Jianqi Shi

Jianqi Shi
East China Normal University | ECNU · National Trustworthy Embedded System Engineering Research Center

PhD

About

61
Publications
9,561
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
557
Citations
Introduction
Skills and Expertise

Publications

Publications (61)
Article
Programmable Logic Controllers (PLCs) are specialized computers extensively utilized in industrial control fields. Since they control industrial equipment, software faults in PLCs can result in significant losses. However, current testing for PLC programs is mainly manual, and there are very few automatic testing tools. Structured Text (ST) is one...
Article
Full-text available
Federated learning is a distributed machine learning framework for edge computing devices that provides several benefits, such as eliminating over-fitting and protecting privacy. However, the majority of federated learning paradigms have not taken fairness into account. Since the quality and quantity of the data held by each participant varies, the...
Article
Full-text available
Ensemble trees are a popular machine learning model which often yields high prediction performance when analysing structured data. Although individual small decision trees are deemed explainable by nature, an ensemble of large trees is often difficult to understand. In this work, we propose an approach called optimised explanation (OptExplain) that...
Article
Model checking and static analysis have been well studied for program verification. Because of the ability to describe the stack, the pushdown system (PDS) has become a perfect model that is able to accurately model procedure calls and mimic the program's stack. Thus, it is not only a good model for sequential programs but for malware detection as...
Preprint
Full-text available
The broad adoption of Machine Learning (ML) in security-critical fields demands the explainability of the approach. However, the research on understanding ML models, such as Random Forest (RF), is still in its infant stage. In this work, we leverage formal methods and logical reasoning to develop a novel model-specific method for explaining the pre...
Article
To cater for the scenario of coordinated transportation of multiple trucks on the highway, a platoon system for autonomous driving has been extensively explored in the industry. Before such a platoon is deployed, it is necessary to ensure the safety of its driving behavior, whereby each vehicle’s behavior is commanded by the decision-making functio...
Article
Programmable Logic Controllers (PLC) are widely used in Industrial Control Systems (ICS) with strict safety assurance requirements. Unfortunately, traditional techniques for debugging prefer to use post-development approaches, such as simulation and black-box testing, rather than enhancing safety before programing. In this paper, we propose a refin...
Article
Specification mining is an automated or semi-automated process for inferring models or properties from computer programs or systems and is a useful way to aid program understanding, monitoring, and verification. There have been many works on mining various forms of specifications, of which mining for temporal logic specifications is becoming increa...
Conference Paper
Full-text available
Simulink has been widely used in model-based design and development. While we witness a growing demand on testing and verification for safety-critical systems, it remains a challenge to verify Simulink models, due largely to a lack of standardized formal semantics for Simulink. In this paper, we propose a comprehensive framework that allows us to a...
Conference Paper
Full-text available
With the development of artificial intelligence, machine learning algorithms are currently being used in more and more fields, such as autonomous driving, medical diagnosis, etc. In recent years, much research focuses on property verification of machine learning models. As one of the machine learning models, the tree ensemble model's structure is a...
Article
Full-text available
A growing awareness is brought that the safety and security of industrial control systems cannot be dealt with in isolation, and the safety and security of industrial control protocols (ICPs) should be considered jointly. Fuzz testing (fuzzing) for the ICP is a common way to discover whether the ICP itself is designed and implemented with flaws and...
Article
Programmable logic controllers (PLCs) are essentially domain-specific computers that are widely used in the industrial field. These industrial devices are usually required to be of high reliability, and program bugs can lead to catastrophes. However, there are few automated testing tools for PLC programs. This paper proposes a framework, named STAu...
Article
Programmable logic controllers (PLC), which are widely applied in modern industrial control systems (ICS), work as the controller of sensors and actuators in ICS. These systems require strict correctness, especially for safety-critical systems. Currently, increasingly ICS move to “come online” scenarios to enhance cyber-physical features, but it ma...
Article
Full-text available
With increasing demands of deterministic and real-time communication, network performance analysis is becoming an increasingly important research topic in safety-critical areas, such as aerospace, automotive electronics and so on. Time-triggered Ethernet (TTEthernet) is a novel hybrid network protocol based on the Ethernet standard; it is determini...
Article
With the development of the industrial control system, Programmable Logic Controllers (PLCs) are increasingly adopted in the process automation. Moreover, many PLCs play key roles in safety-critical systems like nuclear power plants, where robust and reliable control programs are required. To ensure the quality of programs, testing and verification...
Article
The functions of automobiles are becoming increasingly intelligent, which leads to the increasing number of electrical control units for one automobile. Hence, it makes software migration and extension more complicated. In order to avoid these problems, the standard OSEK/VDX has been proposed jointly by a German automotive company consortium and th...
Article
Full-text available
With rapid technological advances in airborne control systems, it has become imperative to ensure the reliability, robustness, and adaptability of airborne software since failure of these software could result in catastrophic loss of property and life. DO-333 is a supplement to the DO-178C standard, which is dedicated to guiding the application of...
Chapter
Model checking on Pushdown Systems (PDSs) has been extensively used to deal with numerous practical problems. However, the existing model checkers for pushdown systems are executed on the central processing unit (CPU), the performance is hampered by the computing power of the CPU. Compared with the CPU, the graphics processing unit (GPU) has more p...
Chapter
Bridging the gap between natural language requirements (NLR) and precise formal specifications is a crucial task of knowledge engineering. Software system development has become more complex in recent years, and it includes many requirements in different domains that users need to understand. Many of these requirements are expressed in natural lang...
Article
Full-text available
In the field of intelligent connected vehicles, as the rate of in-vehicle communication continues to increase, the importance of real-time and reliability requirements has been more prominent. The Time-Sensitive Networking (TSN) task group is dedicated to the amendments for meeting the urgent needs in the industrial field. In the implementation of...
Article
Full-text available
Industrial control systems (ICSs), especially distributed control systems (DCSs), are usually composed of several subsystems. Each subsystem is controlled by a control unit such as a programmable logic controller (PLC) or a micro-controller and collaborates with other subsystems via the field bus, Ethernet, or other communication links. In the trad...
Article
Full-text available
A Pushdown system (PDS) is a finite transition system equipped with stacks that are allowed to accurately model procedure calls and mimic the program's stack. Therefore, a PDS is extensively used for the analysis and verification of sequential programs. The computational tree logic (CTL) model checking for PDS is reduced to an emptiness problem, wh...
Article
Full-text available
Programmable logic controllers (PLCs) are special purpose computers designed to perform industrial automation tasks. They require highly reliable control programs, particularly when used in safety-critical systems such as nuclear power stations. In the development of reliable control programs, formal methods are “highly recommended” because the cor...
Article
Full-text available
Fuzzing (Fuzz testing) can effectively identify security vulnerabilities in software by providing a large amount of unexpected input to the target program. An important part of fuzzing test is the fuzzing data generation. Numerous traditional methods to generate fuzzing data have been developed, such as model-based fuzzing data generation and rando...
Conference Paper
In this paper, we attempt to improve industrial safety from the perspective of communication security. We leverage the protocol fuzzing technology to reveal errors and vulnerabilities inside implementations of industrial network protocols(INPs). Traditionally, to effectively conduct protocol fuzzing, the test data has to be generated under the guid...
Conference Paper
Nowadays, Pushdown System is widely used in program verification including malware detection. We model the software systems into pushdown systems and use model-checking to verify them. The reachability analysis is the base of model-checking problems. It is an iterative work on transitions and configuration rules. However, with the rise of the compl...
Article
In the design of dependable software for embedded and real-time operating systems, time analysis is a crucial but extremely difficult issue, the challenge of which is exacerbated due to the randomness and nondeterminism of interrupt handling behaviors. Thus research into a theory that integrates interrupt behaviors and time analysis seems to be imp...
Conference Paper
Hybrid systems arise in embedded control from the interaction between continuous physical behavior and discrete digital controllers. In this paper, we propose Apricot as a novel object-oriented language for modeling hybrid systems. The language takes the advantages of domain-specific and object-oriented languages, which fills the gap between the de...
Article
Full-text available
Controller Area Network (CAN) is a high-speed serial bus system with real-time capability. In this paper, we present a formal model of the CAN bus protocol, mainly focusing on the arbitration process, transmission process, and fault confinement mechanism. Moreover, 11 important properties are formalized in terms of the protocol. Based on the verifi...
Article
As one of the most practical protocols, Time-Triggered CAN protocol (TTCAN), which is time triggered to ensure the real-time capability required by embedded systems, has been widely used in the automotive electric system development. In this paper, we present a formal model of the TTCAN protocol using Timed Communicating Sequential Processes (Timed...
Article
Full-text available
The service mashup programming paradigm is a blooming faction of service oriented Architecture for developing web applications. A mashup application constructs its functionality by combining data, presentation and functionalities obtained from online services published by service providers such as Google and Amazon. This paradigm significantly faci...
Article
Full-text available
For hybrid systems, hybrid automata-based tools are capable of verification, while Matlab Simulink/Stateflow is proficient in simulation. We propose a co-verification procedure, in which the verification tool SpaceEx/PHAVer and simulation tool Matlab are integrated to analyze and verify hybrid systems. For the application of this procedure, a platf...
Conference Paper
E/E systems have been widely used in safety-critical scenarios in the modern world. The system is composed of a variety of software components in an automobile now, but most of the software vendors only apply the common software process method to construct the software modules. How to avoid the irrational and ambiguous requirements has not been add...
Conference Paper
The AUTOSAR (AUTomotive Open System ARchitecture) is an open standard in automotive industry, aiming at unifying the methodology of the automotive software development. It is drawing increasing attention because of its great concern about the safety of automotive electronics. The safety of automotive electronics greatly depends on the Operating Sys...
Article
Full-text available
We propose Apricot as an object-oriented language for modeling hybrid systems. The language combines the features in domain specific language and object-oriented language, that fills the gap between design and implementation, as a result, we put forward the modeling language with simple and distinct syntax, structure and semantics. In addition, we...
Conference Paper
In design of dependable software for real-time embedded systems, the interrupt mechanism plays an important role. Due to the randomicity and nondeterminism of interrupt handling behaviors, the analysis about program behaviors as well as time properties is an important but challenging problem. In a previous work, we presented a small but expressive...
Conference Paper
Full-text available
In design of dependable software for real-time embedded systems, time analysis is an important but challenging problem due in part to the randomicity and nondeterminism of interrupt handling behaviors. Time properties are generally determined by the behavior of the main program and the interrupt handling programs. In this paper, we present a small...
Conference Paper
For hybrid systems, hybrid automata based tools are capable of verification while Matlab Simulink/Stateflow is proficient in simulation. In this paper, a methodology is developed in which the formal verification tool PHAVer and simulation tool Matlab are integrated to analyze and verify hybrid systems. For application of this methodology, a Platfor...
Conference Paper
Interrupt mechanism is indispensable in embedded software due to lots of factors such as switching context and enhancing efficiency. In this context, the traditional way to ensure the correctness of software will not remain in force. Having the interrupt is envolved, the complicated and nondeterminism environment should be taken into consideration...
Article
The increasing interest in the Internet of Things (IoT) has brought lots of opportunities and challenges to researchers. Cyber-space and physical world are more and more amalgamated by smart devices with networking capability. Making appropriate adaptations to satisfy new processing requirements is necessary for the extensive service in such an env...
Conference Paper
In this paper, we report on the formal, machine-verified operating system - ORIENTAIS. ORIENTAIS is an OSEK/VDX standard based real-time operating system for automotive applications. About 8000 lines of C and 60 lines of assembler are comprised in the ORIENTAIS. The operating system is of vital importance to embedded systems, especially for some ti...
Conference Paper
In the modern world, program analysis and verification on binary code have been widely used. While on embedded system, a variety of platforms make the binary analyzing and verifying work bump up against difficulties. But the problem of expressing instruction cycle time, interrupt and pipeline mechanism in binary intermediate language has not been a...
Conference Paper
OSEK/VDX Operating System Specification is a standard in automotive industry with a long history. Dozens of mature industrial operating systems are based on this specification and widely applied in the products of major automotive manufacturers. The verification of the operating system products is always a hard nut to crack. In this paper, we propo...
Conference Paper
As an automotive industry standard of operating system specification, OSEK/VDX is widely applied in the pro- cess of designing and implementing the static operating system and the corresponding interfaces for automotive electronics. It is challenging to explore an effective method to support large- scale correctness verification of OSEK/VDX specifi...
Conference Paper
This paper presents an approach to validation and verification of the WSCDL specification. In order to validate whether the CDL document is well defined or not, we introduce OCL to precisely describe the constraints which was expressed by natural language, and design a simple validator to check the static properties of the CDL document. The validat...

Network

Cited By