Yaroslav S. Usenko

From StoCharts to MoDeST: a comparative reliability analysis of train radio communications

StoCharts have been proposed as a UML statechart extension for performance and dependability evaluation, and have been applied in the context of train radio reliability assessment to show the principal tractability of realistic cases with this approach. In this paper, we extend on this bare feasibility result in two important directions. First, we sketch the cornerstones of a mechanizable translation of StoCharts to MoDeST. The latter is a process algebra-based formalism supported by the MOTOR/MÖBIUS tool tandem. Second, we exploit this translation for a detailed analysis of the train radio case study.

From µCRL to mCRL2 : motivation and outline

We sketch the language mCRL2, the successor of μCRL, which is a process algebra with data, devised in 1990 to model and study the behaviour of interacting programs and systems. The language is improved in several respects guided by the experience obtained from numerous applications where realistic systems have been modelled and analysed. Just as with μCRL, the leading principle is to provide a minimal set of primitives that allow effective specifications, that conform to standard mathematics and that allow standard mathematical manipulations and proof methodologies. In the first place the equational abstract datatypes have been enhanced with higher-order constructs and standard data types, ranging from booleans, numbers and lists to sets, bags and higher-order function types. In the second place multi-actions have been introduced to allow a seamless integration with Petri nets. In the last place communication is made local to enable compositionality.

Synthesis and stochastic assessment of schedules for lacquer production

The Modest modeling language pairs modeling features from stochastic process algebra and from timed and probabilistic automata with light-weight notations such as exception handling. It is supported by the Motor tool, which facilitates the execution and evaluation of Modest specifications by means of the discrete event simulation engine of the Mobius tool. This paper describes the application of Modest, Motor and Mobius to a highly nontrivial case. We investigate the effect of faulty behavior on a hard real-time scheduling problem from the domain of lacquer production. The scheduling problem is first solved using the timed model-checker Uppaal. The resulting schedules are then embedded in a Modest failure model of the lacquer production line, and analyzed with the discrete event simulator of Mobius. This approach allows one to assess the quality of the schedules with respect to timeliness, utilization of resources, and sensitivity to different assumptions about the reliability of the production line.

A process-algebraic approach to hybrid systems

Process algebra is a theoretical framework for the modelling and analysis of the behaviour of concurrent discrete event systems that has been developed within computer science in past quarter century. It has generated a deeper understanding of the nature of concepts such as observable behaviour in the presence of nondeterminism, system composition by interconnection of concurrent component systems, and notions of behavioural equivalence of such systems. It has contributed fundamental concepts such as bisimulation, and has been successfully used in a wide range of problems and practical applications in concurrent systems. We believe that the basic tenets of process algebra are highly compatible with the behavioural approach to dynamical systems. In our contribution we present an extension of classical process algebra that is suitable for the modelling and analysis of continuous and hybrid dynamical systems. It provides a natural framework for the concurrent composition of such systems, and can deal with nondeterministic behaviour that may arise from the occurrence of internal switching events. Standard process algebraic techniques lead to the characterization of the observable behaviour of such systems as equivalence classes under some suitably adapted notion of bisimulation.

Synthesis and stochastic assessment of cost-optimal schedules

We treat the problem of generating cost-optimal schedules for orders with individual due dates and cost functions based on earliness/tardiness. Orders can run in parallel in a resource-constrained manufacturing environment, where resources are subject to stochastic breakdowns. The goal is to generate schedules while minimizing the expected costs. First, we estimate the distribution of each order type by simulation (assuming a reasonable machine/load model) and derive from the cost-function an optimal offset from the due date of each individual order. Second, these optimal offsets are then used to guide the generation of schedules which are responsible to resolve resource conflicts. Third, we evaluate the generated schedules by simulation. The approach is demonstrated by means of a non-trivial case-study from lacquer production. Optimal offsets are derived with the Modest/Möbius tool, schedules are generated using Uppaal Cora. The experimental results show that our approach achieves good results in all considered scenarios, and better results than an approach based on adding slack to processing times.

Analysis of timed processes with data using algebraic transformations

In this paper, we outline a method to describe and analyze real-time systems using timed /spl mu/CRL. Most descriptions of such systems contain operators such as parallel composition that complicate analysis. As a first step towards the analysis of such systems, we linearize the given description using the algorithm from the work of Usenko (2002). The result is a timed linear process equation (TLPE) which is equivalent to the original description and has a very simple structure. Next, we outline how a TLPE can be transformed into an LPE, i.e., a linear process equation without time. This transformation, called time-free abstraction, has been used for non-recursive timed /spl mu/CRL processes in the work of Rieners et al. (2002). Crucial for this transformation is that the TLPE is transformed into a well-timed TLPE. Finally, all time-stamping is captured in the parameters of atomic actions. The result is an LPE for which the machinery of untimed /spl mu/CRL can be put to use for further analysis. These are based on symbolic analysis of the specifications, such as invariants, term rewriting and theorem proving, or on explicit state space generation and model-checking.

Behavioural Analysis of an I2C Linux Driver

Introduction . Formal methods for the analysis of system behaviour offer solutions to problems with concurrency, such as race conditions and deadlocks.We employ two such methods that are presently most applied in industry: model checking and static analysis on a common case study to analyse the behaviour of a Linux driver for I2C (Inter-Integrated Circuit). An industrial client provided us with the source code of the driver for which it was known that it contained defects. Based on the code, some documentation, and feedback by the developers we extracted a model of the device driver. The model was checked using the mCRL2 toolset [3] and some potential defects were revealed which were later confirmed by the developers. The errors were caused by inconsistent use of routines for interrupt enabling and disabling, resulting in unprotected references to shared memory and calls to lower-level functions. In addition, we performed checks with UNO [4], a static analysis tool that works directly with the source code. We employed UNO to statically detect the errors that were found by the dynamic analysis in the model checking phase. Based on our findings, we modified the source code to avoid the discovered potential defects. Although some errors remained unsolved, an improvement was observed in the standard tests that were carried out with our fixed version.

Refinement and Verification Applied to an In-Flight Data Acquisition Unit

In order to optimise maintenance and increase safety, the Royal Netherlands Navy initiated the development of a multi-channel on-board data acquisition system for its Lynx helicopters. This AIDA (Automatic In-flight Data Acquisition) system records usage and loads data on main rotor, engines and airframe. We used refinement in combination with model checking to arrive at a formally verified prototype implementation of the AIDA system, starting from the functional requirements.

A formal analysis of a car periphery supervison system 1

Abstract This paper presents a formal model of the real-time service allocation unit or the Car Periphery Supervision (CPS) system—a case study proposed by Robert Bosch GmbH in the context of the EU IST project AMETIST. The CPS system is a hybrid system, which is modeled in terms of timed automata. It is done by splitting the values of nonlinear continuous variables into £nite set of regions and over-approximating the constraints on continuous variables into clock constraints. Safety properties of the timed model have been veri£ed using UPPAAL. This is a sufficient condition for validating the corresponding safety properties of the initial hybrid system. The difference in time scale between the CPS components have also been taken care of by over-approximating the timed model using the convex-hull over-approximation feature available in UPPAAL.

Towards Formal Verification of ToolBus Scripts

ToolBus allows one to connect tools via a software bus. Programming is done using the scripting language Tscript , which is based on the process algebra ACP. Tscript was originally designed to enable formal verification, but this option has so far not been explored in any detail. We present a method for analyzing a Tscript by translating it to the process algebraic language mCRL2, and then applying model checking to verify behavioral properties.