Formalization and Correctness of the PALS Architectural Pattern for Distributed Real-Time Systems

Many Distributed Real-Time Systems (DRTS), such as integrated modular avionics systems and distributed control systems in motor vehicles, are made up of a collection of components communicating asynchronously among themselves and with their environment that must change their state and respond to environment inputs within hard real-time bounds. Such systems are often safety-critical and need to be certi???ed; but their certi???cation is currently very hard due to their distributed nature. The Physically Asynchronous Logically Synchronous (PALS) architectural pattern can greatly reduce the design and veri???cation complexities of achieving virtual synchrony in a DTRS. This work presents a formal speci???cation of PALS as a formal model transformation that maps a synchronous design, together with a set of performance bounds of the underlying infrastructure, to a formal DRTS speci???cation that is semantically equivalent to the synchronous design. This semantic equivalence is proved, showing that the formal veri???cation of temporal logic properties of the DRTS can be reduced to their veri???cation on the much simpler synchronous design. An avionics system case study is used to illustrate the usefulness of PALS for formal verification purposes.unpublishednot peer reviewe

Using the PALS Architecture to Verify a Distributed Topology Control Protocol for Wireless Multi-Hop Networks in the Presence of Node Failures

The PALS architecture reduces distributed, real-time asynchronous system design to the design of a synchronous system under reasonable requirements. Assuming logical synchrony leads to fewer system behaviors and provides a conceptually simpler paradigm for engineering purposes. One of the current limitations of the framework is that from a set of independent "synchronous machines", one must compose the entire synchronous system by hand, which is tedious and error-prone. We use Maude's meta-level to automatically generate a synchronous composition from user-provided component machines and a description of how the machines communicate with each other. We then use the new capabilities to verify the correctness of a distributed topology control protocol for wireless networks in the presence of nodes that may fail.Comment: In Proceedings RTRTS 2010, arXiv:1009.398

PALS-Based Analysis of an Airplane Multirate Control System in Real-Time Maude

Distributed cyber-physical systems (DCPS) are pervasive in areas such as aeronautics and ground transportation systems, including the case of distributed hybrid systems. DCPS design and verification is quite challenging because of asynchronous communication, network delays, and clock skews. Furthermore, their model checking verification typically becomes unfeasible due to the huge state space explosion caused by the system's concurrency. The PALS ("physically asynchronous, logically synchronous") methodology has been proposed to reduce the design and verification of a DCPS to the much simpler task of designing and verifying its underlying synchronous version. The original PALS methodology assumes a single logical period, but Multirate PALS extends it to deal with multirate DCPS in which components may operate with different logical periods. This paper shows how Multirate PALS can be applied to formally verify a nontrivial multirate DCPS. We use Real-Time Maude to formally specify a multirate distributed hybrid system consisting of an airplane maneuvered by a pilot who turns the airplane according to a specified angle through a distributed control system. Our formal analysis revealed that the original design was ineffective in achieving a smooth turning maneuver, and led to a redesign of the system that satisfies the desired correctness properties. This shows that the Multirate PALS methodology is not only effective for formal DCPS verification, but can also be used effectively in the DCPS design process, even before properties are verified.Comment: In Proceedings FTSCS 2012, arXiv:1212.657

Formal Model Engineering for Embedded Systems Using Real-Time Maude

This paper motivates why Real-Time Maude should be well suited to provide a formal semantics and formal analysis capabilities to modeling languages for embedded systems. One can then use the code generation facilities of the tools for the modeling languages to automatically synthesize Real-Time Maude verification models from design models, enabling a formal model engineering process that combines the convenience of modeling using an informal but intuitive modeling language with formal verification. We give a brief overview six fairly different modeling formalisms for which Real-Time Maude has provided the formal semantics and (possibly) formal analysis. These models include behavioral subsets of the avionics modeling standard AADL, Ptolemy II discrete-event models, two EMF-based timed model transformation systems, and a modeling language for handset software.Comment: In Proceedings AMMSE 2011, arXiv:1106.596

Specification and Verification of Distributed Embedded Systems: A Traffic Intersection Product Family

Distributed embedded systems (DESs) are no longer the exception; they are the rule in many application areas such as avionics, the automotive industry, traffic systems, sensor networks, and medical devices. Formal DES specification and verification is challenging due to state space explosion and the need to support real-time features. This paper reports on an extensive industry-based case study involving a DES product family for a pedestrian and car 4-way traffic intersection in which autonomous devices communicate by asynchronous message passing without a centralized controller. All the safety requirements and a liveness requirement informally specified in the requirements document have been formally verified using Real-Time Maude and its model checking features.Comment: In Proceedings RTRTS 2010, arXiv:1009.398

사이버 물리 시스템을 위한 PALSware 시스템 엄밀 검증 프레임워크

학위논문(박사) -- 서울대학교대학원 : 공과대학 전기·컴퓨터공학부, 2021.8. 김윤승.Achieving high-level safety guarantees for cyber-physical systems has always been a key challenge, since many of those systems are safety-critical so that their failures in the actual operation may bring catastrophic results. Many cyber-physical systems have real-time and distributed features, which increase the complexity of the system an order of magnitude higher. In order to tame the complexity, a middleware called PALSware has been pro- posed. It provides a logically synchronous environment to the application layer on top of physically asynchronous underlying network and operating systems. The com- plexity of a system can be significantly reduced in a synchronous environment. However, a bug in PALSware may have destructive effects since it exposes every application system to runtime failures. Moreover, finding bugs in PALSware can be very challenging in some cases, for various reasons. To solve this problem, we present VeriPALS, a formally verified C implementation of PALSware together with a verification framework for application systems. Espe- cially, the framework provides an executable model as an efficient random testing tool. As case studies, we developed two application systems, and applied VeriPALS to demonstrate effectiveness of the framework in both testing and formal verification.사이버 물리 시스템의 안전성을 높이는 일은 항상 중요한 연구 주제가 되어왔다. 그 이유 는 많은 사이버 물리 시스템이 안전 우선 시스템이기 때문인데, 이는 실제 시스템 구동 중에 오류가 발생할 경우 큰 사고로 직결될 수 있음을 의미한다. 더욱이, 사이버 물리 시스템이 가지는 실시간성, 분산성이 시스템의 복잡도를 높여 위험성을 증가시키므로 안전성을 높이는 일은 매우 중요하다. 시스템의 복잡도 문제를 해결하기 위해, PALSware라는 미들웨어가 고안되었다. 이 미들웨어는 비동기식으로 동작하는 네트워크와 운영체제 환경 위에서 가상의 동기식 환 경을 애플리케이션 층에 제공하는 역할을 한다. PALSware를 사용하면 시스템을 동기식 환경에서 디자인할 수 있게 되어, 시스템의 복잡도를 크게 낮추는 것이 가능해진다. 하지만, PALSware에 버그가 있을 경우 그 악영향이 매우 크게 나타날 수 있다. 우선 이 미들웨어를 사용하는 모든 애플리케이션 시스템에 버그가 존재하게 된다. 또한, 미들 웨어의 버그를 찾는 일은 일반 프로그램의 버그를 찾는 것보다 매우 어려운 문제가 될 수 있다. 이 문제를 해결하기 위해, 우리는 VeriPALS라는 프레임워크를 개발하였다. 이 프레 임워크는 수학적으로 엄밀하게 검증한 PALSware의 C 구현체를 포함하고 있어 안전한 시스템 구현을 돕는다. 또한, 애플리케이션 시스템을 Coq 위에서 수학적으로 엄밀히 검증할 수 있는 기능을 지원한다. 더 나아가서, 이 프레임워크는 실행 가능한 모델을 효율적인 랜덤 테스팅 툴로서 제공한다. 우리는 이 프레임워크 위에서 두 종류의 애플리 케이션 시스템을 개발하고 테스팅 및 엄밀 검증하여 이 프레임워크의 유용성을 보였다.Chapter 1 Introduction 1 Chapter 2 Preliminaries 8 2.1 PALSware 8 2.1.1 PALSware in A Distributed System 9 2.1.2 Correctness of Synchronization on Reliable Network 10 2.1.3 Implementation of PALSware 11 2.2 Interaction Trees 14 Chapter 3 Overview 16 3.1 Framework 16 3.2 Key Ideas 21 3.2.1 Concurrent Executions of Nodes 21 3.2.2 Global Clock vs. Local Clock 22 3.2.3 Real-time Local Executions of Node Model 23 3.2.4 Time Constraint on Network Transmission Times 24 3.2.5 Time Constraint on Program Executions 25 3.2.6 Observable Behaviors of a Real-Time Distributed System 26 Chapter 4 Formalization 28 4.1 General Definitions 28 4.2 Application System of the Framework 31 4.3 Real-World Model 34 4.3.1 Network Model 34 4.3.2 Generic System Model On Network 35 4.3.3 Operating System Model 37 4.4 Executable Abstract Synchrous Model 41 4.5 Result 42 Chapter 5 Refinement Proof using Intermediate Models 44 5.1 Refinement 1: Abstraction of C programs 44 5.2 Refinement 2: Abstract PALSware 47 5.3 Refinement 3: Abstraction of Network 48 5.4 Refinement 4: Synchronous Execution 51 5.5 Refinement 5: Making It Executable 54 Chapter 6 Case Study 1: Active-Standby Resource Scheduling System 55 6.1 High-Level Description 56 6.2 Implementation 59 6.3 Formally Verified Properties 62 6.3.1 Correctness of Implementation 62 6.3.2 Abstraction To Single-Controller System 63 Chapter 7 Case Study 2: Synchronous Work Assignment System 68 7.1 High-Level Description 69 7.2 Implementation 70 Chapter 8 Results 75 8.1 Development 75 8.2 Experimental Results 77 Chapter 9 Related Work 80 9.1 PALS Pattern and PALSware Verification 80 9.2 Verification Frameworks for Distributed Systems 81 9.3 Verifying C Programs 83 Chapter 10 Conclusion and Future Work 85 Bibliography 88 초록 92 Acknowledgements 93박

PALS/PRISM Software Design Description (SDD): Ver. 0.51

This Software Design Description (SDD) provides detailed information on the architecture and coding for the PRISM C++ library (version 0.51). The PRISM C++ library supports consistent information sharing and in- teractions between distributed components of networked embedded systems, e.g. avionics. It is designed to reduce the complexity of the networked sys- tem by employing synchronous semantics provided by the architectural pat- tern called a Physically-Asynchronous Logically-Synchronous (PALS) system.unpublishednot peer reviewe

Integrated formal verification of safety-critical software

This work presents a formal verification process based on the Systerel Smart Solver (S3) toolset for the development of safety-critical embedded software. In order to guarantee the correctness of the implementation of a set of textual requirements, the process integrates different verification techniques (inductive proof, bounded model checking, test case generation and equivalence proof) to handle different types of properties at their best capacities. It is aimed at the verification of properties at system, design, and code levels. To handle the floating-point arithmetic (FPA) in both the design and the code, an FPA library is designed and implemented in S3. This work is illustrated on an Automatic Rover Protection (ARP) system implemented on-board a robot. Focus is placed on the verification of safety and functional properties and on the equivalence proof between the design model and the generated code

Twenty years of rewriting logic

AbstractRewriting logic is a simple computational logic that can naturally express both concurrent computation and logical deduction with great generality. This paper provides a gentle, intuitive introduction to its main ideas, as well as a survey of the work that many researchers have carried out over the last twenty years in advancing: (i) its foundations; (ii) its semantic framework and logical framework uses; (iii) its language implementations and its formal tools; and (iv) its many applications to automated deduction, software and hardware specification and verification, security, real-time and cyber-physical systems, probabilistic systems, bioinformatics and chemical systems