Monitoring of Probabilistic Timed Property Sequence Charts

Run‐time monitoring is an important technique to detect erroneous run‐time behaviors. Several techniques have been proposed to automatically generate monitors from specification languages to check temporal and real‐time properties. However, monitoring of probabilistic properties still requires manual generation. To overcome this problem, we define a formal property specification language called Probabilistic Timed Property Sequence Chart (PTPSC). PTPSC is a probabilistic and timed extension of the existing scenario‐based specification formalism Property Sequence Chart (PSC). We have defined a formal grammar‐based syntax and have implemented a syntax‐directed translator that can automatically generate a probabilistic monitor which combines timed B”uchi automata and a sequential statistical hypothesis test process. We validate the generated monitors with a set of experiments performed with our tool WS‐PSC Monitor. Copyright © 2011 John Wiley & Sons, Ltd.     

UML时间顺序图的可达性分析

对于实时系统来说,UML顺序图描述了对象之间的交互。对象之间的交互展现了系统行为的场景。本文中,我们针对描述多场景的UML顺序图组合中的可达性问题进行研究。尽管这个问题可以转换为相应的时间自动机,然后进行处理,但其转化为之后,状态空间巨大,解决的开销比较大,效率不高。针对部分可达性问题,本文采用更为高效的基于线性规划的解决方案,其思想如下:首先遍历所有到达给定节点的简单路径片断来验证可达性,随后遍历到达给定节点的并且包含所有循环至多一次的路径片断来验证可达性。由于我们并没有遍历所有路径片断,因此用本文的方法判定给定节点的可达性的时候,结果会有三种:可达,不可达和不确定。由于有些循环与可达性是无关的,我们进一步通过识别哪些循环与可达性无关,对算法进行改进。     

Patterns for Timed Property Specifications

Patterns for property specification enable non-experts to write formal specifications that can be used for automatic model checking. The existing patterns identified in [Dwyer, M.B., G.S. Avrunin and J.C. Corbett, Property specification patterns for finite-state verification, in: FMSP '98: Proceedings of the second workshop on Formal methods in software practice (1998), pp. 7–15] allow to reason about occurrence and order of events, but not about their timing. We extend this pattern system by patterns related to time. This allows the specification of real-time requirements.     

时间属性序列图:语法和语义

为了表示事件出现的时间约束,扩展属性序列图为时间属性序列图,使其继承属性序列图的优点,并且能够表示时间属性,定义了时间属性序列图的形式语法,并给出基于时间Büchi自动机的形式操作语义;用实时规约模式度量了时间属性序列图的表达力。最后,对时间属性序列图进行了实例研究,显示了其广泛的应用前景。     

Induction in the Timed Interval Calculus

The Timed Interval Calculus, a timed-trace formalism based on set theory, is introduced. It is extended with an induction law and a unit for concatenation, which facilitates the proof of properties over trace histories. The effectiveness of the extended Timed Interval Calculus is demonstrated via a benchmark case study, the mine pump. Specifically, a safety property relating to the operation of a mine shaft is proved, based on an implementation of the mine pump and assumptions about the environment of the mine.     

时间行为协议状态空间约减算法

对复杂时间行为协议状态进行约减对于缓解形式化验证的状态空间爆炸问题,提高验证工具系统的效率、实用性等具有重要意义。分析了实时构件组合的几种形态,对基于时间行为协议的组合理论和状态空间爆炸问题进行了讨论,给出了时间行为协议的状态空间约减算法并进行了分析,给出了示例。     

Property specifications for workflow modelling

Previously we provided two formal behavioural semantics for the Business Process Modelling Notation (BPMN) in the process algebra CSP. By exploiting CSP’s refinement orderings, developers may formally compare their BPMN models. However, BPMN is not a specification language, and it is difficult and sometimes impossible to use it to construct behavioural properties against which other BPMN models may be verified. This paper considers a pattern-based approach to expressing behavioural properties. We describe a property specification language PL for capturing a generalisation of Dwyer et al.’s Property Specification Patterns, and present a translation from PL into a bounded, positive fragment of linear temporal logic, which can then be automatically translated into CSP for simple refinement checking. We present a detailed example studying the behavioural properties of an airline ticket reservation business process. Using the same example we also describe some recent results on expressing behavioural compatibility within our semantic models. These results lead to a compositional approach for ensuring deadlock freedom of interacting business processes.     

Conformance Tests for Real-Time Systems with Timed Automata Specifications

A method is introduced for testing the conformance of implemented real-time systems to timed automata specifications. Uppaal timed automata are transformed into testable timed transition systems (TTTSs) using a test view. Fault hypotheses and a test generation algorithm for TTTSs are defined. Results of applying the method are presented. Received October 1999 / Accepted in revised form November 2000     

Statistical model checking of Timed Rebeca models

The actor-based language, Timed Rebeca, was introduced to model distributed and asynchronous systems with timing constraints and message passing communication. A toolset was developed for automated translation of Timed Rebeca models to Erlang. The translated code can be executed using a timed extension of McErlang for model checking and simulation. In this work, we added a new toolset that provides statistical model checking of Timed Rebeca models. Using statistical model checking, we are now able to verify larger models against safety properties compared to McErlang model checking. We examine the typical case studies of elevators and ticket service to show the efficiency of statistical model checking and applicability of our toolset.     

时间自动机可达性分析中的状态空间约减技术综述

时间自动机是检验实时系统建模的有效工具,其可达性分析可以检验系统是否可能达到某些特定的状态,其算法通常采用对符号状态的枚举来遍历其状态空间。因为引入了时钟变量,时间自动机的可达性分析算法会产生大量的中间状态,需要巨大的存储空间,往往超出了计算机能力的极限,导致分析和检验不能完成。这就是所谓的“状态空间爆炸”。研究人员设计了很多种优化技术来约减可迭性分析所需的存储空间,以解决或者缓解这个问题。本文首先介绍了时间自动机及其可达性分析的基本概念,然后分类讨论了现有的空间约减优化技术并对此做出总结,最后提出了一些未来的研究方向。     

An Introduction to Real-Time Object-Z

This paper presents Real-Time Object-Z: an integration of the object-oriented, state-based specification language Object-Z with the timed trace notation of the timed refinement calculus. This integration provides a method of formally specifying and refining systems involving continuous variables and real-time constraints. The basis of the integration is a mapping of the existing Object-Z history semantics to timed traces. Received September 2000 / Accepted in revised form June 2001     

Timed verification of hierarchical communicating real-time state machines

Hierarchical Communicating Real-Time State Machines (H-CRSM) is a formal modelling language for the modular development of distributed real-time systems. The formalism is characterized by the use of state transitions with guarded commands and timing constraints, the adoption of a few distilled statecharts constructs, and the modular specification of timing constraints along a state hierarchy. This paper proposes a translation of H-CRSM into Uppaal which enables model checking. Translation rests on unfolding a hierarchical model on a flat representation. The resultant approach is demonstrated by means of a case study.     

Runtime Verification of Timed LTL using Disjunctive Normalized Equation Systems

In this paper we present a new framework for runtime verification of properties of real time systems such as financial systems or backend databases. Such a systems has a semantics which resemples that of timed traces, namely a sequence of states where each state consists of predicates true in this state and then a timestamp explaining when the state is valid. We present a logic, LTL_t, which is an extension of LTL with time constraints and a freeze quantifier and show how formulae in this logic are able to express properties of bounded liveness and safety which are ideal for these systems. It is shown how a formula in LTL_t may be rewritten to a certain disjunctive normal form suitable for checking a real time system at runtime. The normal form captures the essential part of runtime verification by a set of mutually defined formula identifiers, each expressing two things: What should hold now and which formula identifiers that will need to hold in the next state. As part of the theoretical foundation for this work we propose a characterization of Runtime Verification and address the challenges in developing a method which is both sound and complete while at the same time efficient.     

一种基于有限精度时间自动机的模型检测工具

基于有限精度时间自动机模型,实现了一种新的数据结构——SDS ,用SDS 符号化表示状态空间的实时系统模型检测工具,并进行了初步的实验分析,取得了良好的效果。     

Timed Behavior Trees for Failure Mode and Effects Analysis of time-critical systems

Behavior Trees are a graphical notation used for formalising functional requirements, and have been successfully applied to several industrial case studies. However, the standard notation does not support the concept of time, and consequently its application is limited to non-real-time systems. To overcome this limitation we extend the notation to timed Behavior Trees. We provide an operational semantics which is based on timed automata, and thus serves as a formal basis for the translation of timed Behavior Trees into the input notation of the timed model checker UPPAAL. System-level timing properties of a Behavior Tree model can then be automatically verified using UPPAAL. Based on the notational extensions with model checking support, we introduce timed Failure Mode and Effects Analysis, a process for identifying cause-consequence relationships between component failures and system hazards in real-time safety critical systems.     

Action transducers and timed automata

Thetimed automaton model of [LyV92, LyV93] is a general model for timing-based systems. A notion oftimed action transducer is here defined as an automata-theoretic way of representing operations on timed automata. It is shown that two timed trace inclusion relations are substitutive with respect to operations that can be described by timed action transducers. Examples are given of operations that can be described in this way, and a preliminary proposal is given for an appropriate language of operators for describing timing-based systems.A preliminary version of this paper appeared in W.R. Cleaveland, editor,Proceedings CONCUR'92, Stony Brook, New York. LNCS 630, pages 436–455. Springer, 1992.Supported by ONR contracts N00014-85-K-0168 and N00014-91-J-1988, by NSF grant CCR-8915206, and by ARPA contracts N00014-89-J-1988 and N00014-92-J-4033.Supported by ESPRIT BRA 7166 CONCUR2 and by the HCM network EXPRESS. Part of the work on this paper was done while the author was at the Ecole des Mines, CMA, Sophia Antipolis, France, and at CWI, Amsterdam, The Netherlands.     

A real-time profile for UML

This paper describes an approach for real-time modelling in UML, focusing on analysis and verification of time and scheduling-related properties. To this aim, a concrete UML profile, called the ωprofile, is defined, dedicated to real-time modelling by identifying a set of relevant concepts for real-time modelling which can be considered as a refinement of the standard SPT profile. The profile is based on a rich concept of event representing an instant of state change, and allows the expression of duration constraints between occurrences of events. These constraints can be provided in the form of OCL-like expressions annotating the specification or by means of state machines, stereotyped as ‘observers’. A framework for modelling scheduling issues is obtained by adding a notion of resource and a notion of execution time. For proving the relevance of these choices, the profile has been implemented in a validation tool and applied to case studies. It has a formal semantics and is sufficiently general and expressive to define a semantic underpinning for other real-time profiles of UML which in general define more restricted frameworks. In particular, most existing profiles handling real-time issues define a number of predefined attributes representing particular durations or constraints on them and their semantic interpretation can be expressed in the OMEGA-RT profile. This work has been partially supported by the IST-2002-33522 OMEGA project. VERIMAG is an academic research laboratory associated with CNRS, Université Joseph Fourier and Institut Nationale Polytechnique de Grenoble.     

基于实时UML顺序图的物联网交互模型

物联网是一个集计算、通信和控制于一体的智能系统,它通过监控和收集物理进程信息并将这些信息进行计算和分析,最终生成正确的控制指令用以执行,从而使物理环境变得更加安全和可靠。在物联网中,各物体通过网络连接或者本地连接的方式进行交互,这些交互具有时间性和地域性。物联网的建模和验证是物联网研究中一个重要的领域。文中提出一种基于实时UML顺序图的物联网交互模型,该模型将物联网中所有参与交互的物体建模为交互对象,并且通过实时UML顺序图对交互对象间的交互进行建模。使用时间自动机对交互对象的内部状态变化进行建模,以形成对交互模型的补充。最后根据转换规则将交互模型转换为时间自动机的形式以便于验证。通过一个实例,显示了如何具体应用物联网交互模型。进一步提出了物联网系统应该满足的一些性质,并使用UPPAAL模型检测工具对物联网交互模型进行分析和验证。     

Using mappings to prove timing properties

Summary A new technique for proving timing properties for timing-based algorithms is described; it is an extension of the mapping techniques previously used in proofs of safety properties for asynchronous concurrent systems. The key to the method is a way of representing a system with timing constraints as an automaton whose state includes predictive timing information. Timing assumptions and timing requirements for the system are both represented in this way. A multi-valued mapping from the assumptions automaton to the requirements automaton is then used to show that the given system satisfies the requirements. One type of mapping is based on a collection of progress functions providing measures of progress toward timing goals. The technique is illustrated with two examples, a simple resource manager and a two-process race system. Nancy A. Lynch received the B.S. degree in mathematics from Brooklyn College, Brooklyn, NY, in 1968, and the Ph.D. degree in mathematics from the Massachusetts Institute of Technology, Cambridge, MA, in 1972. She is presently a professor of computer science and electrical engineering at Massachusetts Institute of Technology. She has also been on the computer science faculty at Georgia Institute of Technology and on the mathematics faculty at Tufts University and the University of Southern California. Her research interests are in distributed and real-time computing and theoretical computer science. In particular, she has worked on formal models and verification methods, on algorithm design and analysis, and on impossibility results. She also likes to hike and ski. Hagit Attiya received the B.Sc. degree in Mathematics and Computer Science from the Hebrew University of Jerusalem, in 1981, the M.Sc. and Ph.D. degrees in Computer Science from the Hebrew University of Jerusalem, in 1983 and 1987, respectively. She is presently a senior lecturer at the department of Computer Science at the Technion, Israel Institute of Technology. Prior to this, she has been a post-doctoral research associate at the Laboratory for Computer Science at M.I.T. Her general research interests are distributed computation and theoretical computer science. More specific interests include fault-tolerance, timing-based and asynchronous algorithms.This work was supported by ONR contracts N00014-85-K-0168 and N00014-91-J-1046, by NSF grants CCR-8611442 and CCR-8915206, and by DARPA contracts N00014-87-K-0825 and N00014-89-J-1988