Control of Timed Systems

Cassez, Franck

20 September 2007

In this thesis we summarize our recent work on the control of timed systems.

[INFO:INFO_OH] Computer Science/Other

timed automata

control

Formal Verification of Adaptive Real-Time Systems by Extending Task Automata

Hatvani, Leo

January 2014

Recently, we have seen an increase in the deployment of safety critical embedded systems in rapidly changing environments, as well as requirement for on-site customizations and rapid adaptation. To address the extended range of requirements, adaptation mechanism are added to the systems to handle large number of situations appropriately. Although necessary, adaptations can cause inconsistent and unstable configurations that must be prevented for the embedded system to remain dependable and safe. Therefore, verifying the behavior of adaptive embedded systems during the design phase of the production process is highly desirable. A hard real time embedded system and its environment can be modeled using timed automata. Such model can describe the system at various levels of abstraction. In this thesis, we model the adaptive responses of a system in terms of tasks that are executed to handle changes in the environmental or internal parameters. Schedulability, a property that all tasks complete execution within their respective deadlines, is a key element in designing hard real-time embedded systems. A system that is unschedulable immediately compromises safety and hard real-time requirements and can cause fatal failure. Given specifications of all tasks in the system, we can model the system, an abstraction of the environment, and adaptive strategies to investigate whether the system retains safety properties, including schedulability, regardless of the changes in the environment and adaptations to those changes.

formal verification

embedded systems

timed automata

scheduling

Verification of Stochastic Timed Automata / Vérification des automates temporisés et stochastiques

Carlier, Pierre

08 December 2017

La vérification est maintenant une branche très connue des sciences informatiques. Elle est cruciale lorsque l'on a affaire à des programmes informatiques dans des systèmes automatiques : on veut vérifier si un système donné est correct et s'il satisfait des propriétés nécessaires à son bon fonctionnement. Une façon d'analyser ces systèmes se fait par la modélisation mathématique. La question est alors : peut-on vérifier si le modèle satisfait les propriétés requises ? C'est ce que l'on appelle le problème du model-checking. Plusieurs modèles ont été étudiés dans la littérature. Nous portons notre intérêt sur des modèles qui peuvent mêler des aspects temporels et des aspects probabilistes. Dans cette thèse, nous étudions donc le modèle des automates temporisés et stochastiques (ATS). Les contributions de ce document sont divisées en deux parties. Tout d'abord, nous étudions les problèmes de model-checking qualitatifs et quantitatifs des ATS. Les ATS sont, en particulier, des systèmes probabilistes généraux et avec de tels modèles, on est intéressé par des questions du type : « Une propriété est-elle satisfaite, au sein d'un modèle donné, avec probabilité 1 ? » (qualitatif) ou bien « Peut-on calculer une approximation de la probabilité que le modèle satisfait une propriété donnée ? » (quantitatif).Nous étudions ces questions dans des systèmes probabilistes généraux en utilisant, entre autres, la notion de decisiveness utilisée dans les chaînes de Markov infinie dans le but d'obtenir d'importants résultats qualitatifs et que nous étendons ici dans notre contexte plus général. Nous prouvons plusieurs résultats pour les problèmes de model-checking qualitatifs et quantitatifs de ces systèmes probabilistes, certains d'entre eux étant des extensions de travaux antérieurs sur les chaînes de Markov, d'autres étant nouveaux, et nous montrons comment l'on peut appliquer ces résultats sur des sous-classes des ATS. Nous étudions ensuite la vérification compositionnelle des ATS. En général, un système est le résultat de plusieurs plus petits systèmes fonctionnant ensemble. La vérification compositionnelle permet alors de réduire l'analyse de gros systèmes aux analyses des plus petits systèmes qui le composent. Il est donc crucial d'avoir une bonne structure compositionnelle au sein des modèles mathématiques, et cela manque aux ATS. Dans cette thèse, nous définissons un opérateur de composition pour les ATS. Nous faisons d'abord l'hypothèse que les ATS composés fonctionnent complètement indépendamment l'un de l'autre, c'est-à-dire les ATS ne communiquent pas entre eux. Nous prouvons que notre définition satisfait bien cette hypothèse d'indépendance. Un tel opérateur de composition n'est pas très intéressant puisque, généralement, les systèmes interagissent entre eux. Mais c'est une première étape nécessaire. Nous introduisons donc le nouveau modèle des ATS interactifs (ATSI) qui vont permettre des interactions entre les systèmes. Nous définissons un opérateur de composition dans les ATSI qui va rendre possible des synchronisations entre les systèmes et qui est construit sur la précédente composition dans les ATS. Nous finissons cette thèse par l'identification d'une sous-classe de ATSI dans laquelle tous les résultats qualitatifs et quantitatifs fournis dans cette thèse peuvent être appliqués, et qui est donc accompagnée d'une bonne structure compositionnelle au sein du modèle. / Verification is now a well-known branch in computer science. It is crucial when dealing with computer programs in automatic systems: we want to check if a given system is correct and satisfies some specifications that should be met. One way to analyse those systems is to model them mathematically. The question is then: can we check if the model satisfies the required specifications ? This is called the model-checking problem. Several models have been studied in the literature. We have an interest for models that can mix both timing and randomized aspects. In this thesis we thus study the stochastic timed automaton model (STA). The contributions of this document are twofold. First, we study the qualitative and quantitative model-checking problems of STA. STA are, in particular, general probabilistic systems and with such model, one is thus interested in questions like « Is a property satisfied, within a given model, with probability 1 ? » (qualitative) or « Can we compute an approximation of the probability that the model satisfies a given property ? » (quantitative).We study those questions for general stochastic systems using, amongst other, the notion of decisiveness used in infinite Markov chains in order to get strong qualitative and quantitative results, and that we extend here in or more general context. We prove several results for the qualitative and quantitative model-checking problems of those probabilistic systems, some of them being extensions of previous work on Markov chains, others being new, and we show how it can be applied to subclasses of STA. Then we study the compositional verification in STA. In general, a system is the result of several smaller systems working together. Compositional verification allows then one to reduce the analysis of a big system to the analyses of the smaller systems which compose it. It is then crucial to have a good compositional framework in mathematical models, and this lacks in STA. In this thesis, we define an operator of composition for STA. We first make the assumption that the STA composed run completely independently from each other, i.e. they do not communicate between them. We prove that our definition satisfies indeed this independence assumption. Such an operator of composition is not very interesting as in general, systems do communicate. But it is a necessary first step. We then introduce the new model of interactive STA (ISTA) that will allow for interactions between the systems. We define an operator of composition in ISTA that will make synchronisations possible between the systems and that is built on the previous composition in STA. We end this thesis with the identification of a subclass of ISTA in which all the qualitative and quantitative results provided in this thesis can be applied, and which thus comes with the nice compositional framework defined in the model.

Vérification

Automates temporisés

Automates temporisés et stochastiques

Verification

Timed automata

Stochastic timed automata

Algorithmic Analysis of Complex Semantics for Timed and Hybrid Automata.

Doyen, Laurent

13 June 2006

In the field of formal verification of real-time systems, major developments have been recorded in the last fifteen years. It is about logics, automata, process algebra, programming languages, etc. From the beginning, a formalism has played an important role: timed automata and their natural extension,hybrid automata. Those models allow the definition of real-time constraints using real-valued clocks, or more generally analog variables whose evolution is governed by differential equations. They generalize finite automata in that their semantics defines timed words where each symbol is associated with an occurrence timestamp. The decidability and algorithmic analysis of timed and hybrid automata have been intensively studied in the literature. The central result for timed automata is that they are positively decidable. This is not the case for hybrid automata, but semi-algorithmic methods are known when the dynamics is relatively simple, namely a linear relation between the derivatives of the variables. With the increasing complexity of nowadays systems, those models are however limited in their classical semantics, for modelling realistic implementations or dynamical systems. In this thesis, we study the algorithmics of complex semantics for timed and hybrid automata. On the one hand, we propose implementable semantics for timed automata and we study their computational properties: by contrast with other works, we identify a semantics that is implementable and that has decidable properties. On the other hand, we give new algorithmic approaches to the analysis of hybrid automata whose dynamics is given by an affine function of its variables.

Verification

Implementability

Robustness

Real-Time

Hybrid automata

Timed automata

Software engineering : testing real-time embedded systems using timed automata based approaches

Abou Trab, Mohammad

January 2012

Real-time Embedded Systems (RTESs) have an increasing role in controlling society infrastructures that we use on a day-to-day basis. RTES behaviour is not based solely on the interactions it might have with its surrounding environment, but also on the timing requirements it induces. As a result, ensuring that an RTES behaves correctly is non-trivial, especially after adding time as a new dimension to the complexity of the testing process. This research addresses the problem of testing RTESs from Timed Automata (TA) specification by the following. First, a new Priority-based Approach (PA) for testing RTES modelled formally as UPPAAL timed automata (TA variant) is introduced. Test cases generated according to a proposed timed adequacy criterion (clock region coverage) are divided into three sets of priorities, namely boundary, out-boundary and in-boundary. The selection of which set is most appropriate for a System Under Test (SUT) can be decided by the tester according to the system type, time specified for the testing process and its budget. Second, PA is validated in comparison with four well-known timed testing approaches based on TA using Specification Mutation Analysis (SMA). To enable the validation, a set of timed and functional mutation operators based on TA is introduced. Three case studies are used to run SMA. The effectiveness of timed testing approaches are determined and contrasted according to the mutation score which shows that our PA achieves high mutation adequacy score compared with others. Third, to enhance the applicability of PA, a new testing tool (GeTeX) that deploys PA is introduced. In its current version, GeTeX supports Control Area Network (CAN) applications. GeTeX is validated by developing a prototype for that purpose. Using GeTeX, PA is also empirically validated in comparison with some TA testing approaches using a complete industrial-strength test bed. The assessment is based on fault coverage, structural coverage, the length of generated test cases and a proposed assessment factor. The assessment is based on fault coverage, structural coverage, the length of generated test cases and a proposed assessment factor. The assessment results confirmed the superiority of PA over the other test approaches. The overall assessment factor showed that structural and fault coverage scores of PA with respect to the length of its tests were better than the others proving the applicability of PA. Finally, an Analytical Hierarchy Process (AHP) decision-making framework for our PA is developed. The framework can provide testers with a systematic approach by which they can prioritise the available PA test sets that best fulfils their testing requirements. The AHP framework developed is based on the data collected heuristically from the test bed and data collected by interviewing testing experts. The framework is then validated using two testing scenarios. The decision outcomes of the AHP framework were significantly correlated to those of testing experts which demonstrated the soundness and validity of the framework.

006.3

Verification and control of o-minimal hybrid systems and weighted timed automata

Brihaye, Thomas

02 June 2006

La thèse se situe à la charnière de l'informatique théorique et de la logique mathématique. Elle se concentre en particulier sur les aspects mathématiques de la vérification et du contrôle. La thèse se focalise sur l'étude de deux sous-classes d'automates hybrides: les automates temporisés pondérés et les automates hybrides o-minimaux. Concernant les automates temporisés pondérés, en introduisant un nouvel algorithme, nous donnons une caractérisation exacte de la complexité du problème d'atteignabilité optimal en prouvant qu'il est PSpace-complet. Nous prouvons que le model-checking de la logique WCTL est en général indécidable. Nous nous intéressons alors à une restriction de la logique WCTL. Nous montrons que la décidabilité du model-checking de WCTL restreint dépend de la dimension de l'automate et du fait que le temps soit discret ou dense. Finalement pour, nous prouvons que le problème de contrôle optimal est en général indécidable. Nous prouvons cependant que ce même problème est décidable pour les automates temporisés pondérés de dimension 1. En ce qui concerne les automates hybrides o-minimaux, à l'aide d'un encodage symbolique des trajectoires par des mots, nous sommes parvenus à prouver l'existence d'une bisimulation finie pour ces automates. De plus (toujours en utilisant nos encodages des trajectoires par des mots), nous avons obtenu des résultats de décidabilité pour des problèmes de jeux sur ces mêmes automates hybrides o-minimaux. Pour une classe d'automates hybrides o-minimaux, nous avons prouvé (i) que l'existence de stratégie gagnante pouvait être décidée et (ii) que ces stratégies gagnantes pouvaient être synthétisées.

verification

control

hybrid systems

o-minimality

weighted timed automata

Enabling Tool Support for Formal Analysis of ECA Rules

Ericsson, AnnMarie

January 2009

Rule-based systems implemented as event-condition-action (ECA) rules utilize a powerful and flexible paradigm when it comes to specifying systems that need to react to complex situation in their environment. Rules can be specified to react to combinations of events occurring at any time in any order. However, the behavior of a rule based system is notoriously hard to analyze due to the rules ability to interact with each other. Formal methods are not utilized in their full potential for enhancing software quality in practice. We argue that seamless support in a high-level paradigm specific tool is a viable way to provide industrial system designers with powerful verification techniques. This thesis targets the issue of formally verifying that a set of specified rules behaves as indented. The prototype tool REX (Rule and Event eXplorer) is developed as a proof of concept of the results of this thesis. Rules and events are specified in REX which is acting as a rule-based front-end to the existing timed automata CASE tool UPPAAL. The rules, events and requirements of application design are specified in REX. To support formal verification, REX automatically transforms the specified rules to timed automata, queries the requirement properties in the model-checker provided by UPPAAL and returns results to the user of REX in terms of rules and events. The results of this thesis consist of guidelines for modeling and verifying rules in a timed automata model-checker and experiences from using and building a tool implementing the proposed guidelines. Moreover, the result of an industrial case study is presented, validating the ability to model and verify a system of industrial complexity using the proposed approach. / Avhandlingen presenterar en ny ansats för att formellt verifiera regel-baserade system. En verktygsprototyp, REX, är utvecklad inom ramen för detta projekt i syfte att stödja ansatsen genom realisering av de teoretiska resultaten. De regler som avses är Event-Condition-Action (ECA) regler, vilket betyder att en regel exekverar ett stycke kod (Action) om ett villkor (Condition) är sant när en specifik händelse (Event) inträffar. ECA-regler är användbara för att speci¯cera beteendet av system som måste reagera på komplexa situationer i sin interagerande miljö. En regel kan till exempel reagera på en kombination av händelser som kan inträffa när som helst och i vilken ordning som helst. Avhandlingen fokuserar på hur man med hjälp av formella metoder kan påvisa att en regelmängd beter sig som förväntat. Användandet av formella metoder för att öka kvalitén på mjukvara är inte så utbrett som det skulle kunna vara. Några av anledningarna kan vara att formella metoder anses svåra att använda och att de kräver extra tid och kunskap. Avhandlingen handlar om en approach där utvecklare kan uttrycka sitt system i ett för dem enkelt språk och där detaljer rörande det formella verktyget döljs av ett verktyg som sköter interaktionen med det formella verktyget. Regler och händelser specificeras som indata till verktyget REX som agerar som en regelbaserad front-end till det formella verktyget UPPAAL. Regler, händelser och egenskaper som modellen ska uppfylla specificeras i REX. Formell verifiering stöds genom att REX automatiskt överför regler och egenskaper till en tidsautomat som kan verifieras av Uppaal. REX startar model-checkern i UPPAAL och returnerar resultatet från analysen till användaren. Resultatet från avhandlingen består av riktlinjer för hur man kan modellera och verifiera regler i en tidsautomat samt erfarenheter från att bygga och använda ett verktyg som implementerar dessa riktlinjer. Därutöver presenteras resultat från experiment och en fallstudie som genomförts för att validera den framtagna ansatsen.

ECA rules

Timed automata

Formal veri¯cation

TECHNOLOGY

TEKNIKVETENSKAP

Verifying transformations between timed automata specifications and ECA rules

Ericsson, Ann-Marie

January 2003

<p>Event-triggered real-time systems are desirable to use in environments where the arrival of events are hard to predict. The semantics of an event-triggered system is well mapped to the behaviour of an active database management system (ADBMS), specified using event-condition-action (ECA) rules. The benefits of using an active database, such as persistent data storage, concurrency control, timely response to event occurrences etc. highlights the need for a development method for event-triggered real-time systems using active databases.</p><p>However, there are problems left to be solved before an ADBMS can be used with confidence in real-time environments. The behaviour of a real-time system must be predictable, which implies a thorough analysed specification with e.g. specified worst case execution times. The predictability requirement is an obstacle for specifying real-time systems as ECA rules, since the rules may affect each other in many intricate ways which makes them hard to analyse. The interaction between the rules implies that it is not enough to verify the correctness of single rules; an analysis must consider the behaviour of the entire rule set.</p><p>In this dissertation, an approach for developing active applications is presented. A method is examined which starts with an analysed high-level timed automaton specification and transforms the specified behaviour into an implicitly analysed rule set. For this method to be useful, the transformation from timed automata to rules must preserve the exact behaviour of the high level specification. Hence, the aim of this dissertation is to verify transformations between timed automaton specifications and ECA rules.</p><p>The contribution of this project is a structured set of general transformations between timed automata specifications and ECA rules. The transformations include both transformations of small timed automata constructs for deterministic environments and formally verified timed automata patterns specifying the behaviour of composite events in recent and chronicle context.</p>

Active rules

Timed automata

Realtime systems

Transformations

Computer science

Datavetenskap

Automate sur les structures temporisée / Automata on timed structures

Jaziri, Samy

24 September 2019

Les systèmes digitaux jouent un rôle croissant dans le bon fonctionnement de notre société.Au delà de la grande diversité de leur domaines d'utilisations, on confie aujourd'hui destâches importantes à des algorithmes. Déjà largement utilisés dans des domaines aussi délicatque le transport, la chirurgie ou l'économie, il est aujourd'hui de plus en plus question defaire de la place aux systèmes digitaux dans les domaines sociaux et politiques :vote électronique, algorithmes de sélection, profilage électoraldotsPour les tâches confiées à des algorithmes, la responsabilité est déplacées de l'exécutantvers les concepteurs, développeurs et testeurs de ces algorithmes. Il incombe aussi auxchercheurs qui étudient ces algorithmes de proposer des techniques de vérifications fiablequi pourront être utilisées à tous les niveaux : conception, développement et test.Les méthodes de vérifications formelles donnent des outils mathématiques pourprévenir des erreurs à chaque niveaux. Parmi elle, le diagnostic d'erreur consiste en lacréation d'un diagnostiqueur basé sur un modèle formel du système à vérifier.Le diagnostiqueur est exécuté en parallèle du système qu'il doit surveiller et prévientun contrôleur si il détecte un comportement dangereux du système.Pour les systèmes modélisés par des automates temporisés, il n'est pas toujours possiblede construire un diagnostiqueur sous la forme d'un autre automate temporisé. En effetles automates temporisés, introduits par cite{AD94} dans les années 90 et largementétudiés et utilisés depuis pour modéliser des systèmes avec contraintes temporelles,ne sont pas déterminisable. Une machine plus puissante qu'un automate temporisé peutcependant être utilisée pour construire le diagnostiqueur d'un automate temporisé commele montre cite{Tripakis02}. L'aboutissement de ce travail de thèse est la constructionautomatique d'un diagnostiqueur pour les automates temporisés à une horloge.Ce diagnostiqueur, dans le même esprit que celui de cite{Tripakis02}, est une machineplus puissante qu'un automate temporisé. La partie~I du manuscrit introduit un cadreformel pour ce type de machine et plus généralement pour la modélisation et ladéterminisation de systèmes quantitatifs. Y est introduit le modèle des automates surstructures temporisés, qui apporte un nouveau point de vue sur la manière de modéliserles systèmes avec variables quantitatives. La partie~II étudie le problème de ladéterminisation des automates sur structures temporises, et plus spécifiquement celuides automates temporisés qui peuvent se traduire dans ce cadre nouveau cadre formel.La partie~III montre comment utiliser les automates sur structure temporisés pourconstruire de manière générique un diagnostiqueur pour les automate temporisés à unehorloge. Cette technique est implémentée dans un outils, DOTA , et comparée à lamachine construite par cite{Tripakis02}. / Digital system are now part of our society. They are used in a wide range of domainsand in particular they have to handle delicate tasks. Already used in domainssuch as transportation, surgery or economy, we speak now of using digital systemsfor social or political matters : electronic vote, selection algorithms, electoralprofilingdots For task handled by algorithm, the responsibility is moved from theexecutioner to the designer, developer and tester of those algorithms. It is alsothe responsibility of computer scientists who study those algorithms to proposereliable techniques of verification which will be applicable in the design, thedevelopment or the testing phase. Formal verification methods provide mathematicaltools to prevent executions error in all phases. Among them, fault-diagnosis consiston the construction of a diagnoser based on a formal model of the system we aim tocheck. The diagnoser runs in parallel with the real system and emit a warning anytime it detect a dangerous behavior. For systems modeled by timed automata, it isnot always possible to construct a timed automaton to diagnose it. Indeed timed automata,introduce in the nineties by cite{AD94} and widely studied and used since to modeltimed systems, are not determinizable. A machine, more powerful than a timed automaton,can still be used to construct the diagnoser of a timed automaton as it is done incite{Tripakis02}. This thesis work aim at constructing a diagnoser for any one-clocktimed automata. This diagnoser is constructed with the help of a machine more powerfulthan timed automata, following the idea of cite{Tripakis02}. Part~I of this thesisintroduce a formal framework for the modeling of quantitative systems and the study oftheir determinization. In this framework we introduce automata on timed structures,the model used to construct the diagnoser. Part~II study the determinization problemof automata on timed structures, and particularly the one of timed automatadeterminization in this framework. Part~III illustrate how automata on timed structurescan be used to construct in a generic way a diagnoser for one clock timed automata.This technique is implemented in a tool, DOTA , and is compared to the technique usedin cite{Tripakis02}.

Automates temporisés

Diagnostic

Décidabilité

Determinisation

Timed Automata

Diagnostic

Decidability

Determinization

EXTENDED COUPLED PROBABLISTIC TIMED AUTOMATA FOR MONITORING EATING ACTIVITIES OF ELDERLY PERSON

Muhajab, Hanan Nasser

30 November 2016

No description available.

Computer Science