Skip to main content
SpringerLink
Log in

Environment-driven reachability for timed systems

Safety verification of an aircraft landing gear system

  • ABZ 2014
  • Published:
International Journal on Software Tools for Technology Transfer Aims and scope Submit manuscript

Abstract

With an ever increasing complexity, the verification of critical embedded systems is a challenging and expensive task. Among the available formal methods, model checking offers a high level of automation and would thus lower the cost of this process. But, the scalability of this technique is hindered by the state-space explosion problem, which fuelled the research community since its inception. To address this challenge, in the case of real size systems, the theoretical, the methodological and the algorithmic axes have to be integrated. The context-aware verification (CaV) strives to do this by focusing on the identification, the isolation and the reification of the environment surrounding the studied system. It enables the use of specific algorithms with a major, positive, impact on the scalability of model checking. In this paper, we apply this technique to study a Landing Gear System (LGS) in the presence of failures. The problem has been decomposed in 885 independent verification units (called contexts). The analysis of 163 of these contexts on a 64 GB computer unraveled a 20 TB state space with more than 2.2 billion states. Moreover, using this approach arbitrarily long scenarios have been analysed using less than 10 GB of memory.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13

Similar content being viewed by others

Notes

  1. OBP Observation Engine website: http://www.obpcdl.org.

  2. By “reification”, we mean the process of explicitly identifying something, which then is formulated and rendered accessible to conceptual/computational manipulation.

  3. OBP Observation Engine website: http://www.obpcdl.org.

  4. The alt operator was denoted + in the original syntax, in this study we have used [] to match the actual CDL grammar.

  5. It should be noted that due to the use of a “log”-axis in Fig. 7 it is difficult to see that the state spaces for these two cases exceed the L64 threshold by 21 and 41 %, respectively.

  6. the left/right door/gear failure cases are not include since they produce the same results as the front door/gear—ldF, lgF.

References

  1. Alur, R., Dill, D.L.: A theory of timed automata. Theor. Comput. Sci. 126, 183–235 (1994)

    Article  MathSciNet  MATH  Google Scholar 

  2. André, C.: Syntax and Semantics of the Clock Constraint Specification Language (CCSL). Research Report RR-6925, INRIA, (2009)

  3. Armbrust, M., Fox, A., Griffith, R., Joseph, A.D., Katz, R.H., Konwinski, A., Lee, G., Patterson, D.A., Rabkin, A., Stoica, I., Zaharia, M.: Above the clouds: a berkeley view of cloud computing. Technical Report UCB/EECS-2009-28, EECS Department, University of California, Berkeley (2009)

  4. Bengtsson, J., Larsen, K.G., Larsson, F., Pettersson, P., Yi, W.: Uppaal—a tool suite for automatic verification of real–time systems. In: Proceedings of Workshop on Verification and Control of Hybrid Systems III, number 1066 in Lecture Notes in Computer Science, pp. 232–243. Springer–Verlag (1995)

  5. Berthomieu, B., Ribet, P.-O., Verdanat, F.: The tool TINA—construction of abstract state spaces for petri nets and time petri nets. Int. J. Prod. Res. 42, 2741–2756 (2004)

    Article  MATH  Google Scholar 

  6. Boniol, F., Dhaussy, P., Le Roux, L., Roger, J.-C.: Model-Based Analysis. In: Embedded Systems, pp. 157–183. Wiley, New Jersey (2013). doi:10.1002/9781118569535.ch8

  7. Boniol, F., Wiels, V.: The landing gear system case study. In: Boniol, F., Wiels, V., Ait Ameur, Y., Schewe, K.-D. (eds.) ABZ 2014: The Landing Gear Case Study, volume 433 of Communications in Computer and Information Science, pp. 1–18. Springer International Publishing (2014)

  8. Boniol, F., Wiels, V., Ledinot, E.: Experiences using model checking to verify real time properties of a landing gear control system. France, In: Embedded Real-Time Systems (ERTS), Toulouse (2006)

  9. Burch, J.R., Clarke, E.M., McMillan, K.L., Dill, D.L., Hwang, L.J.: Symbolic model checking: \(10^{20}\) states and beyond. In: 5th IEEE Symposium on Logic in Computer Science, pp. 428–439 (1990)

  10. Clarke, E., Biere, A., Raimi, R., Zhu, Y.: Bounded model checking using satisfiability solving. Form. Methods Syst. Des. 19(1), 7–34 (2001)

    Article  MATH  Google Scholar 

  11. Clarke, E.M., Emerson, E.A., Sistla, A.P.: Automatic verification of finite-state concurrent systems using temporal logic specifications. ACM Trans. Program. Lang. Syst. 8(2), 244–263 (1986)

    Article  MATH  Google Scholar 

  12. Clarke, E.M., Enders, R., Filkorn, T., Jha, S.: Exploiting symmetry in temporal logic model checking. Form. Methods Syst. Des. 9(1–2), 77–104 (1996)

    Article  Google Scholar 

  13. Cormen, T.H., Leiserson, C.E., Rivest, R.L., Stein, C.: Introduction to Algorithms, 3rd edn. The MIT Press (2009)

  14. Deantoni, J., Issa Diallo, P., Teodorov, C., Champeau, J., Combemale, B.: Towards a Meta-Language for the Concurrency Concern in DSLs. In: Design, Automation and Test in Europe Conference and Exhibition (DATE), Grenoble, France (2015)

  15. Dhaussy, P., Boniol, F., Roger, J.-C.: Reducing state explosion with context modeling for model-checking. In: 13th IEEE International High Assurance Systems Engineering Symposium (Hase’11), Boca Raton, USA (2011)

  16. Dhaussy, P., Boniol, F., Roger, J.-C., Le Roux, L.: Improving model checking with context modelling. Advances in Software Engineering, ID 547157:13 pages (2012)

  17. Dhaussy, P., Pillain, P.-Y., Creff, S., Raji, A., Le Traon, Y., Baudry, B.: Evaluating context descriptions and property definition patterns for software formal validation. In: Schuerr, Bran Selic Andy (ed.) 12th IEEE/ACM conf Model Driven Engineering Languages and Systems (Models’09), vol. 5795, pp. 438–452. Springer-Verlag, LNCS (2009)

  18. Dhaussy, P., Roger, J.-C., Boniol, F.: Context aware model-checking for embedded software. In: Embedded Systems—Theory and Design Methodology, pages ISBN: 978–953–51–0167–3 pages 167–184. InTech (2012)

  19. Dhaussy, P., Ciprian, T.: Context-aware verification of a landing gear system. In: Boniol, F., Wiels, V., Ait Ameur, Y., Schewe, K.-D. (eds.) ABZ 2014: The Landing Gear Case Study volume 433 of Communications in Computer and Information Science, pp. 52–65. Springer International Publishing (2014)

  20. Dwyer, M.B., Avrunin, G.S., Corbett, J.C.: Property specification patterns for finite-state verification. In: FMSP, pages 7–15 (1998)

  21. Edelkamp, S., Sanders, P., Šimeček, P.: Semi-external ltl model checking. In: Gupta, A., Malik, S. (eds.) Computer Aided Verification, volume 5123 of Lecture Notes in Computer Science, pp. 530–542. Springer, Berlin Heidelberg (2008)

  22. Farail, P., Gaufillet, P., Peres, F., Bodeveix, J.-P., Filali, M., Berthomieu, B., Rodrigo, S., Vernadat, F., Garavel, H., Lang, F.: Fiacre: an intermediate language for model verification in the TOPCASED environment. In: European Congress on Embedded Real-Time Software (ERTS), Toulouse. SEE (2008)

  23. Flanagan, C., Qadeer, S.: Thread-modular model checking. In: SPIN’03 (2003)

  24. Godefroid, P.: The Ulg partial-order package for SPIN. SPIN Workshop (1995)

  25. Holzmann, G.J.: State compression in SPIN: Recursive indexing and compression training runs. In: Proceedings of 3rd International SPIN Workshop (1997)

  26. Holzmann, G.J.: The model checker SPIN. Softw. Eng. 23(5), 279–295 (1997)

    Article  Google Scholar 

  27. INCOSE: INCOSE Systems Engineering Handbook: A Guide for System Life Cycle Processes and Activities. Wiley (2015)

  28. Jouault, F., Delatour, J.: Towards fixing sketchy UML models by leveraging textual notations: Application to real-time embedded systems. In: Proceedings of the 14th International Workshop on OCL and Textual Modelling co-located with 17th International Conference on Model Driven Engineering Languages and Systems (MODELS 2014), Valencia, Spain, September 30, 2014., pages 73–82 (2014)

  29. Jouault, F., Teodorov, C., Delatour, J., Le Roux, L., Dhaussy, P.: Transformation de modèles UML vers Fiacre, via les langages intermédiaires tUML et ABCD. Génie logiciel, 109:xx (2014)

  30. Menad, N., Dhaussy, P.: A transformation approach for multiform time requirements. In: Hierons, R.M., Merayo, M.G., Bravetti, M. (eds.) Software Engineering and Formal Methods, volume 8137 of Lecture Notes in Computer Science, pp. 16–30. Springer Berlin Heidelberg (2013)

  31. Park, S., Kwon, G.: Avoidance of state explosion using dependency analysis in model checking control flow model. In: Proceedings of the 5th International Conference on Computational Science and Its Applications (ICCSA ’06), vol. 3984, pp. 905–911. Springer-Verlag, LNCS (2006)

  32. Peled, D.: Combining Partial-Order Reductions with On-the-fly Model-Checking. In: CAV ’94: Proceedings of the 6th International Conference on Computer Aided Verification, pages 377–390, London, UK, Springer-Verlag (1994)

  33. Queille, J.-P., Sifakis, J.: Specification and verification of concurrent systems in cesar. In: Proceedings of the 5th Colloquium on International Symposium on Programming, pages 337–351, London, UK, Springer-Verlag (1982)

  34. Stern, U., Dill, D.L.: Using magnetic disk instead of main memory in the Mur\(\varphi \) verifier. In: Hu, A.J., Vardi, M.Y. (eds.) Computer Aided Verification, volume 1427 of Lecture Notes in Computer Science, pp. 172–183. Springer, Berlin Heidelberg (1998)

  35. Teodorov, C.: Embedding multiform time constraints in smalltalk. In: Proceedings of the International Workshop on Smalltalk Technologies, IWST ’14 (2014)

  36. Teodorov, C., Le Roux, L., Dhaussy, P.: Context-aware verification of a cruise-control system. In: Ait Ameur, Y., Bellatreche, L., Papadopoulos, G.A. (eds.) Model and Data Engineering, volume 8748 of Lecture Notes in Computer Science, pp. 53–64. Springer International Publishing (2014)

  37. Tkachuk, O., Dwyer, M.B., Pasareanu, C.S.: Automated environment generation for software model checking. In: Automated Software Engineering, 2003. In: Proceedings of 18th IEEE International Conference on, pages 116–127 (2003)

  38. Valmari, A.: Stubborn sets for reduced state space generation. In: Proceedings of the 10th International Conference on Applications and Theory of Petri Nets, pages 491–515, London, UK, Springer-Verlag (1991)

  39. Valmari, A.: The state explosion problem. In: Reisig, W., Rozenberg, G. (eds.) Lectures on Petri Nets I: Basic Models, volume 1491 of Lecture Notes in Computer Science, pp. 429–528. Springer, Berlin Heidelberg (1998)

  40. Whittle, J.: Specifying precise use cases with use case charts. In: 9th IEEE/ACM conf. Model Driven Engineering Languages and Systems (MoDELS’06), Satellite Events, pages 290–301, Genova, Italy (2006)

  41. Yatake, K., Aoki, T.: Automatic generation of model checking scripts based on environment modeling. In: Proceedings of the 17th International SPIN Conference on Model Checking Software, SPIN’10, pages 58–75, Berlin, Heidelberg, Springer-Verlag (2010)

  42. Yu, Y., Manolios, P., Lamport, L.: Model checking tla+ specifications. In: Proceedings of the 10th IFIP WG 10.5 Advanced Research Working Conference on Correct Hardware Design and Verification Methods, CHARME ’99, pages 54–66, London, UK, UK, Springer-Verlag (1999)

Download references

Acknowledgments

The authors wish to thank Dr. Frederic Boniol for his valuable and constructive suggestions related to this paper.

Author information

Authors and Affiliations

  1. UEB, Lab-STICC Laboratory UMR CNRS 6285, ENSTA Bretagne, 2 rue François Verny, 29806, Brest, France

    Ciprian Teodorov, Philippe Dhaussy & Luka Le Roux

Authors
  1. Ciprian Teodorov
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Philippe Dhaussy
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Luka Le Roux
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ciprian Teodorov.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Teodorov, C., Dhaussy, P. & Le Roux, L. Environment-driven reachability for timed systems. Int J Softw Tools Technol Transfer 19, 229–245 (2017). https://doi.org/10.1007/s10009-015-0401-2

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10009-015-0401-2

Keywords

Search

Navigation