Bernhard Josko

A Compositional Real-Time Semantics of STATEMATE Designs

This paper presents a reference semantics for a verication tool currently under development allowing to verify temporal properties of embedded control sys- tems modelled using the StateMate system. The semantics reported divert from others reported in the literature [24] by faithfully modelling the semantics as supported in the StateMate simulation tool. It divers from the recent paper by Harel and Naamad [8] by providing a compositional semantics, a prerequisite for the support of compositional verication methods, and by the degree of math- ematical rigour. We use a variant of synchronous transition systems introduced by Manna and Pnueli [18] as base model for our semantics.

Using contract-based component specifications for virtual integration testing and architecture design

We elaborate on the theoretical foundation and practical application of the contract-based specification method originally developed in the Integrated Project SPEEDS [11], [9] for two key use cases in embedded systems design. We demonstrate how formal contract-based component specifications for functional, safety, and real-time aspects of components can be expressed using the pattern-based requirement specification language RSL developed in the Artemis Project CESAR, and develop a formal approach for virtual integration testing of composed systems based on such contract-specifications of subsystems. We then present a methodology for multi-criteria architecture evaluation developed in the German Innovation Alliance SPES on Embedded Systems.

Understanding UML: A Formal Semantics of Concurrency and Communication in Real-Time UML

We define a subset krtUML of UML which is rich enough to express all behavioural modelling entities of UML used for real-time applications, covering such aspects as active objects, dynamic object creation and destruction, dynamically changing communication topologies in inter-object communication, asynchronous signal based communication, synchronous communication using operation calls, and shared memory communication through global attributes. We define a formal interleaving semantics for this kernel language by associating with each model M ∈ krtUML a symbolic transition system STS(M). We outline how to compile industrial real-time UML models making use of generalisation hierarchies, weak- and strong aggregation, and hierarchical state-machines into krtUML, and propose modelling guidelines for real-time applications of UML. This work provides the semantical foundation for formal verification of real-time UML models described in the companion paper [11].

A discrete-time UML semantics for concurrency and communication in safety-critical applications

We define a subset krtUML of UML which is rich enough to express such modelling entities of UML, used in real-time applications, as active objects, dynamic object creation and destruction, dynamically changing communication topologies, combinations of synchronous and asynchronous communication, and shared memory usage through object attributes. We define a formal interleaving semantics for this kernel language by associating with each model M ∈ krtUML a symbolic transition system STS(M). We briefly outline how to compile models of industrial systems making use of generalisation hierarchies, weak and strong aggregation, and hierarchical state-machines into krtUML. The main aim of the paper is to provide an executable semantics for krtUML suitable for the formal verification of temporal model properties with existing model-checking tools.

Verifying the correctness of AADL modules using model checking

This paper presents a temporal logic MCTL which is suitable for modular specification and verification of computer architectures. MCTL has the advantage that open systems can be specified and verified; i.e. it allows the specification of properties under some assumptions on the environment. The module concept may help to solve the state explosion problem in the verification of temporal logic specifications. To verify the correctness of an implementation we describe a model checking algoritm for that logic.

A Visual Fomalism for Real-Time Requirement Specifications

This paper presents a semantical basis of a graphical specification language, called real-time symbolic timing diagrams (RTSTD), to express real-time requirements of embedded systems. RTSTD allow a concise and unambigous formulation of real-time properties that are intuitively understandable by hardware designers. We give a precise semantical foundation of this graphical language in terms of real-time temporal logic. Due to this interpretation RTSTD can be embedded into existing verification tools to check whether an implementation satiesfies the given specification expressed as RTSTD.

Metamodels in Europe: Languages, Tools, and Applications

This article provides an overview of current efforts in Europe for using metamodeling in the integrated development of critical systems such as automotive electronics. It distinguishes between lightweight versus heavyweight approaches, surveys a number of related current European projects, and gives details about the Speeds project to illustrate the role of metamodeling-driven system engineering.

Software components for reliable automotive systems

System-level integration requires an overall understanding of the interplay of the sub-systems to enable component- based development with portability, reconfigurability and extensibility, together with guaranteed reliability and performance levels. Integration by simple interfaces and plug- and-play of sub-systems, which is the main objective of AUTOSAR, requires solving essential technical problems. We discuss to what degree the existing AUTOSAR standard can support the development of safety- and time-critical software and what is required to move toward the desirable goal of timing isolation when integrating multiple applications into the same execution platform.

MCTL - An Extension of CTL for Modular Verification of Concurrent Systems

We are interested in modular specification and verification of digital circuits. Hence we asked for an appropriate description logic. In [MC85,BCDM85] the temporal logic CTL has successfully been used to verify some circuits. This logic was choosen as it has a linear model checking algorithm, and thus proving specifications in models consisting of hundreds or thousands of states can be done efficiently. But, unfortunately, CTL does not support modular specification and verification. As other logics as CTL* or PTL, which are suitable for modular verification, have exponential model checking algorithms we looked for an extension of CTL which allows modular specifications and whose model checking algorithm is faster than that of CTL*. In this paper we present such a logic, called MCTL. Formulae of MCTL are given by two parts, one describing a property of a module — this is done by a CTL formula — and one describing some assumptions on the environment — this is done by a special kind of path formulae. The interpretation of such a formula is in such a way that the assumptions restrict the paths which are relevant for the path quantifiers in the CTL formula. We show how this logic can be used in a modular verification system using proof principles given in [Pn85].

A net-based semantics for VHDL

The VHDL standard gives only an informal description of the semantics of VHDL. To apply formal verification techniques, a precise semantics definition is necessary. A formal semantics for VHDL based on interpreted Petri nets is defined. The presented semantics is compositional and provides a link to automatic verification methods for VHDL based designs.<<ETX>>