Modeling and Verification of Real-Time Systems

Transcription

1 Modeling and Verification of Real-Time Systems Formalisms and Software Tools Edited by Stephan Merz Nicolas Navet

2 This page intentionally left blank

3 Modeling and Verification of Real-Time Systems

4 This page intentionally left blank

5 Modeling and Verification of Real-Time Systems Formalisms and Software Tools Edited by Stephan Merz Nicolas Navet

6 First published in Great Britain and the United States in 2008 by ISTE Ltd and John Wiley & Sons, Inc. Apart from any fair dealing for the purposes of research or private study, or criticism or review, as permitted under the Copyright, Designs and Patents Act 1988, this publication may only be reproduced, stored or transmitted, in any form or by any means, with the prior permission in writing of the publishers, or in the case of reprographic reproduction in accordance with the terms and licenses issued by the CLA. Enquiries concerning reproduction outside these terms should be sent to the publishers at the undermentioned address: ISTE Ltd John Wiley & Sons, Inc. 6 Fitzroy Square 111 River Street London W1T 5DX Hoboken, NJ UK USA ISTE Ltd, 2008 The rights of Stephan Merz and Nicolas Navet to be identified as the authors of this work have been asserted by them in accordance with the Copyright, Designs and Patents Act Library of Congress Cataloging-in-Publication Data Modeling and verification of real-time systems : formalisms and software tools / edited by Nicolas Navet, Stephan Merz. p. cm. Includes bibliographical references and index. ISBN-13: Real-time data processing. 2. Computer software--verification. 3. Formal methods (Computer science) I. Navet, Nicolas. II. Merz, Stephan. QA76.54.M '51--dc British Library Cataloguing-in-Publication Data A CIP record for this book is available from the British Library ISBN: Printed and bound in Great Britain by Antony Rowe Ltd, Chippenham, Wiltshire.

7 Contents Preface Stephan MERZ and Nicolas NAVET Chapter 1. Time Petri Nets Analysis Methods and Verification with TINA Bernard BERTHOMIEU, Florent PERES and François VERNADAT 1.1. Introduction TimePetrinets Definition States and the state reachability relation Illustration Some general theorems State class graphs preserving markings and LT L properties Stateclasses Illustration Checking the boundedness property on-the-fly Variations Multiple enabledness Preservationofmarkings(only) State class graphs preserving states and LT L properties Clock domain Construction of the SSCG Variants State class graphs preserving states and branching properties Computing firing schedules Schedule systems Delays(relativedates)versusdates(absolute) Illustration An implementation: the Tina environment

8 6 Modeling and Verification of Real-Time Systems 1.8. The verification of SE LT L formulae in Tina The temporal logic SE LT L Preservation of LT L properties by tina constructions selt: the SE LT L checker of Tina Verification technique The selt logic Some examples of use of selt JohnandFred Statement of problem Are the temporal constraints appearing in this scenario consistent? Is it possible that Fred took the bus and John the carpool? At which time could Fred have left home? The alternating bit protocol Conclusion Bibliography Chapter 2. Validation of Reactive Systems by Means of Verification and Conformance Testing Camille CONSTANT,Thierry JÉRON, Hervé MARCHAND and Vlad RUSU 2.1. Introduction The IOSTS model Syntax of IOSTS Semantics of IOSTS Basic operations on IOSTS Parallel product Suspension Deterministic IOSTS and determinization Verification and conformance testing with IOSTS Verification Verifying safety properties Verifying possibility properties Combining observers Conformance testing Test generation Testselection Conclusion and related work Bibliography Chapter 3. An Introduction to Model Checking Stephan MERZ 3.1. Introduction Example: control of an elevator

9 Contents Transition systems and invariant checking Transition systems and their runs Verificationofinvariants Temporal logic Linear-time temporal logic Branching-time temporal logic ω-automata Automata and PTL Model checking algorithms Local PTL model checking Global CTL model checking Symbolic model checking algorithms Some research topics Bibliography Chapter 4. Model Checking Timed Automata Patricia BOUYER and François LAROUSSINIE 4.1. Introduction Timed automata Some notations Timed automata, syntax and semantics Parallel composition Decision procedure for checking reachability Otherverificationproblems Timed languages Branching-time timed logics Linear-time timed logics Timed modal logics Testing automata Behavioral equivalences Some extensions of timed automata Diagonal clock constraints Additive clock constraints Internalactions Updates of clocks Linear hybrid automata Subclasses of timed automata Event-recording automata One-clock timed automata Discrete-time models Algorithmsfortimedverification A symbolic representation for timed automata: the zones Backward analysis in timed automata

10 8 Modeling and Verification of Real-Time Systems Forward analysis of timed automata A data structure for timed systems: DBMs The model-checking tool Uppaal Bibliography Chapter 5. Specification and Analysis of Asynchronous Systems using CADP Radu MATEESCU 5.1. Introduction The CADP toolbox The LOTOS language Labeled transition systems Some verification tools Specification of a drilling unit Architecture Physical devices and local controllers Turningtable Clamp Drill Tester Main controller sequential version Main controller parallel version Environment Analysis of the functioning of the drilling unit Equivalence checking Model checking Conclusion and future work Bibliography Chapter 6. Synchronous Program Verification with Lustre/Lesar Pascal RAYMOND 6.1. Synchronous approach Reactive systems The synchronous approach Synchronous languages The Lustre language Principles Example: the beacon counter Programverification Notion of temporal property Safety and liveness Beacon counter properties State machine

11 Contents Explicit automata Principles of model checking Example of abstraction Conservative abstraction and safety Expressing properties Model checking: general scheme Model checking synchronous program Observers Examples Hypothesis Model checking of synchronous programs Algorithms Boolean automaton Explicit automaton The pre and post functions Outstanding states Principlesoftheexploration Enumerative algorithm Symbolic methods and binary decision diagrams Notations Handling predicates Representation of the predicates Shannon s decomposition Binary decision diagrams TypicalinterfaceofaBDDlibrary Implementation of BDDs Operations on BDDs Negation Binary operators Cofactors and quantifiers Notes on complexity Typed decision diagrams Positive functions TDG TDG implementation Interest in TDGs Care set and generalized cofactor Knowing that operators Generalized cofactor Restriction Algebraic properties of the generalized cofactor Forward symbolic exploration General scheme

12 10 Modeling and Verification of Real-Time Systems Detailed implementation Symbolic image computing Optimized image computing Principles Universal image Case of a single transition function Shannon s decomposition of the image Backward symbolic exploration General scheme Reverse image computing Comparing forward and backward methods Conclusion and related works Demonstrations Bibliography Chapter 7. Synchronous Functional Programming with Lucid Synchrone 207 Paul CASPI, Grégoire HAMON and Marc POUZET 7.1. Introduction Programming reactive systems The synchronous languages Model-based design Converging needs Lucid Synchrone Lucid Synchrone An ML dataflow language Infinite streams as basic objects Temporal operations: delay and initialization Streamfunctions Multi-sampled systems The sampling operator when The combination operator merge Oversampling Clock constraints and synchrony Staticvalues Higher-order features Datatypes and pattern matching A programming construct to share the memory Signals and signal patterns Signals as clock abstractions Testing presence and pattern matching over signals State machines and mixed designs Weak and strong preemption ABRO and modular reset

13 Contents Local definitions to a state Communication between states and shared memory Resumeorresetastate Parametrized state machines Combining state machines and signals Recursion and non-real-time features Two classical examples The inverted pendulum A heater Discussion Functional reactive programming and circuit description languages Lucid Synchrone as a prototyping language Conclusion Acknowledgment Bibliography Chapter 8. Verification of Real-Time Probabilistic Systems Marta KWIATKOWSKA, Gethin NORMAN, David PARKER and Jeremy SPROSTON 8.1. Introduction Probabilistic timed automata Preliminaries Syntax of probabilistic timed automata Modeling with probabilistic timed automata Semantics of probabilistic timed automata Probabilistic reachability and invariance Model checking for probabilistic timed automata Theregiongraph Forward symbolic approach Symbolic state operations Computing maximum reachability probabilities Backward symbolic approach Symbolic state operations Probabilistic until Computing maximum reachability probabilities Computing minimum reachability probabilities Digital clocks Expected reachability Integral semantics Case study: the IEEE FireWire root contention protocol Overview Probabilistic timed automata model Model checking statistics

14 12 Modeling and Verification of Real-Time Systems Performance analysis Conclusion Bibliography Chapter 9. Verification of Probabilistic Systems Methods and Tools Serge HADDAD and Patrice MOREAUX 9.1. Introduction Performance evaluation of Markovian models A stochastic model of discrete event systems Discrete-time Markov chains Presentation Transient and steady-state behaviors of DTMC Continuous-time Markov chains Presentation Transient and steady-state behaviors of CTMC High level stochastic models Stochastic Petri nets with general distributions Choice policy Servicepolicy Memory policy GLSPN with exponential distributions Performance indices of SPN Overview of models and methods in performance evaluation TheGreatSPNtool Supported models Qualitative analysis of Petri nets Performance analysis of stochastic Petri nets Softwarearchitecture Probabilistic verification of Markov chains Limits of standard performance indices A temporal logic for Markov chains Verificationalgorithms Overview of probabilistic verification of Markov chains The ETMCC tool Language of system models Language of properties Computed results Softwarearchitecture Markov decision processes Presentation of Markov decision processes A temporal logic for Markov decision processes Verificationalgorithms Overview of verification of Markov decision processes

15 Contents ThePRISMtool Language of system models Properties language Computed results Softwarearchitecture Bibliography Chapter 10. Modeling and Verification of Real-Time Systems using the IF Toolset Marius BOZGA, Susanne GRAF, Laurent MOUNIER and Iulian OBER Introduction Architecture TheIFnotation Functional features Non-functional features Expressing properties with observers TheIFtools Core components Static analysis Validation TranslatingUMLtoIF UML modeling The principles of the mapping from UML to IF AnoverviewonusesofIFincasestudies Case study: the Ariane 5 flight program OverviewoftheAriane5flightprogram Verification of functional properties Verification of non-functional properties Modular verification and abstraction Conclusion Bibliography Chapter 11. Architecture Description Languages: An Introduction to the SAE AADL Anne-Marie DÉPLANCHE and Sébastien FAUCOU Introduction Main characteristics of the architecture description languages ADLs and real-time systems Requirement analysis Architecturalviews Outline of related works The AADL language An overview of the AADL