Kenji Taguchi

Specifying and Verifying Sensor Networks: An Experiment of Formal Methods

With the development of sensor technology and electronic miniaturization, wireless sensor networks have shown a wide range of promising applications as well as challenges. Early stage sensor network analysis is critical, which allows us to reveal design errors before sensor deployment. Due to their distinguishable features, system specification and verification of sensor networks are highly non-trivial tasks. On the other hand, numerous formal theories and analysis tools have been developed in formal methods community, which may offer a systematic method for formal analysis of sensor networks. This paper presents our attempt on applying formal methods to sensor network specification/verification. An integrated notation named Active Sensor Processesis proposed for high-level specification. Next, we experiment formal verification techniques to reveal design flaws in sensor network applications.

Formal specification generator for KAOS: model transformation approach to generate formal specifications from KAOS requirements models

Formal methods and requirements analysis are techniques for developing complex systems. However, there is little research on reconciling the requirements phase with the formal specification phase. To bridge this gap, we propose a formal specification generator based on model transformation techniques. This tool transforms KAOS models (requirements specifications) into VDM++ formal specifications. Our generator enables consistent and effective software development activities.

Building a Body of Knowledge on Model Checking for Software Development

Formal Methods has been recognized as a rigorous development methodology for hardware and software systems. In particular, model checking is well accepted as an effective verification method for hardware systems, safety/missioncritical systems and embedded systems. To foster this technology in industry, we recognize a need to develop educational materials to enhance learning the technology by students and practitioners. However, there are neither standard guidelines nor instructions how to teach this technology. In this paper, we will present the first draft of a body of knowledge on model checking called MCBOK to address this issue, and present lessons learned from its development experience.

Model checking education for software engineers in Japan

This paper is the preliminary report of a joint research project on developing a body of knowledge on model checking. The project is being carried out by four organizations that give model checking courses to software engineers in Japan. The paper explains the main objective of the project and reports the results of an evaluation of model checking programs.

Evolution of a course on model checking for practical applications

Although model checking is expected as a practical formal verification approach for its automatic nature, it still suffers from difficulties in writing the formal descriptions to be verified and applying model checking tools to them effectively. The difficulties are found mainly in grasping the exact system behaviors, representing them in formal languages, and using model checking tools that fit the best to the verification problems. Even capable software developers need extensive education to overcome the difficulties. In this paper, we report our education course of practical applications of model checking in our education project called Top SE. Our approach consists of the following two features. First, we adopt UML as the design specification language and create the descriptions for each specific model checking tool from the UML diagrams, to enable easy practical application of model checking. Second, we build taxonomies of system behaviors, in particular behaviors of concurrent systems that are main targets of model checking. We can organize the knowledge and the techniques of practical model checking according to the taxonomies. The taxonomies are based on several aspects of system behaviors such as synchronization of transitions, synchronization of communications, and modeling of system environments. In addition, we make clear which model checking tools fit which types of systems. We treat the three different model checking tools: SPIN, SMV, and LTSA. Each tool has its specific features that make the tool easier or more difficult to be applied to specific problems than others. In our education course, we explain the taxonomies, the knowledge, and the techniques using very simple examples. We also assign the students exercises to apply the knowledge and the techniques to more complicated problems such as the dining philosopher problem, data copying between a DVD recorder and a hard disk recorder, and the alternating bit protocol.

Linking Traceability with GSN

Regulations/standards for safety critical systems mandate the submission of safety cases. Even though safety cases are the basic framework for assuring the safety of systems, how they fit into other methods/techniques which ensure the quality of the system is not certain. Ensuring traceability is of particular importance, since traceability can help analyze relationships between artifacts (evidence in safety cases) in meaningful ways. However, it is not well understood how traceability and safety cases are related and how they can benefit each other. To remedy this situation, we present a meta-model which describes the relationship between the two and present a case study taken from IEC 62278/EN 50126 from railway systems to show how traceability and safety cases benefit each other in this paper.

Safe & Sec Case Patterns

Many industrial sectors, which manufacture safety intensive systems e.g., automotive, railway, etc., now face technical challenges on how to integrate and harmonize critical issues on safety in addition to security for their systems. In this paper, we will explore a new way of reconciling those issues in an argument form, which we call Safe & Sec (Safety and Security) case patterns. They are derived from process patterns identified from our literature survey on research and standards. Safe & Sec case patterns in this paper will provide practitioners a wide perspective and baseline on how they could provide an assurance framework for their safety intensive systems with security focus.

Formally specifying and verifying mobile agents – model checking mobility: the MobiOZ approach

The notion of the mobile agent has been around for over a decade in order to capture the new form of computation in communication networks. A mobile agent is a computing entity which can move around different hosts on the network, carrying its state and procedures. Mobile Object-Z (MobiOZ), which is designed to provide a practical means to the specifiers who are working on mobile agent applications, is an extended notation of Object-Z, with mobile and communication primitives for specifying and verifying mobile agent applications. In this paper, we will give an overview of the MobiOZ notation and present its semantic foundation, then demonstrate how the specifications in MobiOZ can be simulated and verified by SPIN, a model checker, by translating MobiOZ specifications into PROcess MEta LAnguage (PROMELA), a process-based formal specification language of SPIN.

Formal Methods and Software Engineering

ion and Refinement Equational Abstraction Refinement for Certified Tree Regular Model Checking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299 Yohan Boichut, Benoit Boyer, Thomas Genet, and Axel Legay SMT-Based False Positive Elimination in Static Program Analysis . . . . . 316 Maximilian Junker, Ralf Huuck, Ansgar Fehnker, and Alexander Knapp Predicate Analysis with Block-Abstraction Memoization . . . . . . . . . . . . . . 332 Daniel Wonisch and Heike Wehrheim Heuristic-Guided Abstraction Refinement for Concurrent Systems . . . . . . 348 Nils Timm, Heike Wehrheim, and Mike Czech More Anti-chain Based Refinement Checking . . . . . . . . . . . . . . . . . . . . . . . . 364 Ting Wang, Songzheng Song, Jun Sun, Yang Liu, Jin Song Dong, Xinyu Wang, and Shanping Li

What Top-Level Software Engineers Tackle after Learning Formal Methods: Experiences from the Top SE Project

In order to make practical use of formal methods, it is not sufficient for engineers to obtain general, fundamental knowledge of the methods and tools. Actually, it is also necessary for them to carefully consider their own contexts and determine adequate approaches to their own problems. Specifically, engineers need to choose adequate methods and tools, determine their usage strategies, and even customize or extend them for their effective and efficient use. Regarding the point, this paper reports and discusses experiences on education of formal methods in the Top SE program targeting software engineers in the industry. The program involves education of a variety of scientific methods and tools with group exercises on practical problems, allowing students to compare different approaches while understanding common principles. In addition, the program involves graduation studies where each student identifies and tackles their own problems. Statistics on problem settings in the graduation studies provide interesting insights into what top-level engineers tackles after learning formal methods.