Proceedings of SUMo and CompoNet 2011

International audienc

Property driven verification framework: application to real time property for UML MARTE software design

Les techniques formelles de la famille « vérification de modèles » (« model checking ») se heurtent au problème de l’explosion combinatoire. Ceci limite les perspectives d’exploitation dans des projets industriels. Ce problème est provoqué par la combinatoire dans la construction de l’espace des états possibles durant l’exécution des systèmes modélisés. Le nombre d’états pour des modèles de systèmes industriels réalistes dépasse régulièrement les capacités des ressources disponibles en calcul et stockage. Cette thèse défend l’idée qu’il est possible de réduire cette combinatoire en spécialisant les outils pour des familles de propriétés. Elle propose puis valide expérimentalement un ensemble de méthodes pour le développement de ce type d’outils en suivant une approche guidée par les propriétés appliquée au contexte temps réel. Il s’agit donc de construire des outils d’analyse performants pour des propriétés temps réel qui soient exploitables pour des modèles industriels de taille réaliste. Les langages considérés sont, d’une part UML étendu par le profil MARTE pour la modélisation par les utilisateurs, et d’autre part les réseaux de Petri temporisés comme support pour la vérification. Les propositions sont validées sur un cas d’étude industriel réaliste issu du monde avionique : l’étude de la latence et la fraicheur des données dans un système de gestion des alarmes exploitant les technologies d’Avionique Modulaire Intégrée. Ces propositions ont été mise en oeuvre comme une boite à outils qui intègre les cinq contributions suivantes: la définition de la sémantique d’exécution spécifiques aux propriétés temps réel pour les modèles d’architecture et de comportement spécifiés en UML/MARTE; la spécification des exigences temps réel en s’appuyant sur un ensemble de patrons de vérification atomiques dédiés aux propriété temps réel; une méthode itérative d’analyse à base d’observateurs pour des réseaux de Petri temporisés; des techniques de réduction de l’espace d’états spécifiques aux propriétés temps réel pour des Réseaux de Petri temporisés; une approche pour l’analyse des erreurs détectées par « vérification des modèles » en s’appuyant sur des idées inspirées de la « fouille de données » (« data mining »). ABSTRACT : Automatic formal verification such as model checking faces the combinatorial explosion issue. This limits its application in indus- trial projects. This issue is caused by the explosion of the number of states during system’s execution , as it may easily exceed the amount of available computing or storage resources. This thesis designs and experiments a set of methods for the development of scalable verification based on the property-driven approach. We propose efficient approaches based on model checking to verify real-time requirements expressed in large scale UML-MARTE real-time system designs. We rely on the UML and its profile MARTE as the end-user modeling language, and on the Time Petri Net (TPN) as the verification language. The main contribution of this thesis is the design and implementation of a property-driven verification prototype toolset dedicated to real-time properties verification for UML-MARTE real-time software designs. We validate this toolset using an avionic use case and its user requirements. The whole prototype toolset includes five contributions: definition of real-time property specific execution semantics for UML-MARTE architecture and behavior models; specification of real- time requirements relying on a set of verification dedicated atomic real- time property patterns; real-time property specific observer-based model checking approach in TPN; real-time property specific state space reduction approach for TPN; and fault localization approach in model checking

28th International Symposium on Temporal Representation and Reasoning (TIME 2021)

The 28th International Symposium on Temporal Representation and Reasoning (TIME 2021) was planned to take place in Klagenfurt, Austria, but had to move to an online conference due to the insecurities and restrictions caused by the pandemic. Since its frst edition in 1994, TIME Symposium is quite unique in the panorama of the scientifc conferences as its main goal is to bring together researchers from distinct research areas involving the management and representation of temporal data as well as the reasoning about temporal aspects of information. Moreover, TIME Symposium aims to bridge theoretical and applied research, as well as to serve as an interdisciplinary forum for exchange among researchers from the areas of artifcial intelligence, database management, logic and verifcation, and beyond

Software Verification for Programmable Logic Controllers

Programmable logic controllers (PLCs) occupy a big share in automation control. Their programming languages are, however, born out of historical needs and do not comply to state-of-the art programming concepts. Moreover, programming is mostly undertaken by the designers of the control systems. In sum this adds to the creation of erroneous software and, even more, unsafe control systems. In this work we focus on the software verification aspects for PLCs. For two selected programming languages, Sequential Function Charts (SFC) and Instruction List (IL) we discuss semantic issues as well as verification approaches. For SFCs we develop a model checking framework while for IL we suggest static analysis techniques, i.e., a combination of data flow analysis and abstract interpretation. Several case studies corrobate our approach

Formal Specification and Verification for Automated Production Systems

Complex industrial control software often drives safety- and mission-critical systems, like automated production plants or control units embedded into devices in automotive systems. Such controllers have in common that they are reactive systems, i.e., that they periodically read sensor stimuli and cyclically execute the same program to produce actuator signals. The correctness of software for automated production is rarely verified using formal techniques. Although, due to the Industrial Revolution 4.0 (IR4.0), the impact and importance of software have become an important role in industrial automation. What is used instead in industrial practice today is testing and simulation, where individual test cases are used to validate an automated production system. Three reasons why formal methods are not popular are: (a) It is difficult to adequately formulate the desired temporal properties. (b) There is a lack of specification languages for reactive systems that are both sufficiently expressive and comprehensible for practitioners. (c) Due to the lack of an environment model the obtained results are imprecise. Nonetheless, formal methods for automated production systems are well studied academically---mainly on the verification of safety properties via model checking. In this doctoral thesis we present the concept of (1) generalized test tables (GTTs), a new specification language for functional properties, and their extension (2) relational test tables (RTTs) for relational properties. The concept includes the syntactical notion, designed for the intuition of engineers, and the semantics, which are based on game theory. We use RTTs for a novel confidential property on reactive systems, the provably forgetting of information. Moreover, for regression verification, an important relational property, we are able to achieve performance improvements by (3) creating a decomposing rule which splits large proofs into small sub-task. We implemented the verification procedures and evaluated them against realistic case studies, e.g., the Pick-and-Place-Unit from the Technical University of Munich. The presented contribution follows the idea of lowering the obstacle of verifying the dependability of reactive systems in general, and automated production systems in particular for the engineer either by introducing a new specification language (GTTs), by exploiting existing programs for the specification (RTTs, regression verification), or by improving the verification performance

Arquitectura asimétrica multicore con procesador de Petri

Se ha determinado, en una arquitectura multi-Core SMP, el lugar donde incorporar el PP o el HPP sin alterar el ISA del resto de los core. Se ha obtenido una familia de procesadores que ejecutan los algoritmos de Petri para dar solución a sistemas reactivos y concurrentes, con una sólida verificación formal que permite la programación directa de los procesadores. Para esto, se ha construido el hardware de un PP y un HPP, con un IP-Core en una FPGA, integrado a un sistema multi-Core SMP, que ejecuta distintos tipo de RdP. Esta familia de procesadores es configurable en distintos aspectos: - Tamaño del procesador (cantidad de plazas y transiciones). - Procesadores con tiempo y procesadores temporales. - Arquitectura heterogénea, que permite distribuir los recursos empleados para instanciar el procesador según se requiera, y obtener un ahorro sustancial. - La posibilidad de configurar el procesador en pos de obtener los requerimientos y minimizar los recursos. Muy valorado en la construcción de sistemas embebidos. En los sistemas con alta necesidad de concurrencia y sincronización, donde se ha evaluado este procesador, las prestaciones han mostrado una importante mejora en el desempeño. El procesador tiene la capacidad de resolver simultáneamente, por conjuntos múltiples disparos, lo que disminuye los tiempos de consulta y decisión, además los programas ejecutados cumplen con los formalismos de las RdP extendidas y sincronizadas, y los resultados de su ejecución son determinísticos. Los tiempos de respuesta para determinar una sincronización son de dos ciclos por consulta (entre la solicitud de un disparo y la respuesta).Facultad de Informátic

Symbolic unfolding of parametric stopwatch petri nets

Abstract. This paper proposes a new method to compute symbolic unfoldings for safe Stopwatch Petri Nets (SwPNs), extended with time parameters, that symbolically handle both the time and the parameters. We propose a concurrent semantics for (parametric) SwPNs in terms of timed processes à la Aura and Lilius. We then show how to compute a symbolic unfolding for such nets, as well as, for the subclass of safe time Petri nets, how to compute a finite complete prefix of this unfolding. Our contribution is threefold: unfolding in the presence of stopwatches or parameters has never been addressed before. Also in the case of time Petri nets, the proposed unfolding has no duplication of transitions and does not require read arcs and as such its computation is more local. Finally the unfolding method is implemented (for time Petri nets) in the tool Romeo

Actes de l'Ecole d'Eté Temps Réel 2005 - ETR'2005

Pdf des actes disponible à l'URL http://etr05.loria.fr/Le programme de l'Ecole d'été Temps Réel 2005 est construit autour d'exposés de synthèse donnés par des spécialistes du monde industriel et universitaire qui permettront aux participants de l'ETR, et notamment aux doctorants, de se forger une culture scientifique dans le domaine. Cette quatrième édition est centrée autour des grands thèmes d'importance dans la conception des systèmes temps réel : Langages et techniques de description d'architectures, Validation, test et preuve par des approches déterministes et stochastiques, Ordonnancement et systèmes d'exploitation temps réel, Répartition, réseaux temps réel et qualité de service

Symbolic Unfolding of Parametric Stopwatch Petri Nets

International audienceWe address the problem of unfolding safe parametric stopwatch time Petri nets (PSwPNs), i.e., safe time Petri nets (TPNs) possibly extended with time parameters and stopwatches. We extend the notion of branching process to account for the dates of the occurrences of events and thus defi ne a symbolic unfolding for PSwPNs. In the case of TPNs we also propose a method based on our so-called time branching processes to compute a fi nite complete pre fix of the symbolic unfolding. The originality of our work relies on a precise handling of direct conflicts between events, and the analysis of their eff ects on the constraints between the fi ring dates of those events