Kozo Okano

Synthesis of protocol entities specifications from service specifications in a Petri net model with registers

In general, the services of a distributed system are provided by some cooperative protocol entities. The protocol entities must exchange some data values and synchronization messages in order to ensure the temporal ordering of the events which are described in a service specification of the distributed system. It is desirable that a correct protocol entity specification for each node can be derived automatically from a given service specification. In this paper, we propose an algorithm which synthesizes a correct protocol entity specification automatically from a service specification in a Petri Net model with Registers called PNR model. In our model, parallel events and selective operations can be described naturally. The control flow of a service specification must be described as a free-choice net in order to simplify the derivation algorithm, however, many practical systems can be described in this class. In our approach, since each protocol entity specification is also described in our PNR model, we can easily understand what events can be executed in parallel at each protocol entity.

Protocol synthesis from time Petri net based service specifications

Some methods for deriving protocol specifications from given service specifications with time constraints have been proposed. However, existing methods cannot treat the class of service specifications with both parallel synchronization and data values. They also assume that all clocks in the distributed system are synchronized. We propose an algorithm to derive a correct protocol specification automatically from a given service specification described in an extended model of time Petri nets where the above restrictions are eliminated. Using our method, we will be free from considering the details of communication delays on the design of real-time distributed systems.

Verification of Timeliness QoS Properties in Multimedia Systems

One of the main challenges of the design of object-based Distributed Multimedia Systems is to address the performance related issues such as the Quality of Service (QoS). The specification of QoS is a crucial part of architectural object-based methods such as Open Distributed Processing (ODP). In the ODP, a QoS property assigned to an object is modelled via two clauses of required and provided QoS statements, which specify the level of QoS required/provided by an object from/to its environment, respectively. An over-demanding QoS statement can be beyond the physical limitation of the system and might result in inconsistencies. In particular, to produce a correct design, it is crucial to study the effect of QoS statements of components on the overall behaviour of the system in earlier stages of the design.

Specification of real-time systems using a timed automata model with shared variables and verification of partial-deadlock freeness

We propose a timed automata model with shared variables (TASV). A TASV is a set of extended timed automata (ETAs) with shared boolean variables. For this model, we propose (I) an algorithm which decides whether a given TASV is partial-deadlock free, and (2) a sufficient condition that we can efficiently prove a given TASV is partial-deadlock free. Each ETA in a TASV can access to /modify, shared boolean variables independently. By constructing a tuple automaton for all ETAs in a given TASV we can decide the existence of deadlocks. However, such an approach causes the state explosion problem. Our algorithm and our proposed sufficient condition reduce the possibility of the state explosion by dividing the ETAs into some sets and proving their partial-deadlock freeness independently.

An Evaluation Mechanism for QoS Management in Wireless Systems

The evaluation of QoS requirements is one of the critical functions that span both the design and the run-time phases of QoS management. This paper presents an architecture for QoS evaluation and admission control, based on the modelling of both system behaviour and QoS requirements. Two aspects are considered. The first refers to QoS management, and to the component-based architecture for QoS evaluation. The second relates to the approach and its illustration by a case study, based on a personal area network. The proposed approach relies on the instantiation of models for representing both the behaviour and the QoS aspects of the system in terms of timed automata. The compatibility of the evaluation mechanism with architectures with a defined role for a QoS manager, such as ITSUMO, is also highlighted

Testing deadlock-freeness in real-time systems: a formal approach

A Time Action Lock is a state of a Real-time system at which neither time can progress nor an action can occur. Time Action Locks are often seen as signs of errors in the model or inconsistencies in the specification. As a result, finding out and resolving Time Action Locks is a major task for the designers of Real-time systems. Verification is one of the methods of discovering deadlocks. However, due to state explosion, the verification of deadlock freeness is computationally expensive. The aim of this paper is to present a computationally cheap testing method for Timed Automata models and pointing out any source of possible Time Action Locks to the designer. We have implemented the approach presented in the paper, which is based on the geometry of Timed Automata, via a Testing Tool called TALC (Time Action Lock Checker). TALC, which is used in the conjunction with the model checker UPPAAL, tests the UPPAAL model and provides feedback to the designer. We have illustrated our method by applying TALC to a model of a simple communication protocol.

Bidirectional Translation between OCL and JML for Round-Trip Engineering

In recent years, Model-driven development (MDD) based techniques have emerged, and thus translation techniques such as translation from Object Constraint Language (OCL) to Java Modeling Language (JML) have gained much attention. We have been studying not only translation techniques from OCL to JML but also from JML to OCL in order to support Round-trip Engineering (RTE). Two directions of translation among OCL and JML are performed independently without considering unified and iterative translations in our previous work. For an OCL statement and another OCL statement which is obtained from a JML statement which was translated from the original OCL, our previous framework preserves only the meaning of the two statements, however, the forms of the OCL statements may change. It prevents us from RTE-based development. This paper proposes a translation technique between OCL and JML maintaining OCL code by describing their original forms in the comment area of the target languages. Our implementation has been evaluated on two projects used in our previous work and also seven additional open source projects.

Verification of Spatio-Temporal Role Based Access Control using Timed Automata

The verification of Spatio-Temporal Role Based Access Control policies (STRBAC) during the early development life cycle improves the security of the software. It helps to identify inconsistencies in the Access Control policies before proceeding to other phases where the cost of fixing defects is augmented. This paper proposes a formal method for an automatic analysis of STRBAC policies. It ensures that the policies are consistent and conflict-free. The method proposed in this paper makes the use of Timed Automata to verify the STRBAC policies. This is done by translating the STRBAC model into Timed Automata, and then the produced Timed Automata is implemented and verified using the model checker UPPAAL. This paper presents a security query expressed using TCTL to detect inconsistency caused due to the interaction between STRBAC policies. With the help of an example, this paper shows how we convert STRBAC model to Timed Automata models and verify the resulting models using the UPPAAL to identify an erroneous design.

Improvement of a Visualization Technique for the Passage Rate of Unit Testing and Static Checking and Its Evaluation

Software visualization has attracted lots of attention. The techniques fall into two categories: visualization of software component relationships and visualization of software metrics.We have already proposed a hybrid method based on both of the two categories. The proposed method visualizes coincidence between specification and implementation from two aspects: static checking and ordinal testing by test suites. Each of the verification is performed in a method or function basis (unit testing). In the method, each ratio of the coincidence is shown by pie charts which represent classes of the target software. Whole software is represented in a weighted digraph structure.In this paper, we propose Priority Layout to emphasize important classes, and implemented our method into a tool. We have evaluated time in finding bug at source code and test cases between using Priority Layout, ISOM Layout and uncomplicated tables instead of graphs. As a result, time in finding bug at source code and test cases by proposed graph are a half of it using table.

A Visualization Technique for the Passage Rates of Unit Testing and Static Checking with Caller-Callee Relationships

Software visualization has attracted lots of attention. The techniques fall into two categories: visualization of software component relationships and visualization of software metrics. We propose a new hybrid method based on both of the two categories. The proposed method visualizes coincidence between specification and implementation from two aspects: static checking and ordinal testing by test suites. Each of the verification is performed in a method or function basis (unit testing). In our method, each ratio of the coincidence is shown by pie charts which represent classes of the target software. Whole software is represented in a weighted digraph structure. We have prototyped a tool implemented our proposed method. We have evaluated the availability of the proposed method by applying the tool to two kinds of software: Warehouse Management Program, and a telephone directory management program. As a result, we conclude that the proposed method shows informative results.