Samir Chouali

Proving Component Interoperability with B Refinement

We use the formal method B for specifying interfaces of software components. Each component interface is equipped with a suitable data model defining all types occurring in the signature of interface operations. Moreover, pre- and postconditions have to be given for all interface operations. The interoperability between two components is proved by using a refinement relation between an adaptation of the interface specifications.

Formal verification of components assembly based on SysML and interface automata

We propose an approach which combines component SysML models and interface automata in order to assemble components and to verify formally their interoperability. So we propose to verify formally the assembly of components specified with the expressive and semi-formal modeling language, SysML. We specify component-based system architecture with SysML Block Definition Diagram, and the composition links between components with Internal Block Diagrams. Component’s protocols are specified with sequence diagrams, they are necessary to exploit interface automata formalism. Interface automata is a common Input Output (I/O) automata-based formalism intended to specify the signature and the protocol level of the component interfaces. We propose formal specifications for SysML semi-formal models in order to exploit interface automata approach. We also improve the interface automata approach by considering system architecture, specified with SysML, in the verification of components composition.

Refinement of Interface Automata Strengthened by Action Semantics

Interface automata are light-weight models that capture the temporal interface behavior of software components. They have the ability to model both the input requirements and the output behavior of a component. They support the compatibility check between interface models to ensure a correct interaction between components and they adopt an alternating simulation approach to design refinement. In this paper, we extend our previous works on checking interface automata interoperability by adapting their alternating refinement relation to the action semantics. We show the relation between pre and post-conditions of transitions in the abstract version of an interface and their corresponding ones in its concrete version. We illustrate our extensions by a case study of the CyCab car component-based system.

Verification of Dynamic Constraints for B Event Systems under Fairness Assumptions

A B event systems is supposed to specify a closed system, i.e., the system is meant to be specified in isolation. So, the specification includes the specification of the system of interest and of its environment. Often, the environment supposes fairness constraints. Therefore, classically in a B system approach, we express the fairness of the environment by the specification of fair scheduler together with the events of the system of interest. This leads to an infinite state model even when the system is finite state by nature. This does not facilitate PLTL properties verification by model checking which is only effective on finite state models. In this paper, we propose to keep separate the fairness of the environment from the specification of the system of interest by a B event system. Then, the fairness is expressed as events which have to be fairly fired. So, a finite state system of interest has a finite state model. The chosen model is a finite labeled transition system which allows the model checking of PLTL properties using the fair events as assumptions. In the paper, we make diverse proposals-some of them are proposed as perspectives-for a verification under fairness assumptions. We use the protocol T=1 as a running example.

Adapting Component Behaviours Using Interface Automata

One of the principal goal of Component-Based Software Engineering (CBSE) is to allow the reuse of components in diverse situations without affecting their codes. To reach this goal, it is necessary to propose approaches to adapt a component with its environment when behavioural mismatches occur during their interactions. In this paper, we present a formal approach based on interface automata to adapt components in order to eliminate possible behavioural mismatches, and then insure more flexible interoperability between components.

PLTL-partitioned model checking for reactive systems under fairness assumptions

We are interested in verifying dynamic properties of finite state reactive systems under fairness assumptions by model checking. The systems we want to verify are specified through a top-down refinement process.In order to deal with the state explosion problem, we have proposed in previous works to partition the reachability graph and to perform the verification on each part separately. Moreover, we have defined a class, called B<inf><i>mod</i></inf>, of dynamic properties that are <i>verifiable by parts</i>, whatever the partition. We decide if a property <i>P</i> belongs to B<inf><i>mod</i></inf> by looking at the form of the Büchi automaton that accepts ¬<i>P</i>. However, when a property <i>P</i> belongs to B<inf><i>mod</i></inf>, the property <i>f</i> ⇒ <i>P</i>, where <i>f</i> is a fairness assumption, does not necessarily belong to B<inf><i>mod</i></inf>.In this paper, we propose to use the refinement process in order to build the parts on which the verification has to be performed. We then show that with such a partition, if a property <i>P</i> is verifiable by parts and if <i>f</i> is the expression of the fairness assumptions on a system, then the property <i>f</i> ⇒ <i>P</i> is still verifiable by parts.This approach is illustrated by its application to the chip card protocol T = 1 using the <i>B</i> engineering design language.

Formalizing and verifying compatibility and consistency of SysML blocks

The objective of this paper is to define an approach to formalize and verify the SysML blocks in a refinement process. We propose to specify system architecture with SysML Block Definition Diagram, this diagram is then analyzed and decomposed into several sub-blocks in order to verify their compatibility. The structural architecture of an abstract block is given by the Internal Block Diagram (IBD) which defines the communication links between sub-blocks. The compatibility verification between sub-blocks is only made on linked sub-blocks. The behaviour of each sub-block is described by an interface automaton which species the invocations exchanged with its environment. The verification between blocks is translated into consistency verification between the blocks and compatibility verification between their interface automata. Incompatibilities can be inconsistent at architecture level and at communication level if there are deadlocks during the interaction between sub-blocks. Once the verification is established between the sub-blocks, the abstract block can be then substituted by the sub-blocks which compose it.

An I/O Automata-based Approach to Verify Component Compatibility: Application to the CyCab Car

An interesting formal approach to specify component interfaces is interface automata based approach, which is proposed by L. Alfaro and T. Henzinger. These formalisms have the ability to model both the input and output requirements of components system. In this paper, we propose a method to enrich interface automata by the semantics of actions in order to verify components interoperability at the levels of signatures, semantics, and protocol interactions of actions. These interfaces consist of a set of required and offered actions specified by Pre and Post conditions. The verification of the compatibility between interface automata reuse the L. Alfaro and T. Henzinger proposed algorithm and adapt it by taking into account the action semantics. Our approach is illustrated by a case study of the vehicle CyCab.

Assembling Components using SysML with Non-Functional Requirements

Non-functional requirements of component based systems are important as their functional requirements, therefore they must be considered in components assembly. These properties are beforehand specified with SysML requirement diagrams. We specify component based system architecture with SysML block definition diagram, and component behaviors with sequence diagrams. We propose to specify formally component interfaces with interface automata, obtained from requirement and sequence diagrams. In this formalism, transitions are annotated with costs to specify non-functional property. The compatibility between components is performed by synchronizing their interface automata. The approach is explained with the example of the electric car CyCab, where the costs are associated to energy consumption of component actions. Our approach verifies whether, a set of components, when composed according to the system architecture, achieve their tasks by respecting their non-functional requirements.

An approach combining SysML and modelica for modelling and validate wireless sensor networks

Wireless Sensor Networks (WSN) have large industrial applications, however the modelling is still a very complex task in view of the nature of these networks, namely because they are distributed, embedded and have strong interactions between the hardware and software parts. In addition, industrials use semi-formal methods to design their systems and validate behaviours by simulation. In this context, in order to improve the checking of the WSN properties, we propose a Model Driven Engineering (MDE) approach for modeling and checking properties like energy consumption. This approach combines the advantages of SysML and Modelica languages. It is described mainly by two steps. At first, we offer a model transformation by taking into account static, dynamic and requirement diagrams of SysML in order to specify their corresponding Modelica model. In the second step, we carried out the virtual verification of WSN energy consumption. This approach is implemented inside Topcased platform and illustrated through a cross-roads monitoring system.