Statistical Model Checking of Dynamic Software Architectures.
Everton Cavalcante, Jean Quilbeuf, Louis-Marie Traonouez,
Flavio Oquendo, Thais Batista, Axel Legay.
10th European Conference on Software Architecture (ECSA) Copenhagen, Denmark, November 28 -December 2, 2016.
Résumé
The critical nature of many complex software-intensive systems calls for formal, rigorous architecture descriptions
as means of supporting automated verification and enforcement of architectural properties and constraints. Model checking has
been one of the most used techniques to automatically verify software architectures with respect to the satisfaction of architectural
properties. However, such a technique leads to an exhaustive exploration of all possible states of the system, a problem that becomes
more severe when verifying dynamic software systems due to their typical non-deterministic runtime behavior and unpredictable operation
conditions. To tackle these issues, we propose using statistical model checking (SMC) to support the verification of dynamic software
architectures while aiming at reducing computational resources and time required for this task. In this paper, we introduce a novel
notation to formally express architectural properties as well as an SMC-based toolchain for verifying dynamic software architectures
described in Pi-ADL, a formal architecture description language. We use a flood monitoring system to show how to express relevant
properties to be verified. We also report the results of some computational experiments performed to assess the efficiency of our approach.
|
[BibTeX]
[PDF]
|
Plasma Lab: A Modular Statistical Model Checking Platform.
Axel Legay,
Sean Sedwards,
Louis-Marie Traonouez.
Leveraging Applications of Formal Methods, Verification and Validation. Foundational Techniques.
7th International Symposium ISoLA, Corfu, Greece, October 10-14, 2016.
Résumé
We present an overview of Plasma Lab, a modular statistical model checking (SMC) platform that facilitates
multiple SMC algorithms, multiple modelling and query languages and has multiple modes of use. Plasma Lab may be used
as a stand-alone tool with a graphical development environment or invoked from the command line for high performance
scripting applications. Plasma Lab is written in Java for maximum cross-platform compatibility, but it may interface
with tools and libraries written in arbitrary programming languages. Plasma Lab’s API also allows it to be incorporated
as a library within other tools.
We first describe the motivation and architecture of Plasma Lab, then proceed to describe some of its important algorithms,
including those for rare events and nondeterminism. We conclude with a number of industrially-relevant case studies and applications.
|
[BibTeX]
[PDF]
|
A Logic for the Statistical Model Checking of Dynamic Software Architectures.
Jean Quilbeuf, Everton Cavalcante, Louis-Marie Traonouez,
Flavio Oquendo, Thais Batista, Axel Legay
Leveraging Applications of Formal Methods, Verification and Validation. Foundational Techniques.
7th International Symposium ISoLA, Corfu, Greece, October 10-14, 2016.
Résumé
Dynamic software architectures emerge when addressing important features of contemporary systems,
which often operate in dynamic environments subjected to change. Such systems are designed to be reconfigured
over time while maintaining important properties, e.g., availability, correctness, etc. Verifying that reconfiguration
operations make the system to meet the desired properties remains a major challenge. First, the verification process
itself becomes often difficult when using exhaustive formal methods (such as model checking) due to the potentially
infinite state space. Second, it is necessary to express the properties to be verified using some notation able to
cope with the dynamic nature of these systems. Aiming at tackling these issues, we introduce DynBLTL, a new logic
tailored to express both structural and behavioral properties in dynamic software architectures. Furthermore, we propose
using statistical model checking (SMC) to support an efficient analysis of these properties by evaluating the
probability of meeting them through a number of simulations. In this paper, we describe the main features of DynBLTL
and how it was implemented as a plug-in for PLASMA, a statistical model checker.
|
[BibTeX]
[PDF]
|
A formal modeling and analysis framework for software product line of preemptive real-time systems.
Jin Hyun Kim, Axel Legay,
Louis-Marie Traonouez, Mathieu Acher, Sungwon Kang.
31st Annual ACM Symposium on Applied Computing (SAC), Pisa, Italy, April 4-8, 2016.
Résumé
This paper presents a formal analysis framework to analyze a family of platform products w.r.t. real-time properties.
First, we propose an extension of the widely-used feature model, called Property Feature Model (PFM), that distinguishes features
and properties explicitly Second, we present formal behavioral models of components of a real-time scheduling unit such that all
real-time scheduling units implied by a PFM are automatically composed to be analyzed against the properties given by the PFM.
We apply our approach to the verification of the schedulability of a family of scheduling units using the symbolic and
statistical model checkers of Uppaal.
|
[BibTeX]
[Short PDF]
[Long PDF]
|
Domain-Specific Code Generator Modeling: A Case Study for Multi-faceted Concurrent Systems.
Stefan Naujokat, Louis-Marie Traonouez, Malte Isberner,
Bernhard Steffen,
Axel Legay.
Leveraging Applications of Formal Methods, Verification and Validation. Technologies for Mastering Change.
6th International Symposium ISoLA, Corfu, Greece, October 8-11, 2014.
Résumé
In this paper we discuss an elaborate case study utilizing the domain-specific development
of code generators within the Cinco meta tooling suite. Cinco is a framework that allows for the
automatic generation of a wide range of graphical modeling tools from an abstract high-level specification.
The presented case study makes use of Cinco to rapidly construct custom graphical interfaces for multi-faceted,
concurrent systems, comprising non-functional properties like time, probability, data, and costs. The point of
this approach is to provide user communities and their favorite tools with graphical interfaces tailored to
their specific needs. This will be illustrated by generating graphical interfaces for timed automata (TA),
probabilistic timed automata (PTA), Markov decision processes (MDP) and simple labeled transition systems (LTS).
The main contribution of the presented work, however, is the metamodel-based domain-specific construction of the
corresponding code generators for the verification tools Uppaal, Spin, Plasma-lab, and Prism.
|
[BibTeX]
[PDF]
|
A Formalism for Stochastic Adaptive Systems.
Benoît Boyer, Axel Legay, Louis-Marie Traonouez.
Leveraging Applications of Formal Methods, Verification and Validation. Specialized Techniques and Applications.
6th International Symposium ISoLA, Corfu, Greece, October 8-11, 2014.
Résumé
Complex systems such as systems of systems result from the combination of several components
that are organized in a hierarchical manner. One of the main characteristics of those systems is their
ability to adapt to new situations by modifying their architecture. Those systems have recently been the
subject of a series of works in the software engineering community. Most of those works do not consider
quantitative features. The objective of this paper is to propose a modeling language for adaptive systems
whose behaviors depend on stochastic features. Our language relies on an extension of stochastic transition
systems equipped with (1) an adaptive operator that allows to reason about the probability that a system
has to adapt its architecture over time, and (2) dynamic interactions between processes.
As a second contribution, we propose a contract-based extension of probabilistic linear temporal
logic suited to reason about assumptions and guarantees of such systems. Our work has been implemented
in the Plasma-Lab tool developed at Inria. This tool allows us to define stochastic adaptive systems with
an extension of the Prism language, and properties with patterns. In addition, Plasma-Lab offers a
simulation-based model checking procedure to reason about finite executions of the system.
First experiments on a large case study coming from an industrial driven European project give encouraging results.
|
[BibTeX]
[PDF]
|
Structural Refinement for the Modal nu-Calculus.
Uli Fahrenberg,
Axel Legay,
Louis-Marie Traonouez.
11th International Colloquium on Theoretical Aspects of Computing (ICTAC),
Bucharest, Romania, September 17-19, 2014.
Résumé
We introduce a new notion of structural refinement, a sound abstraction of logical implication,
for the modal nu-calculus. Using new translations between the modal nu-calculus and disjunctive modal
transition systems, we show that these two specification formalisms are structurally equivalent.
Using our translations, we also transfer the structural operations of composition and quotient from
disjunctive modal transition systems to the modal nu-calculus. This shows that the modal nu-calculus
supports composition and decomposition of specifications.
|
[BibTeX]
[PDF]
|
Compositionality for Quantitative Specifications.
Uli Fahrenberg,
Jan Křetínský,
Axel Legay, Louis-Marie Traonouez.
11th International Symposium on Formal Aspects of Component Software (FACS),
Bertinoro, Italy, September 10-12, 2014.
Résumé
We provide a framework for compositional and iterative design and verification of systems with
quantitative information, such as rewards, time or energy. It is based on disjunctive modal transition
systems where we allow actions to bear various types of quantitative information. Throughout the design
process the actions can be further refined and the information made more precise. We show how to compute
the results of standard operations on the systems, including the quotient (residual), which has not been
previously considered for quantitative non-deterministic systems. Our quantitative framework has close
connections to the modal nu-calculus and is compositional with respect to general notions of distances
between systems and the standard operations.
|
[BibTeX]
[PDF]
|
PyEcdar: Towards Open Source Implementation for Timed Systems.
Axel Legay, Louis-Marie Traonouez.
11th International Symposium on Automated Technology for Verification and Analysis (ATVA),
Hanoi, Vietnam, October 15-18 2013.
Résumé
PyEcdar is an open source implementation for reasoning on timed systems.
PyEcdar's main objective is not efficiency, but rather flexibility to test and
implement new results on timed systems.
|
[BibTeX]
[PDF]
|
QUAIL: A Quantitative Security Analyzer for Imperative Code.
Fabrizio Biondi,
Axel Legay,
Louis-Marie Traonouez,
Andrzej Wąsowski.
25th International Conference on Computer Aided Verification (CAV),
Saint Petersburg, Russia, July 13-19, 2013.
Résumé
Quantitative security analysis evaluates and compares how effectively a system protects its secret data.
We introduce QUAIL, the first tool able to perform an arbitrary-precision quantitative analysis of the security of
a system depending on private information. QUAIL builds a Markov Chain model of the system's behavior as observed
by an attacker, and computes the correlation between the system's observable output and the behavior depending on
the private information, obtaining the expected amount of bits of the secret that the attacker will infer by observing
the system. QUAIL is able to evaluate the safety of randomized protocols depending on secret data, allowing to verify
a security protocol's effectiveness. We experiment with a few examples and show that QUAIL's security analysis is
more accurate and revealing than results of other tools.
|
[BibTeX]
[PDF]
|
Robust Specification of Real Time Components.
Kim G. Larsen,
Axel Legay,
Louis-Marie Traonouez,
Andrzej Wąsowski.
9th International Conference on Formal Modeling and Analysis of Timed Systems (FORMATS),
Aalborg, Denmark, September 2011.
Résumé
Specification theories for real-time systems allow to reason about interfaces and their
implementation models, using a set of operators that includes satisfaction, refinement, logical and
parallel composition. To make such theories applicable throughout the entire design process from an
abstract specification to an implementation, we need to be able to reason about possibility to effectively
implement the theoretical specifications on physical systems. In the literature, this implementation problem
has already been linked to the robustness problem for Timed Automata, where small perturbations in the timings
of the models are introduced. We address the problem of robust implementations in timed specification theories.
Our contributions include the analysis of robust timed games and the study of robustness with respect to the operators of the theory.
|
[BibTeX]
[PDF]
|
Symbolic Unfolding of Parametric Stopwatch Petri Nets.
Louis-Marie Traonouez, Bartosz Grabiec,
Claude Jard,
Didier Lime,
Olivier (H.) Roux.
8th International Symposium on Automated Technology for Verification and Analysis (ATVA), Singapore, September 2010.
Résumé
This paper proposes a new method to compute symbolic unfoldings for safe Stopwatch Petri Nets (SwPNs),
extended with time parameters, that symbolically handle both the time and the parameters. We propose a concurrent
semantics for (parametric) SwPNs in terms of timed processes à la Aura and Lilius. We then show how to compute a
symbolic unfolding for such nets, as well as, for the subclass of safe time Petri nets, how to compute a finite
complete prefix of this unfolding. Our contribution is threefold: unfolding in the presence of stopwatches or
parameters has never been addressed before. Also in the case of time Petri nets, the proposed unfolding has no
duplication of transitions and does not require read arcs and as such its computation is more local. Finally the
unfolding method is implemented (for time Petri nets) in the tool Romeo.
|
[BibTeX]
[PDF]
|
Diagnosis using unfoldings of parametric time petri nets.
Bartosz Grabiec, Louis-Marie Traonouez,
Claude Jard,
Didier Lime,
Olivier (H.) Roux.
8th International Conference on Formal Modelling and Analysis of Timed Systems (FORMATS), Vienna, Austria, September 2010.
Résumé
This paper considers the model of Time Petri Nets (TPNs) extended with time parameters
and its use to perform on-line diagnosis of distributed systems. We propose to base the method on
unfoldings. Given a partial observation, as a possibly structured set of actions, our method
determines the causal relation between events in the model that explain the observation. It can
also synthesize parametric constraints associated with these explanations. The method is implemented
in the tool Romeo. We present its application to the diagnosis of the example of a cowshed with pigs.
|
[BibTeX]
[PDF]
|
Romeo: A Parametric Model-Checker for Petri Nets with Stopwatches.
Didier Lime,
Olivier (H.) Roux,
Charlotte Seidner,
Louis-Marie Traonouez.
15th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS), York, United Kingdom, March 2009.
Résumé
Last time we reported on Romeo, analyses with this tool were mostly
based on translations to other tools. This new version provides an
integrated TCTL model-checker and has gained in expressivity with the
addition of parameters. Although there exists other tools to compute
the state-space of stopwatch models, Romeo is the first one that
performs TCTL model-checking on stopwatch models. Moreover, it is the
first tool that performs TCTL model-checking on timed parametric
models. Indeed, Romeo now features an efficient model-checking of time
Petri nets using the Uppaal DBM Library, the model-checking of
stopwatch Petri nets and parametric stopwatch Petri nets using the
Parma Polyhedra Library and a graphical editor and simulator of these
models. Furthermore, its audience has increased leading to several
industrial contracts. This paper reports on these recent developments
of Romeo.
|
[BibTeX]
[PDF]
|
Parametric Model-Checking of Time Petri Nets with Stopwatches Using the State-Class Graph.
Louis-Marie Traonouez,
Didier Lime,
Olivier (H.) Roux.
6th International Conference on Formal Modelling and Analysis of Timed Systems (FORMATS), Saint-Malo,
France, September 2008.
|
[BibTeX]
[PDF]
|