Formal Model Engineering for Embedded Systems Using Real-Time Maude

This paper motivates why Real-Time Maude should be well suited to provide a formal semantics and formal analysis capabilities to modeling languages for embedded systems. One can then use the code generation facilities of the tools for the modeling languages to automatically synthesize Real-Time Maude verification models from design models, enabling a formal model engineering process that combines the convenience of modeling using an informal but intuitive modeling language with formal verification. We give a brief overview six fairly different modeling formalisms for which Real-Time Maude has provided the formal semantics and (possibly) formal analysis. These models include behavioral subsets of the avionics modeling standard AADL, Ptolemy II discrete-event models, two EMF-based timed model transformation systems, and a modeling language for handset software.Comment: In Proceedings AMMSE 2011, arXiv:1106.596

Smart Embedded Passive Acoustic Devices for Real-Time Hydroacoustic Surveys

This paper describes cost-efficient, innovative and interoperable ocean passive acoustics sensors systems, developed within the European FP7 project NeXOS (Next generation Low-Cost Multifunctional Web Enabled Ocean Sensor Systems Empowering Marine, Maritime and Fisheries Management) These passive acoustic sensors consist of two low power, innovative digital hydrophone systems with embedded processing of acoustic data, A1 and A2, enabling real-time measurement of the underwater soundscape. An important part of the effort is focused on achieving greater dynamic range and effortless integration on autonomous platforms, such as gliders and profilers. A1 is a small standalone, compact, low power, low consumption digital hydrophone with embedded pre-processing of acoustic data, suitable for mobile platforms with limited autonomy and communication capability. A2 consists of four A1 digital hydrophones with Ethernet interface and one master unit for data processing, enabling real-time measurement of underwater noise and soundscape sources. In this work the real-time acoustic processing algorithms implemented for A1 and A2 are described, including computational load evaluations of the algorithms. The results obtained from the real time test done with the A2 assembly at OBSEA observatory collected during the verification phase of the project are presented.Postprint (author's final draft

Time-triggered Runtime Verification of Real-time Embedded Systems

In safety-critical real-time embedded systems, correctness is of primary concern, as even small transient errors may lead to catastrophic consequences. Due to the limitations of well-established methods such as verification and testing, recently runtime verification has emerged as a complementary approach, where a monitor inspects the system to evaluate the specifications at run time. The goal of runtime verification is to monitor the behavior of a system to check its conformance to a set of desirable logical properties. The literature of runtime verification mostly focuses on event-triggered solutions, where a monitor is invoked when a significant event occurs (e.g., change in the value of some variable used by the properties). At invocation, the monitor evaluates the set of properties of the system that are affected by the occurrence of the event. This type of monitor invocation has two main runtime characteristics: (1) jittery runtime overhead, and (2) unpredictable monitor invocations. These characteristics result in transient overload situations and over-provisioning of resources in real-time embedded systems and hence, may result in catastrophic outcomes in safety-critical systems. To circumvent the aforementioned defects in runtime verification, this dissertation introduces a novel time-triggered monitoring approach, where the monitor takes samples from the system with a constant frequency, in order to analyze the system's health. We describe the formal semantics of time-triggered monitoring and discuss how to optimize the sampling period using minimum auxiliary memory and path prediction techniques. Experiments on real-time embedded systems show that our approach introduces bounded overhead, predictable monitoring, less over-provisioning, and effectively reduces the involvement of the monitor at run time by using negligible auxiliary memory. We further advance our time-triggered monitor to component-based multi-core embedded systems by establishing an optimization technique that provides the invocation frequency of the monitors and the mapping of components to cores to minimize monitoring overhead. Lastly, we present RiTHM, a fully automated and open source tool which provides time-triggered runtime verification specifically for real-time embedded systems developed in C

A formal approach for safe controllers analysis

Formal verification of real-time systems software is a complex and hard task, for several reasons. There are multiple works developed in the domain of formal verification of real-time systems behavior by model-checking, and some software tools were developed for this purpose. One of the most complex problems to be solved in the analysis of real-time controllers is the conversion of controllers programming languages in formal languages, for instance finite timed automata, in order to be used as inputs of the existing model-checkers. If the methodology of programming is well developed and known, this task can be improved in order to improve safety and reliability of the obtained controllers. Moreover, most real-time systems (especially embedded systems that we intend to study) are programmed in C language. This paper aims to establish the methodology of creating C code programs, from SFC specification formalism, taking into account the formal verification of desired properties for the system behavior, using the Model-Checking technique and the model-checker UPPAAL.(undefined

Process Algebraic Approach to the Schedulability Analysis and Workload Abstraction of Hierarchical Real-Time Systems

Real-time embedded systems have increased in complexity. As microprocessors become more powerful, the software complexity of real-time embedded systems has increased steadily. The requirements for increased functionality and adaptability make the development of real-time embedded software complex and error-prone. Component-based design has been widely accepted as a compositional approach to facilitate the design of complex systems. It provides a means for decomposing a complex system into simpler subsystems and composing the subsystems in a hierarchical manner. A system composed of real-time subsystems with hierarchy is called a hierarchical real-time system This paper describes a process algebraic approach to schedulability analysis of hierarchical real-time systems. To facilitate modeling and analyzing hierarchical real-time systems, we conservatively extend an existing process algebraic theory based on ACSR-VP (Algebra of Communicating Shared Resources with Value-Passing) for the schedulability of real-time systems. We explain a method to model a resource model in ACSR-VP which may be partitioned for a subsystem. We also introduce schedulability relation to define the schedulability of hierarchical real-time systems and show that satisfaction checking of the relation is reducible to deadlock checking in ACSR-VP and can be done automatically by the tool support of ERSA (Verification, Execution and Rewrite System for ACSR). With the schedulability relation, we present algorithms for abstracting real-time system workloads

Restart-Based Fault-Tolerance: System Design and Schedulability Analysis

Embedded systems in safety-critical environments are continuously required to deliver more performance and functionality, while expected to provide verified safety guarantees. Nonetheless, platform-wide software verification (required for safety) is often expensive. Therefore, design methods that enable utilization of components such as real-time operating systems (RTOS), without requiring their correctness to guarantee safety, is necessary. In this paper, we propose a design approach to deploy safe-by-design embedded systems. To attain this goal, we rely on a small core of verified software to handle faults in applications and RTOS and recover from them while ensuring that timing constraints of safety-critical tasks are always satisfied. Faults are detected by monitoring the application timing and fault-recovery is achieved via full platform restart and software reload, enabled by the short restart time of embedded systems. Schedulability analysis is used to ensure that the timing constraints of critical plant control tasks are always satisfied in spite of faults and consequent restarts. We derive schedulability results for four restart-tolerant task models. We use a simulator to evaluate and compare the performance of the considered scheduling models

An Algebraic Framework for the Real-Time Solution of Inverse Problems on Embedded Systems

This article presents a new approach to the real-time solution of inverse problems on embedded systems. The class of problems addressed corresponds to ordinary differential equations (ODEs) with generalized linear constraints, whereby the data from an array of sensors forms the forcing function. The solution of the equation is formulated as a least squares (LS) problem with linear constraints. The LS approach makes the method suitable for the explicit solution of inverse problems where the forcing function is perturbed by noise. The algebraic computation is partitioned into a initial preparatory step, which precomputes the matrices required for the run-time computation; and the cyclic run-time computation, which is repeated with each acquisition of sensor data. The cyclic computation consists of a single matrix-vector multiplication, in this manner computation complexity is known a-priori, fulfilling the definition of a real-time computation. Numerical testing of the new method is presented on perturbed as well as unperturbed problems; the results are compared with known analytic solutions and solutions acquired from state-of-the-art implicit solvers. The solution is implemented with model based design and uses only fundamental linear algebra; consequently, this approach supports automatic code generation for deployment on embedded systems. The targeting concept was tested via software- and processor-in-the-loop verification on two systems with different processor architectures. Finally, the method was tested on a laboratory prototype with real measurement data for the monitoring of flexible structures. The problem solved is: the real-time overconstrained reconstruction of a curve from measured gradients. Such systems are commonly encountered in the monitoring of structures and/or ground subsidence.Comment: 24 pages, journal articl

Adaptive Task Automata with Earliest-Deadline-First Scheduling

Adjusting to resource changes, dynamic environmental conditions, or new usage modes are some of the reasons why real-time embedded systems need to be adaptive. This requires a rigorous framework for designing such systems, to ensure that the adaptivity does not result in invalidating the system’s real-time constraints. To address this need, we have recently introduced adaptive task automata, a framework for modeling, verification, and schedulability analysis in adaptive, hard real-time embedded systems, assuming a fixed-priority scheduler. In this work, we extend the adaptive task automata framework to incorporate the earliest-deadline-first scheduling policy, as well as enable implementation of any other dynamic scheduling policy. To prove the decidability of our model, and at the same time maintain a manageable degree of conciseness, we show an encoding of our model as a network of timed automata with clock updates. To support this, we also show that reachability in our class of timed automata with updates is decidable. Our contribution helps to streamline the process of designing safety critical adaptive embedded systems

On the reaction time of some synchronous systems

This paper presents an investigation of the notion of reaction time in some synchronous systems. A state-based description of such systems is given, and the reaction time of such systems under some classic composition primitives is studied. Reaction time is shown to be non-compositional in general. Possible solutions are proposed, and applications to verification are discussed. This framework is illustrated by some examples issued from studies on real-time embedded systems.Comment: In Proceedings ICE 2011, arXiv:1108.014