Model Checking Conformance with Scenario-Based Specifications

Refinement Techniques in Software Engineering, 2006

1993

In this paper the use of Process Algebras is advocated as a solution for system-level description of structure, communication and behavior, while an action-based Temporal Logic is used to specify and check system-level properties. It is shown how SEVERO, a tool for describing and verifying finite state systems, can be used to integrate in the unified framework of symbolic manipulations both descriptive and prescriptive aspects. Experimental results show the efficiency of the BDD-based implementation of the proof procedures.

2008

Model checking involves exploring state-space of system model and automatically proving or disproving the correct functionality of the system. Verification of all properties may not require exploration of the state-space in its entirety. However, traditional model checkers are not equipped with enough knowledge of the system apriori to make smart decisions so as to explore only those portions of state-space that contribute to the result. In this paper, we present a technique to provide such guidance to the model checker so that it can perform state-space exploration more intelligently. We incorporated our technique in XMC model checker, a tool for verifying process expressions in CCS against properties expressed by modal mu-calculus formulas. We demonstrate the applicability of our guidance mechanism by verifying several example protocols from XMC test-suite.

Specification languages for concurrent software systems need to combine practical algorithmic efficiency with high expressive power and the ability to reason about both states and events. We address this question by defining a new branching-time temporal logic SE-AΩ which integrates both state-based and action-based properties. SE-AΩ is universal, i.e., preserved by the simulation relation, and thus amenable to counterexample-guided abstraction refinement. We provide a model-checking algorithm for this logic, and describe a compositional abstraction-refinement loop which exploits the natural decomposition of the concurrent system; the abstraction and refinement steps are performed over each component separately, and only the model checking step requires an explicit composition of the abstracted components. For experimental evaluation, we have integrated the presented algorithms in the software verification tool MAGIC, and determined a previously unknown race condition error in a piece of an industrial robot control software. sets Ω of ω-regular path operators. A subtle property of AΩ is the monotonicity of the path operators: the semantics guarantees that the extended path operators cannot be used to implicitly define negation. While this property comes for free with the standard temporal path operators, its presence is crucial for obtaining extended universal branching logics. Such logics are preserved by simulation, and are therefore amenable to existential abstraction .

… on Foundations of …, 2010

Abstract. We consider the problem of model checking message-passing systems with real-time requirements. As behavioural specifications, we use message sequence charts (MSCs) annotated with timing constraints. Our system model is a network of communicating finite state ...

The real-time UML profile TURTLE has a formal semantics expressed by translation into a timed process algebra: RT-LOTOS. RTL, the formal verification tool developed for RT-LOTOS, was first used to check TURTLE models against design errors. This paper opens new avenues for TURTLE model verification. It shows how recent work on translating RT-LOTOS specifications into Time Petri net model may be applied to TURTLE. RT-LOTOS to TPN translation patterns are presented. Their formal proof is the subject of another paper. These patterns have been implemented in a RT-LOTOS to TPN translator which has been interfaced with TINA, a Time Petri Net Analyzer which implements several reachability analysis procedures depending on the class of property to be verified. The paper illustrates the benefits of the TURTLE RT-LOTOS TPN transformation chain on an avionic case study.

Science of Computer Programming, 2011

We present the UMC framework for the formal analysis of concurrent systems specified by collections of UML state machines. The formal model of a system is given by a doubly labelled transition system, and the logic used to specify its properties is the state-based and event-based logic UCTL. UMC is an on-the-fly analysis framework which allows the user to interactively explore a UML model, to visualize abstract behavioural slices of it and to perform local model checking of UCTL formulae. An automotive scenario from the serviceoriented computing (SOC) domain is used as case study to illustrate our approach.

Communications in Computer and Information Science, 2009

Because of its complexity, software system verification is a hard task and very often neglected for complex distributed component-based architectures with high degree of dynamism. Monitoring and verification of these systems are important even when they have to be running with a high level of availability and low halt time. Model checking is an automatic technique to verify compliance of the system implementation with respect to the requirements. In this paper we address the problem of abstracting a process model from a set of execution traces of a Java application with the aim of performing formal verification through model checking.

Formal Aspects of Computing, 2005

We present a symbolic model checking approach that allows verifying a unit of code, e.g., a single procedure or a collection of procedures that interact with each other. We allow temporal specifications that assert over both theprogram countersand theprogram variables. We decompose the verification into two parts: (1) a search that is based on the temporal behavior of theprogram counters, and (2) the formulation and refutation of a path condition, which inherits conditions constraining theprogram variablesfrom the temporal specification. This verification approach is modular, as we do not require that all the involved procedures are provided. Furthermore, we do not request that the code is based on a finite domain. The presented approach can also be used for automating the generation of test cases for unit testing.

1995

Although automated proof checking tools for general-purpose logics have been successfully employed in the verification of digital systems, there are inherent limits to the efficient automation of expressive logics. If the expressiveness is constrained, there are useful logic fragments for which efficient decision procedures can be found. The model checking paradigm yields an important class of decision procedures for establishing temporal properties of finite-state systems. Model checking is remarkably effective for automatically verifying finite automata with relatively small state spaces, but is inadequate when the state spaces are either too large or unbounded. For this reason, it is useful to integrate the complementary technologies of model checking and proof checking. Such an integration has to be carried out in a delicate manner in order to be more than just the sum of the techniques. We describe an approach for such an integration where a BDD-based model checker for the propositional mu-calculus has been used as a decision procedure within the framework of the PVS proof checker. We argue that our approach fits in nicely with the design philosophy of PVS of providing highly effective mechanical reasoning capability by using efficient decision procedures as the workhorses of an interactive proof checker.