Showing papers presented at "Formal Methods for Industrial Critical Systems in 2003"

Efficient on-the-fly model-checking for regular alternation-free mu-calculus

Abstract: Model-checking is a successful technique for automatically verifying concurrent finite-state systems. When designing a model-checker, a good compromise must be made between the expressive power of the property description formalism, the complexity of the model-checking problem, and the user-friendliness of the interface. We present a temporal logic and an associated model-checking method that attempt to fulfill these criteria. The logic is an extension of the alternation-free µ-calculus with ACTL-like action formulas and PDL-like regular expressions, allowing a concise and intuitive description of safety, liveness, and fairness properties over labeled transition systems. The model-checking method is based upon a succinct translation of the verification problem into a boolean equation system, which is solved by means of an efficient local algorithm having a good average complexity. The algorithm also allows to generate full diagnostic information (examples and counterexamples) for temporal formulas. This method is at the heart of the EVALUATOR 3.0 model-checker that we implemented within the CADP toolbox using the generic OPEN/CAESAR environment for on-the-fly verification.

Mode-automata: a new domain-specific construct for the development of safe critical systems

Abstract: Over the past ten years, the family of synchronous languages (Special Section of the Proc. IEEE 79 (9) (1991)) has been very successful in offering domain-specific, formally defined languages and programming environments for safety-critical systems. Among them, Lustre is well-suited for the development of regulation systems, which are first designed by control engineers, and can then be programmed as block-diagrams. Automatic generation of C code provides the embedded software.The success of Lustre showed that it is a good idea to offer domain-specific languages and constructs to reduce the gap between the first design of a system (for instance a control law) and the program written for it. When the structure of the first design has to be encoded into the available constructs of a general-purpose programming language, the interesting information is likely to be lost somewhere on the way from the original design to the actual implementation. This may have consequences on the efficiency of the code produced, or even on the correctness of the design.Working with the systems Lustre is well-suited for, we observed that they are often specified informally using the notion of running modes. However, there seemed to exist no language in which the mode-structure of a complex system could be expressed directly. Following the approach of domain-specific languages, we proposed to extend Lustre with a new construct, called mode-automaton, devoted to the description of these running modes of regulation systems.In this paper, we define the language of mode-automata and its semantics, give some ideas on the compilation process, illustrate the approach with the example of the production cell, and comment on the benefits of the approach, in general.

A B model for ensuring soundness of a large subset of the java card virtual machine

Abstract: Java Cards are a new generation of smart cards that use the Java programming language. As smart cards are usually used to supply security to an information system, security requirements are very strong. The byte code interpreter and verifier are crucial components of such cards, and proving their safety can become a competitive advantage. Previous works have been done on methodology for proving the soundness of the byte code interpreter and verifier using the B method. It refines an abstract defensive interpreter into a byte code verifier and a byte code interpreter. However, this work had only been tested on a very small subset of the Java Card instruction set. This paper presents a work aiming at verifying the scalability of this previous work. The original instruction subset of about 10 instructions has been extended to a larger subset of more than one hundred instructions, and the additional cost of the proof has been managed by modifying the specification in order to group opcodes by properties.

Automatically verifying an object-oriented specification of the steam-boiler system

Abstract: Correctness is a desired property of industrial software systems. Although the employment of formal methods and their verification techniques in embedded real-time systems has started to be a common practice, the same cannot be said about object-oriented software. This paper presents an experiment of a technique for the automated verification of a subset of the object-oriented language OBject LOGic (OBLOG). In our setting, object-oriented models are automatically translated to LOTOS specifications using a programmable rule-based engine included in the Development Environment of the OBLOG language. The resulting specifications are then verified by model-checking using the CADP tool-box. To illustrate the concept we develop and verify an object-oriented specification of a well-known case study-the Steam-Boiler Control System.

UML-based Tool for Constructing Component Systems via Component Behaviour Inheritance

Abstract: We present a tool which integrates the Unified Modeling Language with a processoriented technique for component system specification and design. We have transformed the definition of process inheritance into definitions of inheritance of UML diagrams. The definitions of UML diagrams inheritance have been built into the tool to guarantee component system development with correct inheritance of component behaviour.

Integration of Informal and Formal Development of Object-Oriented Safety-Critical Software: A Case Study with the KeY System

Abstract: The KeY system allows integrated informal and formal development of objectoriented Java software. In this paper we report on a major industrial case study involving safety-critical software for computation of a particular kind of railway time table used by train drivers. Our case study includes formal specification of requirements on the analysis and the implementation level. Particular emphasis in our research is put on the challenge of how authoring and maintenance of formal specifications can be made easier. We demonstrate that the technique of specification patterns implemented in KeY for the language OCL yields significant improvements.

Automatic Detection of Copies Divergence in Collaborative Editing Systems

Abstract: The design of collaborative editing (CE) system is a difficult and error-prone activity, since building the correct operations for maintaining good convergence properties of the local copies requires examining a large number of situations. The operational transformation is an approach which is used for achieving convergence in CE system. But, it imposes the verification of two conditions, C1 and C2, whose the proof is often difficult to handily produce and unmanageably complicated. In this paper, we present an initial version of a tool for automatically verifying these conditions. The input of our tool consists of a formal specification written in algorithmic style which gives the behaviour system and the functional description of the transformation algorithm. The tool builds an algebraic specification described in terms of conditional equations. As verification back-end we use an automated induction-based theorem prover. We show in this work how to support the development of transformation algorithms by an automatic theorem prover that allows for an automated analysis of the numerous cases and therefore allows to derive a formal proof of the convergence property of the resulting editor. We give two case studies about different group editors which confirm the viability of our tool.

Preface: special issue on the fifth international workshop of the ERCIM working group on formal methods for industrial critical systems, Berlin, April 3-4, 2000-selected papers

Abstract: The purpose of this special issue of the International Journal “Science in Computer Programming” is to present a selection of papers from the Proceedings of the 5th ERCIM International Workshop on Formal Methods for Industrial Critical Systems (FMICS), which took place in Berlin in March 2000. FMICS is the ERCIM Working Group on Formal Methods for Industrial Critical Systems. Launched in 1996 by Diego Latella and Stefania Gnesi (CNR Pisa), the FMICS working group is currently chaired by Hubert Garavel (INRIA Rhone-Alpes). FMICS workshops are dedicated to interested researchers and practitioners at ERCIM sites, universities and industry active in the industrial application of formal methods. Among a variety of formal methods conferences and workshops FMICS is increasing its popularity. The idea of FMICS workshops is to attract people with industrial relevant topics, with internationally well-known invited speakers and with high-quality technical papers in combination with a discussion podium for the exchange of ideas in a working atmosphere. The 5th FMICS was organized right after ETAPS’2000—the European Joint Conferences on Theory and Practice of Software in Berlin, hosted and organized at the GMD Research Institute for Open Communication Systems (FOKUS) in Berlin, Germany. After starting the FMICS workshop series 1996 in Oxford (UK) further workshops followed: 1997 in Cesena (I), 1998 in Amsterdam (NL) and 1999 in Trento (I). Two invited talks were given, the Erst one by Gunter Karjoth, IBM Zurich (CH), addressing the value of formal methods for security properties such as conEdentiality and authenticity and the second one by Holger Hermanns, University of Twente (NL), discussing performance and reliability model checking and construction exempliEed for the Hubble space telescope. The selected papers are not comprehensive for all facets of the state of the art in Formal Methods with respect to their use in—and suitability for—industry. Nevertheless, they give a picture of dedicated main streams of work. Paulo J.F. Carreira and Miguel E.F. Costa in the paper Automatically verifying an object-oriented speci cation of the Steam-Boiler system present a framework on an automated veriEcation of OBLOG speciEcations by using model-checking techniques.

Formal methods research at SICS and KTH: an overview

Abstract: We present a survey of the activities of the formal design techniques group in the area of industrial critical systems.