Entwurf eingebetteter Software mit abstrakten Zustandsmaschinen und Business Object Notation

The ever increasing presence of information technology along with the pervasion of hardware and software into everyday life boosts the need for engineering methods and tools for the development of high quality embedded systems. This trend is further amplified by the rising complexity of such systems and their usage for safety critical tasks. However, classical software engineering methods lack support for the peculiarities of embedded systems. This thesis therefore extends these methods with support for verification and requirements that arise through interaction with the physical world. Abstract state machines (ASMs) are used for functional modeling and extended with an abstract notion for feedback control algorithms by utilizing non-deterministic choose. For their verification this thesis presents a novel approach to model checking ASMs that directly supports them by utilizing their notion of run. The simulator CoreASM is adapted to branch into all possible successor states and integrated into the model checker [mc]square. On the one hand, this enables the approach to present counterexamples and witnesses directly as sequences of ASM states, to be easily extendable, and at the same time supports the whole CoreASM syntax. On the other hand, it suffers from the simulator’s design that was built with the goals of comprehensiveness and extendibility in mind and hence is not optimized for performance in a model checker. The Business Object Notation (BON) is used for structural modeling and extended with the representation of concurrent classes. Requirements that arise through the execution of the embedded system on a physical platform are represented in preconditions while those that arise through reactions to the physical environment are modeled in postconditions. The former is only useful for short methods. While ASMs can easily be transformed into an implementation, timed and concurrent BON models need an extra runtime environment for a semi-automatic translation. Therefore, simple concurrent object-oriented programming (SCOOP) is implemented on a real-time operating system and extended with the runtime checking of time assertions in postconditions. Because of the unpredictability of runtimes it is only practical for soft real-time systems and improves the system’s reusability at the expense of its resource usage. For evaluating the approach an adaptive cruise control which includes two closed loop controllers, interaction with the environment via sensors and actuators, time requirements, and safety critical functions is successfully implemented.

[1]  Denis Caromel,et al.  Toward a method of object-oriented concurrent programming , 1993, CACM.

[2]  Thomas A. Henzinger,et al.  Timed Interfaces , 2002, EMSOFT.

[3]  Gerard J. Holzmann,et al.  The Model Checker SPIN , 1997, IEEE Trans. Software Eng..

[4]  Egon Börger,et al.  A Logical Operational Semantics of Full Prolog Part III: Built-in Predicates for Files, Terms, Arithmetic and Input-Output , 1990, IWBS Report.

[5]  B. O. Gallmeister,et al.  POSIX.4 - programming for the real world , 1995 .

[6]  Thomas A. Henzinger,et al.  INTERFACE-BASED DESIGN , 2005 .

[7]  Thomas Lindner,et al.  Task Description , 1995, Formal Development of Reactive Systems.

[8]  Margus Veanes,et al.  Testing Concurrent Object-Oriented Systems with Spec Explorer , 2005, FM.

[9]  Doug Lea,et al.  Concurrent programming in Java - design principles and patterns , 1996, Java series.

[10]  Egon Brger,et al.  Formal de nition of an abstract VHDL''''93 simulator by EA - machines , 1995 .

[11]  Kirsten Winter,et al.  Towards a Methodology for Model Checking ASM: Lessons Learned from the FLASH Case Study , 2000, Abstract State Machines.

[12]  Henry Lieberman,et al.  A real-time garbage collector based on the lifetimes of objects , 1983, CACM.

[13]  Yuri Gurevich,et al.  Algorithms in the world of bounded resources , 1988 .

[14]  Bertrand Meyer,et al.  Eiffel: A language and environment for software engineering , 1988, J. Syst. Softw..

[15]  Michael Compton,et al.  A Run-time System for SCOOP , 2002, J. Object Technol..

[16]  Andreas Prinz,et al.  Formal Definition of SDL-2000 - Compiling and Running SDL Specifications as ASM Models , 2001, Journal of universal computer science (Online).

[17]  Manfred Broy,et al.  Engineering Automotive Software , 2007, Proceedings of the IEEE.

[18]  Butler W. Lampson,et al.  Notes on the design of Euclid , 1977 .

[19]  Robert Eschbach,et al.  A Termination Detection Algorithm: Specification and Verification , 1999, World Congress on Formal Methods.

[20]  Karine Arnout,et al.  The .NET Contract Wizard: adding Design by Contract to languages other than Eiffel , 2001, Proceedings 39th International Conference and Exhibition on Technology of Object-Oriented Languages and Systems. TOOLS 39.

[21]  Michael Philippsen A survey of concurrent object-oriented languages , 2000 .

[22]  Angelo Gargantini,et al.  A Concrete Syntax Derived From the Abstract State Machine Metamodel , 2005, Abstract State Machines.

[23]  Egon Börger,et al.  A Formal Specification of the PVM Architecture , 1994, IFIP Congress.

[24]  Egon Börger,et al.  A formal method for provably correct composition of a real-life processor out of basic components. (The APE100 Reverse Engineering Study) , 1995, Proceedings of First IEEE International Conference on Engineering of Complex Computer Systems. ICECCS'95.

[25]  George Robert Blakley A Smalltalk evolving algebra and its uses. , 1992 .

[26]  Thomas A. Henzinger,et al.  Interface automata , 2001, ESEC/FSE-9.

[27]  Wang Yi,et al.  Uppaal in a nutshell , 1997, International Journal on Software Tools for Technology Transfer.

[28]  Bertrand Meyer,et al.  Applying 'design by contract' , 1992, Computer.

[29]  Johan Lewi,et al.  A Linear Local Model Checking Algorithm for CTL , 1993, CONCUR.

[30]  Matthias Anlauff,et al.  XASM - An Extensible, Component-Based ASM Language , 2000, Abstract State Machines.

[31]  Stefan Kowalewski,et al.  Applying Model Checking to an Automotive Microcontroller Application , 2007, 2007 International Symposium on Industrial Embedded Systems.

[32]  Egon Börger,et al.  A Practical Method for Rigorously Controllable Hardware Design , 1997, ZUM.

[33]  Stefan Van Baelen,et al.  Embedded software development: Components and contracts , 2001 .

[34]  Kirsten Winter,et al.  Model Checking Support for the ASM High-Level Language , 2000, TACAS.

[35]  Edward A. Lee,et al.  What's Ahead for Embedded Software? , 2000, Computer.

[36]  Edmund M. Clarke,et al.  Characterizing Correctness Properties of Parallel Programs Using Fixpoints , 1980, ICALP.

[37]  Bertrand Meyer,et al.  Concurrent object-oriented programming on .NET , 2003, IEE Proc. Softw..

[38]  Yuri Gurevich,et al.  The Railroad Crossing Problem: An Experiment with Instantaneous Actions and Immediate Reactions , 1995, CSL.

[39]  Wolfram Hardt,et al.  Towards a Unified Analysis Methodology of HW/SW Systems based on Abstract State Machines: Modelling of Instruction Sets , 1998, MBMV.

[40]  Klaus Schneider,et al.  Verification of Reactive Systems: Formal Methods and Algorithms , 2003 .

[41]  Gul A. Agha,et al.  Concurrent object-oriented programming , 1993, CACM.

[42]  Elvinia Riccobene,et al.  An ASM Semantics for UML Activity Diagrams , 2000, AMAST.

[43]  Leslie Lamport The ‘Hoare logic’ of concurrent programs , 2004, Acta Informatica.

[44]  David Lorge Parnas,et al.  On a 'Buzzword': Hierarchical Structure , 2001, IFIP Congress.

[45]  Christoph Beierle,et al.  Correctness Proof For the WAM with Types , 1991, CSL.

[46]  Richard F. Paige,et al.  Exceptions in Concurrent Eiffel , 2007, J. Object Technol..

[47]  Egon Börger,et al.  High Level System Design and Analysis Using Abstract State Machines , 1998, FM-Trends.

[48]  Egon Börger,et al.  The bakery algorithm: yet another specification and verification , 1993, Specification and validation methods.

[49]  Daniel Kluender TRIZ for software architecture , 2011 .

[50]  Jean-Marc Jézéquel,et al.  Design by Contract: The Lessons of Ariane , 1997, Computer.

[51]  Elvinia Riccobene,et al.  Capturing Requirements by Abstract State Machines: The Light Control Case Study , 2000, J. Univers. Comput. Sci..

[52]  Angelica Maria Kappel Executable Specifications based on Dynamic Algebras , 1993, LPAR.

[53]  MeyerBertrand,et al.  Design by Contract , 1997 .

[54]  Jörg Schäuffele,et al.  Automotive Software Engineering , 2003 .

[55]  Egon Börger,et al.  Towards a Mathematical Specification of the APE100 Architecture: The APESE Model , 1994, IFIP Congress.

[56]  Alan Burns,et al.  Real-Time Systems and Programming Languages , 2009 .

[57]  Thomas A. Henzinger,et al.  The Embedded Systems Design Challenge , 2006, FM.

[58]  Yuri Gurevich,et al.  Group membership protocol: specification and verification , 1995, Specification and validation methods.

[59]  Giorgio Bruno Model-based software engineering , 1994 .

[60]  Robert L. Nord,et al.  Applied Software Architecture , 1999, Addison Wesley object technology series.

[61]  Angelo Gargantini,et al.  Using Spin to Generate Testsfrom ASM Specifications , 2003, Abstract State Machines.

[62]  Amir Pnueli The Temporal Semantics of Concurrent Programs , 1981, Theor. Comput. Sci..

[63]  Alexander L. Wolf,et al.  Acm Sigsoft Software Engineering Notes Vol 17 No 4 Foundations for the Study of Software Architecture , 2022 .

[64]  David C. Luckham,et al.  An Overview of Anna, a Specification Language for Ada , 1985, IEEE Software.

[65]  David S. Rosenblum,et al.  A historical perspective on runtime assertion checking in software development , 2006, SOEN.

[66]  Eugenia Ternovska,et al.  Model Checking Abstract State Machines with Answer Set Programming , 2007, Fundam. Informaticae.

[67]  R. Kramer iContract - The Java(tm) Design by Contract(tm) Tool , 1998 .

[68]  Egon Börger,et al.  Integrating ASMs into the Software Development Life Cycle , 1997, J. Univers. Comput. Sci..

[69]  A. Turing On Computable Numbers, with an Application to the Entscheidungsproblem. , 1937 .

[70]  Steve Vestal,et al.  Domain-Specific Software Architectures for Guidance, Navigation and Control , 1996, Int. J. Softw. Eng. Knowl. Eng..

[71]  Pierre America,et al.  Pool-T: a parallel object-oriented language , 1987 .

[72]  Axel Dold,et al.  ASM-based Mechanized Verification of Compiler Back-Ends , 1998, Workshop on Abstract State Machines.

[73]  Rick Kazman,et al.  The architecture tradeoff analysis method , 1998, Proceedings. Fourth IEEE International Conference on Engineering of Complex Computer Systems (Cat. No.98EX193).

[74]  Wolfgang Ahrendt,et al.  Reasoning about Abstract State Machines: The WAM Case Study , 1997, J. Univers. Comput. Sci..

[75]  Jean-Marc Jézéquel,et al.  Making Components Contract Aware , 1999, Computer.

[76]  Barbara Liskov,et al.  Abstraction and Specification in Program Development , 1986 .

[77]  Olivier Zendra,et al.  Efficient dynamic dispatch without virtual function tables: the SmallEiffel compiler , 1997, OOPSLA '97.

[78]  Egon Börger,et al.  Java and the Java Virtual Machine: Definition, Verification, Validation , 2001 .

[79]  Luca Mearelli Refining an ASM Specification of the Production Cell to C++ Code , 1997, J. Univers. Comput. Sci..

[80]  Scott Oaks,et al.  Java Threads , 1997 .

[81]  J. Michael Spivey,et al.  The Z notation - a reference manual , 1992, Prentice Hall International Series in Computer Science.

[82]  Heinrich Rust A Non-standard Approach to Operational Semantics for Timed Systems , 2003, Abstract State Machines.

[83]  Dino Mandrioli,et al.  Formal Methods for Real-Time Computing , 1996 .

[84]  Richard F. Paige,et al.  SECG: The SCOOP-to-Eiffel Code Generator , 2004, J. Object Technol..

[85]  Edmund M. Clarke,et al.  Design and Synthesis of Synchronization Skeletons Using Branching Time Temporal Logic , 2008, 25 Years of Model Checking.

[86]  Yuri Gurevich,et al.  Reconsidering Turing's thesis : (toward more realistic semantics of programs) , 1984 .

[87]  Elvinia Riccobene,et al.  Refining Abstract Machine Specifications of the Steam Boiler Control to Well Documented Executable Code , 1995, Formal Methods for Industrial Applications.

[88]  Eila Niemelä,et al.  A Survey on Software Architecture Analysis Methods , 2002, IEEE Trans. Software Eng..

[89]  Stefan Kowalewski,et al.  Design-by-Contract for Embedded Systems , 2008 .

[90]  Joachim Schmid,et al.  Compiling Abstract State Machines to C++ , 2001, J. Univers. Comput. Sci..

[91]  Kristina Lundqvist,et al.  Modeling an electronic throttle controller using the timed abstract state machine language and toolset , 2006, MoDELS'06.

[92]  Kristina Lundqvist,et al.  Automated Verification of Completeness and Consistency of Abstract State Machine Specifications using a SAT Solver , 2007, MBT.

[93]  Roozbeh Farahbod,et al.  CoreASM: An Extensible ASM Execution Engine , 2007, Fundam. Informaticae.

[94]  João M. Fernandes,et al.  Modeling industrial embedded systems with UML , 2000, CODES '00.

[95]  Satoshi Matsuoka,et al.  Analysis of inheritance anomaly in object-oriented concurrent programming languages , 1993 .

[96]  Wolfgang Müller,et al.  The semantics of behavioral VHDL '93 descriptions , 1994, EURO-DAC '94.

[97]  Yan Gao,et al.  MULTI-VIEW CONSISTENCY CHECKING OF BON SOFTWARE DESCRIPTION DIAGRAMS , 2004 .

[98]  Shuyu Li,et al.  Components and contracts for embedded software , 2005, 12th IEEE International Conference and Workshops on the Engineering of Computer-Based Systems (ECBS'05).

[99]  Egon Börger,et al.  A Logical Operational Semantics of Full Prolog, Part II: Built-in Predicates for Database Manipulation , 1990, MFCS.

[100]  Kevin J. Compton,et al.  A Semantic Model for the State Machine in the Unified Modeling Language , 2000 .

[101]  Elvinia Riccobene,et al.  Modeling the Dynamics of UML State Machines , 2000, Abstract State Machines.

[102]  Egon Börger,et al.  The ASM Refinement Method , 2003, Formal Aspects of Computing.

[103]  Leonard J. Bass,et al.  Quality Attribute Design Primitives and the Attribute Driven Design Method , 2001, PFE.

[104]  Daniel Klünder Modellierung und Analyse von Fahrzeugsoftware mit Abstract State Machines , 2008, Modellierung.

[105]  Roger Henriksson,et al.  Scheduling Garbage Collection in Embedded Systems , 1998 .

[106]  Martin Kardos An Approach to Model Checking AsmL Specifications , 2005, Abstract State Machines.

[107]  Egon Börger Logic Programming: The Evolving Algebra Approach , 1994, IFIP Congress.

[108]  Angelo Gargantini,et al.  Encoding Abstract State Machines in PVS , 2000, Abstract State Machines.

[109]  John L. Bruno,et al.  Introducing concurrency to a sequential language , 1993, CACM.

[110]  Egon Börger,et al.  Why Use Evolving Algebras for Hardware and Software Engineering? , 1995, SOFSEM.

[111]  Egon Börger,et al.  The WAM - Definition and Compiler Correctness , 1995, Logic Programming: Formal Methods and Practical Applications.

[112]  Edmund M. Clarke,et al.  Model Checking , 1999, Handbook of Automated Reasoning.

[113]  Yuri Gurevich,et al.  Sequential abstract-state machines capture sequential algorithms , 2000, TOCL.

[114]  R. Bell,et al.  IEC 61508: functional safety of electrical/electronic/ programme electronic safety-related systems: overview , 1999 .

[115]  Rafael Capilla,et al.  A web-based tool for managing architectural design decisions , 2006, SOEN.

[116]  Gerhard Schellhorn Verification of ASM Refinements Using Generalized Forward Simulation , 2001, J. Univers. Comput. Sci..

[117]  Grant Martin UML for embedded systems specification and design: motivation and overview , 2002, Proceedings 2002 Design, Automation and Test in Europe Conference and Exhibition.

[118]  Kirsten Winter,et al.  Model Checking for Abstract State Machines , 2008, J. Univers. Comput. Sci..

[119]  George Zi Sheng Ma,et al.  MODEL CHECKING SUPPORT FOR CoreASM: MODEL CHECKING DISTRIBUTED ABSTRACT STATE MACHINES USING SPIN , 2007 .

[120]  A. J. M. van Gasteren,et al.  Derivation of a Termination Detection Algorithm for Distributed Computations , 1983, Inf. Process. Lett..

[121]  James K. Huggins Kermit: specification and verification , 1993, Specification and validation methods.

[122]  Bertrand Meyer,et al.  Systematic concurrent object-oriented programming , 1993, CACM.

[123]  Grady Booch On Architecture , 2006, IEEE Software.

[124]  簡聰富,et al.  物件導向軟體之架構(Object-Oriented Software Construction)探討 , 1989 .

[125]  Philippe Kruchten,et al.  The 4+1 View Model of Architecture , 1995, IEEE Softw..

[126]  C. A. R. Hoare,et al.  An axiomatic basis for computer programming , 1969, CACM.

[127]  Edsger W. Dijkstra,et al.  Guarded commands, nondeterminacy and formal derivation of programs , 1975, Commun. ACM.

[128]  Egon Börger,et al.  The ASM Ground Model Method as a Foundation for Requirements Engineering , 2003, Verification: Theory and Practice.

[129]  Bennet P. Lientz,et al.  Software Maintenance Management: A Study of the Maintenance of Computer Application Software in 487 Data Processing Organizations , 1980 .

[130]  Robert W. Floyd,et al.  Assigning Meanings to Programs , 1993 .

[131]  Egon Börger,et al.  Report on a Practical Application of ASMs in Software Design , 2000, Abstract State Machines.

[132]  James Gosling,et al.  The Real-Time Specification for Java , 2000, Computer.

[133]  Wolfram Schulte,et al.  Semantic essence of AsmL , 2005, Theor. Comput. Sci..

[134]  Mary Shaw,et al.  Software architecture - perspectives on an emerging discipline , 1996 .

[135]  Mary Shaw,et al.  An introduction to the construction and verification of Alphard programs , 1976, ICSE '76.

[136]  Krishna M. Kavi,et al.  Parallelism in object-oriented languages: a survey , 1992, IEEE Software.

[137]  Zohar Manna,et al.  Temporal verification of reactive systems - safety , 1995 .

[138]  Yuri Gurevich,et al.  Evolving algebras 1993: Lipari guide , 1995, Specification and validation methods.

[139]  Kristina Lundqvist,et al.  The Timed Abstract State Machine Language: Abstract State Machines for Real-Time System Engineering , 2008, J. Univers. Comput. Sci..

[140]  Anoop Gupta,et al.  The Stanford FLASH Multiprocessor , 1994, ISCA.

[141]  Egon Börger,et al.  Abstract State Machines. A Method for High-Level System Design and Analysis , 2003 .