Clock constraint specification language: specifying clock constraints with UML/MARTE

The Object Management Group (OMG) unified modeling language (UML) profile for modeling and analysis of real-time and embedded systems (MARTE) aims at using the general-purpose modeling language UML in the domain of real-time and embedded (RTE) systems. To achieve this goal, it is absolutely required to introduce inside the mainly untimed UML an unambiguous time structure which MARTE model elements can rely on to build precise models amenable to formal analysis. The MARTE Time model has defined such a structure. We have also defined a non-normative concrete syntax called the clock constraint specification language (CCSL) to demonstrate what can be done based on this structure. This paper gives a brief overview of this syntax and its formal semantics, and shows how existing UML model elements can be used to apply this syntax in a graphical way and benefit from the semantics.     

模型驱动的嵌入式系统设计安全性验证方法研究

基于模型的嵌入式系统安全性分析与验证方法是近年来在安全攸关系统工程领域中出现的一个重要研究热点。提出一种基于模型驱动架构的面向SysML/MARTE状态机的系统安全性验证方法,具体包括:构建了具备SysML/MARTE扩展语义的状态机元模型,以及安全性建模与分析语言AltaRica的语义模型GTS的元模型;然后建立了从SysML/MARTE状态机模型分别到时间自动机模型以及AltaRica模型的语义映射模型转换规则,并基于AMMA平台和时间自动机验证工具UPPAAL设计实现了对SysML/MARTE状态机的模型转换与系统安全性形式化验证的框架。最后给出了一个飞机着陆控制系统设计模型的安全性验证实例分析。     

基于MARTE模型的系统可靠性预测

系统的可靠性是系统的重要非功能属性之一。传统的可靠性分析在系统开发结束后进行,可能会发现由于系统开发早期的架构设计不合理而导致的问题,这时再修改系统架构并重做后继开发步骤,将会浪费大量人力和物力。如果能在开发的早期阶段,在系统模型层面进行分析并预测,则可以尽早地发现系统可靠性方面的问题并将其修复。UML是一种通用的、标准化的建模语言,MARTE是UML在嵌入式实时系统领域的扩展。提出了基于MARTE模型的系统可靠性预测方法,该方法考虑的MARTE模型包括用例图、活动图、部署图。先将MARTE模型转换为马尔可夫决策过程网络模型,再利用概率模型检测工具PRISM进行分析,得到系统可靠性的预测结果。实例研究表明,所提方法不仅能够预测系统可靠性的最大值和最小值,还能通过调整各个资源的可靠性值,考察其对系统可靠性的影响,为设计人员的进一步工作提供参考。     

基于MDE的异构模型转换:从MARTE模型到FIACRE模型

通过研究一个具有代表性的UML/MARTE(unified modeling language/modeling and analysis of real timeand embedded systems)模型向FIACRE(intermediate format for the architectures of embedded distributed components)形式模型的转换实例,探讨了异构模型之间在语义和语法层的相互转换问题.在语义层,通过模型转换技术构造语义映射规则,实现元语言之间的转换;在语法层,通过构造元模型的具体语法,反映元语言的语法规则,从而产生目标模型的程序实体.基于此实例研究,探讨了通用转换途径的相关框架和关键技术,并讨论了转换工作的优缺点和实 用性.     

变计时过程ö变迁网模型及其应用研究

基于过程运行的离散标识(逻辑变量)和剩余时间连续标识(时间变量)，提出一种新的混合标识过程／变迁网——变计时过程／变迁网模型．基于该模型，混杂动力学系统离散事件的实时监控、连续子过程的实时调度等问题可得到有效解决．     

Towards a Formal Semantics for UML/MARTE State Machines Based on Hierarchical Timed Automata

UML is a widely-used,general purpose modeling language.But its lack of a rigorous semantics forbids the thorough analysis of designed solution,and thus precludes the discovery of significant problems at design time.To bridge the gap,the paper investigates the underlying semantics of UML state machine diagrams,along with the time-related modeling elements of MARTE,the profile for modeling and analysis of real-time embedded systems,and proposes a formal operational semantics based on extended hierarchical timed automata.The approach is exemplified on a simple example taken from the automotive domain.Verification is accomplished by translating designed models into the input language of the UPPAAL model checker.     

LDPChecker一个实时和混成系统模型检验工具

混成系统是一类复杂系统,线性混成系统作为其重要子类,在形式方法中,人们通常使用线性混成自动机来对它建模．虽然线性混成自动机的模型检验问题总的来说还是不可判定的,但对于其中的正环闭合自动机．其对于线性时段性质的满足性能够通过线性规划方法加以检验．为了实现自动检验正环闭合自动机对线性时段性质的满足性,设计并实现了工具LDPChecker．工具LDPChecker能够识别正环闭合自动机并对其进行相应的检验,其主要特色在于它能够对实时和混成系统检验包含可达性在内的许多实时性质,并且能够自动给出诊断信息．     

Formalizing real-time scheduling using priority-based supervisory control of discrete-event systems

In this note, we formalize real-time task scheduling by applying an extension of supervisory control theory (SCT) of discrete-event systems to real-time models. The set of all possible timed traces of the system is specified by a discrete timed automaton where each transition is associated with an event occurrence or the passage of one unit of time. We introduce priorities to SCT, and apply them to the setting of discrete timed automata in order to develop a formal and unified framework for task scheduling on a single CPU.     

基于SMT的时钟约束语言CCSL的形式化分析方法与工具

时钟约束语言CCSL是一种用于描述实时嵌入式系统中事件之间约束的形式化语言.它是UML针对实时嵌入式系统建模的扩展包MARTE （Modeling and Analysis of Real-Time and Embedded systems）中用于对时间建模的一个子语言.给定一组由CCSL定义的时钟约束条件,需要判断是否存在某种调度策略满足约束,是否所有满足这些约束的行为都不会导致系统死锁等分析.针对CCSL的形式化分析目前已经有一定的研究工作,如基于状态迁移系统与时间自动机的方法等.但这些方法要么只针对某种特定的分析,要么只适用于部分CCSL约束,要么分析效率较低.本文提出一种基于SMT的统一且高效的CCSL形式化分析方法.统一性体现在其可用于有效性证明、迹分析、死锁检测、LTL模型检测等方面的验证与分析.基于该方法开发了原型工具同时支持上述四种验证功能.工具集成了当前最高效的SMT求解器Z3和CVC4.得益于SMT求解器的高效性,实验中大部分的验证可以在短时间内完成.     

基于MDA的实时软件资源建模与模型转换的方法

模型驱动体系结构(MDA)是一种以模型为中心的软件开发框架,其本质是元建模与模型转换。提出了一种基于MDA的实时软件资源建模与模型转换的方法。首先通过元建模抽象出包含资源信息的MARTS元模型以及价格时间自动机的元模型;然后利用模型转换语言ATL对MARTS元模型和价格时间自动机元模型构造转换规则,通过将对应的实例模型进行相互转换,实现在MDA下MAR"I'E模型到价格时间自动机模型的转换;最后通过形式化工具UPPAAL对模型转换结果进行形式化验证。实例分析表明了该方法的可行性与有效性,它能够提高实时软件资源建模的可信性。     

On Hybrid Petri Nets

Petrinets (PNs) are widely used to model discrete event dynamic systems(computer systems, manufacturing systems, communication systems,etc). Continuous Petri nets (in which the markings are real numbersand the transition firings are continuous) were defined morerecently; such a PN may model a continuous system or approximatea discrete system. A hybrid Petri net can be obtained if onepart is discrete and another part is continuous. This paper isbasically a survey of the work of the authors' team on hybridPNs (definition, properties, modeling). In addition, it containsnew material such as the definition of extended hybrid PNs andseveral applications, explanations and comments about the timingsin Petri nets, more on the conflict resolution in hybrid PNs,and connection between hybrid PNs and hybrid automata. The paperis illustrated by many examples.     

混合系统剖析,描述与建模

混合系统是一种离散和连续构件交织的系统。通常以微分方程为连续模型，以离散事件系统或自动机为离散模型。通过分析混合系统的微观结构，文中提出了面向系统设计的描述语言ＤＤＬ。它能直观、精确刻画混合现象，方便设计决策描述，而且通过控制器符号与系统指称约束的延迟，为系统设计带来很大的灵活性。由ＤＤＬ描述的混合系统，经内部通信隐藏和系统单步协调积，可转换为混合变迁系统。     

无人机飞控软件系统建模与测试用例生成研究

软件规模与复杂度的迅速增长已成为设计与检验现代高质量无人机飞行控制软件(FCS)系统的重要挑战。采用模型驱动工程(MDE)的框架,使用嵌入式实时系统建模语言(MARTE)建立起某型无人机飞控软件系统的模型,给出了基于时间自动机的系统动态行为的形式化模型实例;结合无人机FCS系统的应用背景,建立了基于时间自动机模型的测试用例生成方法,包括建立测试用例生成框架、测试用例生成规则以及用例生成策略等;对某型无人机飞控软件系统中的主控模块进行了建模与测试用例生成的实例分析研究。     

Formal verification of SysML diagram using case studies of real-time system

System and software engineers use SysML models for the graphical modeling of the embedded systems. The SysML models are inadequate to express the discrete controllers with continuously evolving variables. The real-time constraints such as discrete and continuous dynamics are considered to be an important aspect in embedded systems. The lack of support of real-time aspect in SysML model can lead to inexplicit modeling of the embedded systems. The imprecise modeling could cause catastrophic results when an embedded system gets operational. In this paper, we propose hybrid automata-based semantics that supports the discrete and continuous behavior in upgraded SysML block diagram. The upgraded SysML block diagram is used for the modeling of the embedded system. Furthermore, we use model checker PRISM for the early design verification of upgraded SysML block diagram. Finally, we demonstrate the effectiveness of our proposed approach with the help of two case studies “temperature control system” and “water level control system”.

     

Using Hybrid Automata to Support Human Factors Analysis in a Critical System

A characteristic that many emerging technologies and interaction techniques have in common is a shift towards tighter coupling between human and computer. In addition to traditional discrete interaction, more continuous interaction techniques, such as gesture recognition, haptic feedback and animation, play an increasingly important role. Additionally, many supervisory control systems (such as flight deck systems) already have a strong continuous element. The complexity of these systems and the need for rigorous analysis of the human factors involved in their operation leads us to examine formal and possibly automated support for their analysis. The fact that these systems have important temporal aspects and potentially involve continuous variables, besides discrete events, motivates the application of hybrid systems modelling, which has the expressive power to encompass these issues. Essentially, we are concerned with human-factors related questions whose answers are dependent on interactions between the user and a complex, dynamic system.In this paper we explore the use of hybrid automata, a formalism for hybrid systems, for the specification and analysis of interactive systems. To illustrate the approach we apply it to the analysis of an existing flight deck instrument for monitoring and controlling the hydraulics subsystem.     

<Emphasis Type="Italic">SetExp</Emphasis>: a method of transformation of timed automata into finite state automata

Real-time discrete event systems are discrete event systems with timing constraints, and can be modeled by timed automata. The latter are convenient for modeling real-time discrete event systems. However, due to their infinite state space, timed automata are not suitable for studying real-time discrete event systems. On the other hand, finite state automata, as the name suggests, are convenient for modeling and studying non-real time discrete event systems. To take into account the advantages of finite state automata, an approach for studying real-time discrete event systems is to transform, by abstraction, the timed automata modeling them into finite state automata which describe the same behaviors. Then, studies are performed on the finite state automata model by adapting methods designed for non real-time discrete event systems. In this paper, we present a method for transforming timed automata into special finite state automata called Set-Exp automata. The method, called SetExp, models the passing of time as real events in two types: Set events which correspond to resets with programming of clocks, and Exp events which correspond to the expiration of clocks. These events allow to express the timing constraints as events order constraints. SetExp limits the state space explosion problem in comparison to other transformation methods of timed automata, notably when the magnitude of the constants used to express the timing constraints are high. Moreover, SetExp is suitable, for example, in supervisory control and conformance testing of real-time discrete event systems.     

A formal mathematical framework for modeling probabilistic hybrid systems

The development of autonomous agents, such as mobile robots and software agents, has generated considerable research in recent years. Robotic systems, which are usually built from a mixture of continuous (analog) and discrete (digital) components, are often referred to as hybrid dynamical systems. Traditional approaches to real-time hybrid systems usually define behaviors purely in terms of determinism or sometimes non-determinism. However, this is insufficient as real-time dynamical systems very often exhibit uncertain behavior. To address this issue, we develop a semantic model, Probabilistic Constraint Nets (PCN), for probabilistic hybrid systems. PCN captures the most general structure of dynamic systems, allowing systems with discrete and continuous time/variables, synchronous as well as asynchronous event structures and uncertain dynamics to be modeled in a unitary framework. Based on a formal mathematical paradigm exploiting abstract algebra, topology and measure theory, PCN provides a rigorous formal programming semantics for the design of hybrid real-time embedded systems exhibiting uncertainty.