Desenvolvimento de um mecanismo plug-and-play para o arranjo inteligente de sensores em sistemas aéreos não tripulados / Developing a plug and play mechanism for smart sensors array and unmanned aerial systems

Rayner de Melo Pires

06 February 2014

O uso de aeronaves não tripuladas (VANTs) tem crescido substancialmente nos últimos anos, tanto no campo militar quanto no civil. Roadmaps preveem que em um futuro próximo essas aeronaves compartilhem o espaço aéreo com aeronaves convencionais, exigindo novas arquiteturas de sistemas embarcados que possam garantir uma operação coordenada e segura desses robôs. A maior parte das suas missões baseia-se fortemente em um conjunto de sensores transportados pela aeronave como parte da payload da missão. Contudo, não é trivial a integração de diferentes missões em diferentes aeronaves, visto que ainda não há uma padronização para a comunicação nesses robôs. Para possibilitar essa associação foi proposto neste trabalho a criação de um middleware. Para que se pudesse entender sobre a área de conhecimento dos VANTs realizou-se uma pesquisa sobre esses veículos e suas aplicações e então um protocolo chamado Smart Sensor Protocol (SSP) foi modelado, utilizando-se de técnicas formais para isso. O comportamento do protocolo está modelado com diagrama de estados, seguindo uma gramática escrita utilizando a forma BNF. Este modelo foi verificado com a ferramenta UPPAAL e sua implementação testada em placas Arduino. Os resultados dos testes mostraram que o modelo é viável para o ambiente de embarcados críticos visto que ele provê as funcionalidades necessárias neste cenário sem acrescentar um overhead na comunicação / UNMANNED Aerial Vehicles applications have grown substantially in recent years, both in military and civil fields. Roadmaps predict that in the near future these aircrafts will share the airspace with the conventional planes, requiring new architectures for embedded systems which may ensure a coordinated and safe operation. Most of its tasks are mainly based on a set of sensors carried by the aircraft as part of its payload. However, it is not trivial to integrate different missions in different aircraft plataforms, since there is no standardization for communication in such robots yet. To enable this type of association it was proposed in this masters project the designing of a middleware. It has been carried out a bibliographic review to find out the state-of-the-art in such field, including the specific applications in UAVs, and then a protocol has been modeled following formal techniques. This protocol is called Smart Sensor Protocol (SSP). The SSPs behavior was modeled through state diagrams according to a grammar described using BNF form. This model was verified with the UPPAAL tool and its implementation was run and tested on Arduino boards. The test results pointed out that the model is feasible for critical embedded environments since it provides the necessary functionality in this scenario without addition of an overhead in its communication

Desenvolvimento de protocolos

Interoperabilidade

Vant

Verificação de modelos

Interoperability

Model checking

Protocol design

Uav

Verificação de sistemas de software baseada em transformações de código usando Bounded Model Checking

Rocha, Herbert Oliveira

03 July 2015

Submitted by Lúcia Brandão (lucia.elaine@live.com) on 2015-12-11T18:49:43Z No. of bitstreams: 1 Tese - Herbert Oliveira Rocha.pdf: 2090300 bytes, checksum: 94ec40933733aec0a76afd0916b0f8cb (MD5) / Approved for entry into archive by Divisão de Documentação/BC Biblioteca Central (ddbc@ufam.edu.br) on 2016-01-19T14:41:05Z (GMT) No. of bitstreams: 1 Tese - Herbert Oliveira Rocha.pdf: 2090300 bytes, checksum: 94ec40933733aec0a76afd0916b0f8cb (MD5) / Approved for entry into archive by Divisão de Documentação/BC Biblioteca Central (ddbc@ufam.edu.br) on 2016-01-19T14:54:32Z (GMT) No. of bitstreams: 1 Tese - Herbert Oliveira Rocha.pdf: 2090300 bytes, checksum: 94ec40933733aec0a76afd0916b0f8cb (MD5) / Made available in DSpace on 2016-01-19T14:54:32Z (GMT). No. of bitstreams: 1 Tese - Herbert Oliveira Rocha.pdf: 2090300 bytes, checksum: 94ec40933733aec0a76afd0916b0f8cb (MD5) Previous issue date: 2015-07-03 / CAPES - Coordenação de Aperfeiçoamento de Pessoal de Nível Superior / Oneofthemainchallenges insoftwaredevelopment istoensurethesafetyofthesoftwaresystems, especially in critical embedded systems, such as aircraft or healthcare, where several constraints (e.g., response time and data accuracy) must be met and measured in accordance with the user requirements, otherwise a failure can lead to catastrophic situations. Thus, software verification and testing techniques are essential items for the software development with quality, where such techniques aim to confirm the user requirements, as well as, the predetermined behaviors for the software. In the software verification context, aiming the product quality, the formal verification technique called model checking has been used to find subtle errors in actual projects of the software systems. However, the use of the model checking technique presents some challenges such as dealing with the model’s state explosion problem, integration with software testing environments more familiar to designers, and handling counter-examples to reproduce the identified errors. In order to deal with these problems, a possible solution is to explore the characteristics already provided by the model checkers, e.g., verification of the safety properties and generation of counter-examples. Exploring this set of characteristics, coupled with the use of program invariants inference and a special kind of model checking, called Bounded Model Checking (BMC), this thesis presents a set of methods to complement and enhance the scalability and accuracy of the verification performed by Bounded Model Checkers. These methods adopted code transformation techniques to explore the characteristics of Bounded Model Checkers to analyze the safety properties and demonstrate errors in programs written inthe C programming language. The methods presented in this thesis are: (1) The automatic generation and verification of the test cases based on safety properties generated by a Bounded Model Checker for unit tests; (2) Automating thecollection andmanipulation of thedatafrom thecounter-examples, todemonstrate the main cause of the identified error; and (3) Adopting program invariants dynamically/statically inferred from the analyzed program, to restrict the exploration of the states sets while performing the verification by the BMC. This way, helping to improve the verification performed by a BMC, related to assist in the verification and accuracy of results, by adoption of the program invariants. The proposed approaches when used separately, provide additional options to the verification, and interconnected, improving the code verification. Theexperimental results of theproposed methods show to be efficient over public available benchmarks of C programs, finding errors not previously found byother methods that are state-of-the-art. / Um dos principais desafios no desenvolvimento de software é garantir a funcionalidade dos sistemas de software, especialmente em sistemas embarcados críticos, tais como aeronáutico ou hospitalar, onde diversas restrições (por exemplo, tempo de resposta e precisão dos dados) devem ser atendidas e mensuradas de acordo com os requisitos do usuário, caso contrário uma falha pode conduzir a situações catastróficas. Logo, técnicas de verificação e teste de software são itens indispensáveis para um desenvolvimento com qualidade, onde tais técnicas visam confirmar os requisitos do usuário, bem como os comportamentos pré-estabelecidos para osoftware. No contexto de verificação de software, visando à qualidade geral do produto, a técnica de verificação formal model checking tem sido utilizada para descobrir erros sutis em projetos de sistemas de software atuais. Contudo, a utilização da técnica model checking apresenta alguns desafios, tais como, lidar com a explosão do espaço de estados do modelo, integração com outros ambientes de testes mais familiares aos projetistas e tratamento e análise de contra-exemplos para reprodução de erros. De modo a lidar com estes problemas, uma possível solução é explorar as características já providas pelos model checkers, por exemplo, a verificação de propriedades de segurança e geração de contra-exemplos. Explorando este conjunto de características, juntamente com autilização dainferência deinvariantes eumtipo especial demodelchecking, denominado de BoundedModelChecking (BMC),esta tese apresenta um conjunto de métodos para complementar e aprimorar a escalabilidade e acurácia da verificação efetuada por Bounded Model Checkers. Estes métodos utilizam técnicas de transformações de código para explorar as características de Bounded Model Checkers, a fim de analisar propriedades de segurança e demonstrar erros em códigos escritos na linguagem de programação C. Os métodos apresentados nesta tese são: (1) A geração e verificação automática de casos de teste baseado em propriedades de segurança geradas por um Bounded Model Checker para testes de unidade; (2) Automatizar acoleta emanipulação das informações dos contra-exemplos, de modo a demonstrar a causa principal do erro identificado; e (3) Utilização de invariantes dinamicamente/estaticamente inferidas, a partir do programa analisado, para restringir a exploração dos conjuntos de estados durante a execução da verificação pelo BMC. Desta forma, ajudando no aprimoramento da verificação efetuada por um BMC, no que concerne em auxiliar a sua verificação e na precisão dos resultados, pela utilização de invariantes de programas. As abordagens propostas, quando utilizadas isoladamente, fornecem alternativas complementares a verificação e, interligadas, aprimoram a verificação de código. Os resultados experimentais dos métodos propostos demonstram ser eficientes sobre benchmarks públicos de programas em C, encontrando defeitos não anteriormente encontrados por outros métodos que são estado-da-arte.

Teste de Software

Model Checking

Invariantes de Programas

Transformações de código

A CLP(FD)-based model checker for CTL

Eriksson, Marcus

January 2005

Model checking is a formal verification method where one tries to prove or disprove properties of a formal system. Typical systems one might want to prove properties within are network protocols and digital circuits. Typical properties to check for are safety (nothing bad ever happens) and liveness (something good eventually happens). This thesis describes an implementation of a sound and complete model checker for Computation Tree Logic (CTL) using Constraint Logic Programming over Finite Domains (CLP(FD)). The implementation described uses tabled resolution to remember earlier computations, is parameterised by choices of computation strategies and can with slight modification support different constraint domains. Soundness under negation is maintained through a restricted form of constructive negation. The computation process amounts to a fixpoint search, where a fixpoint is reached when no more extension operations has any effect. As results show, the choice of strategies does influence the efficiency of the computation. Soundness and completeness are of course independent of the choice of strategies. Strategies include how to choose the extension operation for the next step and whether to perform global or local rule instantiations, resulting in bottom-up or top-down computations respectively.

Datalogi

fixpoint engine

model checking

tabled resolution

Constraint Logic Programming

strategies

Datalogi

Computer Sciences

Datavetenskap (datalogi)

Parameterized verification of networks of many identical processesVérification paramétrée de réseaux composés d'une multitude de processus identiques / Vérification paramétrée de réseaux composés d'une multitude de processus identiques

Fournier, Paulin

17 December 2015

Ce travail s'inscrit dans le cadre de la vérification formelle de programmes. La vérification de modèle permet de s'assurer qu'une propriété est vérifiée par le modèle du système. Cette thèse étudie la vérification paramétrée de réseaux composés d'un nombre non borné de processus identiques où le nombre de processus est considéré comme un paramètre. Concernant les réseaux de protocoles probabilistes temporisés nous montrons que les problèmes de l'accessibilité et de synchronisation sont indécidables pour des topologies de communication en cliques. Cependant, en considérant des pertes et créations probabiliste de processus ces problèmes deviennent décidables. Pour ce qui est des réseaux dans lequel les messages n'atteignent qu'une sous partie des composants choisie de manière non-déterministe, nous prouvons que le problème de l'accessibilité paramétrée est décidable grâce à une réduction à un nouveau modèle de jeux à deux joueurs distribué pour lequel nous montrons que l'on peut décider de l'existence d'une stratégie gagnante en coNP. Finalement, nous considérons des stratégies locales qui permettent d'assurer que les processus effectuent leurs choix non-déterministes uniquement par rapport a leur connaissance locale du système. Sous cette hypothèse de stratégies locales, nous prouvons que les problèmes de l'accessibilité et de synchronisation paramétrées sont NP-complet. / This thesis deals with formal verification of distributed systems. Model checking is a technique for verifying that the model of a system under study fulfills a given property. This PhD investigates the parameterized verification of networks composed of many identical processes for which the number of processes is the parameter. Considering networks of probabilistic timed protocols, we show that the parameterized reachability and synchronization problems are undecidable when the communication topology is a clique. However, assuming probabilistic creation and deletion of processes, the problems become decidable. Regarding selective networks, where the messages only reach a subset of the components, we show decidability of the parameterized reachability problem thanks to reduction to a new model of distributed two-player games for which we prove decidability in coNP of the game problem. Finally, we consider local strategies that enforce all processes to resolve the non-determinism only according to their own local knowledge. Under this assumption of local strategy, we were able to show that the parameterized reachability and synchronization problems are NP-complete.

Vérification paramétrée

Vérification de modèles

Complexité

Probabilité

Protocoles de diffusion

Model checking

Parameterized verification

Complexity

Probability

Broadcast protocols

Statistical Inference for Lévy-Driven Ornstein-Uhlenbeck Processes

Abdelrazeq, Ibrahim

January 2014

When an Ornstein-Uhlenbeck (or CAR(1)) process is observed at discrete times 0, h, 2h,··· [T/h]h, the unobserved driving process can be approximated from the ob- served process. Approximated increments of the driving process are used to test the assumption that the process is L\'evy-driven. Asymptotic behavior of the test statis- tic at high sampling frequencies is developed assuming that the model parameters are known. The behavior of the test statistics using an estimated parameter is also studied. If it can be concluded that the driving process is L\'evy, the empirical process of the approximated increments can then be used to carry out more precise tests of goodness-of-fit. For example, one can test whether the driving process can be modeled as a Brownian motion or a gamma process. In each case, performance of the proposed test is illustrated through simulation.

Lévy-Driven process

Ornstein-Uhlenbeck

Sampled process

Goodness-of-fit

Model checking

Testing

Integrating Formal Methods with Model-Driven Engineering

Adesina, Opeyemi

January 2017

This thesis presents our method to integrate formal methods with model-driven engineering. Although a large amount of literature exists with the goal of facilitating the adoption of formal methods for educational and industrial practice, yet the adoption of formal methods in academia and industry is poor. The goal of this research is to improve the adoption of formal methods by automating the generation of formal methods code while maintaining scalability and bridging the gaps between formal analysis and actual implementation of the complete system. Our approach is based on generating formal representations of software abstractions expressed in a textual language, called Umple, which is derived from UML. Software abstractions of interest include class models and state machines. For state machines, we address concerns such as composite and concurrent states separately. The resulting systems are analyzable by back-end analysis engines such as Alloy and nuXmv or NuSMV for model checking. To ensure correctness of our approach, we have adopted simulation, empirical studies and rigorous test-driven development (TDD) methodologies. To guarantee correctness of state machine systems under analysis (SSUAs), we present methods to automatically generate specifications to analyze domain-independent properties such as non-determinism and reachability analysis. We apply these methods in various case studies; certify their conformance with sets of requirements and uncover certain flaws. Our contributions include a) The overall approach, involving having the developer write the system in Umple and generating both the formal system for analysis and the final code from the same model; b) a novel approach to encode SSUAs even in the presence of and-cross transitions; c) a fully automated approach to certify an SSUA to be free from nondeterminism even in the presence of unbounded domains and multiple and-cross transitions within the same enclosing orthogonal state; d) an empirical study of the impact of abstraction on some performance parameters; and e) a translator from Umple to Alloy and SMV.

Formal Methods

Model-Driven Engineering

Model Checking

Umple

UML

Model-Driven Development

On Post’s embedding problem and the complexity of lossy channels / Du problème de sous mot de Post et de la complexité des canaux non fiables

Chambart, Pierre

29 September 2011

Les systèmes à canaux non fiables ont été introduits à l'origine comme un modèle de communication. Ils ont donné naissance à une classe de complexité restée mal comprise pendant longtemps. Dans cette thèse, nous étudions et comblons certaines des plus importantes lacunes dans la connaissance de cette classe. Nous fournissons entre autres des bornes inférieure et supérieure qui se rejoignent pour la complexité en temps. Puis nous proposons un nouvel outil de preuve : le Problème de Sous Mot de Post (PEP). C'est un problème simple, inspiré du Problème de Correspondance de Post, et complet pour cette classe de complexité. Nous étudions ensuite PEP et ses variantes, ainsi que les langages de solutions de PEP sur lesquels nous avons fourni des résultats de complexité et des outils de preuve tels que des lemmes de pompage. / Lossy channel systems were originally introduced to model communication protocols. It gave birth to a complexity class wich remained scarcely undersood for a long time. In this thesis we study some of the most important gaps. In particular, we bring matching upper and lower bounds for the time complexity. Then we describe a new proof tool : the Post Embedding Problem (PEP) which is a simple problem, closely related to the Post Correspondence Problem, and complete for this complexity class. Finally, we study PEP, its variants and the languages of solutions of PEP on which we provide complexity results and proof tools like pumping lemmas.

Systèmes à canaux non fiables

Vérification formelle

Lossy channel systems

Model-checking

Multiply recursive function

Post's embedding problem

Methods for Modeling and Analyzing Concurrent Software

Zeng, Reng

02 July 2013

Concurrent software executes multiple threads or processes to achieve high performance. However, concurrency results in a huge number of different system behaviors that are difficult to test and verify. The aim of this dissertation is to develop new methods and tools for modeling and analyzing concurrent software systems at design and code levels. This dissertation consists of several related results. First, a formal model of Mondex, an electronic purse system, is built using Petri nets from user requirements, which is formally verified using model checking. Second, Petri nets models are automatically mined from the event traces generated from scientific workflows. Third, partial order models are automatically extracted from some instrumented concurrent program execution, and potential atomicity violation bugs are automatically verified based on the partial order models using model checking. Our formal specification and verification of Mondex have contributed to the world wide effort in developing a verified software repository. Our method to mine Petri net models automatically from provenance offers a new approach to build scientific workflows. Our dynamic prediction tool, named McPatom, can predict several known bugs in real world systems including one that evades several other existing tools. McPatom is efficient and scalable as it takes advantage of the nature of atomicity violations and considers only a pair of threads and accesses to a single shared variable at one time. However, predictive tools need to consider the tradeoffs between precision and coverage. Based on McPatom, this dissertation presents two methods for improving the coverage and precision of atomicity violation predictions: 1) a post-prediction analysis method to increase coverage while ensuring precision; 2) a follow-up replaying method to further increase coverage. Both methods are implemented in a completely automatic tool.

concurrency

multi-threaded program

atomicity violation

model checking

Petri nets

verification

Mondex

scientific workflow

Software Engineering

Revisão de crenças em ACTL usando verificação de modelos limitada / Belief revision in ACTL using bounded model checking

Bruno Vercelino da Hora

03 August 2017

Uma importante etapa do desenvolvimento de software é o de levantamento e análise dos requisitos. Porém, durante esta etapa podem ocorrer inconsistências que prejudicarão o andamento do projeto. Além disso, após finalizada a especificação, o cliente pode querer acrescentar ou modificar as funcionalidades do sistema. Tudo isso requer que a especificação do software seja revista, mas isso é altamente custoso, tornando necessário um processo automatizado para simplificar tal revisão. Para lidar com este problema, uma das abordagens utilizadas tem sido o processo de Revisão de Crenças, juntamente com o processo de Verificação de Modelos. O objetivo deste trabalho é utilizar o processo de revisão de crenças e verificação de modelos para avaliar especificações de um projeto procurando inconsistências, utilizando o fragmento universal da Computation Tree Logic (CTL), conhecido como ACTL, e revisá-las gerando sugestões de mudanças na especificação. A nossa proposta é traduzir para lógica clássica tanto o modelo (especificação do software) quanto a propriedade a ser revisada, e então aplicar um resolvedor SAT para verificar a satisfazibilidade da fórmula gerada. A partir da resposta do resolvedor SAT, iremos gerar sugestões válidas de mudanças para a especificação, fazendo o processo de tradução reversa da lógica clássica para o modelo original. / The objective of this work is to join the proccess of belief revision and model checking to evaluate project specifications looking for inconsistences, using the universal fragment of Computation Tree Logic (CTL), known as ACTL, and revise them generating changes suggestions in the specification. Our approach will translate the model (software specification) and the property to be revised to classical logic. Then we will apply a SAT solver to verify the generated formulas satsifability. From the SAT solver answer, we will create changes valid suggestions to the specification making the translation back from classical logic to the original model. To generate the changes suggestions, we proposed a framework based on heuristics where different approaches and decisions can be implemented, aiming a better application for each project scope. We implemented a basic heuristic as an example and used it to test the implementation to analise the proposed algorithm

CTL

Revisão de crenças

Verificação de modelos limitada

Belief revision

Bounded model checking

CTL

Revisão de modelos formais de sistemas de estados finitos / Revision of formal models finite state systems

Thiago Carvalho de Sousa

26 March 2007

Neste trabalho apresentamos uma implementação de revisão de crenças baseada em comparação de modelos (estados) em uma ferramenta de verificação automática de sistemas de estados finitos. Dada uma fórmula (na lógica CTL) inconsistente com o modelo do sistema, revisamos esse modelo de tal maneira que essa fórmula temporal se torne verdadeira. Como temos oito operadores temporais (AG, AF, AX, AU, EG, EF, EX e EU), foram criados algoritmos especícos para cada um deles. Como o modelo do sistema deriva do seu código na linguagem SMV, a sua revisão passa obrigatoriamente por mudanças na sua descrição. A nossa implementação contempla três tipos de mudanças: acréscimo de linhas, eliminação de linhas e mudança no estado inicial, sendo que as duas primeiras provocam modicações nas transições entre os estados que compõe o modelo. Alguns testes foram aplicados para comprovar a contribuição da revisão de crenças (revisão de modelos) como ferramenta de auxílio ao usuário durante o processo de modelagem de sistemas. / In this work we present an implementation of belief revision based on comparison of models (states) in a tool for automatic verication of nite state systems. Given a formula (in the language of CTL) inconsistent with the model of the system, we revise this model in such way that the temporal formula becomes valid. As we have eight temporal operators (AG, AF, AX, AU, EG, EF, EX and EU), specic algorithms for each one of them have been created. As the model of the system is related with its code in SMV language, its revision forces changes in its description. Our implementation contemplates three types of change: addition of lines, elimination of lines and change in the initial state, where the rst two cause modications in the transitions between the states of the model. Some tests were applied to prove the contribution of the belief revision (model revision) as aid-tool to the user during the process of systems modeling.

CTL

NuSMV

Belief Revision

CTL

Model Checking

NuSMV