Program Verification of FreeRTOS Using Microsoft Dafny

FreeRTOS is a popular real-time and embedded operating system. Real-time software requires code reviews, software tests, and other various quality assurance activities to ensure minimal defects. This free and open-source operating system has claims of robustness and quality [26]. Real-time and embedded software is found commonly in systems directly impacting human life and require a low defect rate. In such critical software, traditional quality assurance may not suce in minimizing software defects. When traditional software quality assurance is not enough for defect removal, software engineering formal methods may help minimize defects. A formal method such as program verication is useful for proving correctness in real-time software. Microsoft Research created Dafny for proving program correctness. It contains a programming language with specication constructs. A program verication tool such as Dafny allows for proving correctness of FreeRTOS\u27s modules. We propose using Dafny to verify the correctness of FreeRTOS\u27 scheduler and supporting AP

Visual servoing by partitioning degrees of freedom

There are many design factors and choices when mounting a vision system for robot control. Such factors may include the kinematic and dynamic characteristics in the robot's degrees of freedom (DOF), which determine what velocities and fields-of-view a camera can achieve. Another factor is that additional motion components (such as pan-tilt units) are often mounted on a robot and introduce synchronization problems. When a task does not require visually servoing every robot DOF, the designer must choose which ones to servo. Questions then arise as to what roles, if any, do the remaining DOF play in the task. Without an analytical framework, the designer resorts to intuition and try-and-see implementations. This paper presents a frequency-based framework that identifies the parameters that factor into tracking. This framework gives design insight which was then used to synthesize a control law that exploits the kinematic and dynamic attributes of each DOF. The resulting multi-input multi-output control law, which we call partitioning, defines an underlying joint coupling to servo camera motions. The net effect is that by employing both visual and kinematic feedback loops, a robot can quickly position and orient a camera in a large assembly workcell. Real-time experiments tracking people and robot hands are presented using a 5-DOF hybrid (3-DOF Cartesian gantry plus 2-DOF pan-tilt unit) robot

Petri net modelling of a communications protocol

The Petri net is a formal modelling tool applicable to distributed systems and communication protocols. Two methods of analysis are applied to formal models of the "Alternating Bit Protocol". (i) A timed Petri net model is simulated to measure protocol performance. (ii) A modular numeric Petri net model is validated by reachability analysis. The simulation and validation tools are programmed in (i) "C" language and (ii) Prolog. A specification language "Needle" is developed. It describes the model system as a hierarchy of modular state transition networks. The model is searched for all possible event sequences, and the result displayed as a reachability tree. The specification language is capable of describing models which execute backwards in simulation time. The modular numeric Petri net is the basis of a powerful computer architecture, capable of parsing its own specification language to build complex models. Attention is drawn to the similarities between Petri net theory and quantum mechanics

Queueing networks: solutions and applications

During the pasttwo decades queueing network models have proven to be a versatile tool for computer system and computer communication system performance evaluation. This chapter provides a survey of th field with a particular emphasis on applications. We start with a brief historical retrospective which also servesto introduce the majr issues and application areas. Formal results for product form queuenig networks are reviewed with particular emphasis on the implications for computer systems modeling. Computation algorithms, sensitivity analysis and optimization techniques are among the topics covered. Many of the important applicationsof queueing networks are not amenableto exact analysis and an (often confusing) array of approximation methods have been developed over the years. A taxonomy of approximation methods is given and used as the basis for for surveing the major approximation methods that have been studied. The application of queueing network to a number of areas is surveyed, including computer system cpacity planning, packet switching networks, parallel processing, database systems and availability modeling.Durante as últimas duas décadas modelos de redes de filas provaram ser uma ferramenta versátil para avaliação de desempenho de sistemas de computação e sistemas de comunicação. Este capítulo faz um apanhado geral da área, com ênfase em aplicações. Começamos com uma breve retrospectiva histórica que serve também para introduzir os pontos mais importantes e as áreas de aplicação. Resultados formais para redes de filas em forma de produto são revisados com ênfase na modelagem de sistemas de computação. Algoritmos de computação, análise de sensibilidade e técnicas de otimização estão entre os tópicos revistos. Muitas dentre importantes aplicações de redes de filas não são tratáveis por análise exata e uma série (frequentemente confusa) de métodos de aproximação tem sido desenvolvida. Uma taxonomia de métodos de aproximação é dada e usada como base para revisão dos mais importantes métodos de aproximação propostos. Uma revisão das aplicações de redes de filas em um número de áreas é feita, incluindo planejamento de capacidade de sistemas de computação, redes de comunicação por chaveamento de pacotes, processamento paralelo, sistemas de bancos de dados e modelagem de confiabilidade

Acta Universitatis Sapientiae - Electrical and Mechanical Engineering

Series Electrical and Mechanical Engineering publishes original papers and surveys in various fields of Electrical and Mechanical Engineering

A framework for assertion-based timing verification and PC-based restbus simulation of automotive systems

Innovation in der Automobilindustrie wird durch Elektronik und vor allem durch Software ermöglicht. In der Regel wird eine Vielzahl von verteilten Funktionen realisiert. Typischerweise, wird diese Software über mehrere Steuergeräte verteilt. Durch die Verteilung und die Vielzahl an Funktionen ensteht eine immer wachsende Komplexität, die den Verifikations- und Validierungsprozess anspruchsvoller und schwieriger gestaltet. Daher ist für Ingenieure in der Automobilindustrie die Entwicklung von effizienten und effektiven Design-Methoden von großem Interesse.Ein zentrales Element in der Entwicklung automobiler Software ist der komponentebasierten Ansatz. Derzeit ist AUTOSAR der wichtigste Standard, der dieses Paradigma unterstützt. Die Systembeschreibungssprache SystemC ist ebenfalls ein Mittel, um AUTOSAR-Komponenten simulieren zu können. Desweiteren stellt SystemC einen Satz von Bibliotheken zur Verfügung wie zum Beispiel die „SystemC Verification Library“ (SCV), und einen diskreten Event-Simulationskern. Inzwischen ist das Interesse an der Verwendung von SystemC in der automobile Softwareentwicklung stark gestiegen.In dieser Arbeit stellen wir eine SystemC-basierte Entwurfsmethodik für eine frühe Validierung zeitkritischer automobile Systeme vor. Die Methodik reicht von einer reinen SystemC-Simulation bis zu einer PC-basierten Restbussimulation. Um die Synchronisation bezüglich Überabtastung und Unterabtastung zwischen dem SystemC-Simulationsmodell und dem Restbus während der Restbussimulation zu gewährleisten, präsentieren wir ein Synchronisationsverfahren. Im Rahmen dieser Arbeit wurde für die Integration von SystemC-Komponenten IP-XACT als Modelierungsstandard verwendet. Um eine Zeitanalyse ermöglichen zu können, stellen wir Erweiterungen für den IP-XACT-Standard vor, mit deren Hilfe Zeitanforderungen anAutomotive system innovation is mainly driven by software which can be distributed over a large number of functions typically deployed over several ECUs. This growing design complexity makes the verification and validation process challenging and difficult. Therefore, the development of efficient and effective design methodologies is of great interest for automotive engineers.A central concept in the development of automotive software is the component-based approach. Currently, the most prominent approach that supports this design paradigm is the AUTOSAR. The SLDL SystemC provides means to simulate the behavior of AUTOSAR software components by means of a discrete-event simulation kernel. Additionally, SystemC comes with a set of libraries such as the SCV. Meanwhile, the interest of using SystemC has grown in the automotive software development community. In this thesis we present a SystemC-based design methodology for early validation of time-critical automotive systems. The methodology spans from pure SystemC simulation to PC-based Restbus simulation. To deal with synchronization issues (oversampling and undersampling) that arise during Restbus simulation between the SystemC simulation model and the remaining bus network, we also present a new synchronization approach. Finally, we make use IP-XACT for SystemC component integration. To capture timing constraints on the simulation model, we propose timing extensions for the IP-XACT standard. These timing constraints can then be used to verify the SystemC simulation model.Tag der Verteidigung: 11.09.2015Paderborn, Univ., Diss., 201

Power System Digital Twins and Real-Time Simulations in Modern Grids

Power systems are in a state of constant change with new hardware, software and applications affecting their planning, operation, and maintenance. Power system control centers are also evolving through new technologies and functionalities to adapt to current needs. System control rooms have moved from fully manual to automated operations, from analog to digital, and have become an embedded and complex information, communication, computation and control system. Digital twins are virtual representations of physical systems, assets and/or processes. They are enabled through software, hardware and data integration, and allow real-time monitoring, controlling, prediction, optimization, and improved decision-making. Consequently, digital twins arise as a technology capable of incorporating existing control systems along with new ones to collect, classify, store, retrieve and disseminate data for the future generation of control centers. Power system digital twins (PSDTs) can uplift how data from power grids and their equipment is processed, providing operators new ways to visualize and understand the information. Nevertheless, complexity and size of modern power systems narrow the scope a current digital twin can have. Furthermore, the services provided are limited to only certain phenomena and/or applications. This thesis addresses the need for a flexible and versatile solution that is also robust and adaptable for monitoring, operating and planning future power systems. The modular design for implementation of the next generation of PSDTs is proposed based on grid applications and/or services they can provide. From a modeling perspective, this thesis also distinguishes how real-time simulations enable the design, development, and operation of a PSDT. First, the need for enhanced power system modeling and simulation techniques is established. Moreover, the necessity of expanding to a more complete and varied open-source library of power system models is identified. The thesis continues by designing, developing, and testing models of inverter-based resources that can be used by the industry and researchers when developing PSDTs. Furthermore, the first-of-its-kind synthetic grid with a longitudinal structure, the S-NEM2300-bus benchmark model, based on the Australian National Electricity Market is created. The synthetic grid is, finally, used to illustrate the first steps towards implementing a practical PSDT

Scalable analysis of stochastic process algebra models

The performance modelling of large-scale systems using discrete-state approaches is fundamentally hampered by the well-known problem of state-space explosion, which causes exponential growth of the reachable state space as a function of the number of the components which constitute the model. Because they are mapped onto continuous-time Markov chains (CTMCs), models described in the stochastic process algebra PEPA are no exception. This thesis presents a deterministic continuous-state semantics of PEPA which employs ordinary differential equations (ODEs) as the underlying mathematics for the performance evaluation. This is suitable for models consisting of large numbers of replicated components, as the ODE problem size is insensitive to the actual population levels of the system under study. Furthermore, the ODE is given an interpretation as the fluid limit of a properly defined CTMC model when the initial population levels go to infinity. This framework allows the use of existing results which give error bounds to assess the quality of the differential approximation. The computation of performance indices such as throughput, utilisation, and average response time are interpreted deterministically as functions of the ODE solution and are related to corresponding reward structures in the Markovian setting. The differential interpretation of PEPA provides a framework that is conceptually analogous to established approximation methods in queueing networks based on meanvalue analysis, as both approaches aim at reducing the computational cost of the analysis by providing estimates for the expected values of the performance metrics of interest. The relationship between these two techniques is examined in more detail in a comparison between PEPA and the Layered Queueing Network (LQN) model. General patterns of translation of LQN elements into corresponding PEPA components are applied to a substantial case study of a distributed computer system. This model is analysed using stochastic simulation to gauge the soundness of the translation. Furthermore, it is subjected to a series of numerical tests to compare execution runtimes and accuracy of the PEPA differential analysis against the LQN mean-value approximation method. Finally, this thesis discusses the major elements concerning the development of a software toolkit, the PEPA Eclipse Plug-in, which offers a comprehensive modelling environment for PEPA, including modules for static analysis, explicit state-space exploration, numerical solution of the steady-state equilibrium of the Markov chain, stochastic simulation, the differential analysis approach herein presented, and a graphical framework for model editing and visualisation of performance evaluation results