Víctor A. BrabermanUniversity of Buenos Aires | UBA · Department of Computer Sciences (FCEN)
Víctor A. Braberman
About
106
Publications
13,216
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
1,598
Citations
Introduction
Publications
Publications (106)
Controller synthesis is in essence a case of model-based planning for non-deterministic environments in which plans (actually “strategies”) are meant to preserve system goals indefinitely. In the case of supervisory control environments are specified as the parallel composition of state machines and valid strategies are required to be “non-blocking...
We study directed control of discrete event system expressed as the parallel composition of interacting automata. Solutions that first compose the automata and then compute a controller may result in an exponential blow up. We present a technique that builds the composition on-the-fly guided by a novel domain-independent heuristic, which attempts t...
Dynamic slicing techniques compute program dependencies to find all statements that affect the value of a variable at a program point for a specific execution. Despite their many potential uses, applicability is limited by the fact that they typically cannot scale beyond small-sized applications. We believe that at the heart of this limitation is t...
In this paper, we propose a novel approach that aims to offer an alternative to the prevalent paradigm to dynamic slicing construction. Dynamic slicing requires dynamic data and control dependencies that arise in an execution. During a single execution, memory reference information is recorded and then traversed to extract dependencies. Execute-onc...
Directed Controller Synthesis technique finds solutions for the non-blocking property in discrete event systems by exploring a reduced portion of the exponentially big state space, using best-first search. Aiming to minimize the explored states, it is currently guided by a domain-independent handcrafted heuristic, with which it reaches state-of-the...
In order to manage evolving organisational practice and maintain compliance with changes in policies and regulations, businesses must be capable of dynamically reconfiguring their business processes. However, such dynamic reconfiguration is a complex, human-intensive and error prone task. Not only must new business process rules be devised but also...
An important ability of self-adaptive systems is to be able to autonomously understand the environment in which they operate and use this knowledge to control the environment behaviour in such a way that system goals are achieved. How can this be achieved when the environment is unknown? Two phase solutions that require a full discovery of environm...
A controller for a Discrete Event System must achieve its goals despite that its environment being capable of resolving race conditions between controlled and uncontrolled events.Assuming that the controller loses all races is sometimes unrealistic. In many cases, a realistic assumption is that the controller sometimes wins races and is fast enough...
We show how reactive synthesis and automated planning can be leveraged effectively to find non-maximal solutions to deterministic supervisory control problems of discrete event systems. To do so, we propose efficient translations of the supervisory control problem into the reactive synthesis and planning frameworks. Notably, our translation methods...
Organisations require that their business processes reflect their evolving practices by maintaining compliance with their policies, strategies and regulations. Designing workflows which satisfy these requirements is complex and error-prone. Business process reconfiguration is even more challenging as not only a new workflow must be devised but also...
This paper reports on an approach for systematically generating test data from production databases for end user calculated field program via a novel combination of symbolic execution and database queries. We also discuss the opportunities and challenges that this specific domain poses for symbolic execution and shows how database queries can help...
Discrete event controllers are at the heart of many software systems that require continuous operation. Changing these controllers at runtime to cope with changes in its execution environment or system requirements change is a challenging open problem. In this paper we address the problem of dynamic update of controllers in reactive systems. We pre...
Software Model Checkers have shown outstanding performance improvements in recent times. Moreover, for specific use cases, formal verification techniques have shown to be highly effective, leading to a number of high-profile success stories. However, widespread adoption remains unlikely in the short term and one of the remaining obstacles in that d...
Behavior needs to be understood from early stages of software development. In this context, incremental and declarative modeling seems an attractive approach for closely capturing and analyzing requirements without early operational commitment. A traditional choice for such a kind of modeling is a logic-based approach. Unfortunately, in many cases,...
System specifications have long been expressed through automata-based languages, which allow for compositional construction of complex models and enable automated verification techniques such as model checking. Automata-based verification has been extensively used in the analysis of systems, where they are able to provide yes/no answers to queries...
Verification techniques and software model checking in particular have gained considerable traction in industry, especially after a number of high-profile success stories tackling specific problems. However, widespread adoption remains distant and, among other causes, one obstacle is the huge number of systems that software model checkers cannot fu...
This paper presents a Directed Controller Synthesis (DCS) technique for discrete event systems. The DCS method explores the solution space for reactive controllers guided by a domain-independent heuristic. The heuristic is derived from an efficient abstraction of the environment based on the componentized way in which complex environments are descr...
The SEAMS 2016 call for papers defines self-adaptation as the ability of a system to adapt itself at runtime to preserve its operation in the presence of uncertain changes in its operating environment, resource variability, new user needs, intrusions, and faults [23].
In many application domains, continuous operation is a desirable attribute for software-intensive systems. As the environment or system requirements change, so the system should change and adapt without stopping or unduly disturbing its operation. There is, therefore, a need for sound engineering techniques that can cope with dynamic change. In thi...
College London and CONICET Model-based reliability estimation of systems can provide useful insights early in the development process. However, computational complexity of estimating metrics such as mean time to first failure (MTTF), turnaround time (TAT), or other domain-based quantitative measures can be prohibitive both in time, space and precis...
The problem of automatically constructing a software component such that when executed in a given environment satisfies a goal, is recurrent in software engineering. Controller synthesis is a field which fits into this vision. In this paper we study controller synthesis for partially observable LTS models. We exploit the link between partially obse...
Code artefacts that have non-trivial requirements with respect to the ordering in which their methods or procedures ought to be called are common and appear, for instance, in the form of API implementations and objects. Testing such code artefacts to gain confidence that they conform to their intended protocols is an important and challenging probl...
Temporal logic based approaches that automatically generate controllers have been shown to be useful for mission level planning of motion, surveillance and navigation, among others. These approaches critically rely on the validity of the environment models used for synthesis. Yet simplifying assumptions are inevitable to reduce complexity and provi...
Property specification is still one of the most challenging tasks for transference of software verification technology. The use of patterns has been proposed in order to hide the complicated handling of formal languages from the developer. However, this goal is not entirely satisfied. When validating the desired property the developer may have to d...
An architectural approach to self-adaptive systems involves runtime change of
system configuration (i.e., the system's components, their bindings and
operational parameters) and behaviour update (i.e., component orchestration).
Thus, dynamic reconfiguration and discrete event control theory are at the
heart of architectural adaptation. Although con...
Controller synthesis is a well studied problem that attempts to automatically generate an operational behaviour model of the system-to-be that satisfies a given goal when deployed in a given domain model that behaves according to specified assumptions. A limitation of many controller synthesis techniques is that they require complete descriptions o...
This article presents a symbolic static analysis for computing parametric upper bounds of the number of simultaneously live objects of sequential Java-like programs. Inferring the peak amount of irreclaimable objects is the cornerstone for analyzing potential heap-memory consumption of stand-alone applications or libraries. The analysis builds meth...
El equipo de LaFHIS es un grupo del Departamento de Computación de FCEyN, UBA especializado análisis de software. Actualmente, miembros del LaFHIS son parte constitutiva del nuevo Centro de Transferencia e Investigación en Ingeniería de Software (CETIS). En este artículo se reportan los pasos iniciales de colaboraciones del CETIS con dos compañías...
Most approaches for adaptive systems rely on models, particularly behaviour or architecture models, which describe the system and the environment in which it operates. One of the difficulties in creating such models is uncertainty about the accuracy and completeness of the models. Engineers therefore make assumptions which may prove to be invalid a...
Behaviour model construction remains a difficult and labour intensive task which hinders the adoption of model-based methods by practitioners. We believe one reason for this is the mismatch between traditional approaches and current software development process best practices which include iterative development, adoption of use-case and scenario-ba...
Synthesis of operational behavior models from scenario-based specifications has been extensively studied. The focus has been mainly on either existential or universal interpretations. One noteworthy exception is Live Sequence Charts (LSCs), which provides expressive constructs for conditional universal scenarios and some limited support for noncond...
Code artifacts that have nontrivial requirements with respect to the ordering in which their methods or procedures ought to be called are common and appear, for instance, in the form of API implementations and objects. This work addresses the problem of validating if API implementations provide their intended behavior when descriptions of this beha...
Model-based reliability estimation of software systems can provide useful insights early in the development process. However, computational complexity of estimating reliability metrics such as mean time to first failure (MTTF) can be prohibitive both in time, space and precision. In this paper we present an alternative to exhaustive model explorati...
Controller synthesis provides an automated means to produce architecture-level behaviour models that are enacted by a composition of lower-level software components, ensuring correct behaviour. Such controllers ensure that goals are satisfied for any model-consistent environment behaviour. This paper presents a tool for developing environment model...
Code artefacts that have non-trivial requirements with respect to the ordering in which their methods or procedures ought to be called are common and appear, for instance, in the form of API implementations and objects. Testing such code artefacts to gain confidence in that they conform to their intended protocols is an important and challenging pr...
We present SGR(1), a novel synthesis technique and methodological guidelines for automatically constructing event-based behavior models. Our approach works for an expressive subset of liveness properties, distinguishes between controlled and monitored actions, and differentiates system goals from environment assumptions. We show that assumptions mu...
In order to capture all permissible implementations, partial models of component based systems are given as at the system level. However, iterative refinement by engineers is often more convenient at the component level. In this paper, we address the problem of decomposing partial behaviour models from a single monolithic model to a component-wise...
Controller synthesis is a well studied problem that attempts to automatically generate an operational behaviour model of the system-to-be such that when deployed in a given domain model that behaves according to specified assumptions satisfies a given goal. A limitation of known controller synthesis techniques is that they require complete descript...
Many software engineering artefacts, such as source code or specifications, define a set of operations and impose restrictions to the ordering on which they have to be invoked. Enabledness Preserving Abstractions (EPAs) are concise representations of the behaviour space for such artefacts. In this paper, we exemplify how EPAs might be used for vali...
Pre/postcondition-based specifications are commonplace in a variety of software engineering activities that range from requirements through to design and implementation. The fragmented nature of these specifications can hinder validation as it is difficult to understand if the specifications for the various operations fit together well. In this pap...
Space- and time-predictability are hard to achieve for object-oriented languages with automated dynamic-memory management. Although there has been significant work to design APIs, such as the Real-Time Specification for Java (RTSJ), and to implement garbage collectors to enable real-time performance, quantitative space analysis is still in its infa...
In this work we present Contractor.NET, a Visual Studio extension that supports the construction of contract specifications with typestate information which can be used for verification of client code. Contractor.NET uses and extends Code Contracts to provide stronger contract specifications. It features a two step process. First, a class source co...
We revisit synthesis of live controllers for event-based op- erational models. We remove one aspect of an idealised problem domain by allowing to integrate failures of con- troller actions in the environment model. Classical treat- ment of failures through strong fairness leads to a very high computational complexity and may be insucient for many i...
Code artefacts that have non-trivial requirements with respect to the ordering in which their methods or procedures ought to be called are common and appear, for instance, in the form of API implementations and objects. This work addresses the problem of validating if API implementations provide their intended behaviour when descriptions of this be...
Microsoft is producing interoperability documentation for Windows client–server and server–server protocols. The Protocol Engineering Team in the Windows organization is responsible for verifying the documentation to ensure that it is of the highest quality. Various test-driven methods are being applied including, when appropriate, a model-based ap...
An essential operation in timed automata model checking is inclusion checking which decides whether a set of states, represented as a convex polyhedron, is included in another set. Several verication tools implement convex polyhedra as square matrixes called DBMs (short for Dierence Bound Matrix), where each row and column is associated to a clock...
We present a novel technique for synthesising behaviour models that works for an expressive subset of liveness properties and conforms to the foundational requirements engineering World/Machine model, dealing explicitly with assumptions on environment behaviour and distinguishing controlled and monitored actions. This is the first technique that co...
System specifications have long been expressed through au-tomata based languages, enabling verification techniques such as model checking. These verification techniques can assess whether a property holds or not, given a system specifica-tion. However, model checking techniques suffer from the traditionally called state explosion problem, that is,...
Property specification is still one of the most chal- lenging tasks for transference of software verification technology like model checking. The use of patterns has been proposed in order to hide the complicated handling of formal languages from the developer. However, this goal is not entirely satisfied. When validating the pattern the developer...
The ScopedMemory class of the RTSJ enables the organiza- tion of objects into regions. This ensures time-predictable management of dynamic memory. Using scopes forces the programmer to reason in terms of locality, to comply with RTSJ restrictions. The programmer is also faced with the problem of providing upper-bounds for regions. Without appropria...
The common practice for verifying properties described as event occurrence patterns is to translate them into observer state machines. The resulting observer is then composed with (the components of) the system under analysis in order to verify a reachability property. Live Component Analysis is a “cone of influence” abstraction technique aiming at...
System specifications have long been expressed through automata-based languages, enabling verification techniques such as model checking. These verification techniques can assess whether a property holds or not, given a system specification. Quantitative model checking can provide additional information on the probability of these properties holdin...
Modal Transition Systems (MTS) are an extension of Labelled Transition Systems (LTS) that distinguish between required, proscribed
and unknown behaviour and come equipped with a notion of refinement that supports incremental modelling where unknown behaviour
is iteratively elaborated into required or proscribed behaviour. The original formulation o...
Pre/post condition-based specifications are common-place in a variety of software engineering activities that range from requirements through to design and implementation. The fragmented nature of these specifications can hinder validation as it is difficult to understand if the specifications for the various operations fit together well. In this p...
AADL is an aerospace standard for model-driven design of complex real-time embedded sys-tems. Currently, behavioral properties of AADL models can be specified inside the system description using AADL concepts or outside it using external textual languages, and verified using schedulability analysis or (Time Petri Net-based) model-checking tools. Th...
This work presents a technique to compute symbolic polynomial approximations of the amount of dynamic memory required to safely execute a method without running out of memory, for Java- like imperative programs. We consider object allocations and deal- locations made by the method and the methods it transitively calls. More precisely, given an init...
Scenario-based specifications are a popular means for describing intended system behaviour. We aim to facilitate early analysis of system behaviour and the development of behaviour models in conjunction with scenarios. In this paper we define a novel scenario-based specification language with an existential semantics and that supports conditional s...
Difference Bound Matrices (DBMs) are the most commonly used data structure for model checking timed automata. Since long they
are being used in successful tools like Kronos or UPPAAL.
As DBMs represent convex polyhedra in an n-dimensional space, this paper explores the idea of using its hypervolume as the basis for two optimization techniques. One...
We have devised a novel technique to automatically generate test cases for a software system, combining black-box model-based testing with white-box parameterized unit testing. The former pro- vides general guidance for the structure of the tests in the form of test sequences, as well as the oracle to check for conformance of an application under t...
In this work we present an Eclipse plug-in for the VInTiMe (Verifier of INtegrated TImed ModEls)1 suite of tools that combines high-level expressive power, unassisted property- preserving model reduction and distributed model checking to describe and verify complex real-time system designs and their properties.
Two base algorithms are known for reachability verification over timed automata. They are called forward and backwards, and traverse the automata edges using either successors or predecessors. Both usually work with a data structure called Difference Bound Matrices (DBMs). Although forward is better suited for on-the-fly construction of the model,...
Software product lines or families represent an emerging par- adigm that is enabling companies to engineer applications with similar functionality and user requirements more effec- tively. Behaviour modelling at the architecture level has the potential for supporting behaviour analysis of entire prod- uct lines, as well as defining optional and var...
We present a static analysis for computing a parametric upper-bound of the amount of memory dynamically allocated by (Java-like) imperative object-oriented programs. We propose a general procedure for synthesizing non-linear formulas which conservatively estimate the quantity of memory explicitly allocated by a method as a function of its parameter...
A major obstacle in the technology transfer agenda of behavioral analysis and design methods is the need for logics or automata to express properties for control-intensive systems. Interaction-modeling notations may offer a replacement or a complement, with a practitioner-appealing and lightweight flavor, due partly to the sub specification of inte...
In this work we present the on-the-fly workload prediction and redistribution techniques used in Zeus [Braberman, V., A. Olivero and F. Schapachnik, Zeus: A distributed timed model checker based on kronos, in: Workshop on Parallel and Distributed Model Checking, affiliated to CONCUR 2002 (13th International Conference on Concurrency Theory), ENTCS...
In this work we present Zeus, a distributed timed model checker that evolves from the TCTL model checker Kronos [13] and that currently can handle backwards computation of reachability properties [2] over timed automata [3].
Zeus was developed following a software architecture-centric approach. Its conceptual architecture was conceived to be suffic...
We present JScoper, an Eclipse plug-in which will help de- velopers, researchers and students, to generate, understand, and manipulate memory regions in scoped-memory mana- gement setting. The main goal of the plug-in is to provide a tool that will transparently assist the translation of Java ap- plications into Real-time Specification for Java (RT...
In this work we present the VInTiMe (Verifier of INte-grated TImed ModEls) suite of tools that combines high-level expressive power, unassisted property-preserving model-reduction and low-level distributed model checking power to describe and verify complex Real-Time Systems designs and their properties.
ObsSlice is an optimization tool suited for the verification of timed automata using virtual observers. It discovers the set of modelling
elements that can be safely ignored at each location of the observer by synthesizing behavioral dependence information among
components. ObsSlice is fed with a network of timed automata and generates a transforme...