About
61
Publications
9,561
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
557
Citations
Introduction
Skills and Expertise
Publications
Publications (61)
Programmable Logic Controllers (PLCs) are specialized computers extensively utilized in industrial control fields. Since they control industrial equipment, software faults in PLCs can result in significant losses. However, current testing for PLC programs is mainly manual, and there are very few automatic testing tools. Structured Text (ST) is one...
Federated learning is a distributed machine learning framework for edge computing devices that provides several benefits, such as eliminating over-fitting and protecting privacy. However, the majority of federated learning paradigms have not taken fairness into account. Since the quality and quantity of the data held by each participant varies, the...
Ensemble trees are a popular machine learning model which often yields high prediction performance when analysing structured data. Although individual small decision trees are deemed explainable by nature, an ensemble of large trees is often difficult to understand. In this work, we propose an approach called optimised explanation (OptExplain) that...
Model checking and static analysis have been well studied for program verification. Because of the ability to describe the stack, the pushdown system (PDS) has become a perfect model that is able to accurately model procedure calls and mimic the program's stack. Thus, it is not only a good model for sequential programs but for malware detection as...
The broad adoption of Machine Learning (ML) in security-critical fields demands the explainability of the approach. However, the research on understanding ML models, such as Random Forest (RF), is still in its infant stage. In this work, we leverage formal methods and logical reasoning to develop a novel model-specific method for explaining the pre...
To cater for the scenario of coordinated transportation of multiple trucks on the highway, a platoon system for autonomous driving has been extensively explored in the industry. Before such a platoon is deployed, it is necessary to ensure the safety of its driving behavior, whereby each vehicle’s behavior is commanded by the decision-making functio...
Programmable Logic Controllers (PLC) are widely used in Industrial Control Systems (ICS) with strict safety assurance requirements. Unfortunately, traditional techniques for debugging prefer to use post-development approaches, such as simulation and black-box testing, rather than enhancing safety before programing. In this paper, we propose a refin...
Specification mining is an automated or semi-automated process for inferring models or properties from computer programs or systems and is a useful way to aid program understanding, monitoring, and verification. There have been many works on mining various forms of specifications, of which mining for temporal logic specifications is becoming increa...
Simulink has been widely used in model-based design and development. While we witness a growing demand on testing and verification for safety-critical systems, it remains a challenge to verify Simulink models, due largely to a lack of standardized formal semantics for Simulink. In this paper, we propose a comprehensive framework that allows us to a...
With the development of artificial intelligence, machine learning algorithms are currently being used in more and more fields, such as autonomous driving, medical diagnosis, etc. In recent years, much research focuses on property verification of machine learning models. As one of the machine learning models, the tree ensemble model's structure is a...
A growing awareness is brought that the safety and security of industrial control systems cannot be dealt with in isolation, and the safety and security of industrial control protocols (ICPs) should be considered jointly. Fuzz testing (fuzzing) for the ICP is a common way to discover whether the ICP itself is designed and implemented with flaws and...
Programmable logic controllers (PLCs) are essentially domain-specific computers that are widely used in the industrial field. These industrial devices are usually required to be of high reliability, and program bugs can lead to catastrophes. However, there are few automated testing tools for PLC programs. This paper proposes a framework, named STAu...
Programmable logic controllers (PLC), which are widely applied in modern industrial control systems (ICS), work as the controller of sensors and actuators in ICS. These systems require strict correctness, especially for safety-critical systems. Currently, increasingly ICS move to “come online” scenarios to enhance cyber-physical features, but it ma...
With increasing demands of deterministic and real-time communication, network performance analysis is becoming an increasingly important research topic in safety-critical areas, such as aerospace, automotive electronics and so on. Time-triggered Ethernet (TTEthernet) is a novel hybrid network protocol based on the Ethernet standard; it is determini...
With the development of the industrial control system, Programmable Logic Controllers (PLCs) are increasingly adopted in the process automation. Moreover, many PLCs play key roles in safety-critical systems like nuclear power plants, where robust and reliable control programs are required. To ensure the quality of programs, testing and verification...
The functions of automobiles are becoming increasingly intelligent, which leads to the increasing number of electrical control units for one automobile. Hence, it makes software migration and extension more complicated. In order to avoid these problems, the standard OSEK/VDX has been proposed jointly by a German automotive company consortium and th...
With rapid technological advances in airborne control systems, it has become imperative to ensure the reliability, robustness, and adaptability of airborne software since failure of these software could result in catastrophic loss of property and life. DO-333 is a supplement to the DO-178C standard, which is dedicated to guiding the application of...
Model checking on Pushdown Systems (PDSs) has been extensively used to deal with numerous practical problems. However, the existing model checkers for pushdown systems are executed on the central processing unit (CPU), the performance is hampered by the computing power of the CPU. Compared with the CPU, the graphics processing unit (GPU) has more p...
Bridging the gap between natural language requirements (NLR) and precise formal specifications is a crucial task of knowledge engineering. Software system development has become more complex in recent years, and it includes many requirements in different domains that users need to understand. Many of these requirements are expressed in natural lang...
In the field of intelligent connected vehicles, as the rate of in-vehicle communication continues to increase, the importance of real-time and reliability requirements has been more prominent. The Time-Sensitive Networking (TSN) task group is dedicated to the amendments for meeting the urgent needs in the industrial field. In the implementation of...
Industrial control systems (ICSs), especially distributed control systems (DCSs), are usually composed of several subsystems. Each subsystem is controlled by a control unit such as a programmable logic controller (PLC) or a micro-controller and collaborates with other subsystems via the field bus, Ethernet, or other communication links. In the trad...
A Pushdown system (PDS) is a finite transition system equipped with stacks that are allowed to accurately model procedure calls and mimic the program's stack. Therefore, a PDS is extensively used for the analysis and verification of sequential programs. The computational tree logic (CTL) model checking for PDS is reduced to an emptiness problem, wh...
Programmable logic controllers (PLCs) are special purpose computers designed to perform industrial automation tasks. They require highly reliable control programs, particularly when used in safety-critical systems such as nuclear power stations. In the development of reliable control programs, formal methods are “highly recommended” because the cor...
Fuzzing (Fuzz testing) can effectively identify security vulnerabilities in software by providing a large amount of unexpected input to the target program. An important part of fuzzing test is the fuzzing data generation. Numerous traditional methods to generate fuzzing data have been developed, such as model-based fuzzing data generation and rando...
In this paper, we attempt to improve industrial safety from the perspective of communication security. We leverage the protocol fuzzing technology to reveal errors and vulnerabilities inside implementations of industrial network protocols(INPs). Traditionally, to effectively conduct protocol fuzzing, the test data has to be generated under the guid...
Nowadays, Pushdown System is widely used in program verification including malware detection. We model the software systems into pushdown systems and use model-checking to verify them. The reachability analysis is the base of model-checking problems. It is an iterative work on transitions and configuration rules. However, with the rise of the compl...
In the design of dependable software for embedded and real-time operating systems, time analysis is a crucial but extremely difficult issue, the challenge of which is exacerbated due to the randomness and nondeterminism of interrupt handling behaviors. Thus research into a theory that integrates interrupt behaviors and time analysis seems to be imp...
Hybrid systems arise in embedded control from the interaction between continuous physical behavior and discrete digital controllers. In this paper, we propose Apricot as a novel object-oriented language for modeling hybrid systems. The language takes the advantages of domain-specific and object-oriented languages, which fills the gap between the de...
Controller Area Network (CAN) is a high-speed serial bus system with real-time capability. In this paper, we present a formal model of the CAN bus protocol, mainly focusing on the arbitration process, transmission process, and fault confinement mechanism. Moreover, 11 important properties are formalized in terms of the protocol. Based on the verifi...
As one of the most practical protocols, Time-Triggered CAN protocol (TTCAN), which is time triggered to ensure the real-time capability required by embedded systems, has been widely used in the automotive electric system development. In this paper, we present a formal model of the TTCAN protocol using Timed Communicating Sequential Processes (Timed...
The service mashup programming paradigm is a blooming faction of service oriented Architecture for developing web applications. A mashup application constructs its functionality by combining data, presentation and functionalities obtained from online services published by service providers such as Google and Amazon. This paradigm significantly faci...
For hybrid systems, hybrid automata-based tools are capable of verification, while Matlab Simulink/Stateflow is proficient in simulation. We propose a co-verification procedure, in which the verification tool SpaceEx/PHAVer and simulation tool Matlab are integrated to analyze and verify hybrid systems. For the application of this procedure, a platf...
E/E systems have been widely used in safety-critical scenarios in the modern world. The system is composed of a variety of software components in an automobile now, but most of the software vendors only apply the common software process method to construct the software modules. How to avoid the irrational and ambiguous requirements has not been add...
The AUTOSAR (AUTomotive Open System ARchitecture) is an open standard in automotive industry, aiming at unifying the methodology of the automotive software development. It is drawing increasing attention because of its great concern about the safety of automotive electronics. The safety of automotive electronics greatly depends on the Operating Sys...
We propose Apricot as an object-oriented language for modeling hybrid
systems. The language combines the features in domain specific language and
object-oriented language, that fills the gap between design and implementation,
as a result, we put forward the modeling language with simple and distinct
syntax, structure and semantics. In addition, we...
In design of dependable software for real-time embedded systems, the interrupt mechanism plays an important role. Due to the randomicity and nondeterminism of interrupt handling behaviors, the analysis about program behaviors as well as time properties is an important but challenging problem. In a previous work, we presented a small but expressive...
In design of dependable software for real-time embedded systems, time analysis is an important but challenging problem due in part to the randomicity and nondeterminism of interrupt handling behaviors. Time properties are generally determined by the behavior of the main program and the interrupt handling programs. In this paper, we present a small...
For hybrid systems, hybrid automata based tools are capable of verification while Matlab Simulink/Stateflow is proficient in simulation. In this paper, a methodology is developed in which the formal verification tool PHAVer and simulation tool Matlab are integrated to analyze and verify hybrid systems. For application of this methodology, a Platfor...
Interrupt mechanism is indispensable in embedded software due to lots of factors such as switching context and enhancing efficiency. In this context, the traditional way to ensure the correctness of software will not remain in force. Having the interrupt is envolved, the complicated and nondeterminism environment should be taken into consideration...
The increasing interest in the Internet of Things (IoT) has brought lots of opportunities and challenges to researchers. Cyber-space and physical world are more and more amalgamated by smart devices with networking capability. Making appropriate adaptations to satisfy new processing requirements is necessary for the extensive service in such an env...
In this paper, we report on the formal, machine-verified operating system - ORIENTAIS. ORIENTAIS is an OSEK/VDX standard based real-time operating system for automotive applications. About 8000 lines of C and 60 lines of assembler are comprised in the ORIENTAIS. The operating system is of vital importance to embedded systems, especially for some ti...
In the modern world, program analysis and verification on binary code have been widely used. While on embedded system, a variety of platforms make the binary analyzing and verifying work bump up against difficulties. But the problem of expressing instruction cycle time, interrupt and pipeline mechanism in binary intermediate language has not been a...
OSEK/VDX Operating System Specification is a standard in automotive industry with a long history. Dozens of mature industrial operating systems are based on this specification and widely applied in the products of major automotive manufacturers. The verification of the operating system products is always a hard nut to crack. In this paper, we propo...
As an automotive industry standard of operating system specification, OSEK/VDX is widely applied in the pro- cess of designing and implementing the static operating system and the corresponding interfaces for automotive electronics. It is challenging to explore an effective method to support large- scale correctness verification of OSEK/VDX specifi...
This paper presents an approach to validation and verification of the WSCDL specification. In order to validate whether the CDL document is well defined or not, we introduce OCL to precisely describe the constraints which was expressed by natural language, and design a simple validator to check the static properties of the CDL document. The validat...