Matthias Tichy

Towards the compositional verification of real-time UML designs

Current techniques for the verification of software as e.g. model checking are limited when it comes to the verification of complex distributed embedded real-time systems. Our approach addresses this problem and in particular the state explosion problem for the software controlling mechatronic systems, as we provide a domain specific formal semantic definition for a subset of the UML 2.0 component model and an integrated sequence of design steps. These steps prescribe how to compose complex software systems from domain-specific patterns which model a particular part of the system behavior in a well-defined context. The correctness of these patterns can be verified individually because they have only simple communication behavior and have only a fixed number of participating roles. The composition of these patterns to describe the complete component behavior and the overall system behavior is prescribed by a rigorous syntactic definition which guarantees that the verification of component and system behavior can exploit the results of the verification of individual patterns.

Tool integration at the meta-model level: the Fujaba approach

Today’s development processes employ a variety of notations and tools, e.g., the Unified Modeling Language UML, the Standard Description Language SDL, requirements databases, design tools, code generators, model checkers, etc. For better process support, the employed tools may be organized within a tool suite or integration platform, e.g., Rational Rose or Eclipse. While these tool-integration platforms usually provide GUI adaption mechanisms and functional adaption via application programming interfaces, they frequently do not provide appropriate means for data integration at the meta-model level. Thus, overlapping and redundant data from different “integrated” tools may easily become inconsistent and unusable. We propose two design patterns that provide a flexible basis for the integration of different tool data at the meta-model level. To achieve consistency between meta-models, we describe rule-based mechanisms providing generic solutions for managing overlapping and redundant data. The proposed mechanisms are widely used within the Fujaba Tool Suite. We report about our implementation and application experiences .

The Fujaba real-time tool suites: model-driven development of safety-critical, real-time systems

More and more complex functionality is today realized with complex, networked, real-time systems. The majority of the costs and time in development is required to design and verify the control software. As these systems are often used in a safety-critical environment, the Fujaba real-time tool suite aims at supporting the model-driven development of correct software for such safety-critical, networked, real-time systems. This paper presents an overview of this Unified Modeling Language (UML) tool, its framework and processes.

Evolution of software in automated production systems

Automated Production Systems (aPS) impose specific requirements regarding evolution.We present a classification of how Automated Production Systems evolve.We discuss the state of art and research needs for the development phases of aPS.Model-driven engineering and Variability Management are key issues.Cross-discipline analysis of (non)-functional requirements must be improved. Coping with evolution in automated production systems implies a cross-disciplinary challenge along the systems life-cycle for variant-rich systems of high complexity. The authors from computer science and automation provide an interdisciplinary survey on challenges and state of the art in evolution of automated production systems. Selected challenges are illustrated on the case of a simple pick and place unit. In the first part of the paper, we discuss the development process of automated production systems as well as the different type of evolutions during the systems life-cycle on the case of a pick and place unit. In the second part, we survey the challenges associated with evolution in the different development phases and a couple of cross-cutting areas and review existing approaches addressing the challenges. We close with summarizing future research directions to address the challenges of evolution in automated production systems. Display Omitted

Model-driven development of reconfigurable mechatronic systems with MECHATRNOIC UML

Today, advanced technical systems are complex, reconfigurable mechatronic systems where most control and reconfiguration functionality is realized in software. A number of requirements have to be satisfied in order to apply the model-driven development approach and the UML for mechatronic systems: The UML design models must support the specification of the required hard real-time event processing. The real-time coordination in the UML models must embed the continuous control behavior in form of feedback-controllers to allow for the specification of discrete and continuous hybrid systems. Advanced solutions further require the dynamic exchange of feedback controllers at run-time (reconfiguration). Thus, a modeling of rather complex interplays between the information processing and the control is essential. Due to the safety-critical character of mechatronic systems, the resulting UML models of complex, distributed systems and their real-time behavior must be verifiable in spite of the complex structure and the embedded reconfigurable control elements. Finally, an automatic code synthesis has to map the specification correctly to code. In this paper, we will present our MECHATRONIC UML approach, which fulfills all these requirements. The approach is motivated and illustrated by means of a running example.

Compositional hazard analysis of UML component and deployment models

The general trend towards complex technical systems with embedded software results in an increasing demand for dependable high quality software. The UML as an advanced object-oriented technology provides in principle the essential concepts which are required to handle the increasing complexity of these safety-critical software systems. However, the current and forthcoming UML versions do not directly apply to the outlined problem. Available hazard analysis techniques on the other hand do not provide the required degree of integration with software design notations. To narrow the gap between safety-critical system development and UML techniques, the presented approach supports the compositional hazard analysis of UML models described by restricted component and deployment diagrams. The approach permits to systematically identify which hazards and failures are most serious, which components or set of components require a more detailed safety analysis, and which restrictions to the failure propagation are assumed in the UML design.

Assessing the State-of-Practice of Model-Based Engineering in the Embedded Systems Domain

Model-Based Engineering (MBE) aims at increasing the effectiveness of engineering by using models as key artifacts in the development process. While empirical studies on the use and the effects of MBE in industry exist, there is only little work targeting the embedded systems domain. We contribute to the body of knowledge with a study on the use and the assessment of MBE in that particular domain. We collected quantitative data from 112 subjects, mostly professionals working with MBE, with the goal to assess the current State of Practice and the challenges the embedded systems domain is facing. Our main findings are that MBE is used by a majority of all participants in the embedded systems domain, mainly for simulation, code generation, and documentation. Reported positive effects of MBE are higher quality and improved reusability. Main shortcomings are interoperability difficulties between MBE tools, high training effort for developers and usability issues.

Component-Based hazard analysis: optimal designs, product lines, and online-reconfiguration

Software plays an important role in the safety of todays systems and is increasingly used to create system with variants in form of product families or systems with online-reconfiguration in a cost-efficient manner. Therefore, the required hazard analysis has to consider not only a concrete system and its embedded software but also the different software configurations. We present several extensions to an existing component-based hazard analysis approach. At first, our approach permits to identify the optimal design variant w.r.t. the probabilities of the considered hazard. As the number of variants in a product family is often enormous, our approach secondly supports the hazard analysis of a whole product family at once. The analysis identifies the variant or combination of variants with the worst hazard probability. Finally, we show that also the hazards of systems with online-reconfiguration can be analyzed using the presented approach.

Design of self-managing dependable systems with UML and fault tolerance patterns

The development of dependable software systems is a costly undertaking. Fault tolerance techniques as well as self-repair capabilities usually result in additional system complexity which can even spoil the intended improvement with respect to dependability. We therefore present a pattern-based approach for the design of service-based systems which enables self-managing capabilities by reusing proven fault tolerance techniques in form of Fault Tolerance Patterns. The pattern specification consists of a service-based architectural design and deployment restrictions in form of UML deployment diagrams for the different architectural services. The architectural design is reused when designing the system architecture. The deployment restrictions are employed to determine valid deployment scenarios for an application. During run-time the same restrictions are at first used to automatically map additional services on suitable nodes. If node crashes are detected, we secondly employ the restrictions to guide the self-repair of the system in such a way that only suitable repair decisions are made.

System Architecture and Risk Management for Autonomous Railway Convoys

The RailCab project envisions autonomous railway vehicles which drive in convoy without mechanical coupling. The RailCabs can dynamically and autonomously build and dissolve convoys. This enables an on-demand use of these vehicles while retaining the cost and ecological advantages of public transport. The development of such system has to be rigorous with respect to safety issues in order to avoid loss of lives and other damages. In this paper we present an overview about the system architecture of the RailCab prototype on the test track as well as the actions to be taken to ensure safe operation.