Dynamic aspects of retrenchments through temporal logic

Refinement is used as a way to verify an implementation with respect to a specification. States of related systems are linked through a so called gluing invariant which remains always true during the synchronous execution of both systems. Refinement is a sufficient condition for this property. Retrenchment is a generalization of refinement which relax the constraints between both systems. This paper proposes a temporal logic counterpart for some specific forms of retrenchment

A Mechanized Semantic Framework for Real-Time Systems

International audienceConcurrent systems consist of many components which may execute in parallel and are complex to design, to analyze, to verify, and to implement. The complexity increases if the systems have real-time constraints, which are very useful in avionic, spatial and other kind of embedded applications. In this paper we present a logical framework for defining and validating real-time formalisms as well as reasoning methods over them. For this purpose, we have implemented in the Coq proof assistant well known semantic domains for real-time systems based on labelled transitions systems and timed runs. We experiment our framework by considering the real-time CSP-based language fiacre, which has been defined as a pivot formalism for modeling languages (aadl, sdl, ...) used in the TOPCASED project. Thus, we define an extension to the formal semantic models mentioned above that facilitates the modeling of fine-grained time constraints of fiacre. Finally, we implement this extension in our framework and provide a proof method environment to deal with real-time system in order to achieve their formal certification

Multi-core Code Generation from Polychronous Programs with Time-Predictable Properties (ACVI 2014)

Workshop of ACM/IEEE 17th International Conference on Model Driven Engineering Languages and Systems (MoDELS 2014)International audienceSynchronous programming models capture concurrency in computation quite naturally, especially in its dataflow multi-clock (polychronous) flavor. With the rising importance of multi-core processors in safety-critical embedded systems or cyber-physical systems (CPS), there is a growing need for model-driven generation of multi-threaded code for multi-core systems. This paper proposes a build method of timepredictable system on multi-core, based on synchronous-model development. At the modeling level, the synchronous abstraction allows deterministic time semantics. Thus synchronous programming is a good choice for time-predictable system design. At the compiler level, the verified compiler from the synchronous language SIGNAL to our intermediate representation (S-CGA, a variant of guarded actions) and to multi-threaded code, preserves the time predictability. At the platform level, we propose a time-predictable multi-core architecture model in AADL (Architecture Analysis and Design Language), and then we map the multi-threaded code to this model. Therefore, our method integrates time predictability across several design layers

An Automatic Technique for Checking the Simulation of Timed Systems

International audienceIn this paper, we suggest an automatic technique for checking the timed weak simulation between timed transition systems. The technique is an observation-based method in which two timed transition systems are composed with a timed observer. A μ-calculus property that captures the timed weak simulation is then verified on the result of the composition. An interesting feature of the suggested technique is that it only relies on an untimed μ-calculus model-checker without any specific algorithm needed to analyze the result of the composition. We also show that our simulation relation supports interesting results concerning the trace inclusion and the preservation of linear properties. Finally, the technique is validated using the FIACRE/TINA toolset

Automatic Verification of Bossa Scheduler Properties

Bossa is a development environment for operating-system process schedulers that provides numerous safety guarantees. In this paper, we show how to automate the checking of safety properties of a scheduling policy developed in this environment. We find that most of the relevant properties can be considered as invariant or refinement properties. In order to automate the related proof obligations, we use the WS1S logic for which a decision procedure is implemented by Mona. The proof techniques are implemented using the FMona tool

Towards a verified transformation from AADL to the formal component-based language FIACRE

International audienceDuring the last decade, aadl  is an emerging architecture description languages addressing the modeling of embedded systems. Several research projects have shown that aadl  concepts are well suited to the design of embedded systems. Moreover, aadl  has a precise execution model which has proved to be one key feature for effective early analysis. In this paper, we are concerned with the foundational aspects of the verification support for aadl. More precisely, we propose a verification toolchain for aadl  models through its transformation to the Fiacre language which is the pivot verification language of the TOPCASED project: high level models can be transformed to Fiacre  models and then model-checked. Then, we investigate how to prove the correctness of the transformation from AADL into Fiacre and present related elementary ingredients: the semantics of aadl  and Fiacre  subsets expressed in a common framework, namely timed transition systems. We also briefly discuss experimental validation of the work

A Refinement-based compiler development for synchronous languages

In this paper, we are concerned by the elaboration of generic development steps for the code generation for synchronous languages. Our aim is to provide a correct by construction solution. For that purpose, we adopt a refinement-based approach where proof obligations for each step guarantee properties preservation. We use the Event-B formal method. We start with a big step semantics specified by an Event-B machine. Through a sequence of refinements, expressed as Event-B refinement machines, we end up with a code generation step which implements a small step semantics preserving the properties of the big step semantics

From AADL to Timed Abstract State Machines: A Verified Model Transformation

International audienceArchitecture Analysis and Design Language (AADL) is an architecture description language standard for embedded real-time systems widely used in the avionics and aerospace industry to model safety-critical applications. To verify and analyze the AADL models, model transformation technologies are often used to automatically extract a formal specification suitable for analysis and verification. In this process, it remains a challenge to prove that the model transformation preserves the semantics of the initial AADL model or, at least, some of the specific properties or requirements it needs to satisfy. This paper presents a machine checked semantics-preserving transformation of a subset of AADL (including periodic threads, data port communications, mode changes, and the AADL behavior annex) into Timed Abstract State Machines (TASM). The AADL standard itself lacks at present a formal semantics to make this translation validation possible. Our contribution is to bridge this gap by providing two formal semantics for the subset of AADL. The execution semantics provided by the AADL standard is formalized as Timed Transition Systems (TTS). This formalization gives a reference expression of AADL semantics which can be compared with the TASM-based translation (for verification purpose). Finally, the verified transformation is mechanized in the theorem prover Coq

Verification of AADL Models with Timed Abstract State Machines

National audienceThis paper presents a formal verification method for AADL (architecture analysis and design language) models by TASM (timed abstract state machine) translation. The abstract syntax of the chosen subset of AADL and of TASM are given. The translation rules are defined clearly by the semantic functions expressed in a ML-like language. Furthermore, the translation is implemented in the model transformation tool AADL2TASM, which provides model checking and simulation for AADL models. Finally, a case study of space GNC (guidance, navigation and control) system is provided

Langage intermédiaire et transformations de modèles pour le développement de systèmes temps-réel : retour d'expérience sur la chaîne de vérification formelle Fiacre

6 pagesInternational audienceWe discuss the results obtained during the development of a formal verification toolchain for AADL based on a model driven engineering approach. Our approach is characterized by the use of the pivot language FIACRE to facilitate verification activities and transformations between models. We quickly analyse the first return on experience and present ongoing work started in the scope of the Quarteft project to improve the verification chain.Nous présentons les résultats obtenus durant le développement d’une chaîne de vérifi-cation formelle pour le langage d’architecture AADL basé sur une approche ingénierie dirigéepar les modèles. Notre approche se caractérise par l’utilisation du langage pivot FIACRE pourfaciliter les activités de vérification et de transformations entre modèles. Nous commentonsles premiers retours d’expérience issus de la mise en oeuvre de cette chaîne de vérification etprésentons en conclusion les travaux en cours dans le cadre du projet Quarteft qui visent àl’améliore