Formal analysis and verification of embedded systems for healthcare

output abstract input concrete output concrete input Test Model (AML) Model-based Testing Tool Adapter Implementation Figure 2.18: Model-based Testing In Fig. 2.17 the behavioral specification is enclosed in a block labeled by 'ready'. This block consists of a non-deterministic choice between the rules of the DSL model. The guarded statement inside each option describes a rule and only allows the rule to be chosen if it is active (i.e. the guard evaluates to true). The first option in the non-deterministic choice describes the first rule from Fig. 2.4. Observe that we have extended the specification of the first rule with two sequential compositions. This indicates that after evaluating the do clause an output action is performed and then the behavior of the 'ready' block is repeated. The folded blocks also have these sequential compositions as their last steps. This enforces the alternating execution of the input and output actions as specified by the processes PIn and POut in Section 2.4. 2.6.3 Interpreting the Results of Model-based Testing Validating the compliance of an implementation to a DSL model by model-based testing requires extra care to interpret the results correctly. A failed test case shows a discrepancy between the behavior described by the test model and the behavior implemented in the implementation. This can have three different reasons: • a mistake in the transformation from the DSL to the test models; • a failure in the implementation; • a modeling mistake in the DSL model, which is cascaded to the test model. The transformation from the DSL to test models should preserve the semantics of the DSL. A mistake in realizing the semantics may result in failed test cases. In Section 2.7 we introduce an approach to gain more confidence in the correctness of the generated models in Fig. 2.5. When there is sufficient confidence in the correctness of test models, a failed test case may indicate a failure of the implementation. The last item mentioned above is particularly relevant if implementations are not generated from the DSL. In such cases, failed test cases could also indicate a mistake in DSL models; the intended behavior is not correctly described in the DSL (and the same modeling mistakes are cascaded to the test model) but the implementation has correctly realized the behavior.

[1]  E. Gebler,et al.  Robust SOS Specifications of Probabilistic Processes , 2015 .

[2]  Marie-Claude Gaudel,et al.  Testing Can Be Formal, Too , 1995, TAPSOFT.

[3]  Meagen M Rosenthal Curriculum vitae for , 2015 .

[4]  Chee Yap,et al.  The exact computation paradigm , 1995 .

[5]  Peter R. Turner,et al.  Overflow, Underflow, and Severe Loss of Significance in Floating-Point Addition and Subtraction , 1986 .

[6]  M. Gazda,et al.  Fixpoint logic, games, and relations of consequence , 2016 .

[7]  Jan Friso Groote,et al.  Software engineering: Redundancy is key , 2015, Sci. Comput. Program..

[8]  J. Miller Numerical Analysis , 1966, Nature.

[9]  Andreas Zeller,et al.  Why Programs Fail: A Guide to Systematic Debugging , 2005 .

[10]  A. W. Roscoe Understanding Concurrent Systems , 2010, Texts in Computer Science.

[11]  Joeri de Ruiter,et al.  Lessons learned in the analysis of the EMV and TLS security protocols , 2015 .

[12]  Mamoun Filali,et al.  Formal Methods Meet Domain Specific Languages , 2005, IFM.

[13]  César A. Muñoz,et al.  Software Validation via Model Animation , 2015, TAP@STAF.

[14]  Michiel Helvensteijn,et al.  Abstract delta modeling : software product lines and beyond , 2014 .

[15]  Nicholas J. Higham,et al.  Functions of matrices - theory and computation , 2008 .

[16]  Marc Geilen,et al.  Software/Hardware Engineering with the Parallel Object-Oriented Specification Language , 2007, 2007 5th IEEE/ACM International Conference on Formal Methods and Models for Codesign (MEMOCODE 2007).

[17]  Antoine Girard,et al.  SpaceEx: Scalable Verification of Hybrid Systems , 2011, CAV.

[18]  Abbas Edalat,et al.  Computing with Real Numbers , 2000, APPSEM.

[19]  Hartmut Ehrig,et al.  Semantical Correctness and Completeness of Model Transformations Using Graph and Rule Transformation , 2008, ICGT.

[20]  Cor-Paul Bezemer,et al.  Performance Optimization of Multi-Tenant Software Systems , 2014 .

[21]  Nathalie Revol,et al.  A Validated Real Function Calculus , 2011, Math. Comput. Sci..

[22]  Rob J. van Glabbeek,et al.  A Complete Axiomatization for Branching Bisimulation Congruence of Finite-State Behaviours , 1993, MFCS.

[23]  Steven P. Haveman COMBOS: communicating behavior of systems: incorporating simulations in conceptual system design , 2015 .

[24]  Mark van den Brand,et al.  Prototyping the Semantics of a DSL using ASF+SDF: Link to Formal Verification of DSL Models , 2011, AMMSE.

[25]  Aah Ammar Osaiweran Formal development of control software in the medical systems domain , 2012 .

[26]  Davide Bresolin,et al.  An Introduction to the Verification of Hybrid Systems Using Ariadne , 2015 .

[27]  N Neda Noroozi,et al.  Improving input-output conformance testing theories , 2014 .

[28]  Sarmen Keshishzadeh,et al.  Formalizing DSL Semantics for Reasoning and Conformance Testing , 2014, SEFM.

[29]  Jozef Hooman,et al.  Cost-Effective Industrial Software Rejuvenation Using Domain-Specific Models , 2015, ICMT.

[30]  Boudewijn R. Haverkort,et al.  iDSL: Automated Performance Prediction and Analysis of Medical Imaging Systems , 2015, EPEW.

[31]  Fides Aarts,et al.  Tomte : bridging the gap between active learning and real-world systems , 2014 .

[32]  M. S. Greiler,et al.  Test Suite Comprehension for Modular and Dynamic Systems , 2013 .

[33]  Zaur Molotnikov,et al.  Implementing modular domain specific languages and analyses , 2012, MoDeVVa '12.

[34]  Gergely Alpár,et al.  Attribute-based identity management : [bridging the cryptographic design of ABCs with the real world] , 2015 .

[35]  Jozef Hooman,et al.  Computing Response Time Distributions Using Iterative Probabilistic Model Checking , 2015, EPEW.

[36]  Ippolito Spadafora,et al.  An Automatic Generator for Compiler Testing , 1982, IEEE Transactions on Software Engineering.

[37]  Minh Tri Ngo,et al.  Qualitative and Quantitative Information Flow Analysis for Multi-threaded Programs , 2014 .

[38]  Mjm Marcel Roeloffzen Kinetic data structures in the black-box model , 2013 .

[39]  Thomas A. Henzinger,et al.  Beyond HYTECH: Hybrid Systems Analysis Using Interval Numerical Methods , 2000, HSCC.

[40]  Barry W. Boehm,et al.  Verifying and Validating Software Requirements and Design Specifications , 1989, IEEE Software.

[41]  Peter D. Mosses,et al.  Denotational semantics , 1995, LICS 1995.

[42]  Gerhard de Koning Gans,et al.  Outsmarting smart cards , 2013 .

[43]  Arie van Deursen,et al.  Evaluating Feature Change Impact on Multi-product Line Configurations Using Partial Information , 2014, ICSR.

[44]  Mario Ornaghi,et al.  A Constructive Approach to Testing Model Transformations , 2010, ICMT@TOOLS.

[45]  A. van Deursen,et al.  Algebraic specification of a language for describing financial products , 1995 .

[46]  Jeffrey Voas,et al.  Building Blocks of the Internet of Things , 2016, 2016 IEEE Symposium on Service-Oriented System Engineering (SOSE).

[47]  Yanja Dajsuren,et al.  On the design of an architecture framework and quality evaluation for automotive software systems , 2015 .

[48]  Norbert Th. Müller,et al.  The iRRAM: Exact Arithmetic in C++ , 2000, CCA.

[49]  Mariëlle Stoelinga,et al.  Experiences with formal engineering: Model-based specification, implementation and testing of a software bus at Neopost , 2014, Sci. Comput. Program..

[50]  Tom Mens,et al.  A Taxonomy of Model Transformation , 2006, GRaMoT@GPCE.

[51]  B. Lijnse,et al.  TOP to the rescue. Task-oriented programming for incident response applications , 2005 .

[52]  Robbert Krebbers,et al.  The C standard formalized in Coq , 2015 .

[53]  Guy H. Broadfoot,et al.  ASD Case Notes: Costs and Benefits of Applying Formal Methods to Industrial Control Software , 2005, FM.

[54]  Frank W. Takes Algorithms for analyzing and mining real-world graphs , 2014 .

[55]  John Businge,et al.  Co-evolution of the Eclipse SDK Framework and Its Third-Party Plug-Ins , 2013, 2013 17th European Conference on Software Maintenance and Reengineering.

[56]  Natarajan Shankar,et al.  PVS: A Prototype Verification System , 1992, CADE.

[57]  Nicolas Dintzner Safe Evolution Patterns for Software Product Lines , 2015, 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering.

[58]  Mark van den Brand,et al.  MDE Basics with a DSL Focus , 2012, SFM.

[59]  Frank S. de Boer,et al.  Combining Monitoring with Run-Time Assertion Checking , 2014, SFM.

[60]  Maximilian Bayer,et al.  Numerical Analysis Mathematics Of Scientific Computing , 2016 .

[61]  Steven te Brinke Developing Energy-Aware Software , 2011 .

[62]  R.W.J. Kersten,et al.  Software analysis methods for resource-sensitive systems , 2015 .

[63]  van der,et al.  Domain specific languages and their type systems , 2014 .

[64]  Nikolaj Bjørner,et al.  Z3: An Efficient SMT Solver , 2008, TACAS.

[65]  Michel A. Reniers,et al.  Formalizing a Domain Specific Language Using SOS: An Industrial Case Study , 2011, SLE.

[66]  Rjm Rolf Theunissen Supervisory control in health care systems , 2015 .

[67]  erie M enissier-Morainy Arbitrary Precision Real Arithmetic: Design and Algorithms , 1996 .

[68]  Gerard J. Holzmann,et al.  Formal Methods for Early Fault Detection , 1996, FTRTFT.

[69]  Adrianus Johannus Paulus Jeckmans Cryptographically-Enhanced Privacy for Recommender Systems , 2014 .

[70]  Frank Budinsky,et al.  Eclipse Modeling Framework , 2003 .

[71]  T. V. Bui,et al.  A software architecture for body area sensor networks : flexibility and trustworthiness , 2015 .

[72]  Pim Vullers,et al.  Efficient implementations of attribute-based credentials on smart cards , 2014 .

[73]  Christel Baier,et al.  Principles of model checking , 2008 .

[74]  Sarmen Keshishzadeh,et al.  Early Fault Detection in DSLs Using SMT Solving and Automated Debugging , 2013, SEFM.

[75]  Hsuan Lorraine Liang,et al.  Model-Driven Development of Logistic Systems Using Domain-Specific Tooling , 2012, CSDM.

[76]  D. A. van Beek,et al.  Syntax and formal semantics of Chi 2.0 , 2008 .

[77]  Dhp Dirk Gerrits Pushing and pulling : computing push plans for disk-shaped robots, and dynamic labelings for moving points , 2013 .

[78]  Jozef Hooman,et al.  Early Fault Detection in Industry Using Models at Various Abstraction Levels , 2012, IFM.

[79]  Jozef Hooman,et al.  Industrial Experiences with a Formal DSL Semantics to Check Correctness of DSL Transformations , 2015, ArXiv.

[80]  Mohammad Reza Mousavi,et al.  Mechanized Extraction of Topology Anti-patterns in Wireless Networks , 2012, IFM.

[81]  Capers Jones,et al.  Embedded Software: Facts, Figures, and Future , 2009, Computer.

[82]  Jja Jeroen Keiren,et al.  Advanced reduction techniques for model checking , 2013 .

[83]  Nikolaj Bjørner,et al.  Satisfiability modulo theories , 2011, Commun. ACM.

[84]  Marijn Paul Schraagen,et al.  Aspects of record linkage , 2014 .

[85]  M. Richter,et al.  Computable preference and utility , 1999 .

[86]  H. Cleve,et al.  Locating causes of program failures , 2005, Proceedings. 27th International Conference on Software Engineering, 2005. ICSE 2005..

[87]  Joost Winter,et al.  Coalgebraic Characterizations of Automata-Theoretic Classes , 2014 .

[88]  J. van den Bos,et al.  Gathering evidence: Model-driven software engineering in automated digital forensics , 2014 .

[89]  Stjepan Picek,et al.  Applications of evolutionary computation to cryptology , 2015 .

[90]  Rupak Majumdar,et al.  Cause clue clauses: error localization using maximum satisfiability , 2010, PLDI '11.

[91]  Lionel Mamane,et al.  Interactive mathematical documents: creation and presentation , 2004 .

[92]  Jean-Raymond Abrial,et al.  The B-book - assigning programs to meanings , 1996 .

[93]  Roel Verdult,et al.  The (in)security of proprietary cryptography , 2015 .

[94]  Rudy van Vliet,et al.  DNA expressions - A formal notation for DNA , 2015 .

[95]  Klaus Weihrauch,et al.  Computable Analysis: An Introduction , 2014, Texts in Theoretical Computer Science. An EATCS Series.

[96]  B. Kushner,et al.  Lectures on Constructive Mathematical Analysis , 1984 .

[97]  Peter Gorm Larsen,et al.  Balancing Insight and Effort: The Industrial Uptake of Formal Methods , 2007, Formal Methods and Hybrid Real-Time Systems.

[98]  Mark van den Brand,et al.  Reusable and Correct Endogenous Model Transformations , 2012, ICMT@TOOLS.

[99]  Guido Wachsmuth,et al.  Prototyping Visual Interpreters and Debuggers for Domain-Specific Modelling Languages , 2008, ECMDA-FA.

[100]  Elisa Costante,et al.  Privacy throughout the data cycle , 2015 .

[101]  Philippa J. Hopcroft,et al.  Academia and industry meet: some experiences of formal methods in practice , 2003, Tenth Asia-Pacific Software Engineering Conference, 2003..

[102]  Jan A. Bergstra,et al.  Process Algebra for Synchronous Communication , 1984, Inf. Control..

[103]  Glenford J. Myers,et al.  Art of Software Testing , 1979 .

[104]  Sung-Shik T. Q. Jongmans Automata-theoretic protocol programming , 2016 .

[105]  Frank S. de Boer,et al.  Verification of Sequential and Concurrent Programs , 1997, Texts and Monographs in Computer Science.

[106]  L. Lensink,et al.  Applying formal methods in software development , 2013 .

[107]  Jozef Hooman,et al.  Supporting UML-based development of embedded systems by formal techniques , 2008, Software & Systems Modeling.

[108]  Russell O'Connor,et al.  Certified Exact Transcendental Real Number Computation in Coq , 2008, TPHOLs.

[109]  Alfons Laarman,et al.  Scalable multi-core model checking , 2014 .

[110]  Peter Hertling Computable Real Functions: Type 1 Computability Versus Type 2 Computability , 1996, CCA.

[111]  Bas Spitters,et al.  Type classes for efficient exact real arithmetic in Coq , 2011, Log. Methods Comput. Sci..

[112]  Mohammad Reza Mousavi,et al.  Towards Model-Based Testing of Electronic Funds Transfer Systems , 2011, FSEN.

[113]  Luciano Baresi,et al.  An Introduction to Software Testing , 2006, FoVMT.

[114]  Jan Friso Groote,et al.  Analysis of Path Planning Algorithms: a Formal Verification-based Approach , 2013, ECAL.

[115]  Stephan Merz,et al.  Model Checking , 2000 .

[116]  Mark van den Brand,et al.  VPDSL: A DSL for Software in the Loop Simulations Covering Material Flow , 2012, 2012 IEEE 17th International Conference on Engineering of Complex Computer Systems.

[117]  Antonio Vallecillo,et al.  Formal Specification and Analysis of Domain Specific Models Using Maude , 2009, Simul..

[118]  Jan Tretmans,et al.  Model Based Testing with Labelled Transition Systems , 2008, Formal Methods and Testing.

[119]  Jozef Hooman,et al.  Gaining Industrial Confidence for the Introduction of Domain-Specific Languages , 2013, 2013 IEEE 37th Annual Computer Software and Applications Conference Workshops.

[120]  Mohammad Reza Mousavi,et al.  Integrating Model-Based and Constraint-Based Testing Using SpecExplorer , 2012, 2012 IEEE 23rd International Symposium on Software Reliability Engineering Workshops.

[121]  Y. Moschovakis Review: G. Kriesel, D. Lacombe, J. Shoenfield, Effective Operations and Partial Recursive Functionals; G. Kreisel, D. Lacombe, J. R. Shoenfield, Partial Recursive Functionals and Effective Operations , 1966 .

[122]  Wouter Meulemans,et al.  Similarity measures and algorithms for cartographic schematization , 2014 .

[123]  Arie van Deursen,et al.  Domain-specific languages: an annotated bibliography , 2000, SIGP.

[124]  Axel Belinfante,et al.  JTorX: A Tool for On-Line Model-Driven Test Derivation and Execution , 2010, TACAS.

[125]  Eelco Visser,et al.  The spoofax language workbench: rules for declarative specification of languages and IDEs , 2010, OOPSLA.

[126]  Andreas Zeller,et al.  Simplifying and Isolating Failure-Inducing Input , 2002, IEEE Trans. Software Eng..

[127]  Eduardo Zambon,et al.  Abstract Graph Transformation - Theory and Practice , 2013 .

[128]  Eelco Visser,et al.  WebDSL: A Case Study in Domain-Specific Language Engineering , 2007, GTTSE.

[129]  Sjc Sebastiaan Joosten,et al.  Verification of interconnects , 2016 .

[130]  Michael Dierkes,et al.  Formal Methods for Industrial Critical Systems , 2013, Lecture Notes in Computer Science.

[131]  Stefan Dietzel,et al.  Resilient in-network aggregation for vehicular networks , 2015 .

[132]  Georgeta Igna,et al.  Performance analysis of real-time task systems using timed automata , 2013 .

[133]  van den,et al.  Composition and synchronization of real-time components upon one processor , 2013 .

[134]  Tao Xie,et al.  Fault Localization for Firewall Policies , 2009, 2009 28th IEEE International Symposium on Reliable Distributed Systems.

[135]  Cesare Tinelli,et al.  Satisfiability Modulo Theories , 2021, Handbook of Satisfiability.

[136]  A. J. van der Ploeg,et al.  Efficient abstractions for visualization and interaction , 2015 .

[137]  Fpm Frank Stappers Bridging formal models : an engineering perspective , 2012 .

[138]  Boudewijn R. Haverkort,et al.  Performance Evaluation for Collision Prevention Based on a Domain Specific Language , 2013, EPEW.

[139]  Sjoerd Cranen Model Checking the FlexRay Startup Phase , 2012, FMICS.

[140]  Luciano Lavagno,et al.  A Framework for Modeling, Simulation and Automatic Code Generation of Sensor Network Application , 2008, 2008 5th Annual IEEE Communications Society Conference on Sensor, Mesh and Ad Hoc Communications and Networks.

[141]  Vikram S. Adve,et al.  LLVM: a compilation framework for lifelong program analysis & transformation , 2004, International Symposium on Code Generation and Optimization, 2004. CGO 2004..

[142]  Gordon D. Plotkin,et al.  A structural approach to operational semantics , 2004, J. Log. Algebraic Methods Program..

[143]  J Jeroen Redegeld Formal verification of control software in X-ray systems , 2016 .

[144]  Anamaria Martins Moreira,et al.  Verifying Code Generation Tools for the B-Method Using Tests: A Case Study , 2015, TAP@STAF.

[145]  Marina Zaharieva-Stojanovski,et al.  Closer to Reliable Software: Verifying Functional Behaviour of Concurrent Programs , 2015 .

[146]  Dana Angluin,et al.  Learning Regular Sets from Queries and Counterexamples , 1987, Inf. Comput..

[147]  Jan Friso Groote,et al.  Exact Real Arithmetic with Perturbation Analysis and Proof of Correctness , 2015, ArXiv.

[148]  A. Hohmann,et al.  Numerical Analysis in Modern Scientific Computing: An Introduction , 2003 .

[149]  Moayad Fahim Ali,et al.  Fault diagnosis and logic debugging using Boolean satisfiability , 2005, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.

[150]  Douglas C. Schmidt,et al.  Guest Editor's Introduction: Model-Driven Engineering , 2006, Computer.

[151]  Jeroen Bransen,et al.  On the Incremental Evaluation of Higher-Order Attribute Grammars , 2015 .

[152]  Dexter Kozen,et al.  Results on the Propositional µ-Calculus , 1982, ICALP.

[153]  Tiago Espinha,et al.  Web Service Growing Pains: Understanding Services and Their Clients , 2015 .

[154]  S Sjoerd Cranen,et al.  Getting the point : obtaining and understanding fixpoints in model checking , 2015 .

[155]  Jozef Hooman,et al.  Early Fault Detection Using Design Models for Collision Prevention in Medical Equipment , 2013, FHIES.

[156]  Barry W. Boehm,et al.  Software Defect Reduction Top 10 List , 2001, Computer.

[157]  Jean Bézivin,et al.  Model Driven Engineering: An Emerging Technical Space , 2005, GTTSE.

[158]  Jan Friso Groote,et al.  Modeling and Analysis of Communicating Systems , 2014 .

[159]  Mark Timmer,et al.  Efficient modelling, generation and analysis of Markov automata , 2013 .

[160]  Nicholas J. Higham,et al.  INVERSE PROBLEMS NEWSLETTER , 1991 .

[161]  Bn Bogdan Vasilescu Social aspects of collaboration in online software communities , 2014 .

[162]  Sarmen Keshishzadeh,et al.  Formalizing and testing the consistency of DSL transformations , 2016, Formal Aspects of Computing.

[163]  Cheng-Shang Chang Calculus , 2020, Bicycle or Unicycle?.

[164]  Xavier Leroy,et al.  Formal verification of a realistic compiler , 2009, CACM.

[165]  Radu Mateescu,et al.  CADP 2010: A Toolbox for the Construction and Analysis of Distributed Processes , 2011, TACAS.

[166]  Roger S. Pressman,et al.  Software Engineering: A Practitioner's Approach , 1982 .

[167]  Bernhard Schätz,et al.  mbeddr: instantiating a language workbench in the embedded software domain , 2013, Automated Software Engineering.

[168]  Jane Wilhelms,et al.  Collision Detection and Response for Computer Animation , 1988, SIGGRAPH.

[169]  Gino van den Bergen Efficient Collision Detection of Complex Deformable Models using AABB Trees , 1997, J. Graphics, GPU, & Game Tools.