The UML/MARTE Verifier
Size: px
Start display at page:

Download "The UML/MARTE Verifier"

Transcription

1 ETR course The UML/MARTE Verifier A Property Driven toolchain for model checking real time systems Marc Pantel (based on Ning Ge and Faiez Zalila work) Université de Toulouse, IRIT-CNRS, ACADIE August 27, 2015 Work funded by FUI TOPCASED, ITEA OPEES, FUI Projet P, ITEA openetcs, IRT Saint Exupery Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

2 Outline 1 Introduction 2 Method to integrate formal verification for DSMLs 3 Property-Driven Approach 4 Semantic Mapping from UML-MARTE to TPN 5 Real-Time Property Specification 6 Observer-Based Property Verification 7 Property Specific State Space Reduction 8 Feedback Analysis Proposal 9 Synthesis Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

3 Introduction Outline 1 Introduction 2 Method to integrate formal verification for DSMLs 3 Property-Driven Approach 4 Semantic Mapping from UML-MARTE to TPN 5 Real-Time Property Specification 6 Observer-Based Property Verification 7 Property Specific State Space Reduction 8 Feedback Analysis Proposal 9 Synthesis Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

4 Introduction Safety Critical Real-Time Embedded Systems Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

5 Introduction Safety Critical Real-Time Embedded Systems Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

6 Introduction Real-Time Requirements!"#$%&'(")!"*+',"("-./ Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

7 Introduction Real-Time Requirements!"#$%&'(")!"*+',"("-./ 012'3#$)4("),"*+',"("-./ 567/'3#$)4("),"*+',"("-./ Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

8 Introduction Real-Time Requirements!"#$%&'(")!"*+',"("-./ 012'3#$)4("),"*+',"("-./ 567/'3#$)4("),"*+',"("-./ Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

9 Introduction Real-Time Requirements!"#$%&'(")!"*+',"("-./ 012'3#$)4("),"*+',"("-./ 567/'3#$)4("),"*+',"("-./!"#$%&'($)*$'*+($!,(*-$-*"*./.+0$-*1$,-2%$(3*$4.52( Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

10 Introduction Real-Time Requirements!"#$%&'(")!"*+',"("-./ 012'3#$)4("),"*+',"("-./ /'3#$)4("),"*+',"("-./!"#$%&'($)*$'*+($!,(*-$-*"*./.+0$-*1$,-2%$(3*$4.52( Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

11 Introduction Real-Time Requirements!"#$%&'(")!"*+',"("-./ 012'3#$)4("),"*+',"("-./ /'3#$)4("),"*+',"("-./!"#$%&'($)*$'*+($!,(*-$-*"*./.+0$-*1$,-2%$(3*$4.52(!"#$%&'($)*$'*+($!,(*-$-*"*./.+0$-*1$,-2%$(3*$4.52($.+$6789$:8;%'$.+$*!"3$4*-.2< Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

12 Introduction Real-Time Requirements!"#$%&'(")!"*+',"("-./ 012'3#$)4("),"*+',"("-./ /'3#$)4("),"*+',"("-./!"#$%&'($)*$'*+($!,(*-$-*"*./.+0$-*1$,-2%$(3*$4.52(!"#$%&'($)*$'*+($!,(*-$-*"*./.+0$-*1$,-2%$(3*$4.52($.+$6789$:8;%'$.+$*!"3$4*-.2< =3*$*+0.+*$#**4'$'(!55.+0$,2-$!($5*!'($>$'*" Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

13 Introduction Real-Time Requirements!"#$%&'(")!"*+',"("-./ 012'3#$)4("),"*+',"("-./!"*+'," 893'"-.) :",';3# /'3#$)4("),"*+',"("-./!"#$%&'($)*$'*+($!,(*-$-*"*./.+0$-*1$,-2%$(3*$4.52(!"#$%&'($)*$'*+($!,(*-$-*"*./.+0$-*1$,-2%$(3*$4.52($.+$6789$:8;%'$.+$*!"3$4*-.2< =3*$*+0.+*$#**4'$'(!55.+0$,2-$!($5*!'($>$'*" Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

14 Introduction Model Driven Engineering & Formal Methods!"#$%&'()*$+&,+-)+$$()+- 4."(/0%&!$12"#3 Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

15 Introduction Model Driven Engineering & Formal Methods!"#$%&"'"()!"#$%&"'"()*!"#$%&"'"()*!"#$%&"'"()!"#$%&"'"( * +,+ +,+ * )* -&./%)".)$& -&./%)".) +,+ +,+ -&./%)".)$& "0 $&"0 "0 -&./%)".)$&"0 1"*%2( 1"*%2(0 1"*%2(0 1"*%2(0+,+ +,+ +,+ 1")3%4" 1")3%4"50 1")3%4" "*%2(0+,+ 1"*%2(0 1"*%2( +,+ 675" 675"0 8"("&397 8"("&3 ( 97( +,+ :75"401&%;"(0<(2%(""&%(2, =7&'340:")/75* Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

16 Introduction KU1_output [298,444] FM1_output [268,310] [0,25000] KU1_exectr KU1_FM1_comm [0,30000] FM1_exectr M7_sp FM1_NDB_comm KU1_waitp KU1_execp FM1_waitp FM1_execp [0,100000] M7_str [50000,50000] KU1_null [0,0] KU1_data [0,0] [0,0] [60000,60000] [0,0] FM1_null FM1_data NDB_devitf KU1_waittr FM1_waittr KU1_hold KU1_input FM1_hold FM1_input KU1_devitf [0,0] KU1_offset SP_inittr FM1_devitf [0,0] FM1_offset [0,0] NDB_hold NDB_offset NDB_input M1_sp [0,50000] M1_str SP_initp M3_sp [0,60000] M3_str [100000,100000] NDB_data MFD1_devitf [25000,25000] MFD1_offset FM1a_devitf [0,0] FM1a_offset NDB_waittr [0,0] NDB_waitp NDB_null [0,0] NDB_execp MFD1_hold MFD1_input FM1a_hold FM1a_input NDB_FM1a_comm [0,20000] NDB_exectr [50000,50000] [0,0] MFD1_null [0,0] MFD1_execp MFD1_data [60000,60000] [0,0] FM1a_null [0,0] FM1a_data [400,508] NDB_bag NDB_output MFD1_waittr MFD1_waitp FM1a_waittr FM1a_waitp FM1a_execp [0,64000] NDB_FM1a_bag [0,25000] MFD1_exectr [310,490] FM1a_MFD1_comm [0,30000] FM1a_exectr MFD1_output FM1a_output Model Driven Engineering & Formal Methods!"#$%&"'"()!"#$%&"'"()*!"#$%&"'"()*!"#$%&"'"()!"#$%&"'"( * +,+ +,+ * )* -&./%)".)$& -&./%)".) +,+ +,+ -&./%)".)$& "0 $&"0 "0 -&./%)".)$&"0 1"*%2( 1"*%2(0 1"*%2(0 1"*%2(0+,+ +,+ +,+ 1")3%4" 1")3%4"50 1")3%4" "*%2(0+,+ 1"*%2(0 1"*%2( +,+ 675" 675"0 8"("&397 8"("&3 ( 97( +,+ :75"401&%;"(0<(2%(""&%(2, =7&'340:")/75* Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

17 Introduction V & V in MDE!"#$%&"'"()* -&./%)".)$&"0 1"*%2(!"#$%&"'"()* +,+ -&./%)".)$&"0 1"*%2(0+,+!"#$%&"'"()* +,+ -&./%)".)$&"0 1"*%2(0+,+!"#$%&"'"()* +,+ -&./%)".)$&"0 1"*%2(0+,+!"#$%&"'"()* +,+ :%'"0;%(" 1")3%4"50 1"*%2( 675" 8"("&397( 1")3%4"50 1"*%2(0+,+ 675"08"("&397( +,+ 1")3%4"50 1"*%2(0+,+ Note: from MeMVaTEx methodology Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

18 Proposed method Outline 1 Introduction 2 Method to integrate formal verification for DSMLs 3 Property-Driven Approach 4 Semantic Mapping from UML-MARTE to TPN 5 Real-Time Property Specification 6 Observer-Based Property Verification 7 Property Specific State Space Reduction 8 Feedback Analysis Proposal 9 Synthesis Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

19 Proposed method Domain-Specific Modeling Languages (DSMLs) Model-Driven Engineering User generators editors DSML simulators verifiers conforms to model represented by User generators editors DSML simulators verifiers conforms to model represented by User generators editors DSML simulators verifiers model conforms to represented by Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

20 Proposed method Domain-Specific Modeling Languages (DSMLs) Language Engineering Model-Driven Engineering Domain expert Language expert User generators editors DSML simulators verifiers conforms to model represented by Domain expert Language expert User generators editors DSML simulators verifiers conforms to model represented by model represented by Domain expert Language expert User generators editors DSML simulators verifiers conforms to Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

21 Proposed method Verification and Validation (V&V) activities Language Engineering Model-Driven Engineering Domain expert Language expert User generators editors DSML simulators verifiers conforms to model represented by Domain expert Language expert User generators editors DSML simulators verifiers conforms to model represented by model represented by Domain expert Language expert User generators editors DSML simulators verifiers conforms to Formal verification Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

22 Proposed method Formal verification technique User requirements: Ease of use Automation Efficiency Soundness Completeness Candidate: Automated theorem proving (SAT/SMT solvers) (logic based, user provided dedicated abstractions) Abstract interpretation (state based, automated generic abstractions) Model checking (state based, user provided dedicated abstractions) Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

23 Proposed method Model checking based formal verification architecture DSML model Formal verification DSML Verifier DSML end-user defines defines/uses Formal model Formal properties model-checking tools Formal verification results DSML verification results DSML behavioral properties obtains Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

24 Proposed method Model checking based formal verification architecture DSML model Formal verification DSML Verifier DSML end-user defines defines/uses DSML behavioral properties Formal model Formal properties Interpretation approach (Operational semantics) model-checking tools Formal verification results Translational approach (Translational semantics) DSML verification results obtains Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

25 Proposed method Translational approach DSML model Formal verification DSML Verifier DSML end-user defines defines/uses DSML behavioral properties Formal model Formal properties model-checking tools Formal verification results Translational approach (Translational semantics) DSML verification results obtains Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

26 Proposed method DSML Verifier: Reuse formal tools DSML model DSML Verifier DSML end-user defines defines/uses DSML behavioral properties Formal model model Formal properties properties model-checking tools Formal Formal verification verification results DSML verification results obtains Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

27 Proposed method Defining a translational semantics Domain expert Language expert DSML end-user DSML model defines defines/uses DSML behavioral properties specifies Translational semantics implements Formal model model Formal properties properties model-checking tools Formal Formal verification verification results DSML Verifier DSML verification results obtains Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

28 Proposed method Completing the integration Domain expert Language expert DSML end-user DSML model defines defines/uses DSML behavioral properties specifies Translational semantics Properties generation implements Formal model model Formal properties properties model-checking tools Formal Formal verification verification results DSML Verifier Feedback verification results DSML verification results obtains Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

29 Proposed method Use case driven method Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

30 Proposed method Use case driven method Ad-hoc solutions Analyse results Suggest generic solutions Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

31 Proposed method Use case driven method Ad-hoc solutions Analyse results Validate proposed solutions Apply on use-case Suggest generic solutions Capitalize know-how and expertise Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

32 Proposed method Use case driven method Ad-hoc solutions Analyse results Validate proposed solutions Validate proposed solutions Suggest generic solutions Capitalize know-how and expertise Apply on use-case Capitalize know-how and expertise Apply on use-case Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

33 Proposed method Use case driven method Ad-hoc solutions Analyse results Validate proposed solutions Validate proposed solutions Synthesize our contributions Suggest generic solutions Capitalize know-how and expertise Apply on use-case Capitalize know-how and expertise Apply on use-case Package our contributions Collect applications feedbacks Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

34 Proposed method Case Study: Flight Management System (FMS) Rely on Integrated Modular Avionics (IMA) principles Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

35 Proposed method FMS Architecture Model by Boniol and Lauer!"#$%"&'()*+&,-'.#)$ keyboard 1 display 1 display 2 keyboard 2 Module 1 KU 1 MFD 1 Module 2 KU 2 MFD Module 3 Module S 4 FM 2 S 3 1 FM 2 S 1 Module 5 Module S 6 ADIRU 4 S 5 1 ADIRU 2 RDC 1 Module 7 RDC 2 sensor 1 NDB sensor 2!"/+.$0%'.#)$ functions, AFDX network Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

36 Proposed method FMS Architecture Model by Boniol and Lauer!"#$%"&'()*+&,-'.#)$ keyboard 1 display 1 display 2 keyboard 2 %04 Module 1 KU 1 MFD 1 Module 2 KU 2 MFD Module 3 Module S 4 FM 2 S 3 1 FM 2 S 1 Module 5 Module S 6 ADIRU 4 S 5 1 ADIRU 2 RDC 1 Module 7 RDC 2 sensor 1 NDB sensor 2!"/+.$0%'.#)$ functions, AFDX network Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

37 Proposed method FMS Architecture Model by Boniol and Lauer!"#$%"&'()*+&,-'.#)$ keyboard 1 display 1 display 2 keyboard 2 Module 1 KU 1 MFD 1 Module 2 KU 2 MFD Module 4+1(5 4+1(6 3 Module S 4 FM 2 S 3 1 FM 2 S 1 Module 5 Module S 6 ADIRU 4 S 5 1 ADIRU 2 RDC 1 Module 7 RDC 2 sensor 1 NDB sensor 2!"/+.$0%'.#)$ functions, AFDX network Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

38 Proposed method FMS Architecture Model by Boniol and Lauer!"#$%"&'()*+&,-'.#)$ keyboard 1 display 1 display 2 keyboard 2 Module 1 KU 1 MFD 1 Module 2 KU 2 MFD Module 3 Module S 4 FM 2 S %-5 4.0%-6 FM 2 S 1 Module 5 Module S 6 ADIRU 4 S 5 1 ADIRU 2 RDC 1 Module 7 RDC 2 sensor 1 NDB sensor 2!"/+.$0%'.#)$ functions, AFDX network Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

39 Proposed method FMS Architecture Model by Boniol and Lauer!"#$%"&'()*+&,-'.#)$ keyboard 1 display 1 display 2 keyboard 2 Module 1 KU 1 MFD 1 Module 2 KU 2 MFD Module 3 Module S 4 FM 2 S 3 1 FM 2 S 1 Module 5 Module S 6 ADIRU 4 S 5 1,#*40%5,#*40%6 ADIRU 2 RDC 1 Module 7 RDC 2 sensor 1 NDB sensor 2!"/+.$0%'.#)$ functions, AFDX network Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

40 Proposed method FMS Architecture Model by Boniol and Lauer!"#$%"&'()*+&,-'.#)$ keyboard 1 display 1 display 2 keyboard 2 Module 1 KU 1 MFD 1 Module 2 KU 2 MFD Module 3 Module S 4 FM 2 S #5"6 4+1#5"7 FM 2 S 1 Module 5 Module S 6 ADIRU 4 S 5 1 ADIRU 2 RDC 1 Module 7 RDC 2 sensor 1 NDB sensor 2!"/+.$0%'.#)$ functions, AFDX network Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

41 Proposed method FMS Architecture Model by Boniol and Lauer!"#$%"&'()*+&,-'.#)$ keyboard 1 display 1 display 2 keyboard 2 ()*+4 ()*+5 Module 1 KU 1 MFD 1 Module 2 KU 2 MFD Module 3 Module S 4 FM 2 S 3 1 FM 2 S 1 Module 5 Module S 6 ADIRU 4 S 5 1 ADIRU 2 RDC 1 Module 7 RDC 2 sensor 1 NDB sensor 2!"/+.$0%'.#)$ functions, AFDX network Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

42 Proposed method Latency Real-Time Requirements In the pilot request functional chain, the time between req 1 and the first occurrence of disp 1 depending on req 1 must be in time range [bct, wct]. req 1 [1] disp 1 [5] disp 1 [6] M 1 KU 1 MFD 1 KU 1 MFD 1 KU 1 MFD 1 KU 1 MFD 1 KU 1 MFD 1 KU 1 MFD M 3 M 7 FM 1 FM 1 FM 1 FM 1 FM NDB NDB NDB l 240 Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

43 Proposed method Verification of FMS Case Study Proposal of Boniol and Lauer Abstraction based on trajectory approach for the AFDX network Formal modeling using tagged signal model Transformed in Integer Linear Programming (ILP) problems Model Checking? Modeling and Analysis using timed automata & UPPALL State space combinatorial explosion issue Further Study on Model Checking Methods for minimizing verification semantics to reduce the state space. Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

44 Proposed method Phase in the development process!"#$%&"'"()* -&./%)".)$&"0 1"*%2(!"#$%&"'"()* +,+ -&./%)".)$&"0 1"*%2(0+,+!"#$%&"'"()* +,+ -&./%)".)$&"0 1"*%2(0+,+!"#$%&"'"()* +,+ -&./%)".)$&"0 1"*%2(0+,+!"#$%&"'"()* +,+ :%'"0;%(" 1")3%4"50 1"*%2( 675" 8"("&397( 1")3%4"50 1"*%2(0+,+ 675"08"("&397( +,+ 1")3%4"50 1"*%2(0+,+ Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

45 Proposed method Phase in the development process!"#$%&"'"()* <=;>=-!:? -&./%)".)$&"0 1"*%2( :%'"0;%("!"#$%&"'"()* +,+ 1")3%4"50 1"*%2( -&./%)".)$&"0 1"*%2(0+,+ 675" 8"("&397(!"#$%&"'"()* +,+ 1")3%4"50 1"*%2(0+,+ -&./%)".)$&"0 1"*%2(0+,+ 675"08"("&397( +,+!"#$%&"'"()* +,+ 1")3%4"50 1"*%2(0+,+ -&./%)".)$&"0 1"*%2(0+,+!"#$%&"'"()* +,+ Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

46 Property-Driven Approach Outline 1 Introduction 2 Method to integrate formal verification for DSMLs 3 Property-Driven Approach 4 Semantic Mapping from UML-MARTE to TPN 5 Real-Time Property Specification 6 Observer-Based Property Verification 7 Property Specific State Space Reduction 8 Feedback Analysis Proposal 9 Synthesis Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

47 Property-Driven Approach Property-Driven Approach Principle The formal activities in the development process are based on the purpose of property-verification-ease. Experiments by B. Combemale Verification of structural and temporal properties for Development Process models. Requires more scalable methods to verify quantitative properties. Proposed method 1 Characterize expected properties. 2 Characterize mandatory observable states and events to assess these properties. 3 Express real-time properties using elementary property patterns. 4 Define translational semantics to Time Petri Net (TPN) with observers and reachability assertions. 5 Reduce state space: property-specific reduction for TPN. 6 Validate model and feedback: automated failure analysis. Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

48 Property-Driven Approach Time Petri Net P init [11,15] (10, ] T restart [0,0] 2 [3,10] P task2 T exe2 2 T [19,27] fork P join T exit P exit P task1 T exe1 TINA toolset Proposal Analyze µ-calculus, LTL, CTL properties for TPN. Integrate state space abstraction techniques (preserving different kinds of properties), on-the-fly model checking. Data manipulation (tts): variables used in transition guards and actions. Rely on observers and reachability assertions. Transform quantitative problem into reachability problem. Minimize semantics for observation based on state space preserving markings. Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

49 Property-Driven Approach Challenge & Property-Driven Verification Framework UML Real-Time Software Model Architecture Model System Model Behavior Model Real-Time Requirement 5 Feedback Generation Real-Time Property Verification Result Architecture/ Behavior Mapping TPN 1 Timing Real-Time Property Property Pattern Patterns Observer TPN Generation 3 Observer TPN Real-Time Property Specification 4 TPN Reduction 2 3 Verification Result Computation Iteration Tag 3 Tag Property Pattern Result Interpretation Tag Property Pattern Result Reduced Observer TPN 3 Reachability Assertions TPN Model Checking Property Pattern Result Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

50 Property-Driven Approach Challenge & Property-Driven Verification Framework UML Real-Time Software Model Architecture Model System Model Behavior Model Real-Time Requirement 5 Feedback Generation Real-Time Property Verification Result Architecture/ Behavior Mapping TPN 1 Timing Real-Time Property Property Pattern Patterns Observer TPN Generation 3 Observer TPN Real-Time Property Specification 4 TPN Reduction 2 3 Verification Result Computation Iteration Tag 3 Tag Property Pattern Result Interpretation Tag Property Pattern Result Reduced Observer TPN 3 Reachability Assertions TPN Model Checking Property Pattern Result Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

51 Property-Driven Approach Challenge & Property-Driven Verification Framework UML Real-Time Software Model Architecture Model System Model Behavior Model Real-Time Requirement 5 Feedback Generation Real-Time Property Verification Result Architecture/ Behavior Mapping TPN 1 Timing Real-Time Property Property Pattern Patterns Observer TPN Generation 3 Observer TPN Real-Time Property Specification 4 TPN Reduction 2 3 Verification Result Computation Iteration Tag 3 Tag Property Pattern Result Interpretation Tag Property Pattern Result Reduced Observer TPN 3 Reachability Assertions TPN Model Checking Property Pattern Result Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

52 Property-Driven Approach Challenge & Property-Driven Verification Framework UML Real-Time Software Model Architecture Model System Model Behavior Model Real-Time Requirement 5 Feedback Generation Real-Time Property Verification Result Architecture/ Behavior Mapping TPN 1 Timing Real-Time Property Property Pattern Patterns Observer TPN Generation 3 Observer TPN Real-Time Property Specification 4 TPN Reduction 2 3 Verification Result Computation Iteration Tag 3 Tag Property Pattern Result Interpretation Tag Property Pattern Result Reduced Observer TPN 3 Reachability Assertions TPN Model Checking Property Pattern Result Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

53 Property-Driven Approach Challenge & Property-Driven Verification Framework UML Real-Time Software Model Architecture Model System Model Behavior Model Real-Time Requirement 5 Feedback Generation Real-Time Property Verification Result Architecture/ Behavior Mapping TPN 1 Timing Real-Time Property Property Pattern Patterns Observer TPN Generation 3 Observer TPN Real-Time Property Specification 4 TPN Reduction 2 3 Verification Result Computation Iteration Tag 3 Tag Property Pattern Result Interpretation Tag Property Pattern Result Reduced Observer TPN 3 Reachability Assertions TPN Model Checking Property Pattern Result Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

54 Property-Driven Approach Challenge & Property-Driven Verification Framework UML Real-Time Software Model Architecture Model System Model Behavior Model Real-Time Requirement 5 Feedback Generation Real-Time Property Verification Result Architecture/ Behavior Mapping TPN 1 Timing Real-Time Property Property Pattern Patterns Observer TPN Generation 3 Observer TPN Real-Time Property Specification 4 TPN Reduction 2 3 Verification Result Computation Iteration Tag 3 Tag Property Pattern Result Interpretation Tag Property Pattern Result Reduced Observer TPN 3 Reachability Assertions TPN Model Checking Property Pattern Result Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

55 Property-Driven Approach Challenge & Property-Driven Verification Framework UML Real-Time Software Model Architecture Model System Model Behavior Model Real-Time Requirement 5 Feedback Generation Real-Time Property Verification Result Architecture/ Behavior Mapping TPN 1 Timing Real-Time Property Property Pattern Patterns Observer TPN Generation 3 Observer TPN Real-Time Property Specification 4 TPN Reduction 2 3 Verification Result Computation Iteration Tag 3 Tag Property Pattern Result Interpretation Tag Property Pattern Result Reduced Observer TPN 3 Reachability Assertions TPN Model Checking Property Pattern Result Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

56 Property-Driven Approach Challenge & Property-Driven Verification Framework UML Real-Time Software Model Architecture Model System Model Behavior Model Real-Time Requirement 5 Feedback Generation Real-Time Property Verification Result Architecture/ Behavior Mapping TPN 1 Timing Real-Time Property Property Pattern Patterns Observer TPN Generation 3 Observer TPN Real-Time Property Specification 4 TPN Reduction 2 3 Verification Result Computation Iteration Tag 3 Tag Property Pattern Result Interpretation Tag Property Pattern Result Reduced Observer TPN 3 Reachability Assertions TPN Model Checking Property Pattern Result Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

57 Semantic Mapping from UML-MARTE to TPN Outline 1 Introduction 2 Method to integrate formal verification for DSMLs 3 Property-Driven Approach 4 Semantic Mapping from UML-MARTE to TPN 5 Real-Time Property Specification 6 Observer-Based Property Verification 7 Property Specific State Space Reduction 8 Feedback Analysis Proposal 9 Synthesis Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

58 Semantic Mapping from UML-MARTE to TPN Modeling Context Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

59 Semantic Mapping from UML-MARTE to TPN Modeling Context Real-Time Software Systems Clocks: single & multiple clocks (rate, drift, offset) Communication: synchronous & asynchronous Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

60 Semantic Mapping from UML-MARTE to TPN Modeling Context Real-Time Software Systems Clocks: single & multiple clocks (rate, drift, offset) Communication: synchronous & asynchronous Object Value Ignored in the architecture design phase Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

61 Semantic Mapping from UML-MARTE to TPN Modeling Context Real-Time Software Systems Clocks: single & multiple clocks (rate, drift, offset) Communication: synchronous & asynchronous Object Value Ignored in the architecture design phase Cyclic execution Event-trigger: activated by the data and control flow Time-trigger: also activated by the rising edge of time cycle Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

62 Semantic Mapping from UML-MARTE to TPN Modeling Context Real-Time Software Systems Clocks: single & multiple clocks (rate, drift, offset) Communication: synchronous & asynchronous Object Value Ignored in the architecture design phase Cyclic execution Event-trigger: activated by the data and control flow Time-trigger: also activated by the rising edge of time cycle MARTE Simplification on the use of MARTE Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

63 Semantic Mapping from UML-MARTE to TPN Modeling Context Real-Time Software Systems Clocks: single & multiple clocks (rate, drift, offset) Communication: synchronous & asynchronous Object Value Ignored in the architecture design Cyclic execution Event-trigger: activated by the data and control flow Time-trigger: also activated by the rising edge of time cycle MARTE Simplification on the use of MARTE Resource scheduling A generic scheduling algorithm with preemption option is provided Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

64 Semantic Mapping from UML-MARTE to TPN Defining Mapping Semantics from UML-MARTE to TPN Semantic Mapping Objectives 1 Conforming to the semantics in UML Specification 2.4.1, explicit semantics for variation points 2 Property specific semantic mapping, preserving minimal set of property-relevant semantics as possible 3 Standardized mapping for some untimed UML elements 4 Verification-ease, guarantee efficiency of model checking 5 Facilitate the assembly of mapping results UML-MARTE diagrams Composite structure diagram Activity diagram State machine diagram Covers a large scope of modeling elements Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

65 Semantic Mapping from UML-MARTE to TPN FMS: Modeling for Latency Requirement Functional chain on IMA req 1 KU 1 wpid 1 wpid 2 FM 1 FM 2 query 1 query 2 NDB NDB answer 1 answer 2 FM 1 FM2 wpinfo 1 wpinfo 2 MFD 1 MFD 2 disp 1 disp2 Architecture <<Allocated>> req <<Allocated>> wpid <<CommunicationMedia>> <<Allocated>> query <<Allocated>> wpid <<CommunicationMedia>> <<Allocated>> query M1:KU_MFD_Module <<Allocated>> wpinfo <<Allocated>> disp <<CommunicationMedia>> M3:FM_Module <<Allocated>> wpinfo <<Allocated>> anwser <<CommunicationMedia>> M7:NDB_Module <<Allocated>> anwser Behavior of FM module <<Allocated>> wpid1 <<TimeProcessing>> FM1 <<Allocated>> query1 <<Allocated>> answer1 <<TimeProcessing>> FM1a <<Allocated>> wpinfo1 <<RtSpecification>> occkind = PeriodicPattern (period=[60000,60000]; phase=[0,60000]; occurrences=-1) Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

66 Semantic Mapping from UML-MARTE to TPN FMS: TPN Mapping Result!"# Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

67 Semantic Mapping from UML-MARTE to TPN FMS: TPN Mapping Result!"#$%&'$()*+,!" $%& -,. Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

68 Semantic Mapping from UML-MARTE to TPN FMS: TPN Mapping Result!"#$%&'$()*+,!" $%& Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

69 Semantic Mapping from UML-MARTE to TPN FMS: TPN Mapping Result!"#"$%&'( Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

70 Semantic Mapping from UML-MARTE to TPN FMS: TPN Mapping Result!"#"$%&'( Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

71 Semantic Mapping from UML-MARTE to TPN FMS: TPN Mapping Result!"#"$%&'( Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

72 Semantic Mapping from UML-MARTE to TPN FMS: TPN Mapping Result!"#"$%&'( Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

73 Semantic Mapping from UML-MARTE to TPN FMS: TPN Mapping Result!"#$%&'()* Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

74 Semantic Mapping from UML-MARTE to TPN FMS: TPN Mapping Result!"#$%&'$()*+,!" $%& Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

75 Semantic Mapping from UML-MARTE to TPN FMS: TPN Mapping Result!"#$%&'$()*+,!" $%& Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

76 Semantic Mapping from UML-MARTE to TPN FMS: TPN Mapping Result Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

77 Real-Time Property Specification Outline 1 Introduction 2 Method to integrate formal verification for DSMLs 3 Property-Driven Approach 4 Semantic Mapping from UML-MARTE to TPN 5 Real-Time Property Specification 6 Observer-Based Property Verification 7 Property Specific State Space Reduction 8 Feedback Analysis Proposal 9 Synthesis Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

78 Real-Time Property Specification Property Pattern Approach Research Background Qualitative patterns proposed by Dwyer cover 90% temporal requirements. Extension to quantitative patterns by Konrad. Specification Type Classification by Dwyer Qualitative Quantitative Catalog Occurrence Order Duration Periodic Quantitative Order Pattern Absence Existence Precedence Universality Bounded Existence Response Chain Precedence Chain Response Minimum Duration Maximum Duration Bounded Recurrence Bounded Invariance Bounded Response Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

79 Real-Time Property Specification Real-Time Property Patterns Problem Specification-orientation, semantically not atomic. Proposal A set of verification-ease elementary time property patterns. Works as a bridge between specification patterns and formal verification. Transform Dwyer and Konrad specification patterns and most MARTE CCSL (Clock Constraint Specification Language) constraints. Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

80 Real-Time Property Specification Real-Time Property Patterns Real-Time Property Real-Time Property Pattern Atomic Pattern Composite Pattern Occurrence Modifier Basic Predicate Scope Modifier State Event Modifier Exist A After B Within [bct, wct] Operator Occurrence Basic predicate Scope Absent B global or Exist A B between (B + bct) and (B + wct) Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

81 Real-Time Property Specification FMS: Latency Specification Real-Time Property Real-Time Property Pattern Atomic Pattern Composite Pattern Occurrence Modifier Basic Predicate Scope Modifier State Event Modifier FMS latency property: time between pilot s request and first disp depending on request must be in [bct, wct] Operator Occurrence Basic predicate Scope always T (req, disp) bct global and always T (req, disp) wct global Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

82 Observer-Based Property Verification Outline 1 Introduction 2 Method to integrate formal verification for DSMLs 3 Property-Driven Approach 4 Semantic Mapping from UML-MARTE to TPN 5 Real-Time Property Specification 6 Observer-Based Property Verification 7 Property Specific State Space Reduction 8 Feedback Analysis Proposal 9 Synthesis Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

83 Observer-Based Property Verification Verification of Real-Time Property Proposal Observer-based model checking approach. Executed concurrently with the model under assessment. Define a set of elementary observers for the property patterns. TPN observers for event based property. tts observers for state based property. Error feedback provides all failure scenarios (that invalide the observer) Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

84 Observer-Based Property Verification Design of Observers Soundness Requirement Time divergence No side-effect on the system s original behavior. Ensured by construction (structure of the patterns). Component A TPN [0,0] [0,0] Component B TPN TPN Structure TPN Structure T A T B TPN Structure TPN Observer p tester Efficiency Requirement State Abstraction: abstraction preserving markings Related work: Abid (PhD thesis, 2013), tts observers with priority arc, state abstraction Relatively optimal (minimizes states and transition numbers not proved) Independent checking: allows parallel computation Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

85 Observer-Based Property Verification Catalog of Observers Event modifier observers: E Observer TPN Structure E ' Predicate observers: E M Observer TPN Structure!!"#$%%&'()*+% Scope modifier observers Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

86 Observer-Based Property Verification Occurrence Modifier Assume in the state class graph P: set of states that match the predicate, S: set of states that match the scope, P S: set of states that match both the predicate and the scope. Occurrence Exist Predicate in Scope: { P S if S ; True if S =. Absent Predicate in Scope: P S = Always Predicate in Scope: P S = S &'%()"*+% &'%()"*+%!"#$% &'%()"*+%!"#$%!"#$%!"#$% &'$()% &*+,-$ Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

87 Observer-Based Property Verification Computing Bound Value of Property Requirement When performing model checking, an observer can give an answer such as Yes or No for the satisfaction of the given property. For quantitative properties, however, users usually expect to know what is the bound [bct, wct] of that property instead of whether the property is bounded by [bct, wct]? Solution An iterative method that will gradually approach the bound value by integrating the observers into a binary (k-ary) search engine. Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

88 Observer-Based Property Verification FMS: Verification of Latency Property BCT Observer Overflow A Overflow B WCT Observer [0,0] [0,0] [t min,t min ] 2 [0,0] 2 Overflow [t max,t max ] [0,0] Tester A Tester A [0,0] [0,25000] [0,0] [0,25000] SP_inittr TPN System MFD_exectr SP_inittr MFD_exectr TPN System (a) Best Case (a) Worst Case Latency Property Property Value (ms) State/Transition Number Execution Time (s) System N/A 9378/23250 N/A wct / bct / Same results as Boniol and Lauer Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

89 Observer-Based Property Verification FMS: Verification of Latency Property UML Real-Time Software Model Architecture Model System Model Behavior Model Real-Time Requirement 5 Feedback Generation Real-Time Property Verification Result Architecture/ Behavior Mapping TPN 1 Timing Real-Time Property Property Pattern Patterns Observer TPN Generation 3 Observer TPN Real-Time Property Specification 4 TPN Reduction 2 3 Verification Result Computation Iteration Tag 3 Tag Property Pattern Result Interpretation Tag Property Pattern Result Reduced Observer TPN 3 Reachability Assertions TPN Model Checking Property Pattern Result Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

90 Property Specific State Space Reduction Outline 1 Introduction 2 Method to integrate formal verification for DSMLs 3 Property-Driven Approach 4 Semantic Mapping from UML-MARTE to TPN 5 Real-Time Property Specification 6 Observer-Based Property Verification 7 Property Specific State Space Reduction 8 Feedback Analysis Proposal 9 Synthesis Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

91 Property Specific State Space Reduction State Space Reduction for TPN Minimizing verification semantics Modeling abstraction Mapping abstraction State space abstraction provided by TINA On-the-fly model checking provided by TINA Existing reduction techniques in model checking Focus on universal properties Property specific reduction methods are needed Solution 1 Remove property irrelevant semantics 2 Combine property relevant semantics by replacing original sub-nets by behavioral equivalent ones Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

92 Property Specific State Space Reduction Removal of Property-Irrelevant Semantics Idea: analyze causality in the state class graph to remove transitions and states irrelevant to the observed transitions and states. Paradox: if the state class graph can be generated and analyzed, the reduction is not needed. Solution: use dependence analysis as an over-approximation. Algorithm: search for and remove TPN places and transitions that the target property does not depend on. TPN Model E A Obs B Obs D C F Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

93 Property Specific State Space Reduction Regular Real-Time Property Specific Behavior A Occurrence Time [ti min, ti max ] Time Diff [ti min ti 1 min i ti 1 max 0 [0, 0] - 1 [5, 10] [5, 10] 2 [22, 79] [17, 69] 3 [39, 148] [17, 69] n [5+17(n-1), (n-1)] [17, 69] Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

94 Property Specific State Space Reduction Regular Real-Time Property Specific Behavior p0 [5,10] p1 [17,69] p2 t4 t1 p5 [0,0] A t5 Before Reduction 177 states /365 transitions After Reduction 3 states / 3 transitions Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

95 Property Specific State Space Reduction Regular Real-Time Property Specific Behavior Observation Regular behaviors occur in property related elements. What are real-time property related elements? Firing occurrence times of the observed transitions. The time range of each occurrence of the observed outgoing transitions. Proposal Identify potential regular behaviors. Detect sub-nets that may exhibit these behaviors. Construct simpler substitute sub-nets that exhibit the same behaviors. Verify the behavioral equivalence between the original sub-net and the substitute. Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

96 Property Specific State Space Reduction Regular Real-Time Property Specific Behaviors Principle After replacing the target sub-net int the system, this one exhibits exactly the same property specific behavior as before. Regular behaviors Occurrence times, firing time range of the outgoing transition Finite firing occurrence : sequential section Infinite firing occurrence: (sequential section) + loop section A' B' T A A [t 1,t 2 ] [t i,t j ] T B B C [t 3,t 4 ]. C. [t p,t q ] (a) [t m,t n ] (b) [t x,t y ] Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

97 Property Specific State Space Reduction Divide and Conquer Reduction Approach System A A' B B' C' C 3 steps: 1 Identification: some reducible sub-nets like A, B, and C are identified. One-way-out pattern: single portal outgoing transition Generic pattern: single portal incoming and outgoing transition. 2 Reduction: search for the regularity of real-time behavior, construct reduced sub-nets (A, B, and C ), relying on observers. 3 Refinement: verify the correctness (behavioral equivalence) of the reduced sub-nets, relying on observers by model checking. Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

98 Property Specific State Space Reduction What is the benefit of this method? Benefit make a trade-off between computation time and space turns the combination problem of O(N M) into a divide-and-conquer problem of O(n N + M δ), where N is the state unfolding complexity of the target sub-net, M is the complexity of the other parts of the TPN, n is unfolding times of target sub-net by the reduction and refinement, δ is the complexity introduced by the substitute sub-net; it is expected (and often the case according the early test results) that 1 δ N. Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

99 Property Specific State Space Reduction FMS: Scalability Test (Boniol and Lauer) The latency functional chain is enlarged by increasing the number of NDB. Each latency functional chain traverses P NDB, i.e. 2P + 3 functions. P = L 1 = req 1 wpid 1 query 1 query 2 KU 1 FM 1 NDB 1... query P 1 query P NDB P 1 NDB P answer answer P P 1 NDB P 1... answer 2 answer 1 wpinfo 1 disp 1 NDB 1 FM 1 MFD 1 (1) NDB/Fun. Prop. Val. (ms) S/T (after R.) Reduction Time Analysis Time (s) Solving Time (s) wct bct wct bct (s) wct bct wct bct 1/ /10 8/ ,909 2/ /10 8/ ,759 3/ /10 6/ ,892 4/ /10 6/ ,579 5/ /10 6/ ,089 6/ /10 6/ ,555 7/ /10 6/ ,834 8/ /10 6/ ,579 9/ /10 6/ ,45 10/ /10 6/ ,148 11/ /10 6/ ,244 Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

100 Property Specific State Space Reduction FMS: Scalability Test 300 Latency for L 1 Solving Time (s) WCT BCT NDB Number Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

101 Feedback Analysis Proposal Outline 1 Introduction 2 Method to integrate formal verification for DSMLs 3 Property-Driven Approach 4 Semantic Mapping from UML-MARTE to TPN 5 Real-Time Property Specification 6 Observer-Based Property Verification 7 Property Specific State Space Reduction 8 Feedback Analysis Proposal 9 Synthesis Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

102 Feedback Analysis Proposal Model Verification Feedback State of the art Counterexamples in state-class graph are difficult to analyze Existing approach provide a set of suspicious component without particular ranking factor Or animate the error trace in the design model. Abstraction Issue Abstraction in design model at early phases. Proposal Abstraction in the mapping from design model to verification model. Abstraction in state class graph. Rank suspicious components using a suspiciousness factor, when a safety property is not satisfied Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

103 Feedback Analysis Proposal Fault Contribution & Error Trace Definition (Fault Contribution) Fault Contribution C F (t) is a suspiciousness factor to measure the suspicion level of a transition t. It is used to rank the suspiciousness of transitions on the error traces. Definition (Error Trace) For all the states {s i } on the path from an initial state s 0 to a violation state s v in the reachability graph, all the outgoing transitions of s i are considered as error trace π. S t 2 t 4 t t S t 2 2 t v t 1 6 t 5 t π = {t 0, t 1, t 2, t 1, t 5, t 4, t 2, t 3, t 4 } Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

104 Feedback Analysis Proposal FMS: Failure Analysis for Latency Property The bct for latency is 75.2 ms. If we want to check that it is ms, the analysis gives the following results: Function Faulty contribution Rank r0 r3 r5 r7 r0 r3 r5 r7 Rank Var Rank Var % FM1 10,04 9,14 1,46 0, ,6875 0, MFD1 5,64 5,00 4,91 1, ,6875 0, KU1 4,98 5,00 4,06 0, ,6875 0, NDB 5,45 0,58 0,25 0, ,6875 0, KU1 FM1 comm 1,03 0,99 0,05 0, ,1875 0, NDB FM1a comm 1,03 0,12 0,05 0, ,5 0,0625 FM1 MFD1 comm 1,00 1,00 0,99 0, ,6875 0, FM1 NDB comm 1,01 0,12 0,05 0, ,6875 0, Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

105 Synthesis Outline 1 Introduction 2 Method to integrate formal verification for DSMLs 3 Property-Driven Approach 4 Semantic Mapping from UML-MARTE to TPN 5 Real-Time Property Specification 6 Observer-Based Property Verification 7 Property Specific State Space Reduction 8 Feedback Analysis Proposal 9 Synthesis Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

106 Synthesis Synthesis Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

107 Synthesis Synthesis Property-driven proposal Minimizing verification semantics by Semantic mapping from UML-MARTE to TPN. Specification of real-time requirements by property patterns. Verification and computation of real-time property by observers. Property-specific reduction of state space. Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

108 Synthesis Synthesis Property-driven proposal Minimizing verification semantics by Semantic mapping from UML-MARTE to TPN. Specification of real-time requirements by property patterns. Verification and computation of real-time property by observers. Property-specific reduction of state space. Feedback analysis proposal Ranking suspicious faulty elements based on data mining of failure scenarios. Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

109 Synthesis Synthesis Property-driven proposal Minimizing verification semantics by Semantic mapping from UML-MARTE to TPN. Specification of real-time requirements by property patterns. Verification and computation of real-time property by observers. Property-specific reduction of state space. Feedback analysis proposal Ranking suspicious faulty elements based on data mining of failure scenarios. Toolset prototype Development of toolset prototype (30264 lines of Java code using Eclipse Modeling Framework). Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

110 Synthesis Synthesis Property-driven proposal Minimizing verification semantics by Semantic mapping from UML-MARTE to TPN. Specification of real-time requirements by property patterns. Verification and computation of real-time property by observers. Property-specific reduction of state space. Feedback analysis proposal Ranking suspicious faulty elements based on data mining of failure scenarios. Toolset prototype Development of toolset prototype (30264 lines of Java code using Eclipse Modeling Framework). Experiment Application to FMS case study and test of scalability. Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

111 Synthesis Perspective: Applications Short term activities Specify verification-ease property pattern with MARTE CCSL. Other industrial case studies should be experimented and used to further validate our proposal. The automated feedback approach can be further experimented and compared with the existing approaches. Application to other modeling language Apply the property-driven and feedback approaches to other end-user modeling language such as AADL, EAST-ADL or to intermediate languages like FIACRE. Redefine semantic mapping. Marc Pantel (IRIT-ACADIE) Property-Driven Verification toolchain August 27, / 59

Similar documents

Hoare Logic and Model Checking. LTL and CTL: a perspective. Learning outcomes. Model Checking Lecture 12: Loose ends

Hoare Logic and Model Checking. LTL and CTL: a perspective. Learning outcomes. Model Checking Lecture 12: Loose ends Learning outcomes Hoare Logic and Model Checking Model Checking Lecture 12: Loose ends Dominic Mulligan Based on previous slides by Alan Mycroft and Mike Gordon Programming, Logic, and Semantics Group

More information

Choice of Temporal Logic Specifications. Narayanan Sundaram EE219C Lecture

Choice of Temporal Logic Specifications. Narayanan Sundaram EE219C Lecture Choice of Temporal Logic Specifications Narayanan Sundaram EE219C Lecture 1 CTL Vs LTL The Final Showdown 2 Why should we choose one over the other? Expressiveness Clarity/Intuitiveness Algorithmic Complexity

More information

Chapter 2. Knowledge Representation: Reasoning, Issues, and Acquisition. Teaching Notes

Chapter 2. Knowledge Representation: Reasoning, Issues, and Acquisition. Teaching Notes Chapter 2 Knowledge Representation: Reasoning, Issues, and Acquisition Teaching Notes This chapter explains how knowledge is represented in artificial intelligence. The topic may be launched by introducing

More information

University of Bristol - Explore Bristol Research. Peer reviewed version. Link to publication record in Explore Bristol Research PDF-document

University of Bristol - Explore Bristol Research. Peer reviewed version. Link to publication record in Explore Bristol Research PDF-document Araiza Illan, D., Pipe, A. G., & Eder, K. I. (2016). Intelligent Agent-Based Stimulation for Testing RoboticaSoftware in Human-Robot Interaction. arxiv, [1604.05508]. Peer reviewed version Link to publication

More information

Symbolic CTL Model Checking

Symbolic CTL Model Checking Symbolic CTL Model Checking Crystal Chang Din Precise Modeling and Analysis group (PMA), University of Oslo INF9140 - Specification and Verification of Parallel Systems Crystal Chang Din @ UiO Symbolic

More information

CHAPTER 4 CONTENT LECTURE 1 November :28 AM

CHAPTER 4 CONTENT LECTURE 1 November :28 AM CHAPTER 4 By Radu Muresan University of Guelph Page 1 CHAPTER 4 CONTENT LECTURE 1 November 07 12 10:28 AM UNIPROCESSOR SCHEDULING Real Time Task Model Concepts Types of Real Time Tasks and Their Characteristics

More information

Design Safety Verification of Medical Device Models using Automata Theory

Design Safety Verification of Medical Device Models using Automata Theory Design Safety Verification of Medical Device Models using Automata Theory A Thesis Presented to The Faculty of Computer Science Program California State University Channel Islands In (Partial) Fulfillment

More information

On the Effectiveness of Specification-Based Structural Test-Coverage Criteria as Test-Data Generators for Safety-Critical Systems

On the Effectiveness of Specification-Based Structural Test-Coverage Criteria as Test-Data Generators for Safety-Critical Systems On the Effectiveness of Specification-Based Structural Test-Coverage Criteria as Test-Data Generators for Safety-Critical Systems A DISSERTATION SUBMITTED TO THE FACULTY OF UNIVERSITY OF MINNESOTA BY Devaraj

More information

Appendix I Teaching outcomes of the degree programme (art. 1.3)

Appendix I Teaching outcomes of the degree programme (art. 1.3) Appendix I Teaching outcomes of the degree programme (art. 1.3) The Master graduate in Computing Science is fully acquainted with the basic terms and techniques used in Computing Science, and is familiar

More information

METABOLIC PETRI NETS. MONIKA HEINER, BTU Cottbus REINHARDT HEINRICH, HU BERLIN SOFTWARE ENGINEERING & PETRI NETS

METABOLIC PETRI NETS. MONIKA HEINER, BTU Cottbus REINHARDT HEINRICH, HU BERLIN SOFTWARE ENGINEERING & PETRI NETS Petri Nets & Metabolic Networks October 000 Petri Nets & Metabolic Networks October 000 BTU COTTBUS COMPUTER SCIENCE INSTITUTE SOFTWARE ENGINEERING & PETRI NETS METABOLIC PETRI NETS software Problem Petrinetz

More information

Hierarchical FSM s with Multiple Concurrency Models

Hierarchical FSM s with Multiple Concurrency Models Hierarchical FSM s with Multiple Concurrency Models Presented by Perry Tsao on October 31, 2000 Introduction Reactive Systems All have concurrency Includes embedded systems, real-time systems, some software

More information

DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING. CP 7026-Software Quality Assurance Unit-I. Part-A

DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING. CP 7026-Software Quality Assurance Unit-I. Part-A DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING CP 7026-Software Quality Assurance Unit-I 1. What is quality? 2. What are the Views of Quality? 3. What is Quality Cost? 4. What is Quality Audit? 5. What

More information

Stepwise Knowledge Acquisition in a Fuzzy Knowledge Representation Framework

Stepwise Knowledge Acquisition in a Fuzzy Knowledge Representation Framework Stepwise Knowledge Acquisition in a Fuzzy Knowledge Representation Framework Thomas E. Rothenfluh 1, Karl Bögl 2, and Klaus-Peter Adlassnig 2 1 Department of Psychology University of Zurich, Zürichbergstraße

More information

PROCEDURAL APPROACH TO MITIGATING CONCURRENTLY APPLIED CLINICAL PRACTICE GUIDELINES

PROCEDURAL APPROACH TO MITIGATING CONCURRENTLY APPLIED CLINICAL PRACTICE GUIDELINES PROCEDURAL APPROACH TO MITIGATING CONCURRENTLY APPLIED CLINICAL PRACTICE GUIDELINES Martin Michalowski 2, Szymon Wilk 3, Wojtek Michalowski 1, Xing Tan 1, Di Lin 4, Ken Farion 5, Subhra Mohapatra 3 MET

More information

Generating Obstacle Conditions for Requirements Completeness

Generating Obstacle Conditions for Requirements Completeness Generating Obstacle Conditions for Requirements Completeness Dalal Alrajeh, Jeff Kramer, Axel van Lamsweerde, Alessandra Russo, and Sebastian Uchitel Department of Computing, Imperial College London, UK

More information

Getting the Payoff With MDD. Proven Steps to Get Your Return on Investment

Getting the Payoff With MDD. Proven Steps to Get Your Return on Investment Getting the Payoff With MDD Proven Steps to Get Your Return on Investment version 1.4 6/18/11 Generate Results: Real Models, Real Code, Real Fast. www.pathfindersolns.com Welcome Systems development organizations

More information

Supervisory control synthesis

Supervisory control synthesis System view Engineering SCS Tools Applications Conclusions Supervisory control synthesis Bert van Beek Systems Engineering Group Dept. of Mechanical Engineering 5 November 2009 Bert van Beek, Industry

More information

BPMN Business Process Modeling Notations

BPMN Business Process Modeling Notations BPMN Business Process Modeling Notations Hala Skaf-Molli Hala.Skaf@univ-nantes.fr http://pagesperso.lina.univ-nantes.fr/~skaf-h References BBMN January 2011: http://www.omg.org/spec/bpmn/2.0 (538 pages)

More information

Causal Knowledge Modeling for Traditional Chinese Medicine using OWL 2

Causal Knowledge Modeling for Traditional Chinese Medicine using OWL 2 Causal Knowledge Modeling for Traditional Chinese Medicine using OWL 2 Peiqin Gu College of Computer Science, Zhejiang University, P.R.China gupeiqin@zju.edu.cn Abstract. Unlike Western Medicine, those

More information

Expert System Profile

Expert System Profile Expert System Profile GENERAL Domain: Medical Main General Function: Diagnosis System Name: INTERNIST-I/ CADUCEUS (or INTERNIST-II) Dates: 1970 s 1980 s Researchers: Ph.D. Harry Pople, M.D. Jack D. Myers

More information

Test design automation: equivalence classes, boundaries, edges and corner cases

Test design automation: equivalence classes, boundaries, edges and corner cases Abstract design automation: equivalence classes, boundaries, edges and corner cases George B. Sherwood cover.com, LLC Colts Neck, NJ USA An embedded functions feature is under development for the cover.com

More information

A Virtual Glucose Homeostasis Model for Verification, Simulation and Clinical Trials

A Virtual Glucose Homeostasis Model for Verification, Simulation and Clinical Trials A Virtual Glucose Homeostasis Model for Verification, Simulation and Clinical Trials Neeraj Kumar Singh INPT-ENSEEIHT/IRIT University of Toulouse, France September 14, 2016 Neeraj Kumar Singh A Perspective

More information

Invited talk, 12th International Conference on Distributed Computing and Internet Technology (ICDCIT), Bhubaneswar, India, January 2016

Invited talk, 12th International Conference on Distributed Computing and Internet Technology (ICDCIT), Bhubaneswar, India, January 2016 Invited talk, 12th International Conference on Distributed Computing and Internet Technology (ICDCIT), Bhubaneswar, India, January 2016 Trustworthy Self-Integrating Systems John Rushby Computer Science

More information

DATE 2006 Session 5B: Timing and Noise Analysis

DATE 2006 Session 5B: Timing and Noise Analysis DATE 2006 Session 5B: Timing and Noise Analysis Bus Stuttering : An Encoding Technique To Reduce Inductive Noise In Off-Chip Data Transmission Authors: Brock J. LaMeres, Agilent Technologies Sunil P. Khatri,

More information

Plan Recognition through Goal Graph Analysis

Plan Recognition through Goal Graph Analysis Plan Recognition through Goal Graph Analysis Jun Hong 1 Abstract. We present a novel approach to plan recognition based on a two-stage paradigm of graph construction and analysis. First, a graph structure

More information

LECTURE 5: REACTIVE AND HYBRID ARCHITECTURES

LECTURE 5: REACTIVE AND HYBRID ARCHITECTURES Reactive Architectures LECTURE 5: REACTIVE AND HYBRID ARCHITECTURES An Introduction to MultiAgent Systems http://www.csc.liv.ac.uk/~mjw/pubs/imas There are many unsolved (some would say insoluble) problems

More information

Computational Tree Logic and Model Checking A simple introduction. F. Raimondi

Computational Tree Logic and Model Checking A simple introduction. F. Raimondi Computational Tree Logic and Model Checking A simple introduction F. Raimondi I am Franco Raimondi, f.raimondi@cs.ucl.ac.uk Slides, coursework, coursework solutions can be found online: http://www.cs.ucl.ac.uk/staff/f.raimondi/

More information

Tackling Random Blind Spots with Strategy-Driven Stimulus Generation

Tackling Random Blind Spots with Strategy-Driven Stimulus Generation Tackling Random Blind Spots with Strategy-Driven Stimulus Generation Matthew Ballance Mentor Graphics Corporation Design Verification Technology Division Wilsonville, Oregon matt_ballance@mentor.com Abstract

More information

CS343: Artificial Intelligence

CS343: Artificial Intelligence CS343: Artificial Intelligence Introduction: Part 2 Prof. Scott Niekum University of Texas at Austin [Based on slides created by Dan Klein and Pieter Abbeel for CS188 Intro to AI at UC Berkeley. All materials

More information

Linear-Time vs. Branching-Time Properties

Linear-Time vs. Branching-Time Properties EE 144/244: Fundamental Algorithms for System Modeling, Analysis, and Optimization Fall 2014 Temporal logic CTL Stavros Tripakis University of California, Berkeley Stavros Tripakis (UC Berkeley) EE 144/244,

More information

Plan Recognition through Goal Graph Analysis

Plan Recognition through Goal Graph Analysis Plan Recognition through Goal Graph Analysis Jun Hong 1 Abstract. We present a novel approach to plan recognition based on a two-stage paradigm of graph construction and analysis. First, a graph structure

More information

Automatic Fault Tree Derivation from Little-JIL Process Definitions

Automatic Fault Tree Derivation from Little-JIL Process Definitions Automatic Fault Tree Derivation from Little-JIL Process Definitions Bin Chen, George S. Avrunin, Lori A. Clarke, and Leon J. Osterweil Laboratory for Advanced Software Engineering Research (LASER) University

More information

Lecture 7: Computation Tree Logics

Lecture 7: Computation Tree Logics Lecture 7: Computation Tree Loics Model of Computation Computation Tree Loics The Loic CTL Path Formulas and State Formulas CTL and LTL Expressive Power of Loics 1 Model of Computation a b State Transition

More information

CS148 - Building Intelligent Robots Lecture 5: Autonomus Control Architectures. Instructor: Chad Jenkins (cjenkins)

CS148 - Building Intelligent Robots Lecture 5: Autonomus Control Architectures. Instructor: Chad Jenkins (cjenkins) Lecture 5 Control Architectures Slide 1 CS148 - Building Intelligent Robots Lecture 5: Autonomus Control Architectures Instructor: Chad Jenkins (cjenkins) Lecture 5 Control Architectures Slide 2 Administrivia

More information

Computation Tree Logic vs. Linear Temporal Logic. Slides from Robert Bellarmine Krug University of Texas at Austin

Computation Tree Logic vs. Linear Temporal Logic. Slides from Robert Bellarmine Krug University of Texas at Austin Computation Tree Logic vs. Linear Temporal Logic Slides from Robert Bellarmine Krug University of Texas at Austin CTL vs. LTL (2 / 40) Outline 1. Some Definitions And Notation 2. LTL 3. CTL 4. CTL vs.

More information

STIN2103. Knowledge. engineering expert systems. Wan Hussain Wan Ishak. SOC 2079 Ext.: Url:

STIN2103. Knowledge. engineering expert systems. Wan Hussain Wan Ishak. SOC 2079 Ext.: Url: & Knowledge STIN2103 engineering expert systems Wan Hussain Wan Ishak SOC 2079 Ext.: 4786 Email: hussain@uum.edu.my Url: http://www.wanhussain.com Outline Knowledge Representation Types of knowledge Knowledge

More information

Data Mining in Bioinformatics Day 4: Text Mining

Data Mining in Bioinformatics Day 4: Text Mining Data Mining in Bioinformatics Day 4: Text Mining Karsten Borgwardt February 25 to March 10 Bioinformatics Group MPIs Tübingen Karsten Borgwardt: Data Mining in Bioinformatics, Page 1 What is text mining?

More information

Assurance Cases for Model-based Development of Medical Devices. Anaheed Ayoub, BaekGyu Kim, Insup Lee, Oleg Sokolsky. Outline

Assurance Cases for Model-based Development of Medical Devices. Anaheed Ayoub, BaekGyu Kim, Insup Lee, Oleg Sokolsky. Outline Assurance Cases for Model-based Development of Medical Devices Anaheed Ayoub, BaekGyu Kim, Insup Lee, Oleg Sokolsky Outline Introduction State of the art in regulatory activities Evidence-based certification

More information

Process Mining to enhance security of Web information systems

Process Mining to enhance security of Web information systems Process Mining to enhance security of Web information systems Simona Bernardi, Raúl Piracés Alastuey, and Raquel Trillo Lado Paris, 29th April 2017 Simona Bernardi, Raúl Piracés Alastuey, and Raquel Trillo

More information

Systems Engineering Guide for Systems of Systems. Summary. December 2010

Systems Engineering Guide for Systems of Systems. Summary. December 2010 DEPARTMENT OF DEFENSE Systems Engineering Guide for Systems of Systems Summary December 2010 Director of Systems Engineering Office of the Director, Defense Research and Engineering Washington, D.C. This

More information

EEL-5840 Elements of {Artificial} Machine Intelligence

EEL-5840 Elements of {Artificial} Machine Intelligence Menu Introduction Syllabus Grading: Last 2 Yrs Class Average 3.55; {3.7 Fall 2012 w/24 students & 3.45 Fall 2013} General Comments Copyright Dr. A. Antonio Arroyo Page 2 vs. Artificial Intelligence? DEF:

More information

Analysis of Model Based Regression Testing Approaches

Analysis of Model Based Regression Testing Approaches Analysis of Model Based Regression Testing Approaches SABAH TAMIMI MUHAMMAD ZAHOOR College of Computing, AlGhurair University, College of Computing, AlGhurair University, Dubai, United Arab Emirates. Dubai,

More information

Automated Conflict Detection Between Medical Care Pathways

Automated Conflict Detection Between Medical Care Pathways Automated Conflict Detection Between Medical Care Pathways Philip Weber, Bosco Filho, Mark Lee, Ian Litchfield, Ruth Backman University of Birmingham, UK School of Computer Science Institute of Applied

More information

ENVIRONMENTAL REINFORCEMENT LEARNING: A Real-time Learning Architecture for Primitive Behavior Refinement

ENVIRONMENTAL REINFORCEMENT LEARNING: A Real-time Learning Architecture for Primitive Behavior Refinement ENVIRONMENTAL REINFORCEMENT LEARNING: A Real-time Learning Architecture for Primitive Behavior Refinement TaeHoon Anthony Choi, Eunbin Augustine Yim, and Keith L. Doty Machine Intelligence Laboratory Department

More information

A hybrid approach for identification of root causes and reliability improvement of a die bonding process a case study

A hybrid approach for identification of root causes and reliability improvement of a die bonding process a case study Reliability Engineering and System Safety 64 (1999) 43 48 A hybrid approach for identification of root causes and reliability improvement of a die bonding process a case study Han-Xiong Li a, *, Ming J.

More information

Lecture 2: Linear vs. Branching time. Temporal Logics: CTL, CTL*. CTL model checking algorithm. Counter-example generation.

Lecture 2: Linear vs. Branching time. Temporal Logics: CTL, CTL*. CTL model checking algorithm. Counter-example generation. CS 267: Automated Verification Lecture 2: Linear vs. Branching time. Temoral Logics: CTL, CTL*. CTL model checking algorithm. Counter-examle generation. Instructor: Tevfik Bultan Linear Time vs. Branching

More information

Model-based Problem Solving

Model-based Problem Solving Handbook of Knowledge Representation Edited by F. van Harmelen, V. Lifschitz and B. Porter 2008 Elsevier B.V. All rights reserved DOI: 10.1016/S1574-6526(07)03010-6 395 Chapter 10 Model-based Problem Solving

More information

Formal Methods for Biological Systems: Languages, Algorithms, and Applications

Formal Methods for Biological Systems: Languages, Algorithms, and Applications Formal Methods for Biological Systems: Languages, Algorithms, and Applications Qinsi Wang CMU-CS-16-129 September 2016 School of Computer Science Computer Science Department Carnegie Mellon University

More information

Design the Flexibility, Maintain the Stability of Conceptual Schemas

Design the Flexibility, Maintain the Stability of Conceptual Schemas Design the Flexibility, Maintain the Stability of Conceptual Schemas Lex Wedemeijer 1 ABP Netherlands, Department of Information Management, P.O.Box 4476, NL-6401 CZ, Heerlen, The Netherlands L.Wedemeijer@ABP.NL

More information

Intelligent Agents. CmpE 540 Principles of Artificial Intelligence

Intelligent Agents. CmpE 540 Principles of Artificial Intelligence CmpE 540 Principles of Artificial Intelligence Intelligent Agents Pınar Yolum pinar.yolum@boun.edu.tr Department of Computer Engineering Boğaziçi University 1 Chapter 2 (Based mostly on the course slides

More information

Cognitive Neuroscience History of Neural Networks in Artificial Intelligence The concept of neural network in artificial intelligence

Cognitive Neuroscience History of Neural Networks in Artificial Intelligence The concept of neural network in artificial intelligence Cognitive Neuroscience History of Neural Networks in Artificial Intelligence The concept of neural network in artificial intelligence To understand the network paradigm also requires examining the history

More information

Solving problems by searching

Solving problems by searching Solving problems by searching Chapter 3 14 Jan 2004 CS 3243 - Blind Search 1 Outline Problem-solving agents Problem types Problem formulation Example problems Basic search algorithms 14 Jan 2004 CS 3243

More information

Defect Removal. RIT Software Engineering

Defect Removal. RIT Software Engineering Defect Removal Agenda Setting defect removal targets Cost effectiveness of defect removal Matching to customer & business needs and preferences Performing defect removal Techniques/approaches/practices

More information

DiPRA (Distributed Practical Reasoning Architecture)

DiPRA (Distributed Practical Reasoning Architecture) DiPRA: Distributed Practical Reasoning Architecture Giovanni Pezzulo, Gianguglielmo Calvi, Cristiano Castelfranchi Istituto di Scienze e Tecnologie della Cognizione - CNR Via San Martino della Battaglia,

More information

A Decision-Theoretic Approach to Evaluating Posterior Probabilities of Mental Models

A Decision-Theoretic Approach to Evaluating Posterior Probabilities of Mental Models A Decision-Theoretic Approach to Evaluating Posterior Probabilities of Mental Models Jonathan Y. Ito and David V. Pynadath and Stacy C. Marsella Information Sciences Institute, University of Southern California

More information

Use of Structure Mapping Theory for Complex Systems

Use of Structure Mapping Theory for Complex Systems Gentner, D., & Schumacher, R. M. (1986). Use of structure-mapping theory for complex systems. Presented at the Panel on Mental Models and Complex Systems, IEEE International Conference on Systems, Man

More information

Pilot Study: Clinical Trial Task Ontology Development. A prototype ontology of common participant-oriented clinical research tasks and

Pilot Study: Clinical Trial Task Ontology Development. A prototype ontology of common participant-oriented clinical research tasks and Pilot Study: Clinical Trial Task Ontology Development Introduction A prototype ontology of common participant-oriented clinical research tasks and events was developed using a multi-step process as summarized

More information

Foundations of AI. 10. Knowledge Representation: Modeling with Logic. Concepts, Actions, Time, & All the Rest

Foundations of AI. 10. Knowledge Representation: Modeling with Logic. Concepts, Actions, Time, & All the Rest Foundations of AI 10. Knowledge Representation: Modeling with Logic Concepts, Actions, Time, & All the Rest Wolfram Burgard, Andreas Karwath, Bernhard Nebel, and Martin Riedmiller 10/1 Contents Knowledge

More information

Agent-Based Models. Maksudul Alam, Wei Wang

Agent-Based Models. Maksudul Alam, Wei Wang Agent-Based Models Maksudul Alam, Wei Wang Outline Literature Review about Agent-Based model Modeling disease outbreaks in realistic urban social Networks EpiSimdemics: an Efficient Algorithm for Simulating

More information

in Engineering Prof. Dr. Michael Havbro Faber ETH Zurich, Switzerland Swiss Federal Institute of Technology

in Engineering Prof. Dr. Michael Havbro Faber ETH Zurich, Switzerland Swiss Federal Institute of Technology Risk and Safety in Engineering Prof. Dr. Michael Havbro Faber ETH Zurich, Switzerland Contents of Today's Lecture Introduction to Bayesian Probabilistic Nets (BPN) Causality as a support in reasoning Basic

More information

Models of Information Retrieval

Models of Information Retrieval Models of Information Retrieval Introduction By information behaviour is meant those activities a person may engage in when identifying their own needs for information, searching for such information in

More information

Chapter 3 Software Packages to Install How to Set Up Python Eclipse How to Set Up Eclipse... 42

Chapter 3 Software Packages to Install How to Set Up Python Eclipse How to Set Up Eclipse... 42 Table of Contents Preface..... 21 About the Authors... 23 Acknowledgments... 24 How This Book is Organized... 24 Who Should Buy This Book?... 24 Where to Find Answers to Review Questions and Exercises...

More information

Expert Systems. Artificial Intelligence. Lecture 4 Karim Bouzoubaa

Expert Systems. Artificial Intelligence. Lecture 4 Karim Bouzoubaa Expert Systems Artificial Intelligence Lecture 4 Karim Bouzoubaa Artificial Intelligence Copyright Karim Bouzoubaa 2 Introduction ES: Capture, represent, store and apply human K using a machine Practical

More information

IEEE SIGNAL PROCESSING LETTERS, VOL. 13, NO. 3, MARCH A Self-Structured Adaptive Decision Feedback Equalizer

IEEE SIGNAL PROCESSING LETTERS, VOL. 13, NO. 3, MARCH A Self-Structured Adaptive Decision Feedback Equalizer SIGNAL PROCESSING LETTERS, VOL 13, NO 3, MARCH 2006 1 A Self-Structured Adaptive Decision Feedback Equalizer Yu Gong and Colin F N Cowan, Senior Member, Abstract In a decision feedback equalizer (DFE),

More information

A Constraint-based Approach to Medical Guidelines and Protocols

A Constraint-based Approach to Medical Guidelines and Protocols A Constraint-based Approach to Medical Guidelines and Protocols Arjen Hommersom 1, Perry Groot 1, Peter Lucas 1 Mar Marcos 2, and Begoña Martínez-Salvador 2 1 University of Nijmegen {arjenh, perry, peterl}@cs.ru.nl

More information

Modeling and Evaluating the Cdc2 and Cyclin Interactions in the Cell Division Cycle with a Time Dependent Petri Net (Case Study)

Modeling and Evaluating the Cdc2 and Cyclin Interactions in the Cell Division Cycle with a Time Dependent Petri Net (Case Study) Modeling and Evaluating the Cdc2 and Cyclin Interactions in the Cell Division Cycle with a Time Dependent Petri Net (Case Study) Louchka Popova-Zeugmann Humboldt-Universität zu Berlin Department of Computer

More information

Root Cause Analysis. December, 9 th, 2008

Root Cause Analysis. December, 9 th, 2008 December, 9 th, 2008 Introduction Root Cause Analysis, according to The Joint Commission is a "process for identifying the basic or causal factors that underlie variation in performance, including the

More information

What Is A Knowledge Representation? Lecture 13

What Is A Knowledge Representation? Lecture 13 What Is A Knowledge Representation? 6.871 - Lecture 13 Outline What Is A Representation? Five Roles What Should A Representation Be? What Consequences Does This View Have For Research And Practice? One

More information

Dynamic Rule-based Agent

Dynamic Rule-based Agent International Journal of Engineering Research and Technology. ISSN 0974-3154 Volume 11, Number 4 (2018), pp. 605-613 International Research Publication House http://www.irphouse.com Dynamic Rule-based

More information

What Happened to Bob? Semantic Data Mining of Context Histories

What Happened to Bob? Semantic Data Mining of Context Histories What Happened to Bob? Semantic Data Mining of Context Histories Michael Wessel, Marko Luther, Ralf Möller Racer Systems DOCOMO Euro-Labs Uni Hamburg A mobile community service 1300+ users in 60+ countries

More information

A Chronicle-based Diagnosability Approach for Discrete Timed-event Systems: Application to Web-Services

A Chronicle-based Diagnosability Approach for Discrete Timed-event Systems: Application to Web-Services Journal of Universal Computer Science, vol. 15, no. 17 (2009), 3246-3272 submitted: 15/11/08, accepted: 15/10/09, appeared: 1/11/09 J.UCS A Chronicle-based Diagnosability Approach for Discrete Timed-event

More information

Bayesian Nonparametric Methods for Precision Medicine

Bayesian Nonparametric Methods for Precision Medicine Bayesian Nonparametric Methods for Precision Medicine Brian Reich, NC State Collaborators: Qian Guan (NCSU), Eric Laber (NCSU) and Dipankar Bandyopadhyay (VCU) University of Illinois at Urbana-Champaign

More information

Development of Capability Driven Development Methodology: Experiences and Recommendations

Development of Capability Driven Development Methodology: Experiences and Recommendations Development of Capability Driven Development Methodology: Experiences and Recommendations Janis Stirna, Jelena Zdravkovic, Janis Grabis, Kurt Sandkuhl Outline Objectives of the paper Requirements and principles

More information

Explanation-Boosted Question Selection in Conversational CBR

Explanation-Boosted Question Selection in Conversational CBR Explanation-Boosted Question Selection in Conversational CBR Mingyang Gu and Agnar Aamodt Department of Computer and Information Science, Norwegian University of Science and Technology, Sem Sælands vei

More information

CPSC 121 Some Sample Questions for the Final Exam

CPSC 121 Some Sample Questions for the Final Exam CPSC 121 Some Sample Questions for the Final Exam [0] 1. Tautologies and Contradictions: Determine whether the following statements are tautologies (definitely true), contradictions (definitely false),

More information

Goal-Oriented Measurement plus System Dynamics A Hybrid and Evolutionary Approach

Goal-Oriented Measurement plus System Dynamics A Hybrid and Evolutionary Approach Goal-Oriented Measurement plus System Dynamics A Hybrid and Evolutionary Approach Dietmar Pfahl Fraunhofer Institute IESE pfahl@iese.fhg.de Günther Ruhe University of Calgary ruhe@ucalgary.ca 1. Aim and

More information

Dr. Mustafa Jarrar. Chapter 2 Intelligent Agents. Sina Institute, University of Birzeit

Dr. Mustafa Jarrar. Chapter 2 Intelligent Agents. Sina Institute, University of Birzeit Lecture Notes, Advanced Artificial Intelligence (SCOM7341) Sina Institute, University of Birzeit 2 nd Semester, 2012 Advanced Artificial Intelligence (SCOM7341) Chapter 2 Intelligent Agents Dr. Mustafa

More information

Unifying Data-Directed and Goal-Directed Control: An Example and Experiments

Unifying Data-Directed and Goal-Directed Control: An Example and Experiments Unifying Data-Directed and Goal-Directed Control: An Example and Experiments Daniel D. Corkill, Victor R. Lesser, and Eva Hudlická Department of Computer and Information Science University of Massachusetts

More information

Assignment Question Paper I

Assignment Question Paper I Subject : - Discrete Mathematics Maximum Marks : 30 1. Define Harmonic Mean (H.M.) of two given numbers relation between A.M.,G.M. &H.M.? 2. How we can represent the set & notation, define types of sets?

More information

ICS 606. Intelligent Autonomous Agents 1. Intelligent Autonomous Agents ICS 606 / EE 606 Fall Reactive Architectures

ICS 606. Intelligent Autonomous Agents 1. Intelligent Autonomous Agents ICS 606 / EE 606 Fall Reactive Architectures Intelligent Autonomous Agents ICS 606 / EE 606 Fall 2011 Nancy E. Reed nreed@hawaii.edu 1 Lecture #5 Reactive and Hybrid Agents Reactive Architectures Brooks and behaviors The subsumption architecture

More information

Chapter IR:VIII. VIII. Evaluation. Laboratory Experiments Logging Effectiveness Measures Efficiency Measures Training and Testing

Chapter IR:VIII. VIII. Evaluation. Laboratory Experiments Logging Effectiveness Measures Efficiency Measures Training and Testing Chapter IR:VIII VIII. Evaluation Laboratory Experiments Logging Effectiveness Measures Efficiency Measures Training and Testing IR:VIII-1 Evaluation HAGEN/POTTHAST/STEIN 2018 Retrieval Tasks Ad hoc retrieval:

More information

CS 771 Artificial Intelligence. Intelligent Agents

CS 771 Artificial Intelligence. Intelligent Agents CS 771 Artificial Intelligence Intelligent Agents What is AI? Views of AI fall into four categories 1. Thinking humanly 2. Acting humanly 3. Thinking rationally 4. Acting rationally Acting/Thinking Humanly/Rationally

More information

Intelligent Agents. Soleymani. Artificial Intelligence: A Modern Approach, Chapter 2

Intelligent Agents. Soleymani. Artificial Intelligence: A Modern Approach, Chapter 2 Intelligent Agents CE417: Introduction to Artificial Intelligence Sharif University of Technology Spring 2016 Soleymani Artificial Intelligence: A Modern Approach, Chapter 2 Outline Agents and environments

More information

ERA: Architectures for Inference

ERA: Architectures for Inference ERA: Architectures for Inference Dan Hammerstrom Electrical And Computer Engineering 7/28/09 1 Intelligent Computing In spite of the transistor bounty of Moore s law, there is a large class of problems

More information

A Survey of UML Based Regression Testing

A Survey of UML Based Regression Testing A Survey of UML Based Regression Testing Muhammad Fahad and Aamer Nadeem Mohammad Ali Jinnah University Islamabad, Pakistan. mhd.fahad@gmail.com, a.n@acm.org Abstract: Regression testing is the process

More information

PART - A 1. Define Artificial Intelligence formulated by Haugeland. The exciting new effort to make computers think machines with minds in the full and literal sense. 2. Define Artificial Intelligence

More information

User-Friendly Approach to Capacity Planning studies with Java Modelling Tools

User-Friendly Approach to Capacity Planning studies with Java Modelling Tools Politecnico di Milano EECS Dept. Milan, Italy User-Friendly Approach to Capacity Planning studies with Java Modelling Tools Marco Bertoli, Giuliano Casale, Giuseppe Serazzi SIMUTOOLS09 March 5th, 2009

More information

Intelligent Autonomous Agents. Ralf Möller, Rainer Marrone Hamburg University of Technology

Intelligent Autonomous Agents. Ralf Möller, Rainer Marrone Hamburg University of Technology Intelligent Autonomous Agents Ralf Möller, Rainer Marrone Hamburg University of Technology Lab class Tutor: Rainer Marrone Time: Monday 12:15-13:00 Locaton: SBS93 A0.13.1/2 w Starting in Week 3 Literature

More information

Comprehensive Mitigation Framework for Concurrent Application of Multiple Clinical Practice Guidelines

Comprehensive Mitigation Framework for Concurrent Application of Multiple Clinical Practice Guidelines Comprehensive Mitigation Framework for Concurrent Application of Multiple Clinical Practice Guidelines Szymon Wilk a,b,, Martin Michalowski c, Wojtek Michalowski b, Daniela Rosu b, Marc Carrier d, Mounira

More information

Selecting a research method

Selecting a research method Selecting a research method Tomi Männistö 13.10.2005 Overview Theme Maturity of research (on a particular topic) and its reflection on appropriate method Validity level of research evidence Part I Story

More information

A Framework for Conceptualizing, Representing, and Analyzing Distributed Interaction. Dan Suthers

A Framework for Conceptualizing, Representing, and Analyzing Distributed Interaction. Dan Suthers 1 A Framework for Conceptualizing, Representing, and Analyzing Distributed Interaction Dan Suthers Work undertaken with Nathan Dwyer, Richard Medina and Ravi Vatrapu Funded in part by the U.S. National

More information

Answers to end of chapter questions

Answers to end of chapter questions Answers to end of chapter questions Chapter 1 What are the three most important characteristics of QCA as a method of data analysis? QCA is (1) systematic, (2) flexible, and (3) it reduces data. What are

More information

Sequential Decision Making

Sequential Decision Making Sequential Decision Making Sequential decisions Many (most) real world problems cannot be solved with a single action. Need a longer horizon Ex: Sequential decision problems We start at START and want

More information

Physiological Closed-loop Controllers for MDCPS

Physiological Closed-loop Controllers for MDCPS Physiological Closed-loop Controllers for MDCPS Rahul Mangharam & George Pappas {rahulm, pappasg}@seas.upenn.edu University of Pennsylvania Model-Driven Safety Analysis of Closed-Loop Medical Systems Miroslav

More information

Lecture II: Difference in Difference and Regression Discontinuity

Lecture II: Difference in Difference and Regression Discontinuity Review Lecture II: Difference in Difference and Regression Discontinuity it From Lecture I Causality is difficult to Show from cross sectional observational studies What caused what? X caused Y, Y caused

More information

A HMM-based Pre-training Approach for Sequential Data

A HMM-based Pre-training Approach for Sequential Data A HMM-based Pre-training Approach for Sequential Data Luca Pasa 1, Alberto Testolin 2, Alessandro Sperduti 1 1- Department of Mathematics 2- Department of Developmental Psychology and Socialisation University

More information

Minimal Change and Maximal Coherence: A Basis for Belief Revision and Reasoning about Actions

Minimal Change and Maximal Coherence: A Basis for Belief Revision and Reasoning about Actions Minimal Change and Maximal Coherence: A Basis for Belief Revision and Reasoning about Actions Anand S. Rao Australian AI Institute Carlton, Vic-3053 Australia Email: anand@aaii.oz.au Abstract The study

More information

REAL-TIME MONITORING OF DENSE CONTINUOUS DATA

REAL-TIME MONITORING OF DENSE CONTINUOUS DATA REAL-TIME MONITORING OF DENSE CONTINUOUS DATA Andrej Semrl DePaul University, Chicago, IL R&D United Airlines, WHQKB, Elk Grove Village, IL Abstract: We ve implemented a monitoring system that assists

More information

Agents and Environments

Agents and Environments Artificial Intelligence Programming s and s Chris Brooks 3-2: Overview What makes an agent? Defining an environment Types of agent programs 3-3: Overview What makes an agent? Defining an environment Types

More information
2024 © healthdocbox.com Privacy Policy | Terms of Service | Feedback