Using SPIN to Analyse the Tree Identification Phase of the IEEE 1394 High-Performance Serial Bus(FireWire)Protocol

We describe how the tree identification phase of the IEEE 1394 high-performance serial bus (FireWire) protocol is modelled in Promela and verified using SPIN. The verification of arbitrary system configurations is discussed

Automatic generation of assumptions for modular verification of software specifications

Model checking is a powerful automated technique mainly used for the verification of properties of reactive systems. In practice, model checkers are limited due to the state explosion problem. Modular verification based on the assume-guarantee paradigm mitigates this problem using a “divide and conquer” technique. Unfortunately, this approach is not automated, for the reason that the user must specify the environment model. In this paper, a novel technique is presented for automatically generating component assumptions based on the behaviour of the environment (the remainder of components of the systems). In a first phase, the environment of the component is computed using state space exploration techniques, and then the assumptions are generated as association rules of the component environment interface. This approach presents a number of advantages. Firstly, user assistance to specify assumptions is not necessary and assumption discharge is avoided. Secondly, the component assumptions are more restrictive and real, and therefore reduce the resources needed by the model checker. The technique is applied to the specification of a steam boiler syste

Rigorous code generation for distributed real-time embedded systems

This thesis addresses the problem of generating executable code for distributed embedded systems in which computing nodes communicate using the Controller Area Network (CAN). CAN is the dominant network in automotive and factory control systems and is becoming increasingly popular in robotic, medical and avionics applications. The requirements for functional and temporal reliability in these domains are often stringent, and testing alone may not offer the required level of con dence that systems satisfy their specications. Consequently, there has been considerable research interest in additional techniques for reasoning about the behaviour of CAN-based systems. This thesis proposes a novel approach in which system behaviour is specifed in a high-level language that is syntactically similar to Esterel but which is given a formal semantics by translation to bCANDLE, an asynchronous process calculus. The work developed here shows that bCANDLE systems can be translated automatically, via a common intermediate net representation, not only into executable C code but also into timed automaton models that can be used in the formal verification of a wide range of functional and temporal properties. A rigorous argument is presented that, for any system expressed in the high-level language, its timed automaton model is a conservative approximation of the executable C code, given certain well-defined assumptions about system components. It is shownthat an off-the-shelf model-checker (UPPAAL) can be used to verify system properties with a high-level of confidence that those properties will be exhibited by the executable code. The approach is evaluated by applying it to four representative case studies. Our results show that, for small to medium-sized systems, the generated code is sufficiently efficient for execution on typical hardware and the generated timed automaton model is sufficiently small for analysis within reasonable time and memory constraints

Architectural Refinement in HETS

The main objective of this work is to bring a number of improvements to the Heterogeneous Tool Set HETS, both from a theoretical and an implementation point of view. In the first part of the thesis we present a number of recent extensions of the tool, among which declarative specifications of logics, generalized theoroidal comorphisms, heterogeneous colimits and integration of the logic of the term rewriting system Maude. In the second part we concentrate on the CASL architectural refinement language, that we equip with a notion of refinement tree and with calculi for checking correctness and consistency of refinements. Soundness and completeness of these calculi is also investigated. Finally, we present the integration of the VSE refinement method in HETS as an institution comorphism. Thus, the proof manangement component of HETS remains unmodified

A Systems Engineering Reference Model for Fuel Cell Power Systems Development

This research was done because today the Fuel Cell (FC) Industry is still in its infancy in spite over one-hundred years of development has transpired. Although hundreds of fuel cell developers, globally have been spawned, in the last ten to twenty years, only a very few are left struggling with their New Product Development (NPD). The entrepreneurs of this type of disruptive technology, as a whole, do not have a systems engineering \u27roadmap , or template, which could guide FC technology based power system development efforts to address a more environmentally friendly power generation. Hence their probability of achieving successful commercialization is generally, quite low. Three major problems plague the fuel cell industry preventing successful commercialization today. Because of the immaturity of FC technology and, the shortage of workers intimately knowledgeable in FC technology, and the lack of FC systems engineering, process developmental knowledge, the necessity for a commercialization process model becomes evident. This thesis presents a six-phase systems engineering developmental reference model for new product development of a Solid Oxide Fuel Cell (SOFC) Power System. For this work, a stationary SOFC Power System, the subject of this study, was defined and decomposed into a subsystems hierarchy using a Part Centric Top-Down, integrated approach to give those who are familiar with SOFC Technology a chance to learn systems engineering practices. In turn, the examination of the SOFC mock-up could gave those unfamiliar with SOFC Technology a chance to learn the basic, technical fundamentals of fuel cell development and operations. A detailed description of the first two early phases of the systems engineering approach to design and development provides the baseline system engineering process details to create a template reference model for the remaining four phases. The NPD reference template model\u27s systems engineering process, philosophy and design tools are presented in great detail. Lastly, the thesi

A Systems Engineering Reference Model for Fuel Cell Power Systems Development

This research was done because today the Fuel Cell (FC) Industry is still in its infancy in spite over one-hundred years of development has transpired. Although hundreds of fuel cell developers, globally have been spawned, in the last ten to twenty years, only a very few are left struggling with their New Product Development (NPD). The entrepreneurs of this type of disruptive technology, as a whole, do not have a systems engineering \u27roadmap , or template, which could guide FC technology based power system development efforts to address a more environmentally friendly power generation. Hence their probability of achieving successful commercialization is generally, quite low. Three major problems plague the fuel cell industry preventing successful commercialization today. Because of the immaturity of FC technology and, the shortage of workers intimately knowledgeable in FC technology, and the lack of FC systems engineering, process developmental knowledge, the necessity for a commercialization process model becomes evident. This thesis presents a six-phase systems engineering developmental reference model for new product development of a Solid Oxide Fuel Cell (SOFC) Power System. For this work, a stationary SOFC Power System, the subject of this study, was defined and decomposed into a subsystems hierarchy using a Part Centric Top-Down, integrated approach to give those who are familiar with SOFC Technology a chance to learn systems engineering practices. In turn, the examination of the SOFC mock-up could gave those unfamiliar with SOFC Technology a chance to learn the basic, technical fundamentals of fuel cell development and operations. A detailed description of the first two early phases of the systems engineering approach to design and development provides the baseline system engineering process details to create a template reference model for the remaining four phases. The NPD reference template model\u27s systems engineering process, philosophy and design tools are presented in great detail. Lastly, the thesi

Coloured Petri Nets - a Pragmatic Formal Method for Designing and Analysing Distributed Systems

The thesis consists of six individual papers, where the present paper contains the mandatory overview, while the remaining five papers are found separately from the overview. The five papers can roughly be divided into three areas of research, namely case studies, education, and extensions to the CPN method.The primary purpose of the PhD thesis is to study the pragmatics, practical aspects, and intuition of CP-nets viewed as a formal method for describing and reasoning about concurrent systems. The perspective of pragmatics is our leitmotif, but at the same time in the context of CP-nets it is a kind of hypothesis of this thesis. This overview paper summarises the research conducted as an investigation of the hypothesis in the three areas of case studies, education, and extensions.The provoking claim of pragmatics should not be underestimated. In the present overview of the thesis, the CPN method is compared with a representative selection of formal methods. The graphics and simplicity of semantics, yet generality and expressiveness of the language constructs, essentially makes CP-nets a viable and attractive alternative to other formal methods. Similar graphical formal methods, such as SDL and Statecharts, typically have significantly more complicated semantics, or are domain-specific languages.research conducted in this thesis, opens a new complex of problems. Firstly, to get wider acceptance of CP-nets in industry, it is important to identify fruitful areas for the effective introduction of the CPN method. Secondly, it would be useful to identify a few extensions to the CPN method inspired by specific domains for easier adaption in industry. Thirdly, which analysis methods do future systems make use of

Metering Best Practices, A Guide to Achieving Utility Resource Efficiency, Release 2.0

This release is an update and expansion of the information provided in Release 1.0 of the Metering Best Practice Guide that was issued in October 2007. This release, as was the previous release, was developed under the direction of the U.S. Department of Energy's Federal Energy Management Program (FEMP). The mission of FEMP is to facilitate the Federal Government's implementation of sound cost-effective energy management and investment practices to enhance the nation's energy security and environmental stewardship. Each of these activities is directly related to achieving requirements set forth in the Energy Policy Acts of 1992 and 2005, the Energy Independence and Security Act (EISA) of 2007, and the goals that have been established in Executive Orders 13423 and 13514 - and also those practices that are inherent in sound management of Federal financial and personnel resources