Counter-free input-determined timed automata

We identify a class of timed automata, which we call counter-free input-determined automata, which characterize the class of timed languages definable by several timed temporal logics in the literature, including MTL. We make use of this characterization to show that MTL+Past satisfies an “ultimate stability” property with respect to periodic sequences of timed words. Our results hold for both the pointwise and continuous semantics. Along the way we generalize the result of McNaughton-Papert to show a counter-free automata characterization of FO-definable finitely varying functions.

On continuous timed automata with input-determined guards

We consider a general class of timed automata parameterized by a set of “input-determined” operators, in a continuous time setting. We show that for any such set of operators, we have a monadic second order logic characterization of the class of timed languages accepted by the corresponding class of automata. Further, we consider natural timed temporal logics based on these operators, and show that they are expressively equivalent to the first-order fragment of the corresponding MSO logics. As a corollary of these general results we obtain an expressive completeness result for the continuous version of MTL.

The MIRELA framework: modeling and analyzing mixed reality applications using timed automata

Mixed Reality (MR) aims to link virtual entities with the real world and has many applications such as military and medical domains [JBL+00, NFB07]. In many MR systems and more precisely in augmented scenes, one needs the application to render the virtual part accurately at the right time. To achieve this, such systems acquire data related to the real world from a set of sensors before rendering virtual entities. A suitable system architecture should minimize the delays to keep the overall system delay (also called end-to-end latency) within the requirements for real-time performance. In this context, we propose a compositional modeling framework for MR software architectures in order to specify, simulate and validate formally the time constraints of such systems. Our approach is first based on a functional decomposition of such systems into generic components. The obtained elements as well as their typical interactions give rise to generic representations in terms of timed automata. A whole system is then obtained as a composition of such defined components. To write specifications, a textual language named MIRELA (MIxed REality LAnguage) is proposed along with the corresponding compilation tools. The generated output contains timed automata in UPPAAL format for simulation and verification of time constraints. These automata may also be used to generate source code skeletons for an implementation on a MR platform. The approach is illustrated first on a small example. A realistic case study is also developed. It is modeled by several timed automata synchronizing through channels and including a large number of time constraints. Both systems have been simulated in UPPAAL and checked against the required behavioral properties.

基于Yices对时间自动机的有界模型检测

随着工业化程度的提高，对模型的检测方法受到越来越大的重视。通常的检测方法有推理验证和模型检测。而相对于推理验证，模型检测由于其高度自动化的检测过程，在工业界有着更广泛的应用。 模型检测自从概念雏形开始之时，就受到状态爆炸问题的困扰。为了解决这个问题，不同的技术被提了出来。McMillan提出利用OBDD的符号模型检测方法在一定程度上解决了这个问题。另外，本文所主要讲述的有界模型检测，经大量的实践证明，对符号模型检测也是一个很好的补充。 由于问题的特殊性，科学家提出来不同的模型来描述不同情况的系统。由于时间自动机能够很好地描述异步系统，而且这种系统广泛地存在于现实生活中，对时间自动机这种特殊模型的验证方法的研究变得很有必要。另外，由于时间自动机带有实数域的时钟变量，这导致了时间自动机有一个无限域的状态迁移图。为了利用模型检测的方法对其进行验证，需要对时间变量进行预处理。一般的方法是把时钟所对应的时钟区或时钟域根据等价性，化为有限的域，相应地，把时间自动机转化为有限的状态迁移图。 为了避免在对时间自动机有界模型检测过程中对变量进行布尔编码以及对时间自动机模型中的时钟进行预处理，本文给出一个利用SMT工具进行的对时间自动机进行有界模型检测的方法。该方法的主要优点是无需将时间自动机中的时钟进行预处理，也不需要将模型中的变量进行布尔编码，只需将时间自动机转变为SMT工具可解的逻辑公式，利用SMT的高效求解来进行模型检测。实验结果表明，对于某些可达性性质的验证，这种方法的效率有一定的优势。

一种基于时间自动机的实时系统测试方法

基于时间自动机(timedautomata,简称TA)的一种变体——时间安全输入/输出自动机(timedsafetyinput/outputautomata,简称TSIOA),提出了一种实时系统测试方法.该方法首先将时间安全输入/输出自动机描述的系统模型转换为不含抽象时间延迟迁移的稳定符号状态迁移图(untimedstabletransitiongraphofsymbolicstate,简称USTGSS);然后采用基于标号迁移系统(labeledtransitionsystem,简称LTS)的测试方法来静态生成满足各种结构覆盖标准的包含时间延迟变量迁移动作序列;最后,给出了一个根据迁移动作序列构造和执行测试用例的过程,该过程引入了时间延迟变量目标函数,并采用线性约束求解方法动态求解迁移动作序列中的时间延迟变量.

基于时间自动机的测试用例自动生成及执行方法

为了实现对时间自动机模型的测试,采用符号状态拆分算法对时间自动机的状态空间进行等价划分,以得到最简稳定符号状态转移图,并将其中的抽象时间延迟转移替换为时间延迟变量;针对系统中每个时间自动机建立各自的符号状态转移图,再采用基于符号迁移系统的测试方法分别生成相应的转移动作序列;最后通过对这些序列进行组合产生系统的测试用例,为了执行测试用例,利用TTCN-3的多PTC并发执行能力来实施测试。

面向媒体时序描述的带时间自动机的自动构造方法

依据有穷状态自动机模型，面向程序规范的并发系统和分布式系统测试方法的研究已经取得许多结果．由于特殊的实时和同步要求，这些结果不能直接应用于分布式多媒体软件系统的测试．为此，作者提出一种面向媒体对象时序描述的带时间自动机（Ｔｉｍ ｅｄ ａｕｔｏｍ ａｔａ）的自动构造方法，根据带时间自动机，对分布式多媒体软件系统进行非确定性测试时，可以较容易地判断运行结果正确与否；在进行确定性测试时，可以辅助自动生成测试用例

对时间自动机进行空性检测的过程和改进

为了提高对时间自动机进行空性检测的效率,研究了使用基于时钟区域(zone)的符号化方法和抽象对时间自动机进行空性检测,提出了针对时间自动机自身特点对检测过程进行改进的方法。通过使用基于zone的符号化表示方法和抽象,一个符号化状态表示显式的状态的集合,时间自动机的状态空间会显著缩小,不同的抽象方法对状态空间有不同的效果。符号化状态间不仅有相等关系还有包含关系,通过判断这种包含关系可以尽早的找到接收路径和避免不必要的状态展开从而提高空性检测的效率。实现了改进的检测过程,对一些例子进行了数据比较,取得了较好的实验结果。

改进的以SMT为基础的实时系统限界模型检测

基于SAT的限界模型检测在处理实时系统时具有很高的复杂度.SMT求解器在计算可满足性的同时,还能处理算术和其他可判定性理论.在对实时系统进行检测时,用SMT求解器代替SAT求解器,系统里的时钟就可以用整型或实型变量表示,时钟约束则可以直接表示成线性算术表达式,从而使整个检测过程更加高效.带时间参数的计算树逻辑(timed computation tree logic,简称TCTL)被用来描述实时系统里的性质.同时,还对检测方法作了相应的改进.

基于Yices对时间自动机的有界模型检测

为了避免在有界模型检测过程中对变量进行布尔编码以及对时间自动机模型中的时钟进行预处理,给出一个利用SMT(satisfiability modulo theories)工具进行的对时间自动机进行有界模型检测的方法。该方法将时间自动机模型直接转换成SMT工具可识别的逻辑公式,利用SMT工具可求解包含有整数型和实数型变量逻辑公式的能力来进行模型检测。实验结果表明,对于某些可达性性质的验证,该方法的效率有一定的优势。

Safety-critical medical device development using the UPP2SF model translation tool

Software-based control of life-critical embedded systems has become increasingly complex, and to a large extent has come to determine the safety of the human being. For example, implantable cardiac pacemakers have over 80,000 lines of code which are responsible for maintaining the heart within safe operating limits. As firmware-related recalls accounted for over 41% of the 600,000 devices recalled in the last decade, there is a need for rigorous model-driven design tools to generate verified code from verified software models. To this effect, we have developed the UPP2SF model-translation tool, which facilitates automatic conversion of verified models (in UPPAAL) to models that may be simulated and tested (in Simulink/Stateflow). We describe the translation rules that ensure correct model conversion, applicable to a large class of models. We demonstrate how UPP2SF is used in themodel-driven design of a pacemaker whosemodel is (a) designed and verified in UPPAAL (using timed automata), (b) automatically translated to Stateflow for simulation-based testing, and then (c) automatically generated into modular code for hardware-level integration testing of timing-related errors. In addition, we show how UPP2SF may be used for worst-case execution time estimation early in the design stage. Using UPP2SF, we demonstrate the value of integrated end-to-end modeling, verification, code-generation and testing process for complex software-controlled embedded systems. © 2014 ACM.