Model Based Verification (MBV) is a systematic approach to finding defects (errors) in software r... more Model Based Verification (MBV) is a systematic approach to finding defects (errors) in software requirements, designs, or code. MBV involves creating essential models of system behavior and analyzing these models against formal representations of expected properties, known as claims. Claim generation has been identified as a particularly complex activity within model-based verification. This technical note describes a pattern-based approach to facilitate claim generation. The report includes a list of directly usable patterns for the most frequent expected properties found in system specifications.
This technical note provides guidance for the analysis activity that occurs during the interpreta... more This technical note provides guidance for the analysis activity that occurs during the interpretation of results produced by model-checking tools. In the model-checking analysis activity, the main question is, "Does the system behave correctly?" To answer this question, a model and a set of expected properties are used as input to a model checker. The expected output is a confirmation or refutation of the specified expected properties. In most cases, if the model checker does not confirm the property, it provides a counterexample. Counterexamples are executions of the model showing the sequence of steps that refutes the expected property. Sometimes the state space to be explored in order to find this counterexample is so large that it cannot be completely covered. This is the state explosion problem. Models must be tuned to reduce the state space; this is a manual and intuitive task. Interpreting the model checker's output can also be difficult. The significance of the...
Model-Based Verification (MBV) is a systematic approach to finding defects (errors) in software r... more Model-Based Verification (MBV) is a systematic approach to finding defects (errors) in software requirements, designs, or code. The approach judiciously incorporates mathematical formalism, in the form of models, to provide a disciplined and logical analysis practice, rather than a "proof of correctness" strategy. This technical note presents a number of abstraction techniques that can be used to build essential models of system behavior in the context of MBV and details a methodology for creating state machine models using those techniques. In building essential models, abstraction is used to hide details and expose the entities, variables, states, and transitions needed to construct a state machine model. Through illustrative examples, this technical note identifies the types of simplifications that are useful and effective and highlights the importance of the perspective in determining what are the important elements to include in an abstracted model.
The goal of model-based verification (MBV) is to reduce the number of defects. Like any other qua... more The goal of model-based verification (MBV) is to reduce the number of defects. Like any other quality assurance (QA) technique, it is not equally efficient in every situation. It is critical to determine where and how to use MBV to achieve the largest impact in terms of the number and criticality of defects found with a reasonable amount of effort. This document provides guidance for defining the scope, formalism (approach and tools), and perspective for applying MBV. The critical (important or risky) aspects of the system and its development, including both programmatic and technical issues, drive these choices and form the basis for these guidelines.
The emerging Society of Automotive Engineers Architecture Analysis and Design Language (AADL) sta... more The emerging Society of Automotive Engineers Architecture Analysis and Design Language (AADL) standard is an architecture modeling language for real-time, fault-tolerant, scalable, embedded, multiprocessor systems. It enables the development and predictable integration of highly evolvable systems as well as analysis of existing systems. It supports early and repeated analyses of a system's architecture with respect to performance-critical properties through an extendable notation, a tool framework, and precisely defined semantics. This report discusses the role and benefits of using the AADL in the process of analyzing an existing avionics system. The AADL is used to describe architecture patterns in the system being analyzed and to identify potentially systemic issues in the system. Findings related to timing, scheduling, and fault tolerance and the benefits of the use of the AADL are examined. The report also highlights the benefits of working with architecture abstractions th...
for the operation of the Software Engineering Institute, a federally funded research and developm... more for the operation of the Software Engineering Institute, a federally funded research and development center. The Government of the United States has a royalty-free government-purpose license to use, duplicate, or disclose the work, in whole or in part and in any manner, and to have or permit others to do so, for government purposes pursuant to the copyright license under the clause at 252.227-7013. For information about purchasing paper copies of SEI reports, please visit the publications portion of our Web site (http://www.sei.cmu.edu/publications/pubweb.html).
for the operation of the Software Engineering Institute, a federally funded research and developm... more for the operation of the Software Engineering Institute, a federally funded research and development center. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the United States Department of Defense.
This material has been approved for public release and unlimited distribution except as restricte... more This material has been approved for public release and unlimited distribution except as restricted below.
Mtiv-Olb Carnegie Mellon University does not discriminate and Carnegie Mellon University is requi... more Mtiv-Olb Carnegie Mellon University does not discriminate and Carnegie Mellon University is required not to discriminate in admission, employment, or administra-tion of its programs or activities on the basis of race, color, national origin, sex or handicap in violation of Title VI of the Civil Rights Act of 1964, Title IX of the Educational Amendments of 1972 and Section 504 of the Rehabilitation Act of 1973 or other federal, state, or local laws or executive orders. In addition, Carnegie Mellon University does not discriminate in admission, employment or administration of its programs on the basis of religion, creed, ancestry, belief, age, veteran status, sexual orientation or in violation of federal, state, or local laws or executive orders. However, in the judgment of the Carnegie Mellon Human Relations Commission, the Department of Defense policy of "Don't ask, don't tell, don't pursue " excludes openly gay, lesbian and bisexual students from receiving ...
The ideas and findings in this report should not be construed as an official DoD position. It is ... more The ideas and findings in this report should not be construed as an official DoD position. It is published in the interest of scientific and technical information exchange.
Use of any trademarks in this report is not intended in any way to infringe on the rights of the ... more Use of any trademarks in this report is not intended in any way to infringe on the rights of the trademark holder. Internal use. Permission to reproduce this document and to prepare derivative works from this document for internal use is granted, provided the copyright and "No Warranty" statements are included with all reproductions and derivative works.
Proceedings of the 23rd ACM/IEEE International Conference on Model Driven Engineering Languages and Systems: Companion Proceedings
The engineering of Cyber-Physical Systems (CPS) requires a large set of expertise to capture the ... more The engineering of Cyber-Physical Systems (CPS) requires a large set of expertise to capture the system requirements and to derive a correct solution. Model-based Engineering and DevOps aim to efficiently deliver software with increased quality. Model-based Engineering relies on models as first-class artifacts to analyze, simulate, and ultimately generate parts of a system. DevOps focuses on software engineering activities, from early development to integration, and then improvement through the monitoring of the system at run-time. We claim these can be efficiently combined to improve the engineering process of CPS. In this paper, we present TwinOps, a process that unifies Modelbased Engineering, Digital Twins, and DevOps practice in a uniform workflow. TwinOps illustrates how to leverage several best practices in MBE and DevOps for the engineering Cyber-Physical systems. We illustrate our contribution using a Digital Twins case study to illustrate TwinOps benefits, combining AADL and Modelica models, and an IoT platform. CCS CONCEPTS • Computing methodologies → Model development and analysis; • Theory of computation → Timed and hybrid models.
: Model-Based Verification (MBV) is a systematic approach to finding defects (errors) in software... more : Model-Based Verification (MBV) is a systematic approach to finding defects (errors) in software requirements, designs, or code. The approach judiciously incorporates mathematical formalism, in the form of models, to provide a disciplined and logical analysis practice, rather than a "proof of correctness" strategy. This technical note presents a number of abstraction techniques that can be used to build essential models of system behavior in the context of MBV and details a methodology for creating state machine models using those techniques. In building essential models, abstraction is used to hide details and expose the entities, variables, states, and transitions needed to construct a state machine model. Through illustrative examples, this technical note identifies the types of simplifications that are useful and effective, and highlights the importance of the perspective in determining what important elements to include in an abstracted model.
Proceedings of the 23rd ACM/IEEE International Conference on Model Driven Engineering Languages and Systems: Companion Proceedings, 2020
The engineering of Cyber-Physical Systems (CPS) requires a large set of expertise to capture the ... more The engineering of Cyber-Physical Systems (CPS) requires a large set of expertise to capture the system requirements and to derive a correct solution. Model-based Engineering and DevOps aim to efficiently deliver software with increased quality. Model-based Engineering relies on models as first-class artifacts to analyze, simulate, and ultimately generate parts of a system. DevOps focuses on software engineering activities, from early development to integration, and then improvement through the monitoring of the system at run-time. We claim these can be efficiently combined to improve the engineering process of CPS. In this paper, we present TwinOps, a process that unifies Model-based Engineering, Digital Twins, and DevOps practice in a uniform workflow. TwinOps illustrates how to leverage several best practices in MBE and DevOps for the engineering Cyber-Physical systems. We illustrate our contribution using a Digital Twins case study to illustrate TwinOps benefits, combining AADL ...
This material is based upon work funded and supported by the Department of Defense under Contract... more This material is based upon work funded and supported by the Department of Defense under Contract No. FA8721-05-C-0003 with Carnegie Mellon University for the operation of the Software Engineering Institute, a federally funded research and development center. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the United States Department of Defense.
This material has been approved for public release and unlimited distribution except as restricte... more This material has been approved for public release and unlimited distribution except as restricted below.
Uploads
Papers by John Hudak