Compositional Verification for Timed Systems Based on Automatic Invariant Generation

We propose a method for compositional verification to address the state space explosion problem inherent to model-checking timed systems with a large number of components. The main challenge is to obtain pertinent global timing constraints from the timings in the components alone. To this end, we make use of auxiliary clocks to automatically generate new invariants which capture the constraints induced by the synchronisations between components. The method has been implemented in the RTD-Finder tool and successfully experimented on several benchmarks

Efficient Groundness Analysis in Prolog

Boolean functions can be used to express the groundness of, and trace grounding dependencies between, program variables in (constraint) logic programs. In this paper, a variety of issues pertaining to the efficient Prolog implementation of groundness analysis are investigated, focusing on the domain of definite Boolean functions, Def. The systematic design of the representation of an abstract domain is discussed in relation to its impact on the algorithmic complexity of the domain operations; the most frequently called operations should be the most lightweight. This methodology is applied to Def, resulting in a new representation, together with new algorithms for its domain operations utilising previously unexploited properties of Def -- for instance, quadratic-time entailment checking. The iteration strategy driving the analysis is also discussed and a simple, but very effective, optimisation of induced magic is described. The analysis can be implemented straightforwardly in Prolog and the use of a non-ground representation results in an efficient, scalable tool which does not require widening to be invoked, even on the largest benchmarks. An extensive experimental evaluation is givenComment: 31 pages To appear in Theory and Practice of Logic Programmin

Techniques and Patterns for Safe and Efficient Real-Time Middleware

Over 90 percent of all microprocessors are now used for real-time and embedded applications. The behavior of these applications is often constrained by the physical world. It is therefore important to devise higher-level languages and middleware that meet conventional functional requirements, as well as dependably and productively enforce real-time constraints. Real-Time Java is emerging as a safe, real-time environment. In this thesis we use it as our experimentation platform; however, our findings are easily adapted to other similar platforms. This thesis provides the following contributions to the study of safe and efficient real-time middleware. First, it identifies potential bottlenecks and problem with respect to guaranteeing real-time performance in middleware. Second, it presents a series of techniques and patterns that allow the design and implementation of safe, predictable, and highly efficient real-time middleware. Third, it provides a set of architectural and design patterns that application developers can use when designing real-time systems. Finally, it provides a methodology for evaluating the merits and benefits of real-time middleware. Empirical results are presented using that methodology for the techniques presented in this thesis. The methodology helps compare the performance and predictability of general, real-time middleware platforms

Fiacre: an Intermediate Language for Model Verification in the Topcased Environment

International audienceFiacre was designed in the framework of the TOPCASED project dealing with model-driven engineering and gathering numerous partners, from both industry and academics. Therefore, Fiacre is designed both as the target language of model transformation engines from various models such as SDL, UML, AADL, and as the source language of compilers into the targeted verification toolboxes, namely CADP and Tina in the first step. In this paper, we present the Fiacre language. Then transformations from AADL to Fiacre are illustrated on a small example

Higher-Dimensional Timed Automata

We introduce a new formalism of higher-dimensional timed automata, based on van Glabbeek's higher-dimensional automata and Alur's timed automata. We prove that their reachability is PSPACE-complete and can be decided using zone-based algorithms. We also show how to use tensor products to combat state-space explosion and how to extend the setting to higher-dimensional hybrid automata

Automatic Generation of Schedulings for Improving the Test Coverage of Systems-on-a-Chip

International audienceSystemC is becoming a de-facto standard for the early simulation of Systems-on-a-chip (SoCs). It is a parallel language with a scheduler. Testing a SoC written in SystemC implies that we execute it, for some well chosen data. We are bound to use a particular deterministic implementation of the scheduler, whose specification is non-deterministic. Consequently, we may fail to discover bugs that would have appeared using another valid implementation of the scheduler. Current methods for testings SoCs concentrate on the generation of the inputs, and do not address this problem at all. We assume that the selection of relevant data is already done, and we generate several schedulings allowed by the scheduler specification. We use dynamic partial-order reduction techniques to avoid the generation of two schedulings that have the same effect on the system's behavior. Exploring alternative schedulings during testing is a way of guaranteeing that the SoC description, and in particular the embedded software, is scheduler-independent, hence more robust. The technique extends to the exploration of other non-fully specified aspects of SoC descriptions, like timing

Concept-based Analysis of Surface and Structural Misfits (CASSM) Tutorial notes

Concept-based Analysis of Surface and Structural Misfits (CASSM) in a novel approach to usability analysis that focuses attention on misfits between user and system concepts. We believe that as an approach it has several desirable qualities: o It focuses on concepts rather than tasks or procedures. Consequently, it complements the majority of existing approaches to usability evaluation. In particular, it analyses conceptual misfits between user and system. o By intentionally supporting ‘sketchy’ analysis, CASSM avoids the ‘death by detail’ that plagues many evaluation techniques. CASSM analyses do not have to be complete or consistent to be useful – though of course a thorough analysis is likely to have these properties. Also, CASSM analyses are often quite succinct, compared to (for example) a Cognitive Walkthrough (Wharton et al, 1994), Heuristic Evaluation (Nielsen, 1994) or GOMS analysis (John & Kieras, 1996). o As a notation, it provides a ‘bridge’ between the core ideas underpinning work on mental models and design issues, and may thus make prior work on mental models more readily accessible to design practice. [This should be regarded as a hypothesis that has not yet been tested.] o The CASSM notation provides a relatively formal definition of many of Green’s Cognitive Dimensions (see, for example, Green, 1989; Green & Petre, 1996; Blackwell & Green 2003). In this way, it further supports assessment of a system in terms of CDs. This is discussed in detail towards the end of this document. Although the name (CASSM: Concept-based Analysis of Surface and Structural Misfits) emphasises the importance of misfits, you should be aware that there are other kinds of user–system misfits that are outside the scope of CASSM; for example, inconsistencies in procedures for similar tasks would be picked up by other techniques but are not directly addressed within CASSM. CASSM focuses on conceptual structures