基于时间抽象状态机的AADL模型验证

提出了一种基于时间抽象状态机(timed abstract state machine,简称TASM)的AADL(architecture analysis and design language)模型验证方法.分别给出了AADL子集和TASM的抽象语法,并基于语义函数和类ML的元语言形式定义转换规则.在此基础上,基于AADL开源建模环境OSATE(open source AADL tool environment)设计并实现了AADL模型验证与分析工具AADL2TASM,并基于航天器导航、制导与控制系统(guidance,navigation and control)进行了实例性验证.     

复杂嵌入式实时系统体系结构设计与分析语言:AADL

首先归纳了AADL(architecture analysis and design language)的发展历程及其主要建模元素.其次,从模型驱动设计与实现的角度综述了AADL在不同阶段的研究与应用,总结了研究热点,分析了现有研究的不足,并对AADL的建模与分析工具、应用实践进行了概述.最后,探讨了AADL的发展与研究方向.     

复杂嵌入式实时系统体系结构设计与分析语言:AADL

首先归纳了AADL(architecture analysis and design language)的发展历程及其主要建模元素.其次,从模型 驱动设计与实现的角度综述了AADL 在不同阶段的研究与应用,总结了研究热点,分析了现有研究的不足,并对 AADL 的建模与分析工具、应用实践进行了概述.最后,探讨了AADL 的发展与研究方向.     

AADL进程子集行为语义研究

AADL是一种基于组件的半形式化建模语言,采用结构化方法对大型复杂软件系统的软硬件进行统一建模,有效描述系统的功能行为、非功能属性以及运行时的体系结构动态演化,但其许多问题需要进一步研究与完善。本文首先分析了AADL形式语义研究现状,然后定义了AADL进程子集的形式语言,建立了AADL进程子集通信模型,通过对事件的形式化定义和分析体现了事件在系统状态转变过程中的重要作用,对AADL进程子集行为语义进行了研究。与相关研究成果的对比说明了本文的优势。本文为AADL语言及其形式语义的发展提供了一种有益的参考,进一步完善大型复杂软件系统体系结构建模与分析技术。     

一种结合AADL和IMC的系统可靠性建模方法

随着嵌入式软件在安全关键领域广泛应用,系统可靠性随着其规模、复杂度和性能需求的不断提升而愈显重要。结构分析设计语言AADL是应用于嵌入式领域的体系结构建模、分析和验证的重要手段。由于AADL是一种半形式化模型,需要精确描述其语义才能进行定量分析。提出一种基于AADL的系统可靠性建模方法。首先,结合AADL模型和AADL错误模型附件,得到AADL可靠性模型;然后,提出一种模型转换方法,将AADL可靠性模型的基本元素和错误传播等特殊元素转换到交互式马尔科夫链模型IMC,进行可靠性定量分析;最后,结合法国空中交通控制系统的实例,证明该方法的可行性和有效性。     

采用AADL的软件系统可靠性建模与评估方法

结构分析与设计语言(architecture analysis and design language,AADL)是应用于嵌入式领域的体系结构建模、分析和验证的重要手段。针对系统可靠性随着其规模、复杂度和性能需求的不断提升而愈显突出的问题,给出了一个基于AADL的软件系统可靠性建模与评估框架:首先建立AADL可靠性模型,然后将其转换为广义随机Petri网(generalized stochastic Petri net,GSPN)模型后再进行分析,最后根据分析结果判断是否需要进行模型改进。在研究已有的基本转换规则的基础上,重点讨论了系统中组件之间错误传播以及表示系统发生模式转换的Guard_Transition属性到GSPN的转换规则。以某飞行控制系统中数据发送和处理单元为实例,验证了所提转换规则和可靠性建模与评估框架的有效性。     

使用延时演算的时间化RSL的指称语义

使用扩展的持续时间演算(EDC)模型,给出了时间化的RAISE描述语言(RSL)的一个子集的指称语义.在扩展的持续时间演算模型中加入了一些新的特征,并探究了它们的代数定律.这些定律在形式化实时程序和验证实时性质中起着重要作用.最后还给出了时间化RSL的一些代数定律.这些定律可以从其指称语义证明,并用于程序的转化和优化.     

一种SysML模型到AADL模型的自动转换方法

安全关键系统的实现需要通过需求、设计、集成、验证和测试等多个阶段。近年来,模型驱动开发方法逐渐成为安全关键系统设计与开发的重要手段。由于还没有一个建模语言能够支持整个安全关键系统开发生命周期,因此选择集成使用2种广泛使用的标准语言:系统建模语言(SysML)和嵌入式实时系统体系结构分析与设计语言(AADL)。SysML和AADL提供了同一系统的2个不同视图,SysML模型为系统工程师提供了一个系统视图,AADL为架构设计师建立一个较低层次的设计视图,它结合了实现所有功能的硬件、操作系统和代码。提出一种SysML模型到AADL模型的自动转换方法。首先,定义SysML子集SubSysML,主要包括模块定义图(BDD)、内部模块图(IBD)、活动图(ACT)子集和从IBD和BDD扩展的AADL Profile;其次,定义SubSysML到AADL的转换规则并设计转换算法;然后,对生成的AADL初始模型进行精化;最后,使用EMF框架技术实现SubSysML到AADL的模型转换工具并通过雷达案例验证所提方法的有效性。     

基于UPPAAL的AADL模型可调度性验证

针对体系结构分析设计语言(AADL)模型的可调度性验证问题,提出了利用模型检测工具UPPAAL对其线程组件在非抢占型调度策略下的可调度性进行形式化分析和验证的方法,并实现了从AADL模型到UPPAAL中模型的模型转换工具。实验结果证明了通过UPPAAL来分析和验证AADL模型的可调度性问题的可行性。相比其他方法而言,基于形式化理论的本方法的验证结果更加精确。     

一个基于形式化方法的系统安全性建模分析实例研究

随着安全关键性系统的日益复杂,如何提高安全关键系统的安全性成为急需解决的问题.基于形式化模型的复杂系统设计与分析是一种重要的安全性分析方法.本文工作对AIR6110标准中的机轮刹车实例系统进行了基于形式化方法的安全性分析研究,包括:在系统模型设计层级对机轮刹车系统(WBS)的架构进行层次化分析,将自然语言描述的WBS系统功能用形式化语言(AADL的子集SLIM)进行严格的建模描述,消除AIR6110标准中自然语言描述存在的需求语义的二义性,从而建立了WBS系统的形式化模型;考虑系统可能发生的故障并设计多种类的故障模式,基于这些故障模式对建立的形式化功能模型进行失效行为语义的扩展,然后对获得的扩展系统模型进行安全性分析.实例分析论证了基于模型的安全性分析方法在工业系统中的有效性和实用性.     

基于ASM的元模型形式化语义的研究*

提出一种在模型驱动开发过程中的形式化语义描述方法。该方法利用元建模技术,形式化地描述了元模型及其语义间的映射关系,以提供精确的语义描述,从而为模型驱动开发提供有力的支持。将描述框架用于模型转换规则的定义以及元模型的分析与验证,并以简单Petri网为例,说明该方法可以有效地支持模型转换和代码生成。     

AADL+: a simulation-based methodology for cyber-physical systems

AADL (architecture analysis and design language) concentrates on the modeling and analysis of application system architectures. It is quite popular for its simple syntax, powerful functionality and extensibility and has been widely applied in embedded systems for its advantage. However, it is not enough for AADL to model cyber-physical systems (CPS) mainly because it cannot be used to model the continuous dynamic behaviors. This paper proposes an approach to construct a new sublanguage of AADL called AADL+, to facilitate the modeling of not only the discrete and continuous behavior of CPS, but also interaction between cyber components and physical components. The syntax and semantics of the sublanguage are provided to describe the behaviors of the systems. What’s more, we develop a plug-in to OSATE (open-source AADL tool environment) for the modeling of CPS. And the plug-in supports syntax checking and simulation of the system model through linking with modelica. Finally, the AADL+ annex is successfully applied to model a lunar rover control system.     

Exploring system architectures in AADL via Polychrony and SynDEx

Architecture analysis & design language (AADL) has been increasingly adopted in the design of embedded systems, and corresponding scheduling and formal verification have been well studied. However, little work takes code distribution and architecture exploration into account, particularly considering clock constraints, for distributed multi-processor systems. In this paper, we present an overview of our approach to handle these concerns, together with the associated toolchain, AADL-Polychrony-SynDEx. First, in order to avoid semantic ambiguities of AADL, the polychronous/multiclock semantics of AADL, based on a polychronous model of computation, is considered. Clock synthesis is then carried out in Polychrony, which bridges the gap between the polychronous semantics and the synchronous semantics of SynDEx. The same timing semantics is always preserved in order to ensure the correctness of the transformations between different formalisms. Code distribution and corresponding scheduling is carried out on the obtained SynDEx model in the last step, which enables the exploration of architectures originally specified in AADL. Our contribution provides a fast yet efficient architecture exploration approach for the design of distributed real-time and embedded systems. An avionic case study is used here to illustrate our approach.     

AADL建模工具的设计

设计一种架构分析与设计语言(AADL)建模工具,便于用户建立AADL模型.基于模型驱动体系结构思想,在Eclipse插件开发平台上开发可扩展的插件集合AADL模型设计工具.用户根据该工具建立的嵌入式系统AADL架构模型,通过XML文档保存,分析与验证工具以第三方插件的形式集成到该工具中,提取系统的AADL架构模型.通过应用实例验证了该工具的有效性.     

Automated formal verification of visual modeling languages by model checking

Graph transformation has recently become more and more popular as a general, rule-based visual specification paradigm to formally capture (a) requirements or behavior of user models (on the model-level), and (b) the operational semantics of modeling languages (on the meta-level) as demonstrated by benchmark applications around the Unified Modeling Language (UML). The current paper focuses on the model checking-based automated formal verification of graph transformation systems used either on the model-level or meta-level. We present a general translation that inputs (i) a metamodel of an arbitrary visual modeling language, (ii) a set of graph transformation rules that defines a formal operational semantics for the language, and (iii) an arbitrary well-formed model instance of the language and generates a transitions system (TS) that serve as the underlying mathematical specification formalism of various model checker tools. The main theoretical benefit of our approach is an optimization technique that projects only the dynamic parts of the graph transformation system into the target transition system, which results in a drastical reduction in the state space. The main practical benefit is the use of existing back-end model checker tools, which directly provides formal verification facilities (without additional efforts required to implement an analysis tool) for many practical applications captured in a very high-level visual notation. The practical feasibility of the approach is demonstrated by modeling and analyzing the well-known verification benchmark of dining philosophers both on the model and meta-level.     

UML2.0顺序图的形式化研究

在UML2.0规范中顺序图的语义仍然是以自然语言的形式描述的,为实现对顺序图的自动化分析和验证,必须为顺序图定义一种形式化的语义模型.为此首先给出了UML顺序图的一种符合BNF范式的形式化语法,然后为该语法中的非终止符定义转换规则,将UML顺序图中的基本动作转换为加标Petri网组件,最后定义了各种合成操作,利用这些合成操作可以将UML顺序图的加标Petri网组件转换为加标Petni网.     

嵌入式软件系统体系结构可靠性分析方法

AADL是嵌入式领域对SA进行建模、评估的常用方法,但其属于一种半形式化开发语言,无法直接对SA的可靠性进行验证。为此,提出一种基于AADL的可靠性分析框架,对SA的可靠性进行形式化验证。首先通过分析系统体系结构的元素关系,建立AADL可靠性模型;然后设计转换模型及其规则,将AADL模型转换为连续时间马尔科夫链模型;最后采用概率模型检验工具对连续时间马尔科夫链模型进行可靠性定量分析。仿真结果表明,与现有可靠性分析方法相比,该方法在计算效率和转换效率上都有明显的提高。基于AADL的可靠性分析框架实现在软件系统开发早期对SA进行可靠性定量计算,为AADL在嵌入式软件系统可靠性定量分析方面提供了一种新的验证思路。     

基于CSP的OWL-S语义分析与建模

为了实现OWL-S过程模型正确性的自动化验证,提出了基于进程代数CSP的OWL-S过程模型的语义建模方法,建立了CSP的形式化语义模型,并利用该模型为OWL-S过程定义了形式化语义。最后以机票预订为例说明了采用CSP模型为OWL-S过程添加形式化语义的完整流程。由于该方法具备良好的数学基础,所以可以基于该方法开发出自动化验证OWL-S过程模型的工具,提高系统的安全性。     

Towards verification of computation orchestration

Recently, a promising programming model called Orc has been proposed to support a structured way of orchestrating distributed Web Services. Orc is intuitive because it offers concise constructors to manage concurrent communication, time-outs, priorities, failure of Web Services or communication and so forth. The semantics of Orc is precisely defined. However, there is no automatic verification tool available to verify critical properties against Orc programs. Our goal is to verify the orchestration programs (written in Orc language) which invoke web services to achieve certain goals. To investigate this problem and build useful tools, we explore in two directions. Firstly, we define a Timed Automata semantics for the Orc language, which we prove is semantically equivalent to the operational semantics of Orc. Consequently, Timed Automata models are systematically constructed from Orc programs. The practical implication is that existing tool supports for Timed Automata, e.g., Uppaal, can be used to simulate and model check Orc programs. An experimental tool has been implemented to automate this approach. Secondly, we start with encoding the operational semantics of Orc language in Constraint Logic Programming (CLP), which allows a systematic translation from Orc to CLP. Powerful constraint solvers like CLP \({(\mathcal{R})}\) are then used to prove traditional safety properties and beyond, e.g., reachability, deadlock-freeness, lower or upper bound of a time interval, etc. Counterexamples are generated when properties are not satisfied. Furthermore, the stepwise execution traces can be automatically generated as the simulation steps. The two different approaches give an insight into the verification problem of Web Service orchestration. The Timed Automata approach has its merits in visualized simulation and efficient verification supported by the well developed tools. On the other hand, the CPL approach gives better expressiveness in both modeling and verification. The two approaches complement each other, which gives a complete solution for the simulation and verification of Computation Orchestration.