Global ETD Search

101	Systematic model-based safety assessment via probabilistic model checking GOMES, Adriano José Oliveira 31 January 2010 (has links) Made available in DSpace on 2014-06-12T15:59:55Z (GMT). No. of bitstreams: 2 arquivo5803_1.pdf: 2496332 bytes, checksum: b4666e127bf620dbcb7437f9d83c2344 (MD5) license.txt: 1748 bytes, checksum: 8a4605be74aa9ea9d79846c1fba20a33 (MD5) Previous issue date: 2010 / Faculdade de Amparo à Ciência e Tecnologia do Estado de Pernambuco / A análise da segurança (Safety Assessment) é um processo bem conhecido que serve para garantir que as restrições de segurança de um sistema crítico sejam cumpridas. Dentro dele, a análise de segurança quantitativa lida com essas restrições em um contexto numérico (probabilístico). Os métodos de análise de segurança, como a tradicional Fault Tree Analysis (FTA), são utilizados no processo de avaliação da segurança quantitativo, seguindo as diretrizes de certificação (por exemplo, a ARP4761 Guia de Práticas Recomendadas da Aviação). No entanto, este método é geralmente custoso e requer muito tempo e esforço para validar um sistema como um todo, uma vez que para uma aeronave chegam a ser construídas, em média, 10.000 árvores de falha e também porque dependem fortemente das habilidades humanas para lidar com suas limitações temporais que restringem o âmbito e o nível de detalhe que a análise e os resultados podem alcançar. Por outro lado, as autoridades certificadoras também permitem a utilização da análise de Markov, que, embora seus modelos sejam mais poderosos que as árvores de falha, a indústria raramente adota esta análise porque seus modelos são mais complexos e difíceis de lidar. Diante disto, FTA tem sido amplamente utilizada neste processo, principalmente porque é conceitualmente mais simples e fácil de entender. À medida que a complexidade e o time-to-market dos sistemas aumentam, o interesse em abordar as questões de segurança durante as fases iniciais do projeto, ao invés de nas fases intermediárias/finais, tornou comum a adoção de projetos, ferramentas e técnicas baseados em modelos. Simulink é o exemplo padrão atualmente utilizado na indústria aeronáutica. Entretanto, mesmo neste cenário, as soluções atuais seguem o que os engenheiros já utilizavam anteriormente. Por outro lado, métodos formais que são linguagens, ferramentas e métodos baseados em lógica e matemática discreta e não seguem as abordagens da engenharia tradicional, podem proporcionar soluções inovadoras de baixo custo para engenheiros. Esta dissertação define uma estratégia para a avaliação quantitativa de segurança baseada na análise de Markov. Porém, em vez de lidar com modelos de Markov diretamente, usamos a linguagem formal Prism (uma especificação em Prism é semanticamente interpretada como um modelo de Markov). Além disto, esta especificação em Prism é extraída de forma sistemática a partir de um modelo de alto nível (diagramas Simulink anotados com lógicas de falha do sistema), através da aplicação de regras de tradução. A verificação sob o aspecto quantitativo dos requisitos de segurança do sistema é realizada utilizando o verificador de modelos de Prism, no qual os requisitos de segurança tornam-se fórmulas probabilísticas em lógica temporal. O objetivo imediato do nosso trabalho é evitar o esforço de se criar várias árvores de falhas até ser constatado que um requisito de segurança foi violado. Prism não constrói árvores de falha para chegar neste resultado. Ele simplesmente verifica de uma só vez se um requisito de segurança é satisfeito ou não no modelo inteiro. Finalmente, nossa estratégia é ilustrada com um sistema simples (um projeto-piloto), mas representativo, projetado pela Embraer Quantitative Safety Assessment Probabilistic Model-Checking Formal Methods Prism Markov Analysis Aircraft Systems
102	Transformando modelos Scade em especificações SCR SERAFIM, Kamila Nayana Carvalho 08 September 2016 (has links) Submitted by Fabio Sobreira Campos da Costa (fabio.sobreira@ufpe.br) on 2017-08-08T13:40:24Z No. of bitstreams: 2 license_rdf: 811 bytes, checksum: e39d27027a6cc9cb039ad269a5db8e34 (MD5) Dissertação-Transformando-modelos-xscade-em-SCR-Kamila-Serafim.pdf: 1127362 bytes, checksum: cb72514ffcaf617a6573ea197ab446c1 (MD5) / Made available in DSpace on 2017-08-08T13:40:24Z (GMT). No. of bitstreams: 2 license_rdf: 811 bytes, checksum: e39d27027a6cc9cb039ad269a5db8e34 (MD5) Dissertação-Transformando-modelos-xscade-em-SCR-Kamila-Serafim.pdf: 1127362 bytes, checksum: cb72514ffcaf617a6573ea197ab446c1 (MD5) Previous issue date: 2016-09-08 / A construção de um software para domínios particulares tem de atender normas específicasque impõem o atendimento a fatores como rastreabilidade de requisitos e certificação. Por exemplo, a indústria aeronáutica deve atender à norma DO-178B que estabelece restrições para uso de software de aeronaves, que são considerados sistemas críticos. Para um sistema estar de acordo com essa certificação é necessário ter requisitos formais e código certificado; nesta direção, Andrade (ANDRADE, 2013) usou a notação SCR (Software Cost Reduction) para definição de requisitos e a ferramenta SCADE para modelagem de sistemas críticos, com desenvolvimento de um tradutor de SCR para artefatos xscade. A prática de desenvolvimento de sistema, porém, não está restrita à transição entre requisitos e artefatos de projeto. Modificações realizadas nestes últimos devem também ser refletidas nos requisitos. Neste trabalho desenvolvemos um tradutor de artefatos de modelagem da ferramenta SCADE para SCR. Desta forma podemos gerar especificação de requisitos a partir do código (Engenharia Reversa) e complementamos o trabalho anterior desenvolvido por Andrade (ANDRADE, 2013). Para o desenvolvimento do tradutor, utilizamos a plataforma Spoofax por meio da qual descrevemos a sintaxe do esquema XML utilizado em SCADE e também as regras de tradução tendo como alvo SCR. A validação da tradução teve como ponto de partida o resultado do uso do tradutor desenvolvido por Andrade (ANDRADE, 2013), tendo de gerar como saída a mesma entrada do tradutor desenvolvido por Andrade (ANDRADE, 2013). Além disso, desenvolvemos exemplos para demonstrar que a modificação estrutural, com preservação de semântica, em projetos SCADE, é verificável por meio do uso de testes gerados por meio da ferramenta TTM-TVEC / Building a software for particular domains must attend speciﬁc standards that impose attendance to factors such as traceability requirements and the certiﬁcation issue. For example, the airline industry should meet the DO-178B standard that establishes restrictions on the use of aircraft software, which is considered a critical system. For a system to be in accordance with this certiﬁcation, one must have formal requirements and certiﬁed code. In this direction, Andrade (ANDRADE, 2013) used SCR (Software Cost Reduction) for requirements deﬁnition and SCADE for modeling critical systems with development of an artifacts a translator from SCR. However the practice of developing is not restricted to the transition from requirements to design artifacts. Changes made on design should be reﬂected in the requirements. In this work we developed a translator from SCADE to SCR. In this way we can generate requirements speciﬁcation from the code (reverse engineering) and complement the previous Andrade (ANDRADE, 2013) thesis. For the translator development, we use the Spoofax platform through which we describe the XML schema syntax used in SCADE and also the translation rules having SCR as the target language. The translation validation had as its starting point the result of the translator developed by Andrade (ANDRADE, 2013), where the output is the same input developed by Andrade(ANDRADE, 2013). Furthermore, examples developed to demonstrate that the structural modiﬁcation that preserves semantics in SCADE, is veriﬁable through the use of tests generated by the TTM-TVEC tool. Métodos Formais Requisitos Formais Certiﬁcação Regras de Tradução Testes Formal Methods Formal Requirements Certiﬁcation Translation Rules Tests
103	Criação de uma biblioteca padrão para a linguagem HasCASL / Creating a standard library for the HasCASL language Cabral, Glauber Módolo 16 August 2018 (has links) Orientador: Arnaldo Vieira Moura / Dissertação (mestrado) - Universidade Estadual de Campinas, Instituto de Computação / Made available in DSpace on 2018-08-16T20:14:05Z (GMT). No. of bitstreams: 1 Cabral_GlauberModolo_M.pdf: 1025512 bytes, checksum: 7aaf4d32142384e7200596499be77cca (MD5) Previous issue date: 2010 / Resumo: Métodos formais são ferramentas da Engenharia de Software que empregam formalismos matemáticos na construção de programas. Em geral, são compostos por uma ou mais linguagens de especificação e algumas ferramentas auxiliares. A linguagem de especificação algébrica Common Algebraic Specification Language (Casl) foi concebida para ser a linguagem padrão na área de especificação algébrica. A linguagem HasCasl é a extensão da linguagem Casl responsável por suportar lógica de segunda ordem e possui um subconjunto de sua sintaxe que se assemelha à linguagem de programação Haskell e que pode ser executado. O uso prático de uma linguagem de especificação depende da disponibilidade de uma biblioteca padrão de especificações pré-definidas. Embora Casl possua tal biblioteca, esta não disponibiliza propriedades e tipos de dados de segunda ordem. Esta dissertação descreve a especificação de uma biblioteca para a linguagem HasCasl com funções e tipos de dados de segunda ordem, tendo como referência a biblioteca Prelude da linguagem Haskell. Os tipos de dados especificados incluem o tipo booleano, listas, caracteres e cadeias de caracteres, além de classes e funções presentes na biblioteca Prelude. Uma primeira versão da biblioteca faz uso de tipos de dados com avaliação estrita, devido à complexidade de iniciar o processo de especificação com o uso de tipos com avaliação preguiçosa. Um refinamento posterior da biblioteca incluiu o suporte a tipos de dados com avaliação preguiçosa. A verificação de ambas as versões da biblioteca foi realizada com o uso da ferramenta Hets, responsável por traduzir as especificações escritas na linguagem HasCasl para a linguagem HOL e gerar necessidades de prova verificadas com o auxílio do provador de teoremas Isabelle. Para ilustrar o uso dos tipos de dados especificados foram incluídas algumas especificações de exemplo envolvendo listas e tipos booleanos. Algumas sugestões de extensão à biblioteca são propostas, tais como o suporte à recursão e às estruturas infinitas, além do aperfeiçoamento do suporte a provas relacionadas a especificações importadas da biblioteca da linguagem Casl / Abstract: Formal methods can be used as software engineering tools that employ mathematical formalisms for building and verifying programs. They are usually composed of one or more specification languages and some auxiliary tools. The Common Algebraic Specification Language (Casl) is designed to be the standard language in the area of algebraic specification, taking tecnical elements from other specification languages. The HasCasl language is the extention of the Casl language that is responsible for supporting secondorder logic, which has a subset of its syntax resembling the Haskell programming language. The practical use of a specification language depends on the availability of a standard library of pre-defined specifications. CASL has such a library and its specifications can be imported by specifications developed in HasCasl. However, the library of the Casl language does not provide higer order properties and data types. This dissertation describes the specification of a library for the language HasCasl based on the Prelude library from the Haskell programming language. The library created her provides second-order functions and data types. It does so by specifying data types and functions existing in Haskell language, such as boolean, list, character and string types. The first version of our library uses types with strict evaluation. The second version of the library has been refined to support types with lazy evaluation. Verification of both libraries was performed using the Hets tool, which translates specifications to the HOL language, producing proof needs that were discharged with the help of the Isabelle theorem prover. To illustrate the use of our library, some example specifications using lists and boolean types are included. Some suggestions for extension of the library are proposed, dealing with support for infinite structures and numeric data types / Mestrado / Linguagens de Programação / Mestre em Ciência da Computação Engenharia de software Métodos formais (Computação) Software engineering Formal methods (Computer science)
104	Verificação formal de workflows com spin / Formal workflow verification with spin André, Amaury Bosso 16 August 2018 (has links) Orientador: Jacques Wainer / Dissertação (mestrado) - Universidade Estadual de Campinas, Instituto de Computação / Made available in DSpace on 2018-08-16T22:50:12Z (GMT). No. of bitstreams: 1 Andre_AmauryBosso_M.pdf: 698462 bytes, checksum: 3a97278e3328845adbb26c7cb448204b (MD5) Previous issue date: 2010 / Resumo: O gerenciamento de workflows é uma realidade atualmente, mas os sistemas atuais carecem de suporte à verificação de correção em modelos de workflow. Este trabalho visa a realização de verificações em processos, objetivando a detecção de erros sintáticos, como a existência de atividades mal modeladas, ou seja, sem condições de entrada ou de saída. É objetivo deste trabalho também a definição de verificações de ordem estrutural, como detectar se o processo de workflow não possui deadlocks (estado em que o processo trava sem possibilidade de progredir), ou verificar se existem atividades mortas no processo (atividades impossíveis de serem executadas), ou se há terminações incompletas, ou seja, transições pendentes após o processo ter atingido seus objetivos. Além de verificações sintáticas e estruturais, é necessário também a realização de verificações semânticas do modelo, ou seja, é importante que os processos possam ser validados quanto a características que dizem respeito à sua organização lógica, a um nível um pouco mais alto de informação do que simplesmente estrutural. Por exemplo, é diretamente impactante na qualidade do modelo de um processo, definir se este possui conflitos ao acesso de recursos. Dessa forma, um processo estruturalmente correto, pode ficar travado em um deadlock, devido à concorrência quanto ao acesso de um recurso comum entre atividades distintas. Além disso, verificações de restrições de custo, por exemplo, também podem inviabilizar um processo. Todas essas verificações são importantes para decidir se um processo de workflow é correto. A maior contribuição deste trabalho, é então a definição de uma modelagem de processos de workflow que possibilite a verificação de problemas sintáticos, estruturais e semânticos, todos em uma única ferramenta, que se mostra escalável para processos reais, além de possibilitar a verificação de questões ad-hoc, específicas de cada instância, como verificar ordenações entre atividades específicas, etc / Abstract: Workflow management is a reality nowadays, but today's systems give very little support to verify correctness in workflow models. This work aims to perform formal verification, with the goal of detecting syntactic errors, like the existence of activities poorly modeled, in other words, activities with no precondition or effect. It is a goal too, the definition of workflows structural verification, as to detect if the process does not have deadlocks (state in which the process is stuck with no possibility of getting any further), or verifying if there are dead activities in the process (activities impossible to be reached), or if exist incomplete terminations, ie, pending transitions after the process reached its objectives. Besides syntactic and structural verifications, it is necessary too, to perform semantic verifications in the process, in other words, it is important to validate the processes in respect to characteristics of its logical organization, in a higher level of information than simply structural verification. For example, it is directly impacting in the quality of the process model the definition if it has resource access conflicts. In this way, a process that is structurally correct, can be stuck in a deadlock, due to the concurrency in the access of a common resource of distinct activities. Besides that, verifications of costs restrictions, for example, can spoil a process. All these verifications are important to decide if a workflow model is correct. The main contribution of this work is the definition of workflow processes modeling that makes it possible to perform syntactic, structural and semantic verifications, all in a unique tool, that is showed to be scalable for real process, and even possible to verify ad-hoc questions, specific to the model, as checking activities ordering, for example / Mestrado / Inteligência Artificial, Verificação e Validação / Mestre em Ciência da Computação Fluxo de trabalho Métodos formais (Computação) Modelos spin Workflow Formal methods (Computer science) Spin models
105	Run time verifcation of hybrid systems Alouffi, Bader January 2016 (has links) The growing use of computers in modern control systems has led to the develop- ment of complex dynamic systems known as hybrid systems, which integrates both discrete and continuous systems. Given that hybrid systems are systems that operates in real time allowing for changes in continuous state over time periods, and discrete state changes across zero time, their modelling, analysis and verification becomes very difficult. The formal verifications of such systems based on specifications that can guar- antee their behaviour is very important especially as it pertains to safety critical applications. Accordingly, addressing such verifications issues are important and is the focus of this thesis. In this thesis, in order to actualise the specification and verification of hybrid systems, Interval Temporal Logic(ITL) was adopted as the underlying formalism given its inherent characteristics of providing methods that are flexible for both propositional and first-order reasoning regarding periods found in hardware and software system’s descriptions. Given that an interval specifies the behaviour of a system, specifications of such systems are therefore represented as a set of intervals that can be used to gain an understanding of the possible behaviour of the system in terms of its composition whether in sequential or parallel form. ITL is a powerful tool that can handle both forms of composition given that it offers very strong and extensive proof and specification techniques to decipher essential system properties including safety, liveliness and time projections. However, a limitation of ITL is that the intervals within its framework are considered to be a sequence of discrete states. Against this back- drop, the current research provides an extension to ITL with the view to deal with verification and other related issues that centres around hybrid systems. The novelty within this new proposition is new logic termed SPLINE Interval Temporal Logic (SPITL) in which not only a discrete behaviour can be expressed, but also a continuous behaviour can be represented in the form of a spline i.e. the interval is considered to be a sequence of continuous phases instead of a sequence of discrete states. The syntax and semantics of the newly developed SPITL are provided in this thesis and the new extension of the interval temporal logic using a hybrid system as a case study. The overall framework adopted for the overall structure of SPITL is based on three fundamental steps namely the formal specification of hybrid systems is expressed in SPLINE Interval Temporal Logic, followed by the executable subset of ITL, called Tempura, which is used to develop and test a hybrid system specification that is written in SPITL and finally a runtime verification tool for ITL called AnaTempura which is linked with Matlab in order to use them as an integrated tool for the verification of hybrid systems specification. Overall, the current work contributes to the growing body of knowledge in hybrid systems based on the following three major milestones namely: i. the proposition of a new logic termed SPITL; ii. executable subset, Tempura, integrated with SPITL specification for hybrid systems; and iii. the development of a tool termed Ana Tempura which is integrated with Matlab to ensure accurate runtime verification of results. 004.2
106	Regret and Partial Observation in Quantitative Games Perez, Guillermo A. 03 November 2016 (has links) Two-player zero-sum games of infinite duration and their quantitative versions are used in verification to model the interaction between a controller (Eve) and its environment (Adam). The question usually addressed is that of the existence (and computability) of a strategy for Eve that can maximize her payoff against any strategy of Adam: a winning strategy. It is often assumed that Eve always knows the exact state of the game, that is, she has full observation. In this dissertation, we are interested in two variations of quantitative games. First, we study a different kind of strategy for Eve. More specifically, we consider strategies that minimize her regret: the difference between her actual payoff and the payoff she could have achieved if she had known the strategy of Adam in advance. Second, we study the effect of relaxing the full observation assumption on the complexity of computing winning strategies for Eve. Regarding regret-minimizing strategies, we give algorithms to compute the strategies of Eve that ensure minimal regret against three classes of adversaries: (i) unrestricted, (ii) limited to positional strategies, or (iii) limited to word strategies. These results apply for quantitative games defined with the classical payoff functions Inf, Sup, LimInf, LimSup, mean payoff, and discounted sum. For partial-observation games, we continue the study of energy and mean- payoff games started in 2010 by Degorre et al. We complement their decidability result for a particular problem related to energy games (the Fixed Initial Credit Problem) by giving tight complexity bounds for it. Also, we show that mean-payoff games are undecidable for all versions of the mean-payoff function. Motivated by the latter negative result, we define and study several decidable sub-classes of mean-payoff games. Finally we extend the newly introduced window mean-payoff objectives to the partial observation setting. We show that they are conservative approximations of partial-observation mean-payoff games and we classify them according to whether they are decidable. Furthermore, we give a symbolic algorithm to solve them. / Doctorat en Sciences / info:eu-repo/semantics/nonPublished Informatique mathématique Regret Partial observation Quantitative games Game theory Verification Formal methods Reactive synthesis
107	Combinaison de méthodes formelles pour la spécification de systèmes industriels / Coupling of formal methods for industriel systems specification Fayolle, Thomas 27 June 2017 (has links) La spécification d’un système industriel nécessite la collaboration d’un ingénieur connaissant le système à modéliser et d’un ingénieur connaissant le langage de modélisation. L'utilisation d'un langage de spécification graphique, tel que les ASTD (Algebraic State Transition Diagram), permet de faciliter cette collaboration. Dans cette thèse, nous définissons une méthode de spécification graphique et formelle qui combine les ASTD avec les langages Event-B et B. L’ordonnancement des actions de la spécification est décrit par les ASTD et le modèle de données est décrit dans la spécification Event-B. La spécification B permet de vérifier la cohérence du modèle : les événements Event-B doivent pouvoir être exécutés lorsque les transitions associées doivent l’être. Un raffinement combiné des ASTD et d’Event-B permet la spécification incrémental du système. Afin de valider son apport, la méthode de spécification a été utilisée pour la spécification de cas d’études / Specifying industrial systems requires collaboration between an engineer that knows how the system works and an engineer that know the specification language. Graphical specification languages can help this collaboration. In this PhD Thesis a method is defined that combines ASTD (Algebraic State Transition Diagram), a formal graphical notation, with B and Event-B langagues. The ordering of actions is specified using ASTD and the data model is specified using Event-B. B specification is used to verify the consistency of the model : Event-B events have to be executed when the corresponding transitions have to be executed. A combined refinement allows to incrementaly design the system Génie Logiciel Méthodes Formelles Système Ferroviaire Software Engineering Formal Methods Railways Systems
108	EVA, an Evolved Value Analysis for Frama-C : structuring an abstract interpreter through value and state abstractions / Structurer un interpréteur abstrait autour d'abstractions d'états et de valeurs : EVA, une analyse de valeurs évoluée pour Frama-C Bühler, David 15 March 2017 (has links) Cette thèse propose un nouveau cadre pour la composition de domaines abstraits. L'idée principale en est l'organisation d'une sémantique abstraite suivant la distinction usuelle entre expressions et instructions, en cours dans la plupart des langages impératifs. La définition d'une sémantique abstraite peut alors se diviser entre abstractions de valeurs et abstractions d'états (ou domaine abstrait). Les abstractions de valeurs représentent les valeurs possibles d'une expression en un point donné, et assurent l'interprétation de la sémantique des expressions. Les abstractions d'états représentent les états machines qui peuvent se produire lors de l'exécution d'un programme, et permettent d'interpréter la sémantique des instructions. De ce choix de conception découle naturellement un élégant système de communication entre abstractions. Lors de l'interprétation d'une instruction, les abstractions d'états peuvent échanger des informations au moyen d'abstractions de valeurs, qui expriment des propriétés à propos des expressions. Les valeurs forment donc une interface de communication entre états abstraits, mais sont également des éléments canoniques de l'interprétation abstraite. Ils peuvent donc eux-même être combinés par les moyens existants de composition d'abstractions, permettant encore davantage d'interactions entre les composants des sémantiques abstraites. Cette thèse explore les possibilités offertes par cette nouvelle architecture des sémantiques abstraites. Nous décrivons en particulier des stratégies efficaces pour le calcul d'abstractions de valeurs précises à partir des propriétés inférées par les domaines, et nous illustrons les différentes possibilités d'interactions que ce système offre. L'architecture que nous proposons inclue également une collaboration directe des abstractions pour l'émission des alarmes qui signalent les erreurs possibles du programme analysé. Nous proposons également un mécanisme permettant d'interagir avec les composants d'une combinaison générique de types OCaml. Nous utilisons des GADT pour encoder la structure interne d'une combinaison, et construisons automatiquement les fonctions d'injection et de projection entre le produit et ses composants. Cette fonctionnalité permet d'établir une communication directe entre les différentes abstractions d'un interpréteur abstrait. Enfin, une dernière contribution de cette thèse est l'extension automatique de domaines abstraits à l'aide de prédicats logiques qui évitent les pertes d'information aux points de jonction. De fait, lorsque plusieurs chemins d'exécution se rejoignent, un domaine abstrait doit représenter les comportements possibles de chacun des chemins, ce qui engendre souvent des pertes de précision. Pour remédier à cette limitation, nous proposons de propager un ensemble d'états abstraits, munis chacun d'un prédicat qui indique sous quelle condition l'état est valable. Contrairement à d'autres approches, notre analyse ne maintient pas une stricte partition des états abstraits, car les prédicats utilisés ne sont pas mutuellement exclusifs. Cette particularité rend possible des optimisations cruciales pour le passage à l'échelle de cette technique, confirmée par nos résultats expérimentaux sur un programme industriel généré. L'ensemble du système de composition des abstractions proposé dans cette thèse a été mis en œuvre dans EVA, la nouvelle version de l'interpréteur abstrait de Frama-C. EVA a été spécifiquement conçu pour faciliter l'introduction de nouvelles abstractions et permettre des interactions riches entre ces abstractions. Grâce à son architecture modulaire et extensible, cinq nouveaux domaines abstraits ont pu être introduit dans l'analyseur en moins d'un an, améliorant ainsi tant ses capacités que sa précision. / This thesis proposes a new framework for the combination of multiple domains in the abstract interpretation theory. Its core concept is the structuring of the abstract semantics by following the usual distinction between expressions and statements. This can be achieved by a convenient architecture where abstractions are separated in two layers: value abstractions, in charge of the expression semantics, and state abstractions —or abstract domains—, in charge of the statement semantics. This design leads naturally to an elegant communication system where the abstract domains, when interpreting a statement, interact and exchange information through value abstractions, that express properties about expressions. While the values form the communication interface between domains, they are also standard elements of the abstract interpretation framework. The communication system is thus embedded in the abstract semantics, and the usual tools of abstract interpretation apply naturally to value abstractions. For instance, different kinds of value abstractions can be composed through the existing methods of combination of abstractions, enabling even further interaction between the components of the abstract semantics. This thesis explores the possibilities offered by this framework. We discuss efficient strategies to compute precise value abstractions from the information inferred by abstract domains, and illustrate the means of communication between different state abstractions. Our architecture also features a direct collaboration for the emission of alarms that report the possible errors of a program. We also proposes a mechanism to enable interacting with the components of a modular combination of OCaml types. We use GADT to encode the inner shape of a combination, and automatically build injection and projection functions between a product of datatypes and its components. This allows direct communications between the abstractions of an abstract interpreter. Finally, a last contribution of this thesis is the automatic extension of abstract domains to track sets of disjunctive abstract states, each one being qualified with a predicate for which the state holds. This enhances the precision of an abstract semantics at join points, when several possible paths of a program execution meet. At these points, predicates preserve the information usually lost by the merge of abstract states. Unlike other approaches, the analysis does not maintain a strict partition of the abstract states, as the predicates we use are not mutually exclusive. This design enables some optimizations that are crucial for scalability, as confirmed by our experimental results on an industrial, generated program. The general system of abstractions combination has been implemented within EVA, the new version of the abstract interpreter provided by the Frama-C platform. Thus, Eva enjoys a modular and extensible architecture designed to facilitate the introduction of new abstractions and to enable rich interactions between them. Thanks to this work, five new domains from the literature have been implemented in less than a year, enhancing the scope and the precision of the analyzer. Méthodes formelles (Informatique) Analyse statique Interprétation abstraite Formal methods (Computer science) Static analysis Abstract interpretation
109	Hardware languages and proof Richards, Dominic Anthony January 2011 (has links) Formal methods play a significant and increasing role in hardware verification, but their effectiveness can be impaired by the ac hoc nature of mainstream hardware languages such as VHDL, Verilog and SystemC, which have convoluted semantics that often necessitate contrived proof techniques. This dissertation investigates the application of formal reasoning to hardware architectures expressed in an alternative class of semantically elegant languages, which support efficient design, whilst also having been developed with proof techniques in mind. A network-on-chip architecture belonging to the SpiNNaker many-core processor is specified in Concurrent Haskell, and a hand proof is presented which verifies a novel routing mechanism by mathematical induction. A subset of Bluespec SystemVerilog (BSV) is embedded in the higher order logic of the PVS theorem prover. Owing to the clean semantics of BSV, application of monadic techniques leads to a surprisingly elegant embedding, in which hardware designs are translated into logic almost verbatim, preserving types and language constructs. Proof strategies are written in the PVS strategy language; these automatically verify temporal logic theorems concerning the resulting monadic expressions, by employing a combination of model checking and deductive reasoning. The subset of BSV which is embedded includes module definition and instantiation, methods, implicit conditions, scheduling attributes, and rule composition using methods from instantiated modules. The aforementioned subset of BSV is also embedded in the specification language of the SAL model checker, and a verification strategy is presented which combines the specialised model checking capabilities of SAL with the diverse proof strategies of PVS. 621.39
110	Computational model validation using a novel multiscale multidimensional spatio-temporal meta model checking approach Ovidiu, Parvu January 2016 (has links) Computational models of complex biological systems can provide a better understanding of how living systems function but need to be validated before they are employed for real-life (e.g. clinical) applications. One of the most frequently employed in silico approaches for validating such models is model checking. Traditional model checking approaches are limited to uniscale non-spatial computational models because they do not explicitly distinguish between different scales, and do not take properties of (emergent) spatial structures (e.g. density of multicellular population) into account. This thesis defines a novel multiscale multidimensional spatio-temporal meta model checking methodology which enables validating multiscale (spatial) computational models of biological systems relative to how both numeric (e.g. concentrations) and spatial system properties are expected to change over time and across multiple scales. The methodology has two important advantages. First it supports computational models encoded using various high-level modelling formalisms because it is defined relative to time series data and not the models used to produce them. Secondly the methodology is generic because it can be automatically reconfigured according to case study specific types of spatial structures and properties using the meta model checking approach. In addition the methodology could be employed for multiple domains of science, but we illustrate its applicability here only against biological case studies. To automate the computational model validation process, the approach was implemented in software tools, which are made freely available online. Their efficacy is illustrated against two uniscale and four multiscale quantitative computational models encoding phase variation in bacterial colonies and the chemotactic aggregation of cells, respectively the rat cardiovascular system dynamics, the uterine contractions of labour, the Xenopus laevis cell cycle and the acute inflammation of the gut and lung. This novel model checking approach will enable the efficient construction of reliable multiscale computational models of complex systems. 570.285

Search results