Hardi Hungar

Model Generation by Moderated Regular Extrapolation

This paper introduces regular extrapolation, a technique that provides descriptions of systems or system aspects a posteriori in a largely automatic way. The descriptions come in the form of models which offer the possibility of mechanically producing system tests, grading test suites and monitoring running systems. Regular extrapolation builds models from observations via techniques from machine learning and finite automata theory. Also expert knowledge about the system enters the model construction in a systematic way. The power of this approach is illustrated in the context of a test environment for telecommunication systems.

Domain-Specific Optimization in Automata Learning

Automatically generated models may provide the key towards controlling the evolution of complex systems, form the basis for test generation and may be applied as monitors for running applications. However, the practicality of automata learning is currently largely preempted by its extremely high complexity and unrealistic frame conditions. By optimizing a standard learning method according to domain-specific structural properties, we are able to generate abstract models for complex reactive systems. The experiments conducted using an industry-level test environment on a recent version of a telephone switch illustrate the drastic effect of our optimizations on the learning efficiency. From a conceptual point of view, the developments can be seen as an instance of optimizing general learning procedures by capitalizing on specific application profiles.

A Compositional Real-Time Semantics of STATEMATE Designs

This paper presents a reference semantics for a verication tool currently under development allowing to verify temporal properties of embedded control sys- tems modelled using the StateMate system. The semantics reported divert from others reported in the literature [24] by faithfully modelling the semantics as supported in the StateMate simulation tool. It divers from the recent paper by Harel and Naamad [8] by providing a compositional semantics, a prerequisite for the support of compositional verication methods, and by the degree of math- ematical rigour. We use a variant of synchronous transition systems introduced by Manna and Pnueli [18] as base model for our semantics.

Using contract-based component specifications for virtual integration testing and architecture design

We elaborate on the theoretical foundation and practical application of the contract-based specification method originally developed in the Integrated Project SPEEDS [11], [9] for two key use cases in embedded systems design. We demonstrate how formal contract-based component specifications for functional, safety, and real-time aspects of components can be expressed using the pattern-based requirement specification language RSL developed in the Artemis Project CESAR, and develop a formal approach for virtual integration testing of composed systems based on such contract-specifications of subsystems. We then present a methodology for multi-criteria architecture evaluation developed in the German Innovation Alliance SPES on Embedded Systems.

Verification of cooperating traffic agents

This paper exploits design patterns employed in coordinating autonomous transport vehicles in order to ease the burden in verifying cooperating hybrid systems. The presented verification methodology is equally applicable for avionics applications (such as the traffic alert and collision avoidance system (TCAS)), train applications (such as the European train control system (ETCS)), or automotive applications (such as platooning). We present a verification rule explicating the essence of employed design patterns, guaranteeing global safety properties of the kind “a collision will never occur”, and whose premises can either be established by off-line analysis of the worst-case behaviour of the involved traffic agents, or by purely local proofs, involving only a single traffic agent. A companion paper will show how such local proof obligations can be discharged automatically.

Test-based model generation for legacy systems

We study the extension of applicability of system-level testing techniques to the construction of a consistent model of (legacy) systems under test, which are seen as black boxes. We gather observations via an automated test environment and systematically extend available test suites according to learning procedures. Testing plays two roles here: (i) as an application domain and (ii) as the enabling technology for the adopted learning technique. The benefits include enhanced error detection and diagnosis, both during the testing phase and the online test of deployed systems at customer sites.

Exact state set representations in the verification of linear hybrid systems with large discrete state space

We propose algorithms significantly extending the limits for maintaining exact representations in the verification of linear hybrid systems with large discrete state spaces. We use AND-Inverter Graphs (AIGs) extended with linear constraints (LinAIGs) as symbolic representation of the hybrid state space, and show how methods for maintaining compactness of AIGs can be lifted to support model-checking of linear hybrid systems with large discrete state spaces. This builds on a novel approach for eliminating sets of redundant constraints in such rich hybrid state representations by a suitable exploitation of the capabilities of SMT solvers, which is of independent value beyond the application context studied in this paper. We used a benchmark derived from an Airbus flap control system (containing 220 discrete states) to demonstrate the relevance of the approach.

Combining Model Checking and Theorem Proving to Verify Parallel Processes

To overcome the limitations of pure model checking, this verification technique is combined with theorem proving. Large processes are split into components whose correctness w.r.t. local specifications is checked via model checking. The correctness of the composition w.r.t. the global specification is then established by constructing a formal proof in a derivation system with the help of a theorem prover.

First-Order-CTL Model Checking

This work presents a first-order model checking procedure that verifies systems with large or even infinite data spaces with respect to first-order CTL specifications. The procedure relies on a partition of the system variables into control and data. While control values are expanded into BDD-representations, data values enter in form of their properties relevant to the verification task. The algorithm is completely automatic. If the algorithm terminates, it has generated a first-order verification condition on the data space which characterizes the system’s correctness. Termination can be guaranteed for a class that properly includes the data-independent systems, defined in [10].

Local model checking for context-free processes

We present a local model checking algorithm that decides for a given contextfree process whether it satisfies a property written in the alternation-free modal mu-calculus. Heart of this algorithm is a purely syntactical sound and complete formal system, which in contrast to the known tableau techniques, uses intermediate higher-order assertions. These assertions provide a finite representation of all the infinite state sets which may arise during the proof in terms of the finite representation of the context-free argument process. This is the key to the effectiveness of our local model checking procedure.