Jan Kofroň

Correctness of Service Components and Service Component Ensembles

Nowadays, cyber-physical systems consist of a large and possibly unbounded number of nodes operating in a partially unknown environment to which they need to adapt. They also have strong requirements in terms of performances, resource usage, reliability, or security. To face this inherent complexity it is crucial to develop adequate tools and underlying models to analyze these properties at design time. Proposed models must be able to capture essential aspects of the behavior (e.g. interactions between the components, adaptive behavior, uncertain or changing environments), and the corresponding analysis techniques can only succeed if they exploit as much as possible the specific structure of the considered systems (e.g. large replication of the same component, hierarchical compositions). We consider qualitative analyses targeting boolean properties stating that the system behaves without any flaw, as well as quantitative analyses that evaluate expected performances according to predefined metrics (energy/memory consumption, average/maximum time to accomplish a task, probability to fulfil a goal, etc.). We also address security specific issues such as control policies and information flow.

Tools for Ensemble Design and Runtime

The ASCENS project deals with designing systems as ensembles of adaptive components. Among the outputs of the ASCENS project are multiple tools that address particular issues in designing the ensembles, ranging from support for early stage formal modeling to runtime environment for executing and monitoring ensemble implementations. The goal of this chapter is to provide a compact description of the individual tools, which is supplemented by additional downloadable material on the project website.

On Interpolants and Variable Assignments

Craig interpolants are widely used in program verification as a means of abstraction. In this paper, we (i) introduce Partial Variable Assignment Interpolants (PVAIs) as a generalization of Craig interpolants. A variable assignment focuses computed interpolants by restricting the set of clauses taken into account during interpolation. PVAIs can be for example employed in the context of DAG interpolation, in order to prevent unwanted out-of-scope variables to appear in interpolants. Furthermore, we (ii) present a way to compute PVAIs for propositional logic based on an extension of the Labeled Interpolation Systems, and (iii) analyze the strength of computed interpolants and prove the conditions under which they have the path interpolation property.

Automated Deployment of Hierarchical Components

Deployment of distributed component-based systems is quite important stage in the system’s life-cycle since it may significantly influence its overall performance and utilization of computers and the network. Thus, deployment of the system has to be carefully planned. There exist algorithms for deployment of component-based system; however they allow deployment of systems with a single level of component composition; hierarchical systems have to be flattened before deployment. However, such a flattening is not possible for component frameworks where hierarchical components exist also at run-time. In this paper, we present an algorithm for automated deployment planning of hierarchical component systems. The algorithm incorporates component demands and machine resources in order to maximize performance of deployed applications. We also present an implementation of the algorithm for the SOFA 2 component framework.

Dead variable analysis for multi-threaded heap manipulating programs

Dead variable reduction is a well-known optimization used to reduce state space. In this paper we present two novel reductions for explicit-state code model checking. These reductions are designed to efficiently handle multi-threaded heap-manipulating programs. We implemented the reductions in Java PathFinder and demonstrated their efficiency by verification of several non-trivial programs. We also formally show correctness of the approach.

WeVerca: Web Applications Verification for PHP

Static analysis of web applications developed in dynamic languages is a challenging yet very important task. In this paper, we present WeVerca, a framework that allows one to define static analyses of PHP applications. It supports dynamic type system, dynamic method calls, dynamic data structures, etc. These common features of dynamic languages cause implementation of static analyses to be either imprecise or overly complex. Our framework addresses this problem by defining end-user static analyses independently of value and heap analyses necessary just to resolve these features. As our results show, taint analysis defined using the framework found more real problems and reduced the number of false positives comparing to existing state-of-the-art analysis tools for PHP.

On Teaching Formal Methods: Behavior Models and Code Analysis

Teaching formal methods is a challenging task for several reasons. First, both the state-of-the-art knowledge and the tools are rapidly evolving. Second, there are no comprehensive textbooks covering certain topics, especially code analysis. In this paper, we share our experience with teaching two courses. The first is focused on classics of modeling and verification of software and hardware systems (LTS, LTL, equivalences, etc.), while the other one involves topics related to automated analysis of program code. We hope that other lecturers can benefit from our experience to improve their courses.

Modelling the Hybrid ERTMS/ETCS Level 3 Case Study in Spin

The Spin model checker has been successfully applied to the modelling, validation, and verification of different safety-critical systems. In this paper, we model and validate the Hybrid ERTMS/ETCS Level 3 Case Study using Spin; in particular, we show the assumptions we made to keep the state space limited, and present the problems and ambiguities that arose during the modelling. Although Spin offers several advantages in terms of validation and verification facilities, its modelling language Promela is limited if compared to higher level notations of other formal methods. Therefore, we discuss the advantages and disadvantages of using the tool, and how it could be improved in terms of modelling facilities.

On partial state matching

During explicit software model checking, the tools spend a lot of time in state matching. This is implied not only by processing a huge number of states, but also by the fact that state representation is usually not small either. In this article, we present two dead variable analyses; applying them during the code-model-checking process results in size reduction of both state representation and explored state space itself. We implemented the analyses inside Java PathFinder and evaluate their impact in terms of memory and time reduction using several non-trivial benchmarks.

PVAIR: Partial Variable Assignment InterpolatoR

Despite its recent popularity, program verification has to face practical limitations hindering its everyday use. One of these issues is scalability, both in terms of time and memory consumption. In this paper, we present Partial Variable Assignment InterpolatoR PVAIR --- an interpolation tool exploiting partial variable assignments to significantly improve performance when computing several specialized Craig interpolants from a single proof. Subsequent interpolant processing during the verification process can thus be more efficient, improving scalability of the verification as such. We show with a wide range of experiments how our methods improve the interpolant computation in terms of their size. In particular, i we used benchmarks from the SAT competition and ii performed experiments in the domain of software upgrade checking.