Formal Model Engineering for Embedded Systems Using Real-Time Maude

This paper motivates why Real-Time Maude should be well suited to provide a formal semantics and formal analysis capabilities to modeling languages for embedded systems. One can then use the code generation facilities of the tools for the modeling languages to automatically synthesize Real-Time Maude verification models from design models, enabling a formal model engineering process that combines the convenience of modeling using an informal but intuitive modeling language with formal verification. We give a brief overview six fairly different modeling formalisms for which Real-Time Maude has provided the formal semantics and (possibly) formal analysis. These models include behavioral subsets of the avionics modeling standard AADL, Ptolemy II discrete-event models, two EMF-based timed model transformation systems, and a modeling language for handset software.Comment: In Proceedings AMMSE 2011, arXiv:1106.596

Formal Verification of AADL Models Using UPPAAL

VII Brazilian Symposium on Computing Systems Engineering (SBESC 2017), Session 10: Development and Tools - B, .Cyber-Physical Systems (CPS) are known to be highly complex systems which can be applied to a variety of different environments, covering both civil and military application domains. As CPS are typically complex systems, its design process requires strong guarantees that the specified functional and non-functional properties are satisfied on the designed application. Model-Driven Engineering (MDE) and high-level specification languages are a valuable asset to help the design and evaluation of such complex systems. However, when looking at the existing MDE tool-support, it is observed that there is still little support for the automated integration of formal verification techniques in these tools. Given that formal verification is necessary to ensure the levels of reliability required by safety critical CPS, this paper presents an approach that aims to integrate the Model Checking technique in the CPS design process for the purpose of correctly analyzing temporal and safety characteristics. A tool named ECPS Verifier was designed to support the model checking integration into the design process, providing the generation of timed automata models from high-levels specifications in AADL. The proposed method is illustrated by means of the design of an Unmanned Aerial Vehicle, from where we derive the timed automata models to be analyzed in the UPPAAL tool.info:eu-repo/semantics/publishedVersio

Quantitative Performance Evaluation of Uncertainty-Aware Hybrid AADL Designs Using Statistical Model Checking

International audience— Architecture Analysis and Design Language (AADL) is widely used for the architecture design and analysis of safety-critical real-time systems. Based on the Hybrid annex which supports continuous behavior modeling, Hybrid AADL enables seamless interactions between embedded control systems and continuous physical environments. Although Hybrid AADL is promising in dependability prediction through analyzable architecture development, the worst-case performance analysis of Hybrid AADL designs can easily lead to an overly pessimistic estimation. So far, Hybrid AADL cannot be used to accurately quantify and reason the overall performance of complex systems which interact with external uncertain environments intensively. To address this problem, this paper proposes a statistical model checking based framework that can perform quantitative evaluation of uncertainty-aware Hybrid AADL designs against various performance queries. Our approach extends Hybrid AADL to support the modeling of environment uncertainties. Furthermore, we propose a set of transformation rules that can automatically translate AADL designs together with designers' requirements into Networks of Priced Timed Automata (NPTA) and performance queries, respectively. Comprehensive experimental results on the Movement Authority (MA) scenario of Chinese Train Control System Level 3 (CTCS-3) demonstrate the effectiveness of our approach

Foundations of Multi-Paradigm Modelling for Cyber-Physical Systems

This open access book coherently gathers well-founded information on the fundamentals of and formalisms for modelling cyber-physical systems (CPS). Highlighting the cross-disciplinary nature of CPS modelling, it also serves as a bridge for anyone entering CPS from related areas of computer science or engineering. Truly complex, engineered systems—known as cyber-physical systems—that integrate physical, software, and network aspects are now on the rise. However, there is no unifying theory nor systematic design methods, techniques or tools for these systems. Individual (mechanical, electrical, network or software) engineering disciplines only offer partial solutions. A technique known as Multi-Paradigm Modelling has recently emerged suggesting to model every part and aspect of a system explicitly, at the most appropriate level(s) of abstraction, using the most appropriate modelling formalism(s), and then weaving the results together to form a representation of the system. If properly applied, it enables, among other global aspects, performance analysis, exhaustive simulation, and verification. This book is the first systematic attempt to bring together these formalisms for anyone starting in the field of CPS who seeks solid modelling foundations and a comprehensive introduction to the distinct existing techniques that are multi-paradigmatic. Though chiefly intended for master and post-graduate level students in computer science and engineering, it can also be used as a reference text for practitioners

Methodology for automated Petri Net model generation to support Reliability Modelling

As the complexity of engineering systems and processes increases, determining their optimal performance also becomes increasingly complex. There are various reliability methods available to model performance but generating the models can become a significant task that is cumbersome, error-prone and tedious. Hence, over the years, work has been undertaken into automatically generating reliability models in order to detect the most critical components and design errors at an early stage, supporting alternative designs. Earlier work lacks full automation resulting in semi-automated methods since they require user intervention to import system information to the algorithm, focus on specific domains and cannot accurately model systems or processes with control loops and dynamic features. This thesis develops a novel method that can generate reliability models for complex systems and processes, based on Petri Net models. The process has been fully automated with software developed that extracts the information required for the model from a topology diagram that describes the system or process considered and generates the corresponding mathematical and graphical representations of the Petri Net model. Such topology diagrams are used in industrial sectors, ranging from aerospace and automotive engineering to finance, defence, government, entertainment and telecommunications. Complex real-life scenarios are studied to demonstrate the application of the proposed method, followed by the verification, validation and simulation of the developed Petri Net models. Thus, the proposed method is seen to be a powerful tool to automatically obtain the PN modelling formalism from a topology diagram, commonly used in industry, by: - Handling and efficiently modelling systems and processes with a large number of components and activities respectively, dependent events and control loops. - Providing generic domain applicability. - Providing software independence by generating models readily understandable by the user without requiring further manipulation by any industrial software. Finally, the method documented in this thesis enables engineers to conduct reliability and performance analysis in a timely manner that ensures the results feed into the design process

Model Checking Classes of Metric LTL Properties of Object-Oriented Real-Time Maude Specifications

This paper presents a transformational approach for model checking two important classes of metric temporal logic (MTL) properties, namely, bounded response and minimum separation, for nonhierarchical object-oriented Real-Time Maude specifications. We prove the correctness of our model checking algorithms, which terminate under reasonable non-Zeno-ness assumptions when the reachable state space is finite. These new model checking features have been integrated into Real-Time Maude, and are used to analyze a network of medical devices and a 4-way traffic intersection system.Comment: In Proceedings RTRTS 2010, arXiv:1009.398

A tutorial on interactive Markov chains

Interactive Markov chains (IMCs) constitute a powerful sto- chastic model that extends both continuous-time Markov chains and labelled transition systems. IMCs enable a wide range of modelling and analysis techniques and serve as a semantic model for many industrial and scientific formalisms, such as AADL, GSPNs and many more. Applications cover various engineering contexts ranging from industrial system-on-chip manufacturing to satellite designs. We present a survey of the state-of-the-art in modelling and analysis of IMCs.\ud We cover a set of techniques that can be utilised for compositional modelling, state space generation and reduction, and model checking. The significance of the presented material and corresponding tools is highlighted through multiple case studies

Evaluation of Verification Approaches Applied to a Nonlinear Control System

As the demand for increasingly complex and autonomous systems grows, designers may consider computational and artificial intelligence methods for more advanced, re- active control. While the performance gained by such increasingly intelligent systems may be superior to traditional control techniques, the lack of transparency in the systems and opportunity for emergent behavior limits their application in the field. New verification and validation methods must be developed to ensure the output of such controllers do not put the system or any people interacting with it in danger. This challenge was highlighted by the former Air Force Chief Scientist in his 2010 Technology Horizons Report, stating \It is possible to develop systems having high levels of autonomy, but it is the lack of suitable [verification and validation] (V&V) methods that prevents all but relatively low levels of autonomy from being certified for use

Dependability modeling and evaluation – From AADL to stochastic Petri nets

Conduire des analyses de sûreté de fonctionnement conjointement avec d'autres analyses au niveau architectural permet à la fois de prédire les effets des décisions architecturales sur la sûreté de fonctionnement du système et de faire des compromis. Par conséquent, les industriels et les universitaires se concentrent sur la définition d'approches d'ingénierie guidées par des modèles (MDE) et sur l'intégration de diverses analyses dans le processus de développement. AADL (Architecture Analysis and Design Language) a prouvé son aptitude pour la modélisation d'architectures et ce langage est actuellement jugé efficace par les industriels dans de telles approches. Notre contribution est un cadre de modélisation permettant la génération de modèles analytiques de sûreté de fonctionnement à partir de modèles AADL dans l‘objectif de faciliter l'évaluation de mesures de sûreté de fonctionnement comme la fiabilité et la disponibilité. Nous proposons une approche itérative de modélisation. Dans ce contexte, nous fournissons un ensemble de sous-modèles génériques réutilisables pour des architectures tolérantes aux fautes. Le modèle AADL de sûreté de fonctionnement est transformé en un RdPSG (Réseau de Petri Stochastique Généralisé) en appliquant des règles de transformation de modèle. Nous avons implémenté un outil de transformation automatique. Le RdPSG résultant peut être traité par des outils existants pour obtenir des mesures de sûreté de fonctionnement. L'approche est illustrée sur un ensemble du Système Informatique Français de Contrôle de Trafic Aérien. ABSTRACT : Performing dependability evaluation along with other analyses at architectural level allows both predicting the effects of architectural decisions on the dependability of a system and making tradeoffs. Thus, both industry and academia focus on defining model driven engineering (MDE) approaches and on integrating several analyses in the development process. AADL (Architecture Analysis and Design Language) has proved to be efficient for architectural modeling and is considered by industry in the context presented above. Our contribution is a modeling framework allowing the generation of dependability-oriented analytical models from AADL models, to facilitate the evaluation of dependability measures, such as reliability or availability. We propose an iterative approach for system dependability modeling using AADL. In this context, we also provide a set of reusable modeling patterns for fault tolerant architectures. The AADL dependability model is transformed into a GSPN (Generalized Stochastic Petri Net) by applying model transformation rules. We have implemented an automatic model transformation tool. The resulting GSPN can be processed by existing tools to obtain dependability measures. The modeling approach is illustrated on a subsystem of the French Air trafic Control System