scispace - formally typeset
Search or ask a question

Showing papers presented at "Formal Methods for Industrial Critical Systems in 1998"


Journal ArticleDOI
26 May 1998
TL;DR: This paper recalls the principles of test data selection from algebraic data types specifications and transposes them to basic and full LOTOS, and suggests a new integrated approach to test derivation from full LotOS specifications, where both behavioural properties and data types properties are taken into account when dealing with processes.
Abstract: There is now a lot of interest in program testing based on formal specifications However, most the works in this area focus on one formalized aspect of the software under test For instance, some previous works of the first author consider abstract data type specifications Other works are based on behavioural descriptions, such as finite state machines or finite labelled transition systems This paper begins by brie y recalling the principles of test data selection from algebraic data types specifications Then, it transposes them to basic and full LOTOS Finally it exploits this uniform framework and suggests a new integrated approach to test derivation from full LOTOS specifications, where both behavioural properties and data types properties are taken into account when dealing with processes

55 citations


Journal ArticleDOI
26 May 1998
TL;DR: A new notion, covering, generalising independence is introduced that enables improved effects of partial-order reduction techniques when applied to real-time systems and a number of locally checkable conditions for covering that can be used as the basis for a practical algorithm.
Abstract: A new notion, covering, generalising independence is introduced. It enables improved effects of partial-order reduction techniques when applied to real-time systems. Furthermore, we formulate a number of locally checkable conditions for covering that can be used as the basis for a practical algorithm. Correctness is proven with respect to a chosen discretisation method.

42 citations


Journal ArticleDOI
26 May 1998
TL;DR: The formal specification and verification of a lip-synchronisation protocol is presented using the real-time model checker Uppaal, and it is shown that for certain sound and video streams the protocol can time-lock before reaching a prescribed error state.
Abstract: We present the formal specification and verification of a lip-synchronisation protocol using the real-time model checker Uppaal. A number of specifications of this protocol can be found in the literature, but this is the first automatic verification. We take a published specification of the protocol, code it up in the Uppaal timed automata notation and then verify whether the protocol satisfies the key properties of jitter and skew. The verification reveals some aws in the protocol. In particular, it shows that for certain sound and video streams the protocol can time-lock before reaching a prescribed error state. We also discuss our experience with Uppaal, with particular reference to modelling timeouts and to deadlock analysis.

41 citations


Journal ArticleDOI
30 Nov 1998
TL;DR: The cones and foci verification technique of Groote and Springintveld is used to show that the descriptions are equivalent under branching bisimulation, thereby demonstrating that the protocol behaves as expected.
Abstract: We specify the tree identify protocol of the IEEE 1394 high performance serial multimedia bus at three different levels of detail using $\mu$CRL. We use the cones and foci verification technique of Groote and Springintveld to show that the descriptions are equivalent under branching bisimulation, thereby demonstrating that the protocol behaves as expected.

40 citations


Journal ArticleDOI
26 May 1998
TL;DR: The SPECTRUM project has investigated the feasibility of integrating support for VDM and B and described the project and report on some technical results.
Abstract: VDM and B are two mature formal methods currently in use by industry and supported by commercial tools. Though the methods are foundationally similar, the coverage of their supporting tools differ significantly. The SPECTRUM project has investigated the feasibility of integrating support for the two methodologies. In this paper, we describe the project and report on some technical results.

8 citations


Journal ArticleDOI
26 May 1998
TL;DR: It is proposed that the domain of a Domain-Specific Language (DSL) can be characterised by the class of environments in which systems developed in the language are expected to operate and theclass of properties which such systems areexpected to possess.
Abstract: We propose that the domain of a Domain-Specific Language (DSL) can be characterised by: 1. the class of environments in which systems developed in the language are expected to operate; and 2. the class of properties which such systems are expected to possess. The design of DSLs should therefore include the development of a proof system that eases the task of proving the properties in the class identified for the anticipated operating environments. We develop these ideas in the context of industrial computing systems by presenting a semantics and proof system for a language based on IEC 1131-3, the international standard programming language for programmable controllers. Of particular significance in this example is the use of a diagrammatic representation and the development of a proof system for a class of invariance properties that requires only local knowledge of the structure of diagrams.

6 citations


Proceedings Article
01 Jan 1998
TL;DR: The experience carried out to specify and validate the Inter-consistency fault tolerance mechanism proposed in the GUARDS project 14], based on model checking technique and exploits the veriication methodology supported by the JACK environment.
Abstract: In this paper we report the experience carried out to specify and validate the Inter-consistency fault tolerance mechanism proposed in the GUARDS project 14]. The validation approach is based on model checking technique and exploits the veriication methodology supported by the JACK environment 5]. In this approach, the behaviour of the Inter-consistency mechanism is speciied as a network of processes, deened in a process algebra or, graphically, as Labelled Transition Systems. Using the JACK tools the global nite state model of the behaviour of the mechanism is produced. In this model, actions modeling the occurrences of faults are included, following some fault assumptions that can be modiied to study the behaviour of the mechanism under diierent fault hypotheses. The properties that guarantee the desired behaviour of the mechanism are then speciied as temporal logic formulae; the JACK model checker allows us to verify that the behaviour of the mechanism satisses such properties also in presence of faults conformant to the fault assumptions.

3 citations


Proceedings Article
01 Jan 1998

2 citations




Journal ArticleDOI
26 May 1998
TL;DR: This paper discusses validation techniques for communication protocols and analyzes the practical use of selected validation techniques in an automated manner and evaluates the Q.2931 SDL specification.
Abstract: This paper discusses validation techniques for communication protocols and analyzes the practical use of selected validation techniques in an automated manner. A case study on validating the ATM (Asynchronous Transfer Mode) Signalling Protocol as specified by ITU-T in Q.2931 is used for this analysis. Different error classes are identified and validated. An assessment of the different validation techniques in terms of effort and quality of results is given. As a result of the case study, an evaluation of the Q.2931 SDL specification completes the paper.