Language Design for Reactive Systems: On Modal Models, Time, and Object Orientation in Lingua Franca and SCCharts

Reactive systems play a crucial role in the embedded domain. They continuously interact with their environment, handle concurrent operations, and are commonly expected to provide deterministic behavior to enable application in safety-critical systems. In this context, language design is a key aspect, since carefully tailored language constructs can aid in addressing the challenges faced in this domain, as illustrated by the various concurrency models that prevent the known pitfalls of regular threads. Today, many languages exist in this domain and often provide unique characteristics that make them specifically fit for certain use cases. This thesis evolves around two distinctive languages: the actor-oriented polyglot coordination language Lingua Franca and the synchronous statecharts dialect SCCharts. While they take different approaches in providing reactive modeling capabilities, they share clear similarities in their semantics and complement each other in design principles. This thesis analyzes and compares key design aspects in the context of these two languages. For three particularly relevant concepts, it provides and evaluates lean and seamless language extensions that are carefully aligned with the fundamental principles of the underlying language. Specifically, Lingua Franca is extended toward coordinating modal behavior, while SCCharts receives a timed automaton notation with an efficient execution model using dynamic ticks and an extension toward the object-oriented modeling paradigm

Formal Methods Specification and Analysis Guidebook for the Verification of Software and Computer Systems

This guidebook, the second of a two-volume series, is intended to facilitate the transfer of formal methods to the avionics and aerospace community. The 1st volume concentrates on administrative and planning issues [NASA-95a], and the second volume focuses on the technical issues involved in applying formal methods to avionics and aerospace software systems. Hereafter, the term "guidebook" refers exclusively to the second volume of the series. The title of this second volume, A Practitioner's Companion, conveys its intent. The guidebook is written primarily for the nonexpert and requires little or no prior experience with formal methods techniques and tools. However, it does attempt to distill some of the more subtle ingredients in the productive application of formal methods. To the extent that it succeeds, those conversant with formal methods will also nd the guidebook useful. The discussion is illustrated through the development of a realistic example, relevant fragments of which appear in each chapter. The guidebook focuses primarily on the use of formal methods for analysis of requirements and high-level design, the stages at which formal methods have been most productively applied. Although much of the discussion applies to low-level design and implementation, the guidebook does not discuss issues involved in the later life cycle application of formal methods

Automated validation of minimum risk model-based system designs of complex avionics systems

Today, large civil aircraft incorporate a vast array of complex and coupled subsystems with thousands of electronic control units and software with millions of lines of code. Aircraft suppliers are challenged to provide superior products that are developed at a minimum time and cost, with maximum safety and security. No single person can understand the complex interactions of such a system of systems. Finding an optimal solution from large sets of different possible designs is an impossible task if done manually. Thus, written, non-executable specifications carry a high degree of product uncertainty. As a result, more than two-thirds of all specifications need to be reworked. Since most specification flaws are discovered and resolved at a late stage during development, when expenditures for redesign are at a maximum, the development approach currently used has a high probability of project cost and time overruns or even project failure, thus maximizing the risk of development. It is the aim of this work, to develop a model- and simulation-based systems engineering method with associated design and validation environment that minimizes the risk of development for complex systems, e.g. aircraft. The development risk is a minimum, if all development decisions are validated early against the services of a product at mission level by the final customer. To do so, executable specifications are created during design and validated against the requirements of system services at mission level. Validated executable specifications are used and updated for all decisions from concept development through implementation and training. In addition, virtual prototypes are developed. A virtual prototype is an executable system specification that is combined with human machine interface concept models to include usability requirements in the overall design and to enable interactive specification validation and early end user training by means of interactive user-driven system simulation. In a first step, so called executable workflows and simulation sets are developed to enable the execution of sets of structured and coupled simulation models. In a second step, a model- and simulation-based development and validation process model is developed from concept design to specification development. In a final step, two different validation processes are developed. An automated validation process based on executable specifications and an interactive validation process based on virtual prototypes. For the development of executable specifications and virtual prototypes, plug-and-play capable model components are developed. The developed method is validated for examples from civil aircraft development with focus on avionics and highly configurable and customizable cabin systems.Große zivile Flugzeuge umfassen eine hohe Anzahl von komplexen und gekoppelten Subsystemen mit Tausenden von elektronischen Steuergeräten und Software mit Millionen von Codezeilen. Keine einzelne Person kann die komplexen Wechselwirkungen eines solchen Systems von Systemen verstehen. Daher beinhalten geschriebene, nicht ausführbare Spezifikationen einen hohen Grad an Produktunsicherheit. Infolgedessen müssen mehr als zwei Drittel aller Spezifikationen überarbeitet werden. Da die meisten Spezifikationsfehler zu einem späten Zeitpunkt entdeckt und gelöst werden, wenn Aufwände für Überarbeitungen maximal sind, hat der gegenwärtige Entwicklungsansatz eine hohe Wahrscheinlichkeit für Kosten- und Zeitüberschreitungen oder führt zum Fehlschlagen von Projekten. Hierdurch wird das Entwicklungsrisiko maximiert. Es ist das Ziel dieser Arbeit, eine modell- und simulationsbasierte Entwicklungsmethode mit zugehöriger Entwurfs- und Validierungsumgebung zu entwickeln, welche das Risiko der Entwicklung für komplexe Systeme minimiert. Das Entwicklungsrisiko ist minimal, wenn alle Entwicklungsentscheidungen frühzeitig vom Endkunden gegen die Leistungen eines Produktes auf Missionsebene validiert werden. Dazu werden ausführbare Spezifikationen während des Entwurfs erstellt und anhand der Anforderungen auf Missionsebene validiert. Validierte ausführbare Spezifikationen werden für alle Entscheidungen von der Konzeptentwicklung bis zur Implementierung verwendet und aktualisiert. Darüber hinaus werden virtuelle Prototypen entwickelt, welche ausführbare Spezifikationen mit Konzeptmodellen für Mensch-Maschine-Schnittstellen kombinieren, um Usability-Anforderungen in den Gesamtentwurf aufzunehmen. Dies ermöglicht eine interaktive Validierung sowie frühes Endbenutzertraining mittels benutzergesteuerter Systemsimulation. Es werden ausführbare Arbeitsabläufe und Simulation Sets entwickelt, welche die Ausführung von strukturierten und gekoppelten Simulationsmodellen ermöglichen. Anschließend wird ein modell- und simulationsbasiertes Entwicklungs- und Validierungsprozessmodell vom Konzeptdesign bis zur Spezifikationsentwicklung entwickelt. Hierfür werden zwei verschiedene Validierungsprozesse verwendet. Ein automatisierter Validierungsprozess basierend auf ausführbaren Spezifikationen und ein interaktiver Validierungsprozess basierend auf virtuellen Prototypen. Für die Entwicklung von ausführbaren Spezifikationen und virtuellen Prototypen werden Modellkomponenten entwickelt. Die entwickelte Methode wird mithilfe von Beispielen aus der zivilen Flugzeugentwicklung validiert, insbesondere in Hinblick auf Avionik sowie hoch konfigurierbare und anpassbare Kabinensysteme

Automatic Decomposition of Petri Nets into Automata Networks - A Synthetic Account

International audienceThis article revisits the problem of decomposing a Petri net into a network of automata, a problem that has been around since the early 70s. We reformu-late this problem as the transformation of an ordinary, one-safe Petri net into a flat, unit-safe NUPN (Nested-Unit Petri Net) and define a quality criterion based on the number of bits required for the structural encoding of markings. We propose various transformation methods, all of which we implemented in a tool chain that combines NUPN tools with third-party software, such as SAT solvers, SMT solvers, and tools for graph colouring and finding maximal cliques. We perform an extensive evaluation of these methods on a collection of more than 12,000 nets from diverse sources, including nets whose marking graph is too large for being explored exhaustively

Un meta-modèle de composants pour la réalisation d'applications temps-réel flexibles et modulaires

The increase of software complexity along the years has led researchers in the software engineering field to look for approaches for conceiving and designing new systems. For instance, the service-oriented architectures approach is considered nowadays as the most advanced way to develop and integrate fastly modular and flexible applications. One of the software engineering solutions principles is re-usability, and consequently generality, which complicates its appilication in systems where optimizations are often used, like real-time systems. Thus, create real-time systems is expensive, because they must be conceived from scratch. In addition, most real-time systems do not beneficiate of the advantages which comes with software engineering approches, such as modularity and flexibility. This thesis aim to take real time aspects into account on popular and standard SOA solutions, in order to ease the design and development of modular and flexible applications. This will be done by means of a component-based real-time application model, which allows the dynamic reconfiguration of the application architecture. The component model will be an extension to the SCA standard, which integrates quality of service attributs onto the service consumer and provider in order to stablish a real-time specific service level agreement. This model will be executed on the top of a OSGi service platform, the standard de facto for development of modular applications in Java.La croissante complexité du logiciel a mené les chercheurs en génie logiciel à chercher des approcher pour concevoir et projéter des nouveaux systèmes. Par exemple, l'approche des architectures orientées services (SOA) est considérée actuellement comme le moyen le plus avancé pour réaliser et intégrer rapidement des applications modulaires et flexibles. Une des principales préocuppations des solutions en génie logiciel et la réutilisation, et par conséquent, la généralité de la solution, ce qui peut empêcher son application dans des systèmes où des optimisation sont souvent utilisées, tels que les systèmes temps réels. Ainsi, créer un système temps réel est devenu très couteux. De plus, la plupart des systèmes temps réel ne beneficient pas des facilités apportées par le genie logiciel, tels que la modularité et la flexibilité. Le but de cette thèse c'est de prendre en compte ces aspects temps réel dans des solutions populaires et standards SOA pour faciliter la conception et le développement d'applications temps réel flexibles et modulaires. Cela sera fait à l'aide d'un modèle d'applications temps réel orienté composant autorisant des modifications dynamiques dans l'architecture de l'application. Le modèle de composant sera une extension au standard SCA qui intègre des attributs de qualité de service sur le consomateur et le fournisseur de services pour l'établissement d'un accord de niveau de service spécifique au temps réel. Ce modèle sera executé sur une plateforme de services OSGi, le standard de facto pour le developpement d'applications modulaires en Java

A system-theoretic safety engineering approach for software-intensive systems

In the software development process, formal verification and functional testing are complementary approaches which are used to verify the functional correctness of software; however, even perfectly reliable software could lead to an accident. The correctness of software cannot ensure the safe operation of safety-critical software systems. Therefore, developing safety-critical software requires a more systematic software and safety engineering process that enables the software and safety engineers to recognize the potential software risks. For this purpose, this dissertation introduces a comprehensive safety engineering approach based on STPA for Software-Intensive Systems, called STPA SwISs, which provides seamless STPA safety analysis and software safety verification activities to allow the software and safety engineers to work together during the software development for safety-critical systems and help them to recognize the associated software risks at the system level