Rigorous system design

We advocate rigorous system design as a coherent and accountable model-based process leading from requirements to implementations. We present the state of the art in system design, discuss its current limitations, and identify possible avenues for overcoming them. A rigorous system design flow [3] is defined as a formal accountable and iterative process composed of steps, and based on four principles: (1) separation of concerns; (2) component-based construction; (3) semantic coherency; and (4) correctness-by-construction. We show that the combined application of these principles allows the definition of rigorous design flows clearly identifying where human intervention and ingenuity are needed to resolve design choices, as well as activities that can be supported by tools to automate tedious and error-prone tasks. An implementable system model is progressively derived by source-to-source automated transformations in a single host component-based language rooted in well-defined semantics. Using a single modeling language throughout the design flow enforces semantic coherency. Correct-by-construction techniques allow well-known limitations of a posteriori verification to be overcome and ensure accountability. It is possible to explain, at each design step, which among the requirements are satisfied and which may not be satisfied. The presented view has been amply implemented in the BIP (Behavior, Interaction, Priority) component framework and substantiated by numerous experimental results showing both its relevance and feasibility [1]. We show in particular, how distributed implementations can be generated from BIP models with multiparty interactions by application of correct-by-construction transformations [2]. We conclude with a discussion advocating a system-centric vision for computing, identifying possible links with other disciplines, and emphasizing centrality of system design.

[1]  Jeff Sutherland,et al.  Manifesto for Agile Software Development , 2013 .

[2]  Giorgio C. Buttazzo,et al.  Hard Real-Time Computing Systems: Predictable Scheduling Algorithms and Applications (Real-Time Systems Series) , 2010 .

[3]  Scott A. Smolka,et al.  Turing Machines, Transition Systems, and Interaction , 2002, EXPRESS.

[4]  N. L. Chervany,et al.  THE MEANINGS OF TRUST , 2000 .

[5]  Holger H. Hoos,et al.  Programming by optimization , 2012, Commun. ACM.

[6]  Radu Marculescu,et al.  Towards a Science of Cyber-Physical Systems Design , 2011, 2011 IEEE/ACM Second International Conference on Cyber-Physical Systems.

[7]  H. Kopetz,et al.  Automotive Software Development for a Multi-Core System-on-a-Chip , 2007, Fourth International Workshop on Software Engineering for Automotive Systems (SEAS '07).

[8]  Karl Johan Åström,et al.  Adaptive Control , 1989, Embedded Digital Control with Microcontrollers.

[9]  Brian A. Wichmann,et al.  Ada - language and methodology , 1987, Prentice Hall International Series in Computer Science.

[10]  Joseph Sifakis,et al.  Rigorous Component-Based System Design Using the BIP Framework , 2011, IEEE Software.

[11]  Ursula Goltz,et al.  Refinement of actions and equivalence notions for concurrent systems , 2001, Acta Informatica.

[12]  Joseph Sifakis A framework for component-based construction , 2005, Third IEEE International Conference on Software Engineering and Formal Methods (SEFM'05).

[13]  Hermann Kopetz The Rationale for Time-Triggered Ethernet , 2008, 2008 Real-Time Systems Symposium.

[14]  Joseph Sifakis,et al.  Model-based implementation of real-time applications , 2010, EMSOFT '10.

[15]  Richard J. Lipton,et al.  Social processes and proofs of theorems and programs , 1977, POPL.

[16]  Thomas A. Henzinger,et al.  The Discipline of Embedded Systems Design , 2007, Computer.

[17]  Jeff Magee,et al.  Dynamic structure in software architectures , 1996, SIGSOFT '96.

[18]  George S. Avrunin,et al.  Breaking up is hard to do: An evaluation of automated assume-guarantee reasoning , 2008, TSEM.

[19]  Edward A. Lee,et al.  Dataflow process networks , 1995, Proc. IEEE.

[20]  Joseph Sifakis,et al.  Model checking , 1996, Handbook of Automated Reasoning.

[21]  David Harel,et al.  Behavioral programming , 2012, CACM.

[22]  David Harel,et al.  A Compiler for Multimodal Scenarios: Transforming LSCs into AspectJ , 2011, TSEM.

[23]  Giorgio Buttazzo,et al.  Hard Real-Time Computing Systems: Predictable Scheduling Algorithms and Applications , 1997 .

[24]  Edward A. Lee,et al.  Modeling Cyber–Physical Systems , 2012, Proceedings of the IEEE.

[25]  Jan van Leeuwen,et al.  The Turing machine paradigm in contemporary computing , 2001 .

[26]  Joseph Sifakis,et al.  Incremental component-based construction and verification using invariants , 2010, Formal Methods in Computer Aided Design.

[27]  Michael J. Butler,et al.  The Use of Formal Methods in the Analysis of Trust (Position Paper) , 2004, iTrust.

[28]  Joseph Sifakis,et al.  From high-level component-based models to distributed implementations , 2010, EMSOFT '10.

[29]  Joseph Sifakis,et al.  A Notion of Glue Expressiveness for Component-Based Systems , 2008, CONCUR.

[30]  David Garlan,et al.  Acme: an architecture description interchange language , 1997, CASCON.

[31]  Joseph Sifakis,et al.  A framework for automated distributed implementation of component-based models , 2012, Distributed Computing.

[32]  Nicolas Halbwachs,et al.  Synchronous Programming of Reactive Systems , 1992, CAV.

[33]  Joseph Sifakis,et al.  Rigorous system level modeling and analysis of mixed HW/SW systems , 2011, Ninth ACM/IEEE International Conference on Formal Methods and Models for Codesign (MEMPCODE2011).

[34]  Joseph Sifakis Rigorous System Design , 2013, Found. Trends Electron. Des. Autom..

[35]  Bernd Becker,et al.  A Definition and Classification of Timing Anomalies , 2006, WCET.

[36]  Deirdre K. Mulligan,et al.  Doctrine for Cybersecurity , 2011, Daedalus.