Alloy4PV : un Framework pour la Vérification de Procédés Métiers / Alloy4PV : a Framework for Business Process Verification

Laurent, Yoann

15 January 2015

Dans cette thèse, nous avons tout d'abord fait une étude de l'état de l'art dans les différents domaines des procédés (métier, logiciel, militaire, médical, etc) afin d'identifier et de catégoriser les principales propriétés à garantir. À partir de cette étude, nous avons défini une bibliothèque de propriétés générique et paramétrable pour tout modèle de procédé. Ensuite, nous avons défini un framework pour la vérification de procédés appelé Alloy4PV. Il utilise un sous-ensemble des diagrammes d'activités UML 2 comme langage de modélisation. Afin d'effectuer la vérification de procédés, nous avons (1) défini un modèle formel des diagrammes d'activités basé sur la sémantique fUML (le standard de l'OMG donnant une sémantique à un sous-ensemble de UML) en utilisant la logique de premier ordre, (2) implémenté cette formalisation en utilisant le langage Alloy afin d'effectuer du model-checking borné, et (3) automatisé, dans un outil graphique intégré à Eclipse, la possibilité d'exprimer et de vérifier des propriétés sur toutes les perspectives du procédé. / In this thesis, we realized a study of the start-of-the-art on different process domains (business, software, military, medical, etc.). The aim was to identify and categorize critical properties that can be verified on any process model. This study resulted in a library of generic and configurable properties. As a second step, we have defined a framework for process verification called Alloy4PV. This framework uses a subset of UML 2 Activity Diagram as a process modeling language. For process verification, (1) we defined a formal model of UML 2 Activity Diagram based on the fUML semantics, the OMG standard that gives a semantic to a subset of UML 2. This was achieved using first-order logic, (2) we implemented this formalization using the Alloy language in order to perform bounded model-checking, and (3) we automatized in a graphical tool integrated to Eclipse, the possibility to express and verify properties on all the perspectives of a process model. This contribution resulted in a tool which is under evaluation by our MerGE project’s partners and to five publications in conferences proceedings.

Procédés

Métiers

Vérification

Model-Checking

Alloy

Logique de premier-Ordre

First-order logic

Business

004

Vérification et synthèse d'algorithmes de robots. / Verification and synthesis of robot protocols

Millet, Laure

01 December 2015

L’adaptation et l’application des méthodes formelles de vérification et de développement à des systèmes et algorithmes distribués est un domaine de recherche très actif. Un des défis principaux réside dans la variété des modèles calculatoires qui existent en algorithmique répartie : des encodages naïfs conduisent à des espaces d’états dont la taille dépasse les capacités des outils les plus puissants de vérification. D’autre part, la complexité intrinsèque de ces algorithmes fait que leur correction n’est pas évidente même pour leurs concepteurs. Dans cette thèse on s’intéresse à l’analyse formelle de protocoles de robots mobiles, un modèle de calcul particulièrement original car les agents ne disposent ni de mémoire (locale ou partagée) ni de la capacité de communiquer par échange de messages. Un cadre général permettant d'exprimer les modèles robotiques est présenté dans cette thèse. Ce modèle a permit d'utiliser à la fois la vérification par model checking d’algorithmes proposés dans la littérature et la synthèse formelle d’algorithmes (optimaux) pour un problème donné, quelque soit le niveau d'asynchronisme du modèle robotique étudié. / The topic of autonomous mobile robots continues to generate a lot of interest in the algorithmic community, both from a purely theoretical perspective and from a more applicative one. The model is now well understood, and the problems under investigation are becoming more and more complex. Correctness proofs are usually very intricate and elaborate, often leaving margin of doubts. This thesis focuses on a new approach to formally study correctness in robots systems and to automatically generate algorithmic solutions. In fact, we propose a general framework to express robot models, and where automated technics like model checking and algorithm synthesis can be used, moreover we show their applicability in robots models under all possible synchronicity levels (from fully synchronous to fully asynchronous).

Verification

Model-Checking

Synthèse d'algorithmes

Robots mobiles

Algorithme distribué

Méthodes formelles

Algorithm synthesis

Distributed computing

004

Techniques de model-checking pour l’inférence de paramètres et l’analyse de réseaux biologiques / Model checking techniques for parameter inference and analysis of biological networks

Gallet, Emmanuelle

08 December 2016

Dans ce mémoire, nous présentons l’utilisation de techniques de model-checking pour l’inférence de paramètres de réseaux de régulation génétique (GRN) et l’analyse formelle d’une voie de signalisation. Le coeur du mémoire est décrit dans la première partie, dans laquelle nous proposons une approche pour inférer les paramètres biologiques régissant les dynamiques de modèles discrets de GRN. Les GRN sont encodés sous la forme d’un méta-modèle, appelé GRN paramétré, de telle façon qu’une instance de paramètres définit un modèle discret du GRN initial. Sous réserve que les propriétés biologiques d’intérêt s’expriment sous la forme de formules LTL, les techniques de model-checking LTL sont combinées à celles d’exécution symbolique et de résolution de contraintes afin de sélectionner les modèles satisfaisant ces propriétés. L’enjeu est de contourner l’explosion combinatoire en terme de taille et de nombre de modèles discrets. Nous avons implémenté notre méthode en Java, dans un outil appelé SPuTNIk. La seconde partie décrit une collaboration avec des neuropédiatres, qui ont pour objectif de comprendre l’apparition du phénotype protecteur ou toxique des microglies (un type de macrophage du cerveau) chez les prématurés. Cette partie exploite un autre versant du model-checking, celui du modelchecking statistique, afin d’étudier un type de réseau biologique particulier : la voie de signalisation Wnt/β-caténine, qui permet la transmission d’un signal de l’extérieur à l’intérieur des cellules via une cascade de réactions biochimiques. Nous présentons ici l’apport du model-checker stochastique COSMOS, utilisant la logique stochastique à automate hybride (HASL), un formalisme très expressif nous permettant une analyse formelle sophistiquée des dynamiques de la voie Wnt/β-caténine, modélisée sous la forme d’un processus stochastique à événements discrets. / In this thesis, we present the use of model checking techniques for inference of parameters of Gene Regulatory Networks (GRNs) and formal analysis of a signalling pathway. In the first and main part, we provide an approach to infer biological parameters governing the dynamics of discrete models of GRNs. GRNs are encoded in the form of a meta-model, called Parametric GRN, such that a parameter instance defines a discrete model of the original GRN. Provided that targeted biological properties are expressed in the form of LTL formulas, LTL model-checking techniques are combined with symbolic execution and constraint solving techniques to select discrete models satisfying these properties. The challenge is to prevent combinatorial explosion in terms of size and number of discrete models. Our method is implemented in Java, in a tool called SPuTNIk. The second part describes a work performed in collaboration with child neurologists, who aim to understand the occurrence of toxic or protective phenotype of microglia (a type of macrophage in the brain) in the case of preemies. We use an other type of model-checking, the statistical model-checking, to study a particular type of biological network: the Wnt/β- catenin pathway that transmits an external signal into the cells via a cascade of biochemical reactions. Here we present the benefit of the stochastic model checker COSMOS, using the Hybrid Automata Stochastic Logic (HASL), that is an very expressive formalism allowing a sophisticated formal analysis of the dynamics of the Wnt/β-catenin pathway, modelled as a discrete event stochastic process.

Analyse formelle de réseaux biologiques

Réseau de régulation génétique

Modèle discret de Thomas

Inférence de paramètres

Model-checking LTL

Voie Wnt/bêta-caténine

Modélisation stochastique

Model-checking HASL

Formal analysis of biological networks

Genetic regulatory network

Thomas discrete modelling

Parameters inference

LTL model checking

Wnt/β-catenin pathway

Stochastic modelling

HASL model checking

Semantics of Strategy Logic / Les choix semantiques dans la Strategy logic

Gardy, Patrick

12 June 2017

De nombreux bugs informatiques ont mis en lumière le besoin de certifier les programmes informatiques et la vérification de programmes a connu un développement important au cours des quarante dernières années. Parmi les méthodes possibles, on trouve le model-checking, développé par Clarke et Emerson dans les années 80. Le model-checking consiste à trouver un modèle abstrait pour le système et un formalisme logique pour le comportement puis à vérifier si le modèle vérifie la propriété exprimée dans la logique. La difficulté consiste alors à développer des algorithmes efficaces pour les différents formalismes. Nous nous intéresserons en particulier au formalisme logique de strategy Logic SL, utilisée sur les systèmes multiagents. SL est particulièrement expressif de par son traitement des stratégies (comportements possibles pour les agents du système) comme des objets du premier ordre. Dans sa définition, divers choix sémantiques sont faits et, bien que ces choix se justifient, d'autres possibilités n'en sont pas plus absurdes: tel ou tel choix donne telle ou telle logique et chacune permet d'exprimer des propriétés différentes. Dans cette thèse, nous étudions les différentes implications des différents choix sémantiques. Nous commencerons par introduire SL et préciserons l'étendue des connaissances actuelles. Nous nous intéresserons ensuite aux possibilités non explorées par la sémantique originale. Nous étudierons aussi la logique sur des systèmes quantitatifs (ajout de contraintes d'énergie et de contraintes de compteurs). Finalement, nous examinerons la question des dépendances dans SL[BG] (un fragment de SL). / With the proliferation of computerised devices, software verification is more prevalent than ever. Since the 80's, multiple costly software failures have forced both private and public actors to invest in software verification. Among the main procedures we find the model-checking, developed by Clarke and Emerson in the 80's. It consists in abstracting both the system into a formal model and the property of expected behaviour in some logical formalism, then checking if the property's abstraction holds on the system's abstraction. The difficulty lies in finding appropriate models and efficient algorithms. In this thesis, we focus on one particular logical formalism: the Strategy Logic SL, used to express multi-objectives properties of multi-agents systems. Strategy Logic is a powerful and expressive formalism that treats strategies (i.e. potential behaviours of the agents) like first-order objects. It can be seen as an analogue to first-order logic for multi-agents systems. Many semantic choices were made in its definition without much discussion. Our main contributions are relative to the possibilities left behind by the original definition. We first introduce SL and present some complexity results (including some of our owns). We then outline some other semantic choices within SL's definition and study their influence. Third, we study the logic's behaviour under quantitative multi-agents systems (games with energy and counter constraints). Finally, we address the problem of dependencies within SL[BG], a fragment of SL.

Vérification formelle

Theorie des jeux

Méthodes formelles

Model checking

Game theory

Formal methods

A Method and Tool for Finding Concurrency Bugs Involving Multiple Variables with Application to Modern Distributed Systems

Sun, Zhuo

05 November 2018

Concurrency bugs are extremely hard to detect due to huge interleaving space. They are happening in the real world more often because of the prevalence of multi-threaded programs taking advantage of multi-core hardware, and microservice based distributed systems moving more and more applications to the cloud. As the most common non-deadlock concurrency bugs, atomicity violations are studied in many recent works, however, those methods are applicable only to single-variable atomicity violation, and don't consider the specific challenge in distributed systems that have both pessimistic and optimistic concurrency control. This dissertation presents a tool using model checking to predict atomicity violation concurrency bugs involving two shared variables or shared resources. We developed a unique method inferring correlation between shared variables in multi-threaded programs and shared resources in microservice based distributed systems, that is based on dynamic analysis and is able to detect the correlation that would be missed by static analysis. For multi-threaded programs, we use a binary instrumentation tool to capture runtime information about shared variables and synchronization events, and for microservice based distributed systems, we use a web proxy to capture HTTP based traffic about API calls and the shared resources they access including distributed locks. Based on the detected correlation and runtime trace, the tool is powerful and can explore a vast interleaving space of a multi-threaded program or a microservice based distributed system given a small set of captured test runs. It is applicable to large real-world systems and can predict atomicity violations missed by other related works for multi-threaded programs and a couple of previous unknown atomicity violation in real world open source microservice based systems. A limitation is that redundant model checking may be performed if two recorded interleaved traces yield the same partial order model.

atomicity violation

model checking

multi-threaded programs

distributed systems

multiple variable correlations

Software Engineering

Systems Architecture

Synthesis of Specifications and Refinement Maps for Real-Time Object Code Verification

Al-Qtiemat, Eman Mohammad

January 2020

Formal verification methods have been shown to be very effective in finding corner-case bugs and ensuring the safety of embedded software systems. The use of formal verification requires a specification, which is typically a high-level mathematical model that defines the correct behavior of the system to be verified. However, embedded software requirements are typically described in natural language. Transforming these requirements into formal specifications is currently a big gap. While there is some work in this area, we proposed solutions to address this gap in the context of refinement-based verification, a class of formal methods that have shown to be effective for embedded object code verification. The proposed approach also addresses both functional and timing requirements and has been demonstrated in the context of safety requirements for software control of infusion pumps. The next step in the verification process is to develop the refinement map, which is a mapping function that can relate an implementation state (in this context, the state of the object code program to be verified) with the specification state. Actually, constructing refinement maps often requires deep understanding and intuitions about the specification and implementation, it is shown very difficult to construct refinement maps manually. To go over this obstacle, the construction of refinement maps should be automated. As a first step toward the automation process, we manually developed refinement maps for various safety properties concerning the software control operation of infusion pumps. In addition, we identified possible generic templates for the construction of refinement maps. Recently, synthesizing procedures of refinement maps for functional and timing specifications are proposed. The proposed work develops a process that significantly increases the automation in the generation of these refinement maps. The refinement maps can then be used for refinement-based verification. This automation procedure has been successfully applied on the transformed safety requirements in the first part of our work. This approach is based on the identified generic refinement map templates which can be increased in the future as the application required.

critical systems

formal specifications

formal verification

model checking

refinement maps

refinement-based verification

Dynamic Dead Variable Analysis

Lewis, Micah S.

18 August 2005

Dynamic dead variable analysis (DDVA) extends traditional static dead variable analysis (SDVA) in the context of model checking through the use of run-time information. The analysis is run multiple times during the course of model checking to create a more precise set of dead variables. The DDVA is evaluated based on the amount of memory used to complete model checking relative to SDVA while considering the extra overhead required to implement DDVA. On several models with a complex control flow graph, DDVA reduces the amount of memory needed by 38-88MB compared to SDVA with a cost of 36 bytes of memory verhead. On several models with loops, DDVA achieved no additional reduction compared to SDVA while requiring no more memory than SDVA.

static analysis

model checking

abstraction

live variable analysis

dead variable analysis

verification

Computer Sciences

Efficient Logic Encryption Techniques for Sequential Circuits

Kasarabada, Yasaswy V.

15 July 2021

No description available.

Computer Engineering

Logic Encryption

Sequential Circuits

SAT Attack

Circuit Simulation

Model Checking

Dynamic Keys

Assumption-Based Runtime Verification of Finite- and Infinite-State Systems

Tian, Chun

23 November 2022

Runtime Verification (RV) is usually considered as a lightweight automatic verification technique for the dynamic analysis of systems, where a monitor observes executions produced by a system and analyzes its executions against a formal specification. If the monitor were synthesized, in addition to the monitoring specification, also from extra assumptions on the system behavior (typically described by a model as transition systems), then it may output more precise verdicts or even be predictive, meanwhile it may no longer be lightweight, since monitoring under assumptions has the same computation complexity with model checking. When suitable assumptions come into play, the monitor may also support partial observability, where non-observable variables in the specification can be inferred from observables, either present or historical ones. Furthermore, the monitors are resettable, i.e. being able to evaluate the specification at non-initial time of the executions while keeping memories of the input history. This helps in breaking the monotonicity of monitors, which, after reaching conclusive verdicts, can still change its future outputs by resetting its reference time. The combination of the above three characteristics (assumptions, partial observability and resets) in the monitor synthesis is called the Assumption-Based Runtime Verification, or ABRV. In this thesis, we give the formalism of the ABRV approach and a group of monitoring algorithms based on specifications expressed in Linear Temporal Logic with both future and past operators, involving Boolean and possibly other types of variables. When all involved variables have finite domain, the monitors can be synthesized as finite-state machines implemented by Binary Decision Diagrams. With infinite-domain variables, the infinite-state monitors are based on satisfiability modulo theories, first-order quantifier elimination and various model checking techniques. In particular, Bounded Model Checking is modified to do its work incrementally for efficiently obtaining inconclusive verdicts, before IC3-based model checkers get involved. All the monitoring algorithms in this thesis are implemented in a tool called NuRV. NuRV support online and offline monitoring, and can also generate standalone monitor code in various programming languages. In particular, monitors can be synthesized as SMV models, whose behavior correctness and some other properties can be further verified by model checking.

Towards an Integrated Approach to Verification and Model-Based Testing in System Engineering

Lefticaru, Raluca, Konur, Savas, Yildirim, Unal, Uddin, Amad, Campean, Felician, Gheorghe, Marian

22 April 2017

yes / Engineering design in general and system design of embedded software have a direct impact on the final engineering product and the software implementation, respectively. Guaranteeing that the models utilised meet the specified requirements is beneficial in detecting misbehaviour and software flaws. This requires an integrated approach, combining verification and model-based testing methodology and notations and methods from system engineering and software engineering. In this paper, we propose a model-based approach integrating various notations utilised in the functional design of complex systems with formal verification and testing. We illustrate our approach on the cruise control system of an e-Bike case study.