S. Bensalem, V. Ganesh, Y. Lakhnech, C. Munoz, S. Owre, H. Rue, J. Rushby, V. Rusu, H. Sadi, N. Shankar, E. Singerman, and A. Tiwari. An overview of SAL. In LFM 2000: Fifth NASA Langley Formal Methods Workshop, pages 187--196, 2000.  Home/Search   Document Details and Download   Summary   Related Articles   Check

....can be referred to as v j [i] In the paper, the Mur# notation [2] is used as the concrete representation of TSs due to its rather self explanatory syntax and support for exploiting symmetries of models. However, the encoding technique has already been successfully adapted to the SPIN [19] and SAL [5] model checkers. Although requirements (or properties to be verified) for models are frequently captured by some temporal logic formulae, we adopted a more simple solution for the current paper. A reachability property can be interpreted as a special transition in the TS that immediately ....

S. Bensalem, V. Ganesh, Y. Lakhnech, C. Munoz, S. Owre, H. Rue, J. Rushby, V. Rusu, H. Sadi, N. Shankar, E. Singerman, and A. Tiwari. An overview of SAL. In C. M. Holloway, editor, LFM 2000.

....appropriate 4 temporal logic formulae is non trivial. More details on using graphical patterns to capture static well formedness properties can be found, e.g. in [10] 6. Model check the source model. Transition system A is model checked automatically (by existing model checker tools like SAL [3] or SPIN) to prove property p. This model checking process should succeed, otherwise (i) there are inconsistencies in the source model itself (a verification problem occurred) ii) our informal requirements are not captured properly by property p (a validation problem occurred) or (iii) the ....

....that manipulate state variables. In all practical cases, we must restrict the state variables to have finite domains, since model checkers typically traverse the entire state space of the system to decide whether a certain property is satisfied. For the current paper, we use the easy to read SAL [3] syntax for the concrete representation of transition systems. Our generation technique (described in [24] also including feasibility studies from a verification point of view) enables model checking for graph transformation systems by automatically translating them into transitions systems. The ....

S. Bensalem, V. Ganesh, Y. Lakhnech, C. Munoz, S. Owre, H. Rue, J. Rushby, V. Rusu, H. Sadi, N. Shankar, E. Singerman, and A. Tiwari. An overview of SAL. In C. M. Holloway (ed.), LFM 2000: Fifth NASA Langley Formal Methods Workshop, pp. 187--196. 2000.

....static parts are simplified by a compile time preprocessing in order to obtain a manageable state space. Properties to be verified are captured in the specification language of the model checker tool, which typically take the form of temporal logic formulae (as in the case of SPIN [16] or SAL [2]) or simple transitions that are not allowed to fire during model evolution (e.g. in Mur# [23] 4. RELATED WORK Several proposals have influenced our work. First of all, we should mention the many ADLs (Architectural Description Language) Rapide [19] Wright [1] Darwin [20] C2 [30] and ....

S. Bensalem, V. Ganesh, Y. Lakhnech, C. Munoz, S. Owre, H. Rue, J. Rushby, V. Rusu, H. Sadi, N. Shankar, E. Singerman, and A. Tiwari. An overview of SAL. In C. Michael Holloway, editor, LFM 2000.

....static parts are simplified by a compile time preprocessing in order to obtain a manageable state space. Properties to be verified are captured in the specification language of the model checker tool, which typically take the form of temporal logic formulae (as in the case of SPIN [14] or SAL [3]) or simple transitions that are not allowed to fire during model evolution (e.g. in Mur# [21] 4. RELATED WORK Several proposals have influenced our work. First of all, we should mention the many ADLs (Architectural Description Language) Rapide [17] Wright [2] Darwin [18] C2 [28] and ....

S. Bensalem, V. Ganesh, Y. Lakhnech, C. Munoz, S. Owre, H. Rue, J. Rushby, V. Rusu, H. Sadi, N. Shankar, E. Singerman, and A. Tiwari. An overview of SAL. In C. Michael Holloway, editor, LFM 2000.

.... provide highly automated means to detect specification errors in an a relatively early phase of the design process, prior to implementation, which frequently reduce the overall software development costs (by up to 20 percent) Since, typically, model checkers (like, for instance, Mur [1] SAL [5], SPIN [20] or SMV [2] provide the highest automation rate among all formal methods (where the correctness of a system specification is judged without user interaction) they are the primary target for automated debugging aids of software engineering applications. As their input specification ....

....definitions, we overview the concepts of a specific model checker tool that will provide the notation for examples on transition systems, since the language itself is very close to the mathematical definition. 8 3.2. SAL: Symbolic Analysis Laboratory The SAL (Symbolic Analysis Laboratory) [5] framework aims at combining different tools for abstraction, program analysis, theorem proving, and model checking towards the evaluation of system properties. The SAL architecture can be described as a tool bus where a collection of tools interact through a common intermediate language of ....

S. Bensalem, V. Ganesh, Y. Lakhnech, C. Munoz, S. Owre, H. Rue, J. Rushby, V. Rusu, H. Sadi, N. Shankar, E. Singerman, and A. Tiwari. An overview of SAL. In C. M. Holloway (ed.), LFM 2000: Fifth NASA Langley Formal Methods Workshop, pp. 187--196. 2000.

.... for several analysis methods within our general, transformation based formal verification and validation framework of UML models based on the VIATRA environment [3] For instance, in [21] we propose an automated encoding of model transition systems into the SAL (Symbolic Analysis Laboratory [1]) intermediate language to provide access to wide range of verification methods provided by the SAL environment. The UML statechart semantics of the current paper served as the benchmark application for evaluating this encoding, however, a detailed discussion of this approach is out of the scope ....

....different statechart variants (e.g. with different priority concepts) and upcoming changes in the UML standard. The presented framework was tested within the VIATRA tool [23] Moreover, following the guidelines of [21] we directly transformed our UML statechart semantics to SAL specifications [1] in order to provide access to a combination of symbolic verification techniques. Acknowledgments I would like to thank Andras Pataricza, Istvan Majzik (Budapest University of Technology) John Rushby and many of his colleagues (at SRI International) the fruitful discussions, and their ....

S. Bensalem, V. Ganesh, Y. Lakhnech, C. Munoz, S. Owre, H. Rue, J. Rushby, V. Rusu, H. Sadi, N. Shankar, E. Singerman, and A. Tiwari. An overview of SAL. In C. M. Holloway, editor, LFM 2000: Fifth NASA Langley Formal Methods Workshop, pages 187--196, 2000. 13

....case, a successful verification step proves, for instance, that the output target model of the transformation is a well formed model of the target language. 2. Semantic correctness of transformations is being verified by projecting model transformation rules into the SAL intermediate language [1], which provides access to an automated combination of symbolic analysis tools (like model checkers and theorem provers) In case of semantic correctness, we show that certain dynamic properties (e.g. deadlock freedom, safety) are preserved by the model transformation. 5. Formal verification of ....

S. Bensalem, V. Ganesh, Y. Lakhnech, C. Munoz, S. Owre, H. Rue, J. Rushby, V. Rusu, H. Sadi, N. Shankar, E. Singerman, and A. Tiwari. An overview of SAL. In C. M. Holloway, editor, LFM 2000.

....to provide a higher level of quality and faithfulness for such transformations. Syntactic correctness and completeness can be verified by planner algorithms [11] Semantic correctness of transformations is being verified by projecting model transformation rules into the SAL intermediate language [1], which provides access to an automated combination of symbolic analysis tools (like model checkers and theorem provers) 5. Pilot transformations Formal verification. The formal verification of logic correctness of concurrent object based systems designed in UML necessitates the transformation ....

S. Bensalem, V. Ganesh, Y. Lakhnech, C. Munoz, S. Owre, H. Rue, J. Rushby, V. Rusu, H. Sadi, N. Shankar, E. Singerman, and A. Tiwari. An overview of SAL. In C. M. Holloway, editor, LFM 2000.

....visual specification technique to formally capture the rules of such transformations. In the paper, we propose a model checking based verification approach for the general purpose model transformation system VIATRA by transforming model transition systems [14] into SAL specifications [1] to provide access for a combination of symbolic analysis techniques. Keywords: model transformation, model transition systems, graph transformation, UML, formal verification, 1 Introduction Nowadays, the Unified Modeling Language (UML) has become the dominating objectoriented specification ....

....of model transformations also have to be verified. Objectives In the current paper, we propose a model checking based verification approach for the high level visual specification formalism of model transition system by automatically encoding such systems into the SAL intermediate language [1] providing access to a combination of symbolic analysis techniques. After a brief summary of concepts (Sec. 2 and 3) we first discuss in Sec. 4 the major correctness requirements of model transformations. Afterwards, in Sec. 5, the rules of the encoding are discussed in details while Sec. 6 ....

[Article contains additional citation context not shown here]

S. Bensalem, V. Ganesh, Y. Lakhnech, C. Munoz, S. Owre, H. Rue, J. Rushby, V. Rusu, H. Sadi, N. Shankar, E. Singerman, and A. Tiwari. An overview of SAL. In C. M. Holloway (ed.), LFM 2000: Fifth NASA Langley Formal Methods Workshop, pp. 187--196. 2000.

....engineers and a close correspondence with the UML philosophy. In addition, the semantic framework presented here also served as an industrial strength benchmark application for evaluating [22] where the automated encoding of model transition systems into the SAL (Symbolic Analysis Laboratory [1]) intermediate language is discussed. In this sense, a wide range of verification methods provided by the SAL environment is also made available for UML Statecharts. 1.1 Related Statecharts Semantics Since the original formalism of Harel [7] the theory of statecharts has been under an extensive ....

....in [14] for Statemate and in [12] for UML. In the second phase, both approaches transform their models into Promela code and verifies them by the model checker SPIN [9] In contrast, the model transition system specifying the behavior of UML statecharts are projected into a SAL specification [1], which serves as a tool bus that combines various symbolic verification techniques. In the current paper, the dynamic behavior of UML statecharts is specified by graph transformation rules. Previous proposals in that field (e.g. 6,10] provide a visual specification of the semantics. However, ....

[Article contains additional citation context not shown here]

S. Bensalem, V. Ganesh, Y. Lakhnech, C. Munoz, S. Owre, H. Rue, J. Rushby, V. Rusu, H. Sadi, N. Shankar, E. Singerman, and A. Tiwari. An overview of SAL. In C. M. Holloway, editor, LFM 2000: Fifth NASA Langley Formal Methods Workshop, pages 187--196, 2000.

....to be OMRS based but has evolved into an independent entity. SAL (Symbolic Analysis Laboratory) is a new collaborative effort that provides a framework for combining different tools to calculate properties of concurrent systems. One instance includes the PVS theorem prover as a major component [11]. Design Tools with Embedded Verification. Braun et al. argue that for formal techniques to be useful they must be integrated into the design process [14] A primary aim of PROSPER was to support this by making it easier to link verification tools into the CASE and CAD tool environments for ....

S. Bensalem, V. Ganesh, Y. Lakhnech, C. Munoz, S. Owre, H. Ruess, J. Rushby, V. Rusu, H. Sadi, N. Shankar, E. Singerman, and A. Tiwari, `An overview of SAL', in Proceedings of the Fifth NASA Langley Formal Methods Workshop, June 2000 (Williamsburg, 2000).

....systems with existing model checking tools for formal verification purposes which requires that the Kripke automata of the system is derived from the same (intermediate) semantic representation as the automatically generated target program. As a benchmark application, we generate SAL [2] specifications from UML Statecharts, where statecharts semantics are captured by model transformation systems. Acknowledgment The author would like to thank Andras Pataricza for suggesting many improvements in the early versions of the paper, and the anonymous referees for their valueable ....

S. Bensalem, V. Ganesh, Y. Lakhnech, C. Munoz, S. Owre, H. Rue, J. Rushby, V. Rusu, H. Sa idi, N. Shankar, E. Singerman, and A. Tiwari. An overview of SAL. In C. M. Holloway (ed.), LFM 2000: Fifth NASA Langley Formal Methods Workshop, pp. 187--196. 2000.

....it can be extended from debugging to verification, in a little more detail elsewhere [12] Prototype tools are being developed to support this approach in which it is intended that the formal machinery should disappear into familiar environments such as those for simulation. For example, in SAL [2], the simulation model is translated into the SAL intermediate language, the formal analysis is conducted in a largely automated manner, and the results are then translated back. The user experience should be similar to using 1 exhaustive simulation to explore an aspect of a design. Related ....

S. Bensalem, V. Ganesh, Y. Lakhnech, C. Munoz, S. Owre, H. Rue, J. Rushby, V. Rusu, H. Sadi, N. Shankar, E. Singerman, and A. Tiwari. An overview of SAL. In C. M. Holloway, editor, LFM

....but we are in the process of extending Tempo with the model checking algorithm for ERL . Furthermore, we plan to extend Tempo and ERL to event predicting clocks. In future work, we would also like to study the interplay of model checking with theorem proving by connecting Tempo with either SAL [BGL 00] or PVS [ORS92] For example, we may use a variant of predicate abstraction as studied by Shankar and Sa di [SS99] for computing a nite state event clock system from one with in nite data. Then, Tempo could be used to compute the reachable state set of the abstract system, which yields, after ....

S. Bensalem, V. Ganesh, Y. Lakhnech, C. Mu~noz, S. Owre, H. Rue, J. Rushby, V. Rusu, H. Sadi, N. Shankar, E. Singerman, and A. Tiwari. An overview of SAL. In C. Michael Holloway, editor, LFM

.... Abstractions The idea of deriving abstract functions from a concrete function and an abstraction function, which traces back to Cousot and Cousot s seminal paper [14] see also [12, 13] has been exploited in a number of contexts, and in particular in the context of formal verication, see e.g. [4, 8, 17] for recent examples. Our work around JTK can be viewed as a simple application of abstract interpretation techniques to term rewriting. Applications to JavaCard Jakarta is tailored to the design of certied bytecode veriers. There have been a number of related eoeorts, both to prove the standard ....

S. Bensalem, V. Ganesh, Y. Lakhnech, C. Mu#oz, S. Owre, H. Rue#, J. Rushby, V. Rusu, H. Sa#di, N. Shankar, E. Singerman, and A. Tiwari. An overview of SAL. In Proceedings of NASA's Workshop on Formal Methods, 2000.

No context found.

S. Bensalem, V. Ganesh, Y. Lakhnech, C. Munoz, S. Owre, H. Rue, J. Rushby, V. Rusu, H. Sa idi, N. Shankar, E. Singerman, and A. Tiwari. An overview of SAL. In C. M. Holloway, editor, LFM 2000.

No context found.

S. Bensalem, V. Ganesh, Y. Lakhnech, C. Munoz, S. Owre, H. Rue, J. Rushby, V. Rusu, H. Sadi, N. Shankar, E. Singerman, and A. Tiwari. An overview of SAL. In C. M. Holloway, editor, LFM 2000: Fifth NASA Langley Formal Methods Workshop, pages 187--196, Hampton, VA, June 2000. NASA Langley Research Center.

....avoids the description of the whole set of states and thus the state explosion problem known for large systems. The mechanization of this approach is studied through embedding into frameworks which provide tool support for transition systems. Ongoing works focus on machines embedding into SAL PVS [5] and Event based B. 4 Generic Combination of Process Algebras and Algebraic Speci cations In a rst attempt, we suggest a formalism [21] combining the process algebra CCS with CASL, the uni ed language of algebraic speci cations. The central aim of our combination is an extension of Milner s ....

S. Bensalem, V. Ganesh, Y. Lakhnech, C. Muoz, S. Owre, H. Rue, J. Rushby, V. Rusu, H. Sadi, N. Shankar, E. Singerman, and A. Tiwari. An Overview of SAL. In C. M. Holloway, editor, Proceedings of the Fifth NASA Langley Formal Methods Workshop (LFM'00), pages 187196, USA, 2000.

....formulas [i] are always stored in disjunctive normal form, then we can distinguish the disjuncts that would appear in [i] by marking them. In this way, a single propagation step can be used to update both and . The implementation of the above procedure is being done in the framework of SAL [1], which is a collection of di erent tools for analyzing concurrent systems. 4.3 Illustrative Examples We shall provide certain simple examples to illustrate the procedure. The theory of interest is the theory of linear arithmetic, and we assume that we have an exact quanti er elimination ....

S. Bensalem, V. Ganesh, Y. Lakhnech, C. Mu~noz, S. Owre, H. Rue, J. Rushby, V. Rusu, H. Sadi, N. Shankar, E. Singerman, and A. Tiwari. An overview of SAL. In C. M. Holloway, editor, LFM

No context found.

S. Bensalem, V. Ganesh, Y. Lakhnech, C. Munoz, S. Owre, H. Rue, J. Rushby, V. Rusu, H. Sadi, N. Shankar, E. Singerman, and A. Tiwari. An overview of SAL. In LFM 2000: Fifth NASA Langley Formal Methods Workshop, pages 187--196, 2000.

No context found.

S. Bensalem, et.al. An overview of SAL. In B.L. De Vito, editor, Langley Workshop on Formal Methods, LFMW 2000.

No context found.

S. Bensalem, V. Ganesh, Y. Lakhnech, C. Munoz, S. Owre, H. Rue, J. Rushby, V. Rusu, H. Sadi, N. Shankar, E. Singerman, and A. Tiwari. An overview of SAL. In LFM 2000: Fifth NASA Langley Formal Methods Workshop, pages 187--196, 2000.

No context found.

S. Bensalem, C. Munoz, S. Owre, H. Rue, J. Rushby, V. Rusu, H. Sadi, N. Shankar, E. Singerman, and A. Tiwari. An overview of SAL. In C. M. Holloway, editor, LFM 2000: Fifth NASA Langley Formal Methods Workshop, pages 187--196, Hampton, VA, June 2000. NASA Langley Research Center.

No context found.

S. Bensalem, V. Ganesh, Y. Lakhech, C. Munox, S. Owre, H. Rueb, J. Rushby, V. Rusu, H. Saidi, N. Shankar, E. Singerman, and A. Tiwari. "An Overview of SAL". In Proceedings of LMF2000: Fifth NASA Langley Formal Methods Workshop, pages 187--196, June 2000.

No context found.

S. Bensalem, V. Ganesh, Y. Lakhnech, C. Munoz, S. Owre, H. RueS, J. Rushby, V. Rusu, H. SaYdi, N. Shankar, E. Singerman, and A. Tiwad. An overview of SAL. In C. M. Holloway, editor, LFM 2000.

First 50 documents

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC