Reliable and secure system design requires an increasing number of methods, algorithms, and tools for automatic program manipulation. Any program change corresponds to a transformation that affects the semantics at some given level of abstraction. We call these techniques model deformations. In this paper we propose a mathematical foundation for completeness-driven deformations of transition systems w.r.t. a given abstraction, and we introduce an algorithm for systematic deformation of Kripke structures for inducing strong preservation in abstract model checking. We prove that our model deformations are deeply related with must and may transitions in modal transition systems.
{"title":"Strong Preservation by Model Deformation","authors":"R. Giacobazzi, Isabella Mastroeni, Durica Nikolic","doi":"10.1109/TASE.2012.12","DOIUrl":"https://doi.org/10.1109/TASE.2012.12","url":null,"abstract":"Reliable and secure system design requires an increasing number of methods, algorithms, and tools for automatic program manipulation. Any program change corresponds to a transformation that affects the semantics at some given level of abstraction. We call these techniques model deformations. In this paper we propose a mathematical foundation for completeness-driven deformations of transition systems w.r.t. a given abstraction, and we introduce an algorithm for systematic deformation of Kripke structures for inducing strong preservation in abstract model checking. We prove that our model deformations are deeply related with must and may transitions in modal transition systems.","PeriodicalId":417979,"journal":{"name":"2012 Sixth International Symposium on Theoretical Aspects of Software Engineering","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-07-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131137941","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Interrupt mechanism is indispensable in embedded software due to lots of factors such as switching context and enhancing efficiency. In this context, the traditional way to ensure the correctness of software will not remain in force. Having the interrupt is envolved, the complicated and nondeterminism environment should be taken into consideration during the verification process. In this paper, we propose a novel way to verify the interrupt safety properties based on low-level binary code. At first, an Abstract xBIL is transformed from the xBIL with the time and interrupt properties reserved. xBIL [1] is a binary intermediate language we proposed to represent the machine instructions on multiple architectures. Afterwards, we present an automatic way to construct the Discrete-Time Markov Chains [2] from the Abstract xBIL code. After that, the properties can be easily generated and quantitative analysis could be performed. To prove the feasibility of our approach, we have applied our method to the verification of a commercial automotive operating system and it is proved to be of great help with the development of software.
{"title":"Binary Code Level Verification for Interrupt Safety Properties of Real-Time Operating System","authors":"Jianqi Shi, Longfei Zhu, Yanhong Huang, Jian Guo, Huibiao Zhu, Huixing Fang, Xin Ye","doi":"10.1109/TASE.2012.46","DOIUrl":"https://doi.org/10.1109/TASE.2012.46","url":null,"abstract":"Interrupt mechanism is indispensable in embedded software due to lots of factors such as switching context and enhancing efficiency. In this context, the traditional way to ensure the correctness of software will not remain in force. Having the interrupt is envolved, the complicated and nondeterminism environment should be taken into consideration during the verification process. In this paper, we propose a novel way to verify the interrupt safety properties based on low-level binary code. At first, an Abstract xBIL is transformed from the xBIL with the time and interrupt properties reserved. xBIL [1] is a binary intermediate language we proposed to represent the machine instructions on multiple architectures. Afterwards, we present an automatic way to construct the Discrete-Time Markov Chains [2] from the Abstract xBIL code. After that, the properties can be easily generated and quantitative analysis could be performed. To prove the feasibility of our approach, we have applied our method to the verification of a commercial automotive operating system and it is proved to be of great help with the development of software.","PeriodicalId":417979,"journal":{"name":"2012 Sixth International Symposium on Theoretical Aspects of Software Engineering","volume":"26 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-07-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126518652","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Nan Ye, Xin Chen, Wenxu Ding, P. Jiang, Lei Bu, Xuandong Li
Regression testing is a widely used way to assure the quality of modified software. It requires executing a suite of test cases to ensure that modifications do not introduce any negative impact to software behavior. To collect test cases in the suite that can reveal modifications, different versions of software must be compared carefully. Existing approaches, relying on manual examination on programs or models to identify differences, are expensive. In the paper, we present a fully automatic approach to generating regression test cases based on activity diagram revision. By collecting execution traces and revising old activity diagrams, the approach firstly constructs new activity diagrams that can reveal software behavior changes. Then, both affected paths and new paths in activity diagrams are identified. Finally, an execution-based approach is applied to generate regression test cases whose execution can cover these paths. Experiments show the effectiveness of our approach.
{"title":"Regression Test Cases Generation Based on Automatic Model Revision","authors":"Nan Ye, Xin Chen, Wenxu Ding, P. Jiang, Lei Bu, Xuandong Li","doi":"10.1109/TASE.2012.31","DOIUrl":"https://doi.org/10.1109/TASE.2012.31","url":null,"abstract":"Regression testing is a widely used way to assure the quality of modified software. It requires executing a suite of test cases to ensure that modifications do not introduce any negative impact to software behavior. To collect test cases in the suite that can reveal modifications, different versions of software must be compared carefully. Existing approaches, relying on manual examination on programs or models to identify differences, are expensive. In the paper, we present a fully automatic approach to generating regression test cases based on activity diagram revision. By collecting execution traces and revising old activity diagrams, the approach firstly constructs new activity diagrams that can reveal software behavior changes. Then, both affected paths and new paths in activity diagrams are identified. Finally, an execution-based approach is applied to generate regression test cases whose execution can cover these paths. Experiments show the effectiveness of our approach.","PeriodicalId":417979,"journal":{"name":"2012 Sixth International Symposium on Theoretical Aspects of Software Engineering","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-07-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128991029","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The Extended Finite State Machine (EFSM) is a commonly used model for specifying software systems. A test sequence for an EFSM is a sequence composed of values of input variables, which can make the EFSM “execute” along a complete path from entry to exit. Traditional test sequence generation methods for EFSM almost imitate those FSM-based approaches and focus on states identification. Most of them impose significant restrictions on the EFSM. This paper proposes a path-oriented approach to generating test cases for EFSM and presents a tool for test data generation. The experiments show that our tool can generate executable test sequences for EFSM models of software systems automatically in acceptable time.
{"title":"A Path-oriented Approach to Generating Executable Test Sequences for Extended Finite State Machines","authors":"Tianyong Wu, Jun Yan, Jian Zhang","doi":"10.1109/TASE.2012.38","DOIUrl":"https://doi.org/10.1109/TASE.2012.38","url":null,"abstract":"The Extended Finite State Machine (EFSM) is a commonly used model for specifying software systems. A test sequence for an EFSM is a sequence composed of values of input variables, which can make the EFSM “execute” along a complete path from entry to exit. Traditional test sequence generation methods for EFSM almost imitate those FSM-based approaches and focus on states identification. Most of them impose significant restrictions on the EFSM. This paper proposes a path-oriented approach to generating test cases for EFSM and presents a tool for test data generation. The experiments show that our tool can generate executable test sequences for EFSM models of software systems automatically in acceptable time.","PeriodicalId":417979,"journal":{"name":"2012 Sixth International Symposium on Theoretical Aspects of Software Engineering","volume":"30 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-07-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132197409","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
We introduce a new concept of modeling timed behavior in pi-calculus by representing timed actions (or timers) as interactions between application processes and clock processes. This approach extends the original calculus in a manner such that bisimulation arrangements in pi-calculus remain untouched. We also present a tool to simulate specifications written in our timed version of pi-calculus in order to verify their behavior.
{"title":"A Native Approach to Modeling Timed Behavior in the Pi-Calculus","authors":"Kamal Barakat, S. Kowalewski, T. Noll","doi":"10.1109/TASE.2012.27","DOIUrl":"https://doi.org/10.1109/TASE.2012.27","url":null,"abstract":"We introduce a new concept of modeling timed behavior in pi-calculus by representing timed actions (or timers) as interactions between application processes and clock processes. This approach extends the original calculus in a manner such that bisimulation arrangements in pi-calculus remain untouched. We also present a tool to simulate specifications written in our timed version of pi-calculus in order to verify their behavior.","PeriodicalId":417979,"journal":{"name":"2012 Sixth International Symposium on Theoretical Aspects of Software Engineering","volume":"15 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-07-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126186523","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
R. Wang, Min Zhou, Liangze Yin, Lianyi Zhang, Jiaguang Sun, M. Gu, M. Bozga
Programable logic controllers (PLCs) are complex cyber-physical systems which are widely used in industry. This paper shows the modeling and validation work of a typical PLC control system using the Behavior-Interaction-Priority(BIP) component framework. The gate control system based on PLC is a real industry application. We design general system architecture for this kind of device control system. The control software and hardware of environment are all modeled as BIP components. Their interactions are described by BIP connectors. System requirements are formalized as monitors. Simulation is applied on the system model. We found a couple of design errors in simulation, which help us to improve the dependability of the original systems.
{"title":"Modeling and Validation of PLC-Controlled Systems: A Case Study","authors":"R. Wang, Min Zhou, Liangze Yin, Lianyi Zhang, Jiaguang Sun, M. Gu, M. Bozga","doi":"10.1109/TASE.2012.33","DOIUrl":"https://doi.org/10.1109/TASE.2012.33","url":null,"abstract":"Programable logic controllers (PLCs) are complex cyber-physical systems which are widely used in industry. This paper shows the modeling and validation work of a typical PLC control system using the Behavior-Interaction-Priority(BIP) component framework. The gate control system based on PLC is a real industry application. We design general system architecture for this kind of device control system. The control software and hardware of environment are all modeled as BIP components. Their interactions are described by BIP connectors. System requirements are formalized as monitors. Simulation is applied on the system model. We found a couple of design errors in simulation, which help us to improve the dependability of the original systems.","PeriodicalId":417979,"journal":{"name":"2012 Sixth International Symposium on Theoretical Aspects of Software Engineering","volume":"50 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-07-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126870221","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
With the increasing impact of the actor-model in programming languages, there is also an increased demand for approved solutions for recurring implementation problems. Transferring established design pattern solutions from sequential contexts to concurrent ones requires a rigorous clarification of intentional requirements and concurrency issues. Existing approaches either do not verify concurrent pattern implementations rigorously or do not address the actor model. To solve these insufficiencies we (1) specify intentional requirements using LTL-expressions and an abstract outline, and (2) transfer and verify these for a concrete, actor-based TLA description using model checking techniques. The applicability of our approach is demonstrated for a concurrent version of the well known Observer Pattern. Our work enables software engineers to build up formal requirement catalogs for sequential and concurrent design pattern implementations and to rigorously verify them at a low effort.
{"title":"The Observer Pattern Applied to Actor Systems: A TLA/TLC-based Implementation Analysis","authors":"Rodger Burmeister, Steffen Helke","doi":"10.1109/TASE.2012.15","DOIUrl":"https://doi.org/10.1109/TASE.2012.15","url":null,"abstract":"With the increasing impact of the actor-model in programming languages, there is also an increased demand for approved solutions for recurring implementation problems. Transferring established design pattern solutions from sequential contexts to concurrent ones requires a rigorous clarification of intentional requirements and concurrency issues. Existing approaches either do not verify concurrent pattern implementations rigorously or do not address the actor model. To solve these insufficiencies we (1) specify intentional requirements using LTL-expressions and an abstract outline, and (2) transfer and verify these for a concrete, actor-based TLA description using model checking techniques. The applicability of our approach is demonstrated for a concurrent version of the well known Observer Pattern. Our work enables software engineers to build up formal requirement catalogs for sequential and concurrent design pattern implementations and to rigorously verify them at a low effort.","PeriodicalId":417979,"journal":{"name":"2012 Sixth International Symposium on Theoretical Aspects of Software Engineering","volume":"356 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-07-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115892014","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
SPARDL is a domain-specific modeling language for periodic control systems, which are widely used in embedded systems. Periodic control systems are usually driven by the given period. A periodic control system can be decomposed into different modes or sub-modes, and each mode represents a system state observed from outside. We believe that introducing static checking will extend the power of SPARDL. In this paper, we develop a type system for SPARDL. To make the contributions of this paper convincible and easy to understand, we apply the traditional approaches to construct the type system for SPARDL. An operational semantics is proposed as the basic explanation of SPARDL. And then some type safety theorems are proved under such semantics. We apply the type system to an industrial case from China Academy of Space Technology(CAST) to evaluate the effectiveness of our approach in practice, and then eight type errors are revealed.
{"title":"A Type System for SPARDL","authors":"Zheng Wang, G. Pu, Jianwen Li, B. Gu","doi":"10.1109/TASE.2012.47","DOIUrl":"https://doi.org/10.1109/TASE.2012.47","url":null,"abstract":"SPARDL is a domain-specific modeling language for periodic control systems, which are widely used in embedded systems. Periodic control systems are usually driven by the given period. A periodic control system can be decomposed into different modes or sub-modes, and each mode represents a system state observed from outside. We believe that introducing static checking will extend the power of SPARDL. In this paper, we develop a type system for SPARDL. To make the contributions of this paper convincible and easy to understand, we apply the traditional approaches to construct the type system for SPARDL. An operational semantics is proposed as the basic explanation of SPARDL. And then some type safety theorems are proved under such semantics. We apply the type system to an industrial case from China Academy of Space Technology(CAST) to evaluate the effectiveness of our approach in practice, and then eight type errors are revealed.","PeriodicalId":417979,"journal":{"name":"2012 Sixth International Symposium on Theoretical Aspects of Software Engineering","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-07-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129545795","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In this paper, we present a higher order ambient calculus HSAP, which is a higher order extension of SAP calculus. In HSAP, we extend higher order communication capability and administrator interaction capability. Higher order communication capability means that an ambients can be send to another ambients. Administrator interaction capability means that an ambients can interact with any ambients if the password is matched. Then, we give a LTS based operational semantics for HSAP and two labelled bisimulations, called early bisimulation and late bisimulation. Early bisimulation is proved to coincide with reduction barbed congruence. Furthermore, we present late bisimulation, quasi late bisimulation, concise quasi late bisimulation and quasi normal bisimulation for HSAP and study the relation between these bisimulations. Finally, we study the expressiveness of HSAP.
{"title":"A Calculus of Higher Order Safe Ambients and Its Bisimulations","authors":"Zining Cao","doi":"10.1109/TASE.2012.8","DOIUrl":"https://doi.org/10.1109/TASE.2012.8","url":null,"abstract":"In this paper, we present a higher order ambient calculus HSAP, which is a higher order extension of SAP calculus. In HSAP, we extend higher order communication capability and administrator interaction capability. Higher order communication capability means that an ambients can be send to another ambients. Administrator interaction capability means that an ambients can interact with any ambients if the password is matched. Then, we give a LTS based operational semantics for HSAP and two labelled bisimulations, called early bisimulation and late bisimulation. Early bisimulation is proved to coincide with reduction barbed congruence. Furthermore, we present late bisimulation, quasi late bisimulation, concise quasi late bisimulation and quasi normal bisimulation for HSAP and study the relation between these bisimulations. Finally, we study the expressiveness of HSAP.","PeriodicalId":417979,"journal":{"name":"2012 Sixth International Symposium on Theoretical Aspects of Software Engineering","volume":"17 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-07-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125882875","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Ziwei Liu, Jing Liu, Jifeng He, F. Mallet, Miaomiao Zhang
The specification of Modeling and Analysis of Real-time and Embedded Systems (MARTE) is an extension of UML in the domain of real-time and embedded Systems. However, unified modeling of continuous and discrete variables in MARTE is still an unsolved problem for hybrid real-time system development. In this paper we propose an extended statechart, Hybrid MARTE statechart, for modeling and analyzing of hybrid real-time and embedded systems. In Hybrid MARTE Statecharts, we unify the logical time and the chronometric time variables. The improvement of MARTE statechart is based on hybrid automata. Formal syntax and semantics of Hybrid MARTE statecharts are given based on labeled transition systems. At the end of this paper, a case study is given to show how to model the behavior of a Train Control System with Hybrid MARTE statecharts.
{"title":"Formal Specification of Hybrid MARTE Statecharts","authors":"Ziwei Liu, Jing Liu, Jifeng He, F. Mallet, Miaomiao Zhang","doi":"10.1109/TASE.2012.26","DOIUrl":"https://doi.org/10.1109/TASE.2012.26","url":null,"abstract":"The specification of Modeling and Analysis of Real-time and Embedded Systems (MARTE) is an extension of UML in the domain of real-time and embedded Systems. However, unified modeling of continuous and discrete variables in MARTE is still an unsolved problem for hybrid real-time system development. In this paper we propose an extended statechart, Hybrid MARTE statechart, for modeling and analyzing of hybrid real-time and embedded systems. In Hybrid MARTE Statecharts, we unify the logical time and the chronometric time variables. The improvement of MARTE statechart is based on hybrid automata. Formal syntax and semantics of Hybrid MARTE statecharts are given based on labeled transition systems. At the end of this paper, a case study is given to show how to model the behavior of a Train Control System with Hybrid MARTE statecharts.","PeriodicalId":417979,"journal":{"name":"2012 Sixth International Symposium on Theoretical Aspects of Software Engineering","volume":"8 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-07-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128916516","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}