Hassan Mountassir

Modular Verification for a Class of PLTL Properties

The verification of dynamic properties of a reactive systems by model-checking leads to a potential combinatorial explosion of the state space that has to be checked. In order to deal with this problem, we define a strategy based on local verifications rather than on a global verification. The idea is to split the system into subsystems called modules, and to verify the properties on each module in separation. We prove for a class of PLTL properties that if a property is satisfied on each module, then it is globally satisfied. We call such properties modular properties. We propose a modular decomposition based on the B refinement process. We present in this paper an usual class of dynamic properties in the shape of □(p ⇒ Q), where p is a proposition and Q is a simple temporal formula, such as ○q, ⋄q or qUr (with q and r being propositions). We prove that these dynamic properties are modular. For these specific patterns, we have exhibited some syntactic conditions of modularity on their corresponding Buchi automata. These conditions define a larger class which contains other patterns such as □(p ⇒ ○(qUr)). Finally, we show through the example of an industrial Robot that this method is valid in a practical way.

Mapping SysML to modelica to validate wireless sensor networks non-functional requirements

Wireless Sensor Networks (WSN) have registered a large success in the scientific and industrial communities for their broad application domains. Furthermore, the WSN specification is a complex task considering to their distributed and embedded nature and the strong interactions between their hardware and software parts. Moreover, most of approaches use semi-formal methods to design systems and generally simulation to validate their properties in order to produce models without errors and conform to the system specifications. In this context, we propose a Model Driven Architecture (MDA) approach to improve the verification of the WSN properties. This approach combines the advantages of the System Modeling Language (SysML) and the Modelica language which promote the reusability and improve the development process. In this work, we specify a model transformation from SysML static, dynamic and requirement diagrams to their corresponding elements in Modelica. Thanks to the SysML requirement diagram which is transformed into Modelica properties (constraints), we propose a technique using dynamic tests to verify WSN properties. We have used the Topcased platform to implement our approach 1 and chosen a crossroads monitoring system which is based on wireless sensors to illustrate it. Besides, we have verified and validated some wireless sensors properties of the studied system.

Refinement of Interface Automata Strengthened by Action Semantics

Interface automata are light-weight models that capture the temporal interface behavior of software components. They have the ability to model both the input requirements and the output behavior of a component. They support the compatibility check between interface models to ensure a correct interaction between components and they adopt an alternating simulation approach to design refinement. In this paper, we extend our previous works on checking interface automata interoperability by adapting their alternating refinement relation to the action semantics. We show the relation between pre and post-conditions of transitions in the abstract version of an interface and their corresponding ones in its concrete version. We illustrate our extensions by a case study of the CyCab car component-based system.

Modular Verification of Dynamic Properties for Reactive Systems

Reachability analysis has been one of the most successful methods for automated analysis of concurrent and reactive systems. It is based on an exhaustive enumeration of states and implemented in several tools of verification. However, the major problem in applying this technique is the potential combinatorial explosion of the states space. To deal with this problem, various reduction and symbolic techniques have been developed. In this paper, we first present an extension of the B language in order to express dynamic properties using logic formulas in LTL. After this, we introduce an approach of verification performed on modules obtained by refinement rather than on the full specification. The number of states on which the verification is performed is then grandly reduced. Some patterns of properties are discussed and verified using the model-checking on each module. To illustrate the idea we give the known BRP example (Bounded Retransmission Protocol) described with B. We then show that under some considerations we are able to decide whether a given property is false or true, or should have been established at a higher level of abstraction.

Adapting Component Behaviours Using Interface Automata

One of the principal goal of Component-Based Software Engineering (CBSE) is to allow the reuse of components in diverse situations without affecting their codes. To reach this goal, it is necessary to propose approaches to adapt a component with its environment when behavioural mismatches occur during their interactions. In this paper, we present a formal approach based on interface automata to adapt components in order to eliminate possible behavioural mismatches, and then insure more flexible interoperability between components.

Description of a teleconferencing floor control protocol and its implementation

In this paper, we present a formal specification of a teleconferencing floor control protocol and its implementation. The services provided by this protocol are described within the SCCP IETF document (Simple Conference Control Protocol). Finite state machines are used to model services behaviours part of this protocol. Temporal properties are defined as constraints of the teleconferencing system using SCCP protocol. The dynamic properties are described by the LTL logic (Linear Temporal Logic) and verified using the model-checker Spin/Promela. A prototype of a multimedia teleconferencing system is implemented and it is based on the specified protocol. This implementation uses UML notation and is developed with JMF (Java Media Framework) API.

Formalizing and verifying compatibility and consistency of SysML blocks

The objective of this paper is to define an approach to formalize and verify the SysML blocks in a refinement process. We propose to specify system architecture with SysML Block Definition Diagram, this diagram is then analyzed and decomposed into several sub-blocks in order to verify their compatibility. The structural architecture of an abstract block is given by the Internal Block Diagram (IBD) which defines the communication links between sub-blocks. The compatibility verification between sub-blocks is only made on linked sub-blocks. The behaviour of each sub-block is described by an interface automaton which species the invocations exchanged with its environment. The verification between blocks is translated into consistency verification between the blocks and compatibility verification between their interface automata. Incompatibilities can be inconsistent at architecture level and at communication level if there are deadlocks during the interaction between sub-blocks. Once the verification is established between the sub-blocks, the abstract block can be then substituted by the sub-blocks which compose it.

An I/O Automata-based Approach to Verify Component Compatibility: Application to the CyCab Car

An interesting formal approach to specify component interfaces is interface automata based approach, which is proposed by L. Alfaro and T. Henzinger. These formalisms have the ability to model both the input and output requirements of components system. In this paper, we propose a method to enrich interface automata by the semantics of actions in order to verify components interoperability at the levels of signatures, semantics, and protocol interactions of actions. These interfaces consist of a set of required and offered actions specified by Pre and Post conditions. The verification of the compatibility between interface automata reuse the L. Alfaro and T. Henzinger proposed algorithm and adapt it by taking into account the action semantics. Our approach is illustrated by a case study of the vehicle CyCab.

VeSTA: a tool to verify the correct integration of a component in a composite timed system

VeSTA is a push-button tool for checking the correct integration of a component in an environment, for component-based timed systems. By correct integration, we mean that the local properties of the component are preserved when this component is merged into an environment. This correctness is checked by means of a so-called divergence-sensitive and stability-respecting timed τ-simulation, ensuring the preservation of all linear timed properties expressed in the logical formalism MITL (Metric Interval Temporal Logic), as well as strong nonzenoness and deadlock-freedom. The development of the tool was guided by the architecture of the OPEN-KRONOS tool. This allows, as additional feature, an easy connection of the models considered in VeSTA to the OPEN-CAESAR verification platform, and to the OPEN-KRONOS tool.

Assembling Components using SysML with Non-Functional Requirements

Non-functional requirements of component based systems are important as their functional requirements, therefore they must be considered in components assembly. These properties are beforehand specified with SysML requirement diagrams. We specify component based system architecture with SysML block definition diagram, and component behaviors with sequence diagrams. We propose to specify formally component interfaces with interface automata, obtained from requirement and sequence diagrams. In this formalism, transitions are annotated with costs to specify non-functional property. The compatibility between components is performed by synchronizing their interface automata. The approach is explained with the example of the electric car CyCab, where the costs are associated to energy consumption of component actions. Our approach verifies whether, a set of components, when composed according to the system architecture, achieve their tasks by respecting their non-functional requirements.