Formal Methods (Formal Verification)

Explicit Stabilisation for Modular Rely-Guarantee Reasoning

by John Wickerson

With Mike Dodds and Matthew Parkinson. In Proceedings of ESOP 2010.

We propose a new formalisation of stability for Rely-Guarantee, in which an assertion's stability is encoded into its... more We propose a new formalisation of stability for Rely-Guarantee, in which an assertion's stability is encoded into its syntactic form. This allows two advances in modular reasoning. Firstly, it enables Rely-Guarantee, for the first time, to verify concurrent libraries independently of their clients' environments. Secondly, in a sequential setting, it allows a module's internal interference to be hidden while verifying its clients. We demonstrate our approach by verifying, using RGSep, the Version 7 Unix memory manager, uncovering a twenty-year-old bug in the process.

Misyurov D.A. Dialectical formulas based on the binary notation as the development formulas // Credo New. 2012. №2

by Dmitry Misyurov

The article suggests dialectical formulas based on the binary notation as the development formulas: formula with... more The article suggests dialectical formulas based on the binary notation as the development formulas: formula with dominant and the non-dominant elements; universal formula; formula with symbolic weight of elements; tautological formula. For example, it suggests an opportunity to use the dialectical formulas for modeling and artificial intelligence creation, etc.

From UML State Machines to Verifiable Lotos Specifications

by Reza Babaee

A Straightforward Algorithm to Transform Robot Control State Machines into Verifiable Lotos Specifications

by Reza Babaee

Specifying UML Protocol State Machines in Alloy

by Ana Paiva

A UML Protocol State Machine (PSM) is a UML behavioral diagram for the speci cation of the external behavior of a... more A UML Protocol State Machine (PSM) is a UML behavioral diagram for the specication of the external behavior of a class,
interface or component. PSMs have been used in the software development process for dierent purposes, such as requirements analysis and testing. However, like other UML diagrams, they are often difficult to validate and verify, even when combined with other artifacts, such as Object Constraint Language (OCL) specications. This drawback can be overcome by application of an o-the-shelf formal method, namely one supporting automatic validation and verication. Among those, we
have the increasingly popular Alloy, based on a simple relational
avor of rst-order logic. This paper presents a model transformation from PSMs, optionally complemented with OCL specications, to Alloy. Not only it enables automatic verication and validationof PSMs, but also a smooth integration of Alloy in current software development practices.

GENERALIZATION AND INSTANTIATION FOR COMPONENT REUSE

by Samira Sadaoui

An Efficient Lotos-based Framework for Describing and Solving (Temporal) CSPs

by Malek Mouhoub

S. Sadaoui, M. Mouhoub and B. Chen. An Efficient Lotos-based Framework for Describing and Solving (Temporal) CSPs. International journal of Software Engineering and Knowledge Engineering (IJSEKE), Vol. 19(6), pages 765-789, 2009.

Simulation of complex Lotos specifications is not always efficient due to the space explosion problem of their... more Simulation of complex Lotos specifications is not always efficient due to the space explosion problem of their corresponding transition systems. To overcome this difficulty in practice, we present in this paper a novel approach which integrates constraint propagation techniques into the Lotos specifications. These solving techniques are used to reduce the size of the search space before and during the search for a solution to a given combinatorial problem under constraints. In order to do that, we first tackle the challenging task of describing combinatorial problems in Lotos using the Constraint Satisfaction Problem (CSP) framework. In this regard, we provide two generic Lotos templates for describing CSPs and temporal CSPs (CSPs involving temporal constraints). To evaluate the time performance of the framework we propose, we have conducted several experimental tests on instances of the N-Queens, the machine scheduling and randomly generated CSPs. The results of these experiments are promising and demonstrate the efficiency of Lotos simulation when CSP techniques are integrated.

Formal description techniques for CSPs and TCSPs

by Malek Mouhoub

CiteSeerX Google scholar BibTeX bibliographical record in XML Malek Mouhoub, Samira Sadaoui, Amrudee Sukpan: Formal Description Techniques for CSPs and TCSPs. SEKE 2004: 406-410

LOTOS is a formal specification technique for describing and verifying complex systems. In this paper, we investigate... more LOTOS is a formal specification technique for describing and verifying complex systems. In this paper, we investigate the applicability of LOTOS to specify and solve Constraint Satisfaction Problems (CSPs) as well as Temporal Constraint Satisfaction Problems (TCSPs). A CSP is a general framework used to represent and solve a large variety of combinatorial problems including frequency assignment, configuration and conceptual design, network management and transportation. A TCSP is one particular case of CSPs, where constraints are temporal relations between temporal variables defined over a set of time intervals. TCSPs are used to handle problems involving temporal constraints such as scheduling, planning and computational linguistics.Through simulation and model-checking verification, we show, in this paper, how to solve CSPs and TCSPs using LOTOS specifications.

Translating Haskell# Programs into Petri Nets

by Francisco Carvalho-Junior

Lecture Notes in Computer Science
Volume 2565, pages 635-649
DOI: 10.1007/3-540-36569-9_43

Abstract Haskell# is a concurrent programming environment aimed at parallel distributed architectures. Haskell#... more Abstract Haskell# is a concurrent programming environment aimed at parallel distributed architectures. Haskell# programs may be automatically translated to Petri nets, an important formalism for analysis of properties of concurrent and non-determinisc systems. This paper motivates and formalizes the translation of Haskell# programs into Petri nets, providing some examples of their usage.

A formally verified AKA protocol for vertical handover in heterogeneous environments using Casper/FDR

by Mahdi Aiash

Mahdi Aiash, Glenford Mapp, Aboubaker Lasebae, Raphael Phan, Jonathan Loo

EURASIP Journal on Wireless Communications and Networking.

Next generation networks will comprise di®erent wireless networks including cellular technologies, WLAN and indoor... more Next generation networks will comprise di®erent wireless networks including cellular technologies, WLAN and indoor technologies. To support these heterogeneous environments, there is a need to consider a new design of the network infrastructure. Furthermore, this heterogeneous environment implies that future devices will need to roam between di®erent networks using vertical handover techniques. When a mobile user moves into a new foreign network, data con¯dentiality and mutual authentication between the user and the network are vital issues in this heterogeneous environment. This article deals with these issues by ¯rst examining the implication of moving towards an open architecture, and then looking at how current approaches such as the 3GPP, HOKEY and mobile ethernet respond to the new environment while trying to address the security issue. The results indicate that a new authentication and key agreement protocol is required to secure handover in this environment. Casper/FDR, is used in the analysis and development of the protocol. The proposed protocol has been proven to be successful in this heterogeneous environment. Keywords: authentication and key agreement protocol; secure vertical handover; heterogeneous environments; Casper/FDR.

Using Spec Explorer for Automatic Checking of Constraints in Software Controlled System

by Salam Al-E'mari

In software engineering, several formal models and tools are proposed for defining system requirements and constraints... more In software engineering, several formal models and tools are proposed for defining system requirements and constraints formally. Such formal  definitions can help in the automatic checking and verification for them. It can also help in the automatic test case generation, execution and verification. In this paper, we will demonstrate and evaluate the usage of Spec Explorer from Microsoft for defining and checking examples of software controlled system such as cruise control. Such formal requirements can be eventually embedded in the developed system or can help in exposing important elements to test in the testing stage or through the usage of the application

Towards agent-based modeling and verification of collaborative business processes: An approach centered on interactions and behaviors

by Marco Stuit

Marco Stuit, Nick Szirbik
International Journal of Cooperative Information Systems, 18(3/4), pages 423-479, 2009.

Perracotta: Mining Temporal API Rules from Imperfect Traces

by David Evans

Jinlin Yang, David Evans, Deepali Bhardwaj, Thirumalesh Bhat, Manuvir Das
28th International Conference on Software Engineering
Shanghai, China
20-28 May 2006

Dynamic inference techniques have been demonstrated to provide useful support for various software engineering tasks... more Dynamic inference techniques have been demonstrated to provide useful support for various software engineering tasks including bug finding, test suite evaluation and improvement, and specification generation. To date, however, dynamic inference has only been used effectively on small programs under controlled conditions. In this paper, we identify reasons why scaling dynamic inference techniques has proven difficult, and introduce solutions that enable a dynamic inference technique to scale to large programs and work effectively with the imperfect traces typically available in industrial scenarios. We describe our approximate inference algorithm, present and evaluate heuristics for winnowing the large number of inferred properties to a manageable set of interesting properties, and report on experiments using inferred properties. We evaluate our techniques on JBoss and the Windows kernel. Our tool is able to infer many of the properties checked by the Static Driver Verifier and leads us to discover a previously unknown bug in Windows.

2010 Defense Acquisition Review Journal Paper: "A New Process for the Acceleration Test and Evaluation of Aeromedical Equipment for US Air Force Safe-To-Fly Certification"

by Ismail Cicek, Ph.D. (Isaac)

Cicek, I and Beisner, G. S.; "A New Process for the Acceleration Test and Evaluation of Aeromedical Evacuation (AE) Equipment for USAF Safe-to-Fly (STF) Certification," Defense Acquisition Review Journal (Defense ARJ), Volume 56, pp. 458-507, October 2010.

Aeromedical flight equipment must meet airworthiness criteria according to Department of Defense Handbook... more Aeromedical flight equipment must meet airworthiness criteria according to Department of Defense Handbook MIL-HDBK-516, Airworthiness Certification Criteria, MIL-STD-810G, and MIL-STD-1791, which requires restraint of any item that may potentially cause injury to personnel during emergency landings, ditching, or crash loads.

Several government standards provide adequate descriptions of acceleration test methods; however, none formally documents a non-destructive test method to qualify equipment as safe-to-fly (STF). Using the USAF fixed-wing aircraft STF test criteria, this article presents a structured process developed by the Aeromedical Test Branch, 77th Aeronautical Systems Group, to assess equipment as STF. Further, it demonstrates the application of this process to meet the acceleration requirements for aeromedical evacuation equipment.

Visualizing Z Notation In HTML Documents

by Paolo Ciancarini

A decision procedure for geometry in coq

by Julien Narboux

Composition of Partially Observable Services Exporting their Behaviour

by Riccardo De Masellis

Co-authored with Giuseppe De Giacomo and Fabio Patrizi.
In proceedings of 19th International Conference on Automated Planning and Scheduling (ICAPS '09)

In this paper we look at the problem of composing services
that export their behavior in terms of a transition... more In this paper we look at the problem of composing services
that export their behavior in terms of a transition system,
characterizing the choices of actions given to a client at each
point in time. The composition consists of synthesizing an
orchestrator that coordinates the available services so as to
mimic the desired target service asked by the client. Specifically, in this paper we study the “conformant form” of the
problem, where available services are partially controllable
and partially observable, and hence, the orchestrator has to
make its decisions exploiting the observations made so far
only. We give a sound and complete procedure to synthesize
the orchestrator in such case, and characterize the computational complexity of the problem. The procedure is based on
working with belief (or knowledge) states, a standard technique to tackle conformant planning. Moreover we show that,
although in general unavoidable, the powerset construction at
the base of the belief state approach can be delegated to the
symbolic manipulations of the game-structure model checking tool (TLV), which can be used to efficiently implement the
orchestrator synthesis procedure.

Smart Home Planning Programs

by Riccardo De Masellis

Co authored with Claudio Di Ciccio, Massimo Mecella and Fabio Patrizi.
In proceedings of 7th International Conference on Service Systems and Service Management (ICSSSM '10).

In pervasive (ubiquitous) computing an increasing amount of devices are embedded and interconnected in the user’s... more In pervasive (ubiquitous) computing an increasing amount of devices are embedded and interconnected in the user’s environment, e.g., a smart house. The system needs to adapt to the user’s varying contexts and goals. The aim is to provide
transparent services, reacting to input from the users and to the state of the environment. As user’s requirements increase and
new devices are inserted, new services need to be dynamically created. We present a technique that allows the user to express
planning programs (i.e., procedures allowing to go through different states of the environment) and to have it realized through
automatic service composition techniques.

Conjunctive Artifact-Centric Services

by Riccardo De Masellis

Co authored with Piero Cangialosi, Giuseppe De Giacomo, and Riccardo Rosati.
In proceedings of The 8th International Conference on Service Oriented Computing (ICSOC '10).

Artifact-centric services are stateful service descriptions centered
around “business artifacts”, which contain... more Artifact-centric services are stateful service descriptions centered
around “business artifacts”, which contain both a data schema holding all the
data of interest for the service, and a lifecycle schema, which specifies the process that the service enacts. In this paper, the data schemas are full-fledged relational databases, and the lifecycle schemas are specified as sets of condition-action
rules, where conditions are evaluated against the current snapshot of the artifact,
and where actions are suitable updates to database. The main characteristic of this
work is that conditions and actions are based on conjunctive queries. In particular,
we exploit recent results in data exchange to specify through tuple-generatingdependencies (tgds) the effects of actions. Using such basis we develop sound
and complete verification procedures, which, in spite of the fact that the number of states of an artifact-centric service can be infinite, reduce to the finite case
through a suitable use of homomorphism induced by the conjunctive queries.

Verification of Conjunctive-Query Based Semantic Artifacts

by Riccardo De Masellis

Co-authored with Babak Bagheri Hariri, Diego Calvanese and Giuseppe De Giacomo.
In proceedings of the 24th International Workshop on Description Logics (DL '11).

We introduce semantic artifacts, which are a mechanism that provides
both a semantically rich representation of... more We introduce semantic artifacts, which are a mechanism that provides
both a semantically rich representation of the information on the domain of interest
in terms of an ontology, including the underlying data, and a set of actions to
change such information over time. In this paper, the ontology is specified as a
DL-Lite TBox together with an ABox that may contain both (known) constants
and unknown individuals (labeled nulls, represented as Skolem terms). Actions are
specified as sets of conditional effects, where conditions are based on conjunctive
queries over the ontology (TBox and ABox), and effects are expressed in terms of
new ABoxes. In this setting, which is obviously not finite state, we address the
verification of temporal/dynamic properties expressed in -calculus. Notably, we
show decidability of verification, under a suitable restriction inspired by the notion
of acyclicity in data exchange.