1 / 61

Verifikation af realtids systemer i UPPAAL

Verifikation af realtids systemer i UPPAAL. Kim G. Larsen BRICS@Aalborg. Semantic Models concurrency, mobility, objects real-time, hybrid systems. Validation & Verification algorithms & tools. Construction real-time & network systems.

gavril
Download Presentation

Verifikation af realtids systemer i UPPAAL

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Verifikation af realtids systemer i UPPAAL Kim G. LarsenBRICS@Aalborg

  2. Semantic Models concurrency, mobility, objects real-time, hybrid systems Validation & Verification algorithms & tools Construction real-time & network systems Research ProfileDistributed Systems & Semantics Unit

  3. BRICS Machine Basic Research in Computer Science 30+40+40 Millkr 100 100 Tools Other revelvant projects UPPAAL, VHS, VVS, WOODDES Aarhus Aalborg

  4. Tools andBRICS Applications visualSTATE UPPAAL SPIN PVS HOL ALF TLP • Semantics • Concurrency Theory • Abstract Interpretation • Compositionality • Models for real-time • & hybrid systems • Algorithmic • (Timed) Automata Theory • Graph Theory • BDDs • Polyhedra Manipulation • Logic • Temporal Logic • Modal Logic • MSOL

  5. A REAL real time system Klaus Havelund, NASA

  6. Embedded Systems SyncMaster 17GLsi Mobile Phone Telephone Digital Watch Tamagotchi

  7. Introducing, Detecting and Repairing Errors Liggesmeyer 98

  8. Introducing, Detecting and Repairing Errors Liggesmeyer 98

  9. Suggested Solution? Model based validation, verfication and testing of software and hardware

  10. Verification & Validation Analysis Design Model • Specification Implementation Testing

  11. Verification & Validation Analysis Validation Design Model • Specification Verification & Refusal UML SDL Implementation Testing

  12. Verification & Validation Analysis Validation Design Model • Specification Verification & Refusal UML Model Extraction SDL Automatic Code generation Implementation Testing

  13. Verification & Validation Analysis Validation Design Model • Specification Verification & Refusal UML Model Extraction SDL Automatic Test generation Automatic Code generation Implementation Testing

  14. How? Unified Model=State Machine! b? y! a Output ports x Input ports b? y b a? x! Control states

  15. Tamagotchi C A B ALIVE Passive Feeding Light Meal A B A Health:= Health-1 B A Snack Care Clean A Health=0 or Age=2.000 A A Medicine Discipline Play DEAD Tick A A Health:=Health-1; Age:=Age+1

  16. SYNCmaster

  17. Digital Watch

  18. visualSTATE VVS w Baan Visualstate, DTU (CIT project) • Hierarchical state systems • Flat state systems • Multiple and inter-related state machines • Supports UML notation • Device driver access

  19. The SDL Editor The SDL Editor Process level

  20. SPIN, Gerald Holzmann AT&T

  21. UPPAAL

  22. ‘State Explosion’ problem M2 M1 a 1 2 b c 3 4 M1 x M2 1,a 4,a 1,b 2,b 1,c 2,c 3,a 4,a 3,b 4,b 3,c 4,c Provably theoretical intractable All combinations = exponential in no. of components

  23. Train Simulator VVS visualSTATE 1421 machines 11102 transitions 2981 inputs 2667 outputs 3204 local states Declare state sp.: 10^476 BUGS ? Our techniuqes has reduced verification time with several orders of magnitude (ex 14 days to 6 sec)

  24. Tool Support (model checking) System DescriptionA No! Debugging Information TOOL Yes, Prototypes Executable Code Test sequences RequirementF Tools:Telelogic, Verilog,UPPAAL, SPIN, MV, Statemate, visualSTATE, FormalCheck, VeriSoft, Java Pathfinder,…

  25. www.uppaal.com UPPAAL Modelling and Verification ofReal Timesystems UPPAAL2k > 800 users > 35 countries

  26. @UPPsala Wang Yi Johan Bengtsson Paul Pettersson Fredrik Larsson Alexandre David Tobias Amnell Oliver Möller @AALborg Kim G Larsen Arne Skou Paul Pettersson Carsten Weise Kåre J Kristoffersen Gerd Behrman Thomas Hune Oliver Möller Nicky Oliver Bodentien Lasse Poulsen Collaborators @Elsewhere • David Griffioen, Ansgar Fehnker, Frits Vandraager, Klaus Havelund, Theo Ruys, Pedro D’Argenio, J-P Katoen, J. Tretmans,Judi Romijn, Ed Brinksma,Franck Cassez, Magnus Lindahl, Francois Laroussinie, Patricia Bouyer, Augusto Burgueno, H. Bowmann, D. Latella, M. Massink, G. Faconti, Kristina Lundqvist, Lars Asplund, Justin Pearson...

  27. Hybrid & Real Time Systems Computer Science Control Theory sensors Task Task Task Task actuators Controller Program Discrete Plant Continuous Eg.: Pump Control Air Bags Robots Cruise Control ABS CD Players Production Lines Real Time System A system where correctness not only depends on the logical order of events but also on their timing

  28. a a a 1 1 1 1 2 2 2 2 b b b c c c 3 3 3 3 4 4 4 4 Construction of UPPAAL models Controller Program Discrete Plant Continuous sensors Task Task Task Model of tasks (automatic?) Task actuators Model of environment (user-supplied) UPPAAL Model

  29. Timed Automata Alur & Dill 1990 Clocks:x, y Guard Boolean combination of integer bounds on clocks and clock-differences. n Reset Action perfomed on clocks Action used for synchronization x<=5 & y>3 State (location , x=v , y=u ) where v,u are in R a Transitions x := 0 a (n , x=2.4 , y=3.1415 ) (m , x=0 , y=3.1415 ) m e(1.1) (n , x=2.4 , y=3.1415 ) (n , x=3.5 , y=4.2415 )

  30. Timed Automata Invariants n Clocks:x, y x<=5 Transitions x<=5 & y>3 e(3.2) Location Invariants (n , x=2.4 , y=3.1415 ) a e(1.1) (n , x=2.4 , y=3.1415 ) (n , x=3.5 , y=4.2415 ) x := 0 m Invariants ensure progress!! y<=10 g4 g1 g3 g2

  31. The UPPAAL Model= Networks of Timed Automata + Integer Variables +…. m1 l1 Two-way synchronization on complementary actions. Closed Systems! x>=2 i==3 y<=4 …………. a! a? x := 0 i:=i+4 l2 m2 Example transitions (l1, m1,………, x=2, y=3.5, i=3,…..) (l2,m2,……..,x=0, y=3.5, i=7,…..) (l1,m1,………,x=2.2, y=3.7, I=3,…..) tau 0.2 If aURGENT CHANNEL

  32. Timed Automata in UPPAAL • Timed (Safety) Automata+ urgent actions + urgent locations+ committed locations+ data-variables (with bounded domains)+ arrays of data-variables + constants + guards and assignments over data-variables and arrays…+ templates with local clocks, data-variables, and constants.

  33. Declarations in UPPAAL clock x1, …, xn; int i1, …, im; chan a1, …, ao; const c1 n1, …, cp np; Examples: clock x, y; int i, J0; int[0,1] k[5]; const delay 5, true 1, false 0; Array k of five booleans.

  34. Timed Automata in UPPAAL location invariants clock assignments n x<=5 clock assignments clock natural number and x<=5 & y>3 a clock guards x := 0 data guards m y<=10 g4 g1 g3 g2

  35. Urgent Channels urgent chan hurry; • Informal Semantics: • There will be no delay if transition with urgent action can be taken.Restrictions: • No clock guard allowed on transitions with urgent actions. • Invariants and data-variable guards are allowed.

  36. Urgent Locations Click “Urgent” in State Editor. • Informal Semantics: • No delay in urgent location.Note: the use of urgent locationsreducesthe number of clocks • in a model, and thus the complexity of the analysis.

  37. Committed Locations Click “Committed” in State Editor. • Informal Semantics: • No delay in committed location. • Next transition must involve automata in committed location. Note: the use of committed locationsreducesthe number of • clocks in a model,andallows for more space and time efficient • analysis.

  38. UPPAAL Specification Language A[] p (AG p) E<> p (EF p) p::= a.l | gd | gc | p and p | p or p | not p | p imply p | ( p ) process location data guards clock guards

  39. BRICK SORTING

  40. First UPPAAL modelSorting of Lego Boxes Ken Tindell Piston Boxes eject remove 99 Conveyer Belt red 81 18 90 9 Blck Rd Controller MAIN PUSH Black Exercise: Design Controller so that only black boxes are being pushed out

  41. NQC programs int active; int DELAY; int LIGHT_LEVEL; task MAIN{ DELAY=75; LIGHT_LEVEL=35; active=0; Sensor(IN_1, IN_LIGHT); Fwd(OUT_A,1); Display(1); start PUSH; while(true){ wait(IN_1<=LIGHT_LEVEL); ClearTimer(1); active=1; PlaySound(1); wait(IN_1>LIGHT_LEVEL); } } task PUSH{ while(true){ wait(Timer(1)>DELAY && active==1); active=0; Rev(OUT_C,1); Sleep(8); Fwd(OUT_C,1); Sleep(12); Off(OUT_C); } }

  42. From RCX to UPPAAL Task MAIN • Model includes Round-Robin Scheduler. • Compilation of RCX tasks into TA models. • Presented at ECRTS 2000

  43. The Production CellCourse at DTU, Copenhagen Production Cell

  44. TRAIN CROSSING

  45. Train Crossing Stopable Area [10,20] [3,5] Crossing [7,15] River Queue Gate

  46. Train Crossing Communication via channels and shared variable. Stopable Area [10,20] appr, stop [3,5] leave Crossing [7,15] el go River empty nonempty hd, add,rem Queue Gate

  47. CSMA/CD BRP …… Communication Protocols

  48. CSMA/CD protocol – MAC layer EVENTS send - service provided by Mac which reacts by transmitting a message, rec - (receive) service provided by Mac, indicates that a message is ready to be received, b - (begin) Mac begins message transmission to M, e - (end) Mac terminates message transmission to M, br - (begin receive) M begins message delivery to Mac, er - (end receive) M terminates message delivery to Mac, b - (collision) Mac is notified that a collision has occurred on M.

  49. [D’Argenio et.al. 97] Philips Bounded Retransmission Protocol

  50. Protocol Overview • Protocol developed by Philips. • Transfer data between Audio/Video components via infra-red communication. • Data files sent in smaller chunks. • Problem: Unreliable communication medium. • Sender retransmit if receiver respond too late. • Receiver abort if sender sends too late.

More Related