Skip to main content
SpringerLink
Log in

Modeling and formal analysis of virtually synchronous cyber-physical systems in AADL

  • General
  • Regular
  • Published:
International Journal on Software Tools for Technology Transfer Aims and scope Submit manuscript

Abstract

This paper presents the HybridSynchAADL modeling language and formal analysis tool for virtually synchronous cyber-physical systems with complex control programs, continuous behaviors, and bounded clock skews, network delays, and execution times. We leverage the Hybrid PALS methodology, so that it is sufficient to model and verify the much simpler underlying synchronous designs. We define the HybridSynchAADL language as a sublanguage of the avionics modeling standard AADL for modeling such synchronous designs in AADL. We define the formal semantics of HybridSynchAADL using Maude with SMT solving, which allows us to represent advanced control programs and communication features in Maude, while capturing timing uncertainties and continuous behaviors symbolically with SMT solving. We have developed new general methods for optimizing the performance of such symbolic rewriting, which makes the analysis of HybridSynchAADL models feasible. We have integrated the formal modeling and analysis of HybridSynchAADL models into the OSATE tool environment for AADL. Finally, we demonstrate the effectiveness of the Hybrid PALS methodology and HybridSynchAADL on a number of applications, including autonomous drones that collaborate to achieve common goals, and compare the performance of our tool with other state-of-the-art formal tools for hybrid systems.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15
Fig. 16
Fig. 17
Fig. 18
Fig. 19
Fig. 20
Fig. 21
Fig. 22
Fig. 23
Fig. 24
Fig. 25
Fig. 26
Fig. 27
Fig. 28

Similar content being viewed by others

Notes

  1. If, in addition, all message delays are 0, then the asynchronous system has more than 3 million reachable states, and its model checking takes more than 30 minutes.

  2. Although we present HybridSynchAADL in the context of Hybrid PALS, our language and tool can more generally be used to model and formally analyze any “synchronous” CPSs with continuous local environments that are sampled/actuated based on imprecise local clocks.

  3. Given performance bounds \(\Gamma \), PALS can find the shortest period p that allows all nodes to read the messages in the correct “rounds.”

  4. https://osate.org/

  5. Hardware components include: processor components that schedule and execute threads, memory components, device components, and bus components that interconnect processors, memory, and devices.

  6. A rewrite condition \(t_j \longrightarrow t_j'\) holds if (a substitution instance of) \(t_j'\) is reachable from (the substitution instance of) \(t_j\) in zero or more steps.

  7. There exist specialized solvers to support SMT solving with ODEs [35]. Because they have not been integrated with Maude, the current version only supports continuous functions.

  8. A component path is given by a period-separated path of component identifiers in AADL; for example,

    figure pg

  9. Since the period of the system is 10 (ms), we search for states reachable within \(30/10=3\) iterations/steps of the system.

  10. We have developed a variety of HybridSynchAADL models for rendezvous and formation control of different numbers of drones with single-integrator and double-integrator dynamics. All of them are available at https://hybridsynchaadl.github.io.

  11. We use equivalent control logic for both HybridSynchAADL models and hybrid automata models. For the drone rendezvous models, the control logics used in this experiment are simplified from one presented in Sect. 8.

References

  1. Steiner, W., Bauer, G., Hall, B., Paulitsch, M., Varadarajan, S.: TTEthernet dataflow concept. In: IEEE International Symposium on Network Computing and Applications, pp. 319–322 (2009). IEEE

  2. Leen, G., Heffernan, D., Dunne, A.: Digital networks in the automotive vehicle. Comput. Control Eng. J. 10(6), 257–266 (1999)

    Article  Google Scholar 

  3. Bae, K., Krisiloff, J., Meseguer, J., Ölveczky, P.C.: Designing and verifying distributed cyber-physical systems using Multirate PALS: an airplane turning control system case study. Sci. Comput. Program. 103, 13–50 (2015)

    Article  Google Scholar 

  4. Arney, D., Jetley, R., Jones, P., Lee, I., Sokolsky, O.: Formal methods based development of a PCA infusion pump reference model: generic infusion pump (GIP) project. In: HCMDSS-MDPnP, pp. 23–33 (2007). IEEE

  5. Kim, C., Sun, M., Mohan, S., Yun, H., Sha, L., Abdelzaher, T.F.: A framework for the safe interoperability of medical devices in the presence of network failures. In: Proceedings of ICCPS, pp. 149–158 (2010)

  6. Abrial, J., Börger, E., Langmaack, H. (eds.): Formal Methods for Industrial Applications: Specifying and Programming the Steam Boiler Control, vol. 1165. LNCS, Springer, Berlin (1996)

    MATH  Google Scholar 

  7. Al-Nayeem, A., Sun, M., Qiu, X., Sha, L., Miller, S.P., Cofer, D.D.: A formal architecture pattern for real-time distributed systems. In: Proceedings of RTSS, pp. 161–170. IEEE, USA (2009)

  8. Miller, S., Cofer, D., Sha, L., Meseguer, J., Al-Nayeem, A.: Implementing logical synchrony in integrated modular avionics. In: Proceedings of IEEE/AIAA 28th Digital Avionics Systems Conference. IEEE, USA (2009)

  9. Meseguer, J., Ölveczky, P.C.: Formalization and correctness of the PALS architectural pattern for distributed real-time systems. Theor. Comput. Sci. 451, 1–37 (2012)

    Article  MathSciNet  MATH  Google Scholar 

  10. Bae, K., Ölveczky, P.C., Kong, S., Gao, S., Clarke, E.M.: SMT-based analysis of virtually synchronous distributed hybrid systems. In: Proceedings of HSCC, pp. 145–154. ACM, New York, NY, USA (2016)

  11. Feiler, P.H., Gluch, D.P.: Model-Based Engineering with AADL: An Introduction to the SAE Architecture Analysis and Design Language. Addison-Wesley (2012)

  12. França, R.B., Bodeveix, J.-P., Filali, M., Rolland, J.-F., Chemouil, D., Thomas, D.: The AADL Behaviour Annex—experiments and roadmap. In: Proceedings of ICECCS. IEEE (2007)

  13. Clavel, M., Durán, F., Eker, S., Meseguer, J., Lincoln, P., Martí-Oliet, N., Talcott, C.: All About Maude—A High-Performance Logical Framework, vol. 4350. LNCS, Springer, Berlin (2007)

    MATH  Google Scholar 

  14. Rocha, C., Meseguer, J., Muñoz, C.: Rewriting modulo SMT and open system analysis. J. Log. Algebraic Methods Program. 86(1), 269–297 (2017)

    Article  MathSciNet  MATH  Google Scholar 

  15. Bae, K., Rocha, C.: Symbolic state space reduction with guarded terms for rewriting modulo SMT. Sci. Comput. Program. 178, 20–42 (2019)

    Article  Google Scholar 

  16. Baldoni, R., Coppa, E., D’Elia, D.C., Demetrescu, C., Finocchi, I.: A survey of symbolic execution techniques. ACM Comput. Surv. (CSUR) 51(3), 1–39 (2018)

    Article  Google Scholar 

  17. Dutertre, B.: Yices 2.2. In: Proceedings of CAV. LNCS, vol. 8559, pp. 737–744. Springer, Berlin (2014)

  18. Lee, J., Kim, S., Bae, K., Ölveczky, P.C.: HybridSynchAADL: modeling and formal analysis of virtually synchronous CPSs in AADL. In: Proceedings of CAV’21. LNCS, vol. 12759, pp. 491–504. Springer, Berlin (2021)

  19. Rushby, J.: Systematic formal verification for fault-tolerant time-triggered algorithms. IEEE Trans. Softw. Eng. 25(5), 651–660 (1999)

    Article  Google Scholar 

  20. Bae, K., Ölveczky, P.C.: MSYNC: a generalized formal design pattern for virtually synchronous multirate cyber-physical systems. In: ACM Transactions on Embedded Computing Systems (Proceedings of EMSOFT’21), vol. 20, no. 5s, Article 105 (2021)

  21. Caspi, P., Mazuet, C., Paligot, N.R.: About the design of distributed control systems: the quasi-synchronous approach. In: International Conference on Computer Safety, Reliability, and Security (2001). Springer

  22. Tripakis, S., Pinello, C., Benveniste, A., Sangiovanni-Vincent, A., Caspi, P., Di Natale, M.: Implementing synchronous models on loosely time triggered architectures. IEEE Trans. Comput. 57(10), 1300–1314 (2008)

    Article  MathSciNet  MATH  Google Scholar 

  23. Bae, K., Meseguer, J., Ölveczky, P.C.: Formal patterns for multirate distributed real-time systems. Sci. Comput. Program. 91, 3–44 (2014)

    Article  Google Scholar 

  24. Steiner, W., Rushby, J.: TTA and PALS: formally verified design patterns for distributed cyber-physical systems. In: 2011 IEEE/AIAA 30th Digital Avionics Systems Conference, pp. 7–51 (2011). IEEE

  25. Skeirik, S., Stefanescu, A., Meseguer, J.: A constructor-based reachability logic for rewrite theories. Fund. Inform. 173(4), 315–382 (2020)

    MathSciNet  MATH  Google Scholar 

  26. Clavel, M., Durán, F., Eker, S., Escobar, S., Lincoln, P., Martı-Oliet, N., Meseguer, J., Rubio, R., Talcott, C.: Maude manual (version 3.1). Technical report, SRI International, Menlo Park (2020). http://maude.cs.illinois.edu/w/index.php/Maude_Manual_and_Examples

  27. Meseguer, J.: Conditional rewriting logic as a unified model of concurrency. Theor. Comput. Sci. 96(1), 73–155 (1992)

    Article  MathSciNet  MATH  Google Scholar 

  28. Barrett, C., Conway, C.L., Deters, M., Hadarean, L., Jovanović, D., King, T., Reynolds, A., Tinelli, C.: CVC4. In: CAV, pp. 171–177 (2011). Springer

  29. Barrett, C., Stump, A., Tinelli, C., et al.: The SMT-LIB standard: version 2.0. In: SMT, vol. 13, p. 14 (2010)

  30. Ahmad, E., Larson, B.R., Barrett, S.C., Zhan, N., Dong, Y.: Hybrid Annex: an AADL extension for continuous behavior and cyber-physical interaction modeling. In: Proceedings of ACM SIGAda Annual Conference on High Integrity Language Technology (HILT’14). ACM, New York (2014)

  31. Qian, Y., Liu, J., Chen, X.: Hybrid AADL: a sublanguage extension to AADL. In: Proceedings of Internetware’13. ACM, New York (2013)

  32. Bae, K., Ölveczky, P.C., Meseguer, J.: Definition, semantics, and analysis of multirate synchronous AADL. In: Proceedings of FM’14. LNCS, vol. 8442. Springer, Berlin (2014)

  33. Bae, K., Ölveczky, P.C., Al-Nayeem, A., Meseguer, J.: Synchronous AADL and its formal analysis in Real-Time Maude. In: Proceedings of ICFEM’11, vol. 6991. LNCS, Springer, Berlin (2011)

  34. Ölveczky, P.C., Boronat, A., Meseguer, J.: Formal semantics and analysis of behavioral AADL models in Real-Time Maude. In: Formal Techniques for Distributed Systems, pp. 47–62. Springer, Berlin (2010)

  35. Gao, S., Kong, S., Clarke, E.M.: dReal: an SMT solver for nonlinear theories over the reals. In: Proceedings of CADE, vol. 7898, pp. 208–214. LNCS, Springer, Berlin (2013)

  36. Ren, W., Beard, R.W.: Distributed Consensus in Multi-vehicle Cooperative Control. Springer, Berlin (2008)

    Book  MATH  Google Scholar 

  37. Henzinger, T.: The theory of hybrid automata. In: Verification of Digital and Hybrid Systems. NATO ASI Series, vol. 170, pp. 265–292. Springer, Berlin, Heidelberg (2000)

  38. Bae, K., Gao, S.: Modular SMT-based analysis of nonlinear hybrid systems. In: Proceedings of FMCAD, pp. 180–187. IEEE (2017)

  39. Raisch, J., Klein, E., Meder, C., Itigin, A., O’Young, S.: Approximating automata and discrete control for continuous systems—two examples from process control. In: Hybrid Systems V, pp. 279–303. Springer, Berlin (1999)

  40. Yu, G., Bae, K.: Maude-SE: a tight integration of Maude and SMT solvers. In: Proceedings of International Workshop on Rewriting Logic and its Applications (2020)

  41. Cimatti, A., Griggio, A., Mover, S., Tonetta, S.: HyComp: an SMT-based model checker for hybrid systems. In: Proceedings of TACAS, vol. 9035. LNCS, Springer, Berlin (2015)

  42. Frehse, G., Guernic, C.L., Donzé, A., Cotton, S., Ray, R., Lebeltel, O., Ripado, R., Girard, A., Dang, T., Maler, O.: SpaceEx: scalable verification of hybrid systems. In: Proceedings of CAV, vol. 6806. LNCS, Springer, Berlin (2011)

  43. Chen, X., Ábrahám, E., Sankaranarayanan, S.: Flow*: an analyzer for non-linear hybrid systems. In: Proceedings of CAV, pp. 258–263 (2013). Springer

  44. Kong, S., Gao, S., Chen, W., Clarke, E.M.: dReach: \(\delta \)-reachability analysis for hybrid systems. In: Proceedings of TACAS, vol. 7898, pp. 200–205. LNCS, Springer, Berlin (2015)

  45. Bak, S., Bogomolov, S., Johnson, T.T.: HYST: a source transformation and translation tool for hybrid automaton models. In: Proceedings of HSCC’15, pp. 128–133 (2015)

  46. Ahmad, E., Dong, Y., Wang, S., Zhan, N., Zou, L.: Adding formal meanings to AADL with Hybrid Annex. In: Proceedings of FACS, vol. 8997. LNCS, Springer, Berlin (2015)

  47. Bao, Y., Chen, M., Zhu, Q., Wei, T., Mallet, F., Zhou, T.: Quantitative performance evaluation of uncertainty-aware Hybrid AADL designs using statistical model checking. IEEE Trans. CAD Integr. Circuits Syst. 36(12), 1989–2002 (2017)

    Article  Google Scholar 

  48. Liu, J., Li, T., Ding, Z., Qian, Y., Sun, H., He, J.: AADL+: a simulation-based methodology for cyber-physical systems. Front. Comput. Sci. 13(3), 516–538 (2019)

    Article  Google Scholar 

  49. Bae, K., Ölveczky, P.C., Meseguer, J., Al-Nayeem, A.: The SynchAADL2Maude tool. In: Proceedings of FASE’12, vol. 7212. LNCS, Springer, Berlin (2012)

  50. Baudart, G., Bourke, T., Pouzet, M.: Soundness of the quasi-synchronous abstraction. In: Proceedings of FMCAD, pp. 9–16 (2016). IEEE

  51. Larrieu, R., Shankar, N.: A framework for high-assurance quasi-synchronous systems. In: Proceedings of MEMOCODE, pp. 72–83 (2014). IEEE

  52. Halbwachs, N., Mandel, L.: Simulation and verification of asynchronous systems by means of a synchronous model. In: Sixth International Conference on Application of Concurrency to System Design (ACSD’06), pp. 3–14 (2006). IEEE

  53. Girault, A., Ménier, C.: Automatic production of globally asynchronous locally synchronous systems. In: International Workshop on Embedded Software, pp. 266–281 (2002). Springer

  54. Potop-Butucaru, D., Caillaud, B.: Correct-by-construction asynchronous implementation of modular synchronous specifications. Fund. Inform. 78(1), 131–159 (2007)

    MathSciNet  MATH  Google Scholar 

  55. Desai, A., Seshia, S.A., Qadeer, S., Broman, D., Eidson, J.C.: Approximate synchrony: an abstraction for distributed almost-synchronous systems. In: Proceedings of CAV’15. LNCS, vol. 9207, pp. 429–448. Springer, Berlin (2015)

  56. Bak, S., Duggirala, P.S.: Hylaa: a tool for computing simulation-equivalent reachability for linear systems. In: Proceedings of HSCC, pp. 173–178 (2017)

  57. Maler, O., Nickovic, D.: Monitoring temporal properties of continuous signals. In: Formal Techniques, Modelling and Analysis of Timed and Fault-Tolerant Systems, vol. 3253, pp. 152–166. LNCS, Springer, Berlin (2004)

  58. Bae, K., Lee, J.: Bounded model checking of signal temporal logic properties using syntactic separation. In: Proceedings of ACM Programming Language, vol. 3 (POPL) (Proceedings of POPL 2019) (2019)

  59. Lee, J., Yu, G., Bae, K.: Efficient SMT-based model checking for signal temporal logic. In: Proceedings of 36th IEEE/ACM International Conference on Automated Software Engineering (ASE’21), pp. 343–354 (2021). IEEE

  60. Agha, G., Palmskog, K.: A survey of statistical model checking. ACM Trans. Model. Comput. Simul. 28(1), 6–1639 (2018)

    Article  MathSciNet  Google Scholar 

  61. AlTurki, M., Meseguer, J.: PVeStA: a parallel statistical model checking and quantitative analysis tool. In: Proceedings of CALCO 2011, vol. 6859, pp. 386–392. LNCS, Springer, Berlin (2011)

  62. Agha, G.A., Meseguer, J., Sen, K.: PMaude: rewrite-based specification language for probabilistic object systems. Electron. Notes Theor. Comput. Sci. 153(2), 213–239 (2006)

    Article  Google Scholar 

Download references

Acknowledgements

We are grateful to John Hatcliff and the anonymous reviewers for very helpful comments on an earlier version of this paper. This work was partly supported by the National Research Foundation of Korea (NRF) grant funded by the Korea government (MSIT) (No. 2021R1A5A1021944) and Institute of Information & communications Technology Planning & Evaluation (IITP) grant funded by the Korea government (MSIT) (No. 2022-0-00103).

Author information

Authors and Affiliations

  1. Pohang University of Science and Technology, Pohang, South Korea

    Jaehun Lee, Kyungmin Bae & Minseok Kang

  2. University of Oslo, Oslo, Norway

    Peter Csaba Ölveczky

  3. Korea Shipbuilding & Offshore Engineering, Seoul, South Korea

    Sharon Kim

Authors
  1. Jaehun Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Kyungmin Bae
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Peter Csaba Ölveczky
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Sharon Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Minseok Kang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Kyungmin Bae.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Lee, J., Bae, K., Ölveczky, P.C. et al. Modeling and formal analysis of virtually synchronous cyber-physical systems in AADL. Int J Softw Tools Technol Transfer 24, 911–948 (2022). https://doi.org/10.1007/s10009-022-00665-z

Download citation

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10009-022-00665-z

Keywords

Search

Navigation