Extending Rebeca with synchronous messages and reusable components

In this paper, we propose extended Rebeca as a tool-supported actor-based language for modeling and verifying of concurrent and distributed systems. We enrich Rebeca with a formal concept of components which integrates the message-driven computational model of actor-based languages with synchronous message passing. Components are used to encapsulate a set of internal active objects which react asynchronously to messages by means of methods and which additionally interact via a synchronous message passing mechanism. Components themselves interact only via asynchronous and anonymous messages. We present our compositional verification approach and abstraction techniques, and the theory corresponding to it, based on formal semantics of Rebeca. These techniques are exploited to overcome state explosion problem in model checkin

Modelling and Simulation of Asynchronous Real-Time Systems using Timed Rebeca

In this paper we propose an extension of the Rebeca language that can be used to model distributed and asynchronous systems with timing constraints. We provide the formal semantics of the language using Structural Operational Semantics, and show its expressiveness by means of examples. We developed a tool for automated translation from timed Rebeca to the Erlang language, which provides a first implementation of timed Rebeca. We can use the tool to set the parameters of timed Rebeca models, which represent the environment and component variables, and use McErlang to run multiple simulations for different settings. Timed Rebeca restricts the modeller to a pure asynchronous actor-based paradigm, where the structure of the model represents the service oriented architecture, while the computational model matches the network infrastructure. Simulation is shown to be an effective analysis support, specially where model checking faces almost immediate state explosion in an asynchronous setting.Comment: In Proceedings FOCLASA 2011, arXiv:1107.584

Specification and Verification of Timing Properties in Interoperable Medical Systems

To support the dynamic composition of various devices/apps into a medical system at point-of-care, a set of communication patterns to describe the communication needs of devices has been proposed. To address timing requirements, each pattern breaks common timing properties into finer ones that can be enforced locally by the components. Common timing requirements for the underlying communication substrate are derived from these local properties. The local properties of devices are assured by the vendors at the development time. Although organizations procure devices that are compatible in terms of their local properties and middleware, they may not operate as desired. The latency of the organization network interacts with the local properties of devices. To validate the interaction among the timing properties of components and the network, we formally specify such systems in Timed Rebeca. We use model checking to verify the derived timing requirements of the communication substrate in terms of the network and device models. We provide a set of templates as a guideline to specify medical systems in terms of the formal model of patterns. A composite medical system using several devices is subject to state-space explosion. We extend the reduction technique of Timed Rebeca based on the static properties of patterns. We prove that our reduction is sound and show the applicability of our approach in reducing the state space by modeling two clinical scenarios made of several instances of patterns

Construction and Analysis of Petri Net Model for Distributed Cyber Physical Systems

A Distributed Cyber-Physical System (DCPS) composition poses challenges in determining its emergent behaviour. These challenges occur due to (1) the appearance of causal loops of information and energy flow through cyber and physical channels and (2) inherent non-determinism in the temporally ordered flow of events within independently evolving interacting processes of Constituent Systems (CSs). Hence, there is a need to construct a model of the envisaged schematic of DCPS composition for analysis and verification of its significant properties in the conceptual design stage of the system development life cycle. This paper presents a procedure to construct DCPS composition models in Petri net formalism using distributed abstractions. The model for each CS is obtained from elementary constructs using compositional operators. The interaction among CSs occurs through channels obtained by connecting send and receive constructs of two CSs participating in an interaction. The internal processing within a CS characterizing its primary function is abstracted in a generic passthrough construct. Representing these constructs with compositional operators results in the complete DCPS model in Petri net formalism. A toolchain with Reference net workshop (Renew) as an integrated Petri net editing and analysis platform is configured to support DCPS modelling, simulation and analysis. The Renew tool functionality has been enhanced with a plugin designed and developed by authors to facilitate the drawing of the distributed composition model. A low-level Petri net analysis (Lola) v2.0 plugin is employed to verify the Petri net and temporal properties of the modelled DCPS scenarios. The properties of the resultant model are verified using well-established algorithms to analyze Petri nets. Further, system properties specified using temporal logic can be verified using model-checking algorithms for Petri nets. A moderately complex scenario involving interactions among six CSs illustrates the presented approach

Compositional schedulability analysis of real-time actor-based systems

We present an extension of the actor model with real-time, including deadlines associated with messages, and explicit application-level scheduling policies, e.g.,"earliest deadline first" which can be associated with individual actors. Schedulability analysis in this setting amounts to checking whether, given a scheduling policy for each actor, every task is processed within its designated deadline. To check schedulability, we introduce a compositional automata-theoretic approach, based on maximal use of model checking combined with testing. Behavioral interfaces define what an actor expects from the environment, and the deadlines for messages given these assumptions. We use model checking to verify that actors match their behavioral interfaces. We extend timed automata refinement with the notion of deadlines and use it to define compatibility of actor environments with the behavioral interfaces. Model checking of compatibility is computationally hard, so we propose a special testing process. We show that the analyses are decidable and automate the process using the Uppaal model checke

Formal aspects of component software

This is the pre-proceedings of 6th International Workshop on Formal Aspects of Component Software (FACS'09)

Automated Validation of State-Based Client-Centric Isolation with TLA ⁺

Clear consistency guarantees on data are paramount for the design and implementation of distributed systems. When implementing distributed applications, developers require approaches to verify the data consistency guarantees of an implementation choice. Crooks et al. define a state-based and client-centric model of database isolation. This paper formalizes this state-based model in, reproduces their examples and shows how to model check runtime traces and algorithms with this formalization. The formalized model in enables semi-automatic model checking for different implementation alternatives for transactional operations and allows checking of conformance to isolation levels. We reproduce examples of the original paper and confirm the isolation guarantees of the combination of the well-known 2-phase locking and 2-phase commit algorithms. Using model checking this formalization can also help finding bugs in incorrect specifications. This improves feasibility of automated checking of isolation guarantees in synthesized synchronization implementations and it provides an environment for experimenting with new designs.</p

Towards reduction of Paradigm coordination models

The coordination modelling language Paradigm addresses collaboration between components in terms of dynamic constraints. Within a Paradigm model, component dynamics are consistently specified at a detailed and a global level of abstraction. To enable automated verification of Paradigm models, a translation of Paradigm into process algebra has been defined in previous work. In this paper we investigate, guided by a client-server example, reduction of Paradigm models based on a notion of global inertness. Representation of Paradigm models as process algebraic specifications helps to establish a property-preserving equivalence relation between the original and the reduced Paradigm model. Experiments indicate that in this way larger Paradigm models can be analyzed.Comment: In Proceedings PACO 2011, arXiv:1108.145