Logic-based modeling and analysis of timed systems Matteo Rossi - PDF document

Logic-based modeling and analysis of timed systems Matteo Rossi Dipartimento di Elettronica ed Informazione Politecnico di Milano The Formal Methods Group 2 People: � Dino Mandrioli � Angelo Morzenti � Pierluigi San Pietro � Matteo Pradella � Matteo Rossi � Paola Spoletini � Carlo A. Furia Research Focus: � Formal Methods for Safety-Critical Systems • modeling • analysis Home Page: � (old) http://www.elet.polimi.it/res/TRIO/ DEI Matteo Rossi 1

Timed Systems Modeling 3 Foundations: the TRIO language � first-order temporal logic with a linear, metric notion of time � parametric with respect to the temporal domain N , Z , Q , R , or subsets thereof • � suitable to describe systems both in-the-small and in-the-large • the latter through modular constructs such as the notion of class a number of variants and extensions of TRIO have been defined: � HOT (Higher Order Trio) • to powerfully represent complex types � ArchiTRIO • UML+TRIO, suitable for describing complex systems � RZ -TRIO • to seamlessly represent, in the same model, both discrete-time and continuous-time components Matteo Rossi DEI ArchiTRIO 4 The core idea of ArchiTRIO: � the first modeling, which involves laying out the system elements and their structure, is carried out with UML (v2.0) • for this, Class and Composite Structure Diagrams are used � then, when and where needed, the designer can introduce constraints through temporal logic formulas • the constraints can regard a number of issues: structural properties, relationships among elements, dynamical properties of the system, or a combination thereof The semantics of ArchiTRIO is formally defined through HOT � as a side-effect, ArchiTRIO offers a formal semantics for a subset of UML DEI Matteo Rossi 2

RZ -TRIO RZ 5 RZ -TRIO is a subset of TRIO such that, under suitable hypotheses and definitions, its formulas maintain the same meaning whether they are interpreted over a discrete or a continuous temporal domain RZ -TRIO can be used to: � model heterogeneous system components, some described with a continuous notion of time, some described with a discrete notion of time, in a way that allows them to be seamlessly integrated � start with the continuous-time description of a system, then automatically move to a discrete-time counterpart to perform verification in discrete time • easier to implement and somewhat more efficient than continuous- time verification Matteo Rossi DEI Analysis: Model Checking 6 Model checking TRIO specifications: � restricted version of TRIO • finite quantifications over non-temporal variables • discrete time – either bi-infinite or mono-infinite � both future and past temporal operators Peculiarity of the approach: � both the system S and the property P to be checked can be expressed as (sets of) TRIO formulas • purely logic approach DEI Matteo Rossi 3

Model checking: tools and techniques 7 2 techniques: � translation of TRIO formulas into alternating automata, which are then encoded into Promela (SPIN) • prototype tool: TRIO2PROMELA � Bounded Model Checking • translation of TRIO formulas into propositional formulas evaluated with respect to bounded time structures, then input to SAT-solver – this allows time to be infinite (in both directions) • prototype tool: Zot Matteo Rossi DEI Analysis: Theorem Proving 8 An encoding of TRIO into the higher-order logic of PVS has been defined, and some related proof strategies have been implemented Advantages � the full power of TRIO can be used � time can be continuous Disadvantages � not highly automated Using a similar approach, ArchiTRIO models can be translated into the higher-order logic of PVS to perform deductive verification DEI Matteo Rossi 4

Some Applications (past and future) 9 Energy production and distribution � in collaboration with CESI Airport Ground Traffic Control System Ventricular Assist Devices � in collaboration with University of Virginia Automotive � with European partners Flexible Manufacturing Systems � in collaboration with the Department of Mechanics of Politecnico di Milano Matteo Rossi DEI Projects related to Embedded Systems 10 Adaptive infrastructures for decentralised organizations (ArtDeco) � FIRB project, started in 2006 � we focus on modeling issues for distributed systems with heterogeneous components (from high-level services to field sensors) Holistic Design of Embedded Systems (HOLIDEYS) � submitted to FP VII Call 1 � the project proposal focuses on UML-based techniques for the formal development of heterogeneous embedded systems • in particular, the focus is on the SysML profile of UML DEI Matteo Rossi 5

References 11 [1] E. Ciapessoni, A. Coen-Porisini, E. Crivelli, D. Mandrioli, P. Mirandola, and A. Morzenti, From formal models to formally-based methods: an industrial experience , ACM Transactions on Software Engineering and Methodology, vol. 8, n. 1, pp. 79- 113, 1999. [2] M. Pradella, M. Rossi, and D. Mandrioli. ArchiTRIO: A UML-compatible language for architectural description and its formal semantics. In Proc. of FORTE 2005, Lecture Notes in Computer Science 3731, pp. 381-395, 2005. [3] C. A. Furia and M. Rossi. Integrating discrete- and continuous-time metric temporal logics through sampling . In Proc. of FORMATS 2006, Lecture Notes in Computer Science 4202, pp. 215-229, 2006. [4] A. Morzenti, M. Pradella, P. San Pietro, and P. Spoletini. Model-checking TRIO specifications in SPIN . In Proc. of FME 2003, Lecture Notes in Computer Science 2805, pp. 542–561, 2003. [5] M. Pradella, A. Morzenti, and P. San Pietro, The Symmetry of the Past and of the Future: Bi-infinite Time in the Verification of Temporal Properties . In Proc. of ESEC/FSE 2007, to appear. [6] A. Gargantini and A. Morzenti. Automated deductive requirements analysis of critical systems. ACM Transactions on Software Engineering and Methodology, vol. 10, n. 3, pp. 255–307, 2001. Matteo Rossi DEI 6