Capturing Assumptions while Designing a Verification Model for Embedded Systems

A formal proof of a system correctness typically holds under a number of assumptions. Leaving them implicit raises the chance of using the system in a context that violates some assumptions, which in return may invalidate the correctness proof. The goal of this paper is to show how combining informal and formal techniques in the process of modelling and formal verification helps capturing these assumptions. As we focus on embedded systems, the assumptions are about the control software, the system on which the software is running and the system’s environment. We present them as a list written in natural language that supplements the formally verified embedded system model. These two together are a better argument for system correctness than each of these given separately

Specification languages for embedded systems : a survey

Requirements specification is an important part of the software development process. Use of well developed techniques, tools, and languages during requirements specification is especially crucial for complex embedded software systems. Four langauges appropriate for the specification of software requirements for complex embedded systems (RSL, PAISLey, Statecharts, and SCR) are reviewed in detail here. In addition, other representation languages with features relevant to the embedded software systems domain are mentioned. Conclusions about the current status of embedded systems requirements specification and indications of further research are given

A systematized approach to obtain dependable controller specifications for hybrid plants

This chapter focuses on the problem that a designer of an automation system controller must solve related with the correct synchronization between different parts of the controller specification when this specification obeys a previously defined structure. If this synchronization is not done according to some rules, and taking some aspects into consideration, some dependability aspects concerning the desired behaviour for the system may not be accomplished. More specifically, this chapter will demonstrate a systematized approach that consists of using the GEMMA (Guide d`Etude des Modes de Marches et d`Arrêts) (Agence Nationale pour le Developpement de la Production Automatisée) [ADEPA], 1992) and the SFC (Sequential Function Chart) (International Electrotechnical Commission [IEC], 2002) formalisms for the structure and specification of all the system behaviour, considering all the stop states and functioning modes of the system. The synchronization of the models, corresponding to the controller functioning modes and the controller stop states, is shown in detail and a systematized approach for this synchronization is presented. For this the advantages and disadvantages of the vertical coordination and horizontal coordination proposed by the GEMMA formalism are discussed and a case study is presented to explain the proposed systematic approach. A complete safe controller specification is developed to control a hybrid plant. Also this chapter presents and discusses a case study that applies a global approach for considering all the automation systems emergency stop requirements. The definition of all the functioning modes and all the stop states of the automation system is also presented according the EN 418 (European Standard [EN], 1992) and EN 60204-1 (EN, 1997) standards. All the aspects related to the emergency stop are focused in a particular way. The proposed approach defines and guarantees the safety aspects of an automation system controller related to the emergency stop. For the controller structure the GEMMA methodology is used; for the controller entire specification the SFC is used and for the controller behaviour simulation the Automation Studio software (FAMIC, 2003) is used

Petri net model decomposition - a model based approach supporting distributed execution

Dissertação apresentada para obtenção do Grau de Doutor em Engenharia Electrotécnica, Especialidade de Sistemas Digitais, pela Universidade Nova de Lisboa, Faculdade de Ciências e TecnologiaModel-based systems development has contributed to reducing the enormous difference between the continuous increase of systems complexity and the improvement of methods and methodologies available to support systems development. The choice of the modeling formalism is an important factor for success-fully increasing productivity. Petri nets proved to be a suitable candidate for being chosen as a system specification language due to their natural support of modeling processes with concurrency, synchronization and resource sharing, as well as the mechanisms of composition and decomposition. Also having a formal representation reinforces the choice, given that the use of verification tools is fundamental for complex systems development. This work proposes a method for partitioning Petri net models into concurrent sub-models, supporting their distributed implementation. The IOPT class (Input-Output Place Transition) is used as a reference class. It is extended by directed synchronous communication channels, enabling the com- munication between the generated sub-models. Three rules are proposed to perform the partition, and restrictions of the proposed partition method are identified. It is possible to directly compose models which result from the partitioning operation, through an operation of model addition. This allows the re-use of previously obtained models, as well as the easy modification of the intended system functionalities. The algorithms associated with the implementation of the partition operation are presented, as well as its rules and other procedures. The proposed methods are validated through several case studies emphasizing control components of automation systems

Toward Accessible Multilevel Modeling in Systems Biology: A Rule-based Language Concept

Promoted by advanced experimental techniques for obtaining high-quality data and the steadily accumulating knowledge about the complexity of life, modeling biological systems at multiple interrelated levels of organization attracts more and more attention recently. Current approaches for modeling multilevel systems typically lack an accessible formal modeling language or have major limitations with respect to expressiveness. The aim of this thesis is to provide a comprehensive discussion on associated problems and needs and to propose a concrete solution addressing them

Development of a Process Modelling System for Simulation

This thesis details the development of a process modelling technique to aid a simulation model developer during the requirements gathering and conceptual modelling phases of a simulation project. There are a number of process modelling techniques available that are capable of being used during such phases of a simulation project, however there is currently a lack of process modelling techniques developed specifically to aid a simulation model developer in capturing, representing and communicating information and systems issues to persons involved in the operation of discrete systems under investigation. A detailed review of the literature related to techniques capable of supporting the pre-simulation phases of a simulation project is presented. The main conclusion of this review is that there is a specific lack of support available to aid a simulation model developer in the pre-coding phases of a simulation project. Currently there are no process modelling techniques available that specifically support the pre-simulation phases of a discrete event simulation project. To attempt to overcome this shortfall the thesis discusses the development of a process modelling technique specifically developed to support the pre-simulation phases of a simulation project. Objectives in the development of this technique were to develop a technique that: 1. Is capable of capturing a detailed description of a Discrete Event System; 2. Has a low modelling burden and therefore is capable of being used by non specialists; 3. Presents modelling information at a high semantic level so that manufacturing personnel can rationalise with it; 4. Has good visualisation capabilities. The technique developed is called Simulation Activity Diagrams (SADs). To demonstrate the ability of the SAD technique to model discrete event information a prototype process modelling tool, Process Modelling for Simulation (PMS) was developed. An evaluation of the SAD technique is then presented through of a number of real and conceptual discrete event systems used to examine the techniques ability to accurately model information along with its ease of use and modelling accuracy. The thesis concludes that more research is required in validating and developing SADs and in developing other techniques in the pre-simulation area

Safety‐oriented discrete event model for airport A‐SMGCS reliability assessment

A detailed analysis of State of the Art Technologies and Procedures into Airport Advanced-Surface Movement Guidance and Control Systems has been provided in this thesis, together with the review ofStatistical Monte Carlo Analysis, Reliability Assessment and Petri Nets theories. This practical and theoretical background has lead the author to the conclusion that there is a lack of linkage in between these fields. At the same of time the rapid increasing of Air Traffic all over the world, has brought in evidence the urgent need of practical instruments able to identify and quantify the risks connected with Aircraft operations on the ground, since the Airport has shown to be the actual ‘bottle neck’ of the entire Air Transport System. Therefore, the only winning approach to such a critical matter has to be multi-disciplinary, sewing together apparently different subjects, coming from the most disparate areas of interest and trying to fulfil the gap. The result of this thesis work has come to a start towards the end, when a Timed Coloured Petri Net (TCPN) model of a ‘sample’ Airport A-SMGCS has been developed, that is capable of taking into account different orders of questions arisen during these recent years and tries to give them some good answers. The A-SMGCS Airport model is, in the end, a parametric tool relying on Discrete Event System theory, able to perform a Reliability Analysis of the system itself, that: • uses a Monte Carlo Analysis applied to a Timed Coloured Petri Net, whose purpose is to evaluate the Safety Level of Surface Movements along an Airport • lets the user to analyse the impact of Procedures and Reliability Indexes of Systems such as Surface Movement Radars, Automatic Dependent Surveillance-Broadcast, Airport Lighting Systems, Microwave Sensors, and so on… onto the Safety Level of Airport Aircraft Transport System • not only is a valid instrument in the Design Phase, but it is useful also into the Certifying Activities an in monitoring the Safety Level of the above mentioned System with respect to changes to Technologies and different Procedures.This TCPN model has been verified against qualitative engineering expectations by using simulation experiments and occupancy time schedules generated a priori. Simulation times are good, and since the model has been written into Simulink/Stateflow programming language, it can be compiled to run real-time in C language (Real-time workshop and Stateflow Coder), thus relying on portable code, able to run virtually on any platform, giving even better performances in terms of execution time. One of the most interesting applications of this work is the estimate, for an Airport, of the kind of A-SMGCS level of implementation needed (Technical/Economical convenience evaluation). As a matter of fact, starting from the Traffic Volume and choosing the kind of Ground Equipment to be installed, one can make predictions about the Safety Level of the System: if the value is compliant with the TLS required by ICAO, the A-SMGCS level of Implementation is sufficiently adequate. Nevertheless, even if the Level of Safety has been satisfied, some delays due to reduced or simplified performances (even if Safety is compliant) of some of the equipment (e.g. with reference to False Alarm Rates) can lead to previously unexpected economical consequences, thus requiring more accurate systems to be installed, in order to meet also Airport economical constraints. Work in progress includes the analysis of the effect of weather conditions and re-sequencing of a given schedule. The effect of re-sequencing a given schedule is not yet enough realistic since the model does not apply inter arrival and departure separations. However, the model might show some effect on different sequences based on runway occupancy times. A further developed model containing wake turbulence separation conditions would be more sensitive for this case. Hence, further work will be directed towards: • The development of On-Line Re-Scheduling based on the available actual runway/taxiway configuration and weather conditions. • The Engineering Safety Assessment of some small Italian Airport A-SMGCSs (Model validation with real data). • The application of Stochastic Differential Equations systems in order to evaluate the collision risk on the ground inside the Place alone on the Petri Net, in the event of a Short Term Conflict Alert (STCA), by adopting Reich Collision Risk Model. • Optimal Air Traffic Control Algorithms Synthesis (Adaptive look-ahead Optimization), by Dynamically Timed Coloured Petri Nets, together with the implementation of Error-Recovery Strategies and Diagnosis Functions

Message sequence charts in the software engineering process

The software development process benefits from the use of Message Sequence Charts (MSC), which is a graphical language for displyaing the interaction behaviour of a system. We describe canonical applications of MSC independent of any software development methodology. We illustrate the use of MSC with a case study: the Meeting Scheduler