Component-based Design of Heterogeneous Reactive Systems in Prometheus

Designing embedded systems increasingly demands coping with heterogeneous systems, involving different models of computation, communication, and execution, on different levels of abstraction and different time scales. The component model BIP (Behavior, Interaction model, Priority) has been designed to support the construction of heterogeneous reactive systems. It enables heterogeneous modeling by separating the notions of behavior, interaction model, and execution model. We present here the design tool Prometheus, which implements the BIP component model, along with a set of algorithms for compositional verification. The use of the component framework is illustrated with two case studies involving different models of computation and communication

Specification Enforcing Refinement for Convertibility Verification

International audienceProtocol conversion deals with the automatic synthesis of an additional component, often referred to as an adaptor or a converter, to bridge mismatches between interacting components, often referred to as protocols. A formal solution, called convertibility verification, has been recently proposed, which produces such a converter, so that the parallel composition of the protocols and the converter also satisfies some desired specification. A converter is responsible for bridging different kinds of mismatches such as control, data, and clock mismatches. Mismatches are usually removed by the converter by disabling undesirable paths in the protocol composition (similar to controllers in supervisory control of Discrete Event Systems (DES)). We generalize this convertibility verification problem by using a new refinement called specification enforcing refinement (SER) between a protocol composition and a desired specification. The existence of such a refinement is shown to be a necessary and sufficient condition for the existence of a suitable converter. We also synthesize automatically the converter if a SER refinement relation exists. The proposed converter is capable of the usual disabling actions to remove undesirable paths in the protocol composition. In addition, the converter can perform forcing actions when disabling alone fails to find a converter to satisfy the desired specification. Forcing allows the generation of control inputs in one protocol that are not provided by the other protocol. Forcing induces state-based hiding, an operation not achievable using DES control theory

Efficient parameter search for qualitative models of regulatory networks using symbolic model checking

Investigating the relation between the structure and behavior of complex biological networks often involves posing the following two questions: Is a hypothesized structure of a regulatory network consistent with the observed behavior? And can a proposed structure generate a desired behavior? Answering these questions presupposes that we are able to test the compatibility of network structure and behavior. We cast these questions into a parameter search problem for qualitative models of regulatory networks, in particular piecewise-affine differential equation models. We develop a method based on symbolic model checking that avoids enumerating all possible parametrizations, and show that this method performs well on real biological problems, using the IRMA synthetic network and benchmark experimental data sets. We test the consistency between the IRMA network structure and the time-series data, and search for parameter modifications that would improve the robustness of the external control of the system behavior

Liability in Software Engineering: Overview of the LISE Approach and Illustration on a Case Study

© ACM – 2010. This is the authors' pre-version of the work. It is posted here by permission of ACM for your personal use. Not for redistribution. The definitive version was published in the Proceedings of the 32nd ACM/IEEE international Conference on Software Engineering (ICSE'10) - Volume 1 – 978-1-60558-719-6/10/05 – (May 2-8 – 2010) http://doi.acm.org/10.1145/1806799.1806823LISE is a multidisciplinary project involving lawyers and computer scientists with the aim to put forward a set of methods and tools to (1) define software liability in a precise and unambiguous way and (2) establish such liability in case of incident. This report provides an overview of the overall approach taken in the project based on a case study. The case study illustrates a situation where, in order to reduce legal uncertainties, the parties to a contract wish to include in the agreement specific clauses to define as precisely as possible the share of liabilities between them for the main types of failures of the system

Component-based Modeling and Reachability Analysis of Genetic Networks

Genetic regulatory networks have been modeled as discrete transition systems by many approaches, benefiting from a large number of formal verification algorithms available for the analysis of discrete transition systems. However, most of these techniques do not scale up well. In this article, we explore a modular approach for the analysis of genetic regulatory networks. We present a framework for modeling genetic regulatory networks in a modular yet faithful manner based on the mathematically well-founded formalism of piecewise linear differential inclusions. We then propose a compositional algorithm to efficiently analyze reachability properties of the model. A case study on embryonic cell differentiation involving several hundred cells shows the potential of this approach

Component-based Modeling and Reachability Analysis of Genetic Networks

Genetic regulatory networks have been modeled as discrete transition systems by many approaches, benefiting from a large number of formal verification algorithms available for the analysis of discrete transition systems. However, most of these techniques do not scale up well. In this article, we explore a modular approach for the analysis of genetic regulatory networks. We present a framework for modeling genetic regulatory networks in a modular yet faithful manner based on the mathematically well-founded formalism of piecewise linear differential inclusions. We then propose a compositional algorithm to efficiently analyze reachability properties of the model. A case study on embryonic cell differentiation involving several hundred cells shows the potential of this approach

A Correlation Preserving Performance Analysis for Stream Processing Systems

International audienceFor the design of real-time embedded systems, analysis of performance and resource utilization at an early stage is crucial to evaluate design choices. Network Calculus and its variants provide the tools to perform such analyses for distributed systems processing streams of tasks, based on a max-plus algebra. However, the underlying model employed in Network Calculus cannot capture correlations between the availability of different resources and between the arrivals of tasks, leading to overly conservative performance bounds for some frequently used system topologies. We present a model based on timing constraints relative to pairs of streams, endowed with an analysis technique that can handle such correlations

CoSyMA: a tool for controller synthesis using multi-scale abstractions

International audienceWe introduce CoSyMA, a tool for automatic controller synthesis for incrementally stable switched systems based on multi-scale discrete abstractions. The tool accepts a description of a switched system represented by a set of differential equations and the sampling parameters used to define an approximation of the state-space on which discrete abstractions are computed. The tool generates a controller - if it exists - for the system that enforces a given safety or time-bounded reachability specification. We illustrate by examples the synthesized controllers and the significant performance gains during their computation

Probabilistic contracts for component-based design

International audienceWe define a framework of probabilistic contracts for constructing component-based embedded systems, based on the formalism of discrete-time Interactive Markov Chains. A contract specifies the assumptions a component makes on its context and the guarantees it provides. Probabilistic transitions represent allowed uncertainty in the component behavior, for instance, to model internal choice or reliability. Action transitions are used to model non-deterministic behavior and communication between components. An interaction model specifies how components interact with each other. We provide the ingredients for a component-based design flow, including (1) contract satisfaction and refinement, (2) parallel composition of contracts over disjoint, interacting components, and (3) conjunction of contracts describing different requirements over the same component. Compositional design is enabled by congruence of refinement

Causality Analysis in Contract Violation

International audienceEstablishing liabilities in component-based systems is a challenging task, as it requires to establish convincing evidence with respect to the occurrence of a fault, and the causality relation between the fault and a damage. The second issue is especially complex when several faults are detected and the impact of these faults on the occurrence of the failure has to be assessed. In this paper we propose a formal framework for reasoning about logical causality between contract violations