Task Suspension in Agent Systems

We discuss the similarity of a recent approach to task suspension in agent programming languages with an earlier approach to formalising preemption using a class of Petri nets, called M-nets. We argue that the theory of agent programming would benefit from adopting certain features of the Petri-net approach, and thus making further results for Petri nets applicable in the agent domain

Petri Nets with Discrete Phase Type Timing: A Bridge Between Stochastic and Functional Analysis

Abstract The addition of timing specification in Petri Nets (PN) has followed two main lines: intervals for functional analysis or stochastic durations for performance and dependability analysis. The present paper proposes a novel technique to analyze time or stochastic PN models based on discretization. This technique can be seen as a bridge between the world of functional analysis and the world of stochastic analysis. The proposed discretization technique is based on the definition of a new construct called Discrete Phase Type Timing - DPT that can represent a discrete cumulative density function (cdf) over a finite support (or a deterministic cdf) as well as an interval with non-deterministic choice (or a deterministic duration). In both views, a preemption policy can be assigned and a strong (the transition must fire when the interval expires) or a weak (the transition can fire when the interval expires) firing semantics. The paper introduces the DPT construct and shows how the expanded state space can be built up resorting to a compositional approach based on Kronecker algebra. With this technique a functional model can be quantified by adding probability measures over the firing intervals without modifying the (compositional) structure of the PN model

Formal and efficient verification techniques for Real-Time UML models

The real-time UML profile TURTLE has a formal semantics expressed by translation into a timed process algebra: RT-LOTOS. RTL, the formal verification tool developed for RT-LOTOS, was first used to check TURTLE models against design errors. This paper opens new avenues for TURTLE model verification. It shows how recent work on translating RT-LOTOS specifications into Time Petri net model may be applied to TURTLE. RT-LOTOS to TPN translation patterns are presented. Their formal proof is the subject of another paper. These patterns have been implemented in a RT-LOTOS to TPN translator which has been interfaced with TINA, a Time Petri Net Analyzer which implements several reachability analysis procedures depending on the class of property to be verified. The paper illustrates the benefits of the TURTLE->RT-LOTOS->TPN transformation chain on an avionic case study

Dependability checking with StoCharts: Is train radio reliable enough for trains?

Performance, dependability and quality of service (QoS) are prime aspects of the UML modelling domain. To capture these aspects effectively in the design phase, we have recently proposed STOCHARTS, a conservative extension of UML statechart diagrams. In this paper, we apply the STOCHART formalism to a safety critical design problem. We model a part of the European Train Control System specification, focusing on the risks of wireless communication failures in future high-speed cross-European trains. Stochastic model checking with the model checker PROVER enables us to derive constraints under which the central quality requirements are satisfied by the STOCHART model. The paper illustrates the flexibility and maturity of STOCHARTS to model real problems in safety critical system design

A Resource-Based Prioritized Bisimulation for Real-Time Systems

The behavior of concurrent, real-time systems can be specified using a process algebra called CCSR. The underlying computation model of CCSR is resource-based, in which multiple resources execute synchronously, while processes assigned to the same resource are interleaved according to their priorities. CCSR allows the algebraic specification of timeouts, interrupts, periodic behaviors and exceptions. This paper develops a natural treatment of preemption, which is based not only on priority, but also on resource utilization and inter-resource synchronization. The preemption ordering leads to a term equivalence based on strong bisimulation, which is also a congruence with respect to the operators. Consequently the equivalence yields a compositional proof system, which is illustrated in the verification of resource-sharing, producer-consumer problem

Monotony in Service Orchestrations

Web Service orchestrations are compositions of different Web Services to form a new service. The services called during the orchestration guarantee a given performance to the orchestrater, usually in the form of contracts. These contracts can be used by the orchestrater to deduce the contract it can offer to its own clients, by performing contract composition. An implicit assumption in contract based QoS management is: "the better the component services perform, the better the orchestration's performance will be". Thus, contract based QoS management for Web services orchestrations implicitly assumes monotony. In some orchestrations, however, monotony can be violated, i.e., the performance of the orchestration improves when the performance of a component service degrades. This is highly undesirable since it can render the process of contract composition inconsistent. In this paper we define monotony for orchestrations modelled by Colored Occurrence Nets (CO-nets) and we characterize the classes of monotonic orchestrations. We show that few orchestrations are indeed monotonic, mostly since latency can be traded for quality of data. We also propose a sound refinement of monotony, called conditional monotony, which forbids this kind of cheating and show that conditional monotony is widely satisfied by orchestrations. This finding leads to reconsidering the way SLAs should be formulated

Unfolding of time Petri nets for quantitative time analysis

International audienceThe verification of properties on a Time Petri net is often based on the state class graph. For a highly concurrent system, the construction of a state graph often faces to the problem of combinatory explosion. This problem is due to the systematic interleaving of concurrent transitions. This paper proposes a new method of unfolding limiting as much as possible interleavings. This unfolding keeps a partial order execution and interleaving are hold on when their allow to put all conflicts in a total order. The method gives a way to generate a complete finite prefix unfolding based on the construction of the exhaustive set of scenarios on a safe time Petri net. Moreover, the method allows various quantitative time analyses based on the complete finite prefix unfolding and on a permanent time database

Process Algebraic Approach to the Schedulability Analysis and Workload Abstraction of Hierarchical Real-Time Systems

Real-time embedded systems have increased in complexity. As microprocessors become more powerful, the software complexity of real-time embedded systems has increased steadily. The requirements for increased functionality and adaptability make the development of real-time embedded software complex and error-prone. Component-based design has been widely accepted as a compositional approach to facilitate the design of complex systems. It provides a means for decomposing a complex system into simpler subsystems and composing the subsystems in a hierarchical manner. A system composed of real-time subsystems with hierarchy is called a hierarchical real-time system This paper describes a process algebraic approach to schedulability analysis of hierarchical real-time systems. To facilitate modeling and analyzing hierarchical real-time systems, we conservatively extend an existing process algebraic theory based on ACSR-VP (Algebra of Communicating Shared Resources with Value-Passing) for the schedulability of real-time systems. We explain a method to model a resource model in ACSR-VP which may be partitioned for a subsystem. We also introduce schedulability relation to define the schedulability of hierarchical real-time systems and show that satisfaction checking of the relation is reducible to deadlock checking in ACSR-VP and can be done automatically by the tool support of ERSA (Verification, Execution and Rewrite System for ACSR). With the schedulability relation, we present algorithms for abstracting real-time system workloads