Pub Date : 2003-06-24DOI: 10.1109/MEMCOD.2003.1210099
F. Fummi, G. Pravadelli, A. Fedeli, U. Rossi, F. Toto
The use of model checking to validate descriptions of digital systems lacks a coverage metrics. The set of proven properties can be incomplete, thus not guaranteeing the behavioral checking completeness of the digital system implementation with respect to the specification. This paper proposes a coverage methodology based on a combination of model checking, high-level fault simulation and automatic test pattern generation, to estimate the incompleteness of a set of formal properties. The adopted high-level fault model allows to join dynamic and formal verification.
{"title":"On the use of a high-level fault model to check properties incompleteness","authors":"F. Fummi, G. Pravadelli, A. Fedeli, U. Rossi, F. Toto","doi":"10.1109/MEMCOD.2003.1210099","DOIUrl":"https://doi.org/10.1109/MEMCOD.2003.1210099","url":null,"abstract":"The use of model checking to validate descriptions of digital systems lacks a coverage metrics. The set of proven properties can be incomplete, thus not guaranteeing the behavioral checking completeness of the digital system implementation with respect to the specification. This paper proposes a coverage methodology based on a combination of model checking, high-level fault simulation and automatic test pattern generation, to estimate the incompleteness of a set of formal properties. The adopted high-level fault model allows to join dynamic and formal verification.","PeriodicalId":213762,"journal":{"name":"First ACM and IEEE International Conference on Formal Methods and Models for Co-Design, 2003. MEMOCODE '03. Proceedings.","volume":"65 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2003-06-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132251298","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2003-06-24DOI: 10.1109/MEMCOD.2003.1210106
Roberto Ziller, K. Schneider
We present a generalization of the supervisory control problem proposed by Ramadge and Wonham. The objective of that problem is to synthesize a controller, which constrains a system's behavior according to a given specification, ensuring controllability and co-accessibility. By introducing a new representation of the solution using systems of /spl mu/-calculus equations we are able to handle these two conditions separately and thus to exchange the co-accessibility requirement by any /spl mu/-calculus expression. Well-known results on the complexity of /spl mu/-calculus model checking allow us to easily assess the computational complexity of any generalization. As an example we solve the synthesis problem under consideration of fairness constraints.
{"title":"A generalized approach to supervisor synthesis","authors":"Roberto Ziller, K. Schneider","doi":"10.1109/MEMCOD.2003.1210106","DOIUrl":"https://doi.org/10.1109/MEMCOD.2003.1210106","url":null,"abstract":"We present a generalization of the supervisory control problem proposed by Ramadge and Wonham. The objective of that problem is to synthesize a controller, which constrains a system's behavior according to a given specification, ensuring controllability and co-accessibility. By introducing a new representation of the solution using systems of /spl mu/-calculus equations we are able to handle these two conditions separately and thus to exchange the co-accessibility requirement by any /spl mu/-calculus expression. Well-known results on the complexity of /spl mu/-calculus model checking allow us to easily assess the computational complexity of any generalization. As an example we solve the synthesis problem under consideration of fairness constraints.","PeriodicalId":213762,"journal":{"name":"First ACM and IEEE International Conference on Formal Methods and Models for Co-Design, 2003. MEMOCODE '03. Proceedings.","volume":"34 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2003-06-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132938659","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2003-06-24DOI: 10.1109/MEMCOD.2003.1210102
S. M. M. Fernandes, P. Maciel
The functioning of the computer as a control component within a larger overall application, as in the embedded systems, may affect the application's integrity as well as people and equipment involved by the application. A computer like any physical system is subject to failure with consequences ranging from inconvenience to catastrophe. This paper proposes high level models for fault tolerant mechanisms, in special TMR and recovery block, based on deterministic and stochastic Petri net (DSPN). By means of the proposed models it is possible to perform preliminary reliability analysis and the obtained results might be considered in a co-design methodology. The proposed approach allows the modeler to calculate the reliability of a fault tolerant embedded system as a function of the failure rate. In this paper this feature is extended to allow for the determination of the reliability combining a range of failure rates.
{"title":"Reliability evaluation for dependable embedded system specifications: an approach based on DSPN","authors":"S. M. M. Fernandes, P. Maciel","doi":"10.1109/MEMCOD.2003.1210102","DOIUrl":"https://doi.org/10.1109/MEMCOD.2003.1210102","url":null,"abstract":"The functioning of the computer as a control component within a larger overall application, as in the embedded systems, may affect the application's integrity as well as people and equipment involved by the application. A computer like any physical system is subject to failure with consequences ranging from inconvenience to catastrophe. This paper proposes high level models for fault tolerant mechanisms, in special TMR and recovery block, based on deterministic and stochastic Petri net (DSPN). By means of the proposed models it is possible to perform preliminary reliability analysis and the obtained results might be considered in a co-design methodology. The proposed approach allows the modeler to calculate the reliability of a fault tolerant embedded system as a function of the failure rate. In this paper this feature is extended to allow for the determination of the reliability combining a range of failure rates.","PeriodicalId":213762,"journal":{"name":"First ACM and IEEE International Conference on Formal Methods and Models for Co-Design, 2003. MEMOCODE '03. Proceedings.","volume":"08 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2003-06-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115359192","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2003-06-24DOI: 10.1109/MEMCOD.2003.1210108
W. B. Gardner
CSP (communicating sequential processes) is a useful algebraic notation for creating a hierarchical behavioral specification for concurrent systems, due to its formal interprocess synchronization and communication semantics. CSP specifications are amenable to simulation and formal verification by model-checking tools. To overcome the drawback that CSP is neither a full-featured nor popular programming language, an approach called "selective formalism" allows the use of CSP to be limited to specifying the control portion of a system, while the rest of its functionality is supplied in the form of C++ modules. These are activated through association with abstract events in the CSP specification. The target system is constructed using a framework called CSP++, which automatically translates CSP specifications into C++, thereby making CSP directly executable. Thus a bridge is built that allows a formal method to be combined with a popular programming language. It is believed that this methodology can be extended to hardware/software codesign.
{"title":"Bridging CSP and C++ with selective formalism and executable specifications","authors":"W. B. Gardner","doi":"10.1109/MEMCOD.2003.1210108","DOIUrl":"https://doi.org/10.1109/MEMCOD.2003.1210108","url":null,"abstract":"CSP (communicating sequential processes) is a useful algebraic notation for creating a hierarchical behavioral specification for concurrent systems, due to its formal interprocess synchronization and communication semantics. CSP specifications are amenable to simulation and formal verification by model-checking tools. To overcome the drawback that CSP is neither a full-featured nor popular programming language, an approach called \"selective formalism\" allows the use of CSP to be limited to specifying the control portion of a system, while the rest of its functionality is supplied in the form of C++ modules. These are activated through association with abstract events in the CSP specification. The target system is constructed using a framework called CSP++, which automatically translates CSP specifications into C++, thereby making CSP directly executable. Thus a bridge is built that allows a formal method to be combined with a popular programming language. It is believed that this methodology can be extended to hardware/software codesign.","PeriodicalId":213762,"journal":{"name":"First ACM and IEEE International Conference on Formal Methods and Models for Co-Design, 2003. MEMOCODE '03. Proceedings.","volume":"39 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2003-06-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116827762","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2003-06-24DOI: 10.1109/MEMCOD.2003.1210089
E. Clarke, O. Grumberg, Muralidhar Talupur, Dong Wang
Predicate abstraction has been widely used for model checking hardware/software systems. However, for control intensive systems, existing predicate abstraction techniques can potentially result in a blowup of the size of the abstract model. We deal with this problem by retaining important control variables in the abstract model. By this method we avoid having to introduce an unreasonable number of predicates to simulate the behavior of the control variables. We also show how to improve predicate abstraction by extracting useful information from a high level representation of hardware/software systems. This technique works by first extracting relevant branch conditions. These branch conditions are used to invalidate spurious abstract counterexamples through a new counterexample-based lazy refinement algorithm. Experimental results are included to demonstrate the effectiveness of our methods.
{"title":"High level verification of control intensive systems using predicate abstraction","authors":"E. Clarke, O. Grumberg, Muralidhar Talupur, Dong Wang","doi":"10.1109/MEMCOD.2003.1210089","DOIUrl":"https://doi.org/10.1109/MEMCOD.2003.1210089","url":null,"abstract":"Predicate abstraction has been widely used for model checking hardware/software systems. However, for control intensive systems, existing predicate abstraction techniques can potentially result in a blowup of the size of the abstract model. We deal with this problem by retaining important control variables in the abstract model. By this method we avoid having to introduce an unreasonable number of predicates to simulate the behavior of the control variables. We also show how to improve predicate abstraction by extracting useful information from a high level representation of hardware/software systems. This technique works by first extracting relevant branch conditions. These branch conditions are used to invalidate spurious abstract counterexamples through a new counterexample-based lazy refinement algorithm. Experimental results are included to demonstrate the effectiveness of our methods.","PeriodicalId":213762,"journal":{"name":"First ACM and IEEE International Conference on Formal Methods and Models for Co-Design, 2003. MEMOCODE '03. Proceedings.","volume":"5 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2003-06-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129981211","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2003-06-24DOI: 10.1109/MEMCOD.2003.1210092
H. Saito, Kenshu Seto, Yoshihisa Kojima, S. Komatsu, M. Fujita
Because there is a need for engineering changes to fix design errors and satisfy design constraints even after chip fabrication, design flexibility and debuggability are extremely important to provide reliable designs and shorten time-to-market. In this paper, we propose a new VLSI architecture called field modifiable architecture (FMA) and its design method. Because of the nature of reprogrammability in FMAs, all of the engineering changes in designs are resolved at specification-level in terms of code recompilation. As a result, engineering changes even after chip fabrication are realized easily without wasting design time. In the experiment, two examples of engineering changes are demonstrated to investigate the efficiency of our proposed method.
{"title":"Engineering changes in field modifiable architectures","authors":"H. Saito, Kenshu Seto, Yoshihisa Kojima, S. Komatsu, M. Fujita","doi":"10.1109/MEMCOD.2003.1210092","DOIUrl":"https://doi.org/10.1109/MEMCOD.2003.1210092","url":null,"abstract":"Because there is a need for engineering changes to fix design errors and satisfy design constraints even after chip fabrication, design flexibility and debuggability are extremely important to provide reliable designs and shorten time-to-market. In this paper, we propose a new VLSI architecture called field modifiable architecture (FMA) and its design method. Because of the nature of reprogrammability in FMAs, all of the engineering changes in designs are resolved at specification-level in terms of code recompilation. As a result, engineering changes even after chip fabrication are realized easily without wasting design time. In the experiment, two examples of engineering changes are demonstrated to investigate the efficiency of our proposed method.","PeriodicalId":213762,"journal":{"name":"First ACM and IEEE International Conference on Formal Methods and Models for Co-Design, 2003. MEMOCODE '03. Proceedings.","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2003-06-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132203452","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2003-06-24DOI: 10.1109/MEMCOD.2003.1210111
D. Cachera, K. Morin-Allory
We propose a combination of heuristic methods to prove properties of control signals for regular systems defined by means of affine recurrence equations (AREs). We benefit from the intrinsic regularity of the polyhedral model to handle parameterized systems in a symbolic way. Despite some restrictions on the form of equations we are able to handle, our techniques apply well for a useful set of properties and led us to discover some errors in actual systems. These techniques have been implemented in the MMALPHA environment.
{"title":"Verification of control properties in the polyhedral model","authors":"D. Cachera, K. Morin-Allory","doi":"10.1109/MEMCOD.2003.1210111","DOIUrl":"https://doi.org/10.1109/MEMCOD.2003.1210111","url":null,"abstract":"We propose a combination of heuristic methods to prove properties of control signals for regular systems defined by means of affine recurrence equations (AREs). We benefit from the intrinsic regularity of the polyhedral model to handle parameterized systems in a symbolic way. Despite some restrictions on the form of equations we are able to handle, our techniques apply well for a useful set of properties and led us to discover some errors in actual systems. These techniques have been implemented in the MMALPHA environment.","PeriodicalId":213762,"journal":{"name":"First ACM and IEEE International Conference on Formal Methods and Models for Co-Design, 2003. MEMOCODE '03. Proceedings.","volume":"6 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2003-06-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134503684","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2003-06-24DOI: 10.1109/MEMCOD.2003.1210081
J. Meseguer
An executable computational logic can provide the desired bridge between formal system properties and formal methods to verify them on the one hand, and executable models of system designs based on programming languages on the other. However, not all such logics are equally well suited for the task. This paper gives some requirements that seem important for a computational logic to be suitable in practice, and discusses the experience with rewriting logic, its Maude language implementation, and its formal tool environment, concluding that they seem to meet well those requirements.
{"title":"Executable computational logics: combining formal methods and programming language based system design","authors":"J. Meseguer","doi":"10.1109/MEMCOD.2003.1210081","DOIUrl":"https://doi.org/10.1109/MEMCOD.2003.1210081","url":null,"abstract":"An executable computational logic can provide the desired bridge between formal system properties and formal methods to verify them on the one hand, and executable models of system designs based on programming languages on the other. However, not all such logics are equally well suited for the task. This paper gives some requirements that seem important for a computational logic to be suitable in practice, and discusses the experience with rewriting logic, its Maude language implementation, and its formal tool environment, concluding that they seem to meet well those requirements.","PeriodicalId":213762,"journal":{"name":"First ACM and IEEE International Conference on Formal Methods and Models for Co-Design, 2003. MEMOCODE '03. Proceedings.","volume":"21 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2003-06-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134098054","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2003-06-24DOI: 10.1109/MEMCOD.2003.1210085
I. El-Maddah, T. Maibaum
During the last two decades, a lot of effort has been focused on automating the generation of software applications. The automation process can start early, after some manual stage(s) or following (a) previous automatic stage(s). Such automation tools should have the capability of generating executable programs, specifications, or formal requirements, as appropriate. The requirements gathering and checking is considered as the most important phase to eliminate bugs that appear later and may be removed during the design or implementation phases, but with higher cost and effort. The GOPCSD (goal-oriented process control systems design) tool is designed to gather and structure the requirements for process control systems. The tool achieves separation between the process system engineer's view and the software engineer's. The tool hides the mathematic details of B method from the system engineer; enabling him to focus only on the operation specifications while the software engineer within the B toolkit environment focuses on programming paradigms. Some adaptations have been applied to the method of KAOS in order to yield maximum benefit while minimizing both the required time and the effort to complete the gathering of application requirements for process control systems. After studying different process control case studies, six patterns have been identified: two (alternative and conjunction pattern) of them extending the existing patterns in the KAOS method and four (sequence, disjunction, simultaneous, and inheritance patterns) are new and can be extensively found within the process control systems.
{"title":"Goal-oriented requirements analysis for process control systems design","authors":"I. El-Maddah, T. Maibaum","doi":"10.1109/MEMCOD.2003.1210085","DOIUrl":"https://doi.org/10.1109/MEMCOD.2003.1210085","url":null,"abstract":"During the last two decades, a lot of effort has been focused on automating the generation of software applications. The automation process can start early, after some manual stage(s) or following (a) previous automatic stage(s). Such automation tools should have the capability of generating executable programs, specifications, or formal requirements, as appropriate. The requirements gathering and checking is considered as the most important phase to eliminate bugs that appear later and may be removed during the design or implementation phases, but with higher cost and effort. The GOPCSD (goal-oriented process control systems design) tool is designed to gather and structure the requirements for process control systems. The tool achieves separation between the process system engineer's view and the software engineer's. The tool hides the mathematic details of B method from the system engineer; enabling him to focus only on the operation specifications while the software engineer within the B toolkit environment focuses on programming paradigms. Some adaptations have been applied to the method of KAOS in order to yield maximum benefit while minimizing both the required time and the effort to complete the gathering of application requirements for process control systems. After studying different process control case studies, six patterns have been identified: two (alternative and conjunction pattern) of them extending the existing patterns in the KAOS method and four (sequence, disjunction, simultaneous, and inheritance patterns) are new and can be extensively found within the process control systems.","PeriodicalId":213762,"journal":{"name":"First ACM and IEEE International Conference on Formal Methods and Models for Co-Design, 2003. MEMOCODE '03. Proceedings.","volume":"30 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2003-06-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127798223","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: