RAT: A Tool for the Formal Analysis of Requirements

Bloem, Roderick; Cavada, Roberto; Pill, Ingo; Roveri, Marco; Tchaltsev, Andrei

doi:10.1007/978-3-540-73368-3_30

Cited by 20 publications

(12 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Specification debugging has drawn much attention [2,17,26]. These methods analyze the consistency, completeness and safety of formal specifications.…”

Section: Related Workmentioning

confidence: 99%

“…These methods analyze the consistency, completeness and safety of formal specifications. For example, [2,26] presented a platform for formal analysis of hardware requirements called "RAT," which has been applied in the analysis of aerospace systems [4]. Using this framework, instead of creating a system model, we only need to generate the model validation specification in Section 4.2 as the formal specification of the operational concept; RAT is able to check this specification against our model verification specification.…”

Section: Related Workmentioning

confidence: 99%

“…We extract model validation specifications from the operational concept and construct model verification specifications by codifying the expectations of system designers, extracted via conversation, in temporal logic; all models and specifications are available online. 2 The second aspect is model and specification debugging, which addresses a practical challenge in the above model checking procedure: how to ensure that the formalization of the system model correctly reflects the designer's intentions. Counterexamples returned from the model checker may not reveal problems in the operational concept itself, but instead correspond to imprecisions in the system model.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Formal specification and verification of a coordination protocol for an automated air traffic control system

Zhao

Rozier

2014

Science of Computer Programming

View full text Add to dashboard Cite

Safe separation between aircraft is the primary consideration in air traffic control. To achieve the required level of assurance for this safety-critical application, the Automated Airspace Concept (AAC) proposes three levels of conflict detection and resolution. Recently, a high-level operational concept was proposed to define the cooperation between components in the AAC. However, the proposed coordination protocol has not been formally studied. We use formal verification techniques to ensure there are no potentially catastrophic design flaws remaining in the AAC design before the next stage of production. We formalize the high-level operational concept, which was previously described only in natural language, in NuSMV and perform model validation by checking against LTL/CTL specifications we derive from the system description. We write LTL specifications describing safe system operations and use model checking for system verification. We employ specification debugging to ensure correctness of both sets of formal specifications and model abstraction to reduce model checking time and enable fast, design-time checking. We analyze two counterexamples revealing unexpected emergent behaviors in the operational concept that triggered design changes by system engineers to meet safety standards. Our experience report illuminates the application of formal methods in real safety-critical system development by detailing a complete end-to-end design-time verification process including all models and specifications.

show abstract

“…Specification debugging has drawn much attention [2,17,26]. These methods analyze the consistency, completeness and safety of formal specifications.…”

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Formal specification and verification of a coordination protocol for an automated air traffic control system

Zhao

Rozier

2014

Science of Computer Programming

View full text Add to dashboard Cite

show abstract

“…Thus, formal methods merely shift the difficulty of developing correct implementations to that of developing correct specifications [13]. Property assurance is the activity of eliciting specifications that faithfully capture designer intent [8,21]. One approach for property assurance is to challenge given specifications with sanity checks like non-validity, satisfiability, and vacuity [15].…”

Section: Introductionmentioning

confidence: 99%

Automatic Generation of Quality Specifications

Almagor

Avni

Kupferman

2013

Computer Aided Verification

View full text Add to dashboard Cite

Abstract. The logic LTL extends LTL by quality operators. The satisfaction value of an LTL formula in a computation refines the 0/1 value of LTL formulas to a real value in [0,1]. The higher the value is, the better is the quality of the computation. The quality operator λ , for a quality constant λ ∈ [0, 1], enables the designer to prioritize different satisfaction possibilities. Formally, the satisfaction value of a subformula λ ϕ is λ times the satisfaction value of ϕ. For example, the LTL formula G(req → (Xgrant ∨ 1 2 F grant)) has value 1 in computations in which every request is immediately followed by a grant, value 1 2 if grants to some requests involve a delay, and value 0 if some request is not followed by a grant. The design of an LTL formula typically starts with an LTL formula on top of which the designer adds the parameterized operators. In the Boolean setting, the problem of automatic generation of specifications from binary-tagged computations is of great importance and is a very challenging one. Here we consider the quantitative counterpart: an LTL query is an LTL formula in which some of the quality constants are replaced by variables. Given an LTL query and a set of computations tagged by satisfaction values, the goal is to find an assignment to the variables in the query so that the obtained LTL formula has the given satisfaction values, or, if this is impossible, best approximates them. The motivation to solving LTL queries is that in practice it is easier for a designer to provide desired satisfaction values in representative computations than to come up with quality constants that capture his intuition of good and bad quality. We study the problem of solving LTL queries and show that while the problem is NP-hard, interesting fragments can be solved in polynomial time. One such fragment is the case of a single tagged computation, which we use for introducing a heuristic for the general case. The polynomial solution is based on an analysis of the search space, showing that reasoning about the infinitely many possible assignments can proceed by reasoning about their partition into finitely many classes. Our experimental results show the effectiveness and favorable outcome of the heuristic.

show abstract

“…Satisfiability and realizability [38] checking are approaches that can handle requirements without a model being avaiable. Tool support for both is available (e.g., [8]). …”

Section: Introductionmentioning

confidence: 99%

Towards a Notion of Unsatisfiable Cores for LTL

Schuppan¹

2010

Fundamentals of Software Engineering

View full text Add to dashboard Cite

Abstract. Unsatisfiable cores, i.e., parts of an unsatisfiable formula that are themselves unsatisfiable, have important uses in debugging specifications, speeding up search in model checking or SMT, and generating certificates of unsatisfiability. While unsatisfiable cores have been well investigated for Boolean SAT and constraint programming, the notion of unsatisfiable cores for temporal logics such as LTL has not received much attention. In this paper we investigate notions of unsatisfiable cores for LTL that arise from the syntax tree of an LTL formula, from converting it into a conjunctive normal form, and from proofs of its unsatisfiability. The resulting notions are more fine-granular than existing ones.

show abstract

RAT: A Tool for the Formal Analysis of Requirements

Cited by 20 publications

References 9 publications

Formal specification and verification of a coordination protocol for an automated air traffic control system

Formal specification and verification of a coordination protocol for an automated air traffic control system

Automatic Generation of Quality Specifications

Towards a Notion of Unsatisfiable Cores for LTL

Contact Info

Product

Resources

About