Carsten Weise

UPPAAL: now, next, and future

UPPAAL is a tool for modeling, simulation and verification of real-time systems, developed jointly by BRICS at Aalborg University and the Department of Computer Systems at Uppsala University. The tool is appropriate for systems that can be modeled as a collection of non-deterministic processes with finite control structure and real-valued clocks, communicating through channels or shared variables. Typical application areas include real-time controllers and communication protocols, in particular those where timing aspects are critical. This paper reports on the currently available version and summarizes developments during the last two years. We report on new directions that extends UPPAAL with cost-optimal exploration, parametric modeling, stop-watches, probablistic modeling, hierachical modeling, executable timed automata, and a hybrid automata animator. We also report on recent work to improve the efficiency of the tool. In particular, we outline Clock Difference Diagrams (CDDs), new compact representations of states, a distributed version of the tool, and application of dynamic partitioning. UPPAAL has been applied in a number of academic and industrial case studies. We describe a selection of the recent case studies.

KleeNet: discovering insidious interaction bugs in wireless sensor networks before deployment

Complex interactions and the distributed nature of wireless sensor networks make automated testing and debugging before deployment a necessity. A main challenge is to detect bugs that occur due to non-deterministic events, such as node reboots or packet duplicates. Often, these events have the potential to drive a sensor network and its applications into corner-case situations, exhibiting bugs that are hard to detect using existing testing and debugging techniques. In this paper, we present KleeNet, a debugging environment that effectively discovers such bugs before deployment. KleeNet executes unmodified sensor network applications on symbolic input and automatically injects non-deterministic failures. As a result, KleeNet generates distributed execution paths at high-coverage, including low-probability corner-case situations. As a case study, we integrated KleeNet into the Contiki OS and show its effectiveness by detecting four insidious bugs in the μIP TCP/IP protocol stack. One of these bugs is critical and lead to refusal of further connections.

Efficient Timed Reachability Analysis Using Clock Difference Diagrams

One of the major problems in applying automatic verification tools to industrial-size systems is the excessive amount of memory required during the state-space exploration of a model. In the setting of real-time, this problem of state-explosion requires extra attention as information must be kept not only on the discrete control structure but also on the values of continuous clock variables. In this paper, we exploit Clock Difference Diagrams, CDDs, a BDD-like data-structure for representing and effectively manipulating certain nonconvex subsets of the Euclidean space, notably those encountered during verification of timed automata. A version of the real-time verification tool Uppaal using CDDs as a compact data-structure for storing explored symbolic states has been implemented. Our experimental results demonstrate significant spacesavings: for eight industrial examples, the savings are in average 42% with moderate increase in runtime. We further report on how the symbolic state-space exploration itself may be carried out using CDDs.

Providing a Software Quality Framework for Testing of Mobile Applications

As the number of mobile applications grows software quality becomes more and more an important issue in this realm. An appropriate mobile quality framework would serve developers as a guideline for quality assurance. In this work, we present an approach to a software quality framework for development of mobile applications. This framework is based on a mobile software quality model, defining key qualities of mobile applications. Furthermore the framework provides patterns for mobile application development and metrics for testing mobile applications. It also defines methods and tools for analyzing and testing the specific lifecycles of mobile applications.

Efficient Scaling-Invariant Checking of Timed Bisimulation

Bisimulation is an important notion for the verification of distributed systems. Timed bisimulation is its natural extension to real time systems. Timed bisimulation is known to be decidable for timed automata using the so-called region technique. We present a new, top down approach to timed bisimulation which applies the zone technique from the theory of hybrid systems. In contrast to the original decision algorithm, our method has a better space complexity and is scaling invariant: altering the time scale does not effect the space complexity.

A Constraint Oriented Proof Methodology Based on Modal Transition Systems

We present a constraint-oriented state-based proof methodology for concurrent software systems which exploits compositionality and abstraction for the reduction of the verification problem under investigation. Formal basis for this methodology are Modal Transition Systems allowing loose state-based specifications, which can be refined by successively adding constraints. Key concepts of our method are projective views, separation of proof obligations, Skolemization and abstraction. Central to the method is the use of Parametrized Modal Transition Systems. The method easily transfers to real-time systems, where the main problem are parameters in timing constraints.

Reverse Engineering of Mobile Application Lifecycles

In mobile applications, the application lifecycle consists of the process-related states (e.g. suspended, ready, running) and the transitions between them. A faulty or insufficient implementation of the mobile application lifecycle can be the source of many problematic faults, e.g. loss of data. Thus for a software developer, understanding and mastering the mobile application lifecycle is essential for high quality software. In our work with various mobile platforms, we found that the given lifecycle models and corresponding documentation are often inconsistent, incomplete and incorrect. In this paper we present a way to reverse-engineer application lifecycles of mobile platforms by testing. Within a case study we apply the presented concept to three mobile platforms: Android, iOS and Java ME. We further show how developers of mobile applications can use our results to get correct lifecycle models for these platforms.

Fischer's protocol revisited: a simple proof using modal constraints

As a case study, we apply a constraint-oriented state-based proof methodology to Fischers protocol. The method exploits compositionality and abstraction to reduce the investigated verification problem. This reduction avoids state space explosion. Key concepts of the reduction process are modal constraints, separation of proof obligations, Skolemization and abstraction. Formal basis for the method are Timed Modal Specifications (TMS) allowing loose state-based specifications, which can be refined by successively adding constraints. TMSs can be easily translated into Modal Timed Automata, thus enabling automatic verification. A central issue of the method is the use of Parametrized TMSs.

Continuous modeling of real-time and hybrid systems: from concepts to tools

The past decade has witnessed a rapid development in the field of formal methods for the specification, analysis and verification of real-time systems. Particularly striking is the progress in continuous time modeling, which, despite its unquestioned expressiveness, turned out to be surprisingly tractable: practically relevant classes of continuous time systems can be analyzed and verified fully automatically. This has led to the development of a number of corresponding analysis and verification tools of different application profiles. In this paper we concentrate on the two key concepts underlying these tools, known as timed automata and hybrid systems . Their role can be best appreciated in the context of formal methods in general, and specifically of specification of real-time systems in terms of tailored process calculi and real-time logics. All these concepts will be presented in an intuitive fashion, avoiding as much formalism as possible.

Testing Conformance of Life Cycle Dependent Properties of Mobile Applications

Operating systems of modern mobile devices, like e.g. iOS and Android, require the applications to conform to a life cycle model, to ensure the functional correctness of the application and its data integrity over exceptional behavior as e.g. out-swapping of the application. The applications life cycle events are triggered asynchronously by the system and depend on the environment. In order to test life cycle dependent properties of the applications, we define a unit testing based approach that uses life cycle callback-methods. The method identifies life cycle dependent properties in the application specification, and derives assertion-based test cases for validating the conformance of the properties. Life cycle triggers are used in the test case execution. The paper describes to which application features the approach can be applied, and the limitations of the approach. A case study demonstrates how to apply our approach to state-of-the-art mobile platforms, using Android 2.2 as an example.