The Modest modeling language pairs modeling features from stochastic process algebra and from timed and probabilistic automata with light-weight notations such as exception handling. It is supported by the Motor tool, which facilitates the execution and evaluation of Modest specifications by means of the discrete event simulation engine of the Möbius tool. This paper describes the application of Modest, Motor and Möbius to a highly nontrivial case. We investigate the effect of faulty behavior on a hard real-time scheduling problem from the domain of lacquer production. The scheduling problem is first solved using the timed model-checker Uppaal. The resulting schedules are then embedded in a Modest failure model of the lacquer production line, and analyzed with the discrete event simulator of Möbius. This approach allows one to assess the quality of the schedules with respect to timeliness, utilization of resources, and sensitivity to different assumptions about the reliability of the production line. 1.

We propose a modeling language for structured specification of interacting components with both hybrid and stochastic dynamics.

Building automated tools to address the analysis of reactive probabilistic systems requires a simple, but expressive input language with a formal semantics based on a probabilistic operational model that can serve as starting point for verification algorithms. We introduce a higher level description language for probabilistic parallel programs with shared variables, message passing via synchronous and (perfect or lossy) fifo channels and atomic regions and provide a structured operational semantics. Applied to finite-state systems, the semantics can serve as basis for the algorithmic generation of a Markov decision process that models the stepwise behavior of the given system.

Tools and techniques based on timed automata (such as Uppaal and the timed I/O automata framework) have proven to be extremely useful for the analysis of protocols and control software for real-time systems. However, a significant limitation of these approaches is that, due to the expressiveness of the modeling languages, timelocks — degenerate states in which time is unable to pass — can freely arise and cannot, in the general case, be detected. As a remedy to this problem Sifakis et al. advocate the use of deadline predicates for the specification of progress properties of Alur-Dill style timed automata. In this article, we extend these ideas to a more general setting, which may serve as a basis for deductive verification techniques. More specifically, we extend the TIOA framework of Lynch et al with urgency predicates. We identify a suitable language to describe the resulting timed I/O automata with urgency and show that for this language time reactivity holds by construction. We also establish that the class of timed I/O automata with urgency is closed under composition. The use of urgency predicates is compared with three alternative approaches to specifying progress properties that have been advocated in the literature: invariants, stopping conditions and deadline predicates. We argue that in practice the use of urgency predicates leads to shorter and more natural specifications than any of the other approaches. Some preliminary results on proving invariant properties of timed (I/O) automata with urgency are presented. 1.

Abstract. We add specifications of location-aware measurements to performance models in a compositional fashion, promoting precision in performance measurement design. Using immediate actions to send control signals between measurement components we are able to obtain more accurate measurements from our stochastic models without disturbing their structure. A software tool processes both the model and the measurement specifications to give response time distributions and quantiles, an essential calculation in determining satisfaction of service-level agreements (SLAs). 1

Model checking is a popular algorithmic verification technique for checking temporal requirements of mathematical models of systems. In this paper, we consider the problem of verifying bounded reachability properties of stochastic real-time systems modeled as generalized semi-Markov processes (GSMP).

dargenio AT famaf.unc.edu.ar and B.Gebremichael AT cs.ru.nl Abstract. Delaying the synchronization of actions may reveal some hidden behavior that would not happen if the synchronization met the specified deadlines. This precise phenomenon makes bisimulation fail to be a congruence for the parallel composition of timed automata with deadlines, a variant of timed automata where time progress is controlled by deadlines imposed on each transition. This problem has been known and unsolved for several years. In this paper we give a characterization of the coarsest congruence that is included in the bisimulation relation. In addition, a symbolic characterization of such relation is provided and shown to be decidable. We also discuss the pitfalls of existing parallel compositions in this setting and argue that our definition is both reasonable and sufficiently expressive as to consider the modeling of both soft and hard real-time constraints. 1

An overview is presented of the state-of-the-art in model-based verification and validation of embedded systems, directed towards an industrial audience. Verification and validation consists in exploring the current design against properties expressed as part of the requirements. It includes testing, model checking, runtime verification and fault-diagnosis, and more exploratory techniques such as the use of theorem proving. During recent years, much progress has been made in theory, methods and tools for model-based verification and validation. In this paper, I will try to indicate for what type of practical problems it pays off to apply one of these modern techniques. Special attention will be paid to the results of six PROGRESS projects in this area. Embedded systems are highly specializable, often reactive, sub systems that provide, unnoticed by the user, information processing and control tasks to their embedding system. Embedded systems are omnipresent nowadays and make possible the creation of systems with a functionality that cannot be provided by human beings. Example application areas are consumer electronic products (e.g. CD

Over the last two decades formal methods have been extended towards performance and reliability evaluation. This paper tries to provide a rather intuitive explanation of the basic concepts and features in this area. Instead of striving for mathematical rigour, the intention is to give an illustrative introduction to the basics of stochastic models, to stochastic modelling using process algebra, and to model checking as a technique to analyse stochastic models.

Increasing the quality of software for new telecommunication services requires the joint use of di#erent testing techniques. For instance, automatic verification and performance evaluation are necessary to ensure desired throughput and reliability. However, both kinds of analysis were traditionally performed without sharing a common description of the system, and much work and time was wasted constructing di#erent specifications oriented to particular tools.