Towards UML-based formal specifications of component-based real-time software

UML-RT is achieving increasing popularity as a modeling language for real-time applications. Unfortunately UML-RT is not formally well defined and it is not well suited for supporting the specification stage: e.g., it does not provide native constructs to represent time and non-determinism. UML+ is an extension of UML that is formally well defined and suitable for expressing the specifications of real-time systems (e.g., the properties of a UML+ model can be formally verified). However, UML+ does not support design and development. This article addresses the translation of UML+ into UML-RT, thus posing the basis for a development framework where UML+ and UML-RT are used together, in order to remove each other’s limitations. Specifications are written using UML+, they are automatically verified by means of formal methods, and are then converted – through a semi-automatic process – in an equivalent UML-RT model that becomes the starting point for the implementation.     

Reengineering component-based software systems with Archimetrix

Many software development, planning, or analysis tasks require an up-to-date software architecture documentation. However, this documentation is often outdated, unavailable, or at least not available as a formal model which analysis tools could use. Reverse engineering methods try to fill this gap. However, as they process the system’s source code, they are easily misled by design deficiencies (e.g., violations of component encapsulation) which leaked into the code during the system’s evolution. Despite the high impact of design deficiencies on the quality of the resulting software architecture models, none of the surveyed related works is able to cope with them during the reverse engineering process. Therefore, we have developed the Archimetrix approach which semiautomatically recovers the system’s concrete architecture in a formal model while simultaneously detecting and removing design deficiencies. We have validated Archimetrix on a case study system and two implementation variants of the CoCoME benchmark system. Results show that the removal of relevant design deficiencies leads to an architecture model which more closely matches the system’s conceptual architecture.     

Model generation of component-based systems

This paper presents COnfECt, a model learning approach, which aims at recovering the functioning of a component-based system from its execution traces. We refer here to non concurrent systems whose internal interactions among components are not observable from the environment. COnfECt is specialised into the detection of components of a black-box system and in the inference of models called systems of labelled transition systems (LTS). COnfECt tries to detect components and their specific behaviours in traces, then it generates LTS for every component discovered, which captures its behaviours. Besides, it synchronises the LTSs together to express the functioning of the whole system. COnfECt relies on machine learning techniques to build models: it uses the notion of correlation among actions in traces to detect component behaviours and exploits a clustering technique to merge similar LTSs and synchronise them. We describe the three steps of COnfECt and the related algorithms in this paper. Then, we present some preliminary experimentations.     

A framework for automated distributed implementation of component-based models

Although distributed systems are widely used nowadays, their implementation and deployment are still time-consuming, error-prone, and hardly predictable tasks. In this paper, we propose a method for producing automatically efficient and correct-by-construction distributed implementations from a model of the application software in Behavior, Interaction, Priority (BIP). BIP is a well-founded component-based framework encompassing high-level multi-party interactions for synchronizing components (e.g., rendezvous and broadcast) and dynamic priorities for scheduling between interactions. Our method transforms an arbitrary BIP model into a Send/Receive BIP model that is directly implementable on distributed execution platforms. The transformation consists in (1) breaking the atomicity of actions in components by replacing synchronous multiparty interactions with asynchronous Send/Receive interactions; (2) inserting distributed controllers that coordinate the execution of interactions according to a user-defined partition of interactions, and (3) adding a distributed algorithm for handling conflicts between controllers. The obtained Send/Receive BIP model is proven observationally equivalent to its corresponding initial model. Hence, all functional properties of the initial BIP model are preserved by construction in the implementation. Moreover, the obtained Send/Receive BIP model can be used to automatically derive distributed executable code. The proposed method is fully implemented. Currently, it is possible to generate C++ implementations for (1) TCP sockets for conventional distributed communication, (2) MPI for multi-processor platforms, and (3) POSIX threads for deployment on multi-core platforms. We present four case studies and report experimental results for different design choices including partition of interactions and choice of algorithm for distributed conflict resolution.     

A class loading sensitive approach to detection of runtime type errors in component-based Java programs

ContextThe employment of class loaders in component-based Java programs may introduce runtime type errors, which may happen at any statement related to class loading, and may be wrapped into various types of exceptions raised by JVM. Traditional static analysis approaches are inefficient to detect them.ObjectiveOur previous work proposed a semi-static detection work based on points-to analysis to detect such runtime type errors. In this paper, we extend previous work by referencing the information obtained from class loading to detect runtime type errors in component-based Java programs, without the need to running them.MethodOur approach extends the typical points-to analysis by gathering the behavior information of Java class loaders and figuring out the defining class loader of the allocation sites. By doing that, we obtain the runtime types of objects a reference variable may point to, and make use of such information to facilitate runtime type error detecting.ResultsResults on four case studies show that our approach is feasible, can effectively detect runtime errors missed by traditional static checking methods, and performs acceptably in both false negative test and scalability test.     

Towards modeling and runtime verification of self-organizing systems

According to the fact that the intrinsic dynamism of self-organizing systems challenges the existing methods of engineering for modeling reliable complex systems, in this paper, we propose a new formal-based method to model self-organizing systems. The capabilities of the proposed method which are used to address several challenges in design, development and analysis of self-organizing systems are: modularity and robustness, decentralized control and scalability, required adaptation types, flexible and adaptive control mechanism, separation of adaptation and business logic, and safe adaptation. To evaluate the proposed method, we use self-organizing traffic management system as a case study and exploit the proposed method for modeling this dynamic system. Moreover, we propose and employ a novel policy-based runtime verification mechanism to ensure that the safety properties are satisfied by the implementation at runtime. We provide our case study prototype using Java and the Ponder2 toolkit and apply our runtime verification method to show its proper reaction capabilities to the property violations. This benefit is the result of using dynamic policies in our method to control the behavior of systems.     

Robustness improvement of component-based cloud computing systems

The Journal of Supercomputing - With the increasing popularity of Cloud computing systems, the demand for highly dependable Cloud applications has increased significantly. For this, reliability and...     

基于SRAM型FPGA的实时容错自修复系统设计方法

为提高辐射环境中电子系统的可靠性,提出了一种基于SRAM型FPGA的实时容错自修复系统结构和设计方法。该设计方法采用粗粒度三模冗余结构和细粒度三模冗余结构对系统功能模块进行容错设计;将一种细粒度的故障检测单元嵌入到各冗余模块中对各冗余模块进行故障检测;结合动态部分重构技术可在不影响系统正常工作的前提下实现故障模块的在线修复。该设计结构于Xilinx Virtex誖-6 FPGA中进行了设计实现,实验结果表明系统故障修复时间和可靠性得到显著提高。     

Predictions-on-chip: model-based training and automated deployment of machine learning models at runtime

The design of gas turbines is a challenging area of cyber-physical systems where complex model-based simulations across multiple disciplines (e.g., performance, aerothermal) drive the design process. As a result, a continuously increasing amount of data is derived during system design. Finding new insights in such data by exploiting various machine learning (ML) techniques is a promising industrial trend since better predictions based on real data result in substantial product quality improvements and cost reduction. This paper presents a method that generates data from multi-paradigm simulation tools, develops and trains ML models for prediction, and deploys such prediction models into an active control system operating at runtime with limited computational power. We explore the replacement of existing traditional prediction modules with ML counterparts with different architectures. We validate the effectiveness of various ML models in the context of three (real) gas turbine bearings using over 150,000 data points for training, validation, and testing. We introduce code generation techniques for automated deployment of neural network models to industrial off-the-shelf programmable logic controllers.

     

Formal component-based modeling and synthesis for PLC systems

Programmable Logic Controllers (PLCs) are widely used in industry. PLC systems are reactive systems which run cyclically. In each cycle, the system state is checked and the program is executed once to determine the system behavior for a single cycle. Development of PLC systems conventionally follows the V-model, but increasing demand for efficiency and reliability requires a new rigorous and rapid design flow. In this paper, we propose a component-based formal modeling and synthesis method for cyclic execution platforms and apply it to PLC. Our method consists of three main phases: modeling, verification and code synthesis. In the modeling phase, the BIP (Behavior–Interaction–Priority) framework which is flexible and expressive is used as the modeling language. Real-time behavior, which is intensely concerned in PLC systems, can be modeled as well. In the verification phase, the system model is translated to timed automata and checked by Uppaal. Verification helps to ensure correctness of the model and further increases reliability of the implementation. In the code synthesis phase, the software part of the system model is extracted and synthesized to cyclic code. Although the PLC software runs cyclically, the software model is not necessarily given in a cyclic manner. We propose an algorithm which can generate high-performance cyclic code from a model which describes the business work-flow. This feature significantly simplifies program development. A set of tools is implemented to support our design flow and they are applied to an industrial case study for a PLC system that controls dozens of physical devices in a huge palace.     

The adoption and design methodologies of component-based enterprise systems

One of the major investments of information technologies in large companies in the past decade has been the enterprise system. Although the enterprise system has the advantages of managing and integrating almost all of the business processes in the whole company, there have been strong criticisms that the enterprise system often imposes its own logic or business process on a company and lacks flexibility and adaptability in today's dynamic business environment. The goal of this paper is to outline a new approach in enterprise system development. We analyse the factors that affect the adoption of enterprise systems. Market and business changes, and advances in information technologies call for a more flexible, open, and scalable enterprise architecture. We describe the process that Dell Computer Corporation took in adopting its component-based enterprise system architecture. The Dell example has demonstrated the importance of fit between business information systems and fundamental organizational dimensions of the company including strategy, business environment, and organizational structure. We also discuss the design methodologies for component-based enterprise system design. We take a coordination perspective, both at the software level and the organizational level, in addressing the design methodologies for component-based enterprise system development.     

Avoidance versus detection and recovery problem in buffer-spaceallocation of flexibly automated production systems

Motivated by recent developments in the semiconductor manufacturing industry, this paper undertakes an analytical investigation of the problem of selecting optimally the deadlock resolution strategy for buffer space allocation in flexibly automated production systems. In the process, it extends the behavioral models for the aforementioned systems currently considered in the literature, to account for probabilistic uncontrollable effects like the requirement for extra finishing steps and/or rework, and it introduces a new deadlock resolution scheme, characterized as randomized deadlock avoidance. The combination of these two extensions brings the considered system behavior(s) to the realm of probabilistic automata, an area of increasing academic interest. For the resulting model, and under the assumption of Markovian timings, it develops an analytical methodology for selecting the optimal deadlock resolution strategy that maximizes the steady-state system throughput, and it demonstrates its effectiveness through application to a "prototype" system configuration. The obtained results provide an interesting analytical expression of the need to assess the gains obtained by the increased concurrency supported by the deadlock detection and recovery strategy versus the productivity losses experienced under this approach due to increased system blocking, and/or additional material handling overheads. It turns out that, for the considered system configuration, the optimal selection scheme switches between detection and recovery and pure deadlock avoidance, every time that the time cost of deadlock recovery, tau(d), crosses a threshold Theta, which is a function of the remaining system behavioral and timing parameters. Beyond its own theoretical merit, this last result raises also the question of whether the policy randomization introduced in this work will ever enhance the performance of any configuration in the considered class of Resource Allocation Systems (RAS); this issue will be investigated in a sequel paper.     

Developing and evolving a DSL-based approach for runtime monitoring of systems of systems

Complex software-intensive systems are often described as systems of systems (SoS) due to their heterogeneous architectural elements. As SoS behavior is often only understandable during operation, runtime monitoring is needed to detect deviations from requirements. Today, while diverse monitoring approaches exist, most do not provide what is needed to monitor SoS, e.g., support for dynamically defining and deploying diverse checks across multiple systems. In this paper we report on our experiences of developing, applying, and evolving an approach for monitoring an SoS in the domain of industrial automation software, that is based on a domain-specific language (DSL). We first describe our initial approach to dynamically define and check constraints in SoS at runtime and then motivate and describe its evolution based on requirements elicited in an industry collaboration project. We furthermore describe solutions we have developed to support the evolution of our approach, i.e., a code generation approach and a framework to automate testing the DSL after changes. We evaluate the expressiveness and scalability of our new DSL-based approach using an industrial SoS. We also discuss lessons we learned. Our results show that while developing a DSL-based approach is a good solution to support industrial users, one must prepare the approach for evolution, by making it extensible and adaptable to future scenarios. Particularly, support for automated (re-)generation of tools and code after changes and automated testing are essential.