Jozef Hooman

Modeling and validating distributed embedded real-time systems with VDM++

The complexity of real-time embedded systems is increasing, for example due to the use of distributed architectures. An extension to the Vienna Development Method (VDM) is proposed to address the problem of deployment of software on distributed hardware. The limitations of the current notation are discussed and new language elements are introduced to overcome these deficiencies. The impact of these changes is illustrated by a case study. A constructive operational semantics is defined in VDM++ and validated using VDMTools. The associated abstract formal semantics, which is not specific to VDM, is presented in this paper. The proposed language extensions significantly reduce the modeling effort when describing distributed real-time systems in VDM++ and the revised semantics provides a basis for improved tool support.

Formalizing UML Models and OCL Constraints in PVS

The Object Constraint Language (OCL) is the established language for the specification of properties of objects and object structures in UML models. One reason that it is not yet widely adopted in industry is the lack of proper and integrated tool support for OCL. Therefore, we present a prototype tool, which analyzes the syntax and semantics of OCL constraints together with a UML model and translates them into the language of the theorem prover PVS. This defines a formal semantics for both UML and OCL, and enables the formal verification of systems modeled in UML. We handle the problematic fact that OCL is based on a three-valued logic, whereas PVS is only based on a two valued one.

A Temporal-Logic Based Compositional Proof System for Real-Time Message Passing

We consider a model of real-time network computation in which synchronous communication events occur during (possibly overlapping) intervals along a dense time scale. A specification language for processes and networks based on real-time temporal logic is defined. We give a simple proof system for network specifications when specifications for component processes are given. The proof system is then extended for a version of real-time CSP, under the assumption that all communications take some fixed length of time. Finally, it is shown that this proof system can be modified to allow varying communication lengths. All versions of the proof system are compositional, sound, and relatively complete.

Correct Development of Embedded Systems

This paper provides an overview on the approach of the IST OMEGA project for the development of correct software for embedded systems based on the use of UML as modelling language. The main contributions of the project are the definition of a useful subset of UML and some extensions, a formal dynamic semantics integrating all notations and a tool set for the validation of models based on this semantics.

Supporting UML--based Development of Embedded Systems by Formal Techniques

We describe an approach to support UML-based development of embedded systems by formal techniques. A subset of UML is extended with timing annotations and given a formal semantics. UML models are translated, via XMI, to the input format of formal tools, to allow timed and non-timed model checking and interactive theorem proving. Moreover, the Play-Engine tool is used to execute and analyze requirements by means of live sequence charts. We apply the approach to a part of an industrial case study, the MARS system, and report about the experiences, results and conclusions.

Assertional Specification and Verification Using PVS of the Steam Boiler Control System

An implementation of the steam boiler control system has been derived using a formal method based on assumption/commitment pairs. Intermediate stages of top-down design are represented in a mixed formalism where programs and assertional specifications are combined in a single framework. Design steps can be verified by means of compositional proof rules. This framework has been defined in the specification language of the verification system PVS. By the interactive proof checker of PVS, the correctness of each refinement step has been checked mechanically.

Deductive Verification of UML Models in TLPVS

In recent years, UML has been applied to the development of reactive safety-critical systems, in which the quality of the developed software is a key factor. In this paper we present an approach for the deductive verification of such systems using the PVS interactive theorem prover. Using a PVS specification of a UML kernel language semantics, we generate a formal representation of the UML model. This representation is then verified using tlpvs, our PVS-based implementation of linear temporal logic and some of its proof rules. We apply our method by verifying two examples, demonstrating the feasibility of our approach on models with unbounded event queues, object creation, and variables of unbounded domain. We define a notion of fairness for UML systems, allowing us to verify both safety and liveness properties.

Co-simulation of distributed embedded real-time control systems

Development of computerized embedded control systems is difficult because it brings together systems theory, electrical engineering and computer science. The engineering and analysis approaches advocated by these disciplines are fundamentally different which complicates reasoning about e.g. performance at the system level. We propose a lightweight approach that alleviates this problem to some extent. An existing formal semantic framework for discrete event models is extended to allow for consistent co-simulation of continuous time models from within this framework. It enables integrated models that can be checked by simulation in addition to the verification and validation techniques already offered by each discipline individually. The level of confidence in the design can now be raised in the very early stages of the system design life-cycle instead of postponing system-level design issues until the integration and test phase is reached. We demonstrate the extended semantic framework by co-simulation of VDM++ and bond-graph models on a case study, the level control of a water tank.

Compositional Verification of Real-Time Applications

To support top-down design of distributed real-time systems, a framework of mixed terms has been incorporated in the verification system PVS. Programs and assertional specifications are treated in a uniform way. We focus on the timed behaviour of parallel composition and hiding, presenting several alternatives for the definition of a denotational semantics. This forms the basis of compositional proof rules for parallel composition and hiding. The formalism is applied to an example of a hybrid system, which also serves to illustrate our ideas on platform-independent programming.

Verifying Part of the ACCESS.bus Protocol Using PVS

Based on a compositional framework for the formal specification of distributed real-time systems, we present a method for protocol verification. To be able to deal with realistic examples, the method is supported by the interactive proof checker PVS. In this paper we illustrate our approach by a protocol of the ACCESS.bus which is used for the communication between a computer host and its peripheral devices (e.g., keyboards, mice, joysticks, etc.). The bus supports dynamic reconfiguration while the system is operating. We specify and verify a safety property and a real-time progress property of this industrial example.