Harald Fecher

Don’t know in probabilistic systems

In this paper the abstraction-refinement paradigm based on 3-valued logics is extended to the setting of probabilistic systems. We define a notion of abstraction for Markov chains. To be able to relate the behavior of abstract and concrete systems, we equip the notion of abstraction with the concept of simulation. Furthermore, we present model checking for abstract probabilistic systems (abstract Markov chains) with respect to specifications in probabilistic temporal logics, interpreted over a 3-valued domain. More specifically, we introduce a 3-valued version of probabilistic computation-tree logic (PCTL) and give a model checking algorithm w.r.t. abstract Markov chains.

Formalizing UML Models and OCL Constraints in PVS

The Object Constraint Language (OCL) is the established language for the specification of properties of objects and object structures in UML models. One reason that it is not yet widely adopted in industry is the lack of proper and integrated tool support for OCL. Therefore, we present a prototype tool, which analyzes the syntax and semantics of OCL constraints together with a UML model and translates them into the language of the theorem prover PVS. This defines a formal semantics for both UML and OCL, and enables the formal verification of systems modeled in UML. We handle the problematic fact that OCL is based on a three-valued logic, whereas PVS is only based on a two valued one.

29 new unclarities in the semantics of UML 2.0 state machines

UML 2.0, which is the standard modeling language for object-oriented systems, has only an informally given semantics. This is in particular the case for UML 2.0 state machines, which are widely used for modeling the reactive behavior of objects. In this paper, a list of 29 newly detected trouble spots consisting of ambiguities, inconsistencies, and unnecessarily strong restrictions of UML 2.0 state machines is given and illustrated using 6 state machines having a problematic meaning; suggestions for improvement are presented. In particular, we show that the concepts of history, priority, and entry/exit points have to be reconsidered.

Comparing disjunctive modal transition systems with an one-selecting variant

An expressive class of abstractions for labeled transition systems is that of disjunctive modal transition systems (DMTS), featuring may- and must transitions as well as disjunctive hypertransitions (OR). In order to describe exclusive choice adequately, we develop a variant of DMTSs called 1-selecting modal transition systems (OMTS) that, roughly speaking, interprets hypertransitions exclusively (XOR). These abstract models, DMTSs and OMTSs, are compared with respect to their expressive power. By giving transformations or showing their non-existence, we show that the two setting can express the same sets of labeled transition systems, but 1-selecting modal transition systems have a richer refinement preorder.

UML 2.0 state machines: complete formal semantics via core state machines

UML has become the standard modeling language for object-oriented systems. The informal description of UML and its continuous extension cause many ambiguities. Therefore, a formal semantics for UML is necessary, especially for formal reasoning and tool development. We present a formal semantics of UML 2.0 state machines, which are used for modeling the reactive behavior of objects, by (i) deriving core state machines with fewer design features and a precise syntax, (ii) developing a formal semantics for core state machines, and (iii) presenting a complete transformation from UML 2.0 state machines to core state machines. Such a transformational approach provides the opportunity of easy adaption to future changes of the semantics of UML state machines.

Bundle event structures: a revised cpo approach

Bundle event structures equipped with a partial order ≤ have been used to give a true concurrency denotational semantics for LOTOS. This model has also been extended by time and stochastic information. Unfortunately it fails to yield a complete partial order (cpo) as we illustrate by an example.We propose a subset of all bundle event structures such that it forms a cpo. This subset is closed under the usual operators on bundle event structures. And as a consequence these operators are continuous. Therefore, this subset can be used to give a denotational semantics of LOTOS.

Action Refinement for Probabilistic Processes with True Concurrency Models

In this paper, we develop techniques of action refinement for probabilistic processes within the context of a probabilistic process algebra. A semantic counterpart is carried out in a non-interleaving causality based setting, probabilistic bundle event structures. We show that our refinement notion has the following nice properties: the behaviour of the refined system can be inferred compositionally from the behaviour of the original system and from the behaviour of the systems substituted for actions; the probabilistic extensions of pomset trace equivalence and history preserving bisimulation equivalence are both congruences under the refinement; and with respect to a cpo-based denotational semantics the syntactic and semantic refinements coincide with each other up to the aforementioned equivalence relations when the internal actions are abstracted away.

Refinement of Actions in a Real-Time Process Algebra with a True Concurrency Model

Abstract In this paper, we develop techniques of action refinement in a real-time process algebra that allows urgent interactions to model timeout. Semantic counterpart is carried out in a real-time non-interleaving causality based setting, timed bundle event structures. We show that our refinement notions have the following nice properties: the observable behaviour of the refined system can be inferred compositionally from the observable behaviour of the original system and from the observable behaviour of the processes substituted for the actions; the timed extensions of observational pomset trace equivalence and observational history preserving bisimulation equivalence are both congruences under our refinement; and the syntactic and semantic refinements coincide up to the aforementioned equivalence relations with respect to a cpo-based denotational semantics.

Ranked predicate abstraction for branching time: complete, incremental, and precise

Predicate abstraction frameworks are a powerful means of combating the state explosion problem in model checking as they automatically synthesize abstract models that either verify compliance with a property, give rise to a genuine counter-example or produce a spurious counter-example that drives refinement of the abstract model. Prominent tools for safety (e.g. Blast) and termination (e.g. Terminator) checking rely on this approach. This paper presents such an abstraction framework for all properties of the modal μ-calculus based on ranked predicate abstraction. We show that our framework is incremental and confluent and should therefore allow good refinement heuristics. Moreover, ranked predicate abstractions are proved to be precise (i.e. optimal as abstractions) and also complete in that all properties true in a model are also true in a finite-state, ranked predicate abstraction of that model. This completeness relates to known characterizations of relative completeness for predicate abstraction with branching time.

Characteristic μ-Calculus Formulas for Underspecified Transition Systems

Underspecification, which is essential for specification formalisms, is usually expressed by equivalences, simulations, or logic approaches. We introduce underspecified transition systems (UTSs) as general model general model for underspecification, where, e.g., transitions point to sets of states. We argue for the generality of the UTSs by showing that the class of all UTSs is strictly more expressive than the standard equivalences and simulation approaches, in the sense that more sets of transition systems can be expressed. Additionally, a characteristic formula in terms of the μ-calculus is presented for every finite state UTS. Furthermore, we show that UTSs can finitely describe sets of transition systems, whenever they can be described finitely by the other standard approaches except for trace-set extension or μ-calculus descriptions.