Minxue Pan,Xuandong Li

DOI: https://doi.org/10.1007/s10009-012-0239-9

2012-01-01

International Journal on Software Tools for Technology Transfer

Abstract:Message Sequence Chart (MSC) is a graphical and textual language for describing the interactions between system components, and MSC specifications (MSSs) are a combination of a set of basic MSCs (bMSCs) and a High-level MSC that describes potentially iterating and branching system behavior by specifying the compositions of basic MSCs, which offer an intuitive and visual way of specifying design requirements. With concurrent, timing, and asynchronous properties, MSSs are amenable to errors, and their analysis is important and difficult. This paper deals with timing analysis of MSC specifications with asynchronous concatenation. For an MSC specification, we require that for any loop, its first node be flexible in execution time and its any associated external timing constraint be enforced on the entire loop. Such an MSC specification is called a flexible loop-closed MSC specification (FLMSS). We show that for FLMSSs, the reachability analysis and bounded delay analysis problems can be solved efficiently by linear programming. The solutions have been implemented into our tool TASS and evaluated by experiments.

Xuandong Li,Lei Bu,Jun Hu,Jianhua Zhao,Tao Zhang,Guoliang Zheng

DOI: https://doi.org/10.1007/11888116_28

2006-01-01

Abstract:In this paper, we solve the consistency checking problems of concurrent and real-time system designs modelled by time Petri nets for the scenario-based specifications expressed by message sequence charts (MSCs). The algorithm we present can be used to check if a time Petri net satisfies a specification expressed by a given MSC which requires that if a scenario described by the MSC occurs during the run of the time Petri net, the timing constraints enforced to the MSC must be satisfied.

Xuandong Li,Jun Hu,Lei Bu,Jianhua Zhao,Guoliang Zheng

DOI: https://doi.org/10.1007/11506843_21

2005-01-01

Abstract:Scenario-based specifications such as message sequence charts (MSCs) offer an intuitive and visual way of describing design requirements. As one powerful formalism, Petri nets can model concurrency constraints in a natural way, and are often used in modelling system specifications and designs. Since there are gaps between MSC models and Petri net models, keeping consistency between these two kinds of models is important for the success of software development. In this paper, we use Petri nets to model concurrent systems, and consider the problem of checking Petri nets for scenario-based specifications expressed by message sequence charts. We develop the algorithms to solve the following two verification problems: the existential consistency checking problem, which means that a scenario described by a given MSC must happen during a Petri net runs, or any forbidden scenario described by a given MSC never happens during a Petri net run; and the mandatory consistency checking problem, which means that if a reference scenario described by the given MSCs occurs during a Petri net run, it must adhere to a scenario described by the other given MSC.

Xuandong Li,Jianhua Zhao,Gong Jiayu,Shi Yaoxin,Guoliang Zheng

DOI: https://doi.org/10.1109/ISORC.2004.1300367

2004-01-01

Abstract:In this paper we use net-works of UML statechart diagrams to model compositional designs for real-time systems, and present an algorithm for checking networks of statechart diagrams for the scenario-based specifications expressed by UML sequence diagrams with timing constraints. The algorithm is based on investigating the reach-ability graph of the integer state space of a network of statechart diagrams.

Zhiliang Wang

2006-01-01

Abstract:An interoperability test generation method based on MSC(message sequence charts) test purposes was presented.In the method,communicating multi-port finite state machines was used to model system under testing,and MSC was used to model interoperability test purpose.Test sequences containing the MSC test purpose were generated from system specifications by using global state tracking and backward searching.This method alleviates state explosion problems to some extent for traversing only a part of global state space.Applications in mobile IPv6(Internet protocol version 6) protocol systems verifies the feasibility of this method.

HU Jun,YU Xiao-Feng,ZHANG Yan,LI Xuan-Dong,ZHENG Guo-Liang

DOI: https://doi.org/10.1360/jos170048

2006-01-01

Journal of Software

Abstract:For real-time software systems, this paper considers the problem of checking component-based designs for timing scenario-based specifications, which is one of the challenges in real-time computing domain. Firstly the timing scenario-based specifications are specified by UML sequence diagrams with a set of boolean expressions, then the interface automata for modeling real time systems through adding time intervals on the actions is extened. The component-based designs are modeled by a real-time interface automaton network which contains a set of real-time interface automata synchronized by shared actions. Based on analyzing the compatible integer state space of a real-time interface automata network, a corresponding reachability graph is constructed and finally an algorithm for checking the consistency between the real-time component-based designs and the timing scenario-based specifications is developed.

Jun Hu,Xiaofeng Yu,Yan Zhang,Tian Zhang,Xuandong Li,Guoliang Zheng

DOI: https://doi.org/10.1007/11596356_41

2005-01-01

Abstract:In this paper, for real-time embedded software we consider the problem of checking component-based designs for scenario-based timing specifications. By adding time intervals on the actions, we extend the interface automata for modelling real-time systems. The component-based designs are modelled by real-time interface automaton networks, which includes a set of real-time interface automata synchronized by shared actions, and the scenario-based timing specifications are specified by UML sequence diagrams with a set of boolean expressions. Based on analyzing the compatible integer state space of a real-time interface automaton network and its compatible reachability graph, we develop an algorithm to check the consistency between real-time component-based designs and the scenario-based timing specifications.

Guangquan Zhang,Huijuan Shi,Mei Rong

DOI: https://doi.org/10.1109/APSCC.2011.44

2011-01-01

Abstract:The behaviour mismatch analysis is absolutely necessary for guaranteeing the correct composition of web services. In order to improve the reliability of the Web service composition, we present a mismatch detection method which can capture incompatible behavior and timed conflict among multiple asynchronous services. In this paper, we use software architecture description language XYZ/ADL based on temporal logic to describe Web service composition and use XYZ/RE to express the relative timed constraints. Additionally, we also set up a timed asynchronous service model TASM which can depict asynchronous interacting behavior and timed properties. In particular, the model satisfies the specification of model check UPPAAL. We convert XYZ/ADL description to TASM, and give the definition of compatibility. Then we use UPPAAL to realize mismatch detection of asynchronous Web services. Finally an example is demonstrated to illustrate how the approach we proposed works. © 2011 IEEE.

Kedian Mu,Zhi Jin,Ruqian Lu,Weiru Liu

DOI: https://doi.org/10.1007/11518655_38

2005-01-01

Abstract: In the field of requirements engineering, measuring inconsistency is crucial to effective inconsistency management. A practical measure must consider both the degree and significance of inconsistency in specification. The main contribution of this paper is providing an approach for measuring inconsistent specification in terms of the priority-based scoring vector, which integrates the measure of the degree of inconsistency with the measure of the significance of inconsistency. In detail, for each specification Δ that consists of a set of requirements statements, if L is a m-level priority set, we define a m-dimensional priority-based significance vector [(V)\vec]\vec{V} to measure the significance of the inconsistency in Δ. Furthermore, a priority-based scoring vector [(Sp)\vec]\vec{S_p}: P(D</font >) ®</font > Nm+1\mathcal{P}(\Delta) \longrightarrow N^{m+1} (Δ)→ N m + 1 has been defined to provide an ordering relation over specifications that describes which specification is “more essentially inconsistent than” others.

Jun HU,Xiao-Feng YU,Yan ZHANG,Lin-Zhang WANG,Xuan-Dong LI,Guo-Liang ZHENG

DOI: https://doi.org/10.3321/j.issn:0254-4164.2006.04.001

2006-01-01

Jisuanji Xuebao/Chinese Journal of Computers

Abstract:Component-based system design is becoming more and more popular in software engineering. Checking the important behavioral properties formally in the design phase is an effective way to improve the system reliability. In this paper, the authors consider the problem of checking component-based system designs for scenario-based specifications. Specifically, the authors use the interface automata networks to model the component-based system designs which include a set of interface automata synchronized by shared actions, and the scenario-based specifications are specified by UML sequence diagrams. Based on investigating the reachability graph of the state space of the interface automata networks, the authors develop several algorithms to check the existential consistency and mandatory consistency including the forward, backward and bidirectional consistency.

Xuandong Li,Minxue Pan,Lei Bu,Linzhang Wang,Jianhua Zhao

DOI: https://doi.org/10.1002/stv.434

2012-01-01

Software Testing Verification and Reliability

Abstract:Scenario-based specifications (SBSs), such as UML interaction models, offer an intuitive and visual way of describing design requirements, and are playing an increasingly important role in the design of software systems. This paper presents an approach to timing analysis of SBSs expressed by UML interaction models. The approach considers more general and expressive timing constraints in UML sequence diagrams (SDs), and gives a solution to the reachability analysis, constraint conformance analysis and bounded delay analysis problems, which reduces these problems into linear programs. With the synchronous interpretation of the SD compositions, the timing analysis algorithms in the approach form a decision procedure for a class of SBSs where any loop in any path is time-independent of the other parts in the path. These algorithms are also a semi-decision procedure for general SBSs with both the synchronous and asynchronous composition semantics. The approach also supports bounded timing analysis of SBSs, which investigates all the paths in the bound limit one by one, and performs the timing analysis for each finite path by linear programming. A tool prototype has been developed to support this approach. Copyright © 2010 John Wiley & Sons, Ltd.(This paper presents a linear programming-based approach to timing analysis of scenario-based specifications (SBSs) expressed by UML interaction models. With more general and expressive timing constraints in UML sequence diagrams, the algorithms in the approach solve the problems of the reachability, constraint conformance and bounded delay analysis of SBSs. These algorithms form a decision procedure for the loop-unlimited SBSs where any loop in any path is time-independent of the other parts in the path, and a semi-decision procedure for general SBSs.)

Longlong Lu,Minxue Pan,Tian Zhang,Xuandong Li

DOI: https://doi.org/10.1007/s10270-022-00980-8

2022-01-01

Abstract:Open environmental software systems are often time-sensitive, as they need to respond to other entities within the systems and/or in the environments promptly. The timing requirements are therefore an essential part of the system correctness. Scenario-based specifications (SBS) such as message sequence charts and UML interaction models play an important role in specifying open environmental software systems since they intuitively model interactions between different entities. While modelling these systems, the timing requirements can be specified as timing constraints. In this paper, we study the problem of checking the timing consistency of SBS with timing constraints. Although this problem can be transformed into a reachability analysis problem, checking its reachability can still be time-consuming. Therefore, we propose a novel SAT and linear programming (LP) collaborative timing analysis approach named Tassat for the bounded timing analysis of SBS. Instead of using depth-first traversal algorithms, Tassat encodes the structures of the SBS into propositional formulas and adopts SAT solvers to find candidate paths. The timing analysis of candidate paths is then transformed to LP problems, where the irreducible infeasible set of the infeasible paths can be utilized to filter out candidate paths for checking. In addition, we propose an enhanced version of the approach that extends the bounded analysis results to the entire models if the infeasible path segments do not contain intermediate loops. The enhanced algorithm can prove that the given SBS satisfy the required properties on any bound condition. The experimental results show that Tassat is effective and has better performance than existing tools in terms of both time consumption and memory footprint.

Xiangpeng Zhao,Quan Long,Zongyan Qiu

DOI: https://doi.org/10.1007/11901433_24

2006-01-01

Abstract:UML is widely accepted and extensively used in software modeling. However, using different diagrams to model different aspects of a system brings the risk of inconsistency among diagrams. In this paper, we investigate an approach to check the consistency between the sequence diagrams and statechart diagrams using the SPIN model checker. To deal with the hierarchy structure of statechart diagrams, we propose a formalism called Split Automata, a variant of automata, which is helpful to bridge the statechart diagrams to SPIN efficiently. Compared with the existing work on model checking UML which do not have formal verification for their translation from UML to the model checker, we formally define the semantics and prove that the automatically translated model (i.e. Split Automata) does simulate the UML model. In this way, we can guarantee that the translated model does represent the original model.

Bo Chen,Xi Li,Xuehai Zhou

DOI: https://doi.org/10.1016/j.sysarc.2018.06.002

IF: 5.836

2018-01-01

Journal of Systems Architecture

Abstract:Modelling and Analysis of Real-time and Embedded systems (MARTE) as a domain-specific language is widely used for designing, analysing, and the building of cyber physical systems (CPS). It also provides CCSL as a purely declarative language for expressing logical and chronometric constraints on clocks. Although MARTE/CCSL is powerful expressively, it lacks formal semantics-based language support for describing and analysing. Semantic support, such as timed Input/Output automata not only provides modelling and analysis of timing behaviors, it also provides modelling of the Input/Output behaviors in a direct sense compared to timed automata. The Input/Output behavior can verify the casual relationship between components, one of the most important behaviors is the fairness between components. Thus, to improve the capacity of modeling and verification of the MARTE/CCSL behavior model, we present a method to use MARTE/CCSL as a high level specification language for modelling, then mapping MARTE/CCSL behavior model to timed Input/Output automata, then using an integrated tool (UPPAAL-TIGA) to verify the safety, liveness, and fairness thereof. Finally, we demonstrate the proposed transformation method using a Telerobot control system of real-time systems.

Ming Chai,Haifeng Wang,Tao Tang,Hongjie Liu

DOI: https://doi.org/10.1016/j.jss.2021.110962

IF: 3.5

2021-07-01

Journal of Systems and Software

Abstract:<p>With the growing complexity of railway control systems, it is required to preform runtime safety checks of system executions that go beyond conventional runtime monitoring of pre-programmed safety conditions. Runtime verification is a lightweight and rigorous formal method that dynamically analyses execution traces against some formal specifications. A challenge in applying this method in railway systems is defining a suitable monitoring specification language, i.e., a language that is expressive, of reasonable complexity, and easy to understand. In this paper, we propose parameterized modal live sequence charts (PMLSCs) by introducing the alphabet of the specification into charts to distinguish between silent events and unexpected events. We further investigate the expressiveness and complexity theories of the language. In particular, we prove that PMLSCs are closed under negation and the complexity of a subclass of PMLSCs is linear, which allows the language to be used to monitor a system online. Finally, we use PMLSCs to monitor an RBC system in the Chinese high-speed railway and evaluate the performance. The experimental results show that the PMLSC has high monitoring efficiency, and can reduce false alarm rate by introducing alphabets of charts.</p>

computer science, theory & methods, software engineering

Raimundo Barreto,Lucas Cordeiro,Bernd Fischer

DOI: https://doi.org/10.48550/arXiv.1106.2320

2011-06-12

Abstract:Embedded systems are everywhere, from home appliances to critical systems such as medical devices. They usually have associated timing constraints that need to be verified for the implementation. Here, we use an untimed bounded model checker to verify timing properties of embedded C programs. We propose an approach to specify discrete time timing constraints using code annotations. The annotated code is then automatically translated to code that manipulates auxiliary timer variables and is thus suitable as input to conventional, untimed software model checker such as ESBMC. Thus, we can check timing constraints in the same way and at the same time as untimed system requirements, and even allow for interaction between them. We applied the proposed method in a case study, and verified timing constraints of a pulse oximeter, a noninvasive medical device that measures the oxygen saturation of arterial blood.

Logic in Computer Science

Longlong Lu,Wenhua Yang,Minxue Pan,Tian Zhang

DOI: https://doi.org/10.1145/3457913.3457917

2021-01-01

Abstract:Timing analysis of scenario-based specifications (SBS) such as message sequence charts and UML interaction models plays an essential role in the design phase of real-time system development. However, it is time-consuming and labor-intensive to conduct analysis on the satisfiability of the timing constraints. In this article, we propose a novel SAT and linear programming (LP) collaborative timing analysis approach named TASSAT for SBS. Instead of using depth-first traversal algorithms, TASSAT encodes the structures of the SBS into propositional formulas and use the SAT solver to find candidate paths. The timing analysis of candidate paths is then reduced to LP problems, where irreducible infeasible set of the infeasible path can be used to prune unnecessary search space of the SAT solver. The experimental results show that TASSAT is effective and offers better performance than existing tools in terms of both time consumption and memory footprint.

John Hatcliff,Marjan Sirjani,Ehsan Khamespanah,Fatemeh Ghassemi,Mahsa Zarneshan

DOI: https://doi.org/10.46298/lmcs-18(2:13)2022

2022-09-01

Logical Methods in Computer Science

Abstract:To support the dynamic composition of various devices/apps into a medical system at point-of-care, a set of communication patterns to describe the communication needs of devices has been proposed. To address timing requirements, each pattern breaks common timing properties into finer ones that can be enforced locally by the components. Common timing requirements for the underlying communication substrate are derived from these local properties. The local properties of devices are assured by the vendors at the development time. Although organizations procure devices that are compatible in terms of their local properties and middleware, they may not operate as desired. The latency of the organization network interacts with the local properties of devices. To validate the interaction among the timing properties of components and the network, we formally specify such systems in Timed Rebeca. We use model checking to verify the derived timing requirements of the communication substrate in terms of the network and device models. We provide a set of templates as a guideline to specify medical systems in terms of the formal model of patterns. A composite medical system using several devices is subject to state-space explosion. We extend the reduction technique of Timed Rebeca based on the static properties of patterns. We prove that our reduction is sound and show the applicability of our approach in reducing the state space by modeling two clinical scenarios made of several instances of patterns.

computer science, theory & methods,logic

Minxue Pan,Lei Bu,Xuandong Li

DOI: https://doi.org/10.1007/978-3-642-02658-4_56

2009-01-01

Abstract:In this paper, we present TASS which is a timing analyzer of scenario-based specifications. TASS accepts UML2.0 interaction models with general and expressive timing constraints and can be used for three kinds of timing analysis problems: the reachability analysis, the constraint conformance analysis, and the bounded delay analysis. The underlying technique of TASS is to reduce the timing analysis problems into linear programming problems.

GS Wu,FY Zhang

DOI: https://doi.org/10.1109/icsmc.2000.885949

2000-01-01

Abstract:Synchronization is the major processing task during multimedia presentation, which defines the time relation between multimedia objects. There are many synchronization specification methods, and each has different advantages and disadvantages. Those methods work well for the simple and specific synchronization case, but when considering large complex multimedia presentation, there lacks an effective method to deal with the complex time relation. In this paper, a synchronization point based specification method (SPM) is proposed, and based on it, a static and dynamic validation mechanism for the synchronization relation is given. In SPM, the synchronization relation is defined in synchronization points (SP). Multimedia presentation control is based on SP's status during presentation. According to the order of SPs, SPM gives the static and dynamic validation algorithm, which can avoid the conflict relation between SPs. SPM gives a way to define the nondetermined synchronization relation between multimedia objects, and proposes static and dynamic validation mechanisms for complex synchronization control. This synchronization point based mechanism can extend the capability of synchronization definition and control in a multimedia system