This is the source code repository for FalCAuN --- Falsification of CPSs via Automata Learning. FalCAuN is a toolkit for testing black-box systems (e.g., cyber-physical systems) based on automata learning and model checking. Currently, systems implemented in Java and Simulink are supported.
FalCAuN is implemented in Java. We suppose FalCAuN works on many UNIX-like operating systems. We tested FalCAuN on macOS 14.4.1 Sonoma, Ubuntu 22.04, and Arch Linux.
The requirements for the core module of FalCAuN are as follows.
- Java 17
- Maven
- LTSMin 3.1.0
- This is not officially released yet.
- You can download it from HERE.
The matlab module also requires the following.
- MATLAB/Simulink
- We tested with MATLAB R2024a but any later version should be fine.
Here, we provide the instructions to install the core module of FalCAuN.
You need to install the requirements above. For example, on Ubuntu, you can install Java 17 and Maven by the following command.
sudo apt-get install maven openjdk-17-jdk-headless -yYou have to manually install LTSMin 3.1.0 and MATLAB/Simulink. For example, you can install LTSMin 3.1.0 with the following commands.
wget https://github.com/Meijuh/ltsmin/releases/download/v3.1.0/ltsmin-v3.1.0-linux.tgz -O ltsmin-v3.1.0-linux.tgz
tar xvf ltsmin-v3.1.0-linux.tgz
sudo cp -r ./v3.1.0/share /usr/local/share
sudo cp -r ./v3.1.0/include /usr/local/include
sudo install ./v3.1.0/bin/* /usr/local/binWe provide a script to check if some of the requirements are installed. You can run the script by the following command. Since this script also checks the dependencies of the matlab module, you can ignore the error messages related to the matlab module.
./utils/check_env.shYou can build and install FalCAuN using Maven. An example of installing the core module and the top-level module is as follows.
mvn install --also-make --projects coreHere, we provide the instructions to install the matlab module.
You need to install MATLAB/Simulink manually. Please follow the instructions on the official website of Mathworks.
We assume that the environment variable MATLAB_HOME shows where MATLAB is installed. An example is as follows.
export MATLAB_HOME=<path/to/matlab/home>
## Example:
# export MATLAB_HOME=/usr/local/MATLAB/R2024a/You can build and install FalCAuN using Maven. You have to execute mvn clean to set up the Java API of MATLAB. An example to install the matlab module, as well as the others, is as follows.
mvn clean --projects matlab
mvn installFalCAuN works on macOS with ARM Processors, but the setup of LTSMin is a bit tricky because it only supports x86_64. One can still run LTSMin using Rosetta and libtool for x86_64.
- Set up Rosetta on the macOS
- Install Homebrew for intel processors with
arch -x86_64 /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install.sh)" - Install
libtoolfor x86_64 with/usr/local/bin/brew install libtool
- For the matlab module, the unit test on
mvn installis disabled by default because it takes much time. If you want, you can run it bymvn test -DskipTests=false.- Perhaps you have to explicitly specify
JAVA_HOME, for example,JAVA_HOME=$(/usr/libexec/java_home -v 17) mvn test -DskipTests=False. - Also, the automatic transmission model requires parameters defined in an example by Mathworks. To load it, you probably need to set up the example by Mathworks and the path beforehand.
- The example by Mathworks can be opened with
openExample('simulink_automotive/ModelingAnAutomaticTransmissionControllerExample') - See
./src/test/resources/MATLAB/initAT.mfor an example to set the path.
- The example by Mathworks can be opened with
- Perhaps you have to explicitly specify
We provide some examples in the ./example/kotlin directory. The following is the list of examples. To run the examples, you need to install kscript because the examples are written in Kotlin script.
The following example does not require MATLAB/Simulink.
./example/kotlin/mealy.main.kts- This example is a simple example to test some properties of a Mealy machine, which is handled as black-box.
The following examples require MATLAB/Simulink.
./example/kotlin/ATS1.main.kts./example/kotlin/ATS2.kts./example/kotlin/ATS6a.main.kts./example/kotlin/ATS6b.main.kts./example/kotlin/pacemaker.main.kts
The definition of signal temporal logic in FalCAuN is as follows.
expr : atomic
| expr && expr
| expr || expr
| expr -> expr
| ! expr
| GLOBALLY expr
| GLOBALLY _ INTERVAL expr
| EVENTUALLY expr
| EVENTUALLY _ INTERVAL expr
| X expr
| expr U expr
| expr U _ INTERVAL expr
| ( expr )
atomic : signal(NATURAL) == value
| signal(NATURAL) < value
| signal(NATURAL) > value
| signal(NATURAL) != value
| input(NATURAL) == value
| input(NATURAL) < value
| input(NATURAL) > value
| input(NATURAL) != value
| output(NATURAL) == value
| output(NATURAL) < value
| output(NATURAL) > value
| output(NATURAL) != value
value : -? NATURAL | -? FLOAT
GLOBALLY : '[]' | 'alw' | 'G'
EVENTUALLY : '<>' | 'ev' | 'F'
INTERVAL : [ NATURAL , NATURAL ]
The source code is partially commented on using the Javadoc syntax. The document is hosted on GitHub Pages.
If you want to generate the document locally under ./target/site/apidocs/ by mvn javadoc:aggregate.
After FalCAuN 1.0, FalCAuN is mainly intended to be used as a library called from a program written in some JVM language, such as Kotlin. The CLI interface is still available for backward compatibility, but it is not actively maintained.
To execute FalCAuN via the CLI interface, you can use the helper shell script falcaun in the root directory of the repository. The script is a wrapper of the CLI interface of FalCAuN. The script is written in POSIX sh and should work on most UNIX-like operating systems.
An example of usage is as follows. This takes at least a few minutes for MATLAB to start up and another few minutes to falsify all the STL formulas in ./example/AT_M4.stl. Please be patient!!
./falcaun --stl-file=./example/AT_M4.stl --output-mapper=./example/AT_M4.omap.tsv --input-mapper=./example/AT.imap.tsv --equiv=GA --step-time=1.0 --signal-length=30 --init='cd ./example; initAT' --max-test=50000 --param-names="throttle brake" --ga-crossover-prob=0.5 --ga-mutation-prob=0.01 --population-size=150 --ga-selection-kind=TournamentYou can also install this script as follows.
sudo install falcaun /usr/local/bin ./falcaun [OPTIONS] --stl=[STLFormula] --input-mapper=[InputMapperFile] --output-mapper=[OutputMapperFile] --equiv=[HC|random|WP|SA|GA]
-h, --help Print a help message.
-v, --verbose It outputs extra information, mainly for debugging.
-V, --version Print the version
-t timeout, --timeout timeout Set timeout [seconds]
-f file, --stl-file file Read a STL formula from file.
-e STLFormula, --stl STLFormula Specify STLFormula by signal temporal logic.
-I file, --input-mapper file Read the input mapper configuration from file.
-O file, --output-mapper file Read the output mapper configuration from file.
-S file, --signal-mapper file Read the signal mapper from file.
-E algorithm, --equiv algorithm Specify the equivalence testing algorithm. See below for the detail.
-o file, --output-dot file Write the learned Mealy machine to file in DOT format.
--output-etf file Write the learned Mealy machine to file in ETF format.
-s step-time, --step-time step-time Specify the step time of the sampling.
-l length, --signal-length length Specify the length of the sampled signals.
-i script, --init script The initial script of MATLAB
-p param1 param2 ... paramN, --param-names param1 param2 ... paramN The parameter names of the Simulink
model
-M test-size, --max-test test-size The maximum test size
--disable-adaptive-stl Disable the adaptive STL updater in [Shijubo+, RV'21]
When you use GA, SA, or WP for the equivalence testing, you have to specify the following options in addition.
--population-size size The size of the population
--ga-crossover-prob prob The crossover probability (should be between 0 and 1)
--ga-mutation-prob prob The mutation probability (should be between 0 and 1)
--ga-selection-kind [bestsolution|tournament] The selection in the genetic algorithm. Either best solution selection or binary tournament.
--sa-alpha alpha The alpha parameter for simulated annealing (should be between 0 and 1)
--wp-max-depth depth The maximum depth in the Wp-method
Both input and output mappers are specified by TSV files.
Input mapper specifies the possible input values of each signal (e.g., break and throttle). Each signal can take different number of inputs i.e., N0 and N1 can be different.
<value 1 of signal(0)> <value 2 of signal(0)> ... <value N0 of signal(0)>
<value 1 of signal(1)> <value 2 of signal(1)> ... <value N1 of signal(1)>
...
For example, the following shows that:
- the domain of
signal(0)is 10 and 40; and - the domain of
signal(1)is 0, 50, and 100.
10 40
0 50 100
Output mapper specifies how we map the real-valued signal to an atomic proposition. Precisely, we split the vector space R^n by grids. Each grid is one atomic proposition. Since the maximum upper bound is the positive infinity, the last cell for each signal must be inf.
<upper bound of signal(0) for AP0-1> <upper bound of signal(0) for AP0-2> ... <upper bound of signal(0) for AP0-N0>
<upper bound of signal(0) for AP1-1> <upper bound of signal(1) for AP1-2> ... <upper bound of signal(1) for AP1-N1>
...
For example, the following output mapper stands for as follows.
- For
signal(0):AP0-1holds ifsignal(0)<= 10;AP0-2holds if 10 <signal(0)<= 40; andAP0-3holds if 40 <signal(0).
- For
signal(1):AP1-1holds ifsignal(1)<= 0;AP1-2holds if 0 <signal(1)<= 50;AP1-3holds if 50 <signal(1)<= 100; andAP1-4holds if 100 <signal(1).
- For
signal(2),AP2-1always holds.
10 40 inf
0 50 100 inf
inf
- Masaki Waga: 2019--
- Junya Shijubo: 2021--2022
- FalCAuN says ``infinite robustness''. What should I do?
- It can be because the generated signal is too short for the temporal formula. Please make "--signal-length" as long as the time window of the STL formulas.
- [Shijubo+, RV'21] Efficient Black-Box Checking via Model Checking with Strengthened Specifications. Junya Shijubo, Masaki Waga, and Kohei Suenaga
- [Waga, HSCC'20] Falsification of cyber-physical systems with robustness-guided black-box checking. Masaki Waga