基于着色时间Petri网的实时系统的形式验证

嵌入式实时系统多数应用在安全性要求较高的场合,因此需要保证系统的正确性.复杂性不断增加的实时系统迫切需要在系统开发早期引入形式化分析技术来验证系统的期望性质.时间Petri网是有严格数学基础的图形表达工具,适合对实时系统建模;时间自动机(Timed Automata,TA)有成熟的验证工具,被广泛用于实时系统的模型检验和验证.本文提出一种基于着色时间Petri网(Colored Time Petri Net,CTPN)的实时系统的验证方法,用CTPN对带有控制流和数据流的实时系统建模,通过转换规则将CTPN模型转换成语义等价的TA模型,利用模型检验工具UPPAAL验证系统的性质.最后,用实例证明此方法有效.     

基于时间自动机的实时系统建模及验证

实时系统必须在一个事先定义好的时间限制内对来自外部或内部的事件进行响应,如何有效验证实时模型的正确性和安全性是一个难点.文章通过多个时间自动机来模拟实时系统中的各个对象,并用UPPAAL对模型进行验证,减少了模型验证的状态搜索空间,为实时嵌入式系统开发和验证提供了一种可行、安全的控制机制.实验结果显示了系统的有效性.     

模拟实时系统的点区间优先级时间Petri网与TCTL验证

时间Petri网为实时系统提供了一种形式化的建模方法, 时间计算树逻辑(TCTL)为描述实时系统与时间相关的设计需求提供了一种逻辑化的表达方式, 因此基于时间Petri网的TCTL模型检测广泛应用于实时系统的正确性验证.然而对于一些涉及优先级的实时系统, 例如多核多任务实时系统, 这里不仅需要考虑任务之间的时间约束还要考虑任务执行的优先级以及引入优先级带来的抢占式调度问题, 致使相应的建模和分析变得更加困难.为此, 本文提出了点区间优先级时间Petri网, 通过在时间Petri网上定义变迁发生的优先级以及变迁的可挂起性, 从而可以模拟实时系统的抢占式调度机制, 即首先高优先级的任务抢占低优先级的任务所占用的资源, 导致后者被中断, 然后前者执行完毕后释放资源, 最后后者再次获得资源从中断的地方恢复.本文通过点区间优先级时间Petri网来模拟多核多任务实时系统, 使用TCTL来描述它们的设计需求, 设计了相应的模型检测算法, 开发了相应的模型检测器以验证它们的正确性.我们通过一个实例来说明我们的模型和方法的有效性.     

并行与分布硬实时系统的调度

一、前言实时系统是工作在时间约束下的系统,与一般计算机系统的主要区别是引入了时间概念,这大大地影响了系统的设计、验证和实现。实时系统不但要保证计算结果的逻辑正确性,而且要在规定的时间内完成计算。如果某个实时任务没有按时完成,则可能导致整个系统失败,甚至引起灾难性后果。这类实时系统被称为硬实时(hard real-time)系统。例如,核电厂或导弹控制系统等。因此硬实时系统的调度理     

多处理器实时系统可调度性分析的UPPAAL模型

随着多处理器实时系统在安全性攸关系统中的广泛应用,保证这类系统的正确性成为一项重要的工作.可调度性是实时系统正确性的一项关键性质.它表示系统必须满足的一些时间要求.传统的可调度性分析方法结论保守或者不完备,为了避免这些方法的缺陷,提出使用模型检测的方法来实现可调度性分析.提出了一个用于多处理器实时系统可调度性分析的模板,将与系统可调度性相关的部分包括实时任务、运行平台和调度管理模块都用时间自动机建模,并使用UPPAAL验证可调度的性质是否总被满足.符号化模型检测方法被用于推断可调度性,但是由于秒表触发的近似机制,符号化模型检测方法不能用于证明系统不可调度.作为补充,统计模型检测方法被用于估算系统不可调度的概率,并在系统不可调度时生成反例.此外,在系统可调度时,通过统计模型检测方法获取一些性能相关的信息.     

基于模型驱动的实时嵌入式系统

随着实时嵌入式系统的功能越来越复杂,现有的软硬件分离、软硬件协调等实时系统设计方法已经无法满足其系统实现的要求.本文根据模型驱动开发架构MDA和模型集成开发MIC的核心思想,将时间语义结合服务体/执行流（Servant/Exe-Flow Model,简称SEFM）模型,提出了一种基于模型驱动的实时系统设计方法.首先,本文给出了SEFM模型的元模型表达系统的抽象语义,同时使用XML语言和框图语言来描述SEFM模型的具体语法.结合XML解析技术,根据同一抽象语法的不同具体语法能够相互转化,实现了框图语言的代码生成,最后以实时跟车系统设计方案表明该系统实现方法的可行性和正确性.     

基于线性时序逻辑的实时系统模型检查

模型检查是一种用于并发系统的性质验证的算法技术.LTLC(linear temporal logic with clocks)是一种连续时间时序逻辑,它是线性时序逻辑LTL的一种实时扩充.讨论实时系统关于LTLC公式的模型检查问题,将实时系统关于LTLC公式的模型检查化归为有穷状态转换系统关于LTL公式的模型检查,从而可以利用LTL的模型检查工具来对LTLC进行模型检查.由于LTLC既能表示实时系统的性质,又能表示实时系统的实现,这就使得时序逻辑LTLC的模型检查过程既能用于实时系统的性质验证,又能用于实时系统之间的一致性验证.     

实时人工智能的研究

1 引言随着实时技术的发展,实时系统对制造、控制、运输、太空、机器人和军事系统起着越来越关键性的作用。实时系统是工作在时间约束下的系统,它与一般的计算机系统有本质的区别。实时系统不但要保证计算结果的逻辑正确性,而且必需在截止期内完成任务。在硬实时系统中,如果实时任务没有在规定的截止期内     

车用定速器系统的系统级设计方法研究

实时系统的性能(如实现成本,满足时间约束的能力)很大程度上取决于设计人员的早期决策。本文首先提出一种新的异构实时系统的系统级设计方法。新方法能够帮助设计人员迅速确定适当的系统结构并实现功能划分。然后,本文以车用定速器系统前期设计为例,证明了通过新方法确定的实时系统结构不仅能够满足时间约束,并且能够实现系统资源的最优化。     

基于UML的面向方面的实时系统建模方法

利用基于UML的面向方面编程(AOP)技术来建模实时系统,把实时关注从系统中分离出来,形成一个独立于系统的时间方面,实现时间方面的并发设计和系统时间特性的统一管理。AOP技术允许把设计好的时间方面根据需要重新织入系统,组合为实时系统。模型从系统的静态结构模型、动态行为模型和时间方面的织入等几部分来建模实时系统,并扩展了UML来表达AOP技术和时间概念,提高软件的重用性。一个电梯控制系统例子用来说明了这种建模方法。     

基于函数式语义的循环和递归程序结构通用证明技术

各类安全攸关系统的可靠运行离不开软件程序的正确执行.程序的演绎验证技术为程序执行的正确性提供高度保障.程序语言种类繁多,且用途覆盖高可靠性场景的新式语言不断涌现,难以为每种语言设计支撑其程序验证任务的整套逻辑规则,并证明其相对于形式语义的可靠性和完备性.语言无关的程序验证技术提供以程序语言的语义为参数的验证过程及其可靠性结果.对每种程序语言,提供其形式语义后可直接获得面向该语言的程序验证过程.提出一种面向大步操作语义的语言无关演绎验证技术,其核心是对不同语言中循环、递归等可导致无界行为的语法结构进行可靠推理的通用方法.特别地,借助大步操作语义的一种函数式形式化提供表达程序中子结构所执行计算的能力,从而允许借助辅助信息对子结构进行推理.证明所提出验证技术的可靠性和相对完备性,通过命令式、函数式语言中的程序验证实例初步评估了该技术的有效性,并在Coq辅助证明工具中形式化了所有理论结果和验证实例,为基于辅助证明工具实现面向大步语义的语言无关程序验证工具提供了基础.     

: A distributed real-time logic language

This paper presents a new language that integrates the real-time and distributed paradigms within the framework of a concurrent logic language. Concurrent logic languages (CLLs) are capable of expressing concurrence, communication and nondeterminism in a natural way. That is, the intrinsic parallel semantics of the concurrent logic languages makes them well-suited for distributed programming. The proposed language is particularly suitable for loosely coupled systems and it contains mechanisms for distributed and real-time process control. A new execution model for concurrent logic languages is presented, which enables efficient distributed execution and real-time control. The model is introduced by giving an operational semantics for the language and the new model's implementation is discussed, including the definition of a new abstract machine and its implementation on a network of Unix workstations. Although the sequential core is not optimized, some previous results are discussed, showing the feasibility of the language's execution model for distributed real-time systems. The language is currently being used as the kernel language for a distributed simulation and validation tool for communication protocols.     

: A distributed real-time logic language

This paper presents a new language that integrates the real-time and distributed paradigms within the framework of a concurrent logic language. Concurrent logic languages (CLLs) are capable of expressing concurrence, communication and nondeterminism in a natural way. That is, the intrinsic parallel semantics of the concurrent logic languages makes them well-suited for distributed programming. The proposed language is particularly suitable for loosely coupled systems and it contains mechanisms for distributed and real-time process control. A new execution model for concurrent logic languages is presented, which enables efficient distributed execution and real-time control. The model is introduced by giving an operational semantics for the language and the new model's implementation is discussed, including the definition of a new abstract machine and its implementation on a network of Unix workstations. Although the sequential core is not optimized, some previous results are discussed, showing the feasibility of the language's execution model for distributed real-time systems. The language is currently being used as the kernel language for a distributed simulation and validation tool for communication protocols.     

Compiling real-time programs with timing constraint refinement andstructural code motion

We present a programming language called TCEL (Time-Constrained Event Language), whose semantics are based on time-constrained relationships between observable events. Such a semantics infers only those timing constraints necessary to achieve real-time correctness, without overconstraining the system. Moreover, an optimizing compiler can exploit this looser semantics to help tune the code, so that its worst-case execution time is consistent with its real-time requirements. In this paper we describe such a transformation system, which works in two phases. First, the TCEL source code is translated into an intermediate representation. Then an instruction-scheduling algorithm rearranges selected unobservable operations and synthesizes tasks guaranteed to respect the original event-based constraints     

面向逻辑执行时间模型的Minicore的内存管理

随着实时系统在时间关键和安全关键的行业的广泛应用,程序的时间属性受到越来越广泛的关注. Henzinger提出了LET(Logical Execution Time)编程模型,提供了明确描述时间属性的机制,确保了系统的时间确定性.但传统的实时操作系统模型采用了与LET截然不同的抽象,难以很好地支持LET编程模型. Minicore是一种新型操作系统模型,程序由一组内部没有同步点的服务组成,具有较好的时间确定性和可控性,与LET编程模型的思想更吻合.将LET的控制模型和Minicore的运行模型相结合,可形成一种具有时间确定性的新型编程框架.主要描述了该框架的内存管理机制的设计和实现.文末以智能小车控制系统的实现作为研究实例验证本系统的可行性.     

T-Minicore嵌入式时间可预测操作系统的设计与实现

目前学术界对时间可预测性尚无统一定义,而时间可预测系统研究也主要集中在体系结构层和编程语言层。根据目前认可度较高的时间可预测性定义,提出对时间可预测性系统进行粒度划分,并基于执行流服务体操作系统模型提出满足LET模型的服务粒度时间可预测操作系统T-Minicore。之后通过理论分析证明了改进的通信方式具有时间可预测性,最后通过实验证明运行在该操作系统上的应用具有时间可预测性特性。     

Linear Approximation of Execution-Time Constraints

This paper defines an algorithm for predicting worst-case and best-case execution times, and determining execution-time constraints of control-flow paths through real-time programs using their partial correctness semantics. The algorithm produces a linear approximation of path traversal conditions, worst-case and best-case execution times and strongest postconditions for timed paths in abstract real-time programs. Also shown are techniques for determining the set of control-flow paths with decidable worst-case and best-case execution times. The approach is based on a weakest liberal precondition semantics and relies on supremum and infimum calculations similar to standard computations from linear programming and Presburger arithmetic. The methodology is applicable to any executable language with a predicate transformer semantics and hence provides a verification basis for both high-level language and assembly code execution-time analysis.     

SEMANOL (73) a metalanguage for programming the semantics of programming languages

Summary SEMANOL is a practical programming system for writing readable formal specifications of the syntax and semantics of programming languages. SEMANOL is based on a theory of semantics which embraces algorithmic (operational) and extensional (input/output) semantics. Specifications for large contemporary languages have been constructed in the formal language, SEMANOL (73), which is a readable high-level notation. A SEMANOL (73) specification can be executed (by an existing interpreter program); when given a program from the specified language, and its input, the execution of the SEMANOL (73) specification produces the program's output. The demonstrated executability of SEMANOL (73) provides important practical advantages. This paper includes discussions of the theory of semantics underlying SEMANOL, the syntax and semantics of the SEMANOL (73) language, the use of the SEMANOL (73) language in the SEMANOL method for describing programming languages, and the contrast between the Vienna definition method (VDL) and SEMANOL.     

Actor languages their syntax, semantics, translation, and equivalence

In this paper we present two actor languages and a semantics preserving translation between them. The source of the translation is a high-level language that provides object-based programming abstractions. The target is a simple functional language extended with basic primitives for actor computation. The semantics preserved is the interaction semantics of actor systems — sets of possible interactions of a system with its environment. The proof itself is of interest since it demonstrates a methodology based on the actor theory framework for reasoning about correctness of transformations and translations of actor programs and languages and more generally of concurrent object languages.     

Early experience with the Visual Programmer's WorkBench

The Visual Programmer's WorkBench (VPW) addresses the rapid synthesis and customization of environments for the specification, analysis, and execution of visual programs. The goal of VPW is to enable the easy creation of environments for visual languages. The design of VPW and experience using it to generate a distributed programming environment for a concurrent visual language are described. A visual programming environment for the PetriFSA language generated with VPW is outlined. An overview is provided of the language definition model and its relation to the logical architecture of VPW. Details are given of the language specifications used in VPW, and its application in defining the PetriFSA language. A language-based environment for a specific visual language is generated in VPW from a specification of the syntactic structure, the abstract structure, the static semantics, and the dynamic semantics of the language. VPW is built around a model of distributed processing based on a shared distributed memory. This framework is used in defining the architecture of the environment and for the execution model of visual languages