MDM: A Mode Diagram Modeling Framework for Periodic Control Systems

Periodic control systems used in spacecrafts and automotives are usually period-driven and can be decomposed into different modes with each mode representing a system state observed from outside. Such systems may also involve intensive computing in their modes. Despite the fact that such control systems are widely used in the above-mentioned safety-critical embedded domains, there is lack of domain-specific formal modelling languages for such systems in the relevant industry. To address this problem, we propose a formal visual modeling framework called MDM as a concise and precise way to specify and analyze such systems. To capture the temporal properties of periodic control systems, we provide, along with MDM, a property specification language based on interval logic for the description of concrete temporal requirements the engineers are concerned with. The statistical model checking technique can then be used to verify the MDM models against desired properties. To demonstrate the viability of our approach, we have applied our modelling framework to some real life case studies from industry and helped detect two design defects for some spacecraft control systems.

💡 Research Summary

The paper introduces MDM (Mode Diagram Modeling), a domain‑specific visual modeling framework designed to capture the structure and behavior of periodic control systems that are prevalent in safety‑critical embedded domains such as spacecraft and automotive electronics. Traditional modeling notations (e.g., state machines, UML, Simulink) either lack an explicit notion of periodic execution or become unwieldy when representing intensive computations that occur within each operational mode. MDM addresses this gap by treating a “mode” as a first‑class entity that encapsulates both the observable external state and the internal computational tasks that are executed on a fixed period.

The language syntax consists of four core constructs: Mode, Period, Task, and Transition. A Mode is defined by a unique identifier, a period length, entry/exit guards, and an ordered list of Tasks. Tasks can be sequential or parallel blocks containing variable assignments, function calls, and conditional branches. Transitions connect source and target modes, are guarded by Boolean expressions, and may trigger actions upon firing. This hierarchical organization enables engineers to model complex real‑time control logic in a concise, diagrammatic form while preserving a clear mapping to an underlying formal semantics.

Formally, the authors provide a two‑level semantics. The first level abstracts the mode diagram into a finite‑state transition system where each state corresponds to a mode and transitions occur when guard conditions become true at period boundaries. The second level refines each mode’s internal execution by defining an operational semantics for Tasks, specifying how variables evolve and how time advances within a period. This compositional semantics guarantees that the overall system behavior can be simulated faithfully over time.

To express temporal requirements, the paper proposes a property specification language based on Interval Temporal Logic (ITL). Unlike point‑based logics such as LTL or CTL, ITL directly reasons about intervals, allowing statements like “within every 10 ms period the sensor value stays within