Formal modelling and analysis of broadcasting embedded control systems

PhD ThesisEmbedded systems are real-time, communicating systems, and the effective modelling and analysis of these aspects of their behaviour is regarded as essential for acquiring confidence in their correct operation. In practice, it is important to minimise the burden of model construction and to automate the analysis, if possible. Among the most promising techniques for real-time systems are reachability analysis and model-checking of networks of timed automata. We identify two obstacles to the application of these techniques to a large class of distributed embedded systems: firstly, the language of timed automata is too low-level for straightforward model construction, and secondly, the synchronous, handshake communication mechanism of the timed automata model does not fit well with the asynchronous, broadcast mechanism employed in many distributed embedded systems. As a result, the task of model construction can be unduly onerous. This dissertation proposes an expressive language for the construction of models of real-time, broadcasting control systems, and demonstrates how effi- cient analysis techniques can be applied to them. The dissertation is concerned in particular with the Controller Area Network (CAN) protocol which is emerging as a de facto standard in the automotive industry. An abstract formal model of CAN is developed. This model is adopted as the communication primitive in a new language, bCANDLE, which includes value passing, broadcast communication, message priorities and explicit time. A high-level language, CANDLE, is introduced and its semantics defined by translation to bCANDLE. We show how realistic CAN systems can be described in CANDLE and how a timed transition model of a system can be extracted for analysis. Finally, it is shown how efficient methods of analysis, such as 'on-the- fly' and symbolic techniques, can be applied to these models. The dissertation contributes to the practical application of formal methods within the domain of broadcasting, embedded control systemsSchool of Computing and Mathematics at the University of Northumbri

State Space Reduction based on Live Variables Analysis

International audienceThe intrinsic complexity of most protocol specifications in particular, and of asynchronous systems in general, lead us to study combinations of static analysis with classical model-checking techniques as a way to enhance the performances of automated validation tools. The goal of this paper is to point out that an equivalence on our model derived from the information on live variables is stronger than the strong bisimulation. This equivalence, further called live bisimulation, exploits the unused dead values stored either in variables or in queue contents and allow to simplify the state space with a rather important factor. Furthermore, this reduction comes almost for free and is always possible to directly generate the quotient model without generating the initial one

State Space Reduction based on Live Variables Analysis

The intrinsic complexity of most protocol specifications in particular, and of asynchronous systems in general, lead us to study combinations of static analysis with classical model-checking techniques as a way to enhance the performances of automated validation tools. The goal of this paper is to point out that an equivalence on our model derived from the information on live variables is stronger than the strong bisimulation. This equivalence, further called live bisimulation, exploits the unused dead values stored either in variables or in queue contents and allow to simplify the state space with a rather important factor. Furthermore, this reduction comes almost for free and is always possible to directly generate the quotient model without generating the initial one