Mathijs Schuts

Modelling Clock Synchronization in the Chess gMAC WSN Protocol

We present a detailled timed automata model of the clock synchronization algorithm that is currently being used in a wireless sensor network (WSN) that has been developed by the Dutch company Chess. Using the UPPAAL model checker, we establish that in certain cases a static, fully synchronized network may eventually become unsynchronized if the current algorithm is used, even in a setting with infinitesimal clock drifts.

Experiences with a compositional model checker in the healthcare domain

This paper describes the use of a formal method to support component-based development in the healthcare domain. The method is based on a commercial tool suite which combines formal modeling, compositional model checking, and code generation. The main approach of the tool suite will be explained and demonstrated from a user point of view. We report about experiences with this approach at the company Philips Healthcare for the design of control software for advanced interventional X-ray systems. This concerns formal interface definitions between the main system components and detailed design of control components.

Refactoring of Legacy Software Using Model Learning and Equivalence Checking: An Industrial Experience Report

Many companies struggle with large amounts of legacy software that is difficult to maintain and to extend. Refactoring legacy code typically requires large efforts and introduces serious risks because often crucial business assets are hidden in legacy components. We investigate the support of formal techniques for the rejuvenation of legacy embedded software, concentrating on control components. Model learning and equivalence checking are used to improve a new implementation of a legacy control component. Model learning is applied to both the old and the new implementation. The resulting models are compared using an equivalence check of a model checker. We report about our experiences with this approach at Philips. By gradually increasing the set of input stimuli, we obtained implementations of a power control service for which the learned behaviour is equivalent.

Experiences with incorporating formal techniques into industrial practice

We report about experiences at Philips Healthcare with component-based development supported by formal techniques. The formal Analytical Software Design (ASD) approach of the company Verum has been incorporated into the industrial workflow. The commercial tool ASD:Suite supports both compositional verification and code generation for control components. For other components test-driven development has been used. We discuss the results of these combined techniques in a project which developed the power control service of an interventional X-ray system.

Integrating Interface Modeling and Analysis in an Industrial Setting

Precise specification of system component interfaces enables analysis of component behavior and checking of conformance of an implementation to the interface specification. Very often component interfaces are only defined by their signature and without a formal description of the admissible behavior and timing assumptions. In this paper we present a framework named ComMA (Component Modeling and Analysis) that supports model-based engineering (MBE) of high-tech systems by formalizing interface specifications. ComMA provides a family of domain-specific languages that integrate existing techniques from formal behavioral and time modeling and is easily extensible. It contains tools that support different phases of the development process and can be integrated in the industrial way of working. The framework is applied in the context of the family of interventional X-ray machines developed by Philips.

Runtime Monitoring Based on Interface Specifications

Unclear descriptions of software interfaces between components often lead to integration issues during development and maintenance. To address this, we have developed a framework named ComMA (Component Modeling and Analysis) that supports model-based engineering of components. ComMA is a combination of Domain Specific Languages (DSLs) for the specification of interface signatures, state machines to express the allowed interaction behaviour, and constraints on data and timing. From ComMA models a number of artefacts can be generated automatically such as proxy code, visualizations, tests, and simulation models. In this paper, the focus is on the generation of runtime monitors to check interface conformance, including the state machine behaviour and the specified data and time constraints. We report about the development of this approach in close collaboration with the development of medical applications at Philips.

Industrial Application of Domain Specific Languages Combined with Formal Techniques

Two Domain Specific Languages (DSLs) have been developed to improve the development of a power control component of interventional X-ray systems of Philips. Configuration files and test cases are generated from instances of these DSLs. To increase the confidence in these instances and the generators, formal models have been generated to analyse DSL instances and to crosscheck the results of the generators. A DSL instance serves as a single source from which the implementation and the formal analysis models are generated. In this way, it is easy to maintain the formal support in case of changes and for new product releases. We report about our experiences with this approach in a real development project at Philips.

Formalizing the Concept Phase of Product Development

We discuss the use of formal techniques to improve the concept phase of product realisation. As an industrial application, a new concept of interventional X-ray systems has been formalized, using model checking techniques and the simulation of formal models. cop. Springer International Publishing Switzerland 2015.

Industrial Experience with the Migration of Legacy Models using a DSL

Software departments of companies that exist for several decades often have to deal with legacy models. Important business assets have been modelled with tools that are no longer preferred within the company. Manually remodelling these models with a new tool would be too costly. In this paper, we describe an approach to migrate from Rhapsody models to models of another tool. To perform the migration, we created a Domain Specific Language (DSL) that accepts Rhapsody models as instances. A generator of this DSL can then produces model instances for the new tool. To get confidence in the transformation in a pragmatic way, we applied a combination of model learning and equivalence checking. Learning has been applied to both the source code generated by Rhapsody and the code generated by the new tool. The resulting models are compared using equivalence checking.

Improving maintenance by creating a DSL for configuring a fieldbus

The high-tech industry produces complex devices in which software plays an important role. Since these devices have been developed for many decades, an increasing part of the software can be classified as legacy which is difficult to maintain and to extend. To improve the maintainability of legacy components, domain specific languages (DSLs) provide promising perspectives. We present a DSL for creating configuration files that describe the topology of a fieldbus. This DSL improves the maintainability and extensibility of a legacy component. Compared to the current way-of-working, the configuration files generated by the DSL are of higher quality due to the concise representation of DSL instances and additional validation checks. To raise the level of abstraction even more, we have created a second DSL which allows a concise description of system configurations and the generation of topologies.