Project : popart
Section: New Results
Compositional modeling and analysis
Participant : G. Gössler.
Component-based modeling is crucial to overcome the complexity of embedded systems. However, two major obstacles need to be addressed: the heterogenous nature of the models, and the lack of results to guarantee correction of the composed system.
The technique of model-checking allows to verify or falsify correctness of the system with respect to some property, but it has two drawbacks: its cost and the fact that this method is not constructive. The goal of compositional modeling is to guarantee correctness of real-time systems at a reasonable cost. The idea of compositionality is to infer properties of a model from the properties of its components. It is therefore necessary to find properties on the structure of the components and on their composition that imply the required properties of the composed model.
The heterogenous nature comes from the fact that it is usually necessary to compose different parts of the system on different levels of abstraction, and using different models of computation (e.g., timed and untimed automata), models of interaction (e.g., blocking or non-blocking, rendez-vous or broadcast), and models of execution. The modeling formalism and the composition operation has to support this heterogenous nature of the components.
We have developed a general model for component-based construction of real-time systems . The latter are modeled by transition systems. Two kinds of constraints on the integration of components are described by the interaction model and the execution model. The interaction model describes the topology of the system and the types of interactions between the components. The execution model specifies constraints relative to scheduling and resource management. A commutative and associative composition operation allows for incremental modeling of the system. We have so far proposed results to guarantee by construction safety, deadlock-freedom of the system, and deadlock-freedom of the components in the system  . These results are conservative approximations. When they fail to establish correctness, help from other methods such as controller synthesis (section 6.3) may be required. We are therefore interested in combining both approaches.