Carlos Puchol

Safety Property Verification of ESTEREL Programs and Applications to Telecommunications Software

We present a technique for automatically verifying linear-time temporal logic safety properties of programs written in Esterel, a formally-defined language for programming reactive systems. In our approach, linear-time temporal logic safety properties are first translated into Esterel programs that model these properties. Using the Esterel compiler, the translations are compiled in parallel with the Esterel program to be verified. A trivial reachability analysis of the output of the compiler then indicates whether or not the safety property is satisfied by the program. We describe two real-world software problems — Esterel versions of two features of the AT&T 5ESS® switching system — and one well-known benchmark problem — the generalized railroad crossing problem — that we have verified using our technique and associated tool set.

A framework for evaluating specification methods for reactive systems: experience report

Numerous formal specification methods for reactive systems have been proposed in the literature. Because the significant differences bet ween the methods are hard to determine, choosing the best method for a particular application can be difficult. We have applied several different methods, including Modechart, VFSM, ESTEREL, Basic LOTOS, Z, SDL and C, to an application problem encountered in the design of software for AT&Ts 5ESS® telephone switching system. We have developed a set of criteria for evaluating and comparing the different specification methods. We argue that the evaluation of a method must take into account not only academic concerns, but also the maturity of the method, its compatibility with the existing software development process and system execution environment, and its suitability for the chosen application domain.

Specification-based testing of reactive software: tools and experiments: experience report

To appear in the Proceedings of the International Conference on Software Engineering, May 1997Copyright  1997 by the Association for Computing Machinery, Inc. Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, to republish, to post on servers, or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from Publications Dept, ACM Inc., fax +1 (212) 869-0481, or permissions@acm.org.

A formal approach to reactive systems software: a telecommunications application in ESTEREL

Esterel is a formally-defined language designed for programming reactive systems; namely, those that maintain a permanent interaction with their environment. The AT&T 5ESS® telephone switching system is an example of a reactive system. We describe an implementation in Esterel of one feature of a 5ESS switch; this implementation has been tested in the 5ESS switch simulator. Furthermore, it has been formally verified that this implementation satisfies some safety properties stated by 5ESS software development. Our experience indicates that Esterel is suitable for programming industrial-strength reactive systems, and affords significant advantages in software development over more traditional programming languages used in industrial settings.

Design and implementation of Triveni: a process-algebraic API for threads + events

We describe Triveni, a framework and API for integrating threads and events. The design of Triveni is based on an algebra, including preemption combinators, of processes. Triveni is compatible with existing threads standards, such as Pthreads and Java threads, and with the event models structured on the Observer pattern. We describe the software architecture and algorithms underlying a concrete implementation of Triveni in Java. This environment includes specification based testing of safety properties. The results described in the paper have been used to integrate process-algebraic methods into (concurrent) object orientated programming (C. Colby et al., 1998).

Compiling Modechart specifications

The Modechart specification language is a formalism for the specification of real-time systems. A toolset for specification, analysis and simulation for Modechart specifications exists for supporting the design and construction of real-time systems. This paper introduces a new tool in the toolset: a compiler for a class of Modechart specifications, namely, that of deterministic system specifications, extended by a subclass of the non-deterministic system specifications. The object code that the compiler generates is in ESTEREL, a member of the synchronous family of programming languages for real-time systems. We discuss a broad approach to the implementation of timing specifications, providing a range of implementation options, from the basic time step unrolling of states in ESTEREL, to the use of system timers. The compiler presented herein allows the specifier to obtain a correct implementation of a Modechart program, including timing constraints.

Integrated design tools for hard real-time systems

We propose a toolset for designing real-time systems. The toolset is based on a design methodology for real-time systems. The purpose of a design methodology is to provide a set of procedures and guidelines that, with human intervention and interaction, allow designers to systematically obtain implementations of systems that conform precisely to their design specifications. Our methodology is designed for automation. We present the toolset and case study of the design of a simple VCR system. The methodology is based on a formal model and precise descriptions of the components of the system. The underlying model of our methodology is composed of a control level and a data-flow level that, together with a resource scheduler and the application-specific code, make up the system under design.

The integration of control and dataflow structures in distributed hard real-time systems

The control structure of many real-time applications are naturally described by state machines. However the state transitions of these machines are governed not only by the state of the system and the occurrence of events, but also by their time of occurrence. The control structure of a real-time system determines what computation to perform and the set of timing constraints in effect at all times. The computation performed by the system can then be modeled by a directed graph, where the nodes denote transformations on the data and the edges denote data flow. In this paper we discuss some research issues that arise from the integration of control flow with data flow.<<ETX>>

Specification-based testing of reactive software: a case study in technology transfer

Abstract We describe a case study to transfer a specificationbased testing system from research to practice. We did the case study in two steps: first we conducted a feasibility study in a laboratory setting to estimate the potential costs and benefits of using the system. Next we conducted a usability study in an industrial setting to determine whether it would be effective in practice. Our focus in the laboratory was on the basic technology; our focus in the industrial setting has necessarily been on customizing that technology for a specific application. The feasibility study gave us a cost-effective way to identify general, context-independent issues, while the later industrial experience revealed specific, context-dependent obstacles to the use of our technology.

Achieving high performance sonar-based wall-following

Abstract In this paper we develop a technique to achieve robust high performance real-time wallfollowing behavior of a mobile robot in an indoor office environment, more specifically, in a corridor environment. The mobile robot achieves increasingly better performance by learning the environments (most important) features in successive runs through it. This allows the robot to perform the task repeatedly, reliably, increasing the speed at which it is done after every step, without losing accuracy. We are basing our approach in the Spatial Semantic Hiearchy [Kuipers et. al. 1993].