With the support of emerging technologies such as 5G, machine learning, edge computing and Industry 4.0, the Internet of Things (IoT) continues to evolve and promote the construction of future networks. Existing work on IoT mainly focuses on its practical applications, but there is little research on modeling the interactions among components in IoT systems and verifying the correctness of the network deployment. Therefore, the Calculus of the Internet of Things (CaIT) has previously been proposed to formally model and reason about IoT systems. In this paper, the CaIT calculus is extended by introducing broadcast communications. For modeling convenience, we provide explicit operations to model node mobility as well as the interactions between sensors (or actuators) with the environment. To support the use of UPPAAL to verify the temporal properties of IoT networks described by the CaIT calculus, we establish a relationship between timed automata and the CaIT calculus. Using UPPAAL, we verify six temporal properties of a simple “smart home” example, including Boiler On Manually, Boiler Off Automatically, Boiler On Automatically, Lights On, Lights Mutually, and Windows Simultaneously. The verification results show that the “smart home” can work properly.

There are various existing methods translating timed Petri nets to timed automata. However, there is a trade-off between the amount of description and the size of state space. The amount of description and the size of state space affect the feasibility of modeling and analysis like model checking. In this paper, we propose a new translation method from timed Petri nets to timed automata. Our method translates from a timed Petri net to an automaton with the following features: (i) The number of location is 1; (ii) Each edge represents the firing of transition; (iii) Each state implemented as clocks and variables represents a state of the timed Petri net one-to-one correspondingly. Through these features, the amount of description is linear order and the size of state space is the same order as that of the Petri net. We applied our method to three Petri net models of signaling pathways and compared our method with existing methods from the view points of the amount of description and the size of state space. And the comparison results show that our method keeps a good balance between the amount of description and the size of state space. These results also show that our method is effective when checking properties of timed Petri nets.

This paper analyzes automation surprises in human-machine systems with time information. Automation surprises are phenomena such that the underlying machine's behavior diverges from user's intention and may lead to critical situations. Thus, designing human-machine systems without automation surprises is one of fundamental issues to achieve reliable user interaction with the machines. In this paper, we focus on timed human-machine interaction and address their formal aspects. The presented framework is essentially an extension of untimed human-machine interaction and will cover the previously proposed methodologies. We employ timed automata as a model of human-machine systems with time information. Modeling the human-machine systems as timed automata enables one to deal with not only discrete behavior but also time constraints. Then, by introducing the concept of timed simulation of the machine model and the user model, conditions which guarantee the nonexistence of automation surprises are derived. Finally, we construct a composite model in which a machine model and a user model evolve concurrently and show that automation surprises can be detected by solving a reachability problem in the composite model.

In this paper, we propose a parametric model checking algorithm for a subclass of Timed Automata called Parametric Time-Interval Automata (PTIA). In a PTIA, we can specify upper- and lower-bounds of the execution time (time-interval) of each transition using parameter variables. The proposed algorithm takes two inputs, a model described in a PTIA and a property described in a PTIA accepting all invalid infinite/finite runs (called a never claim), or valid finite runs of the model. In the proposed algorithm, firstly we determinize and complement the given property PTIA if it accepts valid finite runs. Secondly, we accelerate the given model, that is, we regard all the actions that are not appeared in the given property PTIA as invisible actions and eliminate them from the model while preserving the set of visible traces and their timings. Thirdly, we construct a parallel composition of the model and the property PTIAs which is accepting all invalid runs that are accepted by the model. Finally, we perform the extension of Double Depth First Search (DDFS), which is used in the automata-theoretic approach to Linear-time Temporal Logic (LTL) model checking, to derive the weakest parameter condition in order that the given model never executes the invalid runs specified by the given property.