A Model-based transformation process to validate and implement high-integrity systems

Despite numerous advances, building High-Integrity Embedded systems remains a complex task. They come with strong requirements to ensure safety, schedulability or security properties; one needs to combine multiple analysis to validate each of them. Model-Based Engineering is an accepted solution to address such complexity: analytical models are derived from an abstraction of the system to be built. Yet, ensuring that all abstractions are semantically consistent, remains an issue, e.g. when performing model checking for assessing safety, and then for schedulability using timed automata, and then when generating code. Complexity stems from the high-level view of the model compared to the low-level mechanisms used. In this paper, we present our approach based on AADL and its behavioral annex to refine iteratively an architecture description. Both application and runtime components are transformed into basic AADL constructs which have a strict counterpart in classical programming languages or patterns for verification. We detail the benefits of this process to enhance analysis and code generation. This work has been integrated to the AADL-tool support OSATE2

Modelling and Refinement in CODA

This paper provides an overview of the CODA framework for modelling and refinement of component-based embedded systems. CODA is an extension of Event-B and UML-B and is supported by a plug-in for the Rodin toolset. CODA augments Event-B with constructs for component-based modelling including components, communications ports, port connectors, timed communications and timing triggers. Component behaviour is specified through a combination of UML-B state machines and Event-B. CODA communications and timing are given an Event-B semantics through translation rules. Refinement is based on Event-B refinement and allows layered construction of CODA models in a consistent way.Comment: In Proceedings Refine 2013, arXiv:1305.563

The earlier the better: a theory of timed actor interfaces

Programming embedded and cyber-physical systems requires attention not only to functional behavior and correctness, but also to non-functional aspects and specifically timing and performance. A structured, compositional, model-based approach based on stepwise refinement and abstraction techniques can support the development process, increase its quality and reduce development time through automation of synthesis, analysis or verification. Toward this, we introduce a theory of timed actors whose notion of refinement is based on the principle of worst-case design that permeates the world of performance-critical systems. This is in contrast with the classical behavioral and functional refinements based on restricting sets of behaviors. Our refinement allows time-deterministic abstractions to be made of time-non-deterministic systems, improving efficiency and reducing complexity of formal analysis. We show how our theory relates to, and can be used to reconcile existing time and performance models and their established theories

The earlier the better: a theory of timed actor interfaces

Programming embedded and cyber-physical systems requires attention not only to functional behavior and correctness, but also to non-functional aspects and specifically timing and performance constraints. A structured, compositional, model-based approach based on stepwise refinement and abstraction techniques can support the development process, increase its quality and reduce development time through automation of synthesis, analysis or verification. For this purpose, we introduce in this paper a general theory of timed actor interfaces. Our theory supports a notion of refinement that is based on the principle of worst-case design that permeates the world of performance-critical systems. This is in contrast with the classical behavioral and functional refinements based on restricting or enlarging sets of behaviors. An important feature of our refinement is that it allows time-deterministic abstractions to be made of time-non-deterministic systems, improving efficiency and reducing complexity of formal analysis. We also show how our theory relates to, and can be used to reconcile a number of existing time and performance models and how their established theories can be exploited to represent and analyze interface specifications and refinement steps.\u

Symbolic models for nonlinear control systems without stability assumptions

Finite-state models of control systems were proposed by several researchers as a convenient mechanism to synthesize controllers enforcing complex specifications. Most techniques for the construction of such symbolic models have two main drawbacks: either they can only be applied to restrictive classes of systems, or they require the exact computation of reachable sets. In this paper, we propose a new abstraction technique that is applicable to any smooth control system as long as we are only interested in its behavior in a compact set. Moreover, the exact computation of reachable sets is not required. The effectiveness of the proposed results is illustrated by synthesizing a controller to steer a vehicle.Comment: 11 pages, 2 figures, journa

DILL: Specifying digital logic in LOTOS

As a relatively new application area for LOTOS (Language Of Temporal Ordering Specification), the specification of digital logic is investigated. A specification approach is evolved and justified, illustrated with basic logic gates and the larger example of a keyboard controller. The construction and validation of the digital component library are discussed, along with a retrieval tool that allows access to the library

Formal methods and tools for the development of distributed and real time systems : Esprit Project 3096 (SPEC)

The Basic Research Action No. 3096, Formal Methods snd Tools for the Development of Distributed and Real Time Systems, is funded in the Area of Computer Science, under the ESPRIT Programme of the European Community. The coordinating institution is the Department of Computing Science, Eindhoven University of Technology, and the participating Institutions are the Institute of Computer Science of Crete. the Swedish Institute of Computer Science, the Programmimg Research Group of the University of Oxford, and the Computer Science Departments of the University of Manchester, Imperial College. Weizmann Institute of Science, Eindhoven University of Technology, IMAG Grenoble. Catholic University of Nijmegen, and the University of Liege. This document contains the synopsis. and part of the sections on objectives and area of advance, on baseline and rationale, on research goals, and on organisation of the action, as contained in the original proposal, submitted June, 198S. The section on the state of the art (18 pages) and the full list of references (21 pages) of the original proposal have been deleted because of limitation of available space

Contracts for Systems Design: Theory

Aircrafts, trains, cars, plants, distributed telecommunication military or health care systems,and more, involve systems design as a critical step. Complexity has caused system design times and coststo go severely over budget so as to threaten the health of entire industrial sectors. Heuristic methods andstandard practices do not seem to scale with complexity so that novel design methods and tools based on astrong theoretical foundation are sorely needed. Model-based design as well as other methodologies suchas layered and compositional design have been used recently but a unified intellectual framework with acomplete design flow supported by formal tools is still lacking.Recently an “orthogonal” approach has been proposed that can be applied to all methodologies introducedthus far to provide a rigorous scaffolding for verification, analysis and abstraction/refinement: contractbaseddesign. Several results have been obtained in this domain but a unified treatment of the topic that canhelp in putting contract-based design in perspective is missing. This paper intends to provide such treatmentwhere contracts are precisely defined and characterized so that they can be used in design methodologiessuch as the ones mentioned above with no ambiguity. In addition, the paper provides an important linkbetween interface and contract theories to show similarities and correspondences.This paper is complemented by a companion paper where contract based design is illustrated throughuse cases

Composable Models for Timing and Liveness Analysis in Distributed Real-Time Embedded Systems Middleware

Middleware for distributed real-time embedded (DRE) systems has grown increasingly complex, to address functional and temporal requirements of diverse applications. While current approaches to modeling middleware have eased the task of assembling, deploying and configuring middleware and the applications that use it, a lower-level set of formal models is needed to uncover subtle timing and liveness hazards introduced by interference between and within distributed computations, particularly in the face of alternative middleware concurrency strategies. In this paper, we propose timed automata as a formal model of low-level middleware building blocks from which a variety different middleware configurations can be constructed. When combined with analysis techniques such as model checking, this formal model can help developers in verifying the correctness of various middleware configurations with respect to the timing and liveness constraints of each particular application