Verification of a fieldbus scheduling protocol using timed automata

This paper deals with the formal verification of a fieldbus real-time scheduling mechanism, using the notion of timed-automata and the UPPAAL model checker. A new approach is proposed here that treats the set of schedulers that regulate access on a fieldbus as a separate entity, called the scheduling layer. In addition a network with a changing topology is considered, where nodes may be turned on or off. The behaviour of the scheduling layer in conjunction with the data link, the medium and the network management layer is examined and it is proved that it enjoys a number of desirable properties

Zone-based verification of timed automata: extrapolations, simulations and what next?

Timed automata have been introduced by Rajeev Alur and David Dill in the early 90's. In the last decades, timed automata have become the de facto model for the verification of real-time systems. Algorithms for timed automata are based on the traversal of their state-space using zones as a symbolic representation. Since the state-space is infinite, termination relies on finite abstractions that yield a finite representation of the reachable states. The first solution to get finite abstractions was based on extrapolations of zones, and has been implemented in the industry-strength tool Uppaal. A different approach based on simulations between zones has emerged in the last ten years, and has been implemented in the fully open source tool TChecker. The simulation-based approach has led to new efficient algorithms for reachability and liveness in timed automata, and has also been extended to richer models like weighted timed automata, and timed automata with diagonal constraints and updates. In this article, we survey the extrapolation and simulation techniques, and discuss some open challenges for the future.Comment: Invited contribution at FORMATS'2

In car embedded electronic architectures: how to ensure their safety

Colloque avec actes et comité de lecture. internationale.International audienceThe part of software based systems in a car is growing. Moreover, in the next years will emerge the X-by-Wire technology that intends to replace mechanical or hydraulic systems by electronic ones even for critical function as braking or steering. This requires a stringent proof that these new vehicles will ensure the safety of driver, occupants, vehicle and environment. In this paper, we intend to list certain activities and key points for ensuring the development of a safe and optimized embedded system. More precisely, we propose two main axis that contribute to establish a design methodology of such systems. The first one identifies the generic components of an embedded system while the second one details how to model and validate the embedded system throughout the different steps of the development process. || On assiste actuellement à un accroîssement de la part de l'informatique embarquée dans une automobile. De plus, dans les prochaines années, les systèmes X-by-Wire remplaceront de plus en plus les systèmes traditionnels reposant sur des technologies mécan

Actes de l'Ecole d'Eté Temps Réel 2005 - ETR'2005

Pdf des actes disponible à l'URL http://etr05.loria.fr/Le programme de l'Ecole d'été Temps Réel 2005 est construit autour d'exposés de synthèse donnés par des spécialistes du monde industriel et universitaire qui permettront aux participants de l'ETR, et notamment aux doctorants, de se forger une culture scientifique dans le domaine. Cette quatrième édition est centrée autour des grands thèmes d'importance dans la conception des systèmes temps réel : Langages et techniques de description d'architectures, Validation, test et preuve par des approches déterministes et stochastiques, Ordonnancement et systèmes d'exploitation temps réel, Répartition, réseaux temps réel et qualité de service

An Analysis Framework for Network-Code Programs

Distributed real-time systems require a predictable and verifiable mechanism to control the communication medium. Current real-time communication protocols are typically independent of the application and have intrinsic limitations that impede customizing or optimizing them for the application. Therefore, either the developer must adapt her application and work around these subtleties or she must limit the capabilities of the application being developed. Network Code, in contrast, is a more expressive and flexible model that specifies real-time communication schedules as programs. By providing a programmable media access layer on the basis of TDMA, Network Code permits creating application-specific protocols that suit the particular needs of the application. However, this gain in flexibility also incurrs additional costs such as increased communication and run-time overhead. Therefore, engineering an application with network code necessitates that these costs are analyzed, quantified, and weighted against the benefits. In this work, we propose a framework to analyze network code programs for commonly used metrics such as overhead, schedulability, and average waiting time. We introduce Timed Tree Communication Schedules, based on timed automata to model such programs and define metrics in the context of deterministic and probabilistic communication schedules. To demonstrate the utility of our framework, we study an inverted pendulum system and show that we can decrease the cumulative numeric error in the model’s implementation through analyzing and improving the schedule based on the presented metrics

Timed Automata Models for Principled Composition of Middleware

Middleware for Distributed Real-time and Embedded (DRE) systems has grown more and more complex in recent years due to the varying functional and temporal requirements of complex real-time applications. To enable DRE middleware to be configured and customized to meet the demands of different applications, a body of ongoing research has focused on applying model-driven development techniques to developing QoS-enabled middleware. While current approaches for modeling middleware focus on easing the task of as-assembling, deploying and configuring middleware and middleware-based applications, a more formal basis for correct middleware composition and configuration in the context of individual applications is needed. While the modeling community has used application-level formal models that are more abstract to uncover certain flaws in system design, a more fundamental and lower-level set of models is needed to be able to uncover more subtle safety and timing errors introduced by interference between application computations, particularly in the face of alternative concurrency strategies in the middleware layer. In this research, we have examined how detailed formal models of lower-level middle-ware building blocks provide an appropriate level of abstraction both for modeling and synthesis of a variety of kinds of middleware from these building blocks. When combined with model checking techniques, these formal models can help developers in composing correct combinations of middleware mechanisms, and configuring those mechanisms for each particular application

Compositional Performance Modelling with the TIPPtool

Stochastic process algebras have been proposed as compositional specification formalisms for performance models. In this paper, we describe a tool which aims at realising all beneficial aspects of compositional performance modelling, the TIPPtool. It incorporates methods for compositional specification as well as solution, based on state-of-the-art techniques, and wrapped in a user-friendly graphical front end. Apart from highlighting the general benefits of the tool, we also discuss some lessons learned during development and application of the TIPPtool. A non-trivial model of a real life communication system serves as a case study to illustrate benefits and limitations

Yhdistetty testausjärjestelmä taajuusmuuttajasähkökäyttöjenkäyttöjen käyttöliittymätyökaluille

Testing is an important way to ensure the quality of embedded systems. To establish known testing environments and to obtain cost savings through automation, automated testing frameworks are built around them. This thesis presents a design of an automated testing framework that unifies automated testing frameworks of three different graphical user interface tools of variable speed drives. The new framework is named Unified testing framework and it allows testing that the three user interface tools work both together and with the variable speed drives. The thesis has a focus on embedded devices because variable speed drives and one of the user interface tools is an embedded device. The other two user interface tools are PC software and smartphone software. This thesis is structured to four parts. First a literature survey on theory of testing frameworks is conducted. Then the gained knowledge is applied into analyzing the three existing testing frameworks. After this analysis the design of the Unified testing framework is presented. The validity of the design is proven using a prototype. The validation is done based on its coverage, maintainability and performance.Testaus on tärkeä keino sulautettujen järjestelmien laadun varmistamisessa. Sulautetuille järjestelmille rakennetaan testausjärjestelmiä, jotta voidaan varmistua testausympäristöstä ja jotta testausta automatisoimalla saataisiin rahallisia säästöjä. Tämä työ esittelee automatisoidun testausjärjestelmän joka yhdistää kolme erillistä taajuusmuuttajasähkökäyttöjen graafisten käyttöliittämätyökalujen automatisoitua testausjärjestelmää. Uuden automatisoidun testausjärjestelmän nimi on Unified testing framework. Tämän uuden testausjärjestelmän avulla voidaan testata, että kaikki kolme käyttöliittymätyökalua toimivat oikein sekä keskenään, että taajuusmuuttajasähkökäyttöjen kanssa Tämä työ keskittyy sulautettuihin järjestelmiin, koska taajuusmuuttajasähkökäytöt ja yksi käyttöliittymätyökaluista on sulautettu järjestelmä. Kaksi muuta käyttöliittymätyökalua ovat tietokoneella ja älypuhelimella toimivia ohjelmistoja. Tämä työ on jaettu neljään osaan. Ensiksi tutustutaan testausjärjestelmien teoriaan kirjallisuuskatsauksen avulla. Tätä tietoa sitten sovelletaan analysoimaan alkuperäisiä testausjärjestelmiä. Tämän perusteella muodostetaan ja esitetään Unified testing frameworkin suunnitelma. Lopuksi Unified testing framework validoidaan käyttämällä apuna prototyyppiä. Validointi tapahtuu käyttämällä mittareina kattavuutta, ylläpidettävyyttä ja suorituskykyä

A conformance test framework for the DeviceNet fieldbus

The DeviceNet fieldbus technology is introduced and discussed. DeviceNet is an open standard fieldbus which uses the proven Controller Area Network technology. As an open standard fieldbus, the device conformance is extremely important to ensure smooth operation. The error management in DeviceNet protocol is highlighted and an error injection technique is devised to test the implementation under test for the correct error-recovery conformance. The designed Error Frame Generator prototype allows the error management and recovery of DeviceNet implementations to be conformance tested. The Error Frame Generator can also be used in other Controller Area Network based protocols. In addition, an automated Conformance Test Engine framework has been defined for realising the conformance testing of DeviceNet implementations. Automated conformance test is used to achieve consistent and reliable test results, apart from the benefits in time and personnel savings. This involves the investigations and feasibility studies in adapting the ISO 9646 conformance test standards for use in DeviceNet fieldbus. The Unique Input/Output sequences method is used for the generation of DeviceNet conformance tests. The Unique Input/Output method does not require a fully specified protocol specification and gives shorter test sequences, since only specific state information is needed. As conformance testing addresses only the protocol verification, it is foreseen that formal method validation of the DeviceNet protocol must be performed at some stage to validate the DeviceNet specification