Specification and verification of time requirements with CCSL and Esterel

The UML Profile for Modeling and Analysis of Real-Time and Embedded (MARTE) systems has recently been adopted by the OMG. Its Time Model extends the informal and simplistic Simple Time package proposed by UML2 and offers a broad range of capabilities required to model real-time systems including discrete/dense and chronometric/logical time. MARTE OMG specification introduces a Time Structure inspired by Time models of the concurrency theory and proposes a new clock constraint specification language (CCSL) to specify, within the context of UML, logical and chronometric time constraints. This paper introduces the formal semantics of a fundamental subset of CCSL clock constraints and proposes a process to use CCSL both as a high-level specification language for UML models and as a golden model to verify the conformance of implementations with the specification. A digital filtering video application is used as a running example to support the discussion. The application is first formally specified with CCSL and the specification is refined based on feedback from our CCSL-dedicated simulator. In a second phase, an Esterel program of the application is considered. This program is instrumented with observers derived from the CCSL specification. Esterel Studio formal verification facilities are then used to check the conformity of the Esterel implementation with the CCSL specification. A specific library of Esterel observers has been built for this purpose.

[1]  Stephen A. Edwards,et al.  The synchronous languages 12 years later , 2003, Proc. IEEE.

[2]  Wolfgang Reisig Petri Nets: An Introduction , 1985, EATCS Monographs on Theoretical Computer Science.

[3]  Charles André Representation and Analysis of Reactive Behaviors: A Synchronous Approach , 2000 .

[4]  Edward A. Lee,et al.  Taming heterogeneity - the Ptolemy approach , 2003, Proc. IEEE.

[5]  Frédéric Boulanger,et al.  Simulation of Multi-Formalism Models with ModHel'X , 2008, 2008 1st International Conference on Software Testing, Verification, and Validation.

[6]  Robert de Simone,et al.  Modeling time(s) , 2007, MODELS'07.

[7]  Albert Benveniste,et al.  programmi language and its , 2001 .

[8]  Edward A. Lee,et al.  A framework for comparing models of computation , 1998, IEEE Trans. Comput. Aided Des. Integr. Circuits Syst..

[9]  Philip Meir Merlin,et al.  A study of the recoverability of computing systems. , 1974 .

[10]  Leslie Lamport,et al.  Time, clocks, and the ordering of events in a distributed system , 1978, CACM.

[11]  Nicolas Halbwachs,et al.  Synchronous Programming of Reactive Systems , 1992, CAV.

[12]  Stephen A. Edwards,et al.  Compiling Esterel , 2007 .

[13]  Guoliang Zheng,et al.  Timing Analysis of UML Activity Diagrams , 2001, UML.

[14]  Tim Weilkiens,et al.  Systems engineering with SysML / UML - modeling, analysis, design , 2007 .

[15]  Charles André,et al.  Computing SyncCharts Reactions , 2004, SLAP.

[16]  Harald Störrle,et al.  Semantics and Verification of Data Flow in UML 2.0 Activities , 2005, VLFM.

[17]  Stephen A. Edwards,et al.  The Synchronous Languages Twelve Years Later , 1997 .

[18]  Kenneth L. McMillan,et al.  Interpolation and SAT-Based Model Checking , 2003, CAV.

[19]  Frédéric Mallet Clock constraint specification language: specifying clock constraints with UML/MARTE , 2008, Innovations in Systems and Software Engineering.

[20]  Amir Pnueli,et al.  A discrete-time UML semantics for concurrency and communication in safety-critical applications , 2005, Sci. Comput. Program..

[21]  Éric Rutten,et al.  Modeling statecharts and activitycharts as signal equations , 2001, TSEM.

[22]  C. A. Petri,et al.  Concurrency Theory , 1986, Advances in Petri Nets.

[23]  Gérard Berry,et al.  The foundations of Esterel , 2000, Proof, Language, and Interaction.

[24]  Frédéric Mallet,et al.  On the Semantics of UML/MARTE Clock Constraints , 2009, 2009 IEEE International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing.

[25]  Mary Sheeran,et al.  Checking Safety Properties Using Induction and a SAT-Solver , 2000, FMCAD.

[26]  Marc Pouzet,et al.  N-synchronous Kahn networks: a relaxed model of synchrony for real-time systems , 2006, POPL '06.