MODEL CHECKING IN PATTERN BASED CONTROL SYSTEMS DESIGN. Jüri Vain and Juhan Ernits Department of Control Systems, Institute of Cybernetics at Tallinn Technical University, Tallinn Abstract: The idea of architectural and behavioural patterns originating from OO design community is applied to control systems design modeling and verification. A template for specifying modeling patterns is defined and, as an example, the Control Component Pattern (CCP) is proposed. The benefits from parameterization and abstraction encoded into the pattern are shown, allowing to increase the size of models and verification tasks that still remain efficiently decidable by model checking. The interchange between CCP and a certain subset of Simulink models allows to apply model checking in parallel to quantitative simulation techniques. A sketch of the application of CCP for a simple temperature control system design modeling and verification is presented. Copyright c 2002 IFAC Keywords: modeling, pattern, components, verification, timed automata 1. INTRODUCTION Design of modern control systems sets high require- ments to system performance, safety, fault-tolerance and reliability. The major challenge in system de- velopment process is ensuring the correctness of the design at the earliest stage possible. Such effort is increasingly becoming more significant in the devel- opment cycle and, more generally, in the budget. Often the most resource-consuming part is not the search for correctness proof by some verification tool but the definition of the system design model and requirement specifications to be satisfied by the model. Proving or refuting satisfaction relation between the model M and requirements specification R is called model checking (MC) (formally stated as M | = R? prob- lem). Regardless of remarkable progress in MC tech- niques, e.g., systems with more than 10 120 states have been reported verified in semiconductor and processor industy (Clarke et al., 1999), several case studies (see (Hune et al., 2000)) have shown that complexity issues are still major obstacles in using MC for industrial size systems. Efforts to be spent on MC are very much dependent on particular application, specifica- tion style, methodological framework of design and people’s skills . An approach, proposed in this paper for handling industrial size MC problems, is constructing design models and correctness formulas using domain spe- cific modeling patterns and specification schemes. General purpose program design patterns are well- known in OO design community already since mid 1990s (Gamma et al., 1995)). In the design of control systems some extra aspects must be represented in modeling patterns and in requirement specifications: for verification of behavioral properties the hybrid dy- namics has to be presented explicitly, and if safety crit- ical applications are considered, fault tolerance prop- erties have to be related to the functional specification. The Control Component Pattern introduced in this pa- per for modeling and verification of control system designs is an abstraction of typical control system components such as sensors, controllers, actuators and their compositions. Another problem related to efficiency of MC is parametrization of patterns allowing application de- Copyright © 2002 IFAC 15th Triennial World Congress, Barcelona, Spain