Falk Howar

Technische Universität Dortmund | TUD · Faculty of Computer Science

Data sovereignty, the possibility to keep control over data, is gaining increasing attention in both research and industry. Due to complex supply chains and a strong trend toward digitization, digital assets are essential to be fast and competitive. As a result, companies need to share data while retaining control over it to prevent unwanted leaks...

The proliferation of data-intensive applications is continuously growing. Yet, many of these applications remain experimental or insular as they face data challenges that are rooted in a lack of practical engineering practices. To address this shortcoming and fully leverage the data resource, a professionalization of engineering data-intensive appl...

Scenario-based testing is envisioned as a key approach for the safety assurance of autonomous vehicles. In scenario-based testing, relevant (driving) scenarios are the basis of tests. Many recent works focus on specification, variation, generation and execution of individual scenarios. In this work, we address the open challenges of classifying set...

Data is an important asset and managing it effectively and appropriately can give companies a competitive advantage. Therefore, it should be assumed that data engineering considers and improves all phases of the data life cycle. However, data deletion does not seem to be prominent in theory and practice. We believe this is for two reasons. First, t...

We present a technique for learning explainable timed automata from passive observations of a black-box function, such as an artificial intelligence system. Our method accepts a single, long, timed word with mixed input and output actions and learns a Mealy machine with one timer. The primary advantage of our approach is that it constructs a symbol...

Anomaly detection is essential in many application domains, such as cyber security, law enforcement, medicine, and fraud protection. However, the decision-making of current deep learning approaches is notoriously hard to understand, which often limits their practical applicability. To overcome this limitation, we propose a framework for learning in...

The proliferation of data-intensive applications is continuously growing. Yet, many of these applications remain experimental or insular as they face data challenges that are rooted in a lack of practical engineering practices. To address this shortcoming and fully leverage the data resource, a professionalization of engineering data-intensive appl...

Data is an important asset and managing it effectively and appropriately can give companies a competitive advantage. Therefore, it should be assumed that data engineering considers and improves all phases of the data life cycle. However, data deletion does not seem to be prominent in theory and practice. We believe this is for two reasons. First, t...

The industrial track at ISoLA 2022 provides a platform for presenting industrial perspectives on digitalization and for discussing trends and challenges in the ongoing digital transformation from the perspective of where and how formal methods can contribute to addressing the related technical and societal challenges. The track continues two specia...

Auscultation methods enable non-invasive diagnosis of diseases, e.g. of the heart, based on heartbeat sounds. Regular, early examinations using machine learning techniques could help to detect diseases at an early stage to prevent serious health conditions and then provide optimal therapy through continuous monitoring. There is already a lot of wor...

In this paper, we present SPouT, a concolic executor for the Java virtual machine. To the user, SPouT is a java executable that takes some additional parameters for setting the values of concolic inputs and produces symbolic traces over variables under observation during the execution. Technically, SPouT extends the JVM implementation provided by t...

We present a unifying formalization of active automata learning algorithms in the MAT model, including a new, efficient, and simple technique for the analysis of counterexamples during learning: Lλ is the first active automata learning algorithm that does not add sub-strings of counterexamples to the underlying data structure for observations but i...

This paper presents our lifelong learning framework for continuous quality control. The framework integrates automata learning, model checking, and monitoring into a six-phase continuous improvement cycle which is designed to capture entire system life-cycles. The technical backbone of our framework is ALEX, an open source, web-based learning tool...

In this paper, we interpret triggering condition and other SOTIF relevant terms in the scope of ISO 21448. We summarize the formal formulations of triggering conditions based on several key principles and provide possible categories for facilitating the systematization. We contribute a novel method for the identification of triggering conditions an...

Register automata are an expressive model of computation using finite memory. Conformance checking of their properties can be reduced to NONEMPTINESS tests, however, this problem is PSPACE-complete. Existing approaches usually employ symbolic state exploration. This results in state explosion for most complex register automata. We propose a semanti...

The establishment of collaborative AI pipelines, in which multiple organizations share their data and models, is often complicated by lengthy data governance processes and legal clarifications. Data sovereignty solutions, which ensure data is being used under agreed terms and conditions, are promising to overcome these problems. However, there is l...

Specifying the perceptual accuracy autonomous vehicles require when interacting with surrounding traffic participants is not a trivial task. While computer vision capabilities have drastically improved over the last years (mainly driven by the success of machine learning techniques), specification of corresponding validation goals is lagging behind...

GWIT is a validator for violation witnesses produced by Java verifiers in the SV-COMP software verification competition. GWIT weaves assumptions documented in a witness into the source code of a program, effectively restricting the part of the program that is explored by a program analysis. It then uses the GDart tool (dynamic symbolic execution) t...

GDart is an ensemble of tools allowing dynamic symbolic execution of JVM programs. The dynamic symbolic execution engine is decomposed into three different components: a symbolic decision engine (DSE), a concolic executor (SPouT), and a SMT solver backend allowing meta-strategy solving of SMT problems (JConstraints). The symbolic decision component...

This paper (1) summarizes the history of the RERS challenge for the analysis and verification of reactive systems, its profile and intentions, its relation to other competitions, and, in particular, its evolution due to the feedback of participants, and (2) presents the most recent development concerning the synthesis of hard benchmark problems. In...

There are three technologies a modern AI-aware software engineer needs to know: data mining, theorem proving, and nonlinear optimization (also called search-based SE). While much of the current industrial AI activity is focused on data mining, these other technologies are starting to achieve prominence. Optimization technology is discussed in the e...

We discuss how to overcome the often fatal impact of violating integral quality constraints: seemingly successful (software) development projects turn into failures because of a mismatch with the business context. We investigate the similarities and differences between the today popular DevOps scenarios for aligning development and operations and t...

Novel methods for safety validation of autonomous vehicles are needed in order to enable a successful release of self-driving cars to the public. Decomposition of safety validation is one promising strategy for replacing blunt test mileage conducted by real world drives and can be applied in multiple dimensions: shifting to a scenario-based testing...

The industrial track at ISoLA 2021 provided a platform for presenting industrial perspectives on digitalization and for discussing trends and challenges in the ongoing digital transformation from the perspective of where and how formal methods can contribute to addressing the related technical and societal challenges. The track continued two specia...

Documentation of epileptic seizures plays an essential role in planning medical therapy. Solutions for automated epileptic seizure detection can help improve the current problem of incomplete and erroneous manual documentation of epileptic seizures. In recent years, a number of wearable sensors have been tested for this purpose. However, detecting...

Data forms an essential organizational asset and is a potential source for competitive advantages. To exploit these advantages, the engineering of data-intensive applications is becoming increasingly important. Yet, the professional development of such applications is still in its infancy and a practical engineering approach is necessary to reach t...

Data forms an essential organizational asset and is a potential source for competitive advantages. To exploit these advantages, the engineering of data-intensive applications is becoming increasingly important. Yet, the professional development of such applications is still in its infancy and a practical engineering approach is necessary to reach t...

It is of utmost importance to maintain digital sovereignty in the context of Industry 4.0 and data-driven business models. As data itself becomes a valuable asset, this is a challenge that many companies have to face. This is particularly true as data sharing with third parties is a mandatory component of many modern business models. For its partic...

It is widely accepted by now that the discipline of Software Engineering is distinct from both Computer Science and Electrical Engineering, and that it requires bespoke higher education programs. In this paper, we argue that previous attempts at designing such programs have often failed to fully account for three essential characteristics of the di...

JDart performs dynamic symbolic execution of Java programs: it executes programs with concrete inputs while recording symbolic constraints on executed program paths. A portfolio of constraint solvers is then used for generating new concrete values from recorded constraints that drive execution along previously unexplored paths. For SV-COMP 2021, we...

Register automata model languages over infinite alphabets. A number of publications define different register automata formalisms. Equal expressiveness has been conjectured for many formalisms but a formal analysis is still open. In this paper on the occasion of the \(63^\mathrm{rd}\) birthday of Bengt Jonsson we examine if these formalisms are equ...

The industrial track at ISoLA 2021 provided a platform for presenting industrial perspectives on digitalization and for discussing trends and challenges in the ongoing digital transformation from the perspective of where and how formal methods can contribute to addressing the related technical and societal challenges. The track continued two specia...

Model learning (a.k.a. active automata learning) is a highly effective technique for obtaining black-box finite state models of software components. We show how one can boost the performance of model learning techniques for register automata by extracting the constraints on input and output parameters from a run, and making this grey-box informatio...

We present Jaint, a generic security analysis for Java Web-applications that combines concolic execution and dynamic taint analysis in a modular way. Jaint executes user-defined taint analyses that are formally specified in a domain-specific language for expressing taint-flow analyses. We demonstrate how dynamic taint analysis can be integrated int...

Model learning (a.k.a. active automata learning) is a highly effective technique for obtaining black-box finite state models of software components. Thus far, generalisation to infinite state systems with inputs/outputs that carry data parameters has been challenging. Existing model learning tools for infinite state systems face scalability problem...

This contribution investigates dependability threats to automated driving systems pertaining to the environment perception. The identification of factors that can lead to safety-relevant system failures is essential for assuring safety of automated driving systems. We establish a comprehensive taxonomy for the classification of perceptual threats b...

JDart performs dynamic symbolic execution of Java programs: it executes programs with concrete inputs while recording symbolic constraints on executed program paths. A constraint solver is then used for generating new concrete values from recorded constraints that drive execution along previously unexplored paths. JDart is built on top of the Java...

This contribution proposes a semantic description of vehicle behavior in urban environments in the form of maneuvers. By detecting these maneuvers in recorded measurement data of test drives, specific scenarios can be identified and evaluated in regards to vehicle behavior on public roads. Characteristics of extracted maneuvers can then in turn be...

Model learning is a black-box technique for constructing state machine models of software and hardware components, which has been successfully used in areas such as telecommunication, banking cards, network protocols, and control software. The underlying theoretic framework (active automata learning) was first introduced in a landmark paper by Dana...

Water, light, plants and animals: the interplay of these factors in a natural ecosystem is an excellent role model for state-of-the-art value chains within economy, as ecosys-tems are characterized by the fact that not one of the systems members is able to optimize their well-being on their own. Any ecosystem has to come together and act as a whole...

In this paper we present JConstraints, a constraint solver abstraction layer for Java. JConstraints provides an object representation for logic expressions, unified access to different SMT and interpolation solvers, and useful tools and algorithms for working with logic formulas. The object representation enables implementation of algorithms on con...

This paper covers the Rigorous Examination of Reactive Systems (RERS) Challenge 2019. For the first time in the history of RERS, the challenge features industrial tracks where benchmark programs that participants need to analyze are synthesized from real-world models. These new tracks comprise LTL, CTL, and Reachability properties. In addition, we...

The industrial track at ISoLA 2018 provided a platform for presenting industrial perspectives on digitalization and for discussing trends and challenges in the ongoing digital transformation. The track continued two special tracks at ISoLA conferences focused on the application of learning techniques in software engineering and software products [3...

Behavioral interfaces describe the safe interactions with a component without exposing its internal variables and computation. As such, they can serve as documentation or formal contracts for black-box components in safety-critical systems. Learning-based generation of interaces relies on learning algorithms for inferring behavioral interfaces from...

This paper is dedicated to the Rigorous Examination of Reactive Systems (RERS) Challenge 2018. We focus on changes and improvements compared to previous years. RERS again provided a large variety of verification benchmarks that foster the comparison of validation tools while featuring both sequential and parallel programs. In addition to reachabili...

The next generation of automotive control software will run on complex networks of control units, connected by a multitude of different bus systems. With a rising number of safety-critical functions being realized (at least partly) in software, real-time requirements for distributed functions become more important (e.g., time until a system reacts...

Active automata learning is slowly becoming a standard tool in the toolbox of the software engineer. As systems become ever more complex and development becomes more distributed, inferred models of system behavior become an increasingly valuable asset for understanding and analyzing a system’s behavior. Five years ago (in 2011) we have surveyed the...

Automata learning is an established class of techniques for inferring automata models by observing how they respond to a sample of input words. Recently, approaches have been presented that extend these techniques to infer extended finite state machines (EFSMs) by dynamic black-box analysis. EFSMs model both data flow and control behavior, and thei...

Checking that a complex software system conforms to an extensive catalogue of requirements is an elaborate and costly task which cannot be managed only through manual testing anymore. In this paper, we construct an academic case study in which we apply automated requirements-based test case generation to the protoype of an adaptive cruise control s...

Web applications define the interface to many of the businesses and services that we interact with and use on a daily basis. The technology stack enabling these applications is constantly changing and applications are accessed from a plethora of different devices. Automated testing of the behavior of applications is a promising strategy for reducin...

We develop a learning-based testing framework for register automaton models that can express the windowing behavior of TCP, thereby presenting the first significant application of register automata learning to realistic software for a class of automata with Boolean-arithmetic constraints over data values. We have applied our framework to TCP implem...

RERS is an annual verification challenge that focuses on LTL and reachability properties of reactive systems. In 2017, RERS was extended to a one day workshop that in addition to the original challenge program also featured an invited talk about possible future developments. As a satellite of ISSTA and SPIN, the 2017 RERS Challenge itself increased...

The Java PathFinder extension Psyco generates interfaces of Java components using a combination of dynamic symbolic execution and automata learning to explore different combinations of method invocations on a component. Such interfaces are useful in contract-based compositional verification of component-based systems. Psyco relies on testing for va...

There is an increasing necessity to deploy autonomous systems in highly heterogeneous, dynamic environments, e.g. service robots in hospitals or autonomous cars on highways. Due to the uncertainty in these environments, the verification results obtained with respect to the system and environment models at design-time might not be transferable to th...

We are entering the age of learning systems! On the one hand, we are surrounded by devices that learn from our behavior [3]: household appliances, smart phones, wearables, cars, etc.—the most recent prominent example being Tesla Motor’s autopilot that learns from human drivers. On the other hand, man-made systems are becoming ever more complex, req...

Autonomous vehicles will share the road with human drivers within the next couple of years. One of the big open challenges is the lack of established and cost-efficient approaches for assuring the safety of Advanced Driver Assistance Systems and autonomous driving. Product liability regulations impose high standards on manufacturers regarding the s...

The 5th challenge of Rigorous Examination of Reactive Systems (RERS 2016) once again provided generated and tailored benchmarks suited for comparing the effectiveness of automatic software verifiers. RERS is the only software verification challenge that features problems with linear temporal logic (LTL) properties in larger sizes that are available...

We describe JDart, a dynamic symbolic analysis framework for Java. A distinguishing feature of JDart is its modular architecture: the main component that performs dynamic exploration communicates with a component that efficiently constructs constraints and that interfaces with constraint solvers. These components can easily be extended or modified...

We present a black-box active learning algorithm for inferring extended finite state machines (EFSM)s by dynamic black-box analysis. EFSMs can be used to model both data flow and control behavior of software and hardware components. Different dialects of EFSMs are widely used in tools for model-based software development, verification, and testing....

In the automotive domain, control functions (e.g., ACC or brake booster) are mainly validated through road tests by means of performing specific driving maneuvers. In many cases, however, there is only an indirect connection between the inputs at the system level (e.g., position of the brake pedal) and the inputs to a tested component (e.g., negati...

Advanced driver assistance systems and (semi-)autonomous mobility systems will arguably be the biggest disruption of our everyday life in the next couple of years. The development of such systems comes with legal and technical challenges: Product liability regulations impose high standards on manufacturers regarding the safe operation of advanced d...

In this paper, we present LearnLib, a library for active automata learning. The current, open-source version of LearnLib was completely rewritten from scratch, incorporating the lessons learned from the decade-spanning development process of the previous versions of LearnLib. Like its immediate predecessor, the open-source LearnLib is written in Ja...

This paper describes our work on demonstrating verification technologies on a flight-critical system of realistic functionality, size, and complexity. Our work targeted a commercial aircraft control system named Transport Class Model (TCM), and involved several stages: formalizing and disambiguating requirements in collaboration with do- main exper...

JDart is a concolic execution extension for Java PathFinder. Concolic execution executes programs with concrete values while recording symbolic constraints. In this way, it combines the benefits of fast concrete execution, with the possibility of generating new concrete values, triggered by symbolic constraints, in order to exercise additional, pot...

A common practice in the development of complex component-based flight critical software systems is to outsource the implementation of some of the components to external contractors or assemble them from commercial off-the-shelf (COTS) systems. Those components are delivered as black-box systems, although they may have been first prototyped in-hous...

Active automata learning is a promising technique to generate formal behavioral models of systems by experimentation. The practical applicability of active learning, however, is often hampered by the impossibility of realizing so-called equivalence queries, which are vital for ensuring progress during learning and finally resulting in correct model...

The paper reviews active automata learning with a particular focus on sources of redundancy. In particular, it gives an intuitive account of TTT, an algorithm based on three tree structures which concisely capture all the required information. This guarantees minimal memory consumption and it drastically reduces the length of membership queries, in...

In recent years, two different approaches for learning register automata have been developed: as part of the LearnLib tool algorithms have been implemented that are based on the Nerode congruence for register automata, whereas the Tomte tool implements algorithms that use counterexample-guided abstraction refinement to automatically construct appro...

Specifications play an important role in modern-day software engineering research. Formal specifications, e.g., are the basis for automated verification and testing techniques. In spite of their potentially great positive impact, formal specifications are notoriously hard to come by in practice. One reason seems to be that writing precise formal sp...

In this paper, we show how to extend our approach to property-driven benchmark generation (PDBG) to support concurrency in the benchmarks: we systematically produce multi-process PROMELA code of known and tailored complexity that can then serve as benchmark for the evaluation of analysis and verification tools for concurrent software systems. Key t...

The goal of the RERS challenge is to evaluate the effectiveness of various verification and validation approaches on reactive systems, a class of systems that is highly relevant for industrial critical applications. The RERS challenge brings together researchers from different areas of software verification and validation, including static analysis...

In this paper we present TTT, a novel active automata learning algorithm formulated in the Minimally Adequate Teacher (MAT) framework. The distinguishing characteristic of TTT is its redundancy-free organization of observations, which can be exploited to achieve optimal (linear) space complexity. This is thanks to a thorough analysis of counterexam...

The Next Generation Air Transportation System (NextGen) advocates the use of innovative algorithms and software to address the increasing load on air-traffic control. AutoResolver [12] is a large, complex NextGen component that provides separation assurance between multiple airplanes up to 20 minutes ahead of time. Our work targets the development...

We present a black-box active learning algorithm for inferring extended finite state machines (EFSM)s by dynamic black-box analysis. EFSMs can be used to model both data flow and control behavior of software and hardware components. Different dialects of EFSMs are widely used in tools for model-based software development, verification, and testing....

In this paper we present a novel lightweight approach to validate compilers for synchronous languages. Instead of verifying a compiler for all input programs or providing a fixed suite of regression tests, we extend the compiler to generate a test-suite with high behavioral coverage and geared towards discovery of faults for every compiled artifact...

This paper addresses the problem of efficient generation of component interfaces through learning. Given a white-box component C with specified unsafe states, an interface captures safe orderings of invocations of C's public methods. In previous work we presented Psyco, an interface generation framework that combines automata learning with symbolic...

We revisit our case study on the NASA's Voyager space mission to automatically discover its behaviour by means of model transformation and automata learning. We investigate the conformance of three structurally different types of specification of the case study: (1) a formal specification given in ASSL, (2) a derived implementation in Java, and (3)...

This paper reviews the development of Register Automaton learning, an enhancement of active automata learning to deal with infinite-state systems. We will revisit the precursor techniques and influences, which in total span over more than a decade. A large share of this development was guided and motivated by the increasingly popular application of...

We present Active Continuous Quality Control (ACQC), a novel approach that employs incremental active automata learning technology periodically in order to infer evolving behavioral automata of complex applications accompanying the development process. This way we are able to closely monitor and steer the evolution of applications throughout their...