Modelling and analysis of broadcasting embedded control systems

This paper introduces a framework for the development, modelling and analysis of distributed, real-time control systems which communicate using the deterministic broadcast communication protocol, CAN. We adopt a hierarchical approach in which system designs are expressed in the high-level, Ada-like, language, CANDLE, which is given a timed transition semantics by translation to a base language, bCANDLE (pronounced “basic candle”) which is a simple but expressive process language with a value passing, broadcast communication primitive, message priorities and an explicit time construct. (4 pages)

[1]  Robert M. Keller,et al.  Formal verification of parallel programs , 1976, CACM.

[2]  Wang Yi,et al.  Uppaal in a nutshell , 1997, International Journal on Software Tools for Technology Transfer.

[3]  Marius Bozga,et al.  State space reduction based on live variables analysis , 1999, Sci. Comput. Program..

[4]  R. Bellman Dynamic programming. , 1957, Science.

[5]  S. Ramesh,et al.  Communicating reactive processes , 1993, POPL '93.

[6]  Theo C. Ruys,et al.  The Bounded Retransmission Protocol Must Be on Time! , 1997, TACAS.

[7]  Frank Huch,et al.  Verification of Erlang programs using abstract interpretation and model checking , 1999, ICFP '99.

[8]  Marius Bozga,et al.  IF: An Intermediate Representation and Validation Environment for Timed Asynchronous Systems , 1999, World Congress on Formal Methods.

[9]  Natarajan Shankar,et al.  Abstract and Model Check While You Prove , 1999, CAV.

[10]  Jean-Raymond Abrial,et al.  The B-book - assigning programs to meanings , 1996 .

[11]  Andrew S. Tanenbaum,et al.  Modern Operating Systems , 1992 .

[12]  Thomas A. Henzinger,et al.  Symbolic Model Checking for Real-Time Systems , 1994, Inf. Comput..

[13]  Nicolas Halbwachs,et al.  Minimal State Graph Generation , 1992, Sci. Comput. Program..

[14]  Yassine Lakhnech,et al.  InVeST: A Tool for the Verification of Invariants , 1998, CAV.

[15]  Stavros Tripakis,et al.  Verification of the fast reservation protocol with delayed transmission using the tool KRONOS , 1998, Proceedings. Fourth IEEE Real-Time Technology and Applications Symposium (Cat. No.98TB100245).

[16]  C. A. R. Hoare,et al.  Communicating sequential processes , 1978, CACM.

[17]  Rob J. van Glabbeek,et al.  The Linear Time - Branching Time Spectrum II , 1993, CONCUR.

[18]  Gerard J. Holzmann,et al.  The Model Checker SPIN , 1997, IEEE Trans. Software Eng..

[19]  J. J. Vereijken,et al.  Discrete-time process algebra , 1997 .

[20]  Robert P. Kurshan,et al.  Computer-Aided Verification of Coordinating Processes: The Automata-Theoretic Approach , 2014 .

[21]  Rajeev Alur,et al.  Model-Checking in Dense Real-time , 1993, Inf. Comput..

[22]  David Harel,et al.  Statecharts: A Visual Formalism for Complex Systems , 1987, Sci. Comput. Program..

[23]  Narain H. Gehani,et al.  Broadcasting Sequential Processes (BSP) , 1984, IEEE Transactions on Software Engineering.

[24]  Pierre Wolper,et al.  Reasoning About Infinite Computations , 1994, Inf. Comput..

[25]  Kim G. Larsen,et al.  Model Checking via Reachability Testing for Timed Automata , 1997, TACAS.

[26]  Amir Pnueli,et al.  Explicit clock temporal logic , 1990, [1990] Proceedings. Fifth Annual IEEE Symposium on Logic in Computer Science.

[27]  Wolfgang A. Halang,et al.  Constructing Predictable Real Time Systems , 1991 .

[28]  David A. Schmidt,et al.  Denotationaisemantics: a methodology for language development , 1986 .

[29]  Rachel Cardell-Oliver,et al.  A Practical and Complete Algorithm for Testing Real-Time Systems , 1998, FTRTFT.

[30]  Edmund M. Clarke,et al.  Design and Synthesis of Synchronization Skeletons Using Branching-Time Temporal Logic , 1981, Logic of Programs.

[31]  Pierre Wolper,et al.  An Automata-Theoretic Approach to Automatic Program Verification (Preliminary Report) , 1986, LICS.

[32]  Natarajan Shankar,et al.  An Integration of Model Checking with Automated Proof Checking , 1995, CAV.

[33]  José Rufino,et al.  Fault-tolerant broadcasts in CAN , 1998, Digest of Papers. Twenty-Eighth Annual International Symposium on Fault-Tolerant Computing (Cat. No.98CB36224).

[34]  Jcm Jos Baeten,et al.  Discrete-time process algebra with empty process , 1997 .

[35]  Tadao Murata,et al.  Petri nets: Properties, analysis and applications , 1989, Proc. IEEE.

[36]  Hermann Kopetz,et al.  TTP - A time-triggered protocol for fault-tolerant real-time systems , 1993, FTCS-23 The Twenty-Third International Symposium on Fault-Tolerant Computing.

[37]  Wang Yi,et al.  Real-Time Behaviour of Asynchronous Agents , 1990, CONCUR.

[38]  Pierre Wolper,et al.  An automata-theoretic approach to branching-time model checking , 2000, JACM.

[39]  Jim Davies,et al.  Broadcast Communication for Real-time Processes , 1992, FTRTFT.

[40]  Joseph Y. Halpern,et al.  “Sometimes” and “not never” revisited: on branching versus linear time temporal logic , 1986, JACM.

[41]  Thomas Wilke,et al.  Timed Alternating Tree Automata: The Automata-Theoretic Solution to the TCTL Model Checking Problem , 1999, ICALP.

[42]  Hermann Kopetz,et al.  Real-time systems , 2018, CSC '73.

[43]  Rob J. van Glabbeek,et al.  The Linear Time - Branching Time Spectrum I , 2001, Handbook of Process Algebra.

[44]  Tomas Rokicki Representing and modeling digital circuits , 1994 .

[45]  Tommaso Bolognesi,et al.  Timed Process Algebras with Urgent Interactions and a Unique Powerful Binary Operator , 1991, REX Workshop.

[46]  Orna Grumberg,et al.  Model checking and modular verification , 1994, TOPL.

[47]  G. J. Holzmann,et al.  Tracing protocols , 1985, AT&T Technical Journal.

[48]  F. Maraninchi,et al.  Static timing analysis of real-time systems , 1995 .

[49]  Wang Yi,et al.  UPPAAL - a Tool Suite for Automatic Verification of Real-Time Systems , 1996, Hybrid Systems.

[50]  K. V. S. Prasad A Calculus of Broadcasting Systems , 1991, Sci. Comput. Program..

[51]  Aloysius K. Mok,et al.  A Graph-Theoretic Approach for Timing Analysis and its Implementation , 1987, IEEE Transactions on Computers.

[52]  C. A. R. Hoare,et al.  A Calculus of Durations , 1991, Inf. Process. Lett..

[53]  Nancy A. Lynch,et al.  Forward and backward simulations, part II: timing-based systems , 1993 .

[54]  Rajeev Alur,et al.  Minimization of Timed Transition Systems , 1992, CONCUR.

[55]  E. Allen Emerson,et al.  Temporal and Modal Logic , 1991, Handbook of Theoretical Computer Science, Volume B: Formal Models and Sematics.

[56]  David L. Dill,et al.  Approximations for verifying timing properties , 1994 .

[57]  Luca Aceto,et al.  Structural Operational Semantics , 1999, Handbook of Process Algebra.

[58]  Kim G. Larsen,et al.  The power of reachability testing for timed automata , 1998, Theor. Comput. Sci..

[59]  William Henderson,et al.  A formally based hard real-time kernel , 1994, Microprocess. Microsystems.

[60]  Weijia Jia,et al.  Scheduling Hard and Soft Real-Time Communication in the Controller Area Network (CAN) , 1998 .

[61]  Amir Pnueli,et al.  Linear and Branching Structures in the Semantics and Logics of Reactive Systems , 1985, ICALP.

[62]  Amir Pnueli,et al.  Some Progress in the Symbolic Verification of Timed Automata , 1997, CAV.

[63]  Kenneth L. McMillan,et al.  Symbolic model checking: an approach to the state explosion problem , 1992 .

[64]  Thomas A. Henzinger,et al.  You Assume, We Guarantee: Methodology and Case Studies , 1998, CAV.

[65]  Stavros Tripakis,et al.  The Tool KRONOS , 1996, Hybrid Systems.

[66]  Stavros Tripakis,et al.  Analysis of Timed Systems Based on Time-Abstracting Bisimulation , 1996, CAV.

[67]  T. Henzinger The theory of hybrid automata , 1996, LICS 1996.

[68]  Rajeev Alur,et al.  A Theory of Timed Automata , 1994, Theor. Comput. Sci..

[69]  Pravin Varaiya,et al.  What's decidable about hybrid automata? , 1995, STOC '95.

[70]  Howard Wong-Toi,et al.  Automated Analysis of an Audio Control Protocol , 1995, CAV.

[71]  Conrado Daws,et al.  Two examples of verification of multirate timed automata with Kronos , 1995, Proceedings 16th IEEE Real-Time Systems Symposium.

[72]  Moshe Y. Vardi An Automata-Theoretic Approach to Linear Temporal Logic , 1996, Banff Higher Order Workshop.

[73]  Joseph Sifakis,et al.  The Algebra of Timed Processes, ATP: Theory and Application , 1994, Inf. Comput..

[74]  Thomas A. Henzinger,et al.  What Good Are Digital Clocks? , 1992, ICALP.

[75]  Leslie Lamport,et al.  Proving the Correctness of Multiprocess Programs , 1977, IEEE Transactions on Software Engineering.

[76]  Grzegorz Rozenberg,et al.  Real-Time: Theory in Practice: Rex Workshop, Mook, the Netherlands, June 3-7, 1991: Proceedings , 1992 .

[77]  Karlis Cerans,et al.  Decidability of Bisimulation Equivalences for Parallel Timer Processes , 1992, CAV.

[78]  K. V. S. Prasad Broadcasting in Time , 1996, COORDINATION.

[79]  Steve A. Schneider,et al.  An Operational Semantics for Timed CSP , 1995, Inf. Comput..

[80]  Robin Milner,et al.  Communication and concurrency , 1989, PHI Series in computer science.

[81]  Thomas A. Henzinger,et al.  Logics and Models of Real Time: A Survey , 1991, REX Workshop.

[82]  Jozef Hooman Compositional Verification of Real-Time Systems using Extended Hoare Triples , 1991, REX Workshop.

[83]  Cliff B. Jones,et al.  Systematic software development using VDM , 1986, Prentice Hall International Series in Computer Science.

[84]  Thomas A. Henzinger,et al.  HYTECH: a model checker for hybrid systems , 1997, International Journal on Software Tools for Technology Transfer.

[85]  Conrado Daws Optikron: A Tool Suite for Enhancing Model-Checking of Real-Time Systems , 1998, CAV.

[86]  Glenford J. Myers,et al.  Art of Software Testing , 1979 .

[87]  Doron A. Peled,et al.  Sometimes 'Some' is as Good as 'All' , 1992, CONCUR.

[88]  Sharad Malik,et al.  Efficient microarchitecture modeling and path analysis for real-time software , 1995, Proceedings 16th IEEE Real-Time Systems Symposium.

[89]  Stavros Tripakis,et al.  Model Checking of Real-Time Reachability Properties Using Abstractions , 1998, TACAS.

[90]  Thomas A. Henzinger,et al.  Automatic Symbolic Verification of Embedded Systems , 1996, IEEE Trans. Software Eng..

[91]  Wang Yi,et al.  A Compositional Proof of a Real-Time Mutual Exclusion Protocol , 1996, TAPSOFT.

[92]  Pedro R. D'Argenio,et al.  A Calculus for Timed Automata , 1996, FTRTFT.

[93]  Jürgen Dingel,et al.  Model Checking for Infinite State Systems Using Data Abstraction, Assumption-Commitment Style reasoning and Theorem Proving , 1995, CAV.

[94]  Hans Toetenel,et al.  XTG-an engineering approach to modelling and analysis of real-time systems , 1998, Proceeding. 10th EUROMICRO Workshop on Real-Time Systems (Cat. No.98EX168).

[95]  Paul D. Amer,et al.  Broadcast Channels in Estelle , 1991, IEEE Trans. Computers.

[96]  Peter D. Mosses,et al.  Denotational semantics , 1995, LICS 1995.

[97]  Chris Verhoef,et al.  Concrete process algebra , 1995, LICS 1995.

[98]  Stavros Tripakis,et al.  KRONOS: A Model-Checking Tool for Real-Time Systems (Tool-Presentation for FTRTFT '98) , 1998, FTRTFT.

[99]  Robert K. Brayton,et al.  Testing Language Containment for omega-Automata Using BDD's , 1995, Inf. Comput..

[100]  Kim Guldstrand Larsen,et al.  Compositional Model Checking of Real Time Systems , 1995, CONCUR.

[101]  Pao-Ann Hsiung,et al.  Automatic verification on the large , 1998, Proceedings Third IEEE International High-Assurance Systems Engineering Symposium (Cat. No.98EX231).

[102]  Nicolas Halbwachs,et al.  An implementation of three algorithms for timing verification based on automata emptiness , 1992, [1992] Proceedings Real-Time Systems Symposium.

[103]  Edmund M. Clarke,et al.  Symbolic Model Checking: 10^20 States and Beyond , 1990, Inf. Comput..

[104]  Insup Lee,et al.  A process algebraic approach to the specification and analysis of resource-bound real-time systems , 1994, Proc. IEEE.

[105]  Philip Koopman,et al.  Communication Protocols for Embedded Systems , 1994 .

[106]  Amir Pnueli,et al.  On Discretization of Delays in Timed Automata and Digital Circuits , 1998, CONCUR.

[107]  David L. Dill,et al.  Timing Assumptions and Verification of Finite-State Concurrent Systems , 1989, Automatic Verification Methods for Finite State Systems.

[108]  Scott A. Smolka,et al.  Local Model Checking for Real-Time Systems (Extended Abstract) , 1995, CAV.

[109]  A. Prasad Sistla,et al.  Quantitative Temporal Reasoning , 1990, CAV.

[110]  Paulo Veríssimo,et al.  Real-time communication , 1993 .

[111]  Florence Maraninchi,et al.  Operational and Compositional Semantics of Synchronous Automaton Compositions , 1992, CONCUR.

[112]  Gerard J. Holzmann,et al.  A practical method for verifying event-driven software , 1999, Proceedings of the 1999 International Conference on Software Engineering (IEEE Cat. No.99CB37002).

[113]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[114]  Edsger W. Dijkstra,et al.  A Discipline of Programming , 1976 .

[115]  Kim G. Larsen,et al.  CMC: A Tool for Compositional Model-Checking of Real-Time Systems , 1998, FORTE.

[116]  Thomas A. Henzinger,et al.  Real-Time Logics: Complexity and Expressiveness , 1993, Inf. Comput..

[117]  Farn Wang,et al.  Symbolic model checking for event-driven real-time systems , 1993, 1993 Proceedings Real-Time Systems Symposium.

[118]  Joseph Sifakis,et al.  An Overview and Synthesis on Timed Process Algebras , 1991, CAV.

[119]  Conrado Daws,et al.  Reducing the number of clock variables of timed automata , 1996, RTSS.

[120]  Gérard Berry,et al.  The Esterel Synchronous Programming Language: Design, Semantics, Implementation , 1992, Sci. Comput. Program..

[121]  Nancy A. Lynch,et al.  Forward and Backward Simulations: I. Untimed Systems , 1995, Inf. Comput..

[122]  Ron Koymans,et al.  (Real) Time: A Philosophical Perspective , 1991, REX Workshop.

[123]  Leslie Lamport,et al.  "Sometime" is sometimes "not never": on the temporal logic of programs , 1980, POPL '80.

[124]  Joseph Sifakis,et al.  Use of Petri nets for performance evaluation , 1977, Acta Cybern..

[125]  Howard Wong-Toi,et al.  Symbolic approximations for verifying real-time systems , 1995 .

[126]  Mathai Joseph,et al.  Problems, Promises and Performance: Some Questions for Real-time System Specification , 1991, REX Workshop.

[127]  Stavros Tripakis,et al.  On-the-fly symbolic model checking for real-time systems , 1997, Proceedings Real-Time Systems Symposium.

[128]  Rance Cleaveland,et al.  The concurrency workbench: a semantics-based tool for the verification of concurrent systems , 1993, TOPL.

[129]  Sergio Yovine,et al.  Model Checking Timed Automata , 1996, European Educational Forum: School on Embedded Systems.

[130]  Amir Pnueli,et al.  Data-Structures for the Verification of Timed Automata , 1997, HART.

[131]  Wolfgang A. Halang Contemporary computers considered inappropriate for real-time control , 1993 .

[132]  Simon L. Peyton Jones,et al.  Concurrent Haskell , 1996, POPL '96.

[133]  Gerard J. Holzmann,et al.  A minimized automaton representation of reachable states , 1999, International Journal on Software Tools for Technology Transfer.

[134]  C. A. R. Hoare,et al.  A Theory of Communicating Sequential Processes , 1984, JACM.

[135]  Amir Pnueli,et al.  Timed and Hybrid Statecharts and Their Textual Representation , 1992, FTRTFT.

[136]  Kim G. Larsen,et al.  Formal modeling and analysis of an audio/video protocol: an industrial case study using UPPAAL , 1997, Proceedings Real-Time Systems Symposium.

[137]  Conrado Daws,et al.  Verifying ET-LOTOS programmes with KRONOS , 1994, FORTE.

[138]  Robert K. Brayton,et al.  Verifying Abstractions of Timed Systems , 1996, CONCUR.

[139]  Gerard J. Holzmann,et al.  An Analysis of Bitstate Hashing , 1995, Formal Methods Syst. Des..

[140]  Joseph Sifakis,et al.  Property preserving abstractions for the verification of concurrent systems , 1995, Formal Methods Syst. Des..

[141]  Thomas A. Henzinger,et al.  Using HyTech to Synthesize Control Parameters for a Steam Boiler , 1995, Formal Methods for Industrial Applications.

[142]  James C. Corbett,et al.  Timing Analysis of Ada Tasking Programs , 1996, IEEE Trans. Software Eng..

[143]  F. Jahanian,et al.  Semantics of Modechart in real time logic , 1988, [1988] Proceedings of the Twenty-First Annual Hawaii International Conference on System Sciences. Volume II: Software track.

[144]  William Henderson,et al.  Designing and Implementing Correct Real-Time Systems , 1994, FTRTFT.

[145]  Andy J. Wellings,et al.  Analysing real-time communications: controller area network (CAN) , 1994, 1994 Proceedings Real-Time Systems Symposium.

[146]  Nicolas Halbwachs,et al.  Programming and Verifying Real-Time Systems by Means of the Synchronous Data-Flow Language LUSTRE , 1992, IEEE Trans. Software Eng..

[147]  Wang Yi,et al.  Partial Order Reductions for Timed Systems , 1998, CONCUR.

[148]  Jean-Pierre Courtiat,et al.  An Experiment in using RT-LOTOS for the Formal Specification and Verification of a Distributed Scheduling Algorithm in a Nuclear Power Plant Monitoring System , 1997, FORTE.

[149]  Gerard J. Holzmann,et al.  Algorithms for Automated Protocol Validation , 1988 .

[150]  Jeffrey D. Ullman,et al.  Introduction to Automata Theory, Languages and Computation , 1979 .

[151]  Randal E. Bryant,et al.  Graph-Based Algorithms for Boolean Function Manipulation , 1986, IEEE Transactions on Computers.

[152]  C. A. R. Hoare,et al.  An axiomatic basis for computer programming , 1969, CACM.

[153]  Thomas A. Henzinger,et al.  The Algorithmic Analysis of Hybrid Systems , 1995, Theor. Comput. Sci..

[154]  Gerard J. Holzmann,et al.  State-space caching revisited , 1995, Formal Methods Syst. Des..

[155]  Karsten Stahl,et al.  Divide, Abstract, and Model-Check , 1999, SPIN.

[156]  Edmund M. Clarke,et al.  Model checking and abstraction , 1994, TOPL.

[157]  Florence Pagani,et al.  Partial Orders and Verification of Real-Time systems , 1996, FTRTFT.

[158]  Patrice Godefroid,et al.  Model checking for programming languages using VeriSoft , 1997, POPL '97.

[159]  Amir Pnueli,et al.  Modularization and Abstraction: The Keys to Practical Formal Verification , 1998, MFCS.

[160]  Ruurd Kuiper,et al.  Partial-order Reduction Techniques for Real-time Model Checking , 1998, Formal Aspects of Computing.

[161]  Paola Inverardi,et al.  On the Relationships among four Timed Process Algebras , 1999, Fundam. Informaticae.

[162]  Faron Moller,et al.  A Temporal Calculus of Communicating Systems , 1990, CONCUR.

[163]  Joseph Sifakis,et al.  Compiling Real-Time Specifications into Extended Automata , 1992, IEEE Trans. Software Eng..

[164]  A. Benzekri,et al.  Controller area network: a formal case study , 1997, Proceedings 1997 IEEE International Workshop on Factory Communication Systems. WFCS'97.

[165]  David Lee,et al.  Online minimization of transition systems (extended abstract) , 1992, STOC '92.

[166]  David A. Schmidt,et al.  Program Analysis as Model Checking of Abstract Interpretations , 1998, SAS.

[167]  William Henderson,et al.  bCANDLE: formal modelling and analysis of CAN control systems , 1998, Proceedings. Fourth IEEE Real-Time Technology and Applications Symposium (Cat. No.98TB100245).

[168]  Felice Balarin,et al.  Approximate reachability analysis of timed automata , 1996, 17th IEEE Real-Time Systems Symposium.

[169]  Pierre Wolper The meaning of “formal”: from weak to strong formal methods , 1997, International Journal on Software Tools for Technology Transfer.

[170]  Randal E. Bryant,et al.  Symbolic Boolean manipulation with ordered binary-decision diagrams , 1992, CSUR.

[171]  Stavros Tripakis,et al.  Extending Promela and Spin for Real Time , 1996, TACAS.

[172]  Amir Pnueli,et al.  The temporal logic of programs , 1977, 18th Annual Symposium on Foundations of Computer Science (sfcs 1977).

[173]  Jian Shen,et al.  On Combining Formal and Informal Verification , 1997, CAV.

[174]  José Rufino,et al.  Fault-tolerant clock synchronization in CAN , 1998, Proceedings 19th IEEE Real-Time Systems Symposium (Cat. No.98CB36279).

[175]  Ulrich Golze VLSI Chip Design with the Hardware Description Language VERILOG , 1996, Springer Berlin Heidelberg.

[176]  Rajeev Alur,et al.  Timing Analysis in COSPAN , 1996, Hybrid Systems.

[177]  Jörg Kaiser,et al.  A Total Ordering Scheme for Real-Time Multicasts in CAN , 1999 .