The choreography realization problem is a design challenge for systems based on service-oriented architecture. In our previous studies, we studied the problem on a case where choreography was given by one or two scenarios and was expressed by an acyclic relation of events; we introduced the notion of re-constructibility as a property of acyclic relations to be satisfied. However, when choreography is defined by multiple scenarios, the resulting behavior cannot be expressed by an acyclic relation. An event structure is composed of an acyclic relation and a conflict relation. Because event structures are a generalization of acyclic relations, a wider class of systems can be expressed by event structures. In this paper, we propose the use of event structures to express choreography, introduce the re-constructibility of event structures, and show a necessary condition for an event structure to be re-constructible.

MATLAB/Simulink is the de facto standard tool for the model-based development (MBD) of control software for automotive systems. A Simulink model developed in MBD for real automotive systems involves complex computation as well as tens of thousands of blocks. In this paper, we focus on decision coverage (DC), condition coverage (CC) and modified condition/decision coverage (MC/DC) criteria, and propose a Monte-Carlo test suite generation method for large and complex Simulink models. In the method, a candidate test case is generated by assigning random values to the parameters of signal templates with specific waveforms. We try to find contributable candidates in a plausible and understandable search space, specified by a set of templates. We implemented the method as a tool, and our experimental evaluation showed that the tool was able to generate test suites for industrial implementation models with higher coverages and shorter execution times than Simulink Design Verifier. Additionally, the tool includes a fast coverage measurement engine, which demonstrated better performance than Simulink Coverage in our experiments.

Embedded software developers assume the behavior of the environment when specifications are not available. However, developers may assume the behavior incorrectly, which may result in critical faults in the system. Therefore, it is important to detect the faults caused by incorrect assumptions. In this letter, we propose a log-based testing approach to detect the faults. First, we create a UML behavioral model to represent the assumed behavior of the environment, which is then transformed into a state model. Next, we extract the actual behavior of the environment from a log, which is then incorporated in the state model, resulting in a state model that represents both assumed and actual behaviors. Existing testing techniques based on the state model can be used to generate test cases from our state model to detect faults.

For a service-oriented architecture-based system, the problem of synthesizing a concrete model (i.e., behavioral model) for each peer configuring the system from an abstract specification-which is referred to as choreography-is known as the choreography realization problem. A flow of interaction of peers is called a scenario. In our previous study, we showed conditions and an algorithm to synthesize concrete models when choreography is given by one scenario. In this paper, we extend the study for choreography given by two scenarios. We show necessary and sufficient conditions on the realizability of choreography under both cases where there exist conflicts between scenarios and no conflicts exist.

For a service-oriented architecture-based system, the problem of synthesizing a concrete model (i.e., a behavioral model) for each peer configuring the system from an abstract specification — which is referred to as choreography — is known as the choreography realization problem. In this paper, we consider the condition for the behavioral model when choreography is given by an acyclic relation. A new notion called re-constructible decomposition of acyclic relations is introduced, and a necessary and sufficient condition for a decomposed relation to be re-constructible is shown. The condition provides lower and upper bounds of the acyclic relation for the behavioral model. Thus, the degree of freedom for behavioral models increases; developing algorithms for synthesizing an intelligible model for users becomes possible. It is also expected that the condition is applied to the case where choreography is given by a set of acyclic relations.

We review practical case studies of a developing method of highly reliable real-time embedded control systems using a CPU model-based hardware/software co-simulation. We take an approach that enables us to fully simulate a virtual mechanical control system including a mechatronics plant, microcontroller hardware, and object code level software. This full virtual system approach simulates control system behavior, especially that of the microcontroller hardware and software. It enables design space exploration of microarchitecture, control design validation, robustness evaluation of the system, software optimization before components design. It also avoids potential problems. The advantage of this work is that it comprises all the components in a typical control system, enabling the designers to analyze effects from different domains, for example mechanical analysis of behavior due to differences in controller microarchitecture. To further improve system design, evaluation and analysis, we implemented an integrated behavior analyzer in the development environment. This analyzer can graphically display the processor behavior during the simulation without affecting simulation results such as task level CPU load, interrupt statistics, and the software variable transition chart. It also provides useful information on the system behavior. This virtual system analysis does not require software modification, does not change the control timing, and does not require any processing power from the target microcontroller. Therefore this method is suitable for real-time embedded control system design, in particular automotive control system design that requires a high level of reliability, robustness, quality, and safety. In this study, a Renesas SH-2A microcontroller model was developed on a CoMETTMplatform from VaST Systems Technology. An electronic throttle control (ETC) system and an engine control system were chosen to prove this concept. The electronic throttle body (ETB) model on the Saber® simulator from Synopsys® and the engine model on MATLAB®/Simulink® simulator from MathWorks can be simulated with the SH-2A model using a newly developed co-simulation interface between MATLAB®/Simulink® and CoMETTM. Though the SH-2A chip was being developed as the project was being executed, we were able to complete the OSEK OS development, control software design, and verification of the entire system using the virtual environment. After releasing a working sample chip in a later stage of the project, we found that such software could run on both actual ETC system and engine control system without critical problem. This demonstrates that our models and simulation environment are sufficiently credible and trustworthy.