Compositional Verification for Timed Systems Based on Automatic Invariant Generation

We propose a method for compositional verification to address the state space explosion problem inherent to model-checking timed systems with a large number of components. The main challenge is to obtain pertinent global timing constraints from the timings in the components alone. To this end, we make use of auxiliary clocks to automatically generate new invariants which capture the constraints induced by the synchronisations between components. The method has been implemented in the RTD-Finder tool and successfully experimented on several benchmarks

Compositional Verification of Parameterised Timed Systems

International audienceIn this paper we address the problem of uniform verification of parameterised timed systems (PTS): " does a given safety state property hold for a system containing n identical timed components regardless of the value of n? ". Our approach is compositional and consequently it suits quite well such systems in that it presents the advantage of reusing existing local characterisations at the global level of system characteri-sation. Additionally, we show how a direct consequence of the modelling choices adopted in our framework leads to an elegant application of the presented method to topologies such as stars and rings

Compositional Invariant Generation for Timed Systems

International audienceIn this paper we address the state space explosion problem inherent to model-checking timed systems with a large number of components. The main challenge is to obtain pertinent global timing constraints from the timings in the components alone. To this end, we make use of auxiliary clocks to automatically generate new invariants which capture the constraints induced by the synchronisations between components. The method has been implemented as an extension of the D-Finder tool and successfully experimented on several benchmarks

Towards Time-triggered Component-based System Models

International audienceIn this paper, we propose a methodology for producing correct-by-construction Time-Triggered (TT) physical model by starting from a high-level model of the application software in Behaviour, Interaction, Priority (BIP). BIP is a component-based framework with formal semantics that rely on multi-party interactions for synchronizing components. Commonly in TT implementations, processes interact with each other through a communication medium. Our methodology transforms, depending on a user-defined task mapping, high-level BIP models where communication between components is strongly synchronized, into TT physical model that integrates a communication medium. Thus, only inter-task communications and components participating in such interactions are concerned by the transformation process. The transformation consists of: (1) breaking atomicity of actions in components by replacing strong synchronizations with asynchronous send/receive interactions, (2) inserting communication media that coordinate execution of inter-task interactions according to a user-defined task mapping, (3) extending the model with an algorithm for handling conflicts between different communication media and (4) instantiating task components and adding local priority rules for handling conflicts between inter-task and intra-task interactions. We also prove the correctness of our transformation, which preserves safety properties. I. INTRODUCTION A Time-Triggered (TT) system initiates all system activities-task activation, message transmission, and message detection-at predetermined points in time. Ideally, in a time-triggered operating system there is only one interrupt signal: the ticks generated by the local periodic clock. These statically defined activation instants enforce regularity and make TT systems more predictable than Event-Triggered (ET) systems. This approach is well-suited for hard real-time systems. In [1] and [2], Kopetz presents an approach for real-time system design based on the TT paradigm which comprises three essential elements: The global notion of time: It must be established by a periodic clock synchronization in order to enable a TT communication and computation, The temporal control structure of each task: In a sequence of computational or communication processes (called tasks), the start of a task is triggered by the progression of the global time, independently from the involved data of the task. The worst-case execution time and thus the worst-case termination instant are also assumed to be known a priori. These statically predefined start and worst-case termination instants, define the temporal control structure of the task

Model-based implementation of real-time applications

Correct and efficient implementation of general real-time applications remains by far an open problem. A key issue is meeting timing constraints whose satisfaction depends on features of the execution platform, in particular its speed. Existing rigorous implementation techniques are applicable to specific classes of systems e.g. with periodic tasks, time deterministic systems. We present a general model-based implementation method for real-time systems based on the use of two models. &bull An abstract model representing the behavior of real-time software as a timed automaton. The latter describes user-defined platform-independent timing constraints. Its transitions are timeless and correspond to the execution of statements of the real-time software. &bull A physical model representing the behavior of the real-time software running on a given platform. It is obtained by assigning execution times to the transitions of the abstract model. A necessary condition for implementability is time-safety, that is, any (timed) execution sequence of the physical model is also an execution sequence of the abstract model. Time-safety simply means that the platform is fast enough to meet the timing requirements. As execution times of actions are not known exactly, time-safety is checked for worst-case execution times of actions by making an assumption of time-robustness: time-safety is preserved when speed of the execution platform increases. We show that as a rule, physical models are not time-robust and show that time-determinism is a sufficient condition for time-robustness. For given real-time software and execution platform corresponding to a time-robust model, we define an Execution Engine that coordinates the execution of the application software so as to meet its timing constraints. Furthermore, in case of non-robustness, the Execution Engine can detect violations of time-safety and stop execution

Introduction aux impacts environnementaux du numérique

International audienc

Using speed diagrams for symbolic quality management

We present a quality management method for multimedia applications. The method takes as input an application software composed of actions. The execution times of actions are unknown increasing functions of quality level parameters. The method allows the construction of a Quality Manager which computes adequate action quality levels so as to meet QoS requirements for a given platform. These include deadlines for the actions as well as quality maximization and smoothness. We extend and improve results of a previous paper by focusing on the reduction of overhead due to quality management. We propose a symbolic quality management method using speed diagrams, a representation of the system's dynamics. Instead of numerically computing a quality level for each action, the Quality Manager changes action quality levels based on the knowledge of constraints characterizing control relaxation regions. These are sets of states in which quality management for a given number of steps can be relaxed without degrading quality. We provide experimental results for quality management of an MPEG encoder, in particular performance benchmarks for both numeric and symbolic quality management. © 2007 IEEE

Fine grain QoS control for multimedia application software

We propose a method for fine grain QoS control of dataflow applications. We assume that the application software is described as the composition of actions (C-functions) with quality level parameters. The method allows to compute a QoS controller from this description, and average execution times, worst case execution times and deadlines for its actions. The controller computes dynamically feasible schedules and quality assignments for their actions. Furthermore, the control policy ensures optimal time budget utilization. A prototype tool implementing the method is shown as well as experimental results for a non trivial example. The results show the interest of fine grain QoS control for video encoders

Symbolic quality control for multimedia applications

We present a fine grain quality control method for multimedia applications. The method takes as input an application software composed of actions. The execution times of actions are unknown increasing functions of quality level parameters. The method allows the construction of a Controller which computes adequate action schedules and corresponding quality levels, so as to meet QoS requirements for a given platform. These include requirements for safety (action deadlines are met) as well optimality (maximization and smoothness of quality levels). The Controller consists of a Quality Manager and a Scheduler. For each action, the Controller uses a quality management policy for choosing a schedule and quality levels meeting the QoS requirements. The schedule is selected amongst a set of optimal schedules computed by the Scheduler. We extend and improve results of previous papers providing a solid theoretical basis for designing and implementing the Controller. We propose a symbolic quality management method using speed diagrams, a representation of the controlled system's dynamics. Instead of numerically computing a quality level for each action, the Quality Manager changes action quality levels based on the knowledge of constraints characterizing control relaxation regions. These are sets of states in which quality management for a given number of computation steps can be relaxed without degrading quality. We study techniques for efficient computation of optimal schedules. We present experimental results including the implementation of the method and benchmarks for an MPEG4 video encoder. The benchmarks show drastic performance improvement for controlled quality with respect to constant quality. They also show that symbolic quality management allows significant reduction of the overhead with respect to numeric quality management. Finally, using optimal schedules can lead to considerable performance gains. © 2008 Springer Science+Business Media, LLC