Zones From infinte to finite

Document Sample
Zones From infinte to finite Powered By Docstoc
					Verifikation af realtids
       systemer
       i UPPAAL

      Kim G. Larsen
      BRICS@Aalborg




                      UCb
   Research Profile
   Distributed Systems & Semantics Unit

                                                Semantic Models
                                                 concurrency, mobility, objects
                                                 real-time, hybrid systems



                                      Validation & Verification
                                          algorithms & tools

                                                        Construction
                                                 real-time & network systems




MII’’2001             Kim G. Larsen                           2
                                                                  UCb
       BRICS Machine
       Basic Research in Computer Science

30+40+40 Millkr




100


100

                                                                Tools
                                         Other revelvant projects
             Aalborg            Aarhus      UPPAAL, VHS,
 MII’’2001               Kim G. Larsen
                                            VVS, WOODDES
                                                          3
                                                             UCb
      Tools and BRICS
                                   Applications

              visualSTATE                                     UPPAAL
                                        SPIN
                 PVS              HOL                            ALF
                                                        TLP

                                  Algorithmic                    Semantics
            Logic                                                   • Concurrency Theory
                                     • (Timed) Automata Theory
               • Temporal Logic      • Graph Theory                 • Abstract Interpretation
                • Modal Logic        • BDDs                         • Compositionality
                • MSOL               • Polyhedra Manipulation       • Models for real-time
                •                    •
                •                                                      & hybrid systems
                                     •                              •
                                                                    •




MII’’2001                               Kim G. Larsen                         4
                                                                                  UCb
      A REAL real time system




                                  Klaus Havelund, NASA


MII’’2001         Kim G. Larsen          5
                                             UCb
       Embedded Systems

                                   SyncMaster 17GLsi




    Mobile Phone
                                    Telephone


 Digital Watch
                                   Tamagotchi


MII’’2001          Kim G. Larsen                6
                                                    UCb
     Introducing, Detecting and
     Repairing Errors    Liggesmeyer 98




MII’’2001             Kim G. Larsen       7
                                              UCb
     Introducing, Detecting and
     Repairing Errors    Liggesmeyer 98




MII’’2001             Kim G. Larsen       8
                                              UCb
     Suggested Solution?


                    Model based
        validation, verfication and testing of
                software and hardware




MII’’2001              Kim G. Larsen    9
                                            UCb
    Verification & Validation

                                      Analysis

            Design Model              Specification




               Implementation
                                         Testing

MII’’2001             Kim G. Larsen                10
                                                        UCb
    Verification & Validation

                                      Analysis
                                                Validation

            Design Model              Specification
                       Verification & Refusal




               Implementation
                                           Testing

MII’’2001             Kim G. Larsen                      11
                                                              UCb
    Verification & Validation

                                           Analysis
                                                     Validation

            Design Model                   Specification
                            Verification & Refusal
              Model
              Extraction


              Automatic
              Code generation

                Implementation
                                                Testing

MII’’2001                  Kim G. Larsen                      12
                                                                   UCb
    Verification & Validation

                                               Analysis
                                                       Validation

            Design Model                      Specification
                            Verification & Refusal
              Model
              Extraction

                                           Automatic
              Automatic                    Test generation
              Code generation

                Implementation
                                                    Testing

MII’’2001                  Kim G. Larsen                        13
                                                                     UCb
      How?

Unified Model = State Machine!


                               b?         y!
                    a                          x   Output
            Input                                  ports
            ports           b?
                    b                          y
                                          a?
                          x!



                         Control states



MII’’2001               Kim G. Larsen              14
                                                        UCb
    Tamagotchi                                                                           A            C
                                                                                                  B
            ALIVE
             Passive                   Feeding                       Light
                                        Meal
                         A                      B
                                                          A
                                                     Health:=
                                            B         Health-1               A
              Care A                             Snack               Clean




                                                                                 Health=0 or Age=2.000
                                                                             A
                     A
              Medicine                Discipline                     Play
    Tick                                                                                          DEAD

                                  A                              A



                             Health:=Health-1; Age:=Age+1


MII’’2001                                           Kim G. Larsen                            15
                                                                                                  UCb
      SYNCmaster




MII’’2001          Kim G. Larsen   16
                                        UCb
      Digital Watch




MII’’2001             Kim G. Larsen   17
                                           UCb
 visualSTATE                      VVS
                                     w Baan Visualstate, DTU (CIT project)




 Hierarchical state
  systems
 Flat state systems
 Multiple and inter-
  related state
  machines
 Supports UML
  notation
 Device driver access


 MII’’2001               Kim G. Larsen                                  18
                                                                             UCb
The SDL Editor
       The SDL Editor
                                   Process level




 MII’’2001         Kim G. Larsen         19
                                              UCb
MII’’2001   Kim G. Larsen   20
                                 UCb
MII’’2001   Kim G. Larsen   21
                                 UCb
                           „State Explosion‟
                                problem
                     M1        a                         1         2
                                                                             M2


                           b       c                     3         4


 M1 x M2

        1,a          4,a           1,b                       2,b       1,c              2,c




        3,a          4,a           3,b                       4,b       3,c              4,c




              All combinations = exponential in no. of components

MII’’2001                                Kim G. Larsen                            22
                                                                                       UCb
                                                  VVS
      Train Simulator                         visualSTATE

  1421 machines
  11102 transitions
  2981 inputs                                  BUGS ?
  2667 outputs
  3204 local states
  Declare state sp.: 10^476




MII’’2001                     Kim G. Larsen    23
                                                    UCb
       Tool Support (model checking)


System Description A
                                                         No!
                                                         Debugging Information


                                   TOOL
                                                          Yes,
    Requirement F
                                                            Prototypes
                                                            Executable Code
                                                            Test sequences

             Tools: Telelogic, Verilog, UPPAAL,
                    SPIN, MV, Statemate, visualSTATE, FormalCheck,
                    VeriSoft, Java Pathfinder,…

 MII’’2001                            Kim G. Larsen                  24
                                                                          UCb
   UPPAAL
          Modelling and Verification of
          Real Time systems


UPPAAL2k
> 800 users
> 35 countries                    UCb
      Collaborators                                  @AALborg
                                                      Kim G Larsen
     @UPPsala                                         Arne Skou
            Wang Yi                                  Paul Pettersson
            Johan Bengtsson                          Carsten Weise
            Paul Pettersson                          Kåre J Kristoffersen
            Fredrik Larsson                          Gerd Behrman
            Alexandre David                          Thomas Hune
            Tobias Amnell                            Oliver Möller
            Oliver Möller                            Nicky Oliver Bodentien
                                                      Lasse Poulsen
     @Elsewhere
            David Griffioen, Ansgar Fehnker, Frits Vandraager, Klaus Havelund,
             Theo Ruys, Pedro D’Argenio, J-P Katoen, J. Tretmans,
             Judi Romijn, Ed Brinksma, Franck Cassez, Magnus Lindahl,
             Francois Laroussinie, Patricia Bouyer, Augusto Burgueno,
             H. Bowmann, D. Latella, M. Massink, G. Faconti, Kristina Lundqvist,
             Lars Asplund, Justin Pearson...
MII’’2001                            Kim G. Larsen                     26
                                                                            UCb
      Hybrid & Real Time Systems

Control Theory                                            Computer Science
                                 sensors
                                                    Task
                                                       Task
                                                          Task
                                                           Task
                                 actuators


                      Plant                  Controller Program
                    Continuous                        Discrete

    Eg.:    Pump Control
            Air Bags                   Real Time System
            Robots                     A system where correctness not only
            Cruise Control
                                       depends on the logical order of events but
            ABS
            CD Players
                                       also on their timing
            Production Lines
MII’’2001                           Kim G. Larsen                   27
                                                                         UCb
       Construction of UPPAAL models
        Plant                                                             Controller Program
      Continuous                                                                      Discrete
                                        sensors
                                                              Task
                                                                 Task
                                                                   Task
                                                                      Task                   Model
                                        actuators                                            of
                                                                                             tasks
                                                                                             (automatic?)


Model                  a                                      1       2
of                                                                        1   2
                                                              3       4
environment
                   b       c                                              3   4
(user-supplied)                                           1       2
                               a
                                                                      1   2
                           b       c                      3       4               a
                                                                              b       c
                                                                      3   4
                                       UPPAAL Model



 MII’’2001                                Kim G. Larsen                               28
                                                                                           UCb
           Timed Automata                                                     Alur & Dill 1990



                                           Clocks: x, y
                      n                                Guard
                                                       Boolean combination of integer bounds
                                                       on clocks and clock-differences.

      Action              x<=5 & y>3                   Reset
       used                                            Action perfomed on clocks
for synchronization
                          a               State
                                           ( location , x=v , y=u )       where v,u are in R

                          x := 0          Transitions
                                              ( n , x=2.4 , y=3.1415 )      a
                      m
                                                                    ( m , x=0 , y=3.1415 )

                                                                              e(1.1)
                                              ( n , x=2.4 , y=3.1415 )
                                                                    ( n , x=3.5 , y=4.2415 )

     MII’’2001                         Kim G. Larsen                               29
                                                                                        UCb
      Timed Automata
      Invariants


                       n
                   x<=5                            Clocks: x, y

                                                  Transitions
                           x<=5 & y>3
                                                                                e(3.2)
     Location                                       ( n , x=2.4 , y=3.1415 )
     Invariants            a
                                                                                     e(1.1)
                                                  ( n , x=2.4 , y=3.1415 )
                           x := 0                                       ( n , x=3.5 , y=4.2415 )

                       m
                   y<=10
                                    g4
                                                           Invariants ensure
                  g1
                           g2 g3                              progress!!

MII’’2001                                Kim G. Larsen                          30
                                                                                     UCb
      The UPPAAL Model
      = Networks of Timed Automata + Integer Variables +….



        l1              m1

             x>=2
                                                                       Two-way synchronization
                            y<=4
                                    ………….
             i==3                                                      on complementary actions.
             a!             a?
                                                                       Closed Systems!
             x := 0
             i:=i+4

            l2          m2



Example transitions

       (l1, m1,………, x=2, y=3.5, i=3,…..)       tau    (l2,m2,……..,x=0, y=3.5, i=7,…..)

                      0.2
                                   (l1,m1,………,x=2.2, y=3.7, I=3,…..)

                                                                              If a URGENT CHANNEL
                                                                                     UCb
MII’’2001                                  Kim G. Larsen                          31
      Timed Automata in UPPAAL

 Timed (Safety) Automata
  + urgent actions
  + urgent locations
  + committed locations
  + data-variables (with bounded domains)
  + arrays of data-variables + constants
  + guards and assignments over data-variables and
    arrays…
  + templates with local clocks, data-variables, and
    constants.

MII’’2001              Kim G. Larsen         32
                                                  UCb
      Declarations in UPPAAL
  clock x1, …, xn;
  int i1, …, im;
  chan a1, …, ao;
  const c1 n1, …, cp np;

  Examples:
  clock x, y;
  int i, J0; int[0,1] k[5];
  const delay 5, true 1, false 0;

MII’’2001           Kim G. Larsen   33
                                         UCb
     Timed Automata in UPPAAL
clock assignments                                       location invariants

  x : n                                                   inv :: x  n | x  n | inv, inv
                                 n
clock assignments            x<=5
                                                               clock natural number     and
  i : Expr                          x<=5 & y>3
  Expr :: i | i[ Expr] |
                                     a                 g :: gc | gd | g , g
    n |  Expr |
                                                       gc :: x  n | x  y  n     clock guards
    Expr  Expr |                    x := 0
    Expr  Expr |                                      gd :: Expr op Expr          data guards
                                 m
    Expr * Expr |            y<=10                      {, , , , }
                                              g4
    Expr / Expr |           g1
                                                       op {, , , , , ! }
                                     g2 g3
    ( gd ? Expr : Expr)

  MII’’2001                                    Kim G. Larsen                      34
                                                                                       UCb
      Urgent Channels
     urgent chan hurry;



   Informal Semantics:
   • There will be no delay if transition with urgent action can be
   taken.

   Restrictions:
   • No clock guard allowed on transitions with urgent actions.
   • Invariants and data-variable guards are allowed.


MII’’2001                       Kim G. Larsen                 35
                                                                   UCb
      Urgent Locations

     Click “Urgent” in State Editor.


   Informal Semantics:
   • No delay in urgent location.

   Note: the use of urgent locations reduces the number of clocks
   in a model, and thus the complexity of the analysis.




MII’’2001                      Kim G. Larsen                36
                                                                 UCb
      Committed Locations

  Click “Committed” in State Editor.


Informal Semantics:
• No delay in committed location.
• Next transition must involve automata in committed location.

Note: the use of committed locations reduces the number of
clocks in a model, and allows for more space and time efficient
analysis.

MII’’2001                      Kim G. Larsen                 37
                                                                  UCb
 UPPAAL Specification Language

    A[] p                             (AG p)
    E<> p                             (EF p)
    process location   data guards        clock guards



p::= a.l | gd | gc | p and p |
     p or p | not p | p imply p |
     ( p )

MII’’2001                     Kim G. Larsen              38
                                                              UCb
BRICK SORTING




                UCb
       First UPPAAL model                                                     Ken Tindell
       Sorting of Lego Boxes


                                                                        Piston
Boxes
                                                        eject
                                                                     remove
                                                                              99

                                              Conveyer Belt
                                                                                            red
                              9          18                     81     90
                                  Blck
                                  Rd

                         Controller

                           MAIN          PUSH                        Black




             Exercise:   Design Controller so that only black boxes are being pushed out

 MII’’2001                                    Kim G. Larsen                         40
                                                                                         UCb
                                                           int active;

      NQC programs
                                                           int DELAY;
                                                           int LIGHT_LEVEL;


        task MAIN{
         DELAY=75;
                                              task PUSH{
         LIGHT_LEVEL=35;
                                                while(true){
         active=0;
                                                  wait(Timer(1)>DELAY && active==1);
         Sensor(IN_1, IN_LIGHT);
                                                  active=0;
         Fwd(OUT_A,1);
                                                  Rev(OUT_C,1);
         Display(1);
                                                  Sleep(8);
                                                  Fwd(OUT_C,1);
            start PUSH;
                                                  Sleep(12);
                                                  Off(OUT_C);
            while(true){
                                                }
               wait(IN_1<=LIGHT_LEVEL);
                                              }
               ClearTimer(1);
               active=1;
               PlaySound(1);
               wait(IN_1>LIGHT_LEVEL);
             }
        }


MII’’2001                             Kim G. Larsen                   41
                                                                           UCb
      From RCX to UPPAAL
                                          Task MAIN

Model includes
 Round-Robin
 Scheduler.
Compilation of RCX
 tasks into TA models.
Presented at ECRTS
 2000


MII’’2001           Kim G. Larsen   42
                                         UCb
    The Production Cell
                  Course at DTU, Copenhagen




Production Cell

MII’’2001                 Kim G. Larsen       43
                                                   UCb
TRAIN CROSSING




                 UCb
      Train Crossing

                       Stopable
                       Area


             [10,20]
                                           [3,5]


                                         Crossing



                   [7,15]



                                                         River
     Queue

                                  Gate                                UCb
MII’’2001                                Kim G. Larsen           45
                                                         Communication via channels and
      Train Crossing                                     shared variable.




                       Stopable
                       Area


             [10,20]
   appr,                                                               leave
                                           [3,5]
   stop

                                         Crossing



                   [7,15]
                                   el
                  go


                                                         River
     Queue     empty
               nonempty
               hd, add,rem        Gate                                              UCb
MII’’2001                                Kim G. Larsen                         46
Communication Protocols
      CSMA/CD
      BRP
      ……
                    UCb
      CSMA/CD protocol – MAC layer

                                                   EVENTS


                                  send - service provided by Mac which reacts by
                                          transmitting a message,
                                  rec - (receive) service provided by Mac,
                                        indicates that a message is ready to be received,
                                  b - (begin) Mac begins message transmission to M,
                                  e - (end) Mac terminates message transmission to M,
                                  br - (begin receive) M begins message delivery to Mac,
                                  er - (end receive) M terminates message delivery to Mac,
                                  b - (collision) Mac is notified that a
                                         collision has occurred on M.




MII’’2001         Kim G. Larsen                                   48
                                                                       UCb
Philips Bounded Retransmission
Protocol




                      UCb
      Protocol Overview
Protocol developed by Philips.
Transfer data between Audio/Video components
 via infra-red communication.
Data files sent in smaller chunks.
Problem: Unreliable communication medium.
Sender retransmit if receiver respond too late.
Receiver abort if sender sends too late.


MII’’2001           Kim G. Larsen      50
                                            UCb
     Overview of BRP
Input: file = p1, …, pn                                   Output: p1, …, pn

               Sender                                  Receiver



                   S            BRP                      R


                          pi
                                     K         lossy

                                                        ack
                                      L
                                               lossy


 MII’’2001                     Kim G. Larsen                      51
                                                                       UCb
      How It Works
                                           more parts
Sender input: file = p1, …, filen.
                    first part of
                                  p        will follow


S sends (p1,FST,0), (p2,INC,1), …,
        (pn-1,INC,1), (pn,OK,0).
R sends: ack, …, ack.                   whole file OK
S retransmits pi if timeout.
Receiver recives: p1, …, pn.
Sender and Receiver receives           NOK   or   OK.


MII’’2001               Kim G. Larsen                52
                                                          UCb
      Case Studies: Protocols
Philips Audio Protocol [HS’95, CAV’95, RTSS’95, CAV’96]
Collision-Avoidance Protocol [SPIN’95]
Bounded Retransmission Protocol [TACAS’97]
Bang & Olufsen Audio/Video Protocol [RTSS’97]
TDMA Protocol [PRFTS’97]
Lip-Synchronization Protocol [FMICS’97]
Multimedia Streams [DSVIS’98]
ATM ABR Protocol [CAV’99]
ABB Fieldbus Protocol [ECRTS’2k]
IEEE 1394 Firewire Root Contention (2000)
MII’’2001                  Kim G. Larsen              53
                                                           UCb
      Case-Studies: Controllers

Gearbox Controller [TACAS’98]
Bang & Olufsen Power Controller
   [RTPS’99,FTRTFT’2k]
SIDMAR Steel Production Plant [RTCSA’99, DSVV’2k]
Real-Time RCX Control-Programs [ECRTS’2k]
Experimental Batch Plant (2000)
RCX Production Cell (2000)

MII’’2001                Kim G. Larsen    54
                                               UCb
     BRP Model Overview
Input: file = p1, …, pn                                          Output: p1, …, pn

               Sender                                         Receiver
ok, nok, dk
                                                  IND, ok, nok

                   S                                             R
                                       BRP
                       (pi,INDication,abit)

                                          K          lossy


                                              L
                                                      lossy
                                                                 ack

 MII’’2001                           Kim G. Larsen                       55
                                                                              UCb
      The Lossy Media
                                    one-place
                                     capacity

                                   delay



value-passing


lossy = may drop
messages


MII’’2001          Kim G. Larsen           56
                                                UCb
      Bounded Retransmission

S sends a chunk pi and waits for ack from R.
If timeout the chunk is retransmitted.
If too many timeout the transmission fails
 (NOK is sent to Sender).
If whole file successfully sent OK is sent to
 Sender.
Receiver is similar.

MII’’2001           Kim G. Larsen      57
                                            UCb
    Process S




MII’’2001       Kim G. Larsen   58
                                     UCb
    Process R




MII’’2001       Kim G. Larsen   59
                                     UCb
      The Sender and Receiver




MII’’2001         Kim G. Larsen   60
                                       UCb
      “If you want to know more”
Test & Verification
       http://www.cs.auc.dk/~ejersbo/tov/Plan.html
BRICS@Aalborg
       http://www.cs.auc.dk/research/FS/
UPPAAL
       http://www.uppaal.com
WOODDES, ATT (VHS):
       http://www.docs.uu.se/docs/rtmv/wooddes/
       http://www-verimag.imag.fr/VHS/main.html
Strategic Directions in Computing Research Formal
 Methods Working Group, ACM June 1996
       http://www.cs.cmu.edu/afs/cs/usr/wing/www/mit/mit.html

MII’’2001                           Kim G. Larsen                61
                                                                      UCb

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:8
posted:12/23/2011
language:Latin
pages:61