Yuhong Zhao,Franz J. Rammig

DOI: https://doi.org/10.1109/isorc.2012.28

2012-01-01

Abstract:This paper presents a lightweight verification technique, which is applicable to dependable real-time systems, provided that the (abstract) model and the (concrete) implementation of the system under test are given in advance. In addition to the usual quality assurance techniques at design time (e.g., formal verification) and at implementation time (e.g., testing), we provide a special form of model checking at run time. That is, we check the correctness of an actual system execution by means of exploring a partial model space covering the current execution trace. In doing so, concrete state information is observed from time to time while the system to be checked is running. This runtime information is used to guide model checking to reduce the model space to be explored. In this sense, we call this method online model checking. Since we do not directly check the execution trace itself, our online checking at model level is capable of checking a running system some steps ahead of the actual state of execution. In this paper, we describe online model checking as well as the underlying system architecture in general, explain the basic algorithm and its extension to improve performance, and provide experimental results.

Krishna Sudhakar,Yuhong Zhao,Franz-Josef Rammig

DOI: https://doi.org/10.1109/isorc.2014.21

2015-01-01

Concurrency and Computation Practice and Experience

Abstract:In this paper we discuss how an efficient online model checker and a small-footprint RTOS can be integrated. Alternative approaches are discussed, leading to the decision for a federated approach. An implemented prototype is described and some analytical as well as experimental evaluations are presented.

Hanbo Wang,Xingshe Zhou,Yunwei Dong,Lei Tang

DOI: https://doi.org/10.1109/pic.2010.5687484

2010-01-01

Abstract:A novel approach to analyze timing properties of real-time embedded systems based on the model-driven architecture is proposed in this paper. The scheduling model which describes components of software and hardware as well as the interacting and binding relations of components is abstracted from an AADL model. The task deadline at the component lever and the end-to-end latency at the system lever are analyzed by specifying the scheduling model with the satisfiability modulo theories. An analysis tool is developed to work with the AADL developing environment to analyze the timing properties of the AADL model. The experiment results demonstrate the running performance of the proposed approach.

Min Zhang,Yunhui Ying

DOI: https://doi.org/10.1145/3078633.3081035

2017-01-01

Abstract:The Clock Constraint Specification Language (CCSL) is a formal language companion to MARTE (shorthand for Modeling and Analysis of Real-Time and Embedded systems), a UML profile used to facilitate the design and analysis of real-time and embedded systems. CCSL is proposed to specify constraints on the occurrences of events in systems. However, the language lacks efficient verification support to formally analyze temporal properties, which are important properties to real-time and embedded systems. In this paper, we propose an SMT-based approach to model checking of the temporal properties specified in Linear Temporal Logic (LTL) for CCSL by transforming CCSL constraints and LTL formulas into SMT formulas. We implement a prototype tool for the proposed approach and use the state-of-the-art tool Z3 as its underlying SMT solver. We model two practical real-time and embedded systems, i.e., a traffic light controller and a power window system in CCSL, and model check LTL properties of them using the proposed approach. Experimental results demonstrate the effectiveness and efficiency of our approach.

Bo Chen,Xi Li,Xuehai Zhou

DOI: https://doi.org/10.1016/j.sysarc.2018.06.002

IF: 5.836

2018-01-01

Journal of Systems Architecture

Abstract:Modelling and Analysis of Real-time and Embedded systems (MARTE) as a domain-specific language is widely used for designing, analysing, and the building of cyber physical systems (CPS). It also provides CCSL as a purely declarative language for expressing logical and chronometric constraints on clocks. Although MARTE/CCSL is powerful expressively, it lacks formal semantics-based language support for describing and analysing. Semantic support, such as timed Input/Output automata not only provides modelling and analysis of timing behaviors, it also provides modelling of the Input/Output behaviors in a direct sense compared to timed automata. The Input/Output behavior can verify the casual relationship between components, one of the most important behaviors is the fairness between components. Thus, to improve the capacity of modeling and verification of the MARTE/CCSL behavior model, we present a method to use MARTE/CCSL as a high level specification language for modelling, then mapping MARTE/CCSL behavior model to timed Input/Output automata, then using an integrated tool (UPPAAL-TIGA) to verify the safety, liveness, and fairness thereof. Finally, we demonstrate the proposed transformation method using a Telerobot control system of real-time systems.

Fei Yan,Tao Tang

DOI: https://doi.org/10.1109/wcica.2008.4592925

2008-01-01

Abstract:The next few years will see distributed real-time computer systems playing an important role in control systems of high-dependability applications, such as rail transportation. In these applications a failure in the temporal domain can be as critical as a failure in the value domain. In rail transportation, train control system has become more complex and the methods to ensure its correctness of have been considered outmoded. The safety of train control system is becoming increasingly important as computers pervade them on which human life depends and the failure to meet time deadline can have serious or even fatal consequences. This paper proposes a formal modeling and verification approach for real-time system. In the proposed method the real-time system is modeled by timed automata network (TAN) and verified by model checking which explores the state space to determine whether the system satisfies a given specification. The case study of ATP (automatic train protection) shows how the method can assist in designing more efficient and reliable real-time systems. Firstly, automatic train protection (ATP) system and timed automata network (TAN) model is proposed; secondly, the state transitions and multi-tasks ATP onboard model was modeled with TAN model, and then the time sequences of each task are expressed in UML sequence diagrams. Finally, the timing characteristics was verified to meet the requirement by UPPAAL model checker. A major conclusion of the survey is that formal methods, while still immature in some respects, can be used successfully to model and verify real-time systems.

Kim G. Larsen,Fredrik Larsson,Paul Pettersson,Wang Yi

DOI: https://doi.org/10.1023/a:1025132427497

2003-01-01

Real-Time Systems

Abstract:During the past few years, a number of verification tools have been developed for real-time systems in the framework of timed automata. One of the major problems in applying these tools to industrial-sized systems is the huge memory-usage for the exploration of the state-space of a network (or product) of timed automata, as the model-checkers must keep information about not only the control structure of the automata but also the clock values specified by clock constraints. In this paper, we present a compact data structure for representing clock constraints. The data structure is based on an O(n3) algorithm which, given a constraint system over real-valued variables consisting of bounds on differences, constructs an equivalent system with a minimal number of constraints. In addition, we have developed an on-the-fly reduction technique to minimize the space-usage. Based on static analysis of the control structure of a network of timed automata, we are able to compute a set of symbolic states that cover all the dynamic loops of the network in an on-the-fly searching algorithm, and thus ensure termination in reachability analysis. The two techniques and their combination have been implemented in the tool UPPAAL. Our experimental results demonstrate that the techniques result in truly significant space-reductions: for six examples from the literature, the space saving is between 75% and 94%, and in (nearly) all examples time-performance is improved. Noteworthy is also the observation that the two techniques are completely orthogonal.

R. Wang,X. Song,M. Gu

DOI: https://doi.org/10.1049/iet-sen:20070009

2007-01-01

IET Software

Abstract:Validation is an important task in complex embedded system designs. A method of modelling and analysing embedded systems with programmable logic controllers is presented. Controllers and physical plants are modelled using timed automata. The system requirements are specified and formalised as computational tree logic properties. It is demonstrated that the designed model satisfies the required properties by resorting to a symbolic model checker, Uppaal, for real-time systems. A realistic example, the steeve controller of a theatre, illustrates the strategies. The safety and time constraint requirements are validated by Uppaal. The experimental results demonstrate the effectiveness of the approach presented here.

Fei Yan,Tao Tang

DOI: https://doi.org/10.1109/icves.2007.4456386

2007-01-01

Abstract:The safety of control systems are becoming increasingly important as computers pervade them on which human life depends. In rail transportation fields, this has become more complex and the methods to ensure the correctness of train control system have been slow in development. The failure to meet time deadline can have serious or even fatal consequences. This paper presents a new method for performing this verification task. In the proposed method the real-time system is modeled by Timed Automata Network (TAN) and verified by model checking which explores the state space to determine whether the system satisfies a given specification. The case study of ATP (Automatic Train Protection) shows how the method can assist in designing more efficient and reliable real-time systems. Firstly, the state transitions and multi-tasks ATP onboard model will be modeled with Timed Automata Network (TAN) model, and then the time sequences of each task are expressed in UML Sequence Diagrams. Finally, the timing characteristics will be verified to meet the requirement by SMV model checker. A major conclusion of the survey is that formal methods, while still immature in some respects, can be used successfully to model and verify real-time concurrent systems.

Yuhong Zhao,Simon Oberthür,Norma Montealegre,Franz J. Rammig,Martin Kardos

DOI: https://doi.org/10.1007/11752578_125

2006-01-01

Abstract:Component-based self-optimizing systems can adjust themselves over time to dynamic environments by means of exchanging components. In case that such systems are safety-critical, the dependability issue becomes paramountly significant. This paper presents a novel model-based runtime verification to increase dependability for the self-optimizing systems of this kind. The proposed verification approach plays a role of an alternative acceptance test transparently integrated in RTOS, named model-based acceptance test. The verification is performed at the level of (RT-UML) models representing the systems under consideration. The properties to be checked are expressed by RT-OCL where the underlying temporal logic is restricted to either time-annotated ACTL or LTL formulae. The applied technique is based on the on-the-fly model checking, which runs interleaved with the execution of the checked system in a pipelined manner. More specifically, for ACTL formulae this means an on-the-fly solution to the NHORNSAT problem, while in the case of LTL formulae, the emptiness checking method is applied.

Raimundo Barreto,Lucas Cordeiro,Bernd Fischer

DOI: https://doi.org/10.48550/arXiv.1106.2320

2011-06-12

Abstract:Embedded systems are everywhere, from home appliances to critical systems such as medical devices. They usually have associated timing constraints that need to be verified for the implementation. Here, we use an untimed bounded model checker to verify timing properties of embedded C programs. We propose an approach to specify discrete time timing constraints using code annotations. The annotated code is then automatically translated to code that manipulates auxiliary timer variables and is thus suitable as input to conventional, untimed software model checker such as ESBMC. Thus, we can check timing constraints in the same way and at the same time as untimed system requirements, and even allow for interaction between them. We applied the proposed method in a case study, and verified timing constraints of a pulse oximeter, a noninvasive medical device that measures the oxygen saturation of arterial blood.

Logic in Computer Science

Hao Wang,Wendy MacCaull

DOI: https://doi.org/10.4204/EPTCS.13.6

2009-12-10

Abstract:Timed model checking has been extensively researched in recent years. Many new formalisms with time extensions and tools based on them have been presented. On the other hand, Explicit-Time Description Methods aim to verify real-time systems with general untimed model checkers. Lamport presented an explicit-time description method using a clock-ticking process (Tick) to simulate the passage of time together with a group of global variables for time requirements. This paper proposes a new explicit-time description method with no reliance on global variables. Instead, it uses rendezvous synchronization steps between the Tick process and each system process to simulate time. This new method achieves better modularity and facilitates usage of more complex timing constraints. The two explicit-time description methods are implemented in DIVINE, a well-known distributed-memory model checker. Preliminary experiment results show that our new method, with better modularity, is comparable to Lamport's method with respect to time and memory efficiency.

Logic in Computer Science,Software Engineering

Hanbo Wang,Xingshe Zhou,Yunwei Dong,Lei Tang

DOI: https://doi.org/10.1109/iciecs.2010.5678146

2010-01-01

Abstract:A novel approach to verify the timed Petri-Net model is proposed in this paper. A non-instantaneous model is abstracted from the timed Petri-Net model in a hierarchical structure. The non-instantaneous model which is verified with a model-checking tool is used to reduce the state space of the timed Petri-Net model for verification with a satisfiability modulo theories solver. The proposed approach is applied in verifying the non-functional properties of real-time embedded systems.The timed Petri-Net is used to model the interacting relations of the software components and the binding relations between software and hardware. A platform-independent model which abstracted from the scheduling model is transformed into the non-instantaneous model.The performance evaluation shows the improvement on the running time for verification with the proposed approach.

Jianmin Hou,Xuandong Li,Xiaocong Fan,Guoliang Zheng

DOI: https://doi.org/10.1145/272263.272359

1998-01-01

Abstract:A major problem in applying model checking to finite–state systems is the potential combinatorial explosion of the state space arising from parallel composition. Solutions of this problem have been attempted for practical applications using a variety of techniques. Recent work by Andersen [And95] proposes a very promising compositional model checking technique, which has experimentally been shown to improve results obtained using Binary Decision Diagrams. In this paper we make Andersen’s technique applicable to systems described by networks of timed automata. We present a quotient construction, which allows timed automata components to be gradually moved from the network expression into the specification. The intermediate specifications are kept small using minimization heuristics suggested by Andersen. The potential of the combined technique is demonstrated using a prototype implemented in CAML. ∗This work has been supported by the European Communities under CONCUR2, BRA 7166 †Basic Research in Computer Science, Centre of the Danish National Research Foundation. ‡Dept. of Computer Science, Aalborg University, Fredrik Bajers Vej 7-E, DK-9220 Aalborg, Denmark, (email: {fl,kgl}@iesd.auc.dk) fax: (45) 98.15.81.29

Torsten K. Iversen,J. Kristoffersen,Kim G. Larsen,Morten Laursen,Rune G. Madsen,Steffen K. Mortensen,Paul Pettersson,Chris B. Thomasen

DOI: https://doi.org/10.1109/EMRTS.2000.854002

2000-01-01

Abstract:In this paper, we present a method for automatic veri- fication of real-time control programs running on LEGO® RCX™ bricks using the verification tool UPPAAL. The con- trol programs, consisting of a number of tasks running con- currently, are automatically translated into the timed au- tomata model of UPPAAL. The fixed scheduling algorithm used by the LEGO® RCX™ processor is modeled in UP- PAAL, and supply of similar (sufficient) timed automata models for the environment allows analysis of the overall real-time system using the tools of UPPAAL. To illustrate our techniques we have constructed, modeled and verified a machine for sorting LEGO® bricks by color.

CAo Yunan,ZHANG Hui,YE Peiqing,WANG Tianmiao

DOI: https://doi.org/10.3901/jme.2011.01.108

2011-01-01

Abstract:A novel modeling method called timed transition model/all-time real-time temporal logic(TTM/ATRTTL) for specifying open architecture CNC(OAC) systems is proposed.TTM/ATRTTL provides full support for specifying hard real-time property and feed-back characteristics needed for modeling OAC systems.The formal method is used to model OAC systems from different aspects by specifying the TTM structure of an open-loop OAC,a system-level logic controller,and task communication and synchronization,and obtain the closed-loop OAC TTM with scheduling mechanism is given,which is the foundation of the verification framework.Finally,a verification framework is proposed and implemented with STeP and SF2STeP.In the verification,several problems are solved including rewrite rule,verification rule,state explosion problem,and time bound restriction when STeP is used for verification,and then experiments are conducted for verifying an OAC system for dead-lock and system time bound checking.The results show that the method can effectively model and verify OAC systems.

Xinxiu Wen,Huiqun Yu

2012-01-01

Abstract:The modeling and verification of real-time systems is a challenging task in the area of software engineering. This paper proposes a formal method for modeling and verification of real-time systems based on aspect-oriented timed statecharts and linear-time temporal logic. Behaviors of real-time systems are modeled by aspect-oriented timed statecharts, while key properties of systems are specified by linear-time temporal logic. Moreover, aspect-oriented timed statecharts are translated to timed automata with guards to simulate the executable paths of systems and model checking technologies are applied to the verification of models. An elevator example illustrates our modeling and verification method.

Luo Hao,Zhang Guangquan,Chen Donghuo

DOI: https://doi.org/10.3969/j.issn.1000-2073.2007.02.010

2007-01-01

Abstract:Embedded real-time software becomes more and more complicated with its widespread use in variety of domains.Combination of modeling based on UML and modeling based on formal method is one of the good solutions for verification and modeling of embedded real-time software.We extended UML with timed constraint and tagged value because of the special requirement of the real-time system.Furthermore,we proposed a method to translate the UML2.0 sequence diagrams to timed automata.

DONG Wei,WANG Ji,QI Zhi-Chang

2001-01-01

Abstract:Model checking is an important technology of automatic verification. It verifies the modal/proposition properties of concurrent or real-time systems through explicit state exploration or implicit fixpoint computation. It can ensure the correctness of critical application such as communication protocol and digital circuit. In this paper, the development and state-of-art of model checking are expatiated. Two main tactics separately based on automata theory and symbolic structure for concurrent systems are described and the methods to solve state explosion problem are given. Then the methods of model checking for real-time systems and object-oriented designs are introduced. The corresponding known tools for every method are also presented. Finally, the difficulties faced by model checking and its developing trend are analyzed.

François Laroussinie,Kim G. Larsen

DOI: https://doi.org/10.7146/brics.v2i19.19921

1995-01-01

BRICS Report Series

Abstract:A major problem in applying model checking to finite-state systems is the potential combinatorial explosion of the state space arising from parallel composition. Solutions of this problem have been attempted for practical applications using a variety of techniques. Recent work by Andersen [And95] proposes a very promising compositional model checking technique, which has experimentally been shown to improve results obtained using Binary Decision Diagrams. In this paper we make Andersen's technique applicable to systems described by networks of timed automata. We present a quotient construction, which allows timed automata components to be gradually moved from the network expression into the specification. The intermediate specifications are kept small using minimization heuristics suggested by Andersen. The potential of the combined technique is demonstrated using a prototype implemented in CAML.