Formal Model Engineering for Embedded Systems Using Real-Time Maude

This paper motivates why Real-Time Maude should be well suited to provide a formal semantics and formal analysis capabilities to modeling languages for embedded systems. One can then use the code generation facilities of the tools for the modeling languages to automatically synthesize Real-Time Maude verification models from design models, enabling a formal model engineering process that combines the convenience of modeling using an informal but intuitive modeling language with formal verification. We give a brief overview six fairly different modeling formalisms for which Real-Time Maude has provided the formal semantics and (possibly) formal analysis. These models include behavioral subsets of the avionics modeling standard AADL, Ptolemy II discrete-event models, two EMF-based timed model transformation systems, and a modeling language for handset software.Comment: In Proceedings AMMSE 2011, arXiv:1106.596

Formalizing Cyber--Physical System Model Transformation via Abstract Interpretation

Model transformation tools assist system designers by reducing the labor--intensive task of creating and updating models of various aspects of systems, ensuring that modeling assumptions remain consistent across every model of a system, and identifying constraints on system design imposed by these modeling assumptions. We have proposed a model transformation approach based on abstract interpretation, a static program analysis technique. Abstract interpretation allows us to define transformations that are provably correct and specific. This work develops the foundations of this approach to model transformation. We define model transformation in terms of abstract interpretation and prove the soundness of our approach. Furthermore, we develop formalisms useful for encoding model properties. This work provides a methodology for relating models of different aspects of a system and for applying modeling techniques from one system domain, such as smart power grids, to other domains, such as water distribution networks.Comment: 8 pages, 4 figures; to appear in HASE 2019 proceeding

Design, Semantics and Implementation of the Ptolemy Programming Language: A Language with Quantified Typed Events

Implicit invocation (II) and aspect-oriented (AO) languages provide software designers with related but distinct mechanisms and strategies for decomposing programs into modules and composing modules into systems. II languages have explicitly announced events that run registered observer methods. AO languages have implicitly announced events that run method-like but more powerful advice. A limitation of II languages is their inability to refer to a large set of events succinctly. They also lack the expressive power of AO advice. Limitations of AO languages include potentially fragile dependence on syntactic structure that may hurt maintainability, and limits on the available set of implicit events and the reflective contextual information available. Quantified, typed events, as implemented in our language Ptolemy, solve all these problems. This paper describes Ptolemy and explores its advantages relative to both II and AO languages

Event type polymorphism

Subtype polymorphism is an important feature available in most modern type systems which makes code reuse and specialization possible. Recent works on separation of crosscutting concerns have created event interfaces (types) to decouple subjects from handlers. Extending the notion of subtyping to these event interfaces is a logical step. In this paper, we define event type polymorphism in the context of the Ptolemy language. Ptolemy allows declaring quantified, typed events which provide an interface between subjects and handlers. We add the notion of polymorphic event types to the Ptolemy language, defining a subtype relation among event types which in turn allows for both depth and width subtyping with regard to event context. Since Ptolemy only has explicit event announcement, our semantics is simpler and easier to reason about when compared to previously defined approaches. We also give the first formally defined static semantics for polymorphic events as well as demonstrate its usefulness via examples

Translucid contracts: Expressive specification and modular verification of aspect oriented interfaces

As aspect-oriented (AO) programming techniques become more widely used, their use in critical systems such as aircraft and telephone networks, will become more widespread. However, careful reasoning about AO code seems difficult because: (1) advice may apply in too many places, and (2) standard specification techniques do not limit the control effects of advice. Commonly used black box specification techniques cannot easily specify control effects, such as advice that does not proceed to the advised code. In this work we avoid the first problem by using Ptolemy, a language with explicit event announcement. To solve the second problem we give a simple and understandable specification technique, translucid contracts, that not only allows programmers to write modular specifications for advice and advised code, but also allows them to reason about the code\u27s control effects. We show that translucid contracts support sound modular verification of typical interaction patterns used in AO code. We also show that translucid contracts allow interesting control effects to be specified and enforced

Introducing Simulation and Model Animation in the MDE Topcased Toolkit

International audienceThe Topcased project aims at developing a modular and generic CASE environment for model driven development of safety critical systems. Model validation is a key feature in this project and model simulation is a major way for validation. The purpose of this paper is to present the current Topcased process for building model simulators and animators. After introducing the functional requirements for model simulation and animation, it is explained how simulation is currently being integrated in the Topcased environment, presenting the main components of a simulator: a model animator, a scenario builder and a simulation engine. The approach is illustrated by the presentation of the first simulation experiment conducted in the project: the UML 2 StateMachines case study

07451 Abstracts Collection -- Model-Based Engineering of Embedded Real-Time Systems

From 04.11. to 09.11.2007, the Dagstuhl Seminar 07451 ``Model-Based Engineering of Embedded Real-Time Systems\u27\u27 was held in the International Conference and Research Center (IBFI), Schloss Dagstuhl. During the seminar, several participants presented their current research, and ongoing work and open problems were discussed. Abstracts of the presentations given during the seminar as well as abstracts of seminar results and ideas are put together in this paper. The first section describes the seminar topics and goals in general. Links to extended abstracts or full papers are provided, if available