9 research outputs found
PALS-Based Analysis of an Airplane Multirate Control System in Real-Time Maude
Distributed cyber-physical systems (DCPS) are pervasive in areas such as
aeronautics and ground transportation systems, including the case of
distributed hybrid systems. DCPS design and verification is quite challenging
because of asynchronous communication, network delays, and clock skews.
Furthermore, their model checking verification typically becomes unfeasible due
to the huge state space explosion caused by the system's concurrency. The PALS
("physically asynchronous, logically synchronous") methodology has been
proposed to reduce the design and verification of a DCPS to the much simpler
task of designing and verifying its underlying synchronous version. The
original PALS methodology assumes a single logical period, but Multirate PALS
extends it to deal with multirate DCPS in which components may operate with
different logical periods. This paper shows how Multirate PALS can be applied
to formally verify a nontrivial multirate DCPS. We use Real-Time Maude to
formally specify a multirate distributed hybrid system consisting of an
airplane maneuvered by a pilot who turns the airplane according to a specified
angle through a distributed control system. Our formal analysis revealed that
the original design was ineffective in achieving a smooth turning maneuver, and
led to a redesign of the system that satisfies the desired correctness
properties. This shows that the Multirate PALS methodology is not only
effective for formal DCPS verification, but can also be used effectively in the
DCPS design process, even before properties are verified.Comment: In Proceedings FTSCS 2012, arXiv:1212.657
An ocarina extension for AADL formal semantics generation
International audienceThe formal veri cation has become a recommended practice in safety-critical software engineering. The hand-written of the for- mal speci cation requires a formal expertise and may become com- plex especially with large systems. In such context, the automatic generation of the formal speci cation seems helpful and reward- ing, particularly for reused and generic mapping such as hardware representations and real-time features. In this paper, we aim to formally verify real-time systems designed by AADL language. We propose an extension AADL2LNT of the Ocarina tool suite allowing the automatic generation of an LNT speci cation to draw a gateway for the CADP formal analysis toolbox. This work is illustrated with the Pacemaker case study
A formal approach to AADL model-based software engineering
Formal methods have become a recommended practice in safety-critical software engineering. To be formally verified, a system should be specified with a specific formalism such as Petri nets, automata and process algebras, which requires a formal expertise and may become complex especially with large systems. In this paper, we report our experience in the formal verification of safety-critical real-time systems. We propose a formal mapping for a real-time task model using the LNT language, and we describe how it is used for the integration of a formal verification phase in an AADL model-based development process. We focus on real-time systems with event-driven tasks, asynchronous communication and preemptive fixed-priority scheduling. We provide a complete tool-chain for the automatic model transformation and formal verification of AADL models. Experimentation illustrates our results with the Flight control system and Line follower robot case studies
Formal Guaranties for Safety Critical Code Generation: the Case of Highly Variable Languages
Les fonctions de commande et de contrĂŽle sont parmi les plus importantes des systĂšmes embarquĂ©s critiques utilisĂ©s dans des activitĂ©s telles les transports, la santĂ© ou la gestion de lâĂ©nergie. Leur impact potentiel sur la sĂ»retĂ© de fonctionnement fait de la vĂ©rification de leur correction lâun des points les plus critiques de leur dĂ©veloppement. Cette vĂ©rification est usuellement effectuĂ©e en accord avec les normes de certification dĂ©crivant un ensemble dâobjectifs Ă atteindre afin dâassurer un haut niveau de qualitĂ© du systĂšme et donc de prĂ©venir lâapparition de dĂ©fauts. Cette vĂ©rification du logiciel est traditionnellement basĂ©e sur de nombreux tests et des activitiĂ©s de relectures de code, toutefois les versions les plus rĂ©centes des standards de certification permettent lâutilisation de nouvelles approches de dĂ©veloppement telles que lâingĂ©nierie dirigĂ©e par les modĂšles et les mĂ©thodes formelles ainsi que lâutilisation dâoutil pour assister les processus de dĂ©veloppement. Les outils de gĂ©nĂ©ration automatique de code sont exploitĂ©s dans la plupart des processus de dĂ©veloppement de systĂšmes embarquĂ©s critiques afin dâĂ©viter des erreurs de programmation liĂ©es Ă lâhumain et pour assurer le respect des rĂšgles de production de code. Ces outils ayant pour vocation de remplacer les humains pour la production de code, des erreurs dans leur conception peuvent causer lâapparition dâerreurs dans le code gĂ©nĂ©rĂ©. Il est donc nĂ©cessaire de vĂ©rifier que le niveau de qualitĂ© de lâoutil est le mĂȘme que celui du code produit en sâassurant que les objectifs spĂ©cifiĂ©es dans les normes de qualification sont couverts. Nos travaux visent Ă exploiter lâingĂ©nierie dirigĂ©e par les modĂšles et les mĂ©thodes formelles pour dĂ©velopper ces outils et ainsi atteindre un niveau de qualitĂ© plus Ă©levĂ© que les approches traditionnelles. Les fonctions critiques de commande et de contrĂŽle sont en grande partie conçues Ă lâaide de langages graphiques Ă flot de donnĂ©es. Ces langages sont utilisĂ©s pour modĂ©liser des systĂšmes complexes Ă lâaide de blocs Ă©lĂ©mentaires groupĂ©s dans des librairies de blocs. Un bloc peut ĂȘtre un objet logiciel sophistiquĂ© exposant une haute variabilitĂ© tant structurelle que sĂ©mantique. Cette variabilitĂ© est Ă la fois liĂ©e aux valeurs des paramĂštres du bloc ainsi quâĂ son contexte dâutilisation. Dans notre travail, nous concentrons notre attention en premier lieu sur la spĂ©cification formelle de ces blocs ainsi que sur la vĂ©rification de ces spĂ©cifications. Nous avons Ă©valuĂ© plusieurs approches et techniques dans le but dâassurer une spĂ©cification formelle, structurellement cohĂ©rente, vĂ©rifiable et rĂ©utilisable des blocs. Nous avons finalement conçu un langage basĂ© sur lâingĂ©nierie dirigĂ©es par les modĂšles dĂ©diĂ© Ă cette tĂąche. Ce langage sâinspire des approches des lignes de produit logiciel afin dâassurer une gestion de la variabilitĂ© des blocs Ă la fois correcte et assurant un passage Ă lâĂ©chelle. Nous avons appliquĂ© cette approche et la vĂ©rification associĂ©e sur quelques exemples choisis de blocs issus dâapplications industrielles et lâavons validĂ© sur des prototypes logiciels que nous avons dĂ©veloppĂ©. Les blocs sont les principaux Ă©lĂ©ments des langages dâentrĂ©e utilisĂ©s pour la gĂ©nĂ©ration automatique de logiciels de commande et de contrĂŽle. Nous montrons comment les spĂ©cifications formelles de blocs peuvent ĂȘtre transformĂ©es en des annotations de code afin de simplifier et dâautomatiser la vĂ©rification du code gĂ©nĂ©rĂ©. Les annotations de code sont vĂ©rifiĂ©es par la suite Ă lâaide dâoutils spĂ©cialisĂ©s dâanalyse statique de code. En utilisant des observateur synchrones pour exprimer des exigences de haut niveau sur les modĂšles en entrĂ©e du gĂ©nĂ©rateur, nous montrons comment la spĂ©cification formelle de blocs peut ĂȘtre utilisĂ©e pour la gĂ©nĂ©ration dâannotations de code et par la suite pour la vĂ©rification automatique des exigences. Finalement, nous montrons dans quelle mesure les spĂ©cifications de blocs permettent de gĂ©nĂ©rer des donnĂ©es de qualification tel que des exigences, des tests ou des donnĂ©es de simulation utilisĂ©es pour la vĂ©rification et le dĂ©veloppement de gĂ©nĂ©rateurs automatiques de code. ABSTRACT : Control and command softwares play a key role in safety-critical embedded systems used for human related activities such as transportation, healthcare or energy. Their impact on safety makes the assessment of their correctness the central point in their development activities. Such systems verification activities are usually conducted according to normative certification guidelines providing objectives to be reached in order to ensure development process reliability and thus prevent flaws. Verification activities usually relies on tests and proof reading of the software but recent versions of certification guidelines are taking into account the deployment of new development paradigms such as model-based development, and formal methods; or the use of tools in assistance of the development processes. Automatic code generators are used in most safety-critical embedded systems development in order to avoid human related software production errors and to ensure the respect of development quality standards. As these tools are supposed to replace humans in the software code production activities, errors in these tools may result in embedded software flaws. It is thus in turn mandatory to ensure the same level of correctness for the tool itself than for the expected produced code. Tools verification shall be done according to qualification guidelines. We advocate in our work the use of model-based development and formal methods for the development of these tools in order to reach a higher quality level. Critical control and command software are mostly designed using graphical dataflow languages. These languages are used to express complex systems relying on atomic operations embedded in blocks that are gathered in block libraries. Blocks may be sophisticated pieces of software with highly variable structure and semantics. This variability is dependent on the values of the block parameters and of the block's context of use. In our work, we focus on the formal specification and verification of such block based languages. We experimented various techniques in order to ensure a formal, sound, verifiable and usable specification for blocks. We developed a domain specific formal model-based language specifically tailored for the specification of structure and semantics of blocks. This specification language is inspired from software product line concepts in order to ensure a correct and scalable management of the blocks variability. We have applied this specification and verification approach on chosen block examples from common industrial use cases and we have validated it on tool prototypes. Blocks are the core elements of the input language of automatic code generators used for control and command systems development. We show how our blocks formal specification can be translated as code annotations in order to ease and automate the generated code verification. Code annotations are verified using specialised static code analysis tools. Relying on synchronous observers to express high level requirements at the input model level, we show how formal block specification can also be used for the translation of high level requirements as verifiable code annotations discharged using the same specialised tooling. We finally target the assistance of code generation tools qualification activities by arguing on the ability to automatically generate qualification data such as requirements, tests or simulation results for the verification and development of automatic code generators from the formal block specification
Formal Guarantees for Safety Critical Code Generation: the Case of Highly Variable Languages
Control and command softwares play a key role in safety-critical embedded systems used for human related activities such as transportation, healthcare or energy. Their impact on safety makes the assessment of their correctness the central point in their development activities. Such systems verification activities are usually conducted according to normative certification guidelines providing objectives to be reached in order to ensure development process reliability and thus prevent flaws. Verification activities usually relies on tests and proof reading of the software but recent versions of certification guidelines are taking into account the deployment of new development paradigms such as model-based development, and formal methods; or the use of tools in assistance of the development processes. Automatic code generators are used in most safety-critical embedded systems development in order to avoid human related software production errors and to ensure the respect of development quality standards. As these tools are supposed to replace humans in the software code production activities, errors in these tools may result in embedded software flaws. It is thus in turn mandatory to ensure the same level of correctness for the tool itself than for the expected produced code. Tools verification shall be done according to qualification guidelines. We advocate in our work the use of model-based development and formal methods for the development of these tools in order to reach a higher quality level. Critical control and command software are mostly designed using graphical dataflow languages. These languages are used to express complex systems relying on atomic operations embedded in blocks that are gathered in block libraries. Blocks may be sophisticated pieces of software with highly variable structure and semantics. This variability is dependent on the values of the block parameters and of the block's context of use. In our work, we focus on the formal specification and verification of such block based languages. We experimented various techniques in order to ensure a formal, sound, verifiable and usable specification for blocks. We developed a domain specific formal model-based language specifically tailored for the specification of structure and semantics of blocks. This specification language is inspired from software product line concepts in order to ensure a correct and scalable management of the blocks variability. We have applied this specification and verification approach on chosen block examples from common industrial use cases and we have validated it on tool prototypes. Blocks are the core elements of the input language of automatic code generators used for control and command systems development. We show how our blocks formal specification can be translated as code annotations in order to ease and automate the generated code verification. Code annotations are verified using specialised static code analysis tools. Relying on synchronous observers to express high level requirements at the input model level, we show how formal block specification can also be used for the translation of high level requirements as verifiable code annotations discharged using the same specialised tooling. We finally target the assistance of code generation tools qualification activities by arguing on the ability to automatically generate qualification data such as requirements, tests or simulation results for the verification and development of automatic code generators from the formal block specification
Actes de l'Ecole d'Eté Temps Réel 2005 - ETR'2005
Pdf des actes disponible à l'URL http://etr05.loria.fr/Le programme de l'Ecole d'été Temps Réel 2005 est construit autour d'exposés de synthÚse donnés par des spécialistes du monde industriel et universitaire qui permettront aux participants de l'ETR, et notamment aux doctorants, de se forger une culture scientifique dans le domaine. Cette quatriÚme édition est centrée autour des grands thÚmes d'importance dans la conception des systÚmes temps réel : Langages et techniques de description d'architectures, Validation, test et preuve par des approches déterministes et stochastiques, Ordonnancement et systÚmes d'exploitation temps réel, Répartition, réseaux temps réel et qualité de service