skip to main content
10.1145/1542452.1542475acmconferencesArticle/Chapter ViewAbstractPublication PagescpsweekConference Proceedingsconference-collections
research-article

Specification and verification of time requirements with CCSL and Esterel

Published: 19 June 2009 Publication History

Abstract

The UML Profile for Modeling and Analysis of Real-Time and Embedded (MARTE) systems has recently been adopted by the OMG. Its Time Model extends the informal and simplistic Simple Time package proposed by UML2 and offers a broad range of capabilities required to model real-time systems including discrete/dense and chronometric/logical time. MARTE OMG specification introduces a Time Structure inspired by Time models of the concurrency theory and proposes a new clock constraint specification language (CCSL) to specify, within the context of UML, logical and chronometric time constraints.
This paper introduces the formal semantics of a fundamental subset of CCSL clock constraints and proposes a process to use CCSL both as a high-level specification language for UML models and as a golden model to verify the conformance of implementations with the specification.
A digital filtering video application is used as a running example to support the discussion. The application is first formally specified with CCSL and the specification is refined based on feedback from our CCSL-dedicated simulator. In a second phase, an Esterel program of the application is considered. This program is instrumented with observers derived from the CCSL specification. Esterel Studio formal verification facilities are then used to check the conformity of the Esterel implementation with the CCSL specification. A specific library of Esterel observers has been built for this purpose.

References

[1]
C. André. Representation and analysis of reactive behaviors: A synchronous approach. In Computational Engineering in Systems Applications (CESA), pages 19--29. IEEE-SMC, July 1996.
[2]
C. André. Computing SyncCharts reactions. Electronic Notes in Theoretical Computer Science, 88: 3--19, October 2004.
[3]
C. André, F. Mallet, and R. de Simone. Modeling time(s). In G. Engels, B. Opdyke, D. C. Schmidt, and F. Weil, editors, phMoDELS, volume 4735 of phLecture Notes in Computer Science, pages 559--573. Springer, 2007.
[4]
J-R. Beauvais, E. Rutten, T. Gautier, R. Houdebine, P. Le Guernic, and Y.-M. Tang. Modeling statecharts and activitycharts as signal equations. ACM Trans. Softw. Eng. Methodol., 10 (4): 397--451, 2001.
[5]
A. Benveniste, P. Le Guernic, and C. Jacquemot. Synchronous programming with events and relations: the SIGNAL language and its semantics. Sci. Comput. Program., 16 (2): 103--149, 1991.
[6]
and de Simone}12yearslaterA. Benveniste, P. Caspi, S. Edwards, N. Halbwachs, P. Le Guernic, and R. de Simone. The synchronous languages twelve years later. Proceedings of the IEEE, 91 (1): 64--83, 2003.
[7]
G. Berry. The foundations of Esterel. In C. Stirling G. Plotkin and M. Tofte, editors, Proof, Language and Interaction: Essays in Honour of Robin Milner. MIT Press, 2000.
[8]
F. Boulanger and C. Hardebolle. Simulation of multi-formalism models with modhelx. In ICST, pages 318--327. IEEE Computer Society, 2008.
[9]
A. Cohen, M. Duranton, C. Eisenbeis, C. Pagetti, F. Plateau, and M. Pouzet. N-synchronous kahn networks: a relaxed model of synchrony for real-time systems. In J. Gregory Morrisett and Simon L. Peyton Jones, editors, POPL, pages 180--193. ACM, January 2006.
[10]
W. Damm, B. Josko, A. Pnueli, and A. Votintseva. A discrete-time UML semantics for concurrency and communication in safety-critical applications. Sci. Comput. Program., 55 (1-3): 81--115, 2005.
[11]
J. Eker, J. W. Janneck, E. A. Lee, J. Liu, X. L., J. Ludvig, S. Neuendorffer, S. Sachs, and Y. Xiong. Taming heterogeneity -- the ptolemy approach. Proceedings of the IEEE, 91 (1): 127---144, 2003.
[12]
N. Halbwachs. Synchronous Programming of Reactive Systems. Kluwer Academic Publishers, Amsterdam, 1993.
[13]
L. Lamport. Time, clocks, and the ordering of events in a distributed system. Commun. ACM, 21 (7): 558--565, 1978.
[14]
A. Le Guennec and B. Dion. Bridging UML and safety-critical software development environments. In Int. Conf. on Embedded and Real-Time Software, ERTS, 2006. URL http://www.esterel--technologies.com/.
[15]
E. A. Lee and A. L. Sangiovanni-Vincentelli. A framework for comparing models of computation. phIEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, 17 (12): 1217--1229, December 1998.
[16]
X. Li, C. Meng, P. Yu, J. Zhao, and G. Zheng. Timing analysis of UML activity diagrams. In M. Gogolla and C. Kobryn, editors, UML, volume 2185 of Lecture Notes in Computer Science, pages 62--75. Springer, October 2001.
[17]
F. Mallet and C. André. On the semantics of UML/MARTE clock constraints. In ISORC, pages 305--312. IEEE Computer Society, March 2009.
[18]
F. Mallet, C. André, and R. de Simone. CCSL: specifying clock constraints with UML/Marte. ISSE, 4 (3): 309--314, 2008.
[19]
K.L. McMillan. Interpolation and SAT-based model checking. In Warren A. Hunt Jr. and Fabio Somenzi, editors, CAV, volume 2725 of Lecture Notes in Computer Science, pages 1--13. Springer, July 2003. ISBN 3-540-40524-0.
[20]
P. Merlin. A Study of the Recoverability of Computer Systems. PhD, University of California, Irvine, 1974.
[21]
OMG. Systems Modeling Language (SysML) Specification 1.1. Object Management Group, May 2008. OMG document number: ptc/08-05-17.
[22]
OMG. phUnified Modeling Language, Superstructure, November 2007. Version 2.1.2 formal/2007-11-02.
[23]
C. A. Petri. Concurrency theory. In W. Brauer, W. Reisig, and G. Rozenberg, editors, phPetri Nets: Central Models and their properties, volume 254 of phLecture Notes in Computer Science, pages 4--24. Springer, 1987.
[24]
D. Potop-Butucaru, S. Edwards, and G. Berry. Compiling Esterel. Springer, 2007.
[25]
W. Reisig. Petri nets: an introduction. Monograph on Theoretical Computer Science. Springer, Berlin, 1985.
[26]
M. Sheeran, S. Singh, and G. Stålmarck. Checking safety properties using induction and a sat-solver. In W. A. Hunt Jr. and S. D. Johnson, editors, FMCAD, volume 1954 of Lecture Notes in Computer Science, pages 108--125. Springer, November 2000.
[27]
H. Störrle. Semantics and verification of data flow in UML 2.0 activities. phElectr. Notes Theor. Comput. Sci., 127 (4): 35--52, 2005.
[28]
The ProMARTE Consortium. UML Profile for MARTE, beta 2. Object Management Group, June 2008. OMG document number: ptc/08-06-08.
[29]
T. Weilkiens. Systems Engineering with SysML/UML: Modeling, Analysis, Design. The MK/OMG Press, Burlington, MA, USA., 2008.
[30]
L. Zaffalon. Programmation synchrone de systèmes réactifs avec Esterel et les SyncCharts. Presses Polytechniques et Universitaires Romandes, Lausane (CH), 2005.

Cited By

View all
  • (2023)Automated Synthesis of Safe Timing Behaviors for Requirements Models Using CCSLIEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems10.1109/TCAD.2023.328541242:12(5127-5140)Online publication date: Dec-2023
  • (2023)Accelerating Reinforcement Learning-Based CCSL Specification Synthesis Using Curiosity-Driven ExplorationIEEE Transactions on Computers10.1109/TC.2022.319795672:5(1431-1446)Online publication date: 1-May-2023
  • (2022)Requirements Metamodeling for Self-Adaptive Embedded SystemsInternational Journal of Software Innovation10.4018/IJSI.31150810:1(1-24)Online publication date: 21-Oct-2022
  • Show More Cited By

Recommendations

Reviews

Pierre Jouvelot

Timing is a key issue in reactive programming, a development paradigm suited to the design and implementation of safety-critical systems such as control and navigation devices that closely interact with their environment. While integrating some time specifications is possible in unified modeling language 2 (UML2), its time model is too limited to deal with the asynchronous and synchronous behaviors found in real-life situations. The Object Management Group (OMG)-sanctioned MARTE UML profile is an extension of the time model and comes with a powerful time specification framework: clock constraint specification language (CCSL). This paper provides a formal specification and one simple use case for CCSL. CCSL is based on time structures, which are sets of clocks seen as discrete or dense sets of instants, and sets of precedence relations between them. One can use CCSL to specify the constraints that such clocks must satisfy, such as sub-clocking or synchronization relationships. These constraints can be either synchronous or asynchronous. One can run a given CCSL specification on the TimeSquare simulator that generates sets of possible instant histories. To illustrate CCSL, a digital video filtering application is used throughout the paper. In particular, the authors show how its Esterel implementation can be verified against its CCSL specification, by adding observer code that generates exceptions if one clock constraint is not satisfied at a particular time. This paper, although lacking in focus, can be of use to readers interested in learning more about timing considerations in current advanced development environments for reactive systems. Online Computing Reviews Service

Access critical reviews of Computing literature here

Become a reviewer for Computing Reviews.

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
LCTES '09: Proceedings of the 2009 ACM SIGPLAN/SIGBED conference on Languages, compilers, and tools for embedded systems
June 2009
188 pages
ISBN:9781605583563
DOI:10.1145/1542452
  • cover image ACM SIGPLAN Notices
    ACM SIGPLAN Notices  Volume 44, Issue 7
    LCTES '09
    July 2009
    176 pages
    ISSN:0362-1340
    EISSN:1558-1160
    DOI:10.1145/1543136
    Issue’s Table of Contents
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 19 June 2009

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. marte
  2. synchronous languages
  3. time model
  4. uml

Qualifiers

  • Research-article

Conference

Acceptance Rates

LCTES '09 Paper Acceptance Rate 18 of 81 submissions, 22%;
Overall Acceptance Rate 116 of 438 submissions, 26%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)18
  • Downloads (Last 6 weeks)11
Reflects downloads up to 16 Jan 2025

Other Metrics

Citations

Cited By

View all
  • (2023)Automated Synthesis of Safe Timing Behaviors for Requirements Models Using CCSLIEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems10.1109/TCAD.2023.328541242:12(5127-5140)Online publication date: Dec-2023
  • (2023)Accelerating Reinforcement Learning-Based CCSL Specification Synthesis Using Curiosity-Driven ExplorationIEEE Transactions on Computers10.1109/TC.2022.319795672:5(1431-1446)Online publication date: 1-May-2023
  • (2022)Requirements Metamodeling for Self-Adaptive Embedded SystemsInternational Journal of Software Innovation10.4018/IJSI.31150810:1(1-24)Online publication date: 21-Oct-2022
  • (2022)Q: A Sound Verification Framework for Statecharts and Their ImplementationsProceedings of the 8th ACM SIGPLAN International Workshop on Formal Techniques for Safety-Critical Systems10.1145/3563822.3568014(16-26)Online publication date: 29-Nov-2022
  • (2021)Eliciting Timing Requirements for Cyber-Physical Systems: a Multiform Time based Approach2021 International Symposium on Theoretical Aspects of Software Engineering (TASE)10.1109/TASE52547.2021.00024(199-206)Online publication date: Aug-2021
  • (2021)Enumeration and Deduction Driven Co-Synthesis of CCSL Specifications using Reinforcement Learning2021 IEEE Real-Time Systems Symposium (RTSS)10.1109/RTSS52674.2021.00030(227-239)Online publication date: Dec-2021
  • (2020)Multiform Logical Time & Space for Specification of Automated Driving Assistance Systems: Work-in-Progress2020 International Conference on Embedded Software (EMSOFT)10.1109/EMSOFT51651.2020.9244041(22-24)Online publication date: 20-Sep-2020
  • (2020)Multiform Logical Time & Space for Mobile Cyber-Physical System With Automated Driving Assistance System2020 27th Asia-Pacific Software Engineering Conference (APSEC)10.1109/APSEC51365.2020.00050(415-424)Online publication date: Dec-2020
  • (2019)Sample-Guided Automated Synthesis for CCSL SpecificationsProceedings of the 56th Annual Design Automation Conference 201910.1145/3316781.3317904(1-6)Online publication date: 2-Jun-2019
  • (2019)Embedding CCSL into Dynamic Logic: A Logical Approach for the Verification of CCSL SpecificationsFormal Techniques for Safety-Critical Systems10.1007/978-3-030-12988-0_7(101-118)Online publication date: 2-Feb-2019
  • Show More Cited By

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media