Abstract
UML/MARTE model-driven development approaches are gaining attention in developing real-time embedded software (RTES). UML behavioral models with MARTE annotations are used to describe timing behaviors and timing characteristics of RTES. Particularly, state machine, sequence, and timing diagrams with MARTE annotations are appropriate to understand and analyze timing behaviors of RTES. However, to guarantee software correctness and safety, timing inconsistencies in UML/MARTE should be identified in the design phase of RTES. UML/MARTE timing inconsistencies are related to modeling errors and can be hazards throughout the lifecycle of RTES. We propose a systematic approach to check timing consistency of state machine, sequence, and timing diagrams with MARTE annotations for RTES. First, we present how state machine, sequence, and timing diagrams with MARTE annotations specify the behaviors of RTES. To overcome informal semantics of UML/MARTE models, we provide formal definitions of state machine, sequence, and timing diagrams with MARTE annotations. Second, we present the timing consistency checking approach that consists of a rule-based and a model checking-based timing consistency checking. In the rule-based timing consistency checking, we validate well formedness of UML/MARTE behavioral models in timing aspects. In the model checking-based timing consistency checking, we verify whether timing behaviors of sequence and timing diagrams with MARTE annotations are consistent with the timing behaviors of state machine diagrams with MARTE annotations. We support an automated timing consistency checking tool UML/MARTE timing Consistency Analyzer for a seamless approach. We demonstrate the effectiveness and the practicality of the proposed approach by two case studies using cruise control system software and guidance and control unit software .
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Alur, R., & Dill, D. L. (1994). A theory of timed automata. Theoretical Computer Science, 126(2), 183–235.
Amnell, T., Fersman, E., Pettersson, P., Sun, H., & Yi, W. (2002). Code synthesis for timed automata. Nordic Journal of Computing, 9(4), 269–300.
Amnell, T., Fersman, E., Mokrushin, L., Pettersson, P., & Yi, W. (2004). TIMES: A tool for schedulability analysis and code generation of real-time systems. In Formal modeling and analysis of timed systems (pp. 60–72). Berlin: Springer.
Bérard, B., Bidoit, M., Finkel, A., Laroussinie, F., Petit, A., Petrucci, L., et al. (2010). Systems and software verification: Model-checking techniques and tools. Berlin: Springer.
Chiorean, D., Paşca, M., Cârcu, A., Botiza, C., & Moldovan, S. (2004). Ensuring UML models consistency using the OCL environment. Electronic Notes in Theoretical Computer Science, 102, 99–110.
Choi, J. (2015). UMCA (UML/MARTE timing Consistency Analyzer) tool. http://sites.google.com/site/jhchoi93/.
Choi, J., & Bae, D. H. (2012). An approach to constructing timing diagrams from UML/MARTE behavioral models for guidance and control unit software. In Computer applications for database, education, and ubiquitous computing (pp. 107–110). Berlin: Springer.
Choi, J., Shim, J., & Yim, S. (2005). The implementation and performance analysis of soft timer interrupt UML-RT model on a windows platform with real-time extension. In Proceedings of the korea information science society fall conference (Vol. 32, pp. 841–843)
Choi, J., Jee, E., Kim, H. J., & Bae, D. H. (2011a). A case study on timing constraints verification for a safety-critical, real-time system. In Proceedings of the Korea computer congress (KCC) (Vol. 38, pp. 166–169).
Choi, J., Jee, E., Kim, H. J., & Bae, D. H. (2011b). A case study on timing constraints verification for a safety-critical, time-triggered embedded software. Journal of KIISE: Software and Applications, 38(12), 647–656.
Choi, J., Jee, E., & Bae, D. H. (2012a). Systematic vxworks-based code generation from timed automata model. In Proceedings of the Korea computer congress (KCC) (Vol. 39, pp. 138–140).
Choi, J., Jee, E., & Bae, D. H. (2012b) Toward systematic construction of timing diagrams from UML/MARTE behavioral models for time-triggered embedded software. In 2012 IEEE sixth international conference on Software Security and Reliability (SERE) (pp. 118–127).
Choi, J., Jee, E., & Bae, D. H. (2013). Systematic generation of VxWorks-based code from timed automata models. Journal of KIISE: Computing Practices and Letters, 19(2), 90–94.
Clarke, E. M., Grumberg, O., & Peled, D. (1999). Model checking. Cambridge: MIT Press.
Egyed, A. (2006). Instant consistency checking for the UML. In Proceedings of the 28th international conference on Software Engineering (pp. 381–390). ACM
Egyed, A. (2007). UML/Analyzer: A tool for the instant consistency checking of UML models. In 29th International Conference on Software Engineering, 2007. ICSE 2007 (pp. 793–796).
Egyed, A. (2011). Automatically detecting and tracking inconsistencies in software design models. IEEE Transactions on Software Engineering, 37(2), 188–204.
Engels, G., Küster, J. M., Heckel, R., & Groenewegen, L. (2001). A methodology for specifying and analyzing consistency of object-oriented behavioral models. In ACM SIGSOFT Software Engineering Notes (Vol. 26, pp. 186–195)
Fersman, E., Pettersson, P., Yi, W. (2002). Timed automata with asynchronous processes: Schedulability and decidability. In Tools and Algorithms for the Construction and Analysis of Systems (pp. 67–82). Berlin: Springer
Fowler, M. (2004). UML distilled: A brief guide to the standard object modeling language. Boston: Addison-Wesley Professional.
Gherbi, A., & Khendek, F. (2007) Consistency of UML/SPT models. In SDL 2007: Design for dependable systems (pp. 203–224). Berlin: Springer.
Gogolla, M., Büttner, F., & Richters, M. (2007). Use: A UML-based specification environment for validating UML and OCL. Science of Computer Programming, 69(1), 27–34.
Gomaa, H. (2001). Designing concurrent, distributed, and real-time applications with UML. In Proceedings of the 23rd international conference on software engineering, (pp. 737–738). IEEE Computer Society.
Gomes, L., Fernandes, J. M., & Global, I. (2010). Behavioral modeling for embedded systems and technologies: Applications for design and implementation. InInformation Science Reference
Holzmann, G. J. (2003). The SPIN model checker: Primer and reference manual. Boston: Addison-Wesley Professional.
Knapp, A., Merz, S., & Rauh, C. (2002). Model checking timed UML state machines and collaborations. In Formal techniques in real-time and fault-tolerant systems, (pp. 395–414). Berlin: Springer
Kuster, J., & Stroop J (2001) Consistent design of embedded real-time systems with UML-RT. In Proceedings. Fourth IEEE international symposium on object-oriented real-time distributed computing, 2001. ISORC-2001, (pp. 31–40).
Laleau, R., & Polack, F. (2008). Using formal metamodels to check consistency of functional views in information systems specification. Information and Software Technology, 50(7), 797–814.
Lavagno, L., Martin, G., & Selic, B. V. (2003). UML for real: Design of embedded real-time systems. Berlin: Springer.
Leveson, N. (2011). Engineering a safer world: Systems thinking applied to safety. Cambridge: Mit Press.
Lucas, F. J., Molina, F., & Toval, A. (2009). A systematic review of UML model consistency management. Information and Software Technology, 51(12), 1631–1645.
Millett, L. I., Thomas, M., Jackson, D., et al. (2007). Software for dependable systems: Sufficient evidence?. Washington: National Academies Press.
Nentwich, C., Capra, L., Emmerich, W., & Finkelsteiin, A. (2002). xlinkit: A consistency checking and smart link generation service. ACM Transactions on Internet Technology (TOIT), 2(2), 151–185.
Nguyen, M. C., Jee, E., Choi, J., & Bae, D. H. (2014). Automatic construction of timing diagrams from UML/MARTE models for real-time embedded software. In Proceedings of the 29th annual ACM symposium on applied computing, (pp. 1140–1145).
OMG. (2005). UML profile for schedulability, performance, and time specification, version 1.1 (formal/2005-01-02) Edition. http://www.omg.org.
OMG. (2006). Object Constraint Language. version 2.0 (formal/06-05-01) Edition. http://www.omg.org.
OMG. (2011a). UML profile for MARTE: Modeling and analysis of real-time embedded systems. version 1.1 (formal/2011-06-02) Edition. http://www.omg.org
OMG. (2011b). Unified Modeling Language: Superstructure. version 2.4.1 (formal/2011-08-06) Edition. http://www.omg.org.
Papyrus . (2012). Papyrus. http://www.eclipse.org/modeling/mdt/papyrus/
Paradigm, V. (2012). Visual Paradigm for UML Communication Edition. http://www.visual-paradigm.com.
Peraldi-Frati, M. A., Blom, H., Karlsson, D., & Kuntz, S. (2012). Timing modeling with autosar-current state and future directions. In Design, automation and test in Europe conference and exhibition (DATE), IEEE (pp. 805–809).
Pont, M. J. (2001). Patterns for time-triggered embedded systems. New York: Person Edueation.
Rumbaugh, J., Jacobson, I., & Booch, G. (2004). The unified modeling language reference manual. Boston: Addison-Wesley Professional.
Selic, B. (1998). Using UML for modeling complex real-time systems. In Languages, compilers, and tools for embedded systems (pp. 250–260), Berlin: Springer.
Sgroi, M., Lavagno, L., & Sangiovanni-Vincentelli, A. (2000). Formal models for embedded system design. IEEE Design & Test of Computers, 17(2), 14–27.
Sommerville, I. (2011). Software engineering (9th ed.). Boston: Addison Wesley.
Sourrouille, J. L., & Caplat, G. (2002). Checking UML model consistency. In Workshop on consistency problems in UML-based software development, Blekinge Institute of Technology (pp. 1–15).
TIMES. (2007). Uppsala university design and analysis of real-time systems team. TIMES-a tool for modeling and implementation of embedded systems. http://www.timestool.com.
UPPAAL. (2012). Uppsala University and Aalborg University. UPPAAL-a tool for verification of real-time systems. http://www.uppaal.org.
Usman, M., Nadeem, A., Kim, T. H., & Cho, E. S. (2008). A survey of consistency checking techniques for UML models. In Advanced software engineering and its applications, 2008, ASEA 2008 IEEE, (pp. 57–62).
Wieringa, R. J. (2003). Design methods for reactive systems: Yourdon, statemate, and the UML. Amsterdam: Elsevier.
Zhao, X., Long, Q., & Qiu, Z. (2006). Model checking dynamic UML consistency. In Formal methods and software engineering, Berlin: Springer (pp. 440–459).
Author information
Authors and Affiliations
Corresponding author
Appendices
Appendix 1: Rules for rule-based timing consistency checking
1.1 Intra-model consistency checking rules
SMD-MARTE ExecTime
SMD-MARTE ExecTime rule defines that an execution time of an SMD/MARTE should be greater than or equal to an execution time of the following two conditions:
-
1.
An execution time of each state.
-
2.
Execution times of execution paths from a state with a receiving message in a incoming transition to a state with a sending message in a outgoing transition only if all states in execution paths have an execution time. ⌟
Rule. SD-MARTE ExecTime
SD-MARTE ExecTime rule defines that an execution time of a lifeline in an SD/MARTE should be greater than or equal to an execution time of each execution specification in the lifeline. ⌟
Rule. TD-MARTE ExecTime
TD-MARTE ExecTime rule defines that if duration of a state represents an execution time, an execution time of a lifeline in a TD/MARTE is greater than or equal to the following two conditions:
-
1.
An execution time of each state.
-
2.
Execution times of execution paths from a state with a receiving message to a state with a sending message. ⌟
Rule. SMD-MARTE Deadline
Rule. SD-MARTE Deadline
Rule. TD-MARTE Deadline
SMD-MARTE Deadline, SD-MARTE Deadline, and TD-MARTE Deadline rules define that deadline should be greater than or equal to an execution time of a UML/MARTE model. ⌟
Rule. SD-MARTE TimeObservation
SD-MARTE TimeObservation rule defines that a time observation value in an SD/MARTE is the sum of a time observation value and an execution time of the previous execution specification in the SD/MARTE. ⌟
Rule. TD-MARTE TimingRuler
TD-MARTE TimingRuler rule defines that the timing ruler values in a TD/MARTE should be increased at regular intervals. ⌟
1.2 Inter-model consistency checking rules
Rule. SD-SMD MARTE
SD-SMD MARTE rule defines that MARTE annotation linked to a lifeline in an SD/MARTE should be the same as a MARTE annotation linked to an SMD/MARTE of the lifeline. ⌟
Rule. SD-SMD Lifeline
SD-SMD Lifeline rule defines that a lifeline in an SD/MARTE should have a corresponding SMD/MARTE. ⌟
Rule. SD-SMD Message
SD-SMD Message rule defines that a receiving message and a sending message of lifelines in an SD/MARTE should be defined in events and actions in an SMD/MARTE of the lifeline, respectively. ⌟
Rule. SD-SMD ExecTime
SD-SMD ExecTime rule defines that an execution time of an execution specification in an SD/MARTE is greater than or equal to an execution time of a state in an SMD/MARTE for the following three conditions:
-
1.
An execution time of an execution specification with only a receiving message in an SD/MARTE should be greater than or equal to an execution time of a state with the same receiving message in an SMD/MARTE of the lifeline.
-
2.
An execution time of an execution specification with only a sending message in an SD/MARTE should be greater than or equal to an execution time of a state with the same sending message in an SMD/MARTE of the lifeline.
-
3.
An execution time of an execution specification with a receiving message and a sending message in an SD/MARTE should be equal to an execution time of a path from a state with the same receiving message to a state with the same sending message in an SMD/MARTE of the lifeline. ⌟
Rule. TD-SMD MARTE
TD-SMD MARTE rule defines that a MARTE annotation linked to a lifeline in a TD/MARTE should be equal to a MARTE annotation linked to an SMD/MARTE of the lifeline. ⌟
Rule. TD-SMD Lifeline
TD-SMD Lifeline rule defines that a lifeline in a TD/MARTE should have a corresponding SMD/MARTE. ⌟
Rule. TD-SMD Message
TD-SMD Message rule defines that a receiving message and a sending message of lifelines in a TD/MARTE should be defined in events or actions of an SMD/MARTE of the lifeline, respectively. ⌟
Rule. TD-SMD State
TD-SMD State rule defines that states of a lifeline in a TD/MARTE should be defined in an SMD/MARTE of the lifeline. ⌟
Rule. TD-SMD ExecTime
TD-SMD ExecTime rule defines that an execution time of a state of a lifeline in a TD/MARTE is the same as an execution time of a state in an SMD/MARTE of the lifeline. ⌟
Rule. SD-TD MARTE
SD-TD MARTE rule defines that MARTE annotation of a lifeline in an SD/MARTE should be the same as a MARTE annotation of the lifeline in a TD/MARTE. ⌟
Rule. SD-TD Lifeline
SD-TD Lifeline rule defines that a lifeline of an SD/MARTE and a lifeline of TD/MARTE should be the same only if MARTE annotations of an SD/MARTE and a TD/MARTE are same and a message of the lifeline in an SD/MARTE is included in messages of the lifeline in a TD/MARTE. ⌟
Rule. SD-TD ExecTime
SD-TD ExecTime rule defines that an execution time of an execution specification of a lifeline in an SD/MARTE is the same as an execution time of a state in a TD/MARTE only if the execution specification of a lifeline has a receiving and sending message, and the lifeline in a TD/MARTE also have the same receiving and sending message. ⌟
Appendix 2: SMDs/MARTE for CCS software
See Figs. 30, 31, 32, 33, 34 and 35.
SMD/MARTE for SettingController
SMD/MARTE for CruiseController
SMD/MARTE for display
SMD/MARTE for SpeedCounter
SMD/MARTE for SpeedController
SMD/MARTE for user
Rights and permissions
About this article
Cite this article
Choi, J., Jee, E. & Bae, DH. Timing consistency checking for UML/MARTE behavioral models. Software Qual J 24, 835–876 (2016). https://doi.org/10.1007/s11219-015-9290-6
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11219-015-9290-6