Skip to main content
SpringerLink
Log in
Book cover

International Conference on Formal Methods for Industrial Critical Systems

FMICS 2021: Formal Methods for Industrial Critical Systems pp 212–220Cite as

Merit and Blame Assignment with Kind 2

  • Conference paper
  • First Online:

  • 440 Accesses

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 12863))

Abstract

We introduce two new major features of the open-source model checker Kind 2 which provide traceability information between specification and design elements such as assumptions, guarantees, or other behavioral constraints in synchronous reactive system models. This new version of Kind 2 can identify minimal sets of design elements, known as Minimal Inductive Validity Cores, which are sufficient to prove a given set of safety properties, and also determine the set of MUST elements, design elements that are necessary to prove the given properties. In addition, Kind 2 is able to find minimal sets of design constraints, known as Minimal Cut Sets, whose violation leads the system to an unsafe state. We illustrate with an example how to use the computed information for tracking the safety impact of model changes, and for analyzing the tolerance and resilience of a system against faults.

Work partially funded by DARPA grant #N66001-18-C-4006 and by GE Global Research.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    Kind 2 is distributed under the Apache 2.0 License at http://kind.cs.uiowa.edu.

  2. 2.

    The initialization operator \({-}{>}\) is used to specify initial state values. Operationally, a node has a cyclic behavior: at each tick t of an abstract global clock it reads the value of each input stream at time t, and instantaneously computes the value of each output stream at time t. For streams x and y, the value \((x \ {{-}{>}}\ y)(t)\) for stream x -> y equals x(t) for \(t = 0\) and y(t) for \(t > 0\).

  3. 3.

    We are ignoring here that, in reality, the altitude also depends on aircraft speed.

  4. 4.

    Note that a node is Lustre is defined declaratively by a set of equations.

  5. 5.

    In Lustre, assertions are (unchecked) assumptions on a node’s input.

References

  1. Demo video. https://doi.org/10.5281/zenodo.5070546. Accessed 5 July 2021

  2. Bendík, J., Ghassabani, E., Whalen, M., Černá, I.: Online enumeration of all minimal inductive validity cores. In: Johnsen, E.B., Schaefer, I. (eds.) SEFM 2018. LNCS, vol. 10886, pp. 189–204. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-92970-5_12

    Chapter  Google Scholar 

  3. Berryhill, R., Veneris, A.G.: Chasing minimal inductive validity cores in hardware model checking. In: Barrett, C.W., Yang, J. (eds.) 2019 Formal Methods in Computer Aided Design, FMCAD 2019, San Jose, CA, USA, 22–25 October 2019. pp. 19–27. IEEE (2019). https://doi.org/10.23919/FMCAD.2019.8894268

  4. Bradley, A.R.: SAT-based model checking without unrolling. In: Jhala, R., Schmidt, D. (eds.) VMCAI 2011. LNCS, vol. 6538, pp. 70–87. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-18275-4_7

    Chapter  Google Scholar 

  5. Champion, A., Gurfinkel, A., Kahsai, T., Tinelli, C.: CoCoSpec: a mode-aware contract language for reactive systems. In: De Nicola, R., Kühn, E. (eds.) SEFM 2016. LNCS, vol. 9763, pp. 347–366. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-41591-8_24

    Chapter  Google Scholar 

  6. Champion, A., Mebsout, A., Sticksel, C., Tinelli, C.: The Kind 2 model checker. In: Chaudhuri, S., Farzan, A. (eds.) CAV 2016. LNCS, vol. 9780, pp. 510–517. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-41540-6_29

    Chapter  Google Scholar 

  7. Chockler, H., Kroening, D., Purandare, M.: Coverage in interpolation-based model checking. In: Sapatnekar, S.S. (ed.) Proceedings of the 47th Design Automation Conference, DAC 2010, Anaheim, California, USA, 13–18 July 2010. pp. 182–187. ACM (2010). https://doi.org/10.1145/1837274.1837320

  8. Ghassabani, E., Gacek, A., Whalen, M.W.: Efficient generation of inductive validity cores for safety properties. In: Zimmermann, T., Cleland-Huang, J., Su, Z. (eds.) Proceedings of the 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering, FSE 2016, Seattle, WA, USA, 13–18 November 2016. ,p. 314–325. ACM (2016). https://doi.org/10.1145/2950290.2950346

  9. Ghassabani, E., Gacek, A., Whalen, M.W., Heimdahl, M.P.E., Wagner, L.G.: Proof-based coverage metrics for formal verification. In: Rosu, G., Penta, M.D., Nguyen, T.N. (eds.) Proceedings of the 32nd IEEE/ACM International Conference on Automated Software Engineering, ASE 2017, Urbana, IL, USA, 30 October–03 November 2017, pp. 194–199. IEEE Computer Society (2017). https://doi.org/10.1109/ASE.2017.8115632

  10. Ghassabani, E., Whalen, M.W., Gacek, A.: Efficient generation of all minimal inductive validity cores. In: Stewart, D., Weissenbacher, G. (eds.) 2017 Formal Methods in Computer Aided Design, FMCAD 2017, Vienna, Austria, 2–6 October 2017, pp. 31–38. IEEE (2017). https://doi.org/10.23919/FMCAD.2017.8102238

  11. Halbwachs, N., Lagnier, F., Ratel, C.: Programming and verifying real-time systems by means of the synchronous data-flow language LUSTRE. IEEE Trans. Software Eng. 18(9), 785–793 (1992). https://doi.org/10.1109/32.159839

  12. Kupferman, O., Vardi, M.Y.: Vacuity detection in temporal model checking. Int. J. Softw. Tools Technol. Transf. 4(2), 224–233 (2003). https://doi.org/10.1007/s100090100062

  13. Larraz, D., Laurent, M., Tinelli, C.: Merit and blame assignment with kind 2. CoRR abs/2105.06575 (2021). https://arxiv.org/abs/2105.06575

  14. Mebsout, A., Tinelli, C.: Proof certificates for SMT-based model checkers for infinite-state systems. In: Piskac, R., Talupur, M. (eds.) 2016 Formal Methods in Computer-Aided Design, FMCAD 2016, Mountain View, CA, USA, 3–6 October 2016, pp. 117–124. IEEE (2016). https://doi.org/10.1109/FMCAD.2016.7886669

  15. Murugesan, A., Whalen, M.W., Ghassabani, E., Heimdahl, M.P.E.: Complete traceability for requirements in satisfaction arguments. In: 24th IEEE International Requirements Engineering Conference, RE 2016, Beijing, China, 12–16 September 2016, pp. 359–364. IEEE Computer Society (2016). https://doi.org/10.1109/RE.2016.35

  16. Sheeran, M., Singh, S., Stålmarck, G.: Checking safety properties using induction and a SAT-solver. In: Hunt, W.A., Johnson, S.D. (eds.) FMCAD 2000. LNCS, vol. 1954, pp. 127–144. Springer, Heidelberg (2000). https://doi.org/10.1007/3-540-40922-X_8

    Chapter  Google Scholar 

  17. Siu, K., et al.: Architectural and behavioral analysis for cyber security. In: 2019 IEEE/AIAA 38th Digital Avionics Systems Conference (DASC), pp. 1–10. IEEE (2019)

    Google Scholar 

  18. Stewart, D., Liu, J.J., Whalen, M.W., Cofer, D., Peterson, M.: Safety annex for the architecture analysis and design language (2020)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, The University of Iowa, Iowa City, USA

    Daniel Larraz, Mickaël Laurent & Cesare Tinelli

  2. IRIF, CNRS—Université de Paris, Paris, France

    Mickaël Laurent

Authors
  1. Daniel Larraz
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mickaël Laurent
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Cesare Tinelli
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Daniel Larraz .

Editor information

Editors and Affiliations

  1. Technical University of Denmark, Kongens Lyngby, Denmark

    Alberto Lluch Lafuente

  2. KBR/NASA Ames Research Center, Moffett Field, CA, USA

    Anastasia Mavridou

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Larraz, D., Laurent, M., Tinelli, C. (2021). Merit and Blame Assignment with Kind 2. In: Lluch Lafuente, A., Mavridou, A. (eds) Formal Methods for Industrial Critical Systems. FMICS 2021. Lecture Notes in Computer Science(), vol 12863. Springer, Cham. https://doi.org/10.1007/978-3-030-85248-1_14

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-85248-1_14

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-85247-4

  • Online ISBN: 978-3-030-85248-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation