Proving Properties of Real-Time Distributed Systems: A Comparison of Three Approaches

Three formal methods for specifying properties of real-time systems are reviewed and used in a common example. Two of them offer a graphical representation and the third is an algebraic language. The example is that of an automatic railroad system with sensors to detect the train position and controls for the gate mechanism. Associated with each formalism is a proof methodology which is described and used to prove a safety property about the example. A comparison is made between the three formalisms according to various criteria including the expressiveness, readability, maintainability of the language, support for real-time concepts, method for expressing properties and proof mechanisms

Timing properties in real-time systems

This dissertation proposes a formalism for the specification and verification of timing properties of real-time systems. Reasoning about properties of a real-time system requires one to consider both relative and absolute timing of events. Relative timing concerns the order in which events occur, such as mutual exclusion and precedence constraint properties. Absolute timing concerns the stringent timing restrictions imposed on a system, such as a response time deadline or a minimum elapsed time between occurrences of two events. The approach is based on Real Time Logic (RTL), a logic invented primarily for the specification of both relative and absolute timing of events. The notion of an event occurrence is central to RTL; an event occurrence marks a point in time which is of significance to the behavior of a system. Hence, concurrency is modeled as a partial ordering of the event occurrences in the system. A system specification and a property to be verified can be expressed as arithmetical relations on algebraic expressions involving the event occurrences. To verify the property with respect to the system specification, we prove that the property is a theorem derivable from the specification. Relationship of RTL to Presburger Arithmetic is discussed and a verification technique based on inequality provers is explored. The dissertation also introduces a specification language, Modechart, for real-time systems. The semantics of Modechart is described in terms of RTL formulas. In Modechart, we make use of the concept of modes which can be thought of as partitioning the state space of a system. Intuitively, modes can be viewed as control information that impose structure on the operation of a system. Modes are arranged hierarchically. Furthermore, modes at the same level of hierarchy can be related in one of two ways: in series or in parallel. A transition can be specified between two modes in series, but no transition is allowed between modes in parallel. The language allows sporadic/periodic actions in modes as well as constructs for specifying timing constraints such as delays and deadlines on mode transitions. Verification procedures are introduced for showing a Modechart specification satisfies a property expressed as an RTL formula.Computer Science

Integrating model checking with HiP-HOPS in model-based safety analysis

The ability to perform an effective and robust safety analysis on the design of modern safety–critical systems is crucial. Model-based safety analysis (MBSA) has been introduced in recent years to support the assessment of complex system design by focusing on the system model as the central artefact, and by automating the synthesis and analysis of failure-extended models. Model checking and failure logic synthesis and analysis (FLSA) are two prominent MBSA paradigms. Extensive research has placed emphasis on the development of these techniques, but discussion on their integration remains limited. In this paper, we propose a technique in which model checking and Hierarchically Performed Hazard Origin and Propagation Studies (HiP-HOPS) – an advanced FLSA technique – can be applied synergistically with benefit for the MBSA process. The application of the technique is illustrated through an example of a brake-by-wire system

An Efficient State Space Generation for the Analysis of Real-Time Systems

State explosion is a well-known problem that impedes analysis and testing based on state-space exploration. This problem is particularly serious in real-time systems because unbounded time values cause the state space to be infinite even for simple systems. In this paper, we present an algorithm that produces a compact representation of the reachable state space of a real-time system. The algorithm yields a small state space, but still retains enough information for analysis. To avoid the state explosion which can be caused by simply adding time values to states, our algorithm uses history equivalence and transition bisimulation to collapse states into equivalent classes. Through history equivalence, states are merged into an equivalence class with the same untimed executions up to the states. Using transition bisimulation, the states that have the same future behaviors are further collapsed. The resultant state space is finite and can be used to analyze real-time properties. To show the effectiveness of our algorithm, we have implemented the algorithm and have analyzed several example applications

An Approach to Verification and Validation of a Reliable Multicasting Protocol

This paper describes the process of implementing a complex communications protocol that provides reliable delivery of data in multicast-capable, packet-switching telecommunication networks. The protocol, called the Reliable Multicasting Protocol (RMP), was developed incrementally using a combination of formal and informal techniques in an attempt to ensure the correctness of its implementation. Our development process involved three concurrent activities: (1) the initial construction and incremental enhancement of a formal state model of the protocol machine; (2) the initial coding and incremental enhancement of the implementation; and (3) model-based testing of iterative implementations of the protocol. These activities were carried out by two separate teams: a design team and a V&V team. The design team built the first version of RMP with limited functionality to handle only nominal requirements of data delivery. In a series of iterative steps, the design team added new functionality to the implementation while the V&V team kept the state model in fidelity with the implementation. This was done by generating test cases based on suspected errant or offnominal behaviors predicted by the current model. If the execution of a test was different between the model and implementation, then the differences helped identify inconsistencies between the model and implementation. The dialogue between both teams drove the co-evolution of the model and implementation. Testing served as the vehicle for keeping the model and implementation in fidelity with each other. This paper describes (1) our experiences in developing our process model; and (2) three example problems found during the development of RMP

Real-time and Probabilistic Temporal Logics: An Overview

Over the last two decades, there has been an extensive study on logical formalisms for specifying and verifying real-time systems. Temporal logics have been an important research subject within this direction. Although numerous logics have been introduced for the formal specification of real-time and complex systems, an up to date comprehensive analysis of these logics does not exist in the literature. In this paper we analyse real-time and probabilistic temporal logics which have been widely used in this field. We extrapolate the notions of decidability, axiomatizability, expressiveness, model checking, etc. for each logic analysed. We also provide a comparison of features of the temporal logics discussed

Early timing analysis based on scenario requirements and platform models

Distributed, software-intensive systems (e.g., in the automotive sector) must fulfill communication requirements under hard real-time constraints. The requirements have to be documented and validated carefully using a systematic requirements engineering (RE) approach, for example, by applying scenario-based requirements notations. The resources of the execution platforms and their properties (e.g., CPU frequency or bus throughput) induce effects on the timing behavior, which may lead to violations of the real-time requirements. Nowadays, the platform properties and their induced timing effects are verified against the real-time requirements by means of timing analysis techniques mostly implemented in commercial-off-the-shelf tools. However, such timing analyses are conducted in late development phases since they rely on artifacts produced during these phases (e.g., the platform-specific code). In order to enable early timing analyses already during RE, we extend a scenario-based requirements notation with allocation means to platform models and define operational semantics for the purpose of simulation-based, platform-aware timing analyses. We illustrate and evaluate the approach with an automotive software-intensive system