Jin Song Dong

Semantic Space: an infrastructure for smart spaces

Semantic Space is a pervasive computing infrastructure that exploits semantic Web technologies to support explicit representation, expressive querying, and flexible reasoning of contexts in smart spaces.

PAT: Towards Flexible Verification under Fairness

Recent development on distributed systems has shown that a variety of fairness constraints (some of which are only recently defined) play vital roles in designing self-stabilizing population protocols. Current practice of system analysis is, however, deficient under fairness. In this work, we present PAT, a toolkit for flexible and efficient system analysis under fairness. A unified algorithm is proposed to model check systems with a variety of fairness effectively in two different settings. Empirical evaluation shows that PAT complements existing model checkers in terms of fairness. We report that previously unknown bugs have been revealed using PAT against systems functioning under strong global fairness.

Blending Object-Z and Timed CSP: an introduction to TCOZ

Object-Z is an extension to the Z language designed to facilitate specification in an object-oriented style. It is an excellent tool for modeling data and algorithms, but its object semantics are single threaded and operations are atomic. Therefore, it is difficult to use Object-Z to capture the behaviour of concurrent real-time reactive systems. On the other hand, Timed CSP is good at modeling real-time concurrent behaviour, but has little support for modeling the state of a complex system. This paper introduces a blending of Object-Z and Timed CSP, known as TCOZ. The blended notation is particularly suited for specifying complex systems whose components have their own thread of control.

Timed Communicating Object Z

This paper describes a timed, multithreaded object modeling notation for specifying real-time, concurrent, and reactive systems. The notation Timed Communicating Object Z (TCOZ) builds on Object Zs strengths in modeling complex data and algorithms, and on Timed CSPs strengths in modeling process control and real-time interactions. TCOZ Is novel in that it includes timing primitives, properly separates process control and data/algorithm issues and supports the modeling of true multithreaded concurrency. TCOZ is particularly well-suited for specifying complex systems whose components have their own thread of control. The expressiveness of the notation is demonstrated by a case study in specifying a multilift system that operates in real-time.

Model Checking CSP Revisited: Introducing a Process Analysis Toolkit

FDR, initially introduced decades ago, is the de facto analyzer for Communicating Sequential Processes (CSP). Model checking techniques have been evolved rapidly since then. This paper describes Pat, i.e., a process analysis toolkit which complements FDR in several aspects. Pat is designed to analyze event-based compositional system models specified using CSP as well as shared variables and asynchronous message passing. It supports automated refinement checking, model checking of LTL extended with events, etc. In this paper, we highlight how partial order reduction is applied to improve refinement checking in Pat. Experiment results show that Pat outperforms FDR in some cases.

Integrating Specification and Programs for System Modeling and Verification

High level specification languages like CSP use mathematical objects as abstractions to represent systems and processes. System behaviors are described as process expressions combined with compositional operators, which are associated with elegant algebraic laws for system analysis. Nonetheless, modeling systems with non-trivial data and functional aspects using CSP remains difficult. In this work, we propose a modeling language named CSP# (short for communicating sequential programs) which integrates high-level modeling operators with low-level procedural codes, for the purpose of efficient mechanical system verification. We demonstrate that data operations can be modeled as terminating sequential programs, which can be composed using high-level compositional operators. CSP# is supported by the PAT model checker and has been applied to a number of systems.

Timed Automata Patterns

Timed automata have proven to be useful for specification and verification of real-time systems. System design using timed automata relies on explicit manipulation of clock variables. A number of automated analyzers for timed automata have been developed. However, timed automata lack composable patterns for high-level system design. Specification languages like Timed Communicating Sequential Process (CSP) and Timed Communicating Object-Z (TCOZ) are well suited for presenting compositional models of complex real-time systems. In this work, we define a set of composable Timed Automata patterns based on hierarchical constructs in time-enriched process algebras. The patterns facilitate the hierarchical design of complex systems using timed automata. They also allow a systematic translation from Timed CSP/TCOZ models to timed automata so that analyzers for timed automata can be used to reason about TCOZ models. A prototype has been developed to support system design using timed automata patterns or, if given a TCOZ specification, to automate the translation from TCOZ to timed automata.

PAT 3: An Extensible Architecture for Building Multi-domain Model Checkers

Model checking is emerging as an effective software verification method. Although it is desirable to have a dedicated model checker for each application domain, implementing one is rather challenging. In this work, we develop an extensible and integrated architecture in PAT3 (PAT version 3.*) to support the development of model checkers for wide range application domains. PAT3 adopts a layered design with an intermediate representation layer (IRL), which separates modeling languages from model checking algorithms so that the algorithms can be shared by different languages. IRL contains several common semantic models to support wide application domains, and builds both explicit model checking and symbolic model checking under one roof. PAT3 architecture provides extensibility in many possible aspects: modeling languages, model checking algorithms, reduction techniques and even IRLs. Various model checkers have been developed under this new architecture in recent months. This paper discusses the structure and extensibility of this new architecture.

Timed Patterns: TCOZ to Timed Automata

The integrated logic-based modeling language, Timed Communicating Object Z (TCOZ), is well suited for presenting complete and coherent requirement models for complex real-time systems. However, the challenge is how to verify the TCOZ models with tool support, especially for analyzing timing properties. Specialized graph-based modeling technique, Timed Automata (TA), has powerful mechanisms for designing real-time models using multiple clocks and has well developed automatic tool support. One weakness of TA is the lack of high level composable graphical patterns to support systematic designs for complex systems. The investigation of possible links between TCOZ and TA may benefit both techniques. For TCOZ, TA’s tool support can be reused to check timing properties. For TA, a set of composable graphical patterns can be defined based on the semantics of the TCOZ constructs, so that those patterns can be re-used in a generic way. This paper firstly defines the composable TA graphical patterns, and then presents sound transformation rules and a tool for projecting TCOZ specifications into TA. A case study of a railroad crossing system is demonstrated.

Verification of computation orchestration via timed automata

Recently, a promising programming model called Orc has been proposed to support a structured way of orchestrating distributed web services. Orc is intuitive because it offers concise constructors to manage concurrent communication, time-outs, priorities, failure of sites or communication and so forth. The semantics of Orc is also precisely defined. However, there is no verification tool available to verify critical properties against Orc models. Instead of building one from scratch, we believe the existing mature model-checkers can be reused. In this work, we first define a Timed Automata semantics for the Orc language, which we prove is semantically equivalent to the original operational semantics of Orc. Consequently, Timed Automata models are systematically constructed from Orc models. The practical implication of the construction is that tool supports for Timed Automata, e.g., UPPAAL, can be used to model check Orc models. An experimental tool is implemented to automate our approach.