Deterministic Executable Models Verified Efficiently at Runtime - An Architecture for Robotic and Embedded Systems

Vladimir Estivill-Castro, René Hexel


We show an architecture that enables runtime verification. Runtime verification focusses on the design of formal languages for the specification of properties that must hold during runtime. In this paper, we take matters one step further and describe a uniform modelling and development paradigm for software systems that can monitor the quality of software systems as they execute, set-up, tear-down and enforce quality behaviour on the fly. Our paradigm for modelling behaviour enables efficient execution, validation, simulation, and runtime-verification. The models are executable and efficient because they are compiled (not interpreted). Moreover, they can be developed using test-driven development, where tests are models derived from requirements. We illustrate the approach with case studies from robotics and embedded systems.


  1. Abrial, J.-R. (2010). Modeling in Event-B - System and Software Engineering. Cambridge University Press.
  2. Alur, R. and Henzinger, T. A. (1992). Logics and models of real time: A survey. Real-Time: Theory in Practice, REX Workshop, p. 74-106, London, UK, UK. Springer-Verlag.
  3. Asarin, E., Caspi, P., and Maler, O. (2002). Timed regular expressions. J. ACM, 49(2):172-206.
  4. Barringer, H., Falcone, Y., Havelund, K., Reger, G., and Rydeheard, D. E. (2012). Quantified event automata: Towards expressive and efficient runtime monitors. 18th Int. Sym. FM 2012: Formal Methods, p. 68-84.
  5. Billington, D., Estivill-Castro, V., Hexel, R., and Rock, A. (2011). Requirements engineering via non-monotonic logics and state diagrams. Evaluation of Novel Approaches to Software Engineering, v. 230, p. 121-135, Berlin. Springer.
  6. Brooks, R. (1986). A robust layered control system for a mobile robot. Robotics and Automation, IEEE Journal of, 2(1):14-23.
  7. Brooks, R. (1990). The behavior language; user's guide. Tech. Report AIM-1227, Massachusetts Institute of Technology, Artificial Intelligence Lab Publications, Department of Electronics and Computer Science.
  8. Bryce, R. and Kuhn, R. (2014). Software testing [guest editors' introduction]. Computer, 47(2):21-22.
  9. Chen, F. and Ros¸u, G. (2003). Towards monitoring-oriented programming: A paradigm combining specification and implementation. Electr. Notes Theor. Comput. Sci., 89(2):108-127.
  10. Colombo, C., Pace, G. J., and Schneider, G. (2008). Dynamic event-based runtime monitoring of real-time and contextual properties. Formal Methods for Industrial Critical Systems, 13th Int. Workshop, FMICS 2008, p. 135-149.
  11. C oˆté, C., Brosseau, Y., Létourneau, D., Raïevsky, C., and Michaud, F. (2006). Robotic software integration using MARIE. Int. Journal of Advanced Robotic Systems, 3(1):055-060.
  12. Delgado, N., Gates, A. Q., and Roach, S. (2004). A taxonomy and catalog of runtime software-fault monitoring tools. IEEE Trans. Softw. Eng., 30(12):859-872.
  13. Dietterich, T. G. and Horvitz, E. J. (2015). Rise of concerns about ai: Reflections and directions. Commun. ACM, 58(10):38-40.
  14. Dongol, B., Hayes, I. H., and Robinson, P. J. (2014). Reasoning about goal-directed real-time teleo-reactive programs. Formal Asp. Comput., 26(3):563-589.
  15. Dromey, R. G. and Powell, D. (2005). Early requirements defect detection. TickIT Journal, 4Q05:3-13.
  16. Drusinsky, D. (2005). Semantics and runtime monitoring of tlcharts: Statechart automata with temporal logic conditioned transitions. Electr. Notes Theor. Comput. Sci., 113:3-21.
  17. Estivill-Castro, V. and Ferrer-Mesters, J. (2013). Pathfinding in dynamic environments with PDDLplanners. 16th Int. Conf. on Advanced Robotics (ICAR), p. 1-7, Montevideo, Uruguay.
  18. Estivill-Castro, V. and Hexel, R. (2013). Arrangements of finite-state machines semantics, simulation, and model checking. Int. Conf. on Model-Driven Engineering and Software Development MODELSWARD, p. 182-189, Barcelona, Spain. SCITEPRESS Science and Technology Publications.
  19. Estivill-Castro, V. and Hexel, R. (2014). Run-time verification of regularly expressed behavioral properties in robotic systems with logic-labeled finite state machines. 2016 IEEE Int. Conf. on Simulation, Modeling, and Programming for Autonomous Robots, SIMPAR, San Francisco, CA. to appear.
  20. Estivill-Castro, V. and Hexel, R. (2015). Simple, not simplistic - the middleware of behaviour models. ENASE 10 Int. Conf. on Evaluation of Novel Approaches to Software Engineering, Barcelona, Spain. INSTCC.
  21. Estivill-Castro, V., Hexel, R., and Lusty, C. (2014). High performance relaying of C++11 objects across processes and logic-labeled finite-state machines. Simulation, Modeling, and Programming for Autonomous Robots - 4th Int. Conf., SIMPAR 2014, v. 8810 LNCS, p. 182-194, Bergamo, Italy. Springer.
  22. Estivill-Castro, V., Hexel, R., and Ramírez Regalado, A. (2016). Architecture for logic programing with arrangements of finite-state machines. Cheng, A. M. K., editor, First Workshop on Declarative Cyber-Physical Systems (DCPS) at Cyber-Physical Systems, p. 1-8. IEEE.
  23. Estivill-Castro, V., Hexel, R., and Rosenblueth, D. A. (2012). Efficient modelling of embedded software systems and their formal verification. The 19th AsiaPacific Software Engineering Conf. (APSEC 2012) , p. 428-433, Hong Kong. IEEE Computer Soc., CPS.
  24. Estivill-Castro, V., Hexel, R., and Stover, J. (2015a). Modeling, validation, and continuous integration of software behaviours for embedded systems. 9th IEEE European Modelling Symp., p. 89-95, Madrid, Spain.
  25. Estivill-Castro, V., Hexel, R., and Stover, J. (2015b). Models testing models in continuous integration of modeldriven development. Cheng, A. M. K., editor, IASTED Int. Symp. Software Engineering and Applications (SEA 2015), P.2015.829-016, Marina del Rey, USA.
  26. Harel, D. and Gery, E. (1996). Executable object modeling with statecharts. 18th Int. Conf. on Software Engineering, ICSE 7896, p. 246-257, Washington, DC, USA. IEEE Computer Soc.
  27. Havelund, K. (2000). Using runtime analysis to guide model checking of java programs. 7th Int. SPIN Workshop on SPIN Model Checking and Software Verification, p. 245-264, London, UK, UK. Springer-Verlag.
  28. Hayes, I. J. (2008). Towards reasoning about teleo-reactive programs for robust real-time systems. SERENE 2008, RISE/EFTS Joint Int. Workshop on Software Engineering for REsilient SystEms, p. 87-94, Newcastle Upon Tyne, UK. ACM.
  29. Hayes-Roth, B. (1988). A blackboard architecture for control. Distributed Artificial Intelligence , p. 505-540, San Francisco, CA, USA. Morgan Kaufmann.
  30. He, K., Lahijanian, M., Kavraki, L. E., and Vardi, M. Y. (2015). Towards manipulation planning with temporal logic specifications.2015 IEEE Int. Conf. on Robotics and Automation (ICRA), p. 346-352.
  31. Hoare, C. A. R. (1978). Communicating sequential processes. Communications of the ACM, 21(8):666-677.
  32. Huang, J., Erdogan, C., Zhang, Y., Moore, B. M., Luo, Q., Sundaresan, A., and Ros¸u, G. (2014). ROSRV: runtime verification for robots. Runtime Verification - 5th Int. Conf., RV, v. 8734 LNCS, p. 247-254. Springer.
  33. Iwu, F., Galloway, A., McDermid, J., and Toyn, I. (2007). Integrating safety and formal analyses using UML and PFS. Reliability Engineering and System Safety, 92:156-170.
  34. Joukoff, D., Estivill-Castro, V., Hexel, R., and Lusty, C. (2015). Fast MAV control by control/status OOmessages on shared-memory middleware. 4th Int. Conf. on Robot Intelligence Technology and Applications, RiTA 2015, v. 345 of Advances in Intelligent Systems and Computing, Bucheon, Korea. Springer. p. 195-211.
  35. Kim, M., Viswanathan, M., Ben-Abdallah, H., Kannan, S., Lee, I., and Sokolsky, O. (1999). Formally specified monitoring of temporal properties. 11th Euromicro Conf. on Real-Time Systems, 1999. p. 114-122.
  36. Kopetz, H. (1993). Should responsive systems be eventtriggered or time-triggered? IEICE Transactions on Information and Systems, 76(11):1325.
  37. Kopetz, H. (2011). Real-Time Systems - Design Principles for Distributed Embedded Applications. Real-Time Systems Series. Springer, second edition.
  38. Kupferman, O. and Vardi, Y. M. (2001). Model checking of safety properties. Form. Methods Syst. Des., 19(3):291-314.
  39. Lamport, L. (1984). Using time instead of timeout for faulttolerant distributed systems. ACM Transactions on Programming Languages and Systems, 6:254-280.
  40. Li, J. J. and Wong, W. E. (2002). Automatic test generation from communicating extended finite state machine (CEFSM)-based models. 5th IEEE Int. Sym. Object-Oriented Real-Time Distributed Computing, 2002. (ISORC), p. 181-185.
  41. Maier, D. and Warren, D. S. (1988). Computing with Logic: Logic Programming with Prolog. BenjaminCummings, Redwood City, CA, USA.
  42. Mellor, S. J. and Balcer, M. (2002). Executable UML: A foundation for model-driven architecture. AddisonWesley Publishing Co., Reading, MA.
  43. Nilsson, N. J. (2001). Teleo-reactive programs and the triple-tower architecture. Electron. Trans. Artif. Intell., 5(B):99-110.
  44. Pap, Z., Majzik, I., Pataricza, A., and Szegi, A. (2005). Methods of checking general safety criteria in UML statechart specifications. Reliability Engineering and System Safety, 87(1):89 - 107.
  45. Parr, T. (2013). The Definitive ANTLR 4 Reference . Pragmatic Bookshelf, 2nd edition.
  46. Picek, R. and Strahonja, V. (2007). Model driven development-future or failure of software development. IIS, v. 7, p. 407-413.
  47. Pnueli, A., de Roever, W.-P., et al. (1982). Rendezvous with ada-a proof theoretical view. Vakgroep informatica, RUU-CS-82-12.
  48. Rumbaugh, J., Blaha, M. R., Lorensen, W., Eddy, F., and Premerlani, W. (1991). Object-Oriented Modelling and Design. Prentice-Hall, Englewood Cliffs, NJ.
  49. Samek, M. (2008). Practical UML Statecharts in C/C++, Second Edition: Event-Driven Programming for Embedded Systems. Newnes, Newton, MA, USA.
  50. Sametinger, J., Rozenblit, J., Lysecky, R., and Ott, P. (2015). Security challenges for medical devices. Commun. ACM, 58(4):74-82.
  51. Sánchez, P., Alonso, D., Morales, J. M., and Navarro, P. J. (2012). From teleo-reactive specifications to architectural components: A model-driven approach. Journal of Systems and Software, 85(11):2504 - 2518.
  52. Simons, A. (2000). On the compositional properties of UML statechart diagrams. Rigorous Object-Oriented Methods 2000, York, UK. Electronic Workshops in Computing (eWiC).
  53. Srivastava, A. N. and Schumann, J. (2013). Software health management: A necessity for safety critical systems. Innov. Syst. Softw. Eng., 9(4):219-233.
  54. Thati, P. and Ros¸u, G. (2005). Monitoring algorithms for metric temporal logic specifications.Fourth Workshop on Runtime Verification (RV 2004) , v. 113, p. 145 - 162.
  55. von der Beeck, M. (1994). A comparison of statecharts variants. 3rd Int. Symp. Organized Jointly with the Working Group Provably Correct Systems on Formal Techniques in Real-Time and Fault-Tolerant Systems, ProCoS, p. 128-148, London, UK, Springer-Verlag.
  56. Weiss, M., Eidson, J., Barry, C., Broman, D., Goldin, L., Iannucci, B., Lee, E. A., and Stanton, K. (2015). Time-aware applications, computers, and communication systems (TAACCS). Technical Report Technical Note 1867, The National Institute of Standards and Technology (NIST), U.S. Department of Commerce.

Paper Citation

in Harvard Style

Estivill-Castro V. and Hexel R. (2017). Deterministic Executable Models Verified Efficiently at Runtime - An Architecture for Robotic and Embedded Systems . In Proceedings of the 5th International Conference on Model-Driven Engineering and Software Development - Volume 1: MODELSWARD, ISBN 978-989-758-210-3, pages 29-40. DOI: 10.5220/0006116700290040

in Bibtex Style

author={Vladimir Estivill-Castro and René Hexel},
title={Deterministic Executable Models Verified Efficiently at Runtime - An Architecture for Robotic and Embedded Systems},
booktitle={Proceedings of the 5th International Conference on Model-Driven Engineering and Software Development - Volume 1: MODELSWARD,},

in EndNote Style

JO - Proceedings of the 5th International Conference on Model-Driven Engineering and Software Development - Volume 1: MODELSWARD,
TI - Deterministic Executable Models Verified Efficiently at Runtime - An Architecture for Robotic and Embedded Systems
SN - 978-989-758-210-3
AU - Estivill-Castro V.
AU - Hexel R.
PY - 2017
SP - 29
EP - 40
DO - 10.5220/0006116700290040