We present vpl2cxx, a translator that automatically generates efficient, fully distributed C++ code from high-level system models specified in the mathematically well-founded VPL design language. As the Concurrency Workbench of the New Century (CWB-NC) verification tool includes a front-end for VPL, designers may use the full range of automatic verification and simulation checks provided by this tool on their VPL system designs before invoking the translator, thereby generating distributed prototypes from validated specifications. Besides being fully distributed, the code generated by vpl2cxx is highly readable and portable to a host of execution environments and real-time operating systems. This is achieved by encapsulating all generated code dealing with low-level interprocess communication issues in a library for synchronous communication, which in turn is built upon the Adaptive Communication Environment (ACE) client-server network programming interface. Finally, example applications show that the performance of the generated code is very good, especially for prototyping purposes.We discuss two such examples, including the RETHER real-time Ethernet protocol for voice and video applications.
This paper gives a process-algebraic semantics for the hierarchical state machine (HSM) fragment of Statecharts, in which state transitions are permitted to cross state boundaries. Although frowned upon by researchers as promoting unstructured modeling, such transitions are used extensively in practice to model parameterized start states and conditional exit states. The purpose of this work is to develop a compositional semantics for HSMs that may be fit together with compositional semantic accounts for Statecharts without boundary-crossing transitions in order to arrive at a compositional theory for virtually the whole Statecharts language. Our technical development consists of a process algebra for HSMs that is equipped with an operational semantics, an argument that bisimulation is a congruence for the algebra, a syntax-directed translation procedure for HSMs into the process algebra, and an equational axiomatization of the algebra.
Effective design of middleware-based systems requires modeling notations that allow the use of process-interaction schemes provided by different middleware packages directly in designs. Traditional design notations typically only support a fixed class of interprocess interaction schemes, and designers wishing to use them for modeling middleware-based systems must devote significant effort to encoding the middleware primitives in the notation. In this paper, we demonstrate how a new graphical design notation, Architectural Interaction Diagrams (AIDs), which provides parameterized support for different interaction schemes, may be used to model a real-life middleware-based system like the Event
The Computer-Aided Resuscitation Algorithm, or CARA, is part of a US Army-developed automated infusion device for treating blood loss experienced by combatants injured on the battlefield. CARA is responsible for automatically stabilizing a patient's blood pressure by infusing blood as needed, based on blood-pressure data the CARA system collects. The control part of the system is implemented in software, which is extremely safety-critical and thus must perform correctly.
This paper describes a case study in which a verification tool, the Concurrency Workbench of the New Century (CWB-NC), is used to analyze a model of the CARA system. The huge state space of the CARA makes it problematic to conduct traditional ``push-button'' automatic verification, such as model checking. Instead, we develop a technique, called unit verification, which entails taking small units of a system, putting them in a ``verification harness'' that exercises relevant executions appropriately within the unit, and then model checking these more tractable units. For systems, like CARA, whose requirements are localized to individual system components or interactions between small numbers of components, unit verification offers a means of coping with huge state spaces.
This paper argues for performing information-flow-based securityanalysis in the first phase of the software development life cycle itself ie in the requirements elicitation phase. Message Sequence Charts (MSC)s have been widely accepted as a formal scenario-based visual notation for writing down requirements. In this paper, we discuss a method for checking if a TMSC (Triggered Message Sequence Chart), a recently propsed enhancement to classical MSCs, satisifes one of the most important information flow properties namely non-interference.
Rance Cleaveland Last modified: Tue Jan 04 10:16:12 Eastern Standard Time 2005