Barbora Zimmerova

Component-interaction automata as a verification-oriented component-based system specification

In the paper, we present a new approach to component interaction specification and verification process which combines the advantages of both architecture description languages (ADLs) at the beginning of the process, and a general formal verification-oriented model connected to verification tools at the end. After examining current general formal models with respect to their suitability for description of component-based systems, we propose a new verification-oriented model, Component-Interaction automata, and discuss its features. The model is designed to preserve all the interaction properties to provide a rich base for further verification, and allows the system behaviour to be configurable according to the architecture description (bindings among components) and other specifics (type of communication used in the synchronization of components).

Component Substitutability via Equivalencies of Component-Interaction Automata

We provide a new look at formal aspects of component substitutability (replacement of a component with a new one) and independent implementability (reuse of a component in any system where its implementation satisfies the specification given by the environment), in view of an underlying formalism called Component-interaction automata. Our aim is to offer a formal characterization of preconditions that lead to reconfiguration correctness (proper component substitution and safe independent implementation). Such preconditions then guarantee that the updated system remains equivalent to the former one and hence there is no need to verify it again. The contribution of the paper is twofold. First, we formally define three relations that allows us to compare behaviours of two components with respect to reconfiguration correctness. Namely, the equivalence relation, specification-implementation relation, and substitutability relation. Second, we formally characterize the problem of component substitutability for both equivalent and non-equivalent components, and the problem of independent implementability. The characterizations are captured in several propositions which are proved in the text.

Component-Interaction Automata Approach (CoIn)

The aim of the CoIn approach (Component-Interaction Automata approach)is to create a framework for formal analysis of behavioural aspects of large scale component-based systems. For the modelling purpose, we use the Component-interaction automatalanguage [1]. For the verification, we employ a parallel model-checker DiVinE [2], which is able to handle very large, hence more realistic, models of component-based systems. Verified properties, like consequences of service calls or fairness of communication, are expressed in an extended version of the Linear Temporal Logic CI-LTL.

Partial Order Reduction for State/Event LTL

Software systems assembled from a large number of autonomous components become an interesting target for formal verification due to the issue of correct interplay in component interaction. State/event LTL [1,2] incorporates both states and events to express important properties of component-based software systems. The main contribution of the paper is a partial order reduction technique for verification of state/event LTL properties. The core of the partial order reduction is a novel notion of stuttering equivalence which we call state/event stuttering equivalence. The positive attribute of the equivalence is that it can be resolved with existing methods for partial order reduction. State/event LTL properties are, in general, not preserved under state/event stuttering equivalence. To this end we define a new logic, called weak state/event LTL, which is invariant under the new equivalence.

Formal verification of systems with an unlimited number of components

In many real component-based systems and patterns of component interaction, there can be identified a stable part (such as control component, server, instance handler) and a number of uniform components of the same type (users, clients, instances). Such systems, the so-called control-user systems, are often modelled using an infinite set of finite models of particular components, parameterised by the number of uniform components in the system. However, if the maximal number of components is not known, this results in infinite-state models, which cannot be directly verified with effective (finite-state) techniques, like model checking. In this case, more involved techniques have to be employed. A verification technique for checking linear temporal logic (LTL)-like interaction properties on control-user systems with unlimited number of components using finite-state verification is proposed. The method is based on computing a cutoff on the number of uniform components (users), such that if the system is proved to be correct for every number of user components up to the cutoff, it is guaranteed to be correct for any larger number of components. The authors define the cutoff, prove that it guarantees the required property, introduce heuristics for computing the cutoff and demonstrate the overall technique on a number of previously published models.

Subject-observer specification with component-interaction automata

This paper presents our solution to the Subject-Observer Specification problem announced as the challenge problem of the SAVCBS 2007 workshop. The text consists of two parts. In the first part, we present the model of the Subject-Observer system in terms of Component-interaction automata. In the second part, we present our approach to verification of the system model with respect to unlimited number of Observers.