Verification and Optimization of a PLC Control Schedule

We report on the use of the SPIN model checker for both the verification of a process control program and the derivation of optimal control schedules. This work was carried out as part of a case study for the EC VHS project (Verification of Hybrid Systems), in which the program for a Programmable Logic Controller (PLC) of an experimental chemical plant had to be designed and verified. The intention of our approach was to see how much could be achieved here using the standard model checking environment of SPIN/Promela. As the symbolic calculations of real-time model checkers can be quite expensive it is interesting to try and exploit the efficiency of established non-real-time model checkers like SPIN in those cases where promising work-arounds seem to exist. In our case we handled the relevant real-time properties of the PLC controller using a time-abstraction technique; for the scheduling we implemented in Promela a so-called variable time advance procedure. For this case study these techniques proved sufficient to verify the design of the controller and derive (time-)optimal schedules with reasonable time and space requirements

A framework for scheduler synthesis

We present a framework integrating specification and scheduler generation for real time systems. In a first step, the system, which can include arbitrarily designed tasks (cyclic or sporadic, with or without precedence constraints, any number of resources and CPUs) is specified as a timed Petri net. In a second step, our tool generates the most general non preemptive online scheduler for the specification, using a controller synthesis techniqu

{VeSTA} : a Tool to Verify the Correct Integration of a Component in a Composite Timed System

International audienceVesta is a push-button tool for checking the correct integration of a component in an environment, for component-based timed systems. By correct integration, we mean that the local properties of the component are preserved when this component is merged into an environment. This correctness is checked by means of a so-called divergencesensitive and stability-respecting timed tau-simulation, ensuring the preservation of all linear timed properties expressed in the logical formalism Mitl (Metric Interval Temporal Logic), as well as strong non-zenoness and deadlock-freedom. The development of the tool was guided by the architecture of the Open-Kronos tool. This allows, as additional feature, an easy connection of the models considered in Vesta to the Open- Caesar verification platform, and to the Open-Kronos tool

Model Checking Classes of Metric LTL Properties of Object-Oriented Real-Time Maude Specifications

This paper presents a transformational approach for model checking two important classes of metric temporal logic (MTL) properties, namely, bounded response and minimum separation, for nonhierarchical object-oriented Real-Time Maude specifications. We prove the correctness of our model checking algorithms, which terminate under reasonable non-Zeno-ness assumptions when the reachable state space is finite. These new model checking features have been integrated into Real-Time Maude, and are used to analyze a network of medical devices and a 4-way traffic intersection system.Comment: In Proceedings RTRTS 2010, arXiv:1009.398

A phase II study of Yondelis® (trabectedin, ET-743) as a 24-h continuous intravenous infusion in pretreated advanced breast cancer

Yondelis® (trabectedin, ET-743) is a novel marine-derived anticancer compound found in the ascidian Ecteinascidia turbinata. It is currently under phase II/III development in breast cancer, hormone refractory prostate cancer, sarcomas and ovarian cancer. Activity in breast cancer experimental models has been reported, and preliminary evidence of activity in this setting during the phase I programme has also been observed. The present study assessed the activity and feasibility of trabectedin in women with advanced breast cancer previously treated with conventional therapies. Patients with advanced disease previously treated with at least one but not more than two regimens that included taxanes or anthracyclines as palliative therapy were eligible. Trabectedin 1.5 mg m−2 was administered as a 24-h continuous infusion every 3 weeks. Patients were kept on therapy until disease progression, unacceptable toxicity or patient refusal. Twenty-seven patients were included between April 1999 and September 2000. Their median age was 54 years (range: 36–67) and 63% of them had two metastatic sites. Twenty-two patients were performance status 1. All patients had previously received anthracyclines, and 23 out of 27 patients had received taxanes. Of 21 patients with measurable disease, three confirmed partial responses, one unconfirmed partial response and two minor responses (49 and 32% tumour shrinkage) were observed; six patients had stable disease. Median survival was 10 months (95% confidence interval: 4.88–15.18). Transient and noncumulative transaminitis was observed in most of the patients. The pharmacokinetic profile of trabectedin in this patient's population is in line with the overall data available with this schedule. The policy of dose adjustments based on the intercycle peaks of bilirubin and alkaline phosphatase appears to have a positive impact in the therapeutic index of trabectedin. Trabectedin can induce response and tumour control in previously treated advanced breast cancer, with manageable toxicity, thus warranting further development as a single agent or in combination regimens

Symbolic Simulation of Dataflow Synchronous Programs with Timers

International audienceThe synchronous language Lustre and its descendants have long been used to program and model discrete controllers. Recent work shows how to mix discrete and continuous elements in a Lustre-like language called Zélus. The resulting hybrid programs are deterministic and can be simulated with a numerical solver. In this article, we focus on a subset of hybrid programs where continuous behaviors are expressed using timers, nondeterministic guards, and invariants, as in Timed Safety Automata. We propose a source-to-source compilation pass to generate discrete code that, coupled with standard operations on Difference-Bound Matrices, produces symbolic traces that each represent a set of concrete traces