Prototyping of Real-time Component Based Systems by the use of Timed Automata

Trevor JonesLancaster University, UKt.jones@lancaster.ac.uk

Automata-beans

Automata-beans are Java-beans which have been derived from automata;These automata-beans can then be used in conjunction with other java-beans to model and then build a prototype system;

AutomataModel

Automata-beans

Java-beans

System ???

Aims and Objectives

To be able to model and, validate and verify components using timed automata;To be able to generate executable code from TA;To be able to use modelled/developing components alongside:

Existing components; Existing environments; Existing systems;

To not have to rely on requirements specified, but to instead use any “real” components available in order to model, validate and verify, and then prototype components.

Modelling a Light Bulb

This is a seemingly very simple example;What features need to be modelled? Light on Light off

The Automata Model

There are 2 possible states for the light bulb:- ON or OFF

The light bulb comes on when an appropriate current is applied, but how is this supplied?

OFF

ON

Current Applied

Current Removed

The Components

Obvious components: Light Bulb; Switch; Power Source;

Perhaps overlooked components: Bulb socket; Cables; People.

The Environment

Which components need to be part of the model?Which components are part of the environment?What is required in the specification of the environment?How is the interaction between the environment and the “device”?

The System

What is the System?Here are 3 possibilities: The components; The components and environment; The components interacting with the

environment.

The Model

What is going to be modelled?Here are some possibilities: The components; The components and the environment; The components interacting with the

environment: Simulated input, simulated output; “Real” input, simulated output; Simulated input, “real” output; “Real” input, “real” output.

Possibility #1

An attempt is made to model all components involved in the system.Light Socket

(supplying required power)

Light switch

Power supply

Light Bulb

Possibility #2

The light bulb is modelled along with its environment.

Light Bulb

Environment

Possibility #3

The light bulb itself is modelled along with interfaces to the environment.

Light BulbDestruction

Light Socket(supplying required power)

What Automata-beans allow

Automata-beans can be used for both possibility #1 and #3:

#1: Each device is modelled using timed automata;

#3: Only the light bulb is modelled using an automata. The interfaces between it and the environment can be implemented using java-beans and “real” hardware components.

Solution #1

Advantages Simple; Highlights

problems with model, which can then be fixed;

Cheap; Convincing.

Disadvantages May have to model

several components;

Components may be difficult to model (e.g. People);

Only modelled behaviour can be simulated (I.e. the unexpected may never happen).

Solution #2

Advantages Gives a, hopefully,

complete picture;

Disadvantages Almost impossible to

model; Any model will have

limitations; Unexpected behaviour

cannot be modelled; Complexity will be

very high; Expensive on time

when trying to model; Model checking will be

near impossible.

Solution #3

Advantages Fewer automata

to be written; Less chance to

make mistakes; More focus can be

put on the components in question;

Unexpected behaviour occurs;

Disadvantages Hardware interfaces

may need to be implemented;

May be expensive; It is not always

possible to interface a model with an environment;

It may not be sensible to interface with the environment;

May be difficult to model check.

Things to note

You may simply have been asked to supply a component and given a set of interfaces;Access to the environment may or may not be available;Previous models of the environment may be available;Requirements must be accurate and specific; For example, our light bulb may be placed in an

area where it is under fire from projectiles: It may be that we need to provide some protective

shielding; Or, the protective shielding may already be in place.

The Final Solution

A hybrid approach may be taken;Input can be from both the environment and modelled components from that environment;

“Real”input

Simulated

input

Requiredcomponent

model

Additionalcomponents

Validation and Verification

Additionalbehaviour

The Light-bulb

The power,People, the switch

Destruction

The automata model of a light bulb

NA

Validation and Verification

Light bulbexplodes

Automata-beans

By mapping automata component models onto automata-beans, more “real” components can be used AND it is easier to integrate other formal modelling techniques;In addition, automata-beans themselves can be used as software components when prototyping a system.

The Future

Areas of further research include: Components; Middleware; Formal Modelling Techniques; Validation and Verification

Techniques;