Ender Yüksel, Huibiao Zhu, H. R. Nielson, Heqing Huang, F. Nielson
Cyber-physical systems integrate information and communication technology functions to the physical elements of a system for monitoring and controlling purposes. The conversion of traditional power grid into a smart grid, a fundamental example of a cyber-physical system, raises a number of issues that require novel methods and applications. In this context, an important issue is the verification of certain quantitative properties of the system. In this paper, we consider a specific Chinese Smart Grid implementation as a case study and address the verification problem for performance and energy consumption. We employ stochastic model checking approach and present our modelling and analysis study using PRISM model checker.
{"title":"Modelling and Analysis of Smart Grid: A Stochastic Model Checking Case Study","authors":"Ender Yüksel, Huibiao Zhu, H. R. Nielson, Heqing Huang, F. Nielson","doi":"10.1109/TASE.2012.44","DOIUrl":"https://doi.org/10.1109/TASE.2012.44","url":null,"abstract":"Cyber-physical systems integrate information and communication technology functions to the physical elements of a system for monitoring and controlling purposes. The conversion of traditional power grid into a smart grid, a fundamental example of a cyber-physical system, raises a number of issues that require novel methods and applications. In this context, an important issue is the verification of certain quantitative properties of the system. In this paper, we consider a specific Chinese Smart Grid implementation as a case study and address the verification problem for performance and energy consumption. We employ stochastic model checking approach and present our modelling and analysis study using PRISM model checker.","PeriodicalId":417979,"journal":{"name":"2012 Sixth International Symposium on Theoretical Aspects of Software Engineering","volume":"19 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-07-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124389953","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Model-driven engineering refers to a range of engineering approaches that uses models throughout systems and software development life cycle. Towards sustaining the success in practice of model-driven engineering, we present a probabilistic verification framework supporting the analysis of SysML activity diagrams against a set of quantitative and qualitative requirements. To this end, we propose an algorithm that maps SysML activity diagrams into probabilistic models, specifically Markov decision processes, expressed in the probabilistic symbolic model-checker (PRISM) language. The generated model can be verified against a set of properties expressed in the probabilistic computation tree logic. In order to automate our approach, we developed a prototype tool that interfaces both a modeling environment and the model-checker PRISM. In order to illustrate the usability and benefit of our approach, we investigate its scalability and present a case study.
{"title":"Formal Specification and Probabilistic Verification of SysML Activity Diagrams","authors":"Yosr Jarraya, M. Debbabi","doi":"10.1109/TASE.2012.34","DOIUrl":"https://doi.org/10.1109/TASE.2012.34","url":null,"abstract":"Model-driven engineering refers to a range of engineering approaches that uses models throughout systems and software development life cycle. Towards sustaining the success in practice of model-driven engineering, we present a probabilistic verification framework supporting the analysis of SysML activity diagrams against a set of quantitative and qualitative requirements. To this end, we propose an algorithm that maps SysML activity diagrams into probabilistic models, specifically Markov decision processes, expressed in the probabilistic symbolic model-checker (PRISM) language. The generated model can be verified against a set of properties expressed in the probabilistic computation tree logic. In order to automate our approach, we developed a prototype tool that interfaces both a modeling environment and the model-checker PRISM. In order to illustrate the usability and benefit of our approach, we investigate its scalability and present a case study.","PeriodicalId":417979,"journal":{"name":"2012 Sixth International Symposium on Theoretical Aspects of Software Engineering","volume":"20 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-07-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125527399","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
This is an overview of the keynote presentation on SBSE at the Sixth IEEE International Symposium on Theoretical Aspects of Software Engineering (TASE 2012), held on the 4th-6th July 2012 in Beijing, China.
{"title":"Overview of TASE 2012 Talk on Search Based Software Engineering","authors":"M. Harman","doi":"10.1109/TASE.2012.24","DOIUrl":"https://doi.org/10.1109/TASE.2012.24","url":null,"abstract":"This is an overview of the keynote presentation on SBSE at the Sixth IEEE International Symposium on Theoretical Aspects of Software Engineering (TASE 2012), held on the 4th-6th July 2012 in Beijing, China.","PeriodicalId":417979,"journal":{"name":"2012 Sixth International Symposium on Theoretical Aspects of Software Engineering","volume":"56 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-07-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126783775","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Traditionally, the focus of specification mechanism has been on improving its ability to cover a wider range of problems more accurately, while the effectiveness of verification is left to the underlying theorem provers. Our work attempts a novel approach, where the focus is on designing good specification mechanisms to achieve better expressivity (the specification should capture more accurately and concisely the functionality of the corresponding code) and better verifiability (the verification process should succeed in more scenarios than the corresponding verification without the specification enhancements, with better or similar performance). Moreover, we are also interested in providing the necessary tools to assist the user with the important but tedious task of constructing desired specifications. Existing approaches to specification construction tend to be either fully manual or fully automatic. We propose a new framework for specification construction that can be done selectively and incrementally. This framework allows preconditions and postconditions to be selectively inferred via a set of specified variables, that included synthesis for unknown functions and relations.
{"title":"From Verification to Specification Inference","authors":"W. Chin, C. David","doi":"10.1109/TASE.2012.40","DOIUrl":"https://doi.org/10.1109/TASE.2012.40","url":null,"abstract":"Traditionally, the focus of specification mechanism has been on improving its ability to cover a wider range of problems more accurately, while the effectiveness of verification is left to the underlying theorem provers. Our work attempts a novel approach, where the focus is on designing good specification mechanisms to achieve better expressivity (the specification should capture more accurately and concisely the functionality of the corresponding code) and better verifiability (the verification process should succeed in more scenarios than the corresponding verification without the specification enhancements, with better or similar performance). Moreover, we are also interested in providing the necessary tools to assist the user with the important but tedious task of constructing desired specifications. Existing approaches to specification construction tend to be either fully manual or fully automatic. We propose a new framework for specification construction that can be done selectively and incrementally. This framework allows preconditions and postconditions to be selectively inferred via a set of specified variables, that included synthesis for unknown functions and relations.","PeriodicalId":417979,"journal":{"name":"2012 Sixth International Symposium on Theoretical Aspects of Software Engineering","volume":"5 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-07-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134372873","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
J. Barnat, L. Brim, J. Beran, Tomas Kratochvila, Italo R. Oliveira
Verification of embedded systems has become increasingly important in many industrial domains. Safety-critical embedded systems, such as those developed in aerospace industry, are regularly subject to automated formal verification process. In this paper we extend our tool integration chain of parallel, explicit-state LTL model checker DIVINE and Matlab Simulink tool suit with an improved support of counterexample simulation. In particular, we show how to provide the verification engineer with a direct connection between the error discovered by the model checker and the simulation in Matlab Simulink. This work has been conducted within the Artemis project industrial Framework for Embedded Systems Tools (iFEST).
{"title":"Executing Model Checking Counterexamples in Simulink","authors":"J. Barnat, L. Brim, J. Beran, Tomas Kratochvila, Italo R. Oliveira","doi":"10.1109/TASE.2012.42","DOIUrl":"https://doi.org/10.1109/TASE.2012.42","url":null,"abstract":"Verification of embedded systems has become increasingly important in many industrial domains. Safety-critical embedded systems, such as those developed in aerospace industry, are regularly subject to automated formal verification process. In this paper we extend our tool integration chain of parallel, explicit-state LTL model checker DIVINE and Matlab Simulink tool suit with an improved support of counterexample simulation. In particular, we show how to provide the verification engineer with a direct connection between the error discovered by the model checker and the simulation in Matlab Simulink. This work has been conducted within the Artemis project industrial Framework for Embedded Systems Tools (iFEST).","PeriodicalId":417979,"journal":{"name":"2012 Sixth International Symposium on Theoretical Aspects of Software Engineering","volume":"55 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-07-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115434026","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Cut elimination in sequent calculus is indispensable in bounding the number of distinct formulas to appear during a backward proof search. A usual approach to prove cut admissibility is permutation of derivation trees. Extra care must be taken, however, when contraction appears as an explicit inference rule. In G1i for example, a simple-minded permutation strategy comes short around contraction interacting directly with cut formulas, which entails irreducibility of the derivation height of Cut instances. One of the practices employed to overcome this issue is the use of MultiCut (the “mix” rule) which takes into account the eject of contraction within. A more recent substructural logic BI inherits the characteristics of the intuitionistic logic but also those of multiplicative linear logic (without exponentials). Following Pym's original work, the cut admissibility in LBI (the original BI sequent calculus) is supposed to hold with the same tweak. However, there is a critical issue in the approach: MultiCut does not take care of the eject of structural contraction that LBI permits. In this paper, we show a proper proof of the LBI cut admissibility based on another derivable rule BI-MultiCut.
{"title":"LBI Cut Elimination Proof with BI-MultiCut","authors":"Ryuta Arisaka, S. Qin","doi":"10.1109/TASE.2012.30","DOIUrl":"https://doi.org/10.1109/TASE.2012.30","url":null,"abstract":"Cut elimination in sequent calculus is indispensable in bounding the number of distinct formulas to appear during a backward proof search. A usual approach to prove cut admissibility is permutation of derivation trees. Extra care must be taken, however, when contraction appears as an explicit inference rule. In G1i for example, a simple-minded permutation strategy comes short around contraction interacting directly with cut formulas, which entails irreducibility of the derivation height of Cut instances. One of the practices employed to overcome this issue is the use of MultiCut (the “mix” rule) which takes into account the eject of contraction within. A more recent substructural logic BI inherits the characteristics of the intuitionistic logic but also those of multiplicative linear logic (without exponentials). Following Pym's original work, the cut admissibility in LBI (the original BI sequent calculus) is supposed to hold with the same tweak. However, there is a critical issue in the approach: MultiCut does not take care of the eject of structural contraction that LBI permits. In this paper, we show a proper proof of the LBI cut admissibility based on another derivable rule BI-MultiCut.","PeriodicalId":417979,"journal":{"name":"2012 Sixth International Symposium on Theoretical Aspects of Software Engineering","volume":"673 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-07-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134619783","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
We present a new model-based test generation approach using an extended symbolic grammar, which is used as a formal notation for enumerating test cases for communication and reactive systems. Our model-based test generation approach takes inputs a reactive system model, in Live Sequence Charts (LSCs), and a general symbolic grammar serving as preliminary test coverage criteria, performs an automatic simulation for consistency testing on the LSC model specification, and eventually generates an evolved symbolic grammar with relined test coverage criteria. The evolved symbolic grammar can either be used to generate practical test cases for software testing, or be further relined by applying our model-based test generation approach again with additional test coverage criteria.
{"title":"Model-Based Test Generation Using Evolutional Symbolic Grammar","authors":"Hai-Feng Guo, M. Subramaniam","doi":"10.1109/TASE.2012.16","DOIUrl":"https://doi.org/10.1109/TASE.2012.16","url":null,"abstract":"We present a new model-based test generation approach using an extended symbolic grammar, which is used as a formal notation for enumerating test cases for communication and reactive systems. Our model-based test generation approach takes inputs a reactive system model, in Live Sequence Charts (LSCs), and a general symbolic grammar serving as preliminary test coverage criteria, performs an automatic simulation for consistency testing on the LSC model specification, and eventually generates an evolved symbolic grammar with relined test coverage criteria. The evolved symbolic grammar can either be used to generate practical test cases for software testing, or be further relined by applying our model-based test generation approach again with additional test coverage criteria.","PeriodicalId":417979,"journal":{"name":"2012 Sixth International Symposium on Theoretical Aspects of Software Engineering","volume":"28 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-07-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134461822","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Guanfeng Lv, Yao Chen, Yachao Feng, Qingliang Chen, Kaile Su
As a data structure for representing and manipulating Boolean functions, BDDs (Binary Decision Diagrams) are commonly used in many fields such as model-checking, system verification and so on. For saving space and improving operation speed, all the existing packages limit the number of variables to 216. However, such a limitation also restrains its applicability. In this paper, we present TiniBDD, an efficient implementation of a 232 BDD package incorporating sub-allocation of memory and lightweight Garbage Collection as well as a new operator named as Satisfiable Assignment Operator. Compared with the well-known CUDD which is one of the best 216 BDD packages that can be attained publicly, the experiments show TiniBDD has comparable performance.
{"title":"A Succinct and Efficient Implementation of a 2^32 BDD Package","authors":"Guanfeng Lv, Yao Chen, Yachao Feng, Qingliang Chen, Kaile Su","doi":"10.1109/TASE.2012.22","DOIUrl":"https://doi.org/10.1109/TASE.2012.22","url":null,"abstract":"As a data structure for representing and manipulating Boolean functions, BDDs (Binary Decision Diagrams) are commonly used in many fields such as model-checking, system verification and so on. For saving space and improving operation speed, all the existing packages limit the number of variables to 216. However, such a limitation also restrains its applicability. In this paper, we present TiniBDD, an efficient implementation of a 232 BDD package incorporating sub-allocation of memory and lightweight Garbage Collection as well as a new operator named as Satisfiable Assignment Operator. Compared with the well-known CUDD which is one of the best 216 BDD packages that can be attained publicly, the experiments show TiniBDD has comparable performance.","PeriodicalId":417979,"journal":{"name":"2012 Sixth International Symposium on Theoretical Aspects of Software Engineering","volume":"536 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-07-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116241590","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
For hybrid systems, hybrid automata based tools are capable of verification while Matlab Simulink/Stateflow is proficient in simulation. In this paper, a methodology is developed in which the formal verification tool PHAVer and simulation tool Matlab are integrated to analyze and verify hybrid systems. For application of this methodology, a Platform Screen Doors System (abbreviated as PSDS), a subsystem of the subway, is modeled with formal verification techniques based on hybrid automata and Matlab Simulink/Stateflow charts, respectively. The models of PSDS are simulated by Matlab and verified by PHAVer. It is verified that the sandwich situation can be avoided under time interval conditions. We conclude that this integration methodology is competent in verifying Platform Screen Doors System.
{"title":"Formal Verification and Simulation: Co-verification for Subway Control Systems","authors":"Huixing Fang, Jian Guo, Huibiao Zhu, Jianqi Shi","doi":"10.1109/TASE.2012.11","DOIUrl":"https://doi.org/10.1109/TASE.2012.11","url":null,"abstract":"For hybrid systems, hybrid automata based tools are capable of verification while Matlab Simulink/Stateflow is proficient in simulation. In this paper, a methodology is developed in which the formal verification tool PHAVer and simulation tool Matlab are integrated to analyze and verify hybrid systems. For application of this methodology, a Platform Screen Doors System (abbreviated as PSDS), a subsystem of the subway, is modeled with formal verification techniques based on hybrid automata and Matlab Simulink/Stateflow charts, respectively. The models of PSDS are simulated by Matlab and verified by PHAVer. It is verified that the sandwich situation can be avoided under time interval conditions. We conclude that this integration methodology is competent in verifying Platform Screen Doors System.","PeriodicalId":417979,"journal":{"name":"2012 Sixth International Symposium on Theoretical Aspects of Software Engineering","volume":"1994 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-07-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127319529","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Chaojian Hu, Zhoujun Li, Jinxin Ma, Tao Guo, Zhiwei Shi
Symbolic execution simulates program execution by replacing concrete values with symbolic variables for inputs. It could be used in software behavior analysis, vulnerability detection and software security assessment. In this paper, we analyze the path explosion problem encountered in vulnerability detection with the state-of-the-art symbolic execution technology for large scale file parsing programs. We also propose 4 alleviations to ease the problem, i.e. loop controlling, irrelevant path elimination, path selecting and parallel symbolic execution. Based on these alleviations, we implemented a prototype tool to detect file parsing vulnerability in large scale programs automatically, and evaluate it with a suit of benchmarks chosen from open source programs. Our tool detected not only all reported vulnerabilities of memory overflow in the benchmarks, but also some unreported vulnerabilities. The evaluation results show these alleviations could effectively ease the path explosion problem while analyzing large scale file parsing programs.
{"title":"File Parsing Vulnerability Detection with Symbolic Execution","authors":"Chaojian Hu, Zhoujun Li, Jinxin Ma, Tao Guo, Zhiwei Shi","doi":"10.1109/TASE.2012.13","DOIUrl":"https://doi.org/10.1109/TASE.2012.13","url":null,"abstract":"Symbolic execution simulates program execution by replacing concrete values with symbolic variables for inputs. It could be used in software behavior analysis, vulnerability detection and software security assessment. In this paper, we analyze the path explosion problem encountered in vulnerability detection with the state-of-the-art symbolic execution technology for large scale file parsing programs. We also propose 4 alleviations to ease the problem, i.e. loop controlling, irrelevant path elimination, path selecting and parallel symbolic execution. Based on these alleviations, we implemented a prototype tool to detect file parsing vulnerability in large scale programs automatically, and evaluate it with a suit of benchmarks chosen from open source programs. Our tool detected not only all reported vulnerabilities of memory overflow in the benchmarks, but also some unreported vulnerabilities. The evaluation results show these alleviations could effectively ease the path explosion problem while analyzing large scale file parsing programs.","PeriodicalId":417979,"journal":{"name":"2012 Sixth International Symposium on Theoretical Aspects of Software Engineering","volume":"16 4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-07-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116560508","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: