Arnaud Lanoix

Using temporal logic for dynamic reconfigurations of components

Dynamic reconfigurations increase the availability and the reliability of component-based systems by allowing their architectures to evolve at run-time. This paper deals with the formal specification and verification of dynamic reconfigurations of those systems using architectural constraints and temporal logic patterns. The proposals of the paper are applied to the Fractal component model. Given a Fractal reference implementation of a component-based system, we specify its dynamic reconfigurations using a temporal pattern logic for Fractal, called FTPL, characterizing the correct behaviour of the system under some architectural constraints. We study system reconfigurations on which we verify these requirements, in particular by reusing the FPath and FScript tools.

Combining Proof and Model-checking to Validate Reconfigurable Architectures

This paper deals with the formal specification and verification of dynamic reconfigurations of component-based systems. To validate such complex systems, there is a need to check model consistency and also to ensure that dynamic reconfigurations satisfy architectural and integrity constraints, invariants, and also temporal constraints over (re)configuration sequences. As architectural constraints involve first-order formulae, and a behavioural semantics of reconfigurations gives rise to infinite state systems, we propose to associate proof and model-checking within the well-established B method, to support the modelling of such systems and the (partial-)validation of their dynamic reconfigurations. The objective of the paper is twofold. First, given a hierarchical B model of component-based architectures, we validate it by proving its consistency. Second, given linear temporal logic formulae expressing the desirable dynamic behaviour of the system, we validate reconfigurable system architectures by using bounded model-checking tools supporting the B method. The main contributions are illustrated on the example of a HTTP server architecture.

Runtime Verification of Temporal Patterns for Dynamic Reconfigurations of Components

Dynamic reconfigurations increase the availability and the reliability of component-based systems by allowing their architectures to evolve at runtime. Recently we have proposed a temporal pattern logic, called FTPL, to characterize the correct reconfigurations of component-based systems under some temporal and architectural constraints.

Towards Validating a Platoon of Cristal Vehicles Using CSP

The so-called platooning problem consists in making autonomous vehicles move in a convoy. It crosses several domains: distributed systems, embedded systems, multi-agent systems and critical systems. We thus propose to use the combination named CSP||B of two well-known formal methods to assess and verify properties of this complex system. To that end we make use of previous theoretical results on CSP||B. We also illustrate how this methodology spans the multiple composition levels of the resulting model.

Using Assertions to Enhance the Correctness of Kmelia Components and their Assemblies

The Kmelia component model is an abstract formal component model based on services. It is dedicated to the specification and development of correct components. This work enriches the Kmelia language to allow the description of data, expressions and assertions when specifying components and services. The objective is to enable the use of assertions in Kmelia in order to support expressive service descriptions, to support client/supplier contracts with pre/post-conditions, and to enhance formal analysis of component-based systems. Assertions are used to perform analysis of services, component assemblies and service compositions. Additionally we enable the definition of virtual contexts for required services and the corresponding observable state space for the components which provide the services. We illustrate the work with the verification of consistency properties involving data at component and assembly levels.

Trustworthy Interface Compliancy: Data Model Adaptation Using B Refinement

In component-based software development approaches, components are considered as black boxes, communicating through required and provided interfaces which describe their visible behaviors. Each component interface is equipped with a suitable data model defining all the types occurring in the interface operations. The provided interfaces are checked to be compatible with the corresponding required interfaces, by the way of adapters. We propose a method to develop and verify these adapters when the interface data models are different, using the formal method B. The use of B assembling and refinement mechanisms eases the verification of the interoperability between interfaces and the correctness of the component assembly.

Moving from Event-B to probabilistic Event-B

We propose a fully probabilistic extension of Event-B where all the non-deterministic choices are replaced with probabilities. We present the syntax and the semantics of this extension and introduce novel and adapted proof obligations for proving the correctness of probabilistic Event-B models. As a preliminary step towards handling refinement of probabilistic Event-B models, we propose sufficient conditions for the almost-certain convergence of a set of events and express them in terms of proof obligations. We illustrate our work by presenting a case study specified in both standard and probabilistic Event-B.

Introducing probabilistic reasoning within Event-B

Event-B is a proof-based formal method used for discrete systems modelling. Several works have previously focused on the extension of Event-B for the description of probabilistic systems. In this paper, we propose an extension of Event-B that allows designing fully probabilistic systems as well as systems containing both probabilistic and non-deterministic choices. Compared to existing approaches which only focus on probabilistic assignments, our approach allows expressing probabilistic choices in all places where non-deterministic choices originally appear in a standard Event-B model: in the choice between enabled events, event parameter values and in probabilistic assignments. Furthermore, we introduce novel and adapted proof obligations for the consistency of such systems and introduce two key aspects to incremental design: probabilisation of existing events and refinement through the addition of new probabilistic events. In particular, we provide proof obligations for the almost-certain convergence of a set of new events, which is a required property in order to prove standard refinement in this context. Finally, we propose a fully detailed case study, which we use throughout the paper to illustrate our new constructions.

Systematic Construction of Critical Embedded Systems Using Event-B

We propose a method to build critical embedded control systems in a systematic way. The method covers the modelling of both the digital part and the physical environment of a considered system, and their refinement until more concrete levels. It is based on Event-B in order to benefit from its materials, stepwise refinements and tools. Two main processes are distinguished: one to capture the global model, the other to detail the global model; they are made of several refinement steps which are accompanied with guidelines. The precise description of the interface between the digital and physical parts is used to start the modelling process. The recurrent categories of variables and events in control systems are described and used as guidelines to conduct a systematic construction. We illustrate the method with the landing gear system case study.

Reliability in Fully Probabilistic Event-B: How to Bound the Enabling of Events

In previous work, we have proposed a fully probabilistic version of Event-B where all the non-deterministic choices are replaced by probabilistic ones and, particularly, the events are equipped with weights that allow us to consider their enabling probability. In this work, we focus on the reliability of the system by proposing to constraint the probability of enabling an event (or a set of events) to control its importance with regard to the intended system behaviour. We add a specific upper bound which must limit the enabling probabilities of the chosen events and we consider the necessary proof obligations to check that the considered events respect the bound. At the end, we illustrate our work by presenting a case study specified in probabilistic Event-B and where bounding the enabling of some events is mandatory.