Academia.eduAcademia.edu

Outline

Title
Abstract
Introduction
Overview of the Boundedness Test
Complexity Analysis
Experimental Results
Related Work
Conclusion
References
All Topics
Computer Science
Software Engineering

A Scalable Incomplete Test for the Boundedness of UML RT Models

Profile image of Stefan LeueStefan Leue

2004, Lecture Notes in Computer Science

https://doi.org/10.1007/978-3-540-24730-2_26
visibility

description

15 pages

link

1 file

Abstract

We describe a scalable incomplete boundedness test for the communication buffers in UML RT models. UML RT is a variant of the UML modeling language, tailored to describing asynchronous concurrent embedded systems. We reduce UML RT models to systems of communicating finite state machines (CF-SMs). We propose a series of further abstractions that leaves us with a system of linear inequalities. Those represent the message sending and receiving effect that the control flow cycles of every process have on the overall message buffer. The test tries to establish the existence of a linear combination of the effect vectors so that at least one message can occur an unbounded number of times. We discuss the complexity of this test and present experimental results using the IBOC system that we are implementing. Scalability of the test is in part due to the fact that it is polynomial for the type of sparse control flow graphs that are derived from UML RT models. Also, the analysis is local, i.e., it avoids the combinatorial state space explosion due to concurrency of the models. We also present a method to derive upper bound estimates for the maximal occupancy of each individual message buffer. While we focus on the analysis of UML RT models, the analysis can directly be applied to any type of CFSM models.

Related papers

Detection of Possible Frozen States in Communicating UML State Machines
Grzegorz Łabiak

12th IFAC Conference on Programmable Devices and Embedded Systems (2013), 2013

One of the most important problems of verification of discrete event control systems is detection of possible incorrect communication between concurrent processes, such as mutual blocking. Processes can be modeled as state machines, and such detection can be performed by analysis of behavior of the communicating automata. For such analysis in general case the model checking methods are used, nevertheless some practically important results can be obtained by the methods with lower computational complexity. In the paper a special case of the problem is considered, which is a detection of possible frozen states in a pair of communicating state machines. The algorithm solving this task is presented, its computational complexity is evaluated.

View PDFchevron_right
Graph models for reachability analysis of concurrent programs
Mauro Pezze'

ACM Transactions on Software Engineering and Methodology, 1995

Reachability analysis is an attractive technique for analysis of concurrent programs because it is simple and relatively straightforward to automate, and can be used in conjunction with model-checking procedures to check for application-specific as well as general properties. Several techniques have been proposed differing mainly. on the model used; some of these propose the use of fiowgraph based models, some others of Petri nets. This paper addresses the question: What essential difference does it make, if any, what sort of finite-state model we extract from program texts for purposes of reachability analysis? How do they differ in expressive power, decision power, or accuracy? Since each is intended to model synchronization structure while abstracting away other features, one would expect them to be roughly equivalent. vVe confirm that there is no essential semantic difference between the most well known models proposed in the literature by providing algorithms for translation among these models. This implies that the choice of model rests on other factors, including convenience and efficiency. Since combinatorial explosion is the primary impediment to application of reachability analysis, a particular concern in choosing a model is facilitating divide-andconquer analysis of large programs. Recently, much interest in finite-state verification systems has centered on algebraic theories of concurrency. Yeh and Young have exploited algebraic structure to decompose reachability analysis based on a fiowgraph model. The semantic equivalence of graph and Petri net based models suggests that one ought to be able to apply a similar strategy for decomposing Petri nets. We show this is indeed possible through application of category theory.

View PDFchevron_right
On the fly model checking of communicating UML State Machines1
Stefania Franco

1

View PDFchevron_right
On the fly model checking of communicating UML State Machines
Stefania Gnesi

Second ACIS International Conference on Software …, 2004

In this paper we present an ``on the fly'' model checker for the verification of the dynamic behavior of UML models seen as a set of communicating state machines. The logic supported by the tool is an extension of the action based branching time temporal logic µ-ACTL and has the power of full µ-calculus. Early results on the application of this model checker to a case study have been also reported.

View PDFchevron_right
Minimising buffer requirements of synchronous dataflow graphs with model checking
Twan Basten

Proceedings of the 42nd annual conference on Design automation - DAC '05, 2005

Signal processing and multimedia applications are often implemented on resource constrained embedded systems. It is therefore important to find implementations that use as little resources as possible. These applications are frequently specified as synchronous dataflow graphs. Communication between actors of these graphs requires storage capacity. In this paper, we present an exact method to determine the minimum storage capacity required to execute the graph using model-checking techniques. This can be done for different measures of storage capacity. The problem is known to be NP-complete and because of this, existing buffer minimisation techniques are heuristics and hence not exact. Modern model-checking tools are quite efficient and they have been successfully applied to scheduling-related problems. We study the feasibility of this approach with examples.

View PDFchevron_right
Deciding boundedness for systems of two communicating finite state machines
ABDELILAH Benslimane

Proceedings of 3rd IEEE International Symposium on High Performance Distributed Computing, 1994

Consider a system of two communicating finite state machines that exchange messages over two unbounded, one-directional, FIFO channels. In our main result, we show that the boundedness problem is decidable for the class of such systems, where the two CFSM's are identical and constituted of only initial elementary circuits, and where the two CFSM's are linear. To analyse such systems, we introduce a reduction relation on the words. We then, give examples to illustrate our purpose.

View PDFchevron_right
Towards Early Verification of UML Models for Embedded and Real-Time Systems
luis ceron

IFAC Proceedings Volumes, 2012

To decrease the costs associated with repairing errors introduced during the system design, engineers must detect these errors as soon as possible; ideally, in the phase in which they are produced. In Model-Driven Engineering, the models are used to generate automatically large portions of the system implementation, and hence, if there are errors in the models, they are spread onward to the implementation. This work is a first step toward an automatic verification approach for embedded and real-time systems' high-level specifications, such as UML models. A model-driven framework to simulate the execution of system behavior is proposed in order to identify the presence of errors already in early design phases, prior to the implementation phase. The main idea is to allow the simulation of the behavior specified within UML models, from which a trace of the executed actions is created to enable the analysis of the obtained results. This work has been validated in several case studies, including a real-world embedded and real-time system. The achieved results provide indications that early simulation of UML models is practicable, opening room for using the proposed framework in different CASE tools for early verification (based on simulation) of embedded and real-time systems.

View PDFchevron_right
Towards formally verifiable resource bounds for real-time embedded systems
Roy Dyckhoff

2006

ABSTRACT This paper describes ongoing work aimed at the construction of formal cost models and analyses that are capable of producing verifiable guarantees of resource usage (space, time and ultimately power consumption) in the context of realtime embedded systems. Our work is conducted in terms of the domain-specific language Hume, a language that combines functional programming for computations with finitestate automata for specifying reactive systems.

View PDFchevron_right
Time-bounded model checking of infinite-state continuous-time Markov chains
Ernst Hahn

2008 8th International Conference on Application of Concurrency to System Design, 2008

The design of complex concurrent systems often involves intricate performance and dependability considerations. Continuous-time Markov chains (CTMCs) are widely used models for concurrent system designs making it possible to model check such properties. In this paper, we focus on probabilistic timing properties of infinite-state CTMCs, expressible in continuous stochastic logic (CSL). Such properties comprise important dependability measures, such as timed probabilistic reachability, performability, survivability, and various availability measures like instantaneous availabilities, conditional instantaneous availabilities and interval availabilities. Conventional model checkers explore the given model exhaustively which is not always possible either due to state explosion or because the model is infinite. This paper presents a method that only explores the infinite (or prohibitively large) model up to a finite depth, with the depth bound being computed on-the-fly. We provide experimental evidence showing that our method is effective.

View PDFchevron_right
McScM: A General Framework for the Verification of Communicating Machines
Tristan Le Gall

Lecture Notes in Computer Science, 2012

We present McScM, a platform for implementing and comparing verification algorithms for the class of finite-state processes exchanging messages over reliable, unbounded FIFO channels. McScM provides tools for the safety verification and controller synthesis of these infinite-state models. Our verification tool implements several modelchecking techniques: CEGAR with different abstraction-refinement methods, abstract interpretation, abstract regular model checking, and lazy abstraction. Seen as a general framework for the class of transition systems with finite control/infinite data, McScM delivers the basic infrastructure for implementing verification algorithms, and privileges to conveniently implement new ideas on a high level of abstraction. It also allows us to compare and benchmark different algorithmic approaches with the same backend.

View PDFchevron_right

References (29)

  1. P. Abdulla and B. Jonsson. Verifying Programs with Unreliable Channels. In LICS'93. IEEE, 1993.
  2. P. Abdulla and B. Jonsson. Undecidable verification problems for programs with unreliable channels. Information and Computation, 130(1):71-90, 1996.
  3. R. Alur, R. Grosu, and M. McDougall. Efficient reachability analysis of hierarchical reactive machines. In Proc. of CAV'00, volume 1855 of LNCS. Springer Verlag, 2000.
  4. L. Bass, P. Clements, and R. Kazman. Software Architecture in Practice. Addison Wesley, 1998.
  5. B. Boigelot and P. Goidefroid. Symbolic verification of communication protocols with infinite state spaces using qdds. In Proc. CAV'96, volume 1102 of LNCS. Springer, 1996.
  6. A. Bouajjani and P. Habermehl. Symbolic reachability analysis of FIFO-channel systems with nonregular sets of configurations. In Proc. of ICALP'97, volume 1256 of LNCS, 1997.
  7. A. Bouajjani and R. Mayr. Model checking lossy vector addition systems. In Proc. of STACS'99, volume 1563 of LNCS. Springer Verlag, 1999.
  8. D. Brand and P. Zafiropulo. On communicating finite-state machines. Journal of the ACM, 2(5):323-342, April 1983.
  9. James C. Corbett and George S. Avrunin. Using integer programming to verify general safety and liveness properties. Formal Methods in System Design: An International Journal, 6(1):97-123, January 1995.
  10. W. Damm and B. Jonsson. Eliminating queues from rt uml models. In Proc. of FTRTFT 2002, LNCS. Springer, 2002.
  11. J. Esparza and S. Melzer. Verification of safety properties using integer programming: Beyond the state equation. Formal Methods in System Design, 16:159-189, 2000.
  12. J. Esparza and M. Nielsen. Decibility issues for Petri nets -a survey. Journal of Informatik Processing and Cybernetics, 30(3):143-160, 1994.
  13. C. Fischer, E.-R. Olderog, and H. Wehrheim. A csp view on uml-rt structure diagrams. In Fundamental Approaches to Software Engineering, Proc. of the 4th International Conference, FASE 2001, volume 2029 of LNCS. Springer Verlag, 2001.
  14. R. Grosu, M. Broy, B. Selic, and G. Stefanescu. What is behind UML-RT? Behavioral specifications of businesses and systems, 1999.
  15. D. Harel. Statecharts: A visual formalisation for complex systems. Science of Computer Programming, 8:231-274, 1987.
  16. D. Herzberg and A. Marburger. The use of layers and planes for architectural design of communication systems. In Proc. of the Fourth IEEE International Symposium on Object- Oriented Real-Time Distributed Computing ISORC 2001. IEEE Computer Society, May 2001.
  17. Gerard J. Holzmann. The Spin Model Checker -Primer and Reference Manual. Addison- Wesley, 2004.
  18. T. Jeron and C. Jard. Testing for unboundedness of fifo channels. Theoretical Computer Science, (113):93-117, 1993.
  19. R. Lipton. The reachability problem requires exponential space. Technical Report 62, De- partment of Computer Science, Yale University, January 1976.
  20. A. Lyons. Developing and debugging real-time software with objectime developer. available from http://www.objectime.com/otl/technical/1999q1 p017.pdf, 1999.
  21. R. Mayr. Undecidable problems in unreliable computations. TCS, 297(1-3):337-354, 2003.
  22. S. Melzer and J. Esparza. Checking system properties via integer programming. In H.R. Nielson, editor, Proc. of ESOP'96, volume 1058 of Lecture Notes in Computer Science, pages 250-264. Springer Verlag, 1996.
  23. G. Memmi and G. Roucairol. Linear algebra in net theory. In Net Theory and Applications, volume 84 of LNCS, pages 213-223, 1980.
  24. M. Saaltink. Generating and analysing Promela from RoseRT models. Technical Report TR- 99-5537-02, ORA Canada, 1208 One Nocholas Street, Ottawa Ontario, K1N 7B7, Canada, 1999.
  25. B. Selic. Turning clockwise: using UML in the real-time domain. Comm. of the ACM, 42(10):46-54, Oct. 1999.
  26. B. Selic. An overview of uml 2.0. International Conference on Software Engineering, Tutorial Notes, May 2003.
  27. B. Selic, G. Gullekson, and P.T. Ward. Real-Time Object-Oriented Modelling. John Wiley & Sons, Inc., 1994.
  28. B. Selic and J. Rumbaugh. Using UML for modeling complex real-time systems. http://www.rational.com/media/whitepapers/umlrt.pdf, March 1998.
  29. H. Yen. A unified approach for deciding the existence of certain Petri net paths. Information and Computation, 96(1):119-137, 1992.

Related papers

Unboundedness detection for a class of communicating finite-state machines
yao-tin yu

Information Processing Letters, 1983

Let M and N be two communicating finite-state machines that exchange one type of message. We discuss an algorithm to decide whether the communication between M and N is bounded. The algorithm is based on constructing a finite representation of the reachability tree of M and N assuming that M and N progress at equal speeds.

View PDFchevron_right
Bounded model checking for asynchronous concurrent systems.
Manitra J Rakotoarisoa

Ph.D. Thesis, 2014

Complex hardware systems become more and more ubiquitous in mission critical applications such as military, satellite, and medical to name but a few. In such applications, reliability remains a primary concern because a failure that occurs during their normal operations might produce important catastrophes like loss of life or loss of money. All these failures are often caused by minuscule bug that exists inside the software which controls the systems, or within the hardware itself. In addition, most of these systems cannot be interrupted while working, even for a few seconds a year, making it difficult to repair bugs found during their normal operations. The main purpose of this work is to build efficient verification techniques for asynchronous concurrent systems. Because of the pivotal roles these systems assume in a given application, designers of such systems must keep development and maintenance costs under control and meet nonfunctional constraints on the design of the system, such as cost, power, weight, or the system architecture by itself. But most importantly, they must assure their customer as well as the certification authorities that both the design and its implementation are correct. Otherwise, they may end up shipping unsafe systems to the market, and the consequences of this action would be catastrophic. To achieve this goal, designers need efficient methods and tools to assist them in verifying the correctness of the design. In this thesis we focus on a symbolic model checking technique called bounded model checking (BMC). BMC is a method targeted mainly at finding bugs in a system. It answers the questions whether there exists a counterexample, shorter than a given length, that violates a given property. During a BMC operation each execution path is encoded into Boolean formula, and the problem is reduced to satisfiability checking of the formula. Therefore, the operation consists mainly in constructing a Boolean formula that is satisfiable if and only if such a counterexample exists. We model our systems with transition systems (TSs). In particular, we are mainly interested in synchronized product of TSs. Since concurrent systems are formed by a combination of several components communicating between each other, synchronized product of TSs is well-suited to capture the behavior of such systems. The executions of concurrent systems are commonly modeled using the so-called interleaving execution, which allows only one single event to fire at each step. However, due to the complexity of such systems inteleaving method will not only require many steps but also generate long formulas. In this work, we adopt another approach based on breadth-first search (BFS). In a BMC operation, the translation of the model into a Boolean formula is polynomial in the size of the model, but the solving time of the Boolean formula can be exponential in the size of the formula. Therefore, our research hypothesis is that we can improve the efficiency of BMC by generating succinct formula, and by minimizing the number of necessary steps during an execution. We introduce several BMC techniques aimed at improving the efficiency of BMC for asynchronous concurrent systems. The techniques are grouped in two main parts (i) techniques for checking reachability properties and (ii) techniques for checking properties written in linear temporal logic (LTL). In addition, we also propose some methods for minimizing the number of execution steps or bound. We implemented all these methods in a BMC toolset. At the end of the dissertation, we will discuss the experimental results we obtained.

View PDFchevron_right
Infinite-state high-level MSCs: Model-checking and realizability
Helmut Seidl

Journal of Computer and System Sciences, 2006

Message sequence charts (MSC) and High-Level MSC (HMSC) is a visual notation for asynchronously communicating processes and a standard of the ITU. They usually represent incomplete specifications of required or forbidden properties of communication protocols. We consider in this paper two basic problems concerning the automated validation of HMSC specifications, namely model-checking and synthesis. We identify natural syntactic restrictions of HMSCs for which we can solve the above questions. We show first that model-checking for globally-cooperative (and locally-cooperative) HMSCs is decidable within the same complexity as for the restricted class of bounded HMSCs. Furthermore, model-checking local-choice HMSCs turns out to be as efficient as for finite-state (sequential) systems. The study of locally-cooperative and local-choice HMSCs is motivated by the synthesis question, i.e., the question of implementing HMSCs through communicating finite-state machines (CFM) with additional message data. We show that locally-cooperative and local-choice HMSCs are always implementable. Furthermore, the implementation of a local-choice HMSC is deadlock-free and of linear-size w.r.t. the additional data.

View PDFchevron_right
Sizing and verification of communication buffers for communicating processes
Tilman Kolks

Proceedings of 1993 International Conference on Computer Aided Design (ICCAD)

In this paper, a method is presented for minimal sizing and verification of communication buffers in an environment of communicating concurrent processes. Methods described in literature based upon lifetime analysis techniques are mainly suited for sizing butTers in a network of processes with non-conditional interactions. We consider a more general problem where the execution of each process inherently depends on complex interactwns with other processes aa well as ita internal conditwnal behavior and propose the use of implicit state enurneratwn techniques to solve buffer sizing and verification for this case. A model of the network of processes and buffers is introduced that is transformed into a network of finite state machines by modeling communicating buffers as counters. The transformed network forms a finite state space model on which implicit state space exploration algorithms are applied. The model allows us to handle the buffer sizing and verification problems with processes that operate on differen~but related clocks. To reduce the complexity of the state space, abstraction techniques can be used to produce simplified veraions of finite state machines that hide away unnecessarily detailed information. The feasibility of the proposed approach is demonstrated by a practical example.

View PDFchevron_right
Eliminating Queues from RT UML Model Representations
Werner Damm

Lecture Notes in Computer Science, 2002

This paper concerns analyzing UML based models of distributed real time systems involving multiple active agents. In order to avoid the timepenalties incurred by distributed execution of synchronous operation calls, it is typically recommended to restrict inter-task communication to event-based communication through unbounded FIFO buffers. This means that such systems potentially have an infinite number of states, making them out of reach for analysis techniques intended for finite-state systems. We present a symbolic analysis technique of such systems, which can be tuned to give a finite, possibly inexact representation of the state-space. The central idea is to eliminate FIFO buffers completely, and represent their contents implicitly, by their effect on the receiving agent. We propose a natural class of protocols which we call mode separated, for which this representation is both finite and exact. This result has impact on both responsiveness and predictability of end-to-end latencies, as well for the protocol verification, enabling automatic verification methods to be applied.

View PDFchevron_right

Related topics

  • Program Analysis
  • Unified Modelling Language
  • Sparse Graph
  • Embedded System
    • 580 California St., Suite 400
    San Francisco, CA, 94104
    © 2025 Academia. All rights reserved