Meses: diciembre 2013

En la tesis doctoral Mechanical verification of parameterized real-time systems se presenta un marco para la verificación formal en Isabelle/HOL sistemas en tiempo real parametrizados.

Su autor es Thomas Göthel (de la Universidad Técnica de Berlín).

Su resumen es

Real-time systems often have to be able to cope with an unbounded number of components. For example, a real-time operating system scheduler manages arbitrarily many threads or a bus system copes with arbitrarily many connected devices. Such systems can be characterized as parameterized systems. The number of (homogeneous) components is the parameter of these systems. This makes their formal verification hard because standard verification techniques for finite system models (for example model checking) can be employed directly only for instances of the system. There exist several approaches for the (automatic) verification of special sub-classes of (mostly untimed) parameterized systems. However, approaches or tools that enable the comprehensive and mechanical verification of parameterized real-time systems with complex system topologies are still missing.

In this thesis, we overcome this problem by providing a framework for the mechanical, comprehensive, and semi-automatic verification of parameterized real-time systems. At its core we employ the process calculus Timed CSP, which is well-suited to describe the functional behavior as well as the non-functional timing behavior of systems. Our main contribution is threefold: First, we have developed a formalization of the operational semantics of Timed CSP together with notions of bisimulation equivalences in the Isabelle/HOL theorem prover. Second, in order to specify (timing) properties of systems, we provide a (mechanized) timed extension of Hennessy-Milner logic. Together with our formalization of Timed CSP and corresponding bisimulations, this enables the comprehensive and mechanical verification of possibly infinite (parameterized) real-time systems in a modular fashion. In particular, by providing both bisimulation and property based verification, we allow the developer to divide the verification problem into subproblems, which eases verification significantly. At the same time, the theorem prover ensures that no corner cases can be overlooked and all proofs are guaranteed to be correct. Finally, we support the development process of such systems with the integration of automatic verification tools. To this end, we have enriched our framework with transformation engines with which (finite) Timed CSP specifications can be transformed to a discrete dialect of CSP and to UPPAAL timed automata. By this, the FDR2 refinement checker and the UPPAAL tool suite can be used to explore and verify finite instances automatically. Thus, possible design flaws can be detected and corrected early in the development cycle and prior to the relatively time-consuming task of interactive theorem proving.

We show the applicability of our framework using the case study of a parameterized real-time operating system scheduler. Thereby, we demonstrate the benefits of the proposed mapping of Timed CSP to automatically analyzable languages. Furthermore, we show the effectiveness of our theorem proving approach for the comprehensive verification of parameterized real-time systems.
The motivation for our work comes from the observation that, due to their increasing complexity, embedded systems are often built atop trusted cores such as bus systems and real-time operating systems. Their correct functioning thus heavily depends on the correctness of the underlying cores. In the area of safety-critical embedded real-time systems, simulation and testing are not sufficient because they cannot ensure the absence of critical errors. Formal verification tackles this problem. To be of practical relevance, however, formal verification techniques should be mechanized and automatized as far as possible. The mechanization comes with the additional benefit of precluding verification faults as they can occur in hand-written proofs. Our case study forms an important core part of many safety-critical systems. In summary, we show how such cores can be mechanically verified and how their development can be supported with the help of automatic verification tools.