Susanne Graf: Selected Publications
- 1. Edited Work
- 2. Journal Papers and Chapters of Books
- 3. Conference and Workshop Papers
- 4. Technical Reports not (yet) published
- 5. Thesis
Automated Technology for Verification and Analysis, 4th International Symposium, ATVA 2006, Beijing, China, October 23-26, 2006. Proceedings
Abstract
[download]
Bibtex reference
@proceedings\{ATVA-2006,
editor = \{Susanne Graf and Wenhui Zhang},
title = \{Automated Technology for Verification and Analysis, 4th International Symposium, ATVA 2006, Beijing, China, October 23-26, 2006. Proceedings},
series = \{LNCS},
volume = \{4218},
year = \{2006},
class = \{web,rap}
}
4th Symposium on Formal Methods for Components and Objects, revised lectures
Abstract
[download]
Bibtex reference
@proceedings\{FMCO-05,
editor = \{Frank de Boer and Marcello Bonsangue and Susanne Graf and Willem-Paul de Roever},
title = \{4th Symposium on Formal Methods for Components and Objects, revised lectures},
series = \{LNCS State-of-the-art surveys},
volume = \{4111},
year = \{2006},
class = \{web,rap}
}
2nd workshop on Modelling and Analysis of Real-Time Embedded Systems (MARTES 2006)
[download]
Bibtex reference
@proceedings\{MARTES-06,
editor = \{Sébastien Gérard and Susanne Graf and Oystein Haugen and Iulian Ober and Bran Selic},
title = \{2nd workshop on Modelling and Analysis of Real-Time Embedded Systems (MARTES 2006)},
series = \{Proceedings appeared as Research Report 343 of the university of Oslo. Online proceedings available at \url{http://www.martes.org/}},
year = \{2006},
note = \{There will also be a post conference workshop overview published in LNCS},
class = \{web,rap}
}
Specification and Validation of Models of Real Time and Embedded Systems in UML
Susanne Graf, Ileana Ober, Oystein Haugen, Bran Selic
[download]
Bibtex reference
@proceedings\{Graf-SVERTS-intro05,
author = \{Susanne Graf and Ileana Ober and Oystein Haugen and Bran Selic},
title = \{Specification and Validation of Models of Real Time and Embedded Systems in UML},
journal = \{STTT, Software Tools for Technology Transfer, a special issue on the SVERTS 2003 workshop},
volume = \{8},
number = \{2},
month = \{},
year = \{2006},
note = \{DOI: 10.1007/s10009-005-0220-y},
class = \{web,rap,time}
}
1st workshop on Modelling and Analysis of Real-Time Embedded Systems (MARTES 2005)
[download]
Bibtex reference
@proceedings\{MARTES-05,
editor = \{Sébastien Gérard and Susanne Graf and Oystein Haugen and Iulian Ober and Bran Selic},
title = \{1st workshop on Modelling and Analysis of Real-Time Embedded Systems (MARTES 2005)},
series = \{Online proceedings available at \url{http://www.martes.org/}},
year = \{2005},
note = \{There will also be a post conference workshop overview published in LNCS},
class = \{web,rap}
}
Specification and Validation of UML models for Real Time and Embedded Systems: An STTT special section
Abstract
The papers in this special section appeared originally in the proceedings of the first issue of the workshop on Specification and Validation of UML models for Real Time and Embedded Systems (SVERTS 2003)
[download]
Bibtex reference
@proceedings\{STTT-SVERTS-2003,
editor = \{Susanne Graf and Oystein Haugen and Ileana Ober and Bran Selic},
title = \{Specification and Validation of UML models for Real Time and Embedded Systems: An STTT special section},
series = \{STTT, Journal for Software Tools for Technology Transfer},
volume = \{under press},
month = \{},
year = \{2006},
class = \{web,rap}
}
3rd Symposium on Formal Methods for Components and Objects, revised lectures
Abstract
[download]
Bibtex reference
@proceedings\{FMCO-04,
editor = \{Frank de Boer and Marcello Bonsangue and Susanne Graf and Willem-Paul de Roever},
title = \{3rd Symposium on Formal Methods for Components and Objects, revised lectures},
series = \{LNCS Tutorials},
volume = \{3657},
year = \{2005},
class = \{web,rap}
}
2nd workshop on Specification and Validation of UML models for Real Time and Embedded Systems (SVERTS 2004)
Abstract
Topic: Today's applications have often strong constraints with respect to time related aspects. Moreover, overall systems may be huge, and even if the embedded hard real-time components are relatively small, there is some global interdependence and the existence of a global model in a uniform framework is an important issue. The Unified Modeling Language UML can play this role, even if the real-time aspects are not really integrated today. The definition of UML has been motivated by the need for a standard notation for modelling system architectures and behaviours at functional and implementation level. UML aims at providing an integrated modelling framework encompassing architecture descriptions and behaviour descriptions. A first step to the integration of extra functional characteristics into the modelling framework has been achieved by the UML profile for schedulability, Time and Performance; It provides the basic concepts and a first attempt for a common syntax. Nevertheless, in order to be able to exchange models and to build validation tools, it is important to have also a common understanding of the semantics of the given notations. Other important issues in the domain of real-time is methodology and modeling paradigms allowing to break down the complexity, and tools which are able to verify well designed systems. This workshop should bring together researchers to discuss different time related issues in the context of modeling, design and validation of real-time systems, such as
- notations for expressing time and related requirements
- semantic issues and tools
- modeling paradigms for real-time systems
The workshop aimed to gather people from academia and industry to discuss the needs and possible solutions for handling time related issues which should help to define a work programme in this field.
For an overview see [GGHOS05].
[download]
Bibtex reference
@proceedings\{SVERTS-04,
editor = \{Susanne Graf and Oystein Haugen and Ileana Ober and Bran Selic},
title = \{2nd workshop on Specification and Validation of UML models for Real Time and Embedded Systems (SVERTS 2004)},
series = \{Verimag technical report 2004/10/1},
year = \{2004},
note = \{There is a post conference workshop overview published in LNCS},
class = \{web,rap}
}
2nd Symposium on Formal Methods for Components and Objects, revised lectures
Abstract
[download]
Bibtex reference
@proceedings\{FMCO-03,
editor = \{Frank de Boer and Marcello Bonsangue and Susanne Graf and Willem-Paul de Roever},
title = \{2nd Symposium on Formal Methods for Components and Objects, revised lectures},
series = \{LNCS Tutorials},
volume = \{3188},
year = \{2004},
class = \{web,rap}
}
11th International SPIN Workshop on Model Checking of Software, 2004
Abstract
[download]
Bibtex reference
@proceedings\{SPIN-04,
editor = \{Susanne Graf and Laurent Mounier},
title = \{11th International SPIN Workshop on Model Checking of Software, 2004},
series = \{Lecture Notes in Computer Science},
volume = \{LNCS 2989},
year = \{2004},
class = \{web,rap}
}
1st workshop on Specification and Validation of UML models for Real Time and Embedded Systems (SVERTS 2003)
Abstract
[download]
Bibtex reference
@proceedings\{SVERTS-03,
editor = \{Susanne Graf and Oystein Haugen and Ileana Ober and Bran Selic},
title = \{1st workshop on Specification and Validation of UML models for Real Time and Embedded Systems (SVERTS 2003)},
series = \{Verimag technical report 2003/10/22},
year = \{2003},
class = \{web,rap}
}
1st Symposium on Formal Methods for Components and Objects, revised lectures
Abstract
[download]
Bibtex reference
@proceedings\{FMCO-02,
editor = \{Frank de Boer and Marcello Bonsangue and Susanne Graf and Willem-Paul de Roever},
title = \{1st Symposium on Formal Methods for Components and Objects, revised lectures},
series = \{LNCS Tutorials},
volume = \{2852},
year = \{2003},
class = \{web,rap}
}
Tools and Algorithms for the Construction and Analysis of Systems: An STTT special section
Abstract
The papers in this special section appeared originally in the proceedings of the 2000 edition of the conference Tools and Algorithms for the Construction and Analysis of Systems (TACAS'2000) hold in Berlin as a constituent event of the European joint conferences on Theory and Practice of Software. All papers present tools relevant in the context of validation of systems. The first three focus on extensions or particular applications of model-checking techniques, whereas the fo urth one is about integration of design tools with validation tools, in particular theorem provers and model-checkers.
[download]
Bibtex reference
@proceedings\{STTT-Tacas-2000,
editor = \{Susanne Graf},
title = \{Tools and Algorithms for the Construction and Analysis of Systems: An STTT special section},
series = \{STTT, Software Tools for Technology Transfer},
volume = \{vol 4, n 2},
month = \{},
year = \{2003},
class = \{web,rap}
}
Conference on Tools and Algorithms for the Construction and Analysis of Systems, TACAS2000
Abstract
[download]
Bibtex reference
@proceedings\{Tacas00,
editor = \{Susanne Graf and Michael Schwartzbach},
title = \{Conference on Tools and Algorithms for the Construction and Analysis of Systems, TACAS2000},
series = \{LNCS},
volume = \{1785},
month = \{},
year = \{2000},
class = \{web,rap}
}
SDL and MSC Workshop SAM 2000
Abstract
[download]
Bibtex reference
@proceedings\{SAM00,
editor = \{Susanne Graf and Claude Jard},
title = \{SDL and MSC Workshop SAM 2000},
series = \{IMAG Research report series},
month = \{},
year = \{2000},
class = \{web,rap}
}
Time in Abstract State Machines
Susanne Graf, Andreas Prinz
Abstract
State machines are considered a very general means of expressing computations in an implementation-independent way. There are also ways to extend the general state machine framework with distribution aspects. However, there is still no agreement when it comes to handling time in this framework. In this article we take a look at existing ways to enhance state machine frameworks. Based on this we propose a general framework of time extensions for state machines, which we relate to existing approaches. Our work is mainly based on time approaches for ASM, because ASM are considered a very general state machine model. Taking this into account, our approach is valid for state-transition systems in general.
[download]
Bibtex reference
@article\{Graf-Prinz-ASM07,
author = \{Susanne Graf and Andreas Prinz},
title = \{Time in Abstract State Machines},
journal = \{to appear in Fundamentae Informatice, Special issue on ASM 2005, Paris},
year = \{2006},
class = \{web,rap,time}
}
La boîte à outils IF pour la modélisation et la vérification de systèmes temps réel
Marius Bozga, Susanne Graf, Laurent Mounier, Iulian Ober
Bibtex reference
@inbook\{Bozga-Graf-Mounier-Ober-06,
author = \{Marius Bozga and Susanne Graf and Laurent Mounier and Iulian Ober},
title = \{La boîte à outils IF pour la modélisation et la vérification de systèmes temps réel},
booktitle = \{Systèmes temps réel 1: Techniques de description et de vérification (Traité IC2, série Informatique et systèmes d'information)},
publisher = \{Hermes, Lavoisier},
year = \{2006}
}
Timed annotations in UML
Susanne Graf, Ileana Ober, Iulian Ober
Abstract
This paper describes an approach for real-time modelling in UML, focusing on analysis and verification of time and scheduling related properties. To this aim a concrete UML profile, called the OMEGA profile, is defined. It is dedicated to real-time modelling by identifying a set of relevant concepts for real-time modelling which can be considered as a refinement of the standard SPT profile. The profile is based on a rich concept of event representing an instant of state change, and allows the expression of duration constraints between occurrences of events. These constraints can be provided in the form of OCL-like expressions annotating the specification or by means of state machines, stereotyped as observers. A framework for modelling scheduling issues is obtained by adding a notion of resource and a notion of execution time.
For proving the relevance of these choices, the profile has been implemented in a validation tool and applied to case studies.
It has a formal semantics and is sufficiently general and expressive to define a semantic underpinning for other real-time profiles of UML which in general define more restricted frameworks. In particular, most existing profiles handling real-time issues define a number of attributes representing particular durations or constraints on them and their semantic interpretation can be expressed in the OMEGA profile.
[download]
Bibtex reference
@article\{Graf-Ober-STTT-05,
author = \{Susanne Graf and Ileana Ober and Iulian Ober},
title = \{Timed annotations in UML},
journal = \{STTT, Software Tools for Technology Transfer},
volume = \{8},
number = \{2},
month = \{},
year = \{2006},
note = \{DOI: 10.1007/s10009-005-0219-x},
newurl = \{http://www-verimag.imag.fr/~graf/PAPERS/GrafOberOber-UMLRT-sttt-05.pdf},
class = \{web,rap,time}
}
Validating Timed UML models by simulation and verification
Susanne Graf, Ileana Ober, Iulian Ober
Abstract
This paper presents a technique and a tool for model-checking operational (design level) UML models based on a mapping to a model of communicating extended timed automata. The target language of the mapping is the IF format, for which existing model-checking and simulation tools can be used.
Our approach takes into consideration most of the structural and behavioral features of UML, including object-oriented aspects. It handles the combination of operations, state machines, inheritance and polymorphism, with a particular semantic profile for communication and concurrency. We adopt a UML profile that includes extensions for expressing timing. The breadth of concepts covered by our mapping is an important point, as many previous approaches for applying formal validation to UML put stronger limiting conditions on the input models.
For expressing properties about models, a formalism called UML observers is defined in this paper. Observers reuse existing concepts like classes and state machines, and they may express a significant class of linear temporal properties.
[download]
Bibtex reference
@article\{Graf-Ober-STTT-04b,
author = \{Susanne Graf and Ileana Ober and Iulian Ober},
title = \{Validating Timed UML models by simulation and verification},
journal = \{STTT, Software Tools for Technology Transfer},
volume = \{8},
number = \{2},
month = \{},
year = \{2006},
note = \{DOI: 10.1007/s10009-005-0205-x},
class = \{web,rap,time}
}
Un profil UML et un outil pour la modélisation et la validation de systèmes temps-réel
Iulian Ober, Susanne Graf, Ileana Ober, David Lesens
Abstract
[download]
Bibtex reference
@article\{OberGrafLesens05,
author = \{Iulian Ober and Susanne Graf and Ileana Ober and David Lesens},
title = \{Un profil UML et un outil pour la modélisation et la validation de systèmes temps-réel},
journal = \{Numéro spécial du journal Génie Logiciel consacré à la Journée NEPTUNE 05 : Ingénierie des Modèles - vérification de modèles},
number = \{73},
pages = \{33-38},
month = \{},
class = \{web,rap},
year = \{2005}
}
Roadmap: Component based design and Integration platforms
B. Jonsson, E. Brinksma, G. Coulson, S. Graf et I. Crnkovic, S. Gérard, H. Hermanns, J.-M. Jezequel, A. Ravn, Ph. Schnoebelen, F. Terrier, A. Votintseva
Abstract
[download]
Bibtex reference
@incollection\{Artist-comp-roadmap-05,
author = \{B. Jonsson and E. Brinksma and G. Coulson and S. Graf et I. Crnkovic and S. Gérard and H. Hermanns and J.-M. Jezequel and A. Ravn and Ph. Schnoebelen and F. Terrier and A. Votintseva},
title = \{Roadmap: Component based design and Integration platforms},
booktitle = \{Embedded Systems Design: The ARTIST Roadmap for Research and Development},
publisher = \{Springer},
series = \{LNCS},
volume = \{3436},
class = \{web,rap},
year = \{2005}
}
Introduction to Tools and Algorithms for the Construction and Analysis of Systems: An STTT special section
Susanne Graf
Abstract
[download]
Bibtex reference
@article\{STTT-Tacas-2000-intro,
author = \{Susanne Graf},
title = \{Introduction to {Tools and Algorithms for the Construction and Analysis of Systems: An STTT special section}},
journal = \{STTT, Software Tools for Technology Transfer},
volume = \{vol. 4, n. 2},
month = \{},
year = \{2003},
class = \{web,rap}
}
Compositional Minimisation of Finite State Systems using Interface Specifications
S. Graf, G. Lüttgen, B. Steffen
Abstract
[download]
Bibtex reference
@article\{GrafLuttgenSteffen96,
author = \{S. Graf and G. Lüttgen and B. Steffen},
title = \{Compositional Minimisation of Finite State Systems using Interface Specifications},
journal = \{Formal Aspects of Computation},
volume = \{8},
publisher = \{},
year = \{1996},
note = \{appeared as Passauer Informatik Bericht MIP-9505},
class = \{web,rap}
}
Characterization of a sequentially consistent memory and verification of a cache memory by abstraction
S. Graf
Abstract
The contribution of the paper is two-fold. We give a set of properties expressible as temporal logic formulas such that any system satisfying them is a sequentially consistent memory, and which is sufficiently precise such that every reasonnable concrete system implementing a sequentially consistent memory satisfies these properties.
Then, we verify these properties on a particular distributed cache memory systems by means of a verification method, based on the use of abstract interpretation which has been presented in previous papers ([LBBGS95]) and often applied to finite state systems. The motivation of this paper was to show that it can also been applied to systems with infinite state space, and a more recent papers shows that the method can even be automatized ([GS97]).
This paper is a revised and extended version of ([Graf94]).
[download]
Bibtex reference
@article\{Graf94a,
author = \{S. Graf},
title = \{Characterization of a sequentially consistent memory and verification of a cache memory by abstraction},
journal = \{Distributed Computing},
volume = \{12},
publisher = \{Springer Verlag},
month = \{},
year = \{1999},
note = \{accepted for publication without revision since 1995},
class = \{web,rap}
}
Property Preserving Abstractions for the Verification of Concurrent Systems
C. Loiseaux, S. Graf, J. Sifakis, A. Bouajjani, S. Bensalem
Abstract
We study property preserving transformations for reactive systems. The main idea is the use of simulations parameterized by Galois connections (alpha,gamma), relating the lattices of properties of two systems. We propose and study a notion of preservation of properties expressed by formulas of a logic, by a function alpha mapping sets of states of a system S into sets of states of a system S'. Roughly speaking, alpha preserves f if the satisfaction of f at some state of S implies that f is satisfied by any state in the image of this state by alpha. We give results on the preservation of properties expressed in sublanguages of the branching time mu-calculus when two systems S and S' are related via (alpha,gamma)-simulations. They can be used in particular to verify a property for a system by proving this property on a simpler system which is an abstraction of it. We show also under which conditions abstraction of concurrent systems can be computed from the abstraction of their components. This allows a compositional application of the proposed verification method. This is a revised version of the papers that appeared in CAV'92 [BensalemBouajjaniLoiseauxSifakis92] and in TAPSOFT'93 [GrafLoiseaux92]; the results are fully developed in the thesis of Claire Loiseaux (in french).
[download]
Bibtex reference
@article\{LoiseauxGrafSifakisBouajjaniBensalem94,
author = \{C. Loiseaux and S. Graf and J. Sifakis and A. Bouajjani and S. Bensalem},
title = \{Property Preserving Abstractions for the Verification of Concurrent Systems},
journal = \{Formal Methods in System Design, Vol 6, Iss 1, January 1995},
year = \{1995},
class = \{web,rap}
}
Verification of systems with time-constraints
S. Graf, J.-L. Richier, J. Voiron
Abstract
Bibtex reference
@incollection\{GrafRichierVoiron91,
author = \{S. Graf and J.-L. Richier and J. Voiron},
title = \{Verification of systems with time-constraints},
year = \{1991},
booktitle = \{``Delta-4 Architecture Guide'', collection ESPRIT},
publisher = \{Springer Verlag},
class = \{web,rap}
}
A Logic for the Description of non Deterministic Programs and their Properties
S. Graf, J. Sifakis
Abstract
We present a logic, called Synchronization tree logic (STL), for the specification and proof of programs described in a simple term language obtained from a constant Nil by using a set A of unary operators, a binary operator + and recursion. The elements of A represent names of actions, + represents non-deterministic choice, and Nil is the program performing no action. The language of formulas of the logic proposed contains the term language used for the description of programs, i.e., programs are formulas of the logic. This provides a uniform frame to deal with programs and their properties as the verification of an assertion t satisfies f (t is a program and f a formula) is reduced to the proof of the validity of the formula t implies f. We propose a sound, and under some conditions complete deductive system for STL and discuss its relation with modal logics used for the specification of programs.
Bibtex reference
@article\{GrafSifakis86a,
author = \{S. Graf and J. Sifakis},
title = \{A Logic for the Description of non Deterministic Programs and their Properties},
journal = \{Information and Control},
volume = \{68},
page = \{1--3},
year = \{1986},
class = \{web,rap}
}
A logic for the specification and proof of regular controllable processes of CCS
S. Graf, J. Sifakis
Abstract
Bibtex reference
@article\{GrafSifakis86c,
author = \{S. Graf and J. Sifakis},
title = \{A logic for the specification and proof of regular controllable processes of {CCS}},
journal = \{Acta Informatica},
volume = \{23},
page = \{507--527},
year = \{1986},
class = \{web,rap}
}
A Modal Characterization of Observational Congruence on Finite Terms of CCS
S. Graf, J. Sifakis
Abstract
We propose a translation method for finite terms of CCS into formulas of a modal language representing their class of observational congruence. For this purpose, we define a modal language and a function associating with any finite term of CCS a formula of the language, satisfied by the term. Furthermore, this function is such that two terms are congruent if and only if the corresponding formulas are equivalent. The translation method consists in associating with operations on terms (that is action and +) operations on the corresponding formulas. This works is a first step towards the definition of a modal language with modalities expressing both possibility and inevitability that is compatible with observational congruence.
Bibtex reference
@article\{GrafSifakis86b,
author = \{S. Graf and J. Sifakis},
title = \{A Modal Characterization of Observational Congruence on Finite Terms of {CCS}},
journal = \{Information and Control},
volume = \{68},
page = \{1--3},
year = \{1986},
class = \{web,rap}
}
On Lamport's comparison between linear and branching time logic
S. Graf
Bibtex reference
@article\{graf84b,
author = \{S. Graf},
title = \{On {L}amport's comparison between linear and branching time logic},
journal = \{RAIRO Informatique Théorique},
volume = \{18},
number = \{4},
class = \{web,rap},
year = \{1984}
}
Contracts for BIP: hierarchical interaction models for compositional verification
Abstract
This paper presents an extension of the BIP component framework to hierarchical components by considering also port sets of atomic components to be structured (ports may be in conflict or ordered, where a larger port represents an interaction set with larger interactions). A composed component consisting of a set of components connected through BIP connectors and a set of ports representing a subset of the internal connectors and ports, has two semantics: one in terms if interactions as defined by the BIP semantics, and one in terms of the actions represented by external ports where the structure of the port set of the component is derived from the internal structure of the component. A second extension consists in the addition of implicit interactions which is done through an explicit distinction of conflicting and concurrent ports: interactions involving only non conflicting ports can be executed concurrently without the existence of an explicit connector. Finally, we define contract-based reasoning for component hierarchies. A component C satisfies a contract (A,G) consisting of an assumption A (constraining the environment) and a guarantee G (constraining C), if its implementation satisfies G in an environment guaranteeing A. The contract (A,G) of a component C dominates a set of inner contracts (Ai,Gi) associated with the components defining it, if the composition -- according to the set of connectors defining C --- of the guarantees Gi in the environment defined by A gurantees G, and, if each of the assumptions Ai is weaker than the one defined by the composition of A with the remaining guarantees. This rule is correct because G expresses a property of C only, and not of the closed system obtained by composing A and C
[download]
Bibtex reference
@inproceedings\{GrafQuinton07,
title = \{Contracts for BIP: hierarchical interaction models for compositional verification},
booktitle = \{FORTE 2007, Talinn},
series = \{LNCS},
volume = \{4574},
note = \{invited presentation},
year = \{2007},
class = \{rap,web}
}
An Approach to Modeling and Verification of Component Based Systems
Gregor Gössler, Susanne Graf, Mila Majster-Cederbaum, M. Martens, Joseph Sifakis
Abstract
We propose results ensuring correctness by construction of a system from properties of its interaction model and of its components. We use a modelling framework based on an abstract layered model for components described in a previous paper. A component is the superposition of two models: a behavior model and an interaction model. Interaction models describe architectural constraints induced by connectors between components. We study conditions guaranteeing global or individual deadlock freedom for a system of interacting deadlock-free components depending only on its interaction model. We also provide examples illustrating the application of the results.
[download]
Bibtex reference
@inproceedings\{GoesslerGrafMila*06b,
author = \{Gregor Gössler and Susanne Graf and Mila Majster-Cederbaum and M. Martens and Joseph Sifakis},
title = \{An Approach to Modeling and Verification of Component Based Systems},
booktitle = \{Current Trends in Theory and Practice of Computer Science, SOFSEM'07},
year = \{2007},
series = \{LNCS},
number = \{4362},
class = \{rap,web}
}
Ensuring Properties of Interaction Systems by Construction
Gregor Gössler, Susanne Graf, Mila Majster-Cederbaum, M. Martens, Joseph Sifakis
Abstract
We propose results ensuring correctness by construction of a system from properties of its interaction model and of its components. The considered properties include deadlock-freedom, local progress of subsystems and robustness of these properties with respect to failure of components. This is done in a framework for component based modelling described in a previous paper. A component is the superposition of two models: a behaviour model and an interaction model. The interaction model describes the way the components may interact by introducing connectors that relate actions from different components. We illustrate our concepts and results with examples.
[download]
Bibtex reference
@inproceedings\{GoesslerGrafMila*06,
author = \{Gregor Gössler and Susanne Graf and Mila Majster-Cederbaum and M. Martens and Joseph Sifakis},
title = \{Ensuring Properties of Interaction Systems by Construction},
booktitle = \{Program Analysis and Compilation, Theory and Practice},
series = \{LNCS},
number = \{4444},
year = \{2007},
class = \{rap,web}
}
MARTES - Modelling and Analysis of Real Time and Embedded Systems Using UML
Susanne Graf, Sébastien Gérard, Oystein Haugen, Iulian Ober, Bran Selic
Abstract
This paper presents an overview on the outcomes of the workshop
MARTES on Modelling and Analysis of Real Time and Embedded Systems
that has taken place for the second time in association with the MoDELS/UML
2006 conference. Important themes discussed at this workshop concerned (1)
tools for analysis and model transformation and (2) concepts for modelling
quantitative aspects with the perspective of analysis.
[download]
Bibtex reference
@inproceedings\{GerardGrafHaugenOberSelic-Martes-06,
author = \{Susanne Graf and Sébastien Gérard and Oystein Haugen and Iulian Ober and Bran Selic},
title = \{{MARTES} - Modelling and Analysis of Real Time and Embedded Systems Using UML},
booktitle = \{MoDELS 2006 International Workshops,
Doctoral Symposium, Educators Symposium; Genoa, October 2006, Revised Selected Papers},
series = \{LNCS 4364},
year = \{2006},
class = \{web,rap}
}
Qualification d'architectures fontionnelles
Marius Bozga, Pierre Combes, Susanne Graf, Wei Monin, Nicolas Moteau
Abstract
The scope of this paper is the development of a method supported by tools for the qualification of distributed functional architectures. Architecture qualification is concerned by the analysis of Quality of service criteria, such as performance, and resource dimensioning. This qualification implies the modelling of the functional architecture and its components, in a structured and step-wise view, using different UML2 diagrams. The functional architecture should be validated in terms of dependability and conformity, but also in terms of performance and resource dimensioning. The functional behaviour analysis is based on the use of UML activity diagrams, and this paper proposes some new operators in order to improve the readability and efficiency of activity diagrams. Finally the annotated UML diagrams are translated towards models for performance evaluation.
[download]
Bibtex reference
@inproceedings\{BozgaCombesGraf*06,
author = \{Marius Bozga and Pierre Combes and Susanne Graf and Wei Monin and Nicolas Moteau},
title = \{Qualification d'architectures fontionnelles},
booktitle = \{Notere'06},
year = \{2006},
class = \{web,rap}
}
A case study in UML model-based validation: The Ariane-5 launcher software
Iulian Ober, Susanne Graf, David Lesens
Abstract
We present the modeling and validation experiments performed with the IFx validation toolset and with the UML profile developed within the IST Omega project, on a representative space vehicle control system: a model of the Ariane-5 flight software obtained by reverse engineering.
The goal of the study is to verify functional and scheduling-related requirements under different task architecture assumptions.
[download]
Bibtex reference
@inproceedings\{OberGrafLesens06,
author = \{Iulian Ober and Susanne Graf and David Lesens},
title = \{A case study in UML model-based validation: The Ariane-5 launcher software},
year = \{2006},
booktitle = \{FMOODS 2006},
series = \{LNCS},
volume = \{4037},
class = \{web,rap}
}
Using an UML profile for timing analysis with the IF validation tool-set
Iulian Ober, Susanne Graf, Yuri Yushtein
[download]
Bibtex reference
@inproceedings\{GrafOberYushtein06,
author = \{Iulian Ober and Susanne Graf and Yuri Yushtein},
title = \{Using an UML profile for timing analysis with the IF validation tool-set},
booktitle = \{Proceedings of Model-Based Development of Embedded Systems, MBEES, Dagstuhl, Germany},
series = \{Technical Report SSE, U. Braunschweig},
number = \{2006/01},
month = \{},
year = \{2006},
class = \{validation,web,rap}
}
MARTES - Specification and Validation of Real-time and Embedded Systems, workshop overview
Susanne Graf, Sébastien Gérard, Oystein Haugen, Iulian Ober, Bran Selic
Abstract
This paper presents an overview on the workshop on Modelling and Analysis of Real-TIme Embedded systems that is a follow-up workshop of the previous SVERTS and SIVOES workshops, that took place with the Models/UML 2005 conference. The main themes discussed at this years workshop concerned modelling for validation and profiles for real-time.
[download]
Bibtex reference
@inproceedings\{GerardGrafHaugenOberSelic-Martes-05,
author = \{Susanne Graf and Sébastien Gérard and Oystein Haugen and Iulian Ober and Bran Selic},
title = \{{MARTES} - Specification and Validation of Real-time and Embedded Systems, workshop overview},
booktitle = \{MoDELS 2005 International Workshops, Doctoral Symposium, Educators Symposium; Montenegro Bay, Jamaica, October 2005, Revised Selected Papers},
series = \{LNCS 3844},
year = \{2005},
class = \{web,rap}
}
Timing analysis and validation of the embedded MARS bus manager
Iulian Ober, Susanne Graf, Yuri Yushtein
Abstract
This paper presents a case study in UML-based modelling and validation of the intricate timing aspects arising in a small but complex component of the airborne Medium Altitude Reconaissance System produced by NLR. The purpose is to show how automata-based timing analysis and verification tools can be used by field engineers for solving isolated hard points in a complex real-time design, even if the press-button verification of entire systems remains a remote goal. We claim that the accessibility of such tools is largely improved by the use of a UML profile with intuitive features for modeling timing and related properties.
[download]
Bibtex reference
@inproceedings\{GrafOberYushtein05,
author = \{Iulian Ober and Susanne Graf and Yuri Yushtein},
title = \{Timing analysis and validation of the embedded MARS bus manager},
booktitle = \{Intl Workshop on Modeling and Analysis of Real Time Embedded Systems, MARTES 2005, associated with MoDELS 2005},
month = \{},
year = \{2005},
class = \{validation,web,rap}
}
COTS Component-Based Embedded Systems - A Dream or Reality?
Ivica Crnkovic, Jakob Axelsson, Susanne Graf, Magnus Larsson, Rob C. van Ommering, Kurt C. Wallnau
Abstract
[download]
Bibtex reference
@inproceedings\{IvicaGraf*05,
author = \{Ivica Crnkovic and Jakob Axelsson and Susanne Graf and Magnus Larsson and Rob C. van Ommering and Kurt C. Wallnau},
title = \{COTS Component-Based Embedded Systems - A Dream or Reality?},
booktitle = \{ICCBSS 2005, Bilbao, January 2005},
note = \{LNCS Volume 3412},
class = \{components,rap,web},
year = \{2005}
}
Time in Abstract State Machines
Susanne Graf, Andreas Prinz
Abstract
State machines are considered a very general means of expressing computations in an implementation-independent way. There are also ways to extend the general state machine framework with distribution aspects. However, there is still no agreement when it comes to handling time in this framework. In this article we take a look at existing ways to enhance state machine frameworks. Based on this we propose a general framework of time extensions for state machines, which we relate to existing approaches. Our work is mainly based on time approaches for ASM, because ASM are considered a very general state machine model. Taking this into account, our approach is valid for state-transition systems in general.
[download]
Bibtex reference
@inproceedings\{Graf-Prinz-ASM05,
author = \{Susanne Graf and Andreas Prinz},
title = \{Time in Abstract State Machines},
booktitle = \{ASM 2005, Paris},
oldnote = \{to appear in LNCS},
class = \{web,rap,time},
year = \{2005},
note = \{appeared in conference proceedings, submitted for publication in Fundamentae Informaticae, to be published in 2006}
}
SVERTS - Specification and Validation of Real-time and Embedded Systems, workshop overview
Susanne Graf, Oystein Haugen, Ileana Ober, Bran Selic
Abstract
This paper presents an overview on the workshop on Specification and Validation of Real-time and embedded Systems that has taken place for the second time in association with the UML 2004 conference. The main themes discussed at this years workshop concerned modeling of real-time features with the perspective of validation as well as some particular validation issues.
[download]
Bibtex reference
@inproceedings\{GrafHaugenOberSelic-Sverts-04,
author = \{Susanne Graf and Oystein Haugen and Ileana Ober and Bran Selic},
title = \{{SVERTS} - Specification and Validation of Real-time and Embedded Systems, workshop overview},
booktitle = \{Workshops with UML 2004, Overviews and selected publications, LNCS 3297},
year = \{2004},
class = \{web,rap}
}
The IF toolset
Marius Bozga, Susanne Graf, Iulian Ober, Ileana Ober, Joseph Sifakis
Abstract
This paper presents an overview on the IF toolset which is an environment for modelling and validation of heterogeneous real-time systems. The toolset is built upon a rich formalism, the IF notation, allowing structured automata-based system representations. Moreover, the IF notation is expressive enough to support real-time primitives and extensions of high-level modelling languages such as SDL and UML by means of structure preserving mappings.
The core part of the IF toolset consists of a syntactic transformation component and an open exploration platform. The syntactic transformation component provides language level access to IF descriptions and has been used to implement static analysis and optimisation techniques. The exploration platform gives access to the graph of possible executions. It has been connected to different state-of-the-art model-checking and test-case generation tools.
A methodology for the use of the toolset is presented at hand of a case study concerning the Ariane-5 Flight Program for which both an SDL and a UML model have been validated.
[download]
Bibtex reference
@inproceedings\{BozgaGrafOberSifakis-SFM-04,
author = \{Marius Bozga and Susanne Graf and Iulian Ober and Ileana Ober and Joseph Sifakis},
title = \{The IF toolset},
booktitle = \{4th International School on Formal Methods for the Design of Computer, Communication and Software Systems: Real Time, SFM-04:RT, Bologna, Sept. 2004},
series = \{LNCS Tutorials, Springer},
number = \{3185},
class = \{tools, time, rap, web},
year = \{2004}
}
How useful is the UML real-time profile SPT without Semantics?
Susanne Graf, Ileana Ober
Abstract
In this position paper we argue that the present practise in UML, consisting in standardising notations only at the level of abstract syntax (meta-model) is in particular in the context of real-time embedded systems, and thus the SPT profile, hindering the usefulness of the standard. A standard should make possible exchange of (parts of) models, and this is clearly not the case today. We argue that the real-time profile that we have defined in the context of the OMEGA project, can provide a basis for the semantic definition of any real-time profile. Also, the translation of the operational part of UML into IF, based on the use of priorities, can be mimicked for providing a means to define any particular execution semantics in UML.
[download]
Bibtex reference
@inproceedings\{Graf-Ober-SIVOES-04,
author = \{Susanne Graf and Ileana Ober},
title = \{How useful is the UML real-time profile SPT without Semantics?},
booktitle = \{SIVOES 2004, associated with RTAS 2004, Toronto Canada},
note = \{position paper},
class = \{time,rap,web},
month = \{},
year = \{2004}
}
A Framework for Time in FDTs
Susanne Graf, Andreas Prinz
Abstract
An improved version is available at [GP05].
Bibtex reference
@inproceedings\{Graf-Prinz-Forte04,
author = \{Susanne Graf and Andreas Prinz},
title = \{A Framework for Time in FDTs},
booktitle = \{FORTE 2004, participants proceedings},
class = \{time,web.rap},
year = \{2004}
}
Correct Development of Embedded Systems
Susanne Graf, Jozef Hooman
Abstract
This paper provides an overview on the approach of the IST OMEGA project for the development of correct software for embedded systems based on the use of UML as modelling language. The main contributions of the project are the definition of a useful subset of UML and some extensions, a formal dynamic semantics integrating all notations and a tool set for the validation of models based on this semantics
[download]
Bibtex reference
@inproceedings\{Graf-Hooman-EWSA-04,
author = \{Susanne Graf and Jozef Hooman},
title = \{Correct Development of Embedded Systems},
booktitle = \{European Workshop on Software Architecture: Languages, Styles, Models, Tools, and Applications (EWSA 2004), co-located with ICSE 2004, St Andrews, Scotland},
series = \{LNCS 3047},
class = \{time,web,rap},
month = \{},
year = \{2004}
}
IF Tutorial
Marius Bozga, Susanne Graf, Laurent Mounier, Iulian Ober
Abstract
This provided a tutorial on the IF language and on the detailed architecture of the IF verification toolset, as well as detailed descriptions of the translators and verification algorithms.
Bibtex reference
@inproceedings\{Bozga-Graf-Mounier-04,
author = \{Marius Bozga and Susanne Graf and Laurent Mounier and Iulian Ober},
title = \{IF Tutorial},
booktitle = \{9th SPIN'04 Workshop on Model-Checking of Software, Barcelona, Spain},
series = \{Lecture Notes in Computer Science},
volume = \{2989},
month = \{April},
year = \{2004},
class = \{time,validation, rap,web}
}
Model Checking of UML Models via a Mapping to Communicating Extended Timed Automata
Iulian Ober, Susanne Graf, Ileana Ober
Abstract
We present a technique and a tool for model-checking operational UML models based on a mapping of object oriented UML models into a framework of communicating extended timed automata - in the IF format - and the use of the existing model-checking and simulation tools for this format. We take into account most of the structural and behavioural characteristics of classes and their interplay and tackle issues like the combination of operations, state machines, inheritance and polymorphism, with a particular semantic profile for communication and concurrency. The UML dialect considered here, also includes a set of extensions for expressing timing. Our approach is implemented by a tool importing UML models via an XMI repository, and thus supporting several commercial and non-commercial UML editors. For user friendly interactive simulation, an interface has been built, presenting feedback to the user in terms of the original UML model. Model-checking and model exploration can be done by reusing the existing IF state-of-the-art validation environment.
[download]
Bibtex reference
@inproceedings\{OberGraf-04-spin,
author = \{Iulian Ober and Susanne Graf and Ileana Ober},
title = \{Model Checking of UML Models via a Mapping to Communicating Extended Timed Automata},
booktitle = \{11th International SPIN Workshop on Model Checking of Software, 2004},
volume = \{LNCS 2989},
year = \{2004},
class = \{time,validation,rap,web}
}
Validating Timed UML models by simulation and verification
Iulian Ober, Susanne Graf, Ileana Ober
Abstract
A more recent and complete version of this paper is [OGO05].
Bibtex reference
@inproceedings\{Graf-Ober-UML03b,
author = \{Iulian Ober and Susanne Graf and Ileana Ober},
title = \{Validating Timed UML models by simulation and verification},
booktitle = \{Workshop SVERTS on Specification and Validation of UML models for Real Time and Embedded Systems, a satellite event of UML 2003, San Francisco, October 2003},
month = \{},
year = \{2003},
class = \{web,rap,time}
}
Timed annotations in UML
Susanne Graf, Ileana Ober, Iulian Ober
Abstract
A more recent and complete version of this paper is [GOO05].
Bibtex reference
@inproceedings\{Graf-Ober-UML03a,
author = \{Susanne Graf and Ileana Ober and Iulian Ober},
title = \{Timed annotations in UML},
booktitle = \{Workshop SVERTS on Specification and Validation of UML models for Real Time and Embedded Systems, a satellite event of UML 2003, San Francisco, October 2003},
month = \{},
year = \{2003},
class = \{web,rap,time}
}
Abstraction as the Key for Invariant Verification
S. Bensalem, S. Graf, Y. Lakhnech
Abstract
We present a methodology for constructing abstractions and refining them by analyzing counter-examples. We also present a uniform verification method that combines abstraction, model-checking and deductive verification. In particular, we show how to use the abstract system in a deductive proof even when the abstract model does not satisfy the specification but simulates the concrete system with respect to a weaker notion of simulation than Milner's.
[download]
Bibtex reference
@inproceedings\{BensalemGrafLakhnech03,
author = \{S. Bensalem and S. Graf and Y. Lakhnech},
title = \{Abstraction as the Key for Invariant Verification},
booktitle = \{Int. Symposium on Verification celebrating Zohar Manna's 64th Birthday},
publisher = \{LNCS 2772, Springer Verlag},
year = \{2003},
class = \{web,rap}
}
A Real-time profile for UML and how to adapt it to SDL
Susanne Graf, Ileana Ober
Abstract
This paper presents work of the IST project OMEGA, where we have defined a UML profile for real-time compatible with the Profile for Performance, Scheduling and Real-time accepted recently at OMG. In contrast to this OMG profile, we put emphasis on semantics and on its use in the context of timed analysis of real-time embedded systems. The defined profile is compatible with the time concepts existing in SDL, and we show how we can adapt also those notations to SDL and MSC which do not yet exist in these ITU languages. We analyze also the possibilities of validation of systems using the profile which is used as guide for the definition of subsets allowing different validation approaches.
[download]
Bibtex reference
@inproceedings\{Graf-Ober-SDL03,
author = \{Susanne Graf and Ileana Ober},
title = \{A Real-time profile for UML and how to adapt it to SDL},
booktitle = \{SDL Forum 2003, July 1-4, Stuttgart},
series = \{LNCS},
number = \{2708},
month = \{},
year = \{2003},
class = \{web,rap,time}
}
Expression of time and duration constraints in SDL
Susanne Graf
Abstract
In this paper, we give an overview on time related features, useful in the context of real-time system design using the SDL design language. We classify them into two categories, those needed for modelling of non-functional aspects and analysis, and those needed for functional design.
We are careful to allow a clear distinction between functional and non functional parts of specifications. We show how these features are represented at the semantic level with a minimal number of primitives. We discusses a possible semantic framework for time annotaded SDL designs, compatible with the ASM semantics of SDL 2000.
[download]
Bibtex reference
@inproceedings\{Graf-SAM02,
author = \{Susanne Graf},
title = \{Expression of time and duration constraints in SDL},
booktitle = \{3rd SAM Workshop on SDL and MSC, University of Wales Aberystwyth},
series = \{LNCS},
number = \{2599},
publisher = \{Springer Verlag},
month = \{},
year = \{2002},
class = \{web,rap}
}
IF-2.0: A Validation Environment for Component-Based Real-Time Systems
M. Bozga, S. Graf, L. Mounier
Abstract
The paper presents the new version of the IF language and validation environment.
The main new features of the language concern the ability to describe dynamic architures by means of concepts for dynamic creation and distruction of processes and communication channels, hierarchical states and a simplification of the action structure, allowing in particular the inclusion of external code.
The main changes in the toolset concern the exploration engine, generating the semantic model: each process or signalroute is represented as an object with an internal state and a set of fireable(local) transitions, depending on its current state (where Time is a specialised process dealing with the management of all (running) clocks). Coordination is realised by a process manager which scans the set of local transitions, chooses the fireable one(s) with respect to global (system) constraints, askd the corresponding processes to execute these transitions and updated the global state accordingly.
[download]
Bibtex reference
@inproceedings\{BozgaMounierGraf*CAV02,
author = \{M. Bozga and S. Graf and L. Mounier},
title = \{{IF-2.0}: A Validation Environment for Component-Based Real-Time Systems},
booktitle = \{Proceedings of Conference on Computer Aided Verification, CAV'02, Copenhagen},
series = \{LNCS},
number = \{2404},
publisher = \{Springer Verlag},
month = \{},
year = \{2002},
class = \{web,rap}
}
Automated validation of distributed software using the IF environment
Marius Bozga, Susanne Graf, Laurent Mounier
Abstract
Bibtex reference
@inproceedings\{BozgaGrafMounier01b,
author = \{Marius Bozga and Susanne Graf and Laurent Mounier},
title = \{Automated validation of distributed software using the IF environment},
booktitle = \{2001 IEEE International Symposium on Network Computing and Applications (NCA 2001)},
publisher = \{IEEE},
month = \{},
year = \{2001},
class = \{web,rap}
}
Automated validation of distributed software using the IF environment
Marius Bozga, Susanne Graf, Laurent Mounier
Abstract
This paper summarizes our experience with IF, an open validation environment for distributed software systems. Indeed, face to the increasing complexity of such systems, none of the existing tools can cover by itself the whole validation process. The IF environment was built upon an expressive intermediate language and allows to connect several validation tools, providing most of the advanced techniques currently available. The results obtained on several large case-studies, including telecommunication protocols and embedded software systems, confirm the practical interest of this approach.
[download]
Bibtex reference
@inproceedings\{BozgaGrafMounier01,
author = \{Marius Bozga and Susanne Graf and Laurent Mounier},
title = \{Automated validation of distributed software using the IF environment},
booktitle = \{Workshop on Software Model-checking, associated with CAV 2001, Paris},
series = \{Electronic Notes in Theoretical Computer Science},
volume = \{55},
issue = \{3},
publisher = \{Elsevier Science Publishers},
month = \{},
year = \{2001},
editor = \{Scott D. Stoller and Willem Visser},
reference = \{http://www.elsevier.nl/gej-ng/31/29/23/83/34/show/Products/notes/index.htt?-debug=5#007},
class = \{web,rap}
}
Timed Extensions for SDL
Marius Bozga, Susanne Graf Alain Kerbrat, Laurent Mounier, Iulian Ober, Daniel Vincent
Abstract
In this paper we propose some extensions necessary to enable the specification and description language SDL to become an appropriate formalism for the design of real-time and embedded systems. The extensions we envisage concern both roles of SDL: First, in order to make SDL a real-time specification language, allowing to correctly simulate and verify real-time specifications, we propose a set of annotations to express in a flexible way assumptions and assertions on timing issues such as execution durations, communication delays, or periodicity of external inputs. Second, in order to make SDL a real-time design language, several useful real-time programming concepts are missing. In particular we propose to extend the basic SDL timer mechanism by introducing new primitives such as cyclic timers, interruptive timers, and access to timer value. All these extensions relies on a clear and powerful time semantics for SDL, which extends the current one, and which is based on timed automata with urgencies.
[download]
Bibtex reference
@inproceedings\{BozgaGrafOber*01,
author = \{Marius Bozga and Susanne Graf Alain Kerbrat and Laurent Mounier and Iulian Ober and Daniel Vincent},
title = \{Timed Extensions for SDL},
booktitle = \{SDL Forum 2001},
month = \{},
publisher = \{Springer Verlag},
series = \{LNCS},
volume = \{2078},
year = \{2001},
class = \{web,rap}
}
Verification Experiments on the Mascara Protocol
Susanne Graf, Guoping Jia
Abstract
In this paper, we describe a case study on the verification of a real industrial protocol for wireless ATM, called MASCARA. Several tools have been used: SDL has been chosen as the specification language and the commercial tool ObjectGeode has been used for creating and maintaining SDL descriptions. The IF tool-set has been used for generation, minimization and comparison of system models and verification of expected properties. All specification and verification tools are connected via the IF language, which has been defined as an intermediate representation for timed asynchronous systems as well as an open validation environment. Due to the complexity of the protocol, static analysis techniques, such as live variable analysis and program slicing, were the key to the success of this case study. The results obtained give some hints concerning a methodology for the formal verification of real systems.
[download]
Bibtex reference
@inproceedings\{JiaGraf00a,
author = \{Susanne Graf and Guoping Jia},
title = \{Verification Experiments on the Mascara Protocol},
booktitle = \{Spin Workshop 2001, Toronto},
series = \{LNCS},
number = \{2057},
publisher = \{Springer Verlag},
month = \{},
year = \{2001},
class = \{web,rap}
}
IF: A Validation Environment for Timed Asynchronous Systems
M. Bozga, L. Ghirvu, S. Graf, L. Mounier
Abstract
This paper summarizes our experience with IF, an open validation environment for distributed software systems. Indeed, face to the increasing complexity of such systems, none of the existing tools can cover by itself the whole validation process. The IF environment was built upon an expressive intermediate language and allows to connect several validation tools, providing most of the advanced techniques currently available. The results obtained on several large case-studies, including telecommunication protocols and embedded software systems, confirm the practical interest of this approach.
[download]
Bibtex reference
@inproceedings\{BozgaFernandGhirvu*CAV00,
author = \{M. Bozga and L. Ghirvu and S. Graf and L. Mounier},
title = \{{IF}: A Validation Environment for Timed Asynchronous Systems},
booktitle = \{Proceedings of Conference on Computer Aided Verification, CAV'00, Chicago},
series = \{LNCS},
number = \{1855},
publisher = \{Springer Verlag},
month = \{},
year = \{2000},
class = \{web,rap}
}
SDL for Real Time: What is missing?
Marius Bozga, Susanne Graf Alain Kerbrat, Laurent Mounier, Iulian Ober, Daniel Vincent
Abstract
This paper provides an overview on the main weaknesses of SDL for the development of real-time sysstems, both on the programming and on the specification side. In particular the fact that according to the standard time progress is totally external and forbids control over time progress is a real hindernis for verification. For this reason, we propose to introduce in SDL the time concepts of timed automata with urgency. We illustrate our proposal by means of a small but realistic example, and show the relationships to several other proposals.
[download]
Bibtex reference
@inproceedings\{BozgaGrafOber*00,
author = \{Marius Bozga and Susanne Graf Alain Kerbrat and Laurent Mounier and Iulian Ober and Daniel Vincent},
title = \{SDL for Real Time: What is missing?},
booktitle = \{Workshop SAM2000},
month = \{},
year = \{2000},
class = \{web,rap}
}
IF: An Intermediate Representation and Validation Environment for Timed Asynchronous Systems
M. Bozga, J.Cl. Fernandez, L. Ghirvu, S. Graf, J.P. Krimm, L. Mounier
Abstract
We present work of a project for the improvement of a specification/validation toolbox integrating a commercial toolset ObjectGeode and different validation tools such as the verification tool CADP and the test sequence generator TGV. The intrinsic complexity of most protocol specifications lead us to study combination of other techniques such as static analysis and abstraction together with the classical model-checking techniques. Experimentation and validation of our results in this context motivated the development of an intermediate representation for SDL called IF. In this intermediate representation, a system is represented as a set of timed automata communicating asynchronously through a set of buffers or by rendez-vous through a set of synchronization gates. The advantage of the use of such a program level intermediate representation is that it is easier to interface with various existing tools, such as static analysis, abstraction and compositional state space generation. Moreover, it allows to define for SDL different, but mathematically sound, notions of time.
The purpose of this paper is to show that the intermediate representation IF can serve as a basis for the interconnections of various tools with different input languages into a unified validation framework.
[download]
Bibtex reference
@inproceedings\{BozgaFernandGhirvu*FM99,
author = \{M. Bozga and J.Cl. Fernandez and L. Ghirvu and S. Graf and J.P. Krimm and L. Mounier},
title = \{{IF}: An Intermediate Representation and Validation Environment for Timed Asynchronous Systems},
booktitle = \{Proceedings of Symposium on Formal Methods 99, Toulouse},
series = \{LNCS},
number = \{1708},
publisher = \{Springer Verlag},
month = \{},
year = \{1999},
class = \{web,rap}
}
IF: An Intermediate Representation for SDL and its Applications
M. Bozga, J.Cl. Fernandez, L. Ghirvu, S. Graf, J.P. Krimm, L. Mounier, J. Sifakis
Abstract
We present work of a project for the improvement of a specification/validation toolbox integrating a commercial toolset ObjectGeode and different validation tools such as the verification tool CADP and the test sequence generator TGV. The intrinsic complexity of most protocol specifications lead us to study combination of other techniques such as static analysis and abstraction together with the classical model-checking techniques. Experimentation and validation of our results in this context motivated the development of an intermediate representation for SDL called IF. In this intermediate representation, a system is represented as a set of timed automata communicating asynchronously through a set of buffers or by rendez-vous through a set of synchronization gates. The advantage of the use of such a program level intermediate representation is that it is easier to interface with various existing tools, such as static analysis, abstraction and compositional state space generation. Moreover, it allows to define for SDL different, but mathematically sound, notions of time.
The purpose of this paper is to show that the intermediate representation IF can serve as a basis for studying semantics of time extensions of SDL.
[download]
Bibtex reference
@inproceedings\{BozgaFernandGhirvu*SDL99,
author = \{M. Bozga and J.Cl. Fernandez and L. Ghirvu and S. Graf and J.P. Krimm and L. Mounier and J. Sifakis},
title = \{{IF}: An Intermediate Representation for {SDL} and its Applications},
booktitle = \{Proceedings of SDL Forum 99, Montreal},
publisher = \{Elsevier},
month = \{},
year = \{1999},
class = \{web,rap}
}
Construction of abstract state graphs with PVS
S. Graf, H. Saidi
Abstract
In this paper, we propose a method for the automatic construction of an abstract state graph of an arbitrary system using the PVS theorem prover, called predicate abstraction. Given a parallel composition of sequential processes and predicates P1 ... Pn on the program variables defining an abstract domain, we construct an abstract state graph, starting in the state defined by the values of the predicates P1 ... Pn in the initial state. The possible successors of a state are computed using the PVS theorem prover by verifying for each i if Pi or not Pi is a postcondition of it. This allows an abstract state space exploration for arbitrary programs. Using this method, we have automatically verified a bounded retransmission protocol which cannot be proved using backward analysis without providing strong auxiliary invariants.
[download]
Bibtex reference
@inproceedings\{GrafSaidi97,
author = \{S. Graf and H. Saidi},
title = \{Construction of abstract state graphs with PVS},
booktitle = \{Conference on Computer Aided Verification CAV'97, Haifa},
series = \{LNCS},
volume = \{1254},
month = \{},
year = \{1997},
class = \{web,rap}
}
Verifying invariants using theorem proving
S. Graf, H. Saidi
Abstract
Our goal is to use a theorem prover in order to verify invariance properties of distributed systems in a model checking like manner. A system S is described by a set of sequential components, each one given by a transition relation and a predicate Init defining the set of initial states. In order to verify that P is an invariant of S, we try to compute, in a model checking like manner, the weakest predicate P' stronger than P and weaker than Init which is an inductive invariant, that is, whenever P' is true in some state, then P' remains true after the execution of any possible transition. The fact that P is an invariant can be expressed by a set of predicates (having no more quantifiers than P) on the set of program variables, one for every possible transition of the system. In order to prove these predicates, we use either automatic or assisted theorem proving depending on their nature.
We show in this paper how this can be done in an efficient way using the Prototype Verification System PVS. A tool implementing this verification method is presented.
[download]
Bibtex reference
@inproceedings\{GrafSaidi96,
author = \{S. Graf and H. Saidi},
title = \{Verifying invariants using theorem proving},
booktitle = \{Conference on Computer Aided Verification CAV'96},
series = \{LNCS},
volume = \{1102},
month = \{},
year = \{1996},
class = \{web,rap}
}
Verification of a distributed Cache memory by using abstractions
S. Graf
Abstract
The contribution of the paper is two-fold. We give a set of properties expressible as temporal logic formulas such that any system satisfying them is a sequentially consistent memory, and which is sufficiently precise such that every reasonnable concrete system implementing a sequentially consistent memory satisfies these properties.
Then, we verify these properties on a particular distributed cache memory systems by means of a verification method, based on the use of abstract interpretation which has been presented in previous papers ([LBBGS95]) and often applied to finite state systems. The motivation of this paper was to show that it can also been applied to systems with infinite state space, and a more recent papers shows that the method can even be automatized ([GS97])
[download]
Bibtex reference
@inproceedings\{Graf94,
author = \{S. Graf},
title = \{Verification of a distributed Cache memory by using abstractions},
booktitle = \{Conference on Computer Aided Verification CAV'94, Stanford},
publisher = \{LNCS 818, Springer Verlag},
month = \{},
note = \{a largely improved and extended version appeared in Distributed Computing which is the online version},
year = \{1994},
class = \{web,rap}
}
A tool for symbolic program verification and abstraction
S. Graf, C. Loiseaux
Abstract
We give the description of a verification tool taking boolean programs of guarded commands as input; internal representation of programs are sets of Binary Decision Diagrams (BDD) (one for each guarded command). It allows to construct an abstract program of the same form obtained using an abstraction relation given by a boolean expression on ``concrete'' and ``abstract'' variables. The tool allows the verification of CTL formulas on programs. We illustrate its possibilities on an example.
[download]
Bibtex reference
@inproceedings\{GrafLoiseaux93,
author = \{S. Graf and C. Loiseaux},
title = \{A tool for symbolic program verification and abstraction},
booktitle = \{Conference on Computer Aided Verification CAV 93, Heraklion Crete},
publisher = \{LNCS 697, Springer Verlag},
year = \{1993},
class = \{web,rap}
}
Program Verification using compositional Abstraction
S. Graf, C. Loiseaux
Abstract
In this paper we describe a method for the obtention of the minimal transition system, representing a communicating system given by a set of parallel processes, avoiding the complexity of the non minimal transition system. We consider minimization with respect to observational equivalence, but the method may be adapted to any other equivalence. An interesting method to achieve this goal is to proceed by stepwise composition and minimization of the components of the system. However, if no precautions are taken, the intermediate state graphs generated by this method may contain a lot of transitions which are impossible in the whole context. We give here a variant of this method which allows to avoid these impossible transitions by taking into account at each composition step a guess of the interface behaviour of the context. This ``interface specification'' must be provided by the user. The method is based on a reduction operator for the composition of a subsystem with its interface specification, which is similar to the parallel operator but introduces undefinedness predicates whereever the interface ``cuts off'' a transition. The parallel operator is defined in a way that these undefinedness predicates disappear again in the full context if and only if the corresponding transition is in fact impossible in the whole system. The efficiency of the method depends in fact on the accuracy with which the designer is able to approximate the possible sequences of the context, but its correctness does not. The proof of the correctness of the method is based on a preorder relation similar to the one defined by Walker.
[download]
Bibtex reference
@inproceedings\{GrafLoiseaux92,
author = \{S. Graf and C. Loiseaux},
title = \{Program Verification using compositional Abstraction},
year = \{1993},
month = \{},
booktitle = \{TAPSOFT 93, joint conference CAAP/FASE},
publisher = \{LNCS 668, Springer Verlag},
class = \{web,rap}
}
Delta-4 Architecture Validation
K. Kanoun, J. Arlat, L. Burrill, Y. Crouzet, S. Graf, E. Martins, A. MacInness, D. Powell, J.-L. Richier, J. Voiron
Abstract
Bibtex reference
@inproceedings\{KanounArlatBurrillGraf*91,
author = \{K. Kanoun and J. Arlat and L. Burrill and Y. Crouzet and S. Graf and E. Martins and A. MacInness and D. Powell and J.-L. Richier and J. Voiron},
title = \{Delta-4 Architecture Validation},
year = \{1991},
booktitle = \{ESPRIT Conference Week 91},
class = \{rap,web}
}
An Algebra for Boolean Processes
C. Courcoubetis, S. Graf, J. Sifakis
Abstract
This work has been motivated by the study of the S/R-models which allow to represent systems as a set of communicating state machines cooperating through a shared memory. We show that S/R-models can be expressed in terms of a process algebra called Boolean SCCS which is a special case of Milner's SCCS, in the sense that the actions are elements of some boolean algebra. We define for BSSCS an operational and a symbolic semantics modulo strong bisimulation equivalence. A complete axiomatisation of bisimulation and simulation equivalences on this algebra is proposed. Furthermore, we propose a very general renaming operator, and show by means of examples that it allows the definition of abstractions.
[download]
Bibtex reference
@inproceedings\{CourcoubetisGrafSifakis91,
author = \{C. Courcoubetis and S. Graf and J. Sifakis},
title = \{An Algebra for Boolean Processes},
booktitle = \{Workshop on Computer-Aided Verification CAV'91, Aalborg (Denmark)},
month = \{},
year = \{1991},
publisher = \{LNCS 575, Springer Verlag},
class = \{web,rap}
}
Safety for branching Semantics
A. Bouajjani, J.-C. Fernandez, S. Graf, J. Sifakis, C. Rodriguez
Abstract
We study in a first part of this paper safety and liveness properties for any given program semantics. We give a topological definition of these properties using a safety preorder. Then, we consider the case of branching time semantics where a program is modeled by a set of infinite computation trees modulo bisimulation. We propose and study a safety preorder for this semantics based on simulation and dealing with silent actions. We focus on regular safety properties and characterize them by both tree-automata and formulas of a branching time logic. We show that verifying safety properties on trees reduces to simulation testing.
[download]
Bibtex reference
@inproceedings\{BouajjaniFernandezGrafSifakis*90,
author = \{A. Bouajjani and J.-C. Fernandez and S. Graf and J. Sifakis and C. Rodriguez},
title = \{Safety for branching Semantics},
booktitle = \{18th ICALP, Madrid},
year = \{1991},
publisher = \{LNCS 510, Springer Verlag},
class = \{web,rap}
}
Formal Specification and verification of a Network Independent Atomic Multicast Protocol
M. Baptista, S. Graf, J.-L. Richier, L. Rodrigues, C. Rodriguez, P. Verissimo, J. Voiron
Abstract
Research on formal description techniques during the last years has revealed new trends on the description of distributed systems. Nevertheless, the application of these techniques to real and complex systems is not straightforward and there are not many case studies in this area. This paper presents an experience in protocol building area, by involving a close interaction between protocol design and formal verification, and shows off its application in the design of a real distributed system: a network independent atomic multicast protocol.
[download]
Bibtex reference
@inproceedings\{BaptistaGrafRichier*90,
author = \{M. Baptista and S. Graf and J.-L. Richier and L. Rodrigues and C. Rodriguez and P. Verissimo and J. Voiron},
title = \{Formal Specification and verification of a Network Independent Atomic Multicast Protocol},
booktitle = \{IFIP Conf. FORTE 90, Madrid},
adress = \{Madrid},
month = \{},
year = \{1990},
publisher = \{North Holland},
class = \{web,rap}
}
Compositional Minimisation of Finite State Processes
S. Graf, B. Steffen
Abstract
In this paper we describe a method for the obtention of the minimal transition system, representing a communicating system given by a set of parallel processes, avoiding the complexity of the non minimal transition system. We consider minimization with respect to observational equivalence, but the method may be adapted to any other equivalence. An interesting method to achieve this goal is to proceed by stepwise composition and minimization of the components of the system. However, if no precautions are taken, the intermediate state graphs generated by this method may contain a lot of transitions which are impossible in the whole context. We give here a variant of this method which allows to avoid these impossible transitions by taking into account at each composition step a guess of the interface behaviour of the context. This interface specification must be provided by the user. The method is based on a reduction operator for the composition of a subsystem with its interface specification, which is similar to the parallel operator but introduces undefinedness predicates whereever the interface cuts off a transition. The parallel operator is defined in a way that these undefinedness predicates disappear again in the full context if and only if the corresponding transition is in fact impossible in the whole system. The efficiency of the method depends in fact on the accuracy with which the designer is able to approximate the possible sequences of the context, but its correctness does not. The proof of the correctness of the method is based on a preorder relation similar to the one defined by Walker.
[download]
Bibtex reference
@inproceedings\{GrafSteffen90,
author = \{S. Graf and B. Steffen},
title = \{Compositional Minimisation of Finite State Processes},
booktitle = \{Workshop on Computer-Aided Verification, Rutgers},
series = \{Discrete Mathematics and Theoritical Computer Science},
publisher = \{American Mathematical Society, Association for Computing Machinery},
month = \{},
year = \{1990},
note = \{also as Aachener Informatik Bericht Nr. 91-23 and in LNCS 531, Springer Verlag, online version is the extended journal version},
class = \{web,rap}
}
What are the limits of model checking methods for the verification of real life protocols?
S. Graf, J-L. Richier, C. Rodriguez, J. Voiron
Abstract
Bibtex reference
@inproceedings\{GrafRichierRodriguezVoiron89a,
author = \{S. Graf and J-L. Richier and C. Rodriguez and J. Voiron},
title = \{What are the limits of model checking methods for the verification of real life protocols?},
booktitle = \{Workshop on Automatic Verification Methods for Finite State Systems, Grenoble},
publisher = \{LNCS 407, Springer Verlag},
month = \{},
year = \{1989},
class = \{web,rap}
}
A Logic for the description of Behaviours and Properties of Concurrent Systems
A. Bouajjani, S. Graf, J. Sifakis
Abstract
Bibtex reference
@inproceedings\{BouajjaniGrafSifakis88a,
author = \{A. Bouajjani and S. Graf and J. Sifakis},
title = \{A Logic for the description of Behaviours and Properties of Concurrent Systems},
booktitle = \{Linear Time, Branching Time and Partial Order in Logics and Models for Concurrency, School/Workshop, Noordwijkerhout},
series = \{LNCS},
volume = \{354},
month = \{},
year = \{1988},
class = \{web,rap}
}
An expressive logic for a process algebra with silent actions
S. Graf, J. Sifakis
Abstract
Bibtex reference
@inproceedings\{GrafSifakis87b,
author = \{S. Graf and J. Sifakis},
title = \{An expressive logic for a process algebra with silent actions},
booktitle = \{Int. Colloquium on Temporal Logic in Specification},
publisher = \{LNCS 398, Springer Verlag},
year = \{1987},
class = \{web,rap}
}
Readiness Semantics for Regular Processes with Silent Actions
S. Graf, J. Sifakis
Abstract
Bibtex reference
@inproceedings\{GrafSifakis87a,
author = \{S. Graf and J. Sifakis},
title = \{Readiness Semantics for Regular Processes with Silent Actions},
booktitle = \{ICALP 87, Karlsruhe},
publisher = \{LNCS 267, Springer Verlag},
month = \{},
year = \{1987},
class = \{web,rap}
}
A complete inference system for an algebra of regular acceptance models
S. Graf
Bibtex reference
@inproceedings\{Graf86d,
author = \{S. Graf},
title = \{A complete inference system for an algebra of regular acceptance models},
booktitle = \{MFCS 1986},
publisher = \{LNCS 223, Springer Verlag},
pages = \{386--396},
year = \{1986},
class = \{web,rap},
absatract = \{}
}
From synchronization tree logic to acceptance model logic
S. Graf, J. Sifakis
Abstract
Bibtex reference
@inproceedings\{GrafSifakis85a,
author = \{S. Graf and J. Sifakis},
title = \{From synchronization tree logic to acceptance model logic},
booktitle = \{Workshop on logics of programs, Brooklyn},
publisher = \{LNCS 193, Springer Verlag},
year = \{1985},
class = \{web,rap}
}
A Modal Characterization of Observational Congruence on Finite Terms of CCS
S. Graf, J. Sifakis
Bibtex reference
@inproceedings\{GrafSifakis84c,
author = \{S. Graf and J. Sifakis},
title = \{A Modal Characterization of Observational Congruence on Finite Terms of {CCS}},
booktitle = \{ICALP 84, Antwerpen},
publisher = \{LNCS 172, Springer Verlag},
year = \{1984},
class = \{web,rap},
annote = \{a full version is published in Information and Control}
}
Omega Final Project Report
Susanne Graf, Frank de Boer, Pierre Combes, Jozef Hooman, Hillel Kugler, Marcel Kyas, David Lesens, Iulian Ober, Angelika Votintseva, Yuri Yushtein, Meir Zenou
[download]
Bibtex reference
@techreport\{OmegaFinalReport-05,
author = \{Susanne Graf and Frank de Boer and Pierre Combes and Jozef Hooman and Hillel Kugler and Marcel Kyas and David Lesens and Iulian Ober and Angelika Votintseva and Yuri Yushtein and Meir Zenou},
title = \{Omega Final Project Report},
type = \{Deliverable of the Omega IST project},
class = \{web,rap},
year = \{2005}
}
Logiques du temps arborescent pour la spécification et la preuve de programmes
Susanne Graf
Bibtex reference
@phdthesis\{graf84a,
author = \{Susanne Graf},
school = \{Institut National Polytechnique de Grenoble},
title = \{Logiques du temps arborescent pour la spécification et la preuve de programmes},
type = \{Thèse de 3me cycle},
class = \{rap,web},
year = \{1984},
month = \{}
}