John Håkansson

UPPAAL 4.0

UPPAAL 4.0 is the result of over two and a half years of development and contains many new features, additions to the modeling language, performance improvements, enhancements and polish to the easy to use graphical user interface, and is accompanied by several open source libraries. The tool and libraries are available free of charge for academic, educational and evaluation purposes from http://www.uppaal.com/. We describe three of the new features: user defined functions, priorities and symmetry reduction

The SAVE approach to component-based development of vehicular systems

The component-based strategy aims at managing complexity, shortening time-to-market, and reducing maintenance requirements by building systems with existing components. The full potential of this strategy has not yet been demonstrated for embedded software, mainly because of specific requirements in the domain, e.g., those related to timing, dependability, and resource consumption. We present SaveCCT - a component technology intended for vehicular systems, show the applicability of SaveCCT in the engineering process, and demonstrate its suitability for vehicular systems in an industrial case-study. Our experiments indicate that SaveCCT provides appropriate expressiveness, resource efficiency, analysis and verification support for component-based development of vehicular software.

SaveCCM : An Analysable Component Model for Real-Time Systems

Component based development is a promising approach for embedded systems. Typical for embedded software is the presence of resource constraints in multiple dimensions. An essential dimension is time, since many embedded systems have real-time requirements. We define a formal semantics of a component language for embedded systems, SaveCCM, a language designed with vehicle applications and safety concerns in focus. The semantics is defined by a transformation into timed automata with tasks, a formalism that explicitly models timing and real-time task scheduling. A simple SaveCCM system with a PI controller is used as a case study. Temporal properties of the PI controller have been successfully verified using the timed automata model checker Uppaal.

Model checking timed automata with priorities using DBM subtraction

In this paper we describe an extension of timed automata with priorities, and efficient algorithms to compute subtraction on DBMs (difference bounded matrices), needed in symbolic model-checking of timed automata with priorities. The subtraction is one of the few operations on DBMs that result in a non-convex set needing sets of DBMs for representation. Our subtraction algorithms are efficient in the sense that the number of generated DBMs is significantly reduced compared to a naive algorithm. The overhead in time is compensated by the gain from reducing the number of resulting DBMs since this number affects the performance of symbolic model-checking. The uses of the DBM subtraction operation extend beyond timed automata with priorities. It is also useful for allowing guards on transitions with urgent actions, deadlock checking, and timed games.

Partial order reduction for verification of real-time components

We describe a partial order reduction technique for a realtime component model. Components are described as timed automata with data ports, which can be composed in static structures of unidirectional control and data flow. Compositions can be encapsulated as components and used in other compositions to form hierarchical models. The proposed partial order reduction technique uses a local time semantics for timed automata, in which time may progress independently in parallel automata which are resynchronized when needed. To increase the number of independent transitions and to reduce the problem of re-synchronizing parallel automata we propose, and show how, to use information derived from the composition structure of an analyzed model. Based on these ideas, we present a reachability analysis algorithm that uses an ample set construction to select which symbolic transitions to explore. The algorithm has been implemented as a prototype extension of the real-time model-checker Uppaal. We report from experiments with the tool that indicate that the technique can achieve substantial reduction in the time and memory needed to analyze a real-time system described in the studied component model.

Component-Based Design and Analysis of Embedded Systems with UPPAAL PORT

uppaal port is a new tool for component-based design and analysis of embedded systems. It operates on the hierarchically structured continuous time component modeling language SaveCCM and provides efficient model-checking by using partial-order reduction techniques that exploits the structure and the component behavior of the model. uppaal port is implemented as an extension of the verification engine in the uppaal tool. The tool can be used as back-end in to the Eclipse based SaveCCM integrated development environment, which supports user friendly editing, simulation, and verification of models.

Save-IDE: An Integrated Development Environment for Building Predictable Component-Based Embedded Systems

In this paper we present an Integrated Development Environment Save-IDE, a toolset that embraces several tools: a tool for designing component-based systems and components, modeling and predicting certain run-time properties, such as timing properties, and transforming the components to real-time execution elements. Save-IDE is specialized for the domain of dependable embedded systems, which in addition to standard design tools requires tool support for analysis and verification of particular properties of such systems.

Generating online test oracles from temporal logic specifications

This paper is concerned with the problem of checking, by means of testing, that a software component satisfies a specification of temporal safety properties. Checking that an actual observed behavior conforms to the specification is performed by a test oracle, which can be either a human tester or a software module. We present a technique for automatically generating test oracles from specifications of temporal safety properties in a metric temporal logic. The logic can express quantitative timing properties, and can also express properties of data values by means of a quantification construct. The generated oracle works online in the sense that checking is performed simultaneously with observation. The technique has been implemented and used in case studies at Volvo Technical Development Corporation .

Analyzing a Pattern-Based Model of a Real-Time Turntable System

Designers of industrial real-time systems are commonly faced with the problem of complex system modeling and analysis, even if a component-based design paradigm is employed. In this paper, we present a case-study in formal modeling and analysis of a turntable system, for which the components are described in the SaveCCM language. The search for general principles underlying the internal structure of our real-time system has motivated us to propose three modeling patterns of common behaviors of real-time components, which can be instantiated in appropriate design contexts. The benefits of such reusable patterns are shown in the case-study, by allowing us to produce easy-to-read and manageable models for the real-time components of the turntable system. Moreover, we believe that the patterns may pave the way toward a generic pattern-based modeling framework targeting real-time systems in particular.