- Mark Bouwman: A model-based test platform for rail signalling systems.
5 February 11.00 - 11.45, 2019, MetaForum MF 3.Abstract: As technology progresses, newer, and more complex, solutions are employed to verify that rail signalling systems are safe. Formal methods provide ways to increase rigour in the verification process. This precision, accompanied by the ongoing increase of computational power of computers, also opens up ways to partially automate parts of the verification process. We present a case study an application of mCRL2 and the model-based testing tool JTorX in the signalling domain. The mCRL2 toolkit is used to formally model the behaviour of a system at the core of signalling solutions: the interlocking. The behaviour of the interlocking is validated through model checking, proving that relevant safety properties hold. Using JTorX, the formal model is turned into the benchmark in an automated testing platform for interlocking software. A working setup with actual interlocking software on a pre-existing testing platform is presented, though performance and stability remain an issue. The suitability of mCRL2 and JTorX in the signalling domain is evaluated and suggestions are given for improvement and further research.
- Hong Zhang: Quality metrics for ASOME data models.
15 November 14.00 - 14.45, 2018, Metaforum MF3.122.Abstract: At ASML the ASOME data modelling language has been defined. Many system designers are defining models in this language, and the question is whether there is an easy way to assess that these models are ok. This can be done using metrics. The question is which metrics are proper. In this MSc research various metrics from different sources are collected. The suitability of these metrics to indicate the complexity and maintainability of the models is assessed by questionaires and qualitative interviews.
- Ferry Timmers: A complete axiomatisation for probabilistic trace equivalence.
7 November 14.00 - 14.45, 2018, MetaForum MF 4.Abstract: In the thesis a sound and complete axiomatisation is given for probabilistic trace equivalence for finite probabilistic processes. The axiomatisation is remarkably complex, which may explain that nobody formulated such a complete axiomatisation yet.
- Lisette Sanchez: Learning software behavior through active automata learning with data.
14 August 16.00 - 16.45, 2018, MetaForum MF 13.Abstract: The topic of the thesis is find out whether the LS* learning algorithm, that can learn register automata with abstract data parameters from actual software is practically applicable in an industrial context. The algorithm can for instance learn a queue with limited size that stores arbitrary natural numbers. The conclusion is that indeed practical software can be learned, outperforming the learning of automata with concrete data. Scale remains a problem, though.
- Lois Nijland: Adding sequential composition and termination to the linear time – branching time spectrum.
24 July 10.00 - 10.45, 2018, MetaForum MF 14.Abstract: Van Glabbeek presented the linear time - branching time spectrum of behavioural semantics and gave sound, ground-complete axiomatisations for the process theory BCCSP. Groote and Chen et al. proved for the semantics in the spectrum whether there exist finite axiomatisations that are omega-complete. We add termination and sequential composition to the spectrum by studying the semantics for the process theories BSP and TSP. We provide a template for proving soundness and ground-completeness for BSP and apply this template to BSP modulo trace semantics. We prove that for BSP modulo ready simulation semantics with a finite number of actions of at least one a finite basis does not exist by giving an infinite family of equations which are sound but cannot be derived from a finite collection of axioms that are sound for BSP modulo ready simulation semantics. We show that we cannot use this family of equations to prove whether TSP modulo ready simulation semantics affords a finite basis. Finally, we prove that TSP modulo bisimulation is omega-complete when there is at least one action.
- Astrid Belder: Decidability of bisimilarity and axiomatisation for sequential processes in the presence of intermediate termination.
23 July 15.00 - 15.45, 2018, MetaForum MF 14.Abstract: An alternative semantics for sequential composition in a setting with intermediate termination was proposed in a recent article by Baeten, Luttik and Yang. We consider two open questions regarding sequential processes with intermediate termination that use the revised semantics for sequential composition (TSP^{;}). First, a ground-complete axiomatisation is proposed for TSP^{;}, extended with an auxiliary operator that is used to remove intermediate termination from terms. Additionally, it is shown that TSP^{;} does not afford a ground-complete axiomatisation with respect to bisimilarity without an auxiliary operator. Second, we prove that bisimilarity is decidable for processes definable by finite guarded recursive specification over TSP^{;}. This is done by showing that every guarded recursive TSP^{;}-specification can be transformed to a normal form, which allows us to eliminate redundant intermediate termination from processes. Using this normal form, the existing decidability proofs for context-free processes without intermediate termination, can be adapted for TSP^{;}.
- Marijn Rol: Verification of ASD multi-component systems in mCRL2.
2 July 10.00 - 10.45, 2018, MetaForum MF 13.Abstract: Analytical Software Design (ASD) assists the creation of software systems. Systems designed in ASD are composed of multiple components in order to divide the complexity of the whole system over them. The verification of system properties and requirements is limited to the scope of single components, disallowing the verification of end-to-end properties. We present an approach for the verification of end-to-end properties on multi-component systems. This provides a higher confidence in the functional correctness and reliability. A system based on a real-life ASD model serves as use-case for the proposed approach. Results show that verification of multi-component systems can be done through mCRL2, but scalability issues are observed as larger systems are verified.
- Ziad Ben Snaiba: Logics and Algorithms for Product and Family-Based Analysis of Software Product Lines.
18 May 10.00 - 10.45, 2018, Flux 1.10.Abstract: Most model checking techniques consider single systems. With the rise of using Software Product Line Engineering (SPLE) for critical systems there is a need for model checking techniques applicable to Software Product Lines (SPL). Inspired by Classen et al. we try to devise logics to formally describe properties suitable for the analysis of SPLs. We attempt to provide logics for both product-based and family-based model checking based on CTL. These logics allow both nested (nCTL) and single (sCTL) product-family restrictions on the specification of the SPL. Also, we provide an equivalence between nCTL and sCTL, and algorithms for both product-based and family-based model checking using sCTL and nCTL. A small toolset to use the algorithms in practice will be provided.
- Ruud van Vijfeijken: Performance evaluation of network on chip using formal models.
13 March 10.00 - 10.45, 2018, MetaForum MF 3.Abstract: Because of the increase in complexity of System-on-Chip (SoC) networks by using Network-on-Chip (NoC), latency has become a major issue in the design and validation. There are formal and mathematical methods to determine latency bounds of a NoC, such as network calculus, and low level simulation environments, such as a cycle-accurate simulation of the Register Transfer Level. This thesis proposes a method that abstracts away from low level analysis and uses a formal model to analyze the latency bounds of a given NoC. By applying different traffic schemes we can determine worst case latency of some case studies, which include a 8-node Spidergon with cache coherency and a TornadoNoC architecture.
- Maurice Laveaux: Abstracting real-valued parameters in parameterised Boolean equation systems.
30 January 14.00 - 14.45, 2018, MetaForum MF 14.Abstract: The mCRL2 tool-set utilizes parameterised boolean equation systems to verify formulas from modal mu-calculus on models written in the minimal common representation language (mCRL2). For models of real-timed systems this introduces real-valued parameters in these equation systems. Solving parameterised boolean equation systems with real-valued parameters is not possible in most cases. We will show that a region abstraction, derived from a similar notion defined for timed automata, can also be applied to parameterised boolean equation systems. An alternative abstraction where regions are combined into so-called zones will be defined as well. In some cases this approach works better in practice. However, it is also more restricted in the type of model checking questions that it can answer. Finally, we will define suitable representations for regions and zones that have also been implemented using the mCRL2 language.
- Roxana Paval: Modeling and Verifying Concurrent Data Structures.
25 January 14.00 - 14.45, 2018, MetaForum MF 14.Abstract: Concurrent data structures can be used to communicate between parallel processes in a system. The challenge in manipulating these objects arises from the many possible ways in which the processes can interleave. To ensure correct executions, the system should fulfill linearizability. Verifying linearizability consists of checking that every concurrent execution is equivalent to some sequential execution that respects the runtime ordering of methods. This work proposes building two process specifications of the object using the mCRL2 language. The concrete specification is built according to the implementation of the concurrent data structure, while the abstract specification is linearizable by construction. Then, linearizability can be tested by checking that their respective labeled transition systems, generated from the mCRL2 tool, are equivalent. This approach was applied on a number of concurrent data structures, and it detected both correct and faulty implementations.
- Perry van Wesel: Formal analysis of ring networks.
23 November 14.30 - 15.30, 2017, MetaForum MF 14.Abstract: Systems-on-Chips rely on the correct functioning of the communication between their components. As these systems grow more complex, so do the underlying communication networks. Simulating a network does not guarantee the entire state-space is explored, therefore formal verification methods should be used to ensure correctness of these Networks-on-Chips. This thesis uses the MaDL modelling language to model and verify liveness of networks. Although MaDL is a useful tool for the verification of networks, it lacks the capability to completely model and analyse ring networks. Therefore, MaDL is extended with a new primitive and a ring detection algorithm that cooperate to generate additional network invariants specifically for ring networks. These extensions are used in two case studies to model and verify network architecture proposals from literature. The analysed networks are TornadoNoC [10] and LIGERO [1]. In both case studies, the process of formally modelling these architectures reveals ambiguity in the original proposal papers. Both architectures turn out to contain deadlocks when modelling as close to their original proposal as possible. The results show formal modelling is a useful tool to eliminate ambiguity, but still requires improvement to allow it to scale to larger networks. The extensions to MaDL prove to be useful when modelling certain networks, but can still be improved to allow verification of a wider range of different networks.
- Olav Bunte: Quantitative model checking on probabilistic systems using plmu*+.
21 November 10.00 - 11.00, 2017, MetaForum MF 3.Abstract: Although most model checking logics focus on proving qualitative properties, with the logic plmu*+ introduced in Mio's PhD thesis one can check the probability that some behaviour happens. In this work we try to bring this logic to practice. We attempt to find intuitive meaning for plmu*+-formulas with the aim to create guidelines to create meaningful formulas. Also, we give an alternative representation of a plmu*+ model checking problem in form of an equations system and we give an algorithm to extract the solution from this representation, based on the work of Mader. This algorithm will be compared to an approximation algorithm by applying both on a number of use cases.
- Ferry Timmers: A complete axiomatisation for probabilistic trace equivalence.
7 November 14.00 - 14.45, 2018, MetaForum MF 4.Abstract: In the thesis a sound and complete axiomatisation is given for probabilistic trace equivalence for finite probabilistic processes. The axiomatisation is remarkably complex, which may explain that nobody formulated such a complete axiomatisation yet.
- Ziad Ben Snaiba: Logics and Algorithms for Product and Family-Based Analysis of Software Product Lines.
18 May 10.00 - 10.45, 2018, Flux 1.10.Abstract: Most model checking techniques consider single systems. With the rise of using Software Product Line Engineering (SPLE) for critical systems there is a need for model checking techniques applicable to Software Product Lines (SPL). Inspired by Classen et al. we try to devise logics to formally describe properties suitable for the analysis of SPLs. We attempt to provide logics for both product-based and family-based model checking based on CTL. These logics allow both nested (nCTL) and single (sCTL) product-family restrictions on the specification of the SPL. Also, we provide an equivalence between nCTL and sCTL, and algorithms for both product-based and family-based model checking using sCTL and nCTL. A small toolset to use the algorithms in practice will be provided.