Results 1  10
of
45
VIATRA  Visual Automated Transformations for Formal Verification and Validation of UML Models
, 2002
"... The VIATRA (VIsual Automated model TRAnsformations) framework is the core of a transformationbased verification and validation environment for improving the quality of systems designed using the Unified Modeling Language by automatically checking consistency, completeness, and dependability require ..."
Abstract

Cited by 64 (6 self)
 Add to MetaCart
(Show Context)
The VIATRA (VIsual Automated model TRAnsformations) framework is the core of a transformationbased verification and validation environment for improving the quality of systems designed using the Unified Modeling Language by automatically checking consistency, completeness, and dependability requirements. In the current paper, we present an overview of (i) the major design goals and decisions, (ii) the underlying formal methodology based on metamodeling and graph transformation (iii) the software architecture based upon the XMI standard, (iv) and several benchmark applications of the VIATRA framework.
Modeling and Validation of ServiceOriented Architectures: Application vs. Style
"... Most applications developed today rely on a given middleware platform which governs the interaction between components, the access to resources, etc. To decide, which platform is suitable for a given application (or more generally, to understand the interaction between application and platform) , we ..."
Abstract

Cited by 54 (10 self)
 Add to MetaCart
Most applications developed today rely on a given middleware platform which governs the interaction between components, the access to resources, etc. To decide, which platform is suitable for a given application (or more generally, to understand the interaction between application and platform) , we propose UML models of both the architectural style of the platform and the application scenario. Based on a formal interpretation of these as graphs and graph transformation systems, we are able to validate the consistency between platform and application.
Towards Automated Formal Verification of Visual Modeling Languages by Model Checking
, 2003
"... Graph transformation has recently become more and more popular as a general, rulebased visual specification paradigm to formally capture (i) requirements or behavior of user models (on the modellevel), and (ii) the operational semantics of modeling languages (on the metalevel) as demonstrated by ..."
Abstract

Cited by 48 (5 self)
 Add to MetaCart
Graph transformation has recently become more and more popular as a general, rulebased visual specification paradigm to formally capture (i) requirements or behavior of user models (on the modellevel), and (ii) the operational semantics of modeling languages (on the metalevel) as demonstrated by benchmark applications around the Unified Modeling Language (UML). In the paper, we present a metalevel transformation technique to enable model checkingbased symbolic verification for arbitrary wellformed models and modeling languages (with formal semantics defined by graph transformation systems) by projecting them into state transitions systems that serve as the underlying mathematical specification formalism of various model checker tools. The feasibility of our approach is demonstrated by modeling and analyzing a wellknown verification benchmark both on the model and metamodel level.
LTL Satisfiability Checking
 SOFTWARE TOOLS FOR TECHNOLOGY TRANSFER
"... We report here on an experimental investigation of LTL satisfiability checking via a reduction to model checking. By using large LTL formulas, we offer challenging modelchecking benchmarks to both explicit and symbolic model checkers. For symbolic model checking, we use CadenceSMV, NuSMV, and SALSM ..."
Abstract

Cited by 47 (9 self)
 Add to MetaCart
We report here on an experimental investigation of LTL satisfiability checking via a reduction to model checking. By using large LTL formulas, we offer challenging modelchecking benchmarks to both explicit and symbolic model checkers. For symbolic model checking, we use CadenceSMV, NuSMV, and SALSMC. For explicit model checking, we use SPIN as the search engine, and we test essentially all publicly available LTL translation tools. Our experiments result in two major findings. First, most LTL translation tools are research prototypes and cannot be considered industrial quality tools. Second, when it comes to LTL satisfiability checking, the symbolic approach is clearly superior to the explicit approach.
A Formal Semantics of UML Statecharts by Model Transition Systems
 IN PROCEEDINGS ICGT 2002: INTERNATIONAL CONFERENCE ON GRAPH TRANSFORMATION, LECTURE NOTES IN COMPUTER SCIENCE
, 2002
"... UML Statecharts are wellknown visual means to capture the dynamic behavior of reactive systems in the objectoriented design methodology. Since the UML standard only contains an informal description on how to execute such statemachines various semantic frameworks have already been proposed to pr ..."
Abstract

Cited by 42 (5 self)
 Add to MetaCart
(Show Context)
UML Statecharts are wellknown visual means to capture the dynamic behavior of reactive systems in the objectoriented design methodology. Since the UML standard only contains an informal description on how to execute such statemachines various semantic frameworks have already been proposed to provide a precise formalization, which is indispensable for implementing automated analysis tools for statecharts. However, none of this approaches have been accepted as a standard formal semantics, mainly because the huge abstraction gap lying between engineering and formal mathematical practice. The current paper aims at to bridge this gap by providing a formal semantics that is (i) simultaneously visual and precise, (ii) built on metamodeling techniques, and (iii) that provides direct access to simulation and verification tools.
Automated Symbolic Reachability Analysis; with Application to DeltaNotch Signaling Automata
 Lecture Notes in Computer Science
, 2003
"... This paper describes the implementation of predicate abstraction techniques to automatically compute symbolic backward reachable sets of high dimensional piecewise a#ne hybrid automata, used to model DeltaNotch biological cell signaling networks. These automata are analyzed by creating an abstr ..."
Abstract

Cited by 39 (2 self)
 Add to MetaCart
(Show Context)
This paper describes the implementation of predicate abstraction techniques to automatically compute symbolic backward reachable sets of high dimensional piecewise a#ne hybrid automata, used to model DeltaNotch biological cell signaling networks. These automata are analyzed by creating an abstraction of the hybrid model, which is a finite state discrete transition system, and then performing the computation on the abstracted system. All the steps, from model generation to the simplification of the reachable set, have been automated using a variety of decision procedure and theoremproving tools. The concluding example computes the reach set for a four cell network with 8 continuous and 256 discrete states. This demonstrates the feasibility of using these tools to compute on high dimensional hybrid automata, to provide deeper insight into realistic biological systems.
Predicate abstraction for reachability analysis of hybrid systems
 ACM Trans. Embedded Comput. Syst
, 2006
"... Embedded systems are increasingly finding their way into a growing range of physical devices. These embedded systems often consist of a collection of software threads interacting concurrently with each other and with a physical, continuous environment. While continuous dynamics have been well studie ..."
Abstract

Cited by 39 (3 self)
 Add to MetaCart
(Show Context)
Embedded systems are increasingly finding their way into a growing range of physical devices. These embedded systems often consist of a collection of software threads interacting concurrently with each other and with a physical, continuous environment. While continuous dynamics have been well studied in control theory, and discrete and distributed systems have been investigated in computer science, the combination of the two complexities leads us to the recent research on hybrid systems. This paper addresses the formal analysis of such hybrid systems. Predicate abstraction has emerged to be a powerful technique for extracting finitestate models from infinitestate discrete programs. This paper presents algorithms and tools for reachability analysis of hybrid systems by combining the notion of predicate abstraction with recent techniques for approximating the set of reachable states of linear systems using polyhedra. Given a hybrid system and a set of predicates, we consider the finite discrete quotient whose states correspond to all possible truth assignments to the input predicates. The tool performs an onthefly exploration of the abstract system. We present the basic techniques for guided search in the abstract statespace, optimizations of these techniques, implementation of these in our verifier, and case studies demonstrating the promise of the approach. We also address the completeness of our abstractionbased verification strategy by showing that predicate abstraction of hybrid systems can be used to prove bounded safety.
A technique for invariant generation
 In TACAS 2001 (2001), vol. 2031 of LNCS
, 2001
"... Abstract. Most of the properties established during verification are either invariants or depend crucially on invariants. The effectiveness of automated formal verification is therefore sensitive to the ease with which invariants, even trivial ones, can be automatically deduced. While the strongest ..."
Abstract

Cited by 34 (1 self)
 Add to MetaCart
Abstract. Most of the properties established during verification are either invariants or depend crucially on invariants. The effectiveness of automated formal verification is therefore sensitive to the ease with which invariants, even trivial ones, can be automatically deduced. While the strongest invariant can be defined as the least fixed point of the strongest postcondition of a transition system starting with the set of initial states, this symbolic computation rarely converges. We present a method for invariant generation and strengthening that relies on the simultaneous construction of least and greatest fixed points, restricted widening and narrowing, and quantifier elimination. The effectiveness of the method is demonstrated on a number of examples. 1 Introduction The majority of properties established during the verification of programs are either invariants or depend crucially on invariants. Indeed, safety properties can be reduced to invariant properties, and to prove progress one usually needs to establish auxiliary invariance properties too. Consequently, the discovery and strengthening of invariants is a central technique in the analysis and verification of both sequential programs and reactive systems, especially for infinite state systems.
Modeling and Verification of a FaultTolerant Realtime Startup Protocol using Calendar Automata
, 2004
"... We discuss the modeling and verification of realtime systems using the SAL model checker. A new modeling framework based on event calendars enables dense timed systems to be described without relying on continuously varying clocks. We present verification techniques that rely on induction and ab ..."
Abstract

Cited by 33 (2 self)
 Add to MetaCart
(Show Context)
We discuss the modeling and verification of realtime systems using the SAL model checker. A new modeling framework based on event calendars enables dense timed systems to be described without relying on continuously varying clocks. We present verification techniques that rely on induction and abstraction, and show how these techniques are e#ciently supported by the SAL symbolic modelchecking tools. The modeling and verification method is applied to the faulttolerant realtime startup protocol used in the Timed Triggered Architecture.
A Formal Executable Semantics of the JavaCard Platform
"... We present a formal executable specification of two crucial JavaCard platform components, namely the Java Card Virtual Machine (JCVM) and the ByteCode Verier (BCV). Moreover, we relate both components by giving a proof of correctness of the ByteCode Verier. Both formalisations and proofs have been m ..."
Abstract

Cited by 19 (0 self)
 Add to MetaCart
(Show Context)
We present a formal executable specification of two crucial JavaCard platform components, namely the Java Card Virtual Machine (JCVM) and the ByteCode Verier (BCV). Moreover, we relate both components by giving a proof of correctness of the ByteCode Verier. Both formalisations and proofs have been machinedchecked using the proof assistant Coq.