Object-oriented modeling plays an increasing role in the design of embedded controllers. Formal verification can be applied in order to give evidence for meeting safety critical requirements. The “Rhapsody UML Verification Environment”supportsverificationofsafetyandliveness requirements for embedded controllers, developed within the Unified Modeling Language (UML). The verification environmentis integratedin thedesign tool “Rhapsody in C++ ” offered by the company I-Logix. This paper discusses how UML models are transformed into a format usable for the VIS model checker, shows the specification and verification on a simple example and explains how the tool can be used to help determining the memory resources of a model. 1.

embedded systems at bay. It is time to build a new scientific foundation with embedded systems design as the cornerstone, which will ensure a systematic and even-handed integration of the two fields. Computer science is maturing. Researchers have solved many of the discipline’s original, defining problems, and many of those that remain require a breakthrough that is impossible to foresee. Many current research challenges—the Semantic Web, nanotechnologies, computational biology, and sensor networks, for example—are pushing existing technology to the limits and into new applications. Many of the brightest students no longer aim to become computer scientists, but choose to enter directly into the life sciences or nanoengineering. 1 At the same time, computer technology has become ubiquitous in

Abstract. In this paper we describe an approach for real-time modeling in UML focusing on analysis and verification of time and scheduling related properties. We show that the use of timed events, representing instant of state changes, provides the right level of abstraction for reasoning about timed computations. This is also, at notation level, the choice of the OMG UML Real-Time Profile. We complete this profile by identifying important events and duration expressions. One originality of the approach presented here, is that it provides a formal semantics of the time related primitives in terms of timed automata with urgency. An interesting point is that this time extension is independent of the dynamic semantics of the functional part. 1

We present a tool-supported approach to the validation of system-level timing properties in formal models of distributed real-time embedded systems. Our aim is to provide system architects with rapid feedback on the timing characteristics of alternative designs in the often volatile early stages of the development cycle. The approach extends the Vienna Development Method (VDM++), a formal objectoriented modeling language with facilities for describing real-time applications deployed over a distributed infrastructure. A new facility is proposed for stating and checking validation conjectures (assertions concerning real-time properties) against traces derived from the execution of scenarios on VDM++ models. We define validation conjectures and outline their semantics. We describe the checking of conjectures against execution traces as a formallydefined extension of the existing VDM++ tool set, and show tools to visualise traces and validation conjecture violations. The approach and tool support are illustrated with a case study based on an in-car radio navigation system.

Abstract. Software frameworks offer sets of reusable and adaptable components embedded within an architecture optimized for a given target domain. This paper introduces an approach to the design of software frameworks for real-time applications. Real-Time applications are characterized by functional and non-functional (e.g. timing) requirements. The proposed approach separates the treatment of these two aspects. For functional issues, it defines an extensible state machine concept to define components that encapsulate functional behaviour and offer adaptation mechanisms to extend this behaviour which warrant preservation of the functional properties that characterize the framework. For timing issues, it defines software structures that are provably endowed with specific timing properties and which encapsulate functional activity in a way that warrants their enforcement. A UML2 profile is defined that formally captures both aspects and allows the proposed strategy to be deployed at design level. 1

Abstract. MDD and MDA approaches require capturing the behavior of UML models in sufficient detail and precision so that the models can be automatically implemented/executed in the production environment. With this purpose, Action Semantics were added to the UML specification as the fundamental unit of behavior specifications. Actions are the basis for defining the fine-grained behavior of operations, activity diagrams, interaction diagrams and state machines. Unfortunately, most of the current proposals devoted to the verification of behavioral models tend to skip the analysis of the actions they may include. The main goal of this PhD is to cover this gap by proposing a new verification framework aimed at verifying action-based behavioral specifications. In particular, we plan to describe several correctness properties of these specifications, develop a set of verification techniques based on the static analysis of the actions included in the actionbased behavioral specifications for verifying these properties and integrate our techniques with other existing verification approaches. 1