Using BIP to reinforce correctness of resource-constrained IoT applications

International audienceIoT applications have either a sense-only or a sense-compute-actuate goal and they implement a capability to process and respond to multiple (external) events while performing computations. Existing IoT operating systems provide a versatile execution environment that adheres to the limitations of the interconnected resource-constrained devices. To reduce the development effort, applications are often built on top of RESTful web services, which can be shared and reused. However, the asynchronous communication between remote nodes is prone to event scheduling delays, which cannot be predicted and taken into account while programming the application. Moreover, to avoid long delays in message processing and communication due to packet collisions, the data transmission frequencies between the system's nodes have to carefully chosen. In general, even when appropriate debugging tools and simulators are available, it is still a hard challenge to guarantee the required functional and non-functional properties at the application and system levels. To this end, we focus on IoT applications for the Contiki OS and we introduce a model-based rigorous analysis approach using the BIP component framework. At the application level, we verify qualitative properties regarding service responsiveness, whereas at the system level we can validate qualitative and quantitative properties using statistical model checking. We present results for an application scenario running on a distributed system infrastructure with nodes executing the Contiki OS

Correct-by-Construction Web Service Architecture

Abstract—Service-Oriented Computing aims to facilitate devel-opment of large-scale applications out of loosely coupled services. The service architecture sets the framework for achieving cohe-rence and interoperability despite service autonomy and the hete-rogeneity in data representation and protocols. Service-Oriented Architectures are based on standardized service contracts, in order to infuse characteristic properties (stateless interactions, atomicity etc). However, contracts cannot ensure correctness of services if essential operational details are overlooked, as is usually the case. We introduce a modeling framework for the specification of Web Service architectures, in terms of formal operational semantics. Our approach aims to enable rigorous design of Web Services, based on the Behaviour Interaction Priorities (BIP) component framework and the principles of correctness-by-construction. We provide executable BIP models for SOAP-based and RESTful Web Services and for a service ar-chitecture with session replication. The architectures are treated as reusable design artifacts that may be composed, such that their characteristic properties are preserved

Architecture-based Design: A Satellite On-Board Software Case Study

In this case study, we apply the architecture-based design approach to the control software of the CubETH satellite. Architectures are a means for ensuring global coordination properties and thus, achieving correctness of complex systems by construction. The design approach comprises three main steps: 1) definition of a domain-specific taxonomy of architecture styles; 2) design of the software model by applying architectures to enforce the required properties; 3) deadlock-freedom analysis of the resulting model. We provide a taxonomy of architecture styles for satellite on-board software, formally defined by architecture diagrams in the BIP component-based framework. We show how architectures are instantiated from the diagrams and applied to a set of atomic components. Deadlock-freedom of the resulting model is verified using the DFinder tool from the BIP tool-set. Finally, we provide additional validation of our approach by using the nuXmv model checker to verify that the properties enforced by the architectures are, indeed, satisfied in the resulting software model

Από κατασκευής ορθή σχεδίαση συστημάτων και λογισμικού βάσει μοντέλων

This thesis introduces correctness-by-construction techniques for rigorous system design. In particular, we focused on how to produce and validate a functional application model from a set of requirements or from application code. First, we dealt with the early validation of system requirements and design, in order to eliminate the need for a-posteriori verification at the later stages of development. Second, we focused on the automated generation of functional application models from programs with nested syntax, while maintaining the program semantics. Finally, we proposed a design flow that aims to maintain the consistency between the application model and the application code, using a new domain-specific language that focuses on the design of resource-constrained applications for the Internet of Things.Η παρούσα διατριβή εισάγει τεχνικές για την αυστηρή και από κατασκευής ορθή σχεδίαση συστημάτων. Ειδικότερα, εστιάσαμε στο πώς μπορούμε να παράγουμε και να επικυρώνουμε ένα λειτουργικό μοντέλο της εφαρμογής που προκύπτει από ένα σύνολο απαιτήσεων ή από τον κώδικα της εφαρμογής. Αρχικά, ασχοληθήκαμε με την πρώιμη επικύρωση των απαιτήσεων και της σχεδίασης του συστήματος, ώστε να εξαλειφθεί η ανάγκη επαλήθευσης εκ των υστέρων και να περιοριστούν οι έλεγχοι επικύρωσης κατά τα τελευταία στάδια ανάπτυξης. Δεύτερον, εστιάσαμε στην αυτόματη δημιουργία λειτουργικών μοντέλων εφαρμογών από προγράμματα με εμφωλευμένη σύνταξη, διατηρώντας τη σημασιολογία των προγραμμάτων. Τέλος, προτείναμε μία ροή σχεδίασης που αποσκοπεί στη διατήρηση της συνέπειας μεταξύ του λειτουργικού μοντέλου και του κώδικα εφαρμογής μέσω της χρήσης μιας νέας γλώσσας ειδικού σκοπού, κατάλληλης για τη σχεδίαση συστημάτων περιορισμένων πόρων του διαδικτύου των αντικειμένων

Early validation of system requirements and design through correctness-by-construction

International audienceEarly validation of requirements aims to reduce the need for the high-cost validation testing and corrective measures at late development stages. This work introduces a systematic process for the unambiguous specification of system requirements and the guided derivation of formal properties, which should be implied by the system 's structure and behavior in conjunction with its external stimuli. This rigorous design takes place through the incremental construction of a model using the BIP (Behavior-Interaction-Priorities) component framework. It allows building complex designs by composing simpler reusable designs enforcing given properties. If some properties are neither enforced nor verified, the model is refined or certain requirements are revised. A validated model provides evidence of requirements' consistency and design correctness. The process is semi-automated through a new tool and existing verification tools. Its effectiveness was evaluated on a set of requirements for the control software of the CubETH nanosatellite and an extract of software requirements for a Low Earth Orbit observation satellite. Our experience and obtained results helped in identifying open challenges for applying the method in industrial context. These challenges concern with the domain knowledge representation , the expressiveness of used specification languages, the library of reusable designs and scalability