19 research outputs found
Formal Model Engineering for Embedded Systems Using Real-Time Maude
This paper motivates why Real-Time Maude should be well suited to provide a
formal semantics and formal analysis capabilities to modeling languages for
embedded systems. One can then use the code generation facilities of the tools
for the modeling languages to automatically synthesize Real-Time Maude
verification models from design models, enabling a formal model engineering
process that combines the convenience of modeling using an informal but
intuitive modeling language with formal verification. We give a brief overview
six fairly different modeling formalisms for which Real-Time Maude has provided
the formal semantics and (possibly) formal analysis. These models include
behavioral subsets of the avionics modeling standard AADL, Ptolemy II
discrete-event models, two EMF-based timed model transformation systems, and a
modeling language for handset software.Comment: In Proceedings AMMSE 2011, arXiv:1106.596
Formal Visual Modeling of Real-Time Systems in e-Motions: Two Case Studies
e-Motions is an Eclipse-based visual timed model transformation framework
with a Real-Time Maude semantics that supports the usual Maude formal analysis
methods, including simulation, reachability analysis, and LTL model checking.
e-Motions is characterized by a novel and powerful set of constructs for
expressing timed behaviors. In this paper we illustrate the use of these
constructs --- and thereby implicitly investigate their suitability to define
real-time systems in an intuitive way --- to define and formally analyze two
prototypical and very different real-time systems: (i) a simple round trip time
protocol for computing the time it takes a message to travel from one node to
another, and back; and (ii) the EDF scheduling algorithm.Comment: In Proceedings AMMSE 2011, arXiv:1106.596
Formal Analysis of Medical Systems using Multi-Agent Systems with Information Sharing
Improving safety is a main objective for medical systems. To
assist the modelling and formal analysis of medical systems,
we define a language for multi-agent systems handling information, timed communication, and timed migration. We use a simplified airway laser surgery scenario to demonstrate our approach. An implementation in Maude is
presented; we use the strategies allowed by Maude to guide the rules application in order to decrease substantially the number of possible executions and results in the highly nondeterministic and concurrent multi-agent systems. Finally,
we present how the executable specifications can be verified with the model-checking tools in Maude to detect the behavioural problems or desired properties of the agents
사이버 물리 시스템을 위한 PALSware 시스템 엄밀 검증 프레임워크
학위논문(박사) -- 서울대학교대학원 : 공과대학 전기·컴퓨터공학부, 2021.8. 김윤승.Achieving high-level safety guarantees for cyber-physical systems has always been
a key challenge, since many of those systems are safety-critical so that their failures
in the actual operation may bring catastrophic results. Many cyber-physical systems
have real-time and distributed features, which increase the complexity of the system
an order of magnitude higher.
In order to tame the complexity, a middleware called PALSware has been pro-
posed. It provides a logically synchronous environment to the application layer on
top of physically asynchronous underlying network and operating systems. The com-
plexity of a system can be significantly reduced in a synchronous environment.
However, a bug in PALSware may have destructive effects since it exposes every
application system to runtime failures. Moreover, finding bugs in PALSware can be
very challenging in some cases, for various reasons.
To solve this problem, we present VeriPALS, a formally verified C implementation
of PALSware together with a verification framework for application systems. Espe-
cially, the framework provides an executable model as an efficient random testing
tool. As case studies, we developed two application systems, and applied VeriPALS
to demonstrate effectiveness of the framework in both testing and formal verification.사이버 물리 시스템의 안전성을 높이는 일은 항상 중요한 연구 주제가 되어왔다. 그 이유
는 많은 사이버 물리 시스템이 안전 우선 시스템이기 때문인데, 이는 실제 시스템 구동
중에 오류가 발생할 경우 큰 사고로 직결될 수 있음을 의미한다. 더욱이, 사이버 물리
시스템이 가지는 실시간성, 분산성이 시스템의 복잡도를 높여 위험성을 증가시키므로
안전성을 높이는 일은 매우 중요하다.
시스템의 복잡도 문제를 해결하기 위해, PALSware라는 미들웨어가 고안되었다. 이
미들웨어는 비동기식으로 동작하는 네트워크와 운영체제 환경 위에서 가상의 동기식 환
경을 애플리케이션 층에 제공하는 역할을 한다. PALSware를 사용하면 시스템을 동기식
환경에서 디자인할 수 있게 되어, 시스템의 복잡도를 크게 낮추는 것이 가능해진다.
하지만, PALSware에 버그가 있을 경우 그 악영향이 매우 크게 나타날 수 있다. 우선
이 미들웨어를 사용하는 모든 애플리케이션 시스템에 버그가 존재하게 된다. 또한, 미들
웨어의 버그를 찾는 일은 일반 프로그램의 버그를 찾는 것보다 매우 어려운 문제가 될
수 있다.
이 문제를 해결하기 위해, 우리는 VeriPALS라는 프레임워크를 개발하였다. 이 프레
임워크는 수학적으로 엄밀하게 검증한 PALSware의 C 구현체를 포함하고 있어 안전한
시스템 구현을 돕는다. 또한, 애플리케이션 시스템을 Coq 위에서 수학적으로 엄밀히
검증할 수 있는 기능을 지원한다. 더 나아가서, 이 프레임워크는 실행 가능한 모델을
효율적인 랜덤 테스팅 툴로서 제공한다. 우리는 이 프레임워크 위에서 두 종류의 애플리
케이션 시스템을 개발하고 테스팅 및 엄밀 검증하여 이 프레임워크의 유용성을 보였다.Chapter 1 Introduction 1
Chapter 2 Preliminaries 8
2.1 PALSware 8
2.1.1 PALSware in A Distributed System 9
2.1.2 Correctness of Synchronization on Reliable Network 10
2.1.3 Implementation of PALSware 11
2.2 Interaction Trees 14
Chapter 3 Overview 16
3.1 Framework 16
3.2 Key Ideas 21
3.2.1 Concurrent Executions of Nodes 21
3.2.2 Global Clock vs. Local Clock 22
3.2.3 Real-time Local Executions of Node Model 23
3.2.4 Time Constraint on Network Transmission Times 24
3.2.5 Time Constraint on Program Executions 25
3.2.6 Observable Behaviors of a Real-Time Distributed System 26
Chapter 4 Formalization 28
4.1 General Definitions 28
4.2 Application System of the Framework 31
4.3 Real-World Model 34
4.3.1 Network Model 34
4.3.2 Generic System Model On Network 35
4.3.3 Operating System Model 37
4.4 Executable Abstract Synchrous Model 41
4.5 Result 42
Chapter 5 Refinement Proof using Intermediate Models 44
5.1 Refinement 1: Abstraction of C programs 44
5.2 Refinement 2: Abstract PALSware 47
5.3 Refinement 3: Abstraction of Network 48
5.4 Refinement 4: Synchronous Execution 51
5.5 Refinement 5: Making It Executable 54
Chapter 6 Case Study 1: Active-Standby Resource Scheduling System 55
6.1 High-Level Description 56
6.2 Implementation 59
6.3 Formally Verified Properties 62
6.3.1 Correctness of Implementation 62
6.3.2 Abstraction To Single-Controller System 63
Chapter 7 Case Study 2: Synchronous Work Assignment System 68
7.1 High-Level Description 69
7.2 Implementation 70
Chapter 8 Results 75
8.1 Development 75
8.2 Experimental Results 77
Chapter 9 Related Work 80
9.1 PALS Pattern and PALSware Verification 80
9.2 Verification Frameworks for Distributed Systems 81
9.3 Verifying C Programs 83
Chapter 10 Conclusion and Future Work 85
Bibliography 88
초록 92
Acknowledgements 93박
An executable Theory of Multi-Agent Systems Refinement
Complex applications such as incident management, social simulations, manufacturing applications, electronic auctions, e-institutions, and business to business applications are pervasive and important nowadays. Agent-oriented methodology is an advance in abstractionwhich can be used by software developers to naturally model and develop systems for suchapplications. In general, with respect to design methodologies, what it may be important tostress is that control structures should be added at later stages of design, in a natural top-downmanner going from specifications to implementations, by refinement. Too much detail (be itfor the sake of efficiency) in specifications often turns out to be harmful. To paraphrase D.E.Knuth, “Premature optimization is the root of all evil” (quoted in ‘The Unix ProgrammingEnvironment’ by Kernighan and Pine, p. 91).The aim of this thesis is to adapt formal techniques to the agent-oriented methodologyinto an executable theory of refinement. The justification for doing so is to provide correctagent-based software by design. The underlying logical framework of the theory we proposeis based on rewriting logic, thus the theory is executable in the same sense as rewriting logicis. The storyline is as follows. We first motivate and explain constituting elements of agentlanguages chosen to represent both abstract and concrete levels of design. We then proposea definition of refinement between agents written in such languages. This notion of refinement ensures that concrete agents are correct with respect to the abstract ones. The advantageof the definition is that it easily leads to formulating a proof technique for refinement viathe classical notion of simulation. This makes it possible to effectively verify refinement bymodel-checking. Additionally, we propose a weakest precondition calculus as a deductivemethod based on assertions which allow to prove correctness of infinite state agents. Wegeneralise the refinement relation from single agents to multi-agent systems in order to ensure that concrete multi-agent systems refine their abstractions. We see multi-agent systemsas collections of coordinated agents, and we consider coordination artefacts as being basedeither on actions or on normative rules. We integrate these two orthogonal coordinationmechanisms within the same refinement theory extended to a timed framework. Finally, wediscuss implementation aspects.LEI Universiteit LeidenFoundations of Software Technolog