1 / 15

Verification of a timed multitask system with Uppaal case study

Verification of a timed multitask system with Uppaal case study. ETFA 2005 Beatrice Berard, Houda Bel mokadem, Vincent Gourcuff , Jean-Marc Roussel, Olivier De Smet LURPA - EA 1385 - ENS de Cachan LSV - CNRS UMR 8643 - ENS de Cachan LAMSADE - CNRS UMR 7024 & Université Paris-Dauphine.

carlos-armstrong
Download Presentation

Verification of a timed multitask system with Uppaal case study

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Verification of a timed multitask system with Uppaalcase study ETFA 2005 Beatrice Berard, Houda Bel mokadem, Vincent Gourcuff, Jean-Marc Roussel, Olivier De Smet LURPA - EA 1385 - ENS de Cachan LSV - CNRS UMR 8643 - ENS de Cachan LAMSADE - CNRS UMR 7024 & Université Paris-Dauphine

  2. Outline Context Programmable Logic Controllers (PLC) Multitask behaviour Case study Modelling with Uppaal Idea Overview of the model Control program Operative part Verification Property Results Conclusion

  3. Context Safe control of production systems • Strong interaction Control/Process • large number of inputs and outputs • Strong temporal requirements • reactivity in relation to the process • taking physical times into account • Control made by • Programmable Logical Controllerprogrammed in IEC 61131-3 standard languages:SFC, Ladder Diagram,… +TON blocks • Cyclic behaviour with Multitask possibility PLC Control Process MSS Bosh didactic system (82 inputs / 50 outputs)

  4. Mono-task Multi-task CPU activity Event EVENT-DRIVEN TASK t INPUT I P O MAIN TASK I P O I P O I P O PROGRAM t OUTPUT Context The multi-task behaviour • Cyclic behaviour: Response Time (RT) depend of Time Cycle (TC) TC ≤ RT ≤ 2 TC Standard approachMaterial dependant • React to a specific event: Response Time (RT) depend of the event-driven task RT? Better RT with same materialMore complex program

  5. Case study MSS Bosh didactic system • Constrain: the conveyor must stop in a small range. => Strong timed requirements:Time variation for physical stop of the conveyor must be less than 5 ms • Is multitask a solution? => Formal verification

  6. Main problem Property Satisfy Formalization Formalization Modelled temporal Logic (LTL, CTL, …) observer + Synchronisedwith Timed Automaton Timed Automaton AG(APBAF ~horn) AG(~d1AF ~lig) Model-checker (UPPAAL) [LP97] Property True or False Modelling with UPPAAL Verification by Model – Checking control ⊨

  7. Modelling with UPPAAL Overview of the model • Synchronous non-deterministic processes • 13 timed automata Operative part PLC Output messages Component 1 Main task Input variables Binary synchronization with messages Communication through shared variables Activation messages Component 2 Component 3 Event-driven task

  8. Operative part PLC message shared variable Modelling with UPPAAL Overview of the model • Synchronous non-deterministic processes • 13 timed automata Pos_test ==1 Pos_test:=1 Stop! Stop! Stop?

  9. Evolution condition Step activation Output activation Computation of outputs Modelling with UPPAAL Model of control program The atomicity hypothesis: • Each one of the 4 steps of the main program executes instantaneously. • The time can elapse only in 4 states. Based on Mader – Wupper approach [MW99] X ≤ TCmax X ≤ TCmax Input scan Evolution condition Step activation Idle C C C C X := 0 X ≤ TCmax C X ≤ TCmax Output activation X ≥ TCmin Computation of outputs C C C C

  10. Modelling with UPPAAL Model of timer • Mader – Wupper model: 3 channels for each timer • Our model : one broadcast channel for all the timers

  11. Modelling with UPPAAL Operative partconveyor Loading position Capacitive sensor position Steel-bearing test position Optical sensor position Inductive sensor position Right position

  12. Verification Property • Property P to check: the conveyor stops in less than 5ms at the steel-bearing test point • In CTL or LTL: difficult to write => Add an external observer to measure elapsed time => Express the negation of P:E<> observer.stop and Xobs > 5

  13. Verification Results

  14. Verification Conclusion on this case study • E<> obs.stop and Xobs > 5 : YesSo the conveyor may stop in more the 5 ms. • This configuration of multitask is not sufficient to assume the property.

  15. Conclusion Conclusion and perspectives • Achievements • Method to represent time dependant system : control + process • Improvement in modelling control program • Easier modelling of TON • Less time and memory cost in verification • Real case application in Ladder Diagram • Future works • Automated modelling of control program • Timed property library • Function bloc • Other IEC 61131-3 languages • …

More Related