,
, Illustration of the model checking technique
, A DTMC of a gambler at a roulette game
, The statistical model checking process
, Examples of stochastic real-time BIP components
49 3.3 Computation of upper and lower bounds in the case of timed interactions ,
,
, Shifting and normalizing a Normal density function in the case of stochastic interactions
, Example of an SRT-BIP component with discrete probabilities, p.60
, Code generation process for RT-BIP models, p.61
, 8 Functional view of the stochastic simulation engine
66 3.10 Rejection sampling from a normal distribution N (3, 1) truncated at time t = 2. Random points are generated in the non-dashed area. The green area represents the accepted points and the light gray one identifies the rejected ones, Sequence diagram of the simulation algorithm, p.67 ,
, Probabilistic strategy with uniform choice
, Identifying empty intervals with time-split operation
, The three APTA models for the sample S
, , p.86
, Degrees of generalization of the learned language L(H ? ) with respect to the target language L(H)
, Experimental setup to validate the improved learning procedure, p.89
, CSMA/CD communication medium model for a 2-station network, p.90
, Example of a model transformation
, Screen-shot of SBIP graphical user interface
,
117 5.10 Screenshots of the rare events workflow ,
, Simplified package diagram of the SBIP tool
,
, Stochastic real-time BIP: Components of the FireWire Protocol, p.129
, Probability of ? 1 (top) and ? 2 (bottom) for different FireWire topologies, p.130
, Bluetooth model with two devices
Probability of properties ? 5 (left and middle) and ? 6 (right), p.133 ,
,
,
, A concurrency model with three components sharing a single resource, p.137
, Detailed processing times for different trace sizes
, Design approach based on formal methods integrating quantitative risk assessment where: ? denotes model transformation, i is the index of the number of performed steps, j is the index for the number of explored models within a step bounded by n i , and k is the number of iterative transformations performed on a model. Initially i is set to 0, and j and k to 1
The Bridget Rover (courtesy of Airbus Defense and Space UK), p.144 ,
, Overview of the case study software architecture
, Library of components and their behavior: triggers represented with triangle ( ) and queues represented with square ( ) in Fig
fault detection and standard recovery action are represented in red, more complex recovery strategy in blue, and deployment-specific actions in dark green ,
, Probability and runtime of ? 9 for the model including fault2, p.154
, Probability and runtime of ? 9 for the model including fault3, p.154
, SBIP results for the deployed model including transmission delays, p.157
, Parametric exploration of ? 11 (left) and ? 12 (right) on the deployed model with transmission delays
, Parametric exploration of ? 13 on the deployed model with transmission delays, p.159
161 7.14 SMC results for the deployed model with command losses, SMC results for the deployed model with writing delays, p.161 ,
, Proposed workflow for risk assessment based on model learning and strategies exploration
, Workflow of IEGA with a population of N individuals over M generations, p.179
, Illustration of Pareto dominance ranking on a population of 10 individuals, p.183
Results obtained with IO-Def on different case studies, p.187 ,
190 8.10 Scenario graph of the network intrusion obtained with IOALERGIA, p.191 ,
, Scenario graph of the network intrusion with uncertainty using explicit output encoding
ORGA case study description ,
, Resetting a BGP session description
, A Malicious Insider attack (MI) description
, SCADA system description
25 2.2 Example of temporal logics and their distinguishing features, p.30 ,
,
, Distinguishing features of the state-of-the-art
, Accuracy results for the synthetic benchmarks with the four APTAs, p.91
, Experimental results for CSMA/CD using the four APTA models, p.93
, Comparison table of the state-of-the-art
, Parameters for the pacemaker and the heart models
, Results of IP on the concurrency model
,
, Requirements of the planetary robotics case study at the different levels of granularity of system design
, Results obtained with the SBIP framework on the system design with faults and with respect to requirements from Table 7.1. n * ? refers to the parameter value for which ?(n) is satisfied with probability 1
, Proportion of non-deterministic stop commands when increasing MTD, p.159
185 8.2 IEGA results with various defense configurations on ORGA benchmark, IEGA results with various defense configurations on BGP, p.186 ,
, Strategy synthesis using Prism and IEGA with/without IDS penalty, p.193
, , pp.2019-2021
, ESROCOS Planetary Exploration Demonstrator
,
, Graph-based algorithms for boolean function manipulation, IEEE Transactions on Computers, C, vol.35, issue.8, pp.677-691, 1986.
Managing model-based design, 2015. ,
Rigorous design of robot software: A formal component-based approach, Robotics and Autonomous Systems, vol.60, issue.12, pp.1563-1578, 2012. ,
URL : https://hal.archives-ouvertes.fr/hal-01980036
Rigorous implementation of real-time systems -from theory to application, Mathematical Structures in Computer Science, vol.23, issue.4, pp.882-914, 2013. ,
A survey of statistical model checking, ACM Transactions on Modeling and Computer Simulation (TOMACS), vol.28, issue.1, p.6, 2018. ,
Learning and statistical model checking of system response times, Software Quality Journal, 2019. ,
Model-checking in dense real-time, vol.104, pp.2-34, 1993. ,
A theory of timed automata, Theor. Comput. Sci, vol.126, issue.2, pp.183-235, 1994. ,
The benefits of relaxing punctuality, 1994. ,
Learning regular sets from queries and counterexamples. Information and computation, vol.75, pp.87-106, 1987. ,
Statistical model checking of incomplete stochastic systems, International Symposium on Leveraging Applications of Formal Methods, pp.354-371, 2018. ,
URL : https://hal.archives-ouvertes.fr/hal-02011309
Article: Formal verification of device discovery mechanism using uppaal, International Journal of Computer Applications, vol.58, issue.19, pp.32-37, 2012. ,
Model checking continuous-time markov chains by transient analysis, International Conference on Computer Aided Verification, pp.358-372, 2000. ,
Principles of model checking, 2008. ,
Supervisory control and data acquisition (scada) systems, The Critical Infrastructure Protection Report, vol.1, issue.6, pp.5-6, 2002. ,
The slam toolkit, International Conference on Computer Aided Verification, pp.260-264, 2001. ,
Hasl: A new approach for performance evaluation and model checking from concepts to experimentation, Performance Evaluation, vol.90, pp.53-77, 2015. ,
URL : https://hal.archives-ouvertes.fr/hal-01221815
Software engineering economics, 1981. ,
Statistical model checking of a moving block railway signalling scenario with uppaal smc, Leveraging Applications of Formal Methods, Verification and Validation. Verification, pp.372-391, 2018. ,
Benoît Caillaud, Benoît Delahaye, and Axel Legay. Statistical abstraction and model-checking of large heterogeneous systems, Formal Techniques for Distributed Systems, pp.32-46, 2010. ,
Modeling heterogeneous real-time components in bip, Proceedings of the Fourth IEEE International Conference on Software Engineering and Formal Methods, SEFM'06, pp.3-12, 2006. ,
URL : https://hal.archives-ouvertes.fr/hal-00375298
The AltaRica 3.0 project for model-based safety assessment, 11th IEEE International Conference on Industrial Informatics, INDIN 2013, pp.741-746, 2013. ,
URL : https://hal.archives-ouvertes.fr/hal-01239379
A Formal Approach for Incremental Construction with an Application to Autonomous Robotic Systems, Software Composition -10th International Conference, pp.116-132, 2011. ,
Statistical model checking: Present and future, 2010. ,
, Stochastic timed automata, 2014.
URL : https://hal.archives-ouvertes.fr/hal-01102368
Bounded model checking, Advances in computers, vol.58, issue.11, pp.117-148, 2003. ,
The xSAP Safety Analysis Platform, TACAS 2016, pp.533-539, 2016. ,
An Integrated Process for FDIR Design in Aerospace, IMBSA 2014, pp.82-95, 2014. ,
Modest: A compositional modeling formalism for hard and softly timed systems, IEEE Transactions on Software Engineering, vol.32, issue.10, pp.812-830, 2006. ,
Angluin-style learning of nfa, IJCAI, vol.9, pp.1004-1009, 2009. ,
URL : https://hal.archives-ouvertes.fr/hal-00772636
On expressiveness and complexity in real-time model checking, Automata, Languages and Programming, pp.124-135, 2008. ,
URL : https://hal.archives-ouvertes.fr/hal-01194597
Kronos: A model-checking tool for real-time systems, International Symposium on Formal Techniques in Real-Time and Fault-Tolerant Systems, pp.298-302, 1998. ,
URL : https://hal.archives-ouvertes.fr/hal-00374788
Fixed-Delay Events in Generalized Semi-Markov Processes Revisited, pp.140-155, 2011. ,
Genetic synthesis of concurrent code using model checking and statistical model checking, International Symposium on Model Checking Software, pp.275-291, 2018. ,
Rewrite-based statistical model checking of wmtl, RV, vol.7687, pp.260-275, 2012. ,
Developing an insider threat model using functional decomposition, International Workshop on Mathematical Methods, Models, and Architectures for Computer Network Security, pp.412-417 ,
, , 2005.
Learning stochastic regular grammars by means of a state merging method, International Colloquium on Grammatical Inference, pp.139-152, 1994. ,
Statistical model checking of dynamic software architectures, European Conference on Software Architecture, pp.185-200, 2016. ,
URL : https://hal.archives-ouvertes.fr/hal-01390707
Adaptive multilevel splitting for rare event analysis, Stochastic Analysis and Applications, vol.25, issue.2, pp.417-443, 2007. ,
Active learning of markov decision processes for system verification, Machine Learning and Applications (ICMLA), 2012 11th International Conference on, vol.2, pp.289-294, 2012. ,
Design and synthesis of synchronization skeletons using branching time temporal logic, Workshop on Logic of Programs, pp.52-71, 1981. ,
Symmetry reductions in model checking, International Conference on Computer Aided Verification, pp.147-158, 1998. ,
Automatic verification of finite-state concurrent systems using temporal logic specifications, vol.8, pp.244-263, 1986. ,
Learning assumptions for compositional verification, International Conference on Tools and Algorithms for the Construction and Analysis of Systems, pp.331-346, 2003. ,
, WASC: The Web Application Security Consortium. Web application security statistics, 2008.
An attack tree for the border gateway protocol, 2002. ,
Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints, Proceedings 4th ACM Symp. Principles Prog. Lang, pp.238-252, 1977. ,
Smart Sampling for Lightweight Verification of Markov Decision Processes, International Journal on Software Tools for Technology Transfer, vol.17, issue.4, pp.469-484, 2015. ,
URL : https://hal.archives-ouvertes.fr/hal-01088633
Time for statistical model checking of real-time systems, Computer Aided Verification, pp.349-355, 2011. ,
Uppaal smc tutorial, International Journal on Software Tools for Technology Transfer, vol.17, issue.4, pp.397-415, 2015. ,
Statistical model checking for biological systems, International Journal on Software Tools for Technology Transfer, vol.17, issue.3, pp.351-367, 2015. ,
Grammatical inference: learning automata and grammars, 2010. ,
URL : https://hal.archives-ouvertes.fr/hal-00476128
Learning Stochastic Timed Automata from Sample Executions, pp.508-523, 2012. ,
Programming Safe Robotics Systems: Challenges and Advances, International Symposium on Leveraging Applications of Formal Methods, pp.103-119, 2018. ,
ESROCOS Planetary Exploration Demonstrator: the Watchdog component in TASTE and BIP ,
Designing Systems with Detection and Reconfiguration Capabilities: A Formal Approach, Leveraging Applications of Formal Methods, Verification and Validation -8th International Symposium, 2018. ,
URL : https://hal.archives-ouvertes.fr/hal-01896605
Applying Formal Methods to Autonomous Vehicle Control. Theses, 2018. ,
URL : https://hal.archives-ouvertes.fr/tel-01960966
Lightweight statistical model checking in nondeterministic continuous time, International Symposium on Leveraging Applications of Formal Methods, pp.336-353, 2018. ,
Using attack and protection trees to analyze threats and defenses to homeland security, Military Communications Conference, 2006. MILCOM 2006. IEEE, pp.1-7, 2006. ,
Four exercises in programming dynamic reconfigurable systems: methodology and solution in dr-bip, International Symposium on Leveraging Applications of Formal Methods, pp.304-320 ,
URL : https://hal.archives-ouvertes.fr/hal-01888571
, , 2018.
Verification of a parameterized bus arbitration protocol, International Conference on Computer Aided Verification, pp.452-463 ,
, , 1998.
Handbook of Markov decision processes: methods and applications, vol.40, 2012. ,
Checking finite traces using alternating automata, Formal Methods in System Design, vol.24, issue.2, pp.101-127, 2004. ,
Formal Verification of Complex Robotic Systems on Resource-Constrained Platforms, FormaliSE: 6th International Conference on Formal Methods in Software Engineering, 2018. ,
URL : https://hal.archives-ouvertes.fr/hal-01778960
Test selection based on finite state models, IEEE Transactions on software engineering, vol.17, issue.6, pp.591-603, 1991. ,
Mads Chr Olesen, and Danny Bøgsted Poulsen. Modelling attack-defense trees using timed automata, International Conference on Formal Modeling and Analysis of Timed Systems, pp.35-50, 2016. ,
Grammatical inference of directed acyclic graph languages with polynomial time complexity, Journal of Computer and System Sciences, vol.95, pp.19-34, 2018. ,
Learning locally testable languages in the strict sense, ALT, pp.325-338, 1990. ,
Statistical Model Checking for Scenario-Based Verification of ADAS, pp.67-87, 2019. ,
A gsmp formalism for discrete event systems, Proceedings of the IEEE, vol.77, pp.14-23, 1989. ,
Using partial orders to improve automatic verification methods, International Conference on Computer Aided Verification, pp.176-185, 1990. ,
Complexity of automaton identification from given data, Information and control, vol.37, issue.3, pp.302-320, 1978. ,
Model checking vs. theorem proving: a manifesto. Artificial intelligence and mathematical theory of computation, vol.212, pp.151-176, 1991. ,
Exploiting process lifetime distributions for dynamic load balancing, ACM Transactions on Computer Systems (TOCS), vol.15, issue.3, pp.253-285, 1997. ,
Software verification with blast, International SPIN Workshop on Model Checking of Software, pp.235-239, 2003. ,
Approximate Probabilistic Model Checking, International Conference on Verification, Model Checking, and Abstract Interpretation, VMCAI'04, pp.73-84, 2004. ,
The model checker spin, IEEE Transactions on software engineering, vol.23, issue.5, pp.279-295, 1997. ,
Active automata learning in practice, Machine Learning for Dynamic Software Analysis: Potentials and Limits, pp.123-148, 2018. ,
Analysis of the cyber attack on the ukrainian power grid, p.25, 2016. ,
The ttt algorithm: a redundancyfree approach to active automata learning, International Conference on Runtime Verification, pp.307-322, 2014. ,
, Risk management -guidelines. Standard, International Organization for Standardization, 2018.
Rare event simulation for statistical model checking, 2014. ,
URL : https://hal.archives-ouvertes.fr/hal-01088479
, Marius Miku?ionis, Danny Bøgsted Poulsen, and Sean Sedwards. Importance Sampling for Stochastic Timed Automata, pp.163-178, 2016.
Cross-entropy optimisation of importance sampling parameters for statistical model checking, International Conference on Computer Aided Verification, pp.327-342, 2012. ,
URL : https://hal.archives-ouvertes.fr/hal-01087341
A platform for high performance statistical model checking -plasma, Proceedings of the 18th International Conference on Tools and Algorithms for the Construction and Analysis of Systems, TACAS'12, pp.498-503, 2012. ,
URL : https://hal.archives-ouvertes.fr/hal-01087824
Importance splitting for statistical model checking rare properties, CAV, vol.13, pp.576-591, 2013. ,
URL : https://hal.archives-ouvertes.fr/hal-01087826
Sequential schemes for frequentist estimation of properties in statistical model checking, International Conference on Quantitative Evaluation of Systems, pp.333-350, 2017. ,
Modeling and verification of a dual chamber implantable pacemaker. Tools and Algorithms for the Construction and Analysis of Systems, pp.188-203, 2012. ,
Discrete vs. dense times in the analysis of cyber-physical security protocols, Principles of Security and Trust, pp.259-279, 2015. ,
The ins and outs of the probabilistic model checker mrmc. Performance evaluation, vol.68, pp.90-104, 2011. ,
Formal verification of parallel programs, Communications of the ACM, vol.19, issue.7, pp.371-384, 1976. ,
Foundations of attack-defense trees, International Workshop on Formal Aspects in Security and Trust, pp.80-95, 2010. ,
Specifying real-time properties with metric temporal logic. Real-Time Systems, vol.2, pp.255-299, 1990. ,
, Monte carlo methods. Wiley Interdisciplinary Reviews: Computational Statistics, vol.4, issue.1, pp.48-58, 2012.
Introduction to Modeling and Analysis of Stochastic Systems, 2011. ,
Modeling and analysis of stochastic systems, 2016. ,
A rewriting based model for probabilistic distributed object systems, FMOODS, pp.32-46, 2003. ,
Prism 4.0: verification of probabilistic real-time systems, Proceedings of the 23rd international conference on Computer aided verification, CAV'11, pp.585-591, 2011. ,
URL : https://hal.archives-ouvertes.fr/hal-00648035
Automatic verification of real-time systems with discrete probability distributions, Theoretical Computer Science, vol.282, issue.1, pp.101-150, 2002. ,
Symbolic model checking for probabilistic timed automata, Information and Computation, vol.205, issue.7, pp.1027-1077, 2007. ,
Results of the abbadingo one dfa learning competition and a new evidence-driven state merging algorithm, In International Colloquium on Grammatical Inference, pp.1-12, 1998. ,
Statistical model checking: An overview, International conference on runtime verification, pp.122-135, 2010. ,
URL : https://hal.archives-ouvertes.fr/inria-00591593
Statistical model checking of llvm code, Formal Methods, pp.542-549, 2018. ,
URL : https://hal.archives-ouvertes.fr/hal-01640097
Formal design and analysis of a gear controller, International Journal on Software Tools for Technology Transfer (STTT), vol.3, issue.3, pp.353-368, 2001. ,
Anomaly detection in production plants using timed automata, 8th International Conference on Informatics in Control, Automation and Robotics (ICINCO), pp.363-369, 2011. ,
Monitoring temporal properties of continuous signals, Formal Techniques, Modelling and Analysis of Timed and Fault-Tolerant Systems, pp.152-166, 2004. ,
Learning probabilistic automata for model checking, Quantitative Evaluation of Systems (QEST), pp.111-120, 2011. ,
Learning markov decision processes for model checking, 2012. ,
Foundations of attack trees, International Conference on Information Security and Cryptology, pp.186-198, 2005. ,
Regular inference on artificial neural networks, Machine Learning and Knowledge Extraction, pp.350-369, 2018. ,
URL : https://hal.archives-ouvertes.fr/hal-02060043
Symbolic model checking, Symbolic Model Checking, pp.25-60, 1993. ,
A bi-objective heuristic for heterogeneous mpsoc design space exploration, Design & Test Symposium (IDT), 2015 10th International, pp.90-95, 2015. ,
Improved learning for stochastic timed models by state-merging algorithms, NASA Formal Methods Symposium, pp.178-193, 2017. ,
Axel Legay, and Saddek Bensalem. SBIP 2.0: Statistical Model Checking Stochastic Real-Time Systems, Automated Technology for Verification and Analysis -16th International Symposium, ATVA 2018, pp.536-542, 2018. ,
Mitigating security risks through attack strategies exploration, International Symposium On Leveraging Applications of Formal Methods, Verification and Validation, 2018. ,
Formal verification of obstacle avoidance and navigation of ground robots, The International Journal of Robotics Research, vol.36, issue.12, pp.1312-1340, 2017. ,
URL : https://hal.archives-ouvertes.fr/hal-01658197
, Bartek Klin, and Micha? Szynwelski. Learning nominal automata, 2016.
ESROCOS: a Robotic Operating System for Space and Terrestrial Applications, Symposium on Advanced Space Technologies in Robotics and Automation (ASTRA) 2017, 2017. ,
URL : https://hal.archives-ouvertes.fr/hal-01709676
Statistical model checking QoS properties of systems with SBIP, Int. J. Softw. Tools Technol. Transf. (STTT), vol.17, issue.2, pp.171-185, 2015. ,
URL : https://hal.archives-ouvertes.fr/hal-00847827
Astrolabe: A rigorous approach for system-level performance modeling and analysis, Anca Molnos, Axel Legay, and Saddek Bensalem, vol.15, p.31, 2016. ,
URL : https://hal.archives-ouvertes.fr/hal-01406474
Performance evaluation of stochastic real-time systems with the SBIP framework, International Journal of Critical Computer-Based Systems, vol.8, issue.3-4, pp.340-370, 2018. ,
URL : https://hal.archives-ouvertes.fr/hal-01898426
The ERGO framework and its use in planetary/orbital scenarios, International Astronautical Congress (IAC), 2018. ,
Some inequalities relating to the partial sum of binomial probabilities, Annals of the institute of Statistical Mathematics, vol.10, issue.1, pp.29-35, 1959. ,
Identifying regular languages in polynomial time, Advances in Structural and Syntactic Pattern Recognition, pp.99-108, 1992. ,
Safety metric temporal logic is fully decidable, Tools and Algorithms for the Construction and Analysis of Systems, pp.411-425, 2006. ,
Some recent results in metric temporal logic, Formal Modeling and Analysis of Timed Systems, pp.1-13, 2008. ,
Black box checking, Formal Methods for Protocol Engineering and Distributed Systems, pp.225-240, 1999. ,
The temporal logic of programs, 18th Annual Symposium on Foundations of Computer Science (sfcs 1977), pp.46-57, 1977. ,
Specification and verification of concurrent systems in cesar, International Symposium on programming, pp.337-351, 1982. ,
Statistical model checking applied on perception and decision-making systems for autonomous driving, 10th Workshop on Planning, Perception and Navigation for Intelligent Vehicles at the IEEE International Conference on Intelligent Robots and Systems, 2018. ,
URL : https://hal.archives-ouvertes.fr/hal-01888556
A Logic for the Statistical Model Checking of Dynamic Software Architectures, ISoLA, volume 9952 of Leveraging Applications of Formal Methods, Verification and Validation: Foundational Techniques, pp.806-820, 2016. ,
URL : https://hal.archives-ouvertes.fr/hal-01387429
Attack countermeasure trees (ACT): towards unifying the constructs of attack and defense trees, vol.5, pp.929-943, 2012. ,
Fault maintenance trees: reliability centered maintenance via statistical model checking, 2016 Annual Reliability and Maintainability Symposium (RAMS), pp.1-6, 2016. ,
Learning continuous time markov chains from sample executions, Proceedings of the The Quantitative Evaluation of Systems, First International Conference, QEST '04, pp.146-155, 2004. ,
Vesta: A statistical model-checker and analyzer for probabilistic systems, International Conference on the Quantitative Evaluation of Systems, QEST'05, pp.251-252, 2005. ,
Introduction to active automata learning from a practical perspective, International School on Formal Methods for the Design of Computer, Communication and Software Systems, pp.256-296, 2011. ,
URL : https://hal.archives-ouvertes.fr/hal-00647729
Probabilistic dfa inference using kullback-leibler divergence and minimality, ICML, pp.975-982, 2000. ,
Computer-aided compositional design and verification for modular robots, Robotics Research, pp.237-252, 2018. ,
Efficient identification of timed automata: Theory and practice, 2010. ,
Sequential tests of statistical hypotheses, Annals of Mathematical Statistics, vol.16, issue.2, pp.117-186, 1945. ,
Statistical decision functions, 1950. ,
Inferring extended finite state machine models from software executions, Empirical Software Engineering, vol.21, issue.3, pp.811-853, 2016. ,
Innovative Fault Detection, Isolation and Recovery Strategies On-board Spacecraft: State of the Art and Research Challenges, 2012. ,
Threat risk analysis for cloud security based on attack-defense trees, Computing Technology and Information Management (ICCM), 2012 8th International Conference on, vol.1, pp.106-111, 2012. ,
Statistical model checking for probabilistic hyperproperties, 2019. ,
Scenario graphs applied to network security. Information assurance: survivability and security in networked systems, pp.247-277, 2008. ,
Improving model inference in industry by combining active and passive learning, IEEE International Conference on Software Analysis, Evolution, and Reengineering, 2018. ,
Verification and Planning for Stochastic Processes with Asynchronous Events, 2005. ,
Numerical vs. statistical probabilistic model checking, International Journal on Software Tools for Technology Transfer, vol.8, issue.3, pp.216-228, 2006. ,
Ymer: A statistical model checker, Computer Aided Verification, CAV'05, pp.429-433, 2005. ,
The future of risk assessment, Reliability Engineering & System Safety, vol.177, pp.176-190, 2018. ,
URL : https://hal.archives-ouvertes.fr/hal-01988966
Bayesian statistical model checking with application to stateflow/simulink verification. Formal Methods in System Design, vol.43, pp.338-367, 2013. ,
Note that some requirements are expressed as several MTL properties. For instance, requirement P 13 induces 6 MTL properties. We also point out the fact that requirements P 9 ,
, The gear can be set to gear 5 and the reverse gear
, The switch gear can be performed in 1000 ms
, The engine is guaranteed to find synchronous speed in the case where no error occurs in it
, If the gear is N, the engine is either in initial or going to initial (i.e. ToGear = 0 and engine in zero)
, Torque is always indicated in the engine when the gear controller has a gear set
, The controller is in predefined locations depending on the clutch state
, Open ? gc.ClutchOpen ? gc.ClutchOpenT wo ? gc.CheckGearSetT wo ? gc.ReqSetGearT wo ? gc.ClutchClose ? gc.CheckClutchClosed ? gc.CheckClutchClosedT wo ? gc
, If clutch is closed ? [0,10000] (¬c.Closed ? gc.ReqT orqueC ? gc.GearChanged ? gc.Gear ? gc.Initiate ? gc.CheckT orque ? gc.ReqN euGear ? gc.CheckGearN eu ? gc, ReqSyncSpeed ? gc.CheckSyncSpeed ? gc.ReqSetGear ? gc.CheckGearSet)
, Open ? gc.ClutchOpen ? gc.ClutchOpenT wo ? gc.CheckGearSetT wo ? gc.ReqSetGearT wo ? gc.ClutchClose ? gc.CheckClutchClosed ? gc.CheckClutchClosedT wo ? gc
, N eutral ? gc.ReqSetGear ? gc.CheckClutchClosedT wo ? gc.ReqT orqueC ? gc.GearChanged ? gc.Gear ? gc.Initiate ? gc.ReqSyncSpeed ? gc.CheckSyncSpeed ? gc.ReqSetGear ? gc.CheckClutch ? gc.ClutchOpen ? gc
, If engine regulates on torque, then the clutch must be closed