,Zheng,Xun Zhang

DOI: https://doi.org/10.1109/issrew60843.2023.00045

2023-01-01

Abstract:Previous studies suggest that the combination of model-based fault injection and model checking can effectively detect the dependability bottlenecks and verify the fault-tolerance capability of systems at very early phases of their lifecycles. However, a challenge of applying such techniques in the industry is that semi-formal modeling languages like UML cannot easily support automated analysis and formal verification. To address this challenge, we propose a fault injection and verification framework based on UML sequence diagrams. The idea is to create formal models from sequence diagrams as well as predefined fault models, and then run a model checker to check if specific properties are violated. With an exhaustive exploration of a system’s states and fault space by the model checker, the approach ensures complete, automated reasoning on failure modes and effects. The framework also allows the designs of additional recovery actions to tolerate faults and then the verification of the updated models. The framework separates manual and automated activities, providing a guide to the practices of developers and the development of the support tool. We conduct a study on an industrial case and demonstrate that by the proposed approach, critical design flaws are revealed.

Gang Ren,Pan Deng,Chao Yang,Jianwei Zhang,Qingsong Hua

DOI: https://doi.org/10.1007/978-3-319-38904-2_33

2015-01-01

Abstract:In recent year, distributed systems have become a mainstream paradigm in industry and how to ensure correctness and reliability is a great challenge for practicing engineers. Therefore, in this paper a formal approach is proposed for modelling and verification of distributed systems, which integrates UML sequence diagram, pi-calculus and NuSMV within one framework. Moreover, the practicality of the proposed approach is illuminated though a case study of scheduling road emergency service.

Lu Chen,Jian Jiao,Qianxin Wei,Tingdi Zhao

DOI: https://doi.org/10.1016/j.engfailanal.2017.06.034

IF: 4

2017-01-01

Engineering Failure Analysis

Abstract:It is important to analyze the failure in safety-critical system because a disaster may occur once any type of failure mode and/or failure effect is neglected or misjudged. In order to conduct the failure analysis more effectively and efficiently, the concept of formal modeling is introduced. This paper improved the model-based safety analysis (MBSA) working process to optimize the formal failure analysis approach of safety-critical system. As the core works of MBSA process, the formal modeling and model extension aim to build an integrated system model which can be used for analyzing the failure behaviors in the system by model checking. However, in order to automatically check if there are any potential failures in the structured system model and whether the model satisfies the specified system properties and requirements using model checker, model transformation is normally needed, which can introduced potential errors during the transformation. Moreover, different model checkers generally require the system models to be expressed in a particular input language, which increases the difficulty of modeling as well. In order to avoid these problems and improve the efficiency of failure analysis work, this paper focused on how to build an unified model of safety-critical system quickly and accurately using symbolic language SMV, and conduct automatic verification using the corresponding open-source model checker NuSMV soon afterwards. After the model checking, the formal verification results such as counter-examples generated by model checking need to be transformed into traditional failure analysis artifacts, such as FMEA and/or FTA, to guide the iterative improvement of system development conveniently. Therefore, to solve the transformation from formal verification conclusions to traditional failure analysis results is another key point of this paper. Finally, a case study about airborne equipment is provided to validate the proposed method.

Mo Xia,Guiming Luo,Mian Sun

DOI: https://doi.org/10.1145/2591062.2591149

2014-01-01

Abstract:Model checking is a common formal verification technique, but it is only applicable to white box systems. In order to allow users without much formal verification expertise to use model checking easily, this paper proposes a modular approach for software modeling and model checking. Efficiency, correctness, and reusability are our main concerns. A hierarchical model is constructed for a system by modules, and it is translated into the specific model checking codes. The M^3C tool is implemented to support our approach, and it is successfully applied to actual industrial cases, as well as to some cases in the literature.

Carlos Ivan Castro Marquez,M. Strum,J. Wang

DOI: https://doi.org/10.1109/IDT.2013.6727074

2013-12-01

Abstract:Formal techniques allow exhaustive verification on circuit design (at least in theory), but due to actual computational limitations, workarounds must always be adopted to check only a portion of the design at a time. Sequential equivalence checking is an effective approach, but it can only be applied between circuit descriptions where a one-to-one correspondence for states, as well as for memory elements, is expected. This paper presents a formal methodology to verify RTL descriptions through direct comparison with high-level reference models. By doing so, there is no need to specify or analyze formal properties, as the complete behavior is already contained in the reference model. We also consider the natural discrepancies between system level and RTL code, including non-matching interface and memory elements, and state mapping. In this manner, we are able to prove the functional coherence for the overall sequential behavior of the design under verification.

Engineering,Computer Science

Junyan Qian,Baowen Xu,Yingzhou Zhang

2007-01-01

Journal of Computational Information Systems

Abstract:Model checking is an automatic formal verification technique for a finite state system. Iterative abstraction refinement has emerged recently as the leading approach to software model checking. We present a methodology for automatically verifying programs against safety specifications based on finite state machine. As the first step, an initial abstract model is automatically extracted from source code using predicate abstraction and theorem proving. In order to reduce time complexities of this process, we partition the set of candidate predicates into subsets, and then construct abstract model independently.