ASSERT: a step towards reliable and scientific system and software engineering.

International audienceThe ASSERT (www.assert-project.org) project (Automated proof-based System and Software Engineering for Real-Time systems) is an integrated project partially funded by the European Commission within the Information Society Technologies priority of the 6th Framework Program in the area of embedded systems. The project is coordinated by the European Space Agency (ESA) in the TEC directorate (Technical and Quality management), Software Systems division. The assert consortium is made of 28 partners (see the full list in section 7) representing the space industry, research laboratories, software houses and tool developers. The project started in September 2004 and has ended in December 2007. The main objective of ASSERT is to change the way system and software engineering is performed today to adopt a more reliable and scientific approach based on modelling, preservation of system properties and model transformation down to the final code.The current results include a process, a set of tool prototypes and case studies demonstrating the validity of the overall approach. The project results will now be disseminated in operational projects through the support of ESA, the tool and technologies providers and the industrialists from the space sector

Supporting a Multi-formalism Model Driven Development Process with Model Transformation, a TOPCASED implementation

International audienceThe ASSERT (Automated proof based System and Software Engineering for Real-Time Applications) European Integrated Project (IST-FP6-004033, http://www.assert-project.net/) defined and experimented a multi formalism Model Driven Engineering (MDE) process, enforcing an approach with separated specification and refinement of functional and non-functional properties.• Functional specification, design and development is based on UML profiles to support AADL concepts [2] and behavioural specification.• Real time Architecture properties are based on extensions targeting Ravenscar Computing execution Model (RCM see [6]) constraints upon component interface and ports.• Model transformation is supporting correctness preserving rules towards a Virtual Machine execution environment or a verification dedicated environment.A tool chain called IDEA (Integrated Development Environment for ASSERT) supporting the process was developed by the CS ASSERT team on top of the Eclipse/TOPCASED environment allowing:• Integrated use of several formalisms in a development life-cycle (UML, AADL, IF[4]) .• Model transformation from UML to IF, AADL to RCM and RCM to Ada• Automated code generationThe approach experimented allows combined use of best suited formalisms and features for MDE developments. The TOPCASED tool proved to be a unique integrated toolset for prototyping UML and meta models supporting tools.The main feedback gained from applying the notations and approach on small to medium case studies is that UML profiling is not scalable, and that use of several Domain Specific Languages (DSL) seems far more suitable. Semantic clashes can be limited by raising the abstraction level, and by partitioning properties for verification

Как разработать простое средство верификации систем реального времени

To verify real-time properties of UML statecharts one may apply a UPPAAL, toolbox for model checking of real-time systems. One of the most suitable ways to specify an operational semantics of UML statecharts is to invoke the formal model of Hierarchical Timed Automata. Since the model language of UPPAAL is based on Networks of Timed Automata one has to provide a conversion of Hierarchical Timed Automata to Networks of Timed Automata. In this paper we describe this conversion algorithm and prove that it is correct w.r.t. UPPAAL query language which is based on the subset of Timed CTL.Исследуется задача верификации систем реального времени (СРВ). Для описания СРВ удобно использовать диаграммы состояний UML с семантикой, определяемой иерархическими автоматами. Для верификации СРВ часто применяется средство UPPAAL, разработанное для проверки формул логики TCTL на сети временных автоматов. Основным результатом данной статьи является алгоритм трансляции иерархических автоматов в сеть временных автоматов и обоснование его корректности

Synthèse d’observateurs à partir d’exigences temporelles

A contrario des normes UML 2.1 et SysML, le profil UML TURTLE (Timed UML and RT-LOTOS Environment) dispose d’une sémantique formelle et d’une méthodologie. Avec les systèmes temps réel pour cible, cette méthodologie met l’accent sur la vérification formelle du comportement des objets. Le profil TURTLE est doté d’un langage graphique et formalisé d’expression d’exigences temporelles. La contribution de cet article réside dans la présentation d’algorithmes de génération d’observateurs à partir d’exigences temporelles exprimées dans ce langage. Ces observateurs sont destinés à guider la vérification formelle et en particulier à confronter le comportement des objets aux exigences temporelles tout en traçant ces dernières au long de la trajectoire de conception du système en cours d’étude. Un dispositif de charge d’une batterie de véhicule hybride sert d’étude de cas

Applying Software Model Checking Techniques For Behavioral UML Models

Abstract. This work presents a novel approach for the verification of Behavioral UML models, by means of software model checking. We propose adopting software model checking techniques for verification of UML models. We translate UML to verifiable C code which preserves the high level structure of the models, and abstracts details that are not needed for verification. We combine of static analysis and bounded model checking for verifying LTL safety properties and absence of livelocks. We implemented our approach on top of the bounded software model checker CBMC. We compared it to an IBM research tool that verifies UML models via a translation to IBM's hardware model checker RuleBasePE. Our experiments show that our approach is more scalable and more robust for finding long counterexamples. We also demonstrate the usefulness of several optimizations that we introduced into our tool

Verifying consistency between structural and behavioral schemas in UML

The specification of an information system must include all relevant static and dynamic aspects of the domain. The static aspects are collected in structural diagrams that are represented in UML by means of class diagrams. Dynamic aspects are usually specified by means of a behavioral schema consisting of a set of system operations (composed by actions) that the user may execute to query and/or modify the information modeled in the class diagram. Behavioral schemas must be consistent with regard to structural schemas. Consistency between both schemas means that the set of system operations provided by designers must be syntactically consistent (i.e, the operation specifications conform to a particular syntax), executable (i.e, for each operation there must exist a system state over which the operation can be successfully applied), complete (i.e, through these operations, users should be able to modify the population of all modifiable elements in the class diagram) and non-redundant (i.e, there are not (partly) superfluous operations). The goal of this thesis is to give a method to determine the consistency between structural and behavioral schemas of an information system. Moreover, in case of inconsistent schemas the method must provide feedback information to allow designers modify their behavioral schemas in order to repair the inconsistency

Conception basée modèle des systèmes temps réel et distribués

Les systèmes temps réel et distribués posent des problèmes complexes en termes de conception d'architecture et de description de comportements. De par leur criticité en vies humaines et leurs coûts de prototypage, ces systèmes ont motivé le développement d'une activité de recherche sur les langages de modélisation formelle et les techniques de validation basées modèle qui contribuent à la détection au plus tôt des erreurs de conception. Néanmoins, les langages formels ont eu un succès plus que limité dans l'industrie. L'arrivée du langage UML (Unified Modeling Language) a ouvert de nouveaux horizons pour l'intégration de langages de modélisation formelle dans une méthodologie de conception susceptible d'être mieux acceptée par les praticiens du domaine. En s'appuyant sur une expérience antérieure de la technique de description formelle Estelle et des extensions temporelles des réseaux de Petri, notre activité de recherche sur les cinq dernières années a débouché sur la production d'un profil UML nommé TURTLE (Timed UML and RT-LOTOS Environment). TURTLE surpasse UML 2.0 par ses extensions aux diagrammes d'analyse et de conception UML, sa sémantique formelle exprimée en RT-LOTOS, et ses outils de support (éditeur de diagrammes et outil de validation formelle combinant simulation et vérification basée sur une analyse d'accessibilité). La méthodologie TURTLE trouve son champ d'application naturel dans la conception de systèmes temps réel et la validation d'architectures de communication en particulier. L'approche proposée a été appliquée avec succès à des systèmes satellitaires et des protocoles d'authentification

Validating timed uml models by simulation and verification

Abstract. We present in this paper a technique and a tool for validating operational UML models by simulation and verification of dynamic properties. With respect to language coverage, our approach takes into consideration most of the structural and behavioral characteristics of classes and their interplay. We tackle issues like the combination of operations, state machines, inheritance and polymorphism, with a particular run-tocompletion and concurrency semantics. This is an important point, as many previous approaches applying model checking to UML put limiting conditions on the models. The UML dialect considered here also includes a set of extensions for expressing timing, which were defined in detail in [18]. For writing properties about models, we introduce UML observer objects. Observers are both easy to use – they reuse existing concepts of UML, and powerful — they are equivalent to linear temporal logic. Our approach is implemented by a tool built on top of an XMI repository. The tool is connected to several commercial and non-commercial UML editors, and to other model checking tools.