Michaela Huhn

Timed sequence diagrams and tool-based analysis: a case study

We use UML timed Sequence Diagrams to specify the realtime behaviour of a communication protocol of audio/video components. The Sequence Diagrams build the requirements specification against which an implementation of the protocol developed by the Bang & Olufsen company is proven correct. To obtain a complete requirements specification, we have to mark the UML Sequence Diagrams as optional or mandatory behaviour. Then the Sequence Diagram interactions with their timing constraints and periods are transferred to a setting of timed automata. We use the Uppaal tool for verification. In particular, we show that the implementation of the protocol conforms to the Sequence Diagram specification concerning the correct data transfer on the bus.

Vooduu: Verification of Object-Oriented Designs Using UPPAAL

The Unified Modeling Language (UML) provides sequence diagrams to specify inter-object communication in terms of scenarios. The intra-object behavior is modelled by statechart diagrams. Our tool Vooduu performs an automated consistency check on both views, i.e., it verifies automatically whether a family of UML statecharts modelling a system satisfies a set of communication and timing constraints given as UML sequence diagrams. The front-end of the tool is implemented as a plug-in for a commercial UML tool. For verifying, statecharts and sequence diagrams are translated to the formalism of timed automata. The tool generates temporal logic queries, which depend on an interpretation status for each sequence diagram. The verification is performed by the model checker UPPAAL. The results are retranslated into sequence diagrams. Thus the formal verification machinery is mainly hidden from the user. The tool was applied to a model of the control software of a robot prototype.

Action Refinement and Property Inheritance in Systems of Sequential Agents

For systems of sequential agents the fundamental relations between events — causality and conflict — are naturally connected to a global dependency relation on the systems alphabet. Action refinement as a strictly hierarchical approach to system design should preserve this connection. Then it can be guaranteed that also more complex temporal properties of the refined system are inherited from the abstract level. The behaviour of a system of sequential agents is given in terms of synchronisations structures, a location-based subclass of prime event structures. The action refinement operator inherits causality and conflict according to the dependency relation. To express temporal properties of the systems we use vTrPTL, a linear time temporal logic for Mazurkiewicz traces. The logical framework, based on local modalities and fixpoints, allows to define refinement transformation on formulae. Under certain constraints on the refinement function, satisfaction of a formula for the abstract system turns out to be equivalent to satisfaction of the transformed formula for the refined system.

Generation of Optimized Testsuites for UML Statecharts with Time

abstract We present an approach to automatically generate time-optimized coverage-based testsuites from a subclass of deterministic statecharts with real-time constraints. The algorithms are implemented as a plugin for a standard UML tool (Poseidon for UML). The statecharts are extended to accomplish common and new coverage criteria inspired by the experience of test experts and translated into timed automata. The model checker UPPAAL then searches a trace with the fastest diagnostic trace option which provides the basis for the testsuite.

Embedded systems architecture: evaluation and analysis

Short innovation cycles in software and hardware make architecture design a key issue in future development processes for embedded systems. The basis for architectural design decisions is a transparent architecture evaluation. Our model-based approach supports a uniform representation of hierarchies of quality attributes and an integration of different architecture evaluation techniques and methods. We present a metamodel for architecture evaluation as a basis for the precise description of the quality attribute structure and the evaluation methodology. By modelling architecture evaluation, the relationships between architectural elements and quality attributes and interdependencies between quality attributes can be represented and investigated. Thereby, the architecture exploration process with its evaluations, decisions, and optimizations is made explicit, traceable, and analyzable.

Modellqualität als Indikator für Softwarequalität: eine Taxonomie

ZusammenfassungKomplexität, Anforderungsmanagement und Variantenvielfalt sind zentrale Herausforderungen bei der Entwicklung und Evolution heutiger softwaregesteuerter Systeme. Diesen wird zunehmend durch den Einsatz modellbasierter Entwicklungsmethoden begegnet. Dadurch wird das Modell zum zentralen Artefakt und die Erstellung und Nutzung von Modellen zu einer zentralen Tätigkeit in der Softwareentwicklung. Mit der Bedeutung der Modelle steigen auch die Ansprüche an ihre Qualität. Dieser Beitrag untersucht die Implikationen, die daraus entstehen, insbesondere werden sinnvolle Qualitätsmerkmale für softwarebeschreibende Modelle identifiziert und diskutiert.

Verification Based on Local States

Net unfoldings are a well-known partial order semantics for Petri nets. Here we show that they are well suited to act as models for branching-time logics interpreted on local states. Such local logics (in particular a distributed Μ-calculus) can be used to express properties from the point of view of one component in a distributed system. Local logics often allow for more efficient verification procedures because — in contrast to interleaving branching-time logics — they do not refer to the entire space of global states. We reduce verification of local properties to standard model checking algorithms known for interleaving branchingtime logics. The key is to extract a finite (usually small), local transition system bisimilar to the complete unfolding. The construction is based on the finite prefix of a net unfolding defined by McMillan.

Autonomous agents in organized localities regulated by institutions

This paper proposes a new metaphor for constructing systems of systems: Autonomous Agents in Organized Localities (AAOL). An agent-based approach is used for modeling structure and behavior of complex systems that consist of (semi-)autonomous systems, where goals, resources, capabilities are described locally while a need for superordinated ”global” regulation exists. The notion of organized localities is used to describe spatially or logically constrained spheres of influence of regulation bodies. Agents inhabit — and can move across — localities; regulation rules are modeled via computational norms and enforced by electronic institutions. A key objective of our work is to explore and advance applicability of AAOL to constructing mechatronic systems with (at least soft) real-time constraints. We describe requirements for modeling systems of systems, and outline the key pillars of AAOL: a conceptual architecture and a metamodel providing the basic constructs for describing AAOL-type systems. A case study of a decentrally organized airport transportation infrastructure illustrates the concepts and the feasibility of AAOL-based systems of systems design.

Analysing Dependability Case Arguments Using Quality Models

The Goal Structuring Notation (GSN)[1] facilitates a clear presentation of the argument structure in dependability cases for dependable systems. However, assessment of an argument structure with respect to validity, sufficiency and consistency of argumentation and the provided evidence still strongly depends on individual, tacit expert knowledge. We propose a 2-phase analysis method for argument structures: Firstly, syntactic completeness, consistency, and proper instantiation of argument patterns are examined using a UML profile for GSN and OCL constraints. For the second phase, we propose 2-dimensional quality models to assist the expert in explicitly judging on the conclusiveness of argumentation. A quality model explicitly represents the impact of facts on design activities and software-systems properties relevant for dependability. The impact value aggregates state-of-the-art knowledge and standards recommendations. Missing, negative or conflicting impact indicates impairment of the argument either by revealing a gap in the line of arguments or incompatibilities or opposing principles between decisions or techniques in the process. We show first steps towards the integration of the analysis into model-based tool supported development.

Verifying imprecisely working arithmetic circuits

If real number calculations are implemented as circuits, only a limited preciseness can be obtained. Hence, formal verification cannot be used to prove the equivalence between the mathematical specification based on real numbers and the corresponding hardware realization. Instead, the number representation has to be taken into account in that certain error bounds have to be verified. For this reason, we propose formal methods to guide the complete design flow of these circuits from the highest abstraction level down to the register-transfer level with formal verification techniques that are appropriate for the corresponding level. Hence, our method is hybrid in the sense that it combines different state-of-the-art verification techniques. Using our method, we establish a more detailed notion of correctness that considers beneath the control and data flow also the preciseness of the numeric calculations. We illustrate the method with the discrete cosine transform as a real-world example.