Complex cyber-physical systems can be difficult to analyze for resource adequacy (e.g., bandwidth and buffer size) at the concept development stage since relevant models are hard to create. During this period, details about the functions to be executed or the platforms in the architecture are partially unknown. This is especially true for Integrated Modular Avionics (IMA) systems, for which life-cycles span over several decades, with potential changes to functionality in the future. This work aims to identify abstractions for representing data exchanges among functions realized in networked IMA systems and investigates how these can be represented in formal models and analyzed with exact guarantees. Timed automata (TA) are a relevant choice for modeling since communication resource adequacy is directly related to potential network delays. We explore two alternatives in modeling with TA, a direct one representing every process using a TA template, and a more abstract one representing every computation device with a TA template. While the first approach represents process-to-process data exchanges, the modified approach reduces the state space by representing all processes currently allocated to a single computing element to obtain scalability gains. Both approaches are flexible since the templates presented can be instantiated to represent different types of network topologies and communication patterns. The instantiated TA models are used to illustrate an use case and analyzed with the UPPAAL model checker to verify that a given platform instance supports the desired system functions in terms of network bandwidth and buffer size adequacy, thereby messages reaching their final destination with freshness guarantees. Both abstraction levels are shown to be suitable for verifying the intended properties, but the more abstract one demonstrates a 67% improvement in verification time and a 66% reduction in state space during verification. The more abstract approach is also applied to a real-world example from an earlier publication, with a much larger state space and a more complex structure, to illustrate the ability to reuse the approach in multiple use cases.

由于难以创建相关模型，因此在概念开发阶段可能很难分析复杂的网络物理系统的资源充足性（例如，带宽和缓冲区大小）。在此期间，有关要执行的功能或体系结构中的平台的详细信息部分未知。对于集成模块化航空电子（IMA）系统而言，尤其如此，其生命周期跨越了数十年，并且未来的功能可能会发生变化。这项工作旨在确定用于表示网络化IMA系统中实现的功能之间的数据交换的抽象，并研究如何在形式化模型中表示这些抽象并在精确保证下进行分析。定时自动机（TA）是建模的相关选择，因为通信资源的充足性直接与潜在的网络延迟相关。我们探索了使用TA建模的两种方法，一种是直接使用TA模板代表每个过程的一种方法，另一种是使用TA模板代表每个计算设备的抽象方法。尽管第一种方法表示进程间的数据交换，但修改后的方法通过表示当前分配给单个计算元素的所有进程来获得可伸缩性增益，从而减少了状态空间。两种方法都很灵活，因为可以实例化呈现的模板以表示不同类型的网络拓扑和通信模式。实例化的TA模型用于说明用例，并通过UPPAAL模型检查器进行分析，以验证给定的平台实例在网络带宽和缓冲区大小是否适当方面支持所需的系统功能，从而使消息以其新鲜度保证到达其最终目的地。两种抽象级别均显示为适合于验证预期的属性，但更为抽象的级别则表明，在验证过程中，验证时间缩短了67％，状态空间减少了66％。更抽象的方法也应用于早期出版物中的真实示例，该示例具有更大的状态空间和更复杂的结构，以说明在多个用例中重用该方法的能力。