cmUML - A UML based framework for formal specification of concurrent, reactive systems

Complex software systems possess concurrent and reactive behaviors requiring precise specifications prior to development. Lamport's transition axiom method is a formal specification method which combines axiomatic and operational approaches. On the other hand Unified Modeling Language (UML), a de facto industry standard visual language, lacks suitable constructs and semantics regarding concurrency aspects. Though UML includes action semantics, its higher level constructs and object semantics are inconsistent. Motivated by Lamport's approach, this paper proposes a UML based specification framework 'cmUML' ('cm' for concurrent modules) for formal specification of concurrent, reactive systems without object level diagrams and OCL. The framework integrates higher level diagrams of UML and addresses various concurrency issues including exception handling. It combines UML-RT and UML// SPT profile as the latter defines a core package for concurrency and causality. Further the framework includes the characteristic safety and liveness aspects of concurrent systems. The proposed framework is in contrast with existing approaches based on low level primitives (semaphore, monitors). The paper includes several specification examples validating the proposed framework

Modernizing science&engineering software systems

As the demands for modernized legacy systems rise, so does the need for frameworks for information integration and tool interoperability. The Object Management Group (OMG) has adopted the Model Driven Architecture (MDA), which is an evolving conceptual architecture that aligns with this demand. MDA could help solve coupling problems of multidisciplinary character in science and engineering that consist of one or more applications, supported by one or more platforms. The objective of this paper is to describe rigorous techniques to control the evolution from science & engineering software legacy systems to MDA technologies. We propose a rigorous framework to reverse engineering code in the context of MDA. Considering that validation, verification and consistency are crucial activities in the modernization of systems that are critical to safety, security and economic profits, our approach emphasizes the integration of MDA with formal methods

Model Based Analysis and Test Generation for Flight Software

We describe a framework for model-based analysis and test case generation in the context of a heterogeneous model-based development paradigm that uses and combines Math- Works and UML 2.0 models and the associated code generation tools. This paradigm poses novel challenges to analysis and test case generation that, to the best of our knowledge, have not been addressed before. The framework is based on a common intermediate representation for different modeling formalisms and leverages and extends model checking and symbolic execution tools for model analysis and test case generation, respectively. We discuss the application of our framework to software models for a NASA flight mission

Ontology-based methodology for error detection in software design

Improving the quality of a software design with the goal of producing a high quality software product continues to grow in importance due to the costs that result from poorly designed software. It is commonly accepted that multiple design views are required in order to clearly specify the required functionality of software. There is universal agreement as to the importance of identifying inconsistencies early in the software design process, but the challenge is how to reconcile the representations of the diverse views to ensure consistency. To address the problem of inconsistencies that occur across multiple design views, this research introduces the Methodology for Objects to Agents (MOA). MOA utilizes a new ontology, the Ontology for Software Specification and Design (OSSD), as a common information model to integrate specification knowledge and design knowledge in order to facilitate the interoperability of formal requirements modeling tools and design tools, with the end goal of detecting inconsistency errors in a design. The methodology, which transforms designs represented using the Unified Modeling Language (UML) into representations written in formal agent-oriented modeling languages, integrates object-oriented concepts and agent-oriented concepts in order to take advantage of the benefits that both approaches can provide. The OSSD model is a hierarchical decomposition of software development concepts, including ontological constructs of objects, attributes, behavior, relations, states, transitions, goals, constraints, and plans. The methodology includes a consistency checking process that defines a consistency framework and an Inter-View Inconsistency Detection technique. MOA enhances software design quality by integrating multiple software design views, integrating object-oriented and agent-oriented concepts, and defining an error detection method that associates rules with ontological properties

Runtime observable and adaptable UML state machine-based software components generation and verification: [email protected] approach

Cyber-Physical Systems (CPSs) are embedded computing systems in which computation interacts closely with the physical world through sensors and actuators. CPSs are used to control context aware systems. These types of systems are complex systems that will have different configurations and their control strategy can be configured depending the environmental data and current situation of the context. Therefore, in current industrial environments, the software of embedded and Cyber-Physical systems have to cope with increasing complexity, uncertain scenarios and safe requirements at runtime. The UML State Machine is a powerful formalism to model the logical behaviour of these types of systems, and in Model Driven Engineering (MDE) we can generate code automatically from these models. MDE aims to overcome the complexity of software construction by allowing developers to work at the high-level models of software systems instead of low-level codes. However, determining and evaluating the runtime behaviour and performance of models of CPSs using commercial MDE tools is a challenging task. Such tools provide little support to observe at model-level the execution of the code generated from the model, and to collect the runtime information necessary to, for example, check whether defined safe properties are met or not. One solution to address these requirements is having the software components information in model terms at runtime ([email protected]). Work on [email protected] seeks to extend the applicability of models produced in MDE approaches to the runtime environment. Having the model at runtime is the first step towards the runtime verification. Runtime verification can be performed using the information of model elements (current state, event, next state,etc.) This thesis aims at advancing the current practice on generating automatically Unified Modeling Language - State Machine (UML-SM) based software components that are able to provide their internal information in model terms at runtime. Regarding automation, we propose a tool supported methodology to automatically generate these software components. As for runtime monitoring, verification and adaptation, we propose an externalized runtime module that is able to monitor and verify the correctness of the software components based on their internal status in model terms at component and system level. In addition, if an error is detected, the runtime adaptation module is activated and the safe adaptation process starts in the involved software components. All things considered, the overall safe level of the software components and CPSs is enhanced.Sistema Ziber-Fisikoak, konputazio sistema txertatuez osatuta daude. Konputazio sistema txertatu hauek, mundu birtuala mundu fisikoarekin uztartzeko gaitasuna eskaintzen dute. Sistema ziberfisikoak orokorrean sistema konplexuak izan ohi dira eta inguruan gertazen denaren araberako konfigurazio desberdinak izan ohi dituzte. Gaur egungo industria ingurunetan, sistema hauek daramaten kontroleko softwarea asko handitu da eta beren konplexutasunak ere gorakada handia izan du: aurrez ezagunak ez diren baldintza eta inguruetan lan egin beharra dute askotan, denbora errealeko eskakizunak eta segurtasun eskakizunak ere beteaz. UML State Machine formalismoa, goian aipaturiko sistema mota horien portaera logikoa modelizatzeko erabiltzen den formalismo indartsu bat da. Formalismo honen baitan eta Model Driven Engineering (MDE) enfokea jarraituaz, sistema modelatzeko erabilitako grafikoetatik sisteman txertatua izango den kodea automatikoki sor genezake. MDEk softwarea sortzeko orduan izan genezakeen konplexutasuna gainditu nahi du, garatzailei software-sistemen goi-mailako ereduetan lan egiteko aukera emanez. Hala ere, MDE-an oinarrituriko tresna komertzialak erabiliaz, zaila izaten da berauen bidez sorturiko kodearen errendimendua eta portaera sistema exekuzioan dagoenean ebaluatzea. Tresna horiek laguntza gutxi eskaintzen dute modelotatik sortutako kodea exekutatzen ari denean sisteman zer gertatzen ari denaren informazioa modeloaren terminoetan jasotzeko. Beraz, exekuzio denboran, oso zaila izaten da sistemaren portaera egokia den edo ez aztertzea modelo mailako informazio hori erabiliaz. Eskakizun horiek kudeatzeko modu bat, software modeloaren informazioa denbora errealean izatea da ([email protected] enfokea). [email protected] enfokearen helburu nagusietako bat, MDE enfokearekin garapen fasean sortutako modeloak exekuzio denboran (runtime-en) erabilgarri izatean datza. Exekuzio denboran egiaztapen edo testing-a egin ahal izateko lehen urratsa, testeatu nahi den software horren modeloa exekuzio denboran eskuragarri izatea da. Honela, exekuzio denborako egiaztapen edo berifikazioak softwarea modelatzeko erabili ditugun elementu berberak erabiliaz egin daitke (egungo egoera, gertaera, hurrengo egoera, eta abar). Tesi honen helburutako bat UML-State Machine modeloetan oinarritutako eta exekuzio denboran beren barne egoeraren informazioa modeloko elementu bidez probestu ahalko duten software osagaiak modu automatikoan sortzea da. Automatizazioari dagokionez, lehenik eta behin, software-osagai horiek automatikoki sortzen dituzten tresnak eskaintzen dituen metodologia proposatzen dugu. Bigarrenik, UMLSM oinarritutako software osagaiak automatikoki sortuko dituen herraminta bera proposatzen dugu. Exekuzio denboran eguneraketen jarraipenari, egiaztatzeari eta egokitzeari dagokionez, barne egoera UML-SM modelo terminoetan eskaintzen duten software osagaiak egiaztatzeko eta egokitzeko gai den kanpo exekuzio modulo bat proposatzen dugu. Honela, errore bat detektatzen bada, exekuzio garaian egokitze modulua aktibatuko da egokitzapen prozesu segurua martxan jarriaz. Honek, dagokion software osagaiari abixua bidaliko dio egokitzapena egin dezan. Gauza guztiak kontuan hartuta, software osagaien eta CPSen segurtasun maila orokorra hobetua izango da.Los sistemas cyber-físicos (CPSs) son sistemas de computación embebidos en los que la computación interactúa estrechamente con el mundo físico a través de sensores y actuadores. Los CPS se utilizan para controlar sistemas que proveen conocimiento del contexto. Este tipo de sistemas son sistemas complejos que suelen tener diferentes configuraciones y su estrategia de control puede configurarse en función de los datos del entorno y de la situación actual del contexto. Por lo tanto, en los entornos industriales actuales, el software de los sistemas embebidos tiene que hacer frente a la creciente complejidad, los escenarios inciertos y los requisitos de seguridad en tiempo de ejecución. Las máquinas de estado UML son un formalismo muy utilizado en industria para modelar el comportamiento lógico de este tipo de sistemas, y siguiendo el enfoque Model Driven Engineering (MDE) podemos generar código automáticamente a partir de estos modelos. El objetivo de MDE es superar la complejidad de la construcción de software permitiendo a los desarrolladores trabajar en los modelos de alto nivel de los sistemas de software en lugar de tener que codificar el control mediante lenguajes de programación de bajo nivel. Sin embargo, determinar y evaluar el comportamiento y el rendimiento en tiempo de ejecución de estos modelos generados mediante herramientas comerciales de MDE es una tarea difícil. Estas herramientas proporcionan poco apoyo para observar a nivel de modelo la ejecución del código generado a partir del modelo. Por lo tanto, no son muy adecuadas para poder recopilar la información de tiempo de ejecución necesaria para, por ejemplo, comprobar si se cumplen o no las restricciones definidas. Un enfoque para gestionar estos requisitos, es tener la información de los componentes de software en términos de modelo en tiempo de ejecución ([email protected]). El trabajo en [email protected] busca ampliar la aplicabilidad de los modelos producidos en fase de desarrollo mediante el enfoque MDE al entorno de tiempo de ejecución. Tener el modelo en tiempo de ejecución es el primer paso para poder llevar a cabo la verificación en tiempo de ejecución. Así, esta verificación se podrá realizar utilizando la información de los elementos del modelo (estado actual, evento, siguiente estado, etc.). El objetivo de esta tesis es avanzar en la práctica actual de generar automáticamente componentes software basados en Unified Modeling Language - State Machine (UML-SM) que sean capaces de proporcionar información interna en términos de modelos en tiempo de ejecución. En cuanto a la automatización, en primer lugar, proponemos una metodología soportada por herramientas para generar automáticamente estos componentes de software. En segundo lugar, proponemos un marco de trabajo de generación de componentes de software basado en UML-SM. En cuanto a la monitorización, verificación y adaptación en tiempo de ejecución, proponemos un módulo de tiempo de ejecución externalizado que es capaz de monitorizar y verificar la validez de los componentes del software en función de su estado interno en términos de modelo. Además, si se detecta un error, se activa el módulo de adaptación en tiempo de ejecución y se inicia el proceso de adaptación seguro en el componente de software correspondiente. Teniendo en cuenta todo esto, el nivel de seguridad global de los componentes del software y de los CPS se ve mejorado

Prototyping the Semantics of a DSL using ASF+SDF: Link to Formal Verification of DSL Models

A formal definition of the semantics of a domain-specific language (DSL) is a key prerequisite for the verification of the correctness of models specified using such a DSL and of transformations applied to these models. For this reason, we implemented a prototype of the semantics of a DSL for the specification of systems consisting of concurrent, communicating objects. Using this prototype, models specified in the DSL can be transformed to labeled transition systems (LTS). This approach of transforming models to LTSs allows us to apply existing tools for visualization and verification to models with little or no further effort. The prototype is implemented using the ASF+SDF Meta-Environment, an IDE for the algebraic specification language ASF+SDF, which offers efficient execution of the transformation as well as the ability to read models and produce LTSs without any additional pre or post processing.Comment: In Proceedings AMMSE 2011, arXiv:1106.596

Automating Verification of State Machines with Reactive Designs and Isabelle/UTP

State-machine based notations are ubiquitous in the description of component systems, particularly in the robotic domain. To ensure these systems are safe and predictable, formal verification techniques are important, and can be cost-effective if they are both automated and scalable. In this paper, we present a verification approach for a diagrammatic state machine language that utilises theorem proving and a denotational semantics based on Unifying Theories of Programming (UTP). We provide the necessary theory to underpin state machines (including induction theorems for iterative processes), mechanise an action language for states and transitions, and use these to formalise the semantics. We then describe the verification approach, which supports infinite state systems, and exemplify it with a fully automated deadlock-freedom check. The work has been mechanised in our proof tool, Isabelle/UTP, and so also illustrates the use of UTP to build practical verification tools.Comment: 18 pages, 16th Intl. Conf. on Formal Aspects of Component Software (FACS 2018), October 2018, Pohang, South Kore

Diseño de un robot móvil autónomo de telepresencia

The recent rise in tele-operated autonomous mobile vehicles calls for a seamless control architecture that reduces the learning curve when the platform is functioning autonomously (without active supervisory control), as well as when tele-operated. Conventional robot plat-forms usually solve one of two problems. This work develops a mobile base using the Robot Operating System (ROS) middleware for teleoperation at low cost. The three-layer architec-ture introduced adds or removes operator complexity. The lowest layer provides mobility and robot awareness; the second layer provides usability; the upper layer provides inter-activity. A novel interactive control that combines operator intelligence/ skill with robot/autonomous intelligence enabling the mobile base to respond to expected events and ac-tively react to unexpected events is presented. The experiments conducted in the robot laboratory summarises the advantages of using such a system.El reciente auge de los vehículos móviles autónomos teleoperados exige una arquitectura de control sin fisuras que reduzca la curva de aprendizaje cuando la plataforma funciona de forma autónoma (sin control de supervisión activo), así como cuando es teleoperada. Las plataformas robóticas convencionales suelen resolver uno de los dos problemas. Este tra-bajo desarrolla una base móvil que utiliza el middleware Robot Operating System (ROS) para la teleoperación a bajo coste. La arquitectura de tres capas introducida añade o elimina la complejidad del operador. La capa más baja proporciona movilidad y conciencia robótica; la segunda capa proporciona usabilidad; la capa superior proporciona interactividad. Se presenta un novedoso control interactivo que combina la inteligencia/habilidades del op-erador con la inteligencia autónoma del robot, lo que permite que la base móvil responda a los eventos esperados y reaccione activamente a los eventos inesperados. Los experi-mentos realizados en el laboratorio robótica resumen las ventajas de utilizar un sistema de este tipoDepartamento de Ingeniería de Sistemas y AutomáticaMáster en Electrónica Industrial y Automátic