885 research outputs found
Formal Verification of Real-Time Function Blocks Using PVS
A critical step towards certifying safety-critical systems is to check their
conformance to hard real-time requirements. A promising way to achieve this is
by building the systems from pre-verified components and verifying their
correctness in a compositional manner. We previously reported a formal approach
to verifying function blocks (FBs) using tabular expressions and the PVS proof
assistant. By applying our approach to the IEC 61131-3 standard of Programmable
Logic Controllers (PLCs), we constructed a repository of precise specification
and reusable (proven) theorems of feasibility and correctness for FBs. However,
we previously did not apply our approach to verify FBs against timing
requirements, since IEC 61131-3 does not define composite FBs built from
timers. In this paper, based on our experience in the nuclear domain, we
conduct two realistic case studies, consisting of the software requirements and
the proposed FB implementations for two subsystems of an industrial control
system. The implementations are built from IEC 61131-3 FBs, including the
on-delay timer. We find issues during the verification process and suggest
solutions.Comment: In Proceedings ESSS 2015, arXiv:1506.0325
Reo + mCRL2: A Framework for Model-Checking Dataflow in Service Compositions
The paradigm of service-oriented computing revolutionized the field of software
engineering. According to this paradigm, new systems are composed of existing
stand-alone services to support complex cross-organizational business
processes. Correct communication of these services is not possible without a
proper coordination mechanism. The Reo coordination language is a channel-based
modeling language that introduces various types of channels and their
composition rules. By composing Reo channels, one can specify Reo connectors
that realize arbitrary complex behavioral protocols. Several formalisms have
been introduced to give semantics to Reo. In their most basic form, they
reflect service synchronization and dataflow constraints imposed by connectors.
To ensure that the composed system behaves as intended, we need a wide range of
automated verification tools to assist service composition designers. In this
paper, we present our framework for the verification of Reo using the mCRL2
toolset. We unify our previous work on mapping various semantic models for Reo,
namely, constraint automata, timed constraint automata, coloring semantics and
the newly developed action constraint automata, to the process algebraic
specification language of mCRL2, address the correctness of this mapping,
discuss tool support, and present a detailed example that illustrates the use
of Reo empowered with mCRL2 for the analysis of dataflow in service-based
process models
Reo + mCRL2: A Framework for Model-checking Dataflow in Service Compositions
The paradigm of service-oriented computing revolutionized the field of software engineering. According to this paradigm, new systems are composed of existing stand-alone services to support complex cross-organizational business processes. Correct communication of these services is not possible without a proper coordination mechanism. The Reo coordination language is a channel-based modeling language that introduces various types of channels and their composition rules. By composing Reo channels, one can specify Reo connectors that realize arbitrary complex behavioral protocols. Several formalisms have been introduced to give semantics to Reo. In their most basic form, they reflect service synchronization and dataflow constraints imposed by connectors. To ensure that the composed system behaves as intended, we need a wide range of automated verification tools to assist service composition designers. In this paper, we present our framework for the verification of Reo using the toolset. We unify our previous work on mapping various semantic models for Reo, namely, constraint automata, timed constraint automata, coloring semantics and the newly developed action constraint automata, to the process algebraic specification language of , address the correctness of this mapping, discuss tool support, and present a detailed example that illustrates the use of Reo empowered with for the analysis of dataflow in service-based process models
Handshaking Protocol for Distributed Implementation of Reo
Reo, an exogenous channel-based coordination language, is a model for service
coordination wherein services communicate through connectors formed by joining
binary communication channels. In order to establish transactional
communication among services as prescribed by connector semantics, distributed
ports exchange handshaking messages signalling which parties are ready to
provide or consume data. In this paper, we present a formal implementation
model for distributed Reo with communication delays and outline ideas for its
proof of correctness. To reason about Reo implementation formally, we introduce
Timed Action Constraint Automata (TACA) and explain how to compare TACA with
existing automata-based semantics for Reo. We use TACA to describe handshaking
behavior of Reo modeling primitives and argue that in any distributed circuit
remote Reo nodes and channels exposing such behavior commit to perform
transitions envisaged by the network semantics.Comment: In Proceedings FOCLASA 2014, arXiv:1502.0315
Integrating verifiable Assume/Guarantee contracts in UML/SysML
International audienceThe compositional approach based on components and driven by requirements is a common method used in the development of critical real-time embedded systems. Since the satisfaction of a requirement is subject to the composition of several components, defining abstract and partial behaviors for components with respect to the point of view of the requirement allows for a manageable design of systems. In this paper we consider such specifications in the form of contracts. A contract for a component is a pair (assumption, guarantee) where the assumption is an abstraction of the component's environment behavior and the guarantee is an abstraction of the component's behavior given that the environment behaves like the assumption. In previous work we have defined a formal contract-based theory for Timed Input/Output Automata with the aim of using it to express the semantics of UML/SysML models. In this paper we propose an extension of the UML/SysML language with a syntax and semantics for contracts and for the relations they must satisfy. Besides the important role that contracts have in design, they can also be used for the verification of requirement satisfaction and for their traceability
Compositional Construction of Real-Time Dataflow Networks
Increasing sizes of present-day distributed software systems call for
coordination models which are both \emph{modular} and \emph{scalable}.
Precise modelling of real-life applications further requires the notion of
\emph{real-time}.
In this paper, we present a modular formal development of a compositional model
for real-time coordination in dataflow networks. While real-time dataflow
networks are typically asynchronous, our approach includes coordination
patterns which combine, but are not limited to, synchrony and asynchrony. We
define a constraint- and SAT-based encoding, which allows us to benefit
from high-end constraint solving techniques when inspecting valid interactions
of the system
Capturing functional and non-functional connector
The CONNECT Integrated Project aims to develop a novel networking infrastructure that will support composition of networked systems with on-the-fly connector synthesis. The role of this work package is to investigate the foundations and verification methods for composable connectors. In this deliverable, we set the scene for the formulation of the modelling framework by surveying existing connector modelling formalisms. We covered not only classical connector algebra formalisms, but also, where appropriate, their corresponding quantitative extensions. All formalisms have been evaluated against a set of key dimensions of interest agreed upon in the CONNECT project. Based on these investigations, we concluded that none of the modelling formalisms available at present satisfy our eight dimensions. We will use the outcome of the survey to guide the formulation of a compositional modelling formalism tailored to the specific requirements of the CONNECT project. Furthermore, we considered the range of non-functional properties that are of interest to CONNECT, and reviewed existing specification formalisms for capturing them, together with the corresponding modelchecking algorithms and tool support. Consequently, we described the scientific advances concerning model-checking algorithms and tools, which are partial contribution towards future deliverables: an approach for online verification (part of D2.2), automated abstraction-refinement for probabilistic realtime systems (part of D2.2 and D2.4), and compositional probabilistic verification within PRISM, to serve as a foundation of future research on quantitative assume-guarantee compositional reasoning (part of D2.2 and D2.4)
- …