Dependency analysis-a Petri-net-based technique for synthesizinglarge concurrent systems

Petri nets (PNs) are frequently used in modeling, designing, and analyzing concurrent systems. A problem with PNs, in the general case, is that they require high computational complexity to analyze their properties, such as reachability, liveness, and boundedness. To avoid this problem, synthesis techniques for constructing large PNs are presented. Using these techniques, the behavior of the constructed PN can be determined by local analysis that uses known properties of the given nets. Thus, the high computational complexity of global analysis is bypassed. A synthesis technique that explores dependency relations in PNs is presented. It synthesizes large PNs by combining smaller PNs of arbitrary topology structures, and the combination is verified efficiently by dependency analysis. A large system based on a PN can be built up by repeated applications of the technique     

Embedded system design with ada as the system design language

Recent research in software engineering has produced a number of techniques for structuring an understanding of systems. Many of these techniques are applicable to the design of embedded computer systems and produce designs whose structures are easily expressible in the ada language. This language is itself structured so that the design of a system can be expressed independently of its implementation. Thus ada can be a useful system design language (SDL) with these techniques. This paper describes the software design problem in the development of embedded computer systems. It shows how ada can be used as an SDL, as well as a system implementation language. The essential point is that as an SDL ada encourages designers to use recent theory to develop better structures for their systems, and its subsequent use to implement the systems preserves those structures in the product.     

Transformation challenges: from software models to performance models

A software model can be analysed for non-functional requirements by extending it with suitable annotations and transforming it into analysis models for the corresponding non-functional properties. For quantitative performance evaluation, suitable annotations are standardized in the “UML Profile for Modeling and Analysis of Real-Time Embedded systems” (MARTE) and its predecessor, the “UML Profile for Schedulability, Performance and Time”. A range of different performance model types (such as queueing networks, Petri nets, stochastic process algebra) may be used for analysis. In this work, an intermediate “Core Scenario Model” (CSM) is used in the transformation from the source software model to the target performance model. CSM focuses on how the system behaviour uses the system resources. The semantic gap between the software model and the performance model must be bridged by (1) information supplied in the performance annotations, (2) in interpretation of the global behaviour expressed in the CSM and (3) in the process of constructing the performance model. Flexibility is required for specifying sets of alternative cases, for choosing where this bridging information is supplied, and for overriding values. It is also essential to be able to trace the source of values used in a particular performance estimate. The performance model in turn can be used to verify responsiveness and scalability of a software system, to discover architectural limitations at an early stage of development, and to develop efficient performance tests. This paper describes how the semantic gap between software models in UML+MARTE and performance models (based on queueing or Petri nets) can be bridged using transformations based on CSMs, and how the transformation challenges are addressed.     

Model-based verification of quantitative non-functional properties for software product lines

Evaluating quality attributes of a design model in the early stages of development can significantly reduce the cost and risks of developing a low quality product. To make this possible, software designers should be able to predict quality attributes by reasoning on a model of the system under development. Although there exists a variety of quality-driven analysis techniques for software systems, only a few work address software product lines. This paper describes how probabilistic model checking techniques and tools can be used to verify non-functional properties of different configurations of a software product line. We propose a model-based approach that enables software engineers to assess their design solutions for software product lines in the early stages of development. Furthermore, we discuss how the analysis time can be surprisingly reduced by applying parametric model checking instead of classic model checking. The results show that the parametric approach is able to substantially alleviate the verification time and effort required to analyze non-functional properties of software product lines.     

Computing reliability: On the differences between software testing and software fault injection techniques

System reliability has become a main concern during the computer-based system design process. It is one of the most important characteristics of the system quality. The continuous increase of the system complexity makes the reliability evaluation extremely costly. Therefore, there is need to develop new methods with less cost and effort. Furthermore, the system is vulnerable to both software and hardware faults. While the software faults are usually introduced by the programmer either at the design or the implementation stage of the software, the hardware faults are caused by physical phenomena affecting the hardware components, such as environmental perturbations, manufacturing defects, and aging-related phenomena. The software faults can only impact the software components. However, the hardware faults can propagate through the different system layers, and affect both the hardware and the software. This paper discusses the differences between the software testing and the software fault injections techniques used for reliability evaluation. We describe the mutation analysis as a method mainly used in software testing. Then, we detail the fault injection as a technique to evaluate the system reliability. Finally, we discuss how to use software mutation analysis in order to evaluate, at software level, the system reliability against hardware faults. The main advantage of this technique is its usability at early design stage of the system, when the instruction set architecture is not available. Experimental results run to evaluate faults occurring the memory show that the proposed approach significantly reduces the complexity of the system reliability evaluation in terms of time and cost.     

A methodology of testing high-level Petri nets

Petri nets have been extensively used in the modelling and analysis of concurrent and distributed systems. The verification and validation of Petri nets are of particular importance in the development of concurrent and distributed systems. As a complement to formal analysis techniques, testing has been proven to be effective in detecting system errors and is easy to apply. An open problem is how to test Petri nets systematically, effectively and efficiently. An approach to solve this problem is to develop test criteria so that test adequacy can be measured objectively and test cases can be generated efficiently, even automatically. In this paper, we present a methodology of testing high-level Petri nets based on our general theory of testing concurrent software systems. Four types of testing strategies are investigated, which include state-oriented testing, transition-oriented testing, flow-oriented testing and specification-oriented testing. For each strategy, a set of schemes to observe and record testing results and a set of coverage criteria to measure test adequacy are defined. The subsumption relationships and extraction relationships among the proposed testing methods are systematically investigated and formally proved.     

Organizing the description of a relational data base

The design and implementation of the data structures used within a software system such as a compiler, an operating system or a data base management system are fundamental to the development of that system. Unfortunately, there are very few standard techniques for designing such data structures and for structuring the software used to support them. This paper proposes that it is possible to use data base techniques to design and implement such data structures. For this reason, it describes a methodology which is used to design large relational data bases, and then demonstrates how the methodology was modified and used to design the internal data structures of a relational data base management system. This paper concludes that this approach produces data structures which are better understood and easier to modify than those resulting from an ad-hoc approach.     

Object analysis patterns for embedded systems

Some of the most challenging tasks in building a software system are capturing, refining, and analyzing requirements. How well these tasks are performed significantly impacts the quality of the developed software system. The difficulty of these tasks is greatly exacerbated for the software of embedded systems as these systems are commonly used for critical applications, have to operate reliably for long periods of time, and usually have a high degree of complexity. Current embedded systems software development practice, however, often deals with the (requirements) analysis phase in a superficial manner, instead emphasizing design and implementation. This research investigates how an approach similar to the well-known design patterns, termed object analysis patterns, can be applied in the analysis phase of embedded systems development, prior to design and coding. Specifically, our research explores how object-oriented modeling notations, such as the Unified Modeling Language (UML), can be used to represent structural and behavioral information as part of commonly occurring object analysis patterns. This work also investigates how UML-based conceptual models of embedded systems, based on the diagram templates in the object analysis patterns, can be automatically analyzed using the Spin model checker for adherence to properties specified in linear-time temporal logic (LTL) using a previously developed UML formalization framework. We have applied these patterns to several embedded systems applications obtained from the automotive industry. This paper describes one of our case studies and illustrates how our approach facilitates the construction of UML-based conceptual models of embedded systems and the analysis of these models for adherence to functional requirements.     

A dependability profile within MARTE

The importance of assessing software non-functional properties (NFP) beside the functional ones is well accepted in the software engineering community. In particular, dependability is a NFP that should be assessed early in the software life-cycle by evaluating the system behaviour under different fault assumptions. Dependability-specific modeling and analysis techniques include for example Failure Mode and Effect Analysis for qualitative evaluation, stochastic Petri nets for quantitative evaluation, and fault trees for both forms of evaluation. Unified Modeling Language (UML) may be specialized for different domains by using the profile mechanism. For example, the MARTE profile extends UML with concepts for modeling and quantitative analysis of real-time and embedded systems (more specifically, for schedulability and performance analysis). This paper proposes to add to MARTE a profile for dependability analysis and modeling (DAM). A case study of an intrusion-tolerant message service will offer insight on how the MARTE-DAM profile can be used to derive a stochastic Petri net model for performance and dependability assessment.     

EMC2的硬件抽象层原理与实现

为解决嵌入式系统硬件多样化带来的设计复杂性问题,研究如何根据开源运动控制软件EMC2提供的硬件抽象层（HAL）,为数控平台构建HAL驱动。介绍其架构与原理,给出了一个在软PLC软件ClassicLadder中调用的例子。实践表明,硬件抽象层的实现有效提高了系统中软硬件的扩展性和可移植性。     

The effect of uncontrolled concurrency on model checking

Correctness of concurrent software is usually checked by techniques such as peer code reviews or code walkthroughs and testing. These techniques, however, are subject to human error, and thus do not achieve an in‐depth verification of correctness. Model‐checking techniques, which can systematically identify and verify every state that a system can enter, are a powerful alternative method for verifying concurrent systems. However, the usefulness of model checking is limited because the number of states for concurrent models grows exponentially with the number of processes in the system. This is often referred to as the ‘state explosion problem.’ Some processes are a central part of the software operation and must be included in the model. However, we have found that some exponential complexity results due to uncontrolled concurrency introduced by the programmer rather than due to the intrinsic characteristics of the software being modeled. We have performed tests on multimedia synchronization to show the effect of abstraction as well as uncontrolled concurrency using the Promela/SPIN model checker. We begin with a sequential model not expected to have exponential complexity but that results in exponential complexity. In this paper, we provide alternative designs and explain how uncontrolled concurrency can be removed from the code. Copyright © 2007 John Wiley & Sons, Ltd.     

Software architecture reliability analysis using failure scenarios

With the increasing size and complexity of software in embedded systems, software has now become a primary threat for the reliability. Several mature conventional reliability engineering techniques exist in literature but traditionally these have primarily addressed failures in hardware components and usually assume the availability of a running system. Software architecture analysis methods aim to analyze the quality of software-intensive system early at the software architecture design level and before a system is implemented. We propose a Software Architecture Reliability Analysis Approach (SARAH) that benefits from mature reliability engineering techniques and scenario-based software architecture analysis to provide an early software reliability analysis at the architecture design level. SARAH defines the notion of failure scenario model that is based on the Failure Modes and Effects Analysis method (FMEA) in the reliability engineering domain. The failure scenario model is applied to represent so-called failure scenarios that are utilized to derive fault tree sets (FTS). Fault tree sets are utilized to provide a severity analysis for the overall software architecture and the individual architectural elements. Despite conventional reliability analysis techniques which prioritize failures based on criteria such as safety concerns, in SARAH failure scenarios are prioritized based on severity from the end-user perspective. SARAH results in a failure analysis report that can be utilized to identify architectural tactics for improving the reliability of the software architecture. The approach is illustrated using an industrial case for analyzing reliability of the software architecture of the next release of a Digital TV.     

SimQPN—A tool and methodology for analyzing queueing Petri net models by means of simulation

The queueing Petri net (QPN) paradigm provides a number of benefits over conventional modeling paradigms such as queueing networks and generalized stochastic Petri nets. Using queueing Petri nets (QPNs), one can integrate both hardware and software aspects of system behavior into the same model. This lends itself very well to modeling distributed component-based systems, such as modern e-business applications. However, currently available tools and techniques for QPN analysis suffer the state space explosion problem, imposing a limit on the size of the models that are tractable. In this paper, we present SimQPN—a simulation tool for QPNs that provides an alternative approach to analyze QPN models, circumventing the state space explosion problem. In doing this, we propose a methodology for analyzing QPN models by means of discrete event simulation. The methodology shows how to simulate QPN models and analyze the output data from simulation runs. We validate our approach by applying it to study several different QPN models, ranging from simple models to models of realistic systems. The performance of point and interval estimators implemented in SimQPN is subjected to a rigorous experimental analysis.     

On systematic methods to remove redundant monitors from liveness-enforcing net supervisors

Petri nets based deadlock prevention for flexible manufacturing systems has received much attention over the past decade, primarily due to the seminal work of Ezpeleta et al. in 1995. A Petri net based deadlock prevention mechanism is usually implemented by adding monitors or control places to a plant Petri net model such that liveness can be enforced. The significance of this methodology lies in that both a plant model and its supervisor are in a same formalism-Petri nets. Due to the inherent complexity of Petri nets, in theory, the number of additional monitors that have to been added to achieve liveness-enforcement purpose for an uncontrolled plant model is exponential with respect to the size of the model. This paper first proposes a systematic method to minimize the number of additional monitors in a liveness-enforcing Petri net supervisor such that the resultant net system has the same permissive behavior while liveness can still be preserved. Furthermore, for the liveness-enforcing Petri net supervisors of flexible manufacturing systems, which have some particular property, an algorithm is developed such that more permissive liveness-enforcing Petri net supervisors can be obtained after liveness-restrictive monitor removal. Compared with the existing techniques of eliminating redundant monitors in the literature, the complete state enumeration of a supervisor is avoided, which implies the high computational efficiency of the methods in this paper. Flexible manufacturing examples are used to demonstrate the proposed approaches.     

A source code control system based on semantic nets

A major problem facing the developers of large pieces of software is source code version control. This paper describes how semantic nets can model this process and how a semantic net processor can be used to construct a flexible and portable source code control system.     

Deriving complexity information from a formal communication protocol specification

Communication software systems have become very large and complex. Recognizing the complexity of such software systems is a key element in their development activities. Software metrics are useful quantitative indicators for assessing and predicting software quality attributes, like complexity. However, most of existing metrics are extracted from source programs at the implementation phase of the software life cycle. They cannot provide early feedback during the specification phase; and subsequently it is difficult and expensive to make changes to the system, if so indicated by the metrics. It is therefore important to be able to measure system complexity at the specification phase. However, most software specifications are written in natural languages from which metrics information is very hard to extract. In this paper, we describe how complexity information can be derived from a formal communication protocol specification written in Estelle so that it is possible to predict the complexity of its implementation and subsequently its development can be better managed. © 1998 John Wiley & Sons, Ltd.     

Timed Petri Nets in Hybrid Systems: Stability and Supervisory Control

In this paper, timed Petri nets are used to model and control hybrid systems. Petri nets are used instead of finite automata primarily because of the advantages they offer in dealing with concurrency and complexity issues. A brief overview of existing results on hybrid systems that are based on Petri nets is first presented. A class of timed Petri nets named programmable timed Petri nets (PTPN) is then used to model hybrid systems. Using the PTPN, the stability and supervisory control of hybrid systems are addressed and efficient algorithms are introduced. In particular, we present sufficient conditions for the uniform ultimate boundness of hybrid systems composed of multiple linear time invariant plants which are switched between using a logical rule described by a Petri net. This paper also examines the supervisory control of a hybrid system in which the continuous state is transfered to a region of the state space in a way that respects safety specifications on the plant's discrete and continuous dynamics.