155 research outputs found
Formal Model Engineering for Embedded Systems Using Real-Time Maude
This paper motivates why Real-Time Maude should be well suited to provide a
formal semantics and formal analysis capabilities to modeling languages for
embedded systems. One can then use the code generation facilities of the tools
for the modeling languages to automatically synthesize Real-Time Maude
verification models from design models, enabling a formal model engineering
process that combines the convenience of modeling using an informal but
intuitive modeling language with formal verification. We give a brief overview
six fairly different modeling formalisms for which Real-Time Maude has provided
the formal semantics and (possibly) formal analysis. These models include
behavioral subsets of the avionics modeling standard AADL, Ptolemy II
discrete-event models, two EMF-based timed model transformation systems, and a
modeling language for handset software.Comment: In Proceedings AMMSE 2011, arXiv:1106.596
Model Checking Classes of Metric LTL Properties of Object-Oriented Real-Time Maude Specifications
This paper presents a transformational approach for model checking two
important classes of metric temporal logic (MTL) properties, namely, bounded
response and minimum separation, for nonhierarchical object-oriented Real-Time
Maude specifications. We prove the correctness of our model checking
algorithms, which terminate under reasonable non-Zeno-ness assumptions when the
reachable state space is finite. These new model checking features have been
integrated into Real-Time Maude, and are used to analyze a network of medical
devices and a 4-way traffic intersection system.Comment: In Proceedings RTRTS 2010, arXiv:1009.398
Verification of Complex Real-time Systems using Rewriting Logic
This paper presents a method for model checking dense complex real-time systems. This approach is implemented at the meta level of the Rewriting Logic system Maude. The dense complex real-time system is specified using a syntax which has the semantics of timed automata and the property is specified with the temporal logic TLTL (Timed LTL). The well known timed automata model checkers Kronos and Uppaal only support TCTL model checking (a very limited fragment in the case of Uppaal). Specification of the TLTL property is reduced to LTL and its temporal constraints are captured in a new timed automaton. This timed automaton will be composed with the original timed automaton representing the semantics of the complex real-time system under analysis. Then, the product timed automaton will be abstracted using partition refinement of state space based on strong bi-simulation. The result is an untimed automaton modulo the TLTL property which represents an equivalent finite state system to be model checked using Maude LTL model checking. This approach is successfully tested on industrial designs
PALS-Based Analysis of an Airplane Multirate Control System in Real-Time Maude
Distributed cyber-physical systems (DCPS) are pervasive in areas such as
aeronautics and ground transportation systems, including the case of
distributed hybrid systems. DCPS design and verification is quite challenging
because of asynchronous communication, network delays, and clock skews.
Furthermore, their model checking verification typically becomes unfeasible due
to the huge state space explosion caused by the system's concurrency. The PALS
("physically asynchronous, logically synchronous") methodology has been
proposed to reduce the design and verification of a DCPS to the much simpler
task of designing and verifying its underlying synchronous version. The
original PALS methodology assumes a single logical period, but Multirate PALS
extends it to deal with multirate DCPS in which components may operate with
different logical periods. This paper shows how Multirate PALS can be applied
to formally verify a nontrivial multirate DCPS. We use Real-Time Maude to
formally specify a multirate distributed hybrid system consisting of an
airplane maneuvered by a pilot who turns the airplane according to a specified
angle through a distributed control system. Our formal analysis revealed that
the original design was ineffective in achieving a smooth turning maneuver, and
led to a redesign of the system that satisfies the desired correctness
properties. This shows that the Multirate PALS methodology is not only
effective for formal DCPS verification, but can also be used effectively in the
DCPS design process, even before properties are verified.Comment: In Proceedings FTSCS 2012, arXiv:1212.657
Formalization and Correctness of the PALS Architectural Pattern for Distributed Real-Time Systems
Many Distributed Real-Time Systems (DRTS), such as integrated modular avionics systems and distributed control systems in
motor vehicles, are made up of a collection of components communicating asynchronously among themselves and with their environment
that must change their state and respond to environment inputs within
hard real-time bounds. Such systems are often safety-critical and need
to be certi???ed; but their certi???cation is currently very hard due to their
distributed nature. The Physically Asynchronous Logically Synchronous
(PALS) architectural pattern can greatly reduce the design and veri???cation complexities of achieving virtual synchrony in a DTRS. This work
presents a formal speci???cation of PALS as a formal model transformation that maps a synchronous design, together with a set of performance
bounds of the underlying infrastructure, to a formal DRTS speci???cation
that is semantically equivalent to the synchronous design. This semantic
equivalence is proved, showing that the formal veri???cation of temporal
logic properties of the DRTS can be reduced to their veri???cation on the
much simpler synchronous design. An avionics system case study is used
to illustrate the usefulness of PALS for formal verification purposes.unpublishednot peer reviewe
Modeling, verification, and analysis of timed actor-based models
In the recent years, formal modeling and verification of realtime systems have become very important. Difficult-to-use modeling languages and inefficient analysis tools are the main obstacles to use formal methods in this domain. Timed actor model is one of the modeling paradigms which is proposed for modeling of realtime systems. It benefits from high-level object-oriented modeling facilities; however, developed analysis techniques for timed actors needs to be improved to make the actor model acceptable for the analysis of real-world applications.
In this thesis, we first tackle the model checking problem of timed actors by proposing the standard semantics of timed actors in terms of fine-grained timed transition system (FGTS) and transforming it to Durational Transition Graph (DTG). This way, while the time complexity of model checking algorithms for TCTL properties, in general, is non-polynomial, we are able to check TCTL properties (a subset of TCTL) using model checking in polynomial time. We also improve the model checking algorithm of TCTL properties, obtaining time complexity of O((V lg V+E) |Φ|) instead of O(V(V+E)|Φ|) and use it for efficient model checking of timed actors. In addition, we propose a reduction technique which safely eliminates instantaneous transitions of FGTS. Using the proposed reduction technique, we provide an efficient algorithm for model checking of complete TCTL properties over the reduced transition systems.
In actor-based models, the absence of shared variables and the presence of single-threaded actors along with non-preemptive execution of each message server, ensure that the execution of message servers do not interfere with each other. Based on this observation, we propose Floating Time Transition System (FTTS) as the big-step semantics of timed actors. The big-step semantics exploits actor features for relaxing the synchronization of progressof time among actors, and thereby reducing the number of states in transition systems. Considering an actor-based language, we prove there is an action-based weak bisimulation relation between FTTS and FGTS. As a result, the big-step semantics preserves event-based branching-time properties.
Finally, we show how Timed Rebeca and FTTS are used as the back-end analysis technique of three different independent works to illustrate the applicability of FTTS in practice.The work on this dissertation was supported by the project “Self-Adaptive Actors:SEADA” (nr. 163205-051) of the Icelandic Research Fund
Reachability Analysis on Timed Graph Transformation Systems
In recent years, software increasingly exhibits self-* properties like selfoptimization
or self-healing. Such properties require reconfiguration at runtime in
order to react to changing environments or detected defects. A reconfiguration might
add or delete components as well as it might change the communication topology of
the system. Considering communication protocols between an arbitrary number of
participants, reconfiguration and state-based protocol behavior are no longer independent
from each other and need to be verified based on a common formalism. Additionally,
such protocols often contain timing constraints to model real-time properties.
These are of integral importance for the safety of the modeled system and thus
need to be considered during the verification of the protocol. In current approaches
either reconfigurations or timing constraints are not considered. Existing approaches
for the verification of timed graph transformation systems lack important constructs
needed for the verification of state-based real-time protocol behaviors. As a first
step towards a solution to this problem, we introduced Timed Story Driven Modeling
[HHH10] as a common formalism integrating state-based real-time protocol
behaviors and system reconfigurations based on graph transformations.
In this paper, we introduce a framework allowing to perform reachability analysis
based on Timed Story Driven Modeling. The framework allows to compute the
reachable timed graph transition system based on an initial graph and a set of timed
transformation and invariant rules
- …