Model-driven development and analysis of high assurance systems

Capturing, refining, and analyzing requirements are some of the most challenging tasks in building a software system. How well these tasks are performed significantly impacts the quality of the developed software system. The difficulty of these tasks is greatly exacerbated for the software of embedded systems, since these systems are commonly used for critical applications, have to operate reliably for long periods of time, and need to adhere to real-time constraints. In this dissertation, we introduce a modeling and analysis approach for centralized and distributed real-time embedded systems that supports the use of formal specifications and model checking. The approach comprises four main elements: First, we developed specification patterns for specifying real-time, properties to aid the developer in formally specifying critical real-time system properties. Second, to enhance the accessibility of the specification patterns, we developed natural language representation and specification capabilities for qualitative and real-time properties. Third, based on industrial project information, we developed object analysis patterns to facilitate the creation of UML analysis models of embedded systems. Fourth, we defined an iterative modeling and analysis process using incremental change and providing rapid feedback to construct the UML models. The process incorporates object analysis patterns to facilitate the creation of conceptual UML models and the natural language property specification approach to specify critical properties. In order to validate our approach, we applied it to the development of several embedded system descriptions obtained from industrial collaborators.

[1]  Douglas C. Schmidt,et al.  Half-sync/half-async: an architectural pattern for efficient and well-structured concurrent I/O , 1996 .

[2]  B. H. Krogh,et al.  Verifying switched-mode computer controlled systems , 2002, Proceedings. IEEE International Symposium on Computer Aided Control System Design.

[3]  R. Alur Techniques for automatic verification of real-time systems , 1991 .

[4]  Axel van Lamsweerde,et al.  Requirements engineering in the year 00: a research perspective , 2000, Proceedings of the 2000 International Conference on Software Engineering. ICSE 2000 the New Millennium.

[5]  Shailey Minocha,et al.  Supporting Scenario-Based Requirements Engineering , 1998, IEEE Trans. Software Eng..

[6]  Vincenzo Gervasi,et al.  On the Systematic Analysis of Natural Language Requirements with CIRCE , 2006, Automated Software Engineering.

[7]  Helmut Veith,et al.  Progress on the State Explosion Problem in Model Checking , 2001, Informatics.

[8]  Douglas C. Schmidt,et al.  Asynchronous Completion Token An Object Behavioral Pattern for Efficient Asynchronous Event Handling , 1997 .

[9]  Iulian Ober,et al.  Timed annotations with UML , 2003 .

[10]  Louise E. Moser,et al.  Interval logics and their decision procedures: Part II: a real-time interval logic☆ , 1996 .

[11]  Carlo Ghezzi,et al.  ASTRAL: An Assertion Language for Specifying Realtime Systems , 1991, ESEC.

[12]  Volker Gruhn,et al.  Patterns for Timed Property Specifications , 2006, QAPL.

[13]  Shin Nakajima,et al.  The SPIN Model Checker : Primer and Reference Manual , 2004 .

[14]  Betty H. C. Cheng,et al.  Adding Formal Specifications to Requirements Patterns , 2002 .

[15]  Daniel Gross,et al.  From Non-Functional Requirements to Design through Patterns , 2001, Requirements Engineering.

[16]  Doron Drusinsky,et al.  The Temporal Rover and the ATG Rover , 2000, SPIN.

[17]  Rajeev Alur,et al.  Model-Checking of Real-Time Systems: A Telecommunications Application Experience Report , 1997, Proceedings of the (19th) International Conference on Software Engineering.

[18]  Doug Lea Design Patterns for Avionics Control Systems , 1998 .

[19]  Karsten Loer,et al.  Towards usable and relevant model checking techniques for the analysis of dependable interactive systems , 2002, Proceedings 17th IEEE International Conference on Automated Software Engineering,.

[20]  Thomas A. Henzinger,et al.  The theory of hybrid automata , 1996, Proceedings 11th Annual IEEE Symposium on Logic in Computer Science.

[21]  A. J. Downs The Hole in the Curriculum. , 1971 .

[22]  Thomas A. Henzinger,et al.  Extreme Model Checking , 2003, Verification: Theory and Practice.

[23]  Sascha Konrad Assurance patterns for distributed real-time embedded systems , 2005, ICSE.

[24]  Dragan Bošnački,et al.  Digitization of Timed Automata , 1999 .

[25]  Heather Goldsby,et al.  Visualizing Requirements in UML Models , 2006, 2006 First International Workshop on Requirements Engineering Visualization (REV'06 - RE'06 Workshop).

[26]  Axel van Lamsweerde,et al.  Formal refinement patterns for goal-driven requirements elaboration , 1996, SIGSOFT '96.

[27]  Ralph Johnson,et al.  design patterns elements of reusable object oriented software , 2019 .

[28]  Manfred Broy Requirements Engineering for Embedded Systems) , 2003 .

[29]  James Bret Michael,et al.  Natural-language processing support for developing policy-governed software systems , 2001, Proceedings 39th International Conference and Exhibition on Technology of Object-Oriented Languages and Systems. TOOLS 39.

[30]  Zohar Manna,et al.  The Temporal Logic of Reactive and Concurrent Systems , 1991, Springer New York.

[31]  Constance L. Heitmeyer,et al.  MT: A toolset for specifying and analyzing real-time systems , 1993, 1993 Proceedings Real-Time Systems Symposium.

[32]  Thomas A. Henzinger,et al.  A really temporal logic , 1994, JACM.

[33]  James C. Corbett,et al.  A Language Framework for Expressing Checkable Properties of Dynamic Software , 2000, SPIN.

[34]  Constance L. Heitmeyer,et al.  Applying the SCR Requirements Method to the Light Control Case Study , 2000, J. Univers. Comput. Sci..

[35]  Betty H. C. Cheng,et al.  Facilitating the construction of specification pattern-based properties , 2005, 13th IEEE International Conference on Requirements Engineering (RE'05).

[36]  Robyn R. Lutz,et al.  Analyzing software requirements errors in safety-critical, embedded systems , 1993, [1993] Proceedings of the IEEE International Symposium on Requirements Engineering.

[37]  Charles D. Sigwart,et al.  Software Engineering: A Project Oriented Approach , 1990 .

[38]  Matthew B. Dwyer,et al.  Bandera: extracting finite-state models from Java source code , 2000, Proceedings of the 2000 International Conference on Software Engineering. ICSE 2000 the New Millennium.

[39]  Betty H. C. Cheng,et al.  Use Case-Based Modeling and Analysis of Failsafe Fault-Tolerance , 2006, 14th IEEE International Requirements Engineering Conference (RE'06).

[40]  Wolfgang Müller,et al.  A UML Profile for Real-Time Constraints with the OCL , 2002, UML.

[41]  Barrett R. Bryant,et al.  Object-oriented natural language requirements specification , 2000, Proceedings 23rd Australasian Computer Science Conference. ACSC 2000 (Cat. No.PR00518).

[42]  Wolfgang Thomas,et al.  Automata on Infinite Objects , 1991, Handbook of Theoretical Computer Science, Volume B: Formal Models and Sematics.

[43]  Aloysius K. Mok,et al.  Safety analysis of timing properties in real-time systems , 1986, IEEE Transactions on Software Engineering.

[44]  Betty H. C. Cheng,et al.  Automated Analysis of Natural Language Properties for UML Models , 2005, MoDELS Satellite Events.

[45]  Mary Shaw,et al.  Some patterns for software architectures , 1996 .

[46]  Stephan Merz,et al.  Model Checking - Timed UML State Machines and Collaborations , 2002, FTRTFT.

[47]  Nissim Francez,et al.  Automatic Translation of Natural Language System Specifications into Temporal Logic , 1996 .

[48]  Douglas C. Schmidt Acceptor-Connector An Object Creational Pattern for Connecting and Initializing Communication Services , 1997 .

[49]  Suzanne Robertson,et al.  Requirements Patterns Via Events/Use Cases , 1996 .

[50]  Haitham Hamza Towards stable software analysis patterns , 2002, OOPSLA '02.

[51]  Norbert E. Fuchs,et al.  Attempto Controlled English (ACE) , 1996, ArXiv.

[52]  H. Goldsby,et al.  Enabling a Roundtrip Engineering Process for the Modeling and Analysis of Embedded Systems ⋆ , 2006 .

[53]  Hassan Gomaa,et al.  Designing concurrent, distributed, and real-time applications with UML , 2000, ICSE.

[54]  Betty H. C. Cheng,et al.  Automatically Detecting and Visualising Errors in UML Diagrams , 2002, Requirements Engineering.

[55]  Douglas Clark Schmidt,et al.  Reactor An Object Behavioral Pattern for Demultiplexing and Dispatching Handles for Synchronous Events , 1995 .

[56]  Stavros Tripakis,et al.  Extending Promela and Spin for Real Time , 1996, TACAS.

[57]  Betty H. C. Cheng,et al.  UML-based analysis of embedded systems using a mapping to VHDL , 1999, Proceedings 4th IEEE International Symposium on High-Assurance Systems Engineering.

[58]  Betty H. C. Cheng,et al.  Automated analysis of timing information in UML diagrams , 2004 .

[59]  Betty H. C. Cheng,et al.  Object analysis patterns for embedded systems , 2004, IEEE Transactions on Software Engineering.

[60]  Leon J. Osterweil,et al.  Cecil: A Sequencing Constraint Language for Automatic Static Analysis Generation , 1990, IEEE Trans. Software Eng..

[61]  Kirsten Berkenkötter,et al.  Using UML 2 . 0 in Real-Time Development A Critical Review , 2003 .

[62]  Ewan Klein,et al.  A semantically-derived subset of English for hardware verification , 1999, ACL.

[63]  Susumu Hayashi,et al.  Test Driven Development of UML Models with SMART Modeling System , 2004, UML.

[64]  Stephen Fickas,et al.  Goal-Directed Requirements Acquisition , 1993, Sci. Comput. Program..

[65]  Wolfgang Müller,et al.  Structured English for Model Checking Specification , 2000, MBMV.

[66]  Michael Hahsler,et al.  Software engineering with analysis patterns , 2001 .

[67]  George S. Avrunin,et al.  Patterns in property specifications for finite-state verification , 1999, Proceedings of the 1999 International Conference on Software Engineering (IEEE Cat. No.99CB37002).

[68]  Manfred Broy,et al.  Distributed Concurrent Object-Oriented Software , 2004, Essays in Memory of Ole-Johan Dahl.

[69]  Kent L. Beck,et al.  Extreme programming explained - embrace change , 1990 .

[70]  Meyer C. Tanuan,et al.  Automated Analysis of Unified Modeling Language (UML) Specifications , 2001 .

[71]  Scott W. Ambler,et al.  The Object Primer: Agile Model–Driven Development (AMDD) , 2004 .

[72]  Patricia Bouyer,et al.  On the Expressiveness of TPTL and MTL , 2005, FSTTCS.

[73]  Peter Checkland,et al.  Systems Thinking, Systems Practice , 1981 .

[74]  Roger S. Pressman,et al.  Software engineering (3rd ed.): a practitioner's approach , 1992 .

[75]  Stefania Gnesi,et al.  Assisting requirement formalization by means of natural language translation , 1994, Formal Methods Syst. Des..

[76]  Mukesh Singhal,et al.  Advanced Concepts In Operating Systems , 1994 .

[77]  Betty H. C. Cheng,et al.  A Requirements Patterns-Driven Approach to Specify Systems and Check Properties , 2003, SPIN.

[78]  Louise E. Moser,et al.  Interval Logics and Their Decision Procedures, Part I: An Interval Logic , 1996, Theor. Comput. Sci..

[79]  Mark Mayfield,et al.  Object models (2nd ed.): strategies, patterns, and applications , 1997 .

[80]  David E. Simon,et al.  An Embedded Software Primer , 1999 .

[81]  Pierfrancesco Bellini,et al.  Temporal logics for real-time system specification , 2000, CSUR.

[82]  Thomas A. Henzinger,et al.  Logics and Models of Real Time: A Survey , 1991, REX Workshop.

[83]  Thomas A. Henzinger,et al.  HYTECH: a model checker for hybrid systems , 1997, International Journal on Software Tools for Technology Transfer.

[84]  Louise E. Moser,et al.  A graphical environment for the design of concurrent real-time systems , 1997, TSEM.

[85]  B.H.C. Cheng,et al.  Real-time specification patterns , 2005, Proceedings. 27th International Conference on Software Engineering, 2005. ICSE 2005..

[86]  George S. Avrunin,et al.  User guidance for creating precise and accessible property specifications , 2006, SIGSOFT '06/FSE-14.

[87]  Marsha Chechik,et al.  Events in Property Patterns , 1999, SPIN.

[88]  Stavros Tripakis,et al.  Efficient Verification of Timed Automata Using Dense and Discrete Time Semantics , 1999, CHARME.

[89]  Martin,et al.  UML for Java¿ Programmers , 2003 .

[90]  Stavros Tripakis,et al.  Kronos: A Model-Checking Tool for Real-Time Systems , 1998, CAV.

[91]  Thomas A. Henzinger,et al.  An eclipse plug-in for model checking , 2004, Proceedings. 12th IEEE International Workshop on Program Comprehension, 2004..

[92]  Anish Arora,et al.  Detectors and correctors: a theory of fault-tolerance components , 1998, Proceedings. 18th International Conference on Distributed Computing Systems (Cat. No.98CB36183).

[93]  Rajeev Alur,et al.  Model-Checking in Dense Real-time , 1993, Inf. Comput..

[94]  Douglas C. Schmidt,et al.  Double-Checked Locking An Object Behavioral Pattern for Initializing and Accessing Thread-safe Objects Efficiently , 1996 .

[95]  Murray Silverstein,et al.  A Pattern Language , 1977 .

[96]  Kim Guldstrand Larsen,et al.  The power of reachability testing for timed automata , 2003, Theor. Comput. Sci..

[97]  Reinhard Gotzhein,et al.  A generic approach to the formal specification of requirements , 1997, First IEEE International Conference on Formal Engineering Methods.

[98]  Constance L. Heitmeyer,et al.  SCR*: A Toolset for Specifying and Analyzing Software Requirements , 1998, CAV.

[99]  Iulian Ober,et al.  Validation of UML Models via a Mapping to Communicating Extended Timed Automata , 2004, SPIN.

[100]  Betty H. C. Cheng,et al.  Requirements patterns for embedded systems , 2002, Proceedings IEEE Joint International Conference on Requirements Engineering.

[101]  Juan José Moreno-Navarro,et al.  Formal Extreme (and Extremely Formal) Programming , 2003, XP.

[102]  Thomas W. Reps,et al.  The synthesizer generator , 1984, SDE 1.

[103]  Reinhard Gotzhein,et al.  A Tailored Real Time Temporal Logic for Specifying Requirements of Building Automation Systems , 1999 .

[104]  George S. Avrunin,et al.  PROPEL: an approach supporting property elucidation , 2002, ICSE '02.

[105]  Benjamin C. Kuo,et al.  AUTOMATIC CONTROL SYSTEMS , 1962, Universum:Technical sciences.

[106]  Douglas Clark Schmidt,et al.  Leader / Followers A Design Pattern for Efficient Multi-threaded I / O Demultiplexing and Dispatching , 2000 .

[107]  Betty H. C. Cheng,et al.  A general framework for formalizing UML with formal languages , 2001, Proceedings of the 23rd International Conference on Software Engineering. ICSE 2001.

[108]  Barry W. Boehm,et al.  A spiral model of software development and enhancement , 1986, Computer.

[109]  D. Bosnacki Enhancing state space reduction techniques for model checking , 2001 .

[110]  Douglas C. Schmidt An Object Behavioral Pattern for Concurrent Programming , 1999 .

[111]  Carlo Ghezzi,et al.  TRIO: A logic language for executable specifications of real-time systems , 1990, J. Syst. Softw..

[112]  Kenneth L. McMillan,et al.  Symbolic model checking: an approach to the state explosion problem , 1992 .

[113]  Sherif Abdelwahed,et al.  Verifying distributed real-time properties of embedded systems via graph transformations and model checking , 2006, Real-Time Systems.

[114]  Holger Giese,et al.  The fujaba real-time tool suite: model-driven development of safety-critical, real-time systems , 2005, ICSE.

[115]  Manfred Broy,et al.  Software and System Modeling Based on a Unified Formal Semantics , 1997, Requirements Targeting Software and Systems Engineering.

[116]  Carl E. Landwehr,et al.  Basic concepts and taxonomy of dependable and secure computing , 2004, IEEE Transactions on Dependable and Secure Computing.

[117]  José Alves Marques,et al.  Development of distributed applications with separation of concerns , 1995, Proceedings 1995 Asia Pacific Software Engineering Conference.

[118]  OSCAR A. MONDRAGÓN,et al.  Supporting Elicitation And Specification Of Software Properties Through Patterns And Composite Propositions , 2004, Int. J. Softw. Eng. Knowl. Eng..

[119]  Hassan Gomaa,et al.  Modeling behavioral design patterns of concurrent objects , 2006, ICSE '06.

[120]  Haitham S. Hamza,et al.  Extracting domain- specific and domain-independent patterns , 2003, OOPSLA '03.

[121]  Ron Koymans,et al.  Specifying real-time properties with metric temporal logic , 1990, Real-Time Systems.

[122]  Thomas A. Henzinger,et al.  What Good Are Digital Clocks? , 1992, ICALP.

[123]  Paolo Nesi,et al.  An Interval Logic for Real-Time System Specification , 2001, IEEE Trans. Software Eng..

[124]  Douglas C. Schmidt,et al.  An Object Behavioral Pattern for Demultiplexing and Dispatching Handlers for Asynchronous Events , 1998 .

[125]  Joseph E. Urban,et al.  Syntax-directed editing environments: issues and features , 1993, SAC '93.

[126]  Paul Gastin,et al.  Fast LTL to Büchi Automata Translation , 2001, CAV.

[127]  Leslie Lamport,et al.  Real Time is Really Simple , 2005 .

[128]  Nancy G. Leveson,et al.  Completeness and Consistency in Hierarchical State-Based Requirements , 1996, IEEE Trans. Software Eng..

[129]  B. Cheng,et al.  A Framework for Modeling and Analyzing Fault-Tolerance 1 , 2006 .

[130]  Dragan Bosnacki,et al.  Discrete-Time Promela and Spin , 1998, FTRTFT.

[131]  Thomas A. Henzinger,et al.  The benefits of relaxing punctuality , 1991, JACM.

[132]  Leslie Lamport,et al.  Specifying Systems: The TLA+ Language and Tools for Hardware and Software Engineers [Book Review] , 2002, Computer.

[133]  P. Kidwell,et al.  The mythical man-month: Essays on software engineering , 1996, IEEE Annals of the History of Computing.

[134]  Leonardo Mendonça de Moura,et al.  Generating efficient test sets with a model checker , 2004, Proceedings of the Second International Conference on Software Engineering and Formal Methods, 2004. SEFM 2004..

[135]  Sandeep K. Shukla,et al.  XFM: An incremental methodology for developing formal models , 2005, TODE.

[136]  Betty H. C. Cheng,et al.  A generic framework for formalizing object-oriented modeling notations for embedded systems development , 2000 .

[137]  Kevin Ryan,et al.  The role of natural language in requirements engineering , 1993, [1993] Proceedings of the IEEE International Symposium on Requirements Engineering.

[138]  Joseph Sifakis,et al.  Modeling Urgency in Timed Systems , 1997, COMPOS.

[139]  Kousha Etessami,et al.  Optimizing Büchi Automata , 2000, CONCUR.

[140]  Bruce Powel Douglass,et al.  Real Time UML: Advances in the UML for Real-Time Systems (3rd Edition) , 2004 .

[141]  Anish Arora,et al.  Component based design of fault-tolerance , 1999 .

[142]  Luigi Lavazza,et al.  Combining UML and formal notations for modelling real-time systems , 2001, ESEC/FSE-9.

[143]  Howard Falk,et al.  Formal Verification of Timed Systems: A Survey and Perspective , 2004, Proc. IEEE.

[144]  Wolfgang Keller Object/Relational Access Layers A Roadmap, Missing Links and More Patterns , 2004 .

[145]  Marco Aurelio Antonio Sanvido,et al.  Hardware-in-the-loop simulation framework , 2002 .

[146]  Axel van Lamsweerde,et al.  Deriving operational software specifications from system goals , 2002, SIGSOFT '02/FSE-10.

[147]  Douglas C. Schmidt,et al.  Active object: an object behavioral pattern for concurrent programming , 1996 .

[148]  Angelo Gargantini,et al.  Using model checking to generate tests from requirements specifications , 1999, ESEC/FSE-7.

[149]  Pierre Wolper,et al.  Simple on-the-fly automatic verification of linear temporal logic , 1995, PSTV.

[150]  Anish Arora A foundation of fault-tolerant computing , 1992 .

[151]  Bruce Powel Douglass Real-Time Design Patterns , 1999 .

[152]  Winfried Lamersdorf,et al.  Extreme modeling , 2001 .

[153]  Xiaohong Yuan,et al.  Semantic Analysis Patterns , 2000, ER.

[154]  Robert S. Hanmer,et al.  Fault-tolerant telecommunication system patterns , 1996 .

[155]  Bruce P. Douglass,et al.  Doing hard time: developing real-time systems with uml , 1999 .

[156]  Thomas A. Henzinger,et al.  Real-Time Logics: Complexity and Expressiveness , 1993, Inf. Comput..