Results 1  10
of
56
Semantic anchoring with model transformations
 In ECMDAFA, volume 3748 of LNCS
, 2005
"... Abstract. ModelIntegrated Computing (MIC) is an approach to ModelDriven Architecture (MDA), which has been developed primarily for embedded systems. MIC places strong emphasis on the use of domainspecific modeling languages (DSMLs) and model transformations. A metamodeling process facilitated by ..."
Abstract

Cited by 46 (7 self)
 Add to MetaCart
(Show Context)
Abstract. ModelIntegrated Computing (MIC) is an approach to ModelDriven Architecture (MDA), which has been developed primarily for embedded systems. MIC places strong emphasis on the use of domainspecific modeling languages (DSMLs) and model transformations. A metamodeling process facilitated by the Generic Modeling Environment (GME) tool suite enables the rapid and inexpensive development of DSMLs. However, the specification of semantics for DSMLs is still a hard problem. In order to simplify the DSML semantics, this paper discusses semantic anchoring, which is based on the transformational specification of semantics. Using a mathematical model, Abstract State Machine (ASM), as a common semantic framework, we have developed formal operational semantics for a set of basic models of computations, called semantic units. Semantic anchoring of DSMLs means the specification of model transformations between DSMLs (or aspects of complex DSMLs) and selected semantic units. The paper describes the semantic anchoring process using the metaprogrammable MIC tool suite. 1
Generating Efficient Test Sets with a Model Checker
 In: 2nd International Conference on Software Engineering and Formal Methods
, 2004
"... It is wellknown that counterexamples produced by model checkers can provide a basis for automated generation of test cases. However, when this approach is used to meet a coverage criterion, it generally results in very inefficient test sets having many tests and much redundancy. We describe an impr ..."
Abstract

Cited by 45 (9 self)
 Add to MetaCart
It is wellknown that counterexamples produced by model checkers can provide a basis for automated generation of test cases. However, when this approach is used to meet a coverage criterion, it generally results in very inefficient test sets having many tests and much redundancy. We describe an improved approach that uses model checkers to generate efficient test sets. Furthermore, the generation is itself efficient, and is able to reach deep regions of the statespace. We have prototyped the approach using the model checkers of our SAL system and have applied it to modelbased designs developed in Stateflow. In one example, our method achieves complete state and transition coverage in a Stateflow model for the shift scheduler of a 4speed automatic transmission with a single test case.
Symbolic analysis for improving simulation coverage of simulink/stateflow models
 in EMSOFT ’08: Proceedings of the 8th ACM international conference on Embedded software, 2008
"... Aimed at verifying safety properties and improving simulation coverage for hybrid systems models of embedded control software, we propose a technique that combines numerical simulation and symbolic methods for computing statesets. We consider systems with linear dynamics described in the commercial ..."
Abstract

Cited by 36 (4 self)
 Add to MetaCart
(Show Context)
Aimed at verifying safety properties and improving simulation coverage for hybrid systems models of embedded control software, we propose a technique that combines numerical simulation and symbolic methods for computing statesets. We consider systems with linear dynamics described in the commercial modeling tool Simulink/Stateflow. Given an initial state x, and a discretetime simulation trajectory, our method computes a set of initial states that are guaranteed to be equivalent to x, where two initial states are considered to be equivalent if the resulting simulation trajectories contain the same discrete components at each step of the simulation. We illustrate the benefits of our method on two case studies. One case study is a benchmark proposed in the literature for hybrid systems verification and another is a Simulink demo model from Mathworks.
Formalizing the Structural Semantics of DomainSpecific Modeling Languages
, 2009
"... Modelbased approaches to system design are now widespread and successful. These approaches make extensive use of model structure to describe systems using domainspecific abstractions, to specify and implement model transformations, and to analyze structural properties of models. In spite of its ge ..."
Abstract

Cited by 16 (6 self)
 Add to MetaCart
Modelbased approaches to system design are now widespread and successful. These approaches make extensive use of model structure to describe systems using domainspecific abstractions, to specify and implement model transformations, and to analyze structural properties of models. In spite of its general importance the structural semantics of modeling languages are not wellunderstood. In this paper we develop the formal foundations for the structural semantics of domain specific modeling languages (DSML), including the mechanisms by which metamodels specify the structural semantics of DSMLs. Additionally, we show how our formalization can complement existing tools, and how it yields algorithms for the analysis of DSMLs and model transformations.
Verification Condition Generation via Theorem Proving
 Proceedings of the 13th International Conference on Logic for Programming, Artificial Intelligence, and Reasoning (LPAR 2006), Vol. 4246 of LNCS
, 2006
"... Abstract. We present a method to convert (i) an operational semantics for a given machine language, and (ii) an offtheshelf theorem prover, into a high assurance verification condition generator (VCG). Given a program annotated with assertions at cutpoints, we show how to use the theorem prover di ..."
Abstract

Cited by 15 (4 self)
 Add to MetaCart
(Show Context)
Abstract. We present a method to convert (i) an operational semantics for a given machine language, and (ii) an offtheshelf theorem prover, into a high assurance verification condition generator (VCG). Given a program annotated with assertions at cutpoints, we show how to use the theorem prover directly on the operational semantics to generate verification conditions analogous to those produced by a custombuilt VCG. Thus no separate VCG is necessary, and the theorem prover can be employed both to generate and to discharge the verification conditions. The method handles both partial and total correctness. It is also compositional in that the correctness of a subroutine needs to be proved once, rather than at each call site. The method has been used to verify several machinelevel programs using the ACL2 theorem prover. 1
2012a. From Verification to Implementation: A Model Translation Tool and a Pacemaker Case Study
 In 18th IEEE RealTime and Embedded Technology and Applications Symposium (RTAS
"... ModelDriven Design (MDD) of cyberphysical systems advocates for design procedures that start with formal modeling of the realtime system, followed by the model’s verification at an early stage. The verified model must then be translated to a more detailed model for simulationbased testing and fi ..."
Abstract

Cited by 13 (6 self)
 Add to MetaCart
(Show Context)
ModelDriven Design (MDD) of cyberphysical systems advocates for design procedures that start with formal modeling of the realtime system, followed by the model’s verification at an early stage. The verified model must then be translated to a more detailed model for simulationbased testing and finally translated into executable code in a physical implementation. As later stages build on the same core model, it is essential that models used earlier in the pipeline are valid approximations of the more detailed models developed downstream. The focus of this effort is on the design and development of a model translation tool, UPP2SF, and how it integrates system modeling, verification, modelbased WCET analysis, simulation, code generation and testing into an MDD based framework. UPP2SF facilitates automatic conversion of verified timed automatabased models (in UPPAAL) to models that may be simulated and tested (in Simulink/Stateflow). We describe the design rules to ensure the conversion is correct, efficient and applicable to a large class of models. We show how the tool enables MDD of an implantable cardiac pacemaker. We demonstrate that UPP2SF preserves behaviors of the pacemaker model from UPPAAL to Stateflow. The resultant Stateflow
Modal Models in Ptolemy
, 2010
"... Ptolemy is an opensource and extensible modeling and simulation framework. It offers heterogeneous modeling capabilities by allowing different models of computation to be composed hierarchically in an arbitrary fashion. This paper describes modal models, which allow to hierarchically compose finite ..."
Abstract

Cited by 10 (8 self)
 Add to MetaCart
(Show Context)
Ptolemy is an opensource and extensible modeling and simulation framework. It offers heterogeneous modeling capabilities by allowing different models of computation to be composed hierarchically in an arbitrary fashion. This paper describes modal models, which allow to hierarchically compose finitestate machines with other models of computation, both untimed and timed. The semantics of modal models in Ptolemy are defined in a modular manner.
An Evidential Tool Bus
 In Proceedings of ICFEM 2005
, 2005
"... Abstract. Theorem provers, model checkers, static analyzers, test generators... all of these and many other kinds of formal methods tools can contribute to the analysis and development of computer systems and software. It is already quite common to use several kinds of tools in a loose combination: ..."
Abstract

Cited by 9 (0 self)
 Add to MetaCart
(Show Context)
Abstract. Theorem provers, model checkers, static analyzers, test generators... all of these and many other kinds of formal methods tools can contribute to the analysis and development of computer systems and software. It is already quite common to use several kinds of tools in a loose combination: for example, we might use static analysis and then model checking to help find and eliminate design flaws prior to undertaking formal verification with a theorem prover. And some modern tools, such as test generators, are built using model checkers, predicate abstractors, decision procedures and constraint solvers as components in tight combination. But we can foresee a different kind of combination where many tools and methods are used in ad hoc combination within a single analysis. For example, static analysis might yield invariants that enable decision procedures to build a predicate abstraction whose reachable states are calculated as a BDD and then concretized to yield a strong invariant for the original system; the invariant then enables properties of the original system to be verified by highly automated theorem proving. This sort of combination clearly requires an integrating platform—a tool bus—to connect the various tools together; but the capabilities required go beyond those of platforms such as Eclipse. The entities exchanged among clients of the bus—proofs, counterexamples, specifications, theorems, counterexamples, abstractions—have logical content, and the overall purpose of the bus is to gather and integrate evidence for verification or refutation. In this paper I propose requirements for such an “evidential tool bus,” and sketch a possible architecture. 1
A Semantic Unit for Timed Automata Based Modeling Languages
 In Proceedings 12th IEEE RealTime and Embedded Technology and Applications Symposium (RTAS 2006
, 2006
"... ModelIntegrated Computing (MIC) is an infrastructure for modelbased design of realtime and embedded software and systems. MIC places strong emphasis on the use of domainspecific modeling languages (DSMLs) and model transformations in design flows. Building on our earlier work on transformational ..."
Abstract

Cited by 7 (5 self)
 Add to MetaCart
(Show Context)
ModelIntegrated Computing (MIC) is an infrastructure for modelbased design of realtime and embedded software and systems. MIC places strong emphasis on the use of domainspecific modeling languages (DSMLs) and model transformations in design flows. Building on our earlier work on transformational specification of semantics for DSMLs, the paper proposes a “semantic unit ” a common semantic model for timed automata State Machine (ASM) formalism. We show that the precise semantics of a wide range of timed automata based modeling languages (TAMLs) can be defined through specifying model transformations between a domainspecific TAML and the semantic unit. The proposed method that we call semantic anchoring is demonstrated by developing the transformation rules from the UPPAAL and IF languages to the semantic unit. 1.
Formal Semantics of Programming Languages  An Overview
, 2006
"... These notes give an overview of the main frameworks that have been developed for specifying the formal semantics of programming languages. Some of the pragmatic aspects of semantic descriptions are discussed, including modularity, and potential applicability to visual and modelling languages. Refere ..."
Abstract

Cited by 7 (0 self)
 Add to MetaCart
These notes give an overview of the main frameworks that have been developed for specifying the formal semantics of programming languages. Some of the pragmatic aspects of semantic descriptions are discussed, including modularity, and potential applicability to visual and modelling languages. References to the literature provide starting points for further study.