Correctness issues on MARTE/CCSL constraints

• We explore solutions for exhaustive verification of MARTE/CCSL specifications.
• We propose an encoding of CCSL operators using extended finite state machines.
• We propose an alternative encoding relying on an intentional data structure and compare it to the first solution.
• We illustrate the use of CCSL for architecture-driven analysis of applications, execution platforms and allocations.
• We discuss some classical correctness issues that may arise and can be checked.

The UML Profile for Modeling and Analysis of Real-Time and Embedded systems promises a general modeling framework to design and analyze systems. Lots of works have been published on the modeling capabilities offered by MARTE, much less on available verification techniques. The Clock Constraint Specification Language (CCSL), first introduced as a companion language for MARTE, was devised to offer a formal support to conduct causal and temporal analysis on MARTE models.This work relies on a state-based semantics for CCSL to establish correctness properties on MARTE/CCSL specifications. We propose and compare two different techniques to build the state-space of a specification. One is an extension of some previous work and is based on extended finite state machines. It relies on integer linear programming to solve the constraints and reduce the state-space. The other one is based on an intentional representation and uses pure Boolean abstractions but offers no guarantee to terminate when the specification is not safe.The approach is illustrated on one simple example where the architecture plays an important role. We describe a process where the logical description of the application is progressively refined to take into account the execution platform through allocation.