A formal framework for specification-based embedded real-time system engineering

Thesis (Ph. D.)--Massachusetts Institute of Technology, Dept. of Aeronautics and Astronautics, 2008.Includes bibliographical references (v. 2, p. 517-545).The increasing size and complexity of modern software-intensive systems present novel challenges when engineering high-integrity artifacts within aggressive budgetary constraints. Among these challenges, ensuring confidence in the engineered system, through validation and verification activities, represents the high cost item on many projects. The expensive nature of engineering high-integrity systems using traditional approaches can be partly attributed to the lack of analysis facilities during the early phases of the lifecycle, causing the validation and verification activities to begin too late in the engineering lifecycle. Other challenges include the management of complexity, opportunities for reuse without compromising confidence, and the ability to trace system features across lifecycle phases. The use of models as a specification mechanism provides an approach to mitigate complexity through abstraction. Furthermore, if the specification approach has formal underpinnings, the use of models can be leveraged to automate engineering activities such as formal analysis and test case generation. The research presented in this thesis proposes an engineering framework which addresses the high cost of validation and verification activities through specification-based system engineering. More specifically, the framework provides an integrated approach to embedded real-time system engineering which incorporates specification, simulation, formal verification, and test-case generation. The framework aggregates the state-of-the-art in individual software engineering disciplines to provide an end-to-end approach to embedded real-time system engineering. The key aspects of the framework include: * A novel specification language, the Timed Abstract State Machine (TASM) language, which extends the theory of Abstract State Machines (ASM).(cont.) The TASM language is a literate formal specification language which can be applied and multiple levels of abstraction and which can express the three key aspects of embedded real-time systems - function, time, and resources. * Automated verification capabilities achieved through the integration of mature analysis engines, namely the UPPAAL tool suite and the SAT4J SAT solver. The verification capabilities provided by the framework include completeness and consistency verification, model checking, execution time analysis, and resource consumption analysis. * Bi-directional traceability of model features across levels of abstraction and lifecycle phases. Traceability is achieved syntactically through archetypical refinement types; each refinement type provides correctness criteria, which, if met, guarantee semantic integrity through the refinement. * Automated test case generation capabilities for unit testing, integration testing, and regression testing. Unit test cases are generated to achieve TASM specification coverage through the rule coverage criterion. Integration test case generation is achieved through the hierarchical composition of unit test cases. Regression test case generation is achieved by leveraging the bi-directional traceability of model features. The framework is implemented into an integrated tool suite, the TASM toolset, which incorporates the UPPAAL tool suite and the SAT4J SAT solver. The toolset and framework are evaluated through experimentation on three industrial case studies - an automated manufacturing system, a "drive-by-wire" system used at a major automotive manufacturer, and a scripting environment used on the International Space Station.by Martin Ouimet.Ph.D

Development and Validation of Nonlinear Models for Helicopter Dynamics

The need for validated nonlinear helicopter models and methods to validate these models directly is identified. Published validation methods for validating nonlinear dynamic models are reviewed and the need for an integrated approach is established. Sensitivity coefficient based validation techniques are investigated. Single value sensitivity coefficients are found to be useful for parameter and output variable selection. Examination of sensitivity coefficients time histories is found to be a useful addition to parametric validation methods. A model distortion technique is evaluated. The method is tested with simple systems and simulated data as well as a helicopter model and real ffight data. The method is discussed. Its application to helicopter dynamics is rejected because of noise problems. A nonlinear one degree of freedom yaw model for an Aerospatiale SA.330 PUMA helicopter is improved and validated using analogue matching and a parameter estimation method which uses a linear search. The importance of physical knowledge of the system being modelled is highlighted in the development of the model. A nonlinear mathematical model of a helicopter main rotor is validated in two specific areas. These are the lag damper and the engine/rotor speed model. The validation techniques used are maximum likelihood parameter estimation with sensitivity coefficient examination and analogue matching of time response data. The importance of good physical knowledge of the system being modelled is again indicated. The structure of the model in the identified areas is validated. The validation methods are brought together in a specification for an interactive inodel validation computer package. The benefits of an integrated approach are identified and the computer program is specified so as to take advantage of this. Through this package, the user will interact with the model, the available validation methods and the experimental data and will be able to develop and validate dynamic models easily and efficiently

Model-Based System Engineering Methodology for Implementing Networked Aircraft Control System on Integrated Modular Avionics - Environmental Control System Case Study

Integrated Modular Avionics (IMA) architecture host multiple federated avionics applications into a single platform and provides benefits in terms of Size, Weight and Power (SWaP), nonetheless brings a high level of complexity to aircraft control systems. The thesis presents Model-Based System Engineering a novel, structured development methodology to cope efficiently with increased complexity due to IMA. Using ARCADIA methodology and the open source Capella tool, the developed methodology is implemented for a complete design cycle: starting with capturing requirements from the aircraft level to streamlining the development, integration of avionics application in an ARINC 653 platform. The proposed methodology provides effective traceability and management of specification artifacts from aircraft to system to item-level adhering to SAE ARP4754A guideline. Further, the thesis presents the capability of the MBSE framework to effectively address a few technological variants through the proposed methodology. To illustrate the efficiency of the methodology and MBSE approach an Environmental Control System (ECS) case study is presented. The case study focuses on implementing ECS in an IMA architecture using MBSE framework and proposed methodology. However, the derived methodology is also applicable to other systems. Further, the case study also presents a demonstration of integrating Cabin Pressure Control Sub-system (CPCS) into a real-time IMA platform for validation of MBSE approach. In addition, the thesis provides important insights in challenges and advantages of the MBSE process in contrast to the traditional paper-based specification process

A requirements engineering framework for integrated systems development for the construction industry

Computer Integrated Construction (CIC) systems are computer environments through which collaborative working can be undertaken. Although many CIC systems have been developed to demonstrate the communication and collaboration within the construction projects, the uptake of CICs by the industry is still inadequate. This is mainly due to the fact that research methodologies of the CIC development projects are incomplete to bridge the technology transfer gap. Therefore, defining comprehensive methodologies for the development of these systems and their effective implementation on real construction projects is vital. Requirements Engineering (RE) can contribute to the effective uptake of these systems because it drives the systems development for the targeted audience. This paper proposes a requirements engineering approach for industry driven CIC systems development. While some CIC systems are investigated to build a broad and deep contextual knowledge in the area, the EU funded research project, DIVERCITY (Distributed Virtual Workspace for Enhancing Communication within the Construction Industry), is analysed as the main case study project because its requirements engineering approach has the potential to determine a framework for the adaptation of requirements engineering in order to contribute towards the uptake of CIC systems

ERIGrid Holistic Test Description for Validating Cyber-Physical Energy Systems

Smart energy solutions aim to modify and optimise the operation of existing energy infrastructure. Such cyber-physical technology must be mature before deployment to the actual infrastructure, and competitive solutions will have to be compliant to standards still under development. Achieving this technology readiness and harmonisation requires reproducible experiments and appropriately realistic testing environments. Such testbeds for multi-domain cyber-physical experiments are complex in and of themselves. This work addresses a method for the scoping and design of experiments where both testbed and solution each require detailed expertise. This empirical work first revisited present test description approaches, developed a newdescription method for cyber-physical energy systems testing, and matured it by means of user involvement. The new Holistic Test Description (HTD) method facilitates the conception, deconstruction and reproduction of complex experimental designs in the domains of cyber-physical energy systems. This work develops the background and motivation, offers a guideline and examples to the proposed approach, and summarises experience from three years of its application.This work received funding in the European Community’s Horizon 2020 Program (H2020/2014–2020) under project “ERIGrid” (Grant Agreement No. 654113)

Towards a foundation for holistic power system validation and testing

Renewable energy sources and further electrificationof energy consumption are key enablers for decreasing green-house gas emissions, but also introduce increased complexitywithin the electric power system. The increased availability ofautomation, information and communication technology, andintelligent solutions for system operation have transformed thepower system into a smart grid. In order to support thedevelopment process of smart grid solutions on the system level,testing has to be done in a holistic manner, covering the multi-domain aspect of such complex systems. This paper introducesthe concept of holistic power system testing and discuss first stepstowards a corresponding methodology that is being developed inthe European ERIGrid research infrastructure project.Comment: 2016 IEEE 21st International Conference on Emerging Technologies and Factory Automation (ETFA

Analog Property Checkers: A Ddr2 Case Study

The formal specification component of verification can be exported to simulation through the idea of property checkers. The essence of this approach is the automatic construction of an observer from the specification in the form of a program that can be interfaced with a simulator and alert the user if the property is violated by a simulation trace. Although not complete, this lighter approach to formal verification has been effectively used in software and digital hardware to detect errors. Recently, the idea of property checkers has been extended to analog and mixed-signal systems. In this paper, we apply the property-based checking methodology to an industrial and realistic example of a DDR2 memory interface. The properties describing the DDR2 analog behavior are expressed in the formal specification language stl/psl in form of assertions. The simulation traces generated from an actual DDR2 interface design are checked with respect to the stl/psl assertions using the amt tool. The focus of this paper is on the translation of the official (informal and descriptive) specification of two non-trivial DDR2 properties into stl/psl assertions. We study both the benefits and the current limits of such approach

A formal verification framework and associated tools for enterprise modeling : application to UEML

The aim of this paper is to propose and apply a verification and validation approach to Enterprise Modeling that enables the user to improve the relevance and correctness, the suitability and coherence of a model by using properties specification and formal proof of properties