W. Damm and E.-R. Olderog (Eds.): FTRTFT 2002, LNCS 2469, pp. 375–393,2002. © Springer-Verlag Berlin Heidelberg 2002 Eliminating Queues from RT UML Model Representations Werner Damm 1 and Bengt Jonsson Uppsala University, Dept. of Computer Systems S-751 05 Uppsala, damm@offis.de, bengt@docs.uu.se Abstract. This paper concerns analyzing UML based models of distributed real time systems involving multiple active agents. In order to avoid the time- penalties incurred by distributed execution of synchronous operation calls, it is typically recommended to restrict inter-task communication to event-based communication through unbounded FIFO buffers. This means that such systems potentially have an infinite number of states, making them out of reach for analysis techniques intended for finite-state systems. We present a symbolic analysis technique of such systems, which can be tuned to give a finite, possibly inexact representation of the state-space. The central idea is to eliminate FIFO buffers completely, and represent their contents implicitly, by their effect on the receiving agent. We propose a natural class of protocols which we call mode separated, for which this representation is both finite and exact. This result has impact on both responsiveness and predictability of end-to-end latencies, as well for the protocol verification, enabling automatic verification methods to be applied. Keywords: Real-time distributed systems, RT UML, protocol verification, verification of infinite state systems 1 Introduction We are interested in analysing UML based models of distributed real time systems involving multiple active agents. A central part of this modelling relates to the speci- fication of protocols regulating the co-operation of such agents. Such protocols define the interface between the (possibly complex) processing internal to the agent and those aspects which must be visible to other agents to achieve the global co-operation. A concrete instance of this modelling paradigm is the European Standard on Wireless Train Control currently under development [1], where “agents” correspond to trains, railroad-crossings, switches, or other control points, and the protocol specifies dia- logues between such agents, ensuring e.g. that a train only passes a railroad crossing once it has been secured. A simplified model of such a protocol can be found in e.g. [2]. [3] gives a representative example using an executable object model based on UML state-charts for such classes of applications. This research was partially supported by DFG USE and the STINT foundation. 1 On sabbatical leave from Dept. of Computer Science, University of Oldenburg. Oldenburg, FRG