1 / 37

About the Compilation of CSL, a Real-Time – pattern based – Specification Language

About the Compilation of CSL, a Real-Time – pattern based – Specification Language Vered Gafni, IAI. Scope. Work initiation in SPEEDS , IP of 6 th framework EC IST program. Spe culative and E xploratory D esign in S ystems Engineering, namely: SPEEDS is about

alice
Download Presentation

About the Compilation of CSL, a Real-Time – pattern based – Specification Language

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. About the Compilation of CSL, a Real-Time – pattern based – Specification Language Vered Gafni, IAI

  2. Scope • Work initiation in SPEEDS, IP of 6th framework EC IST program. • Speculative and Exploratory Design in Systems Engineering, • namely: SPEEDS is about • ‘Components based formal development of embedded systems’ • Development = specification+analysis (by formal methods)

  3. SPEEDS Partners: • Academies: INRIA, Rennes, France, OFFIS, Oldenburg, Germany, VERIMAG, Grenoble, France, Parade, Rome, Italy • Industries: AirBus, IAI, Carmeq (VW), Bosch • Tool providers: Telelogic, Esterel, GreenSys • People: • Roberto Passerone, University of Trento, Italy • Albert Benveniste, Benoit Caillaud, INRIA • Joseph Sifakis, Susanne Graf, VERIMAG • Werner Damm, Bernhard Josko, OFFIS • Alberto Sangiovanni, Berkeley

  4. Component Based Development Clear splitting of responsibilities Building systems from library of components various viewpoints: Functionality Real time Safety,… Heterogeneous behavior: Discrete & continuous Distributed development

  5. SPEEDS Component View

  6. Contract: Basic Specification element Assumption Promise Assumption, Promise – assertions regarding component behavior Assumption: - Minimal delay of 50 sec. between successive trains. - At startup no train is already in XR - Trains move in one direction Promise: - Gate closed as long as a train is in XR. - Gate open whenever XR isemptyfor more than 10 sec. Component

  7. Component: Viewpoints & Refinement Component Functionality Performance Safety • Viewpoints: • Refinement:

  8. Component Functionality Time performance Safety Component Component Component contracts contracts contracts Analysis: based on algebra of contracts (w.r.t. composition) • Consistency, • Compatibility, • Dominance, • Simulation, • Satisfiability • within a component (same interface) • along components (a certain viewpoint) • Refinement Contract contract contract contract

  9. Assertions Expression – Hybrid Automata (HRC formalism) • H = X, , G=(V,E), VL=(init, inv, flow), EL=(ET, EC) • X = {x1,…xn} - finite set of real-numbered variables. •  - finite set of events (atomic entities) • G=(V,E) - control graph, (V - control modes, E - control switches). • VL-mode labeling functions: • init: V  {predicates overx} -- initial condition • inv: V  {predicates overx} -- invariant condition • flow: V  {predicates overx,x∂} -- continuous evolvement. • EL – switch labeling functions • ET: E  -- assigns a transition event to each edge. • EC: E {predicates overx,x’} -- discrete transition condition. • - x∂ - the derivatives of x during continuous change. • - x’ - values at the conclusion of discrete change.

  10. Train Controller Gate

  11. Assertions Expression – Formal Language In practice, • Contract’s assertions must be expressed in formal language; but, HA is ‘too formal’ (low level) to be used by normal engineers. • Alternative options like (Metric) LTL were examined; did better The gate is closed when a train traverses GR (gate region). (EnterGR  ClosedUExitGR) but for normal properties Between the time an elevator is called at a floor and the time it opensits doors at that floor the elevator can pass that floor at most twice. ((call Open)  (Move U (Open  (Stop U (Open  (Move U (Open  (Stop U (Open  (Move U Open)))))))))) still too difficult – not accepted!.

  12. Assertions Expression – Patterns (SafeAir Project) Next attempt: ‘patterns’ • English like fixed sentence embedded with parameters’ place holders, e.g.: inv [Q] while [P] after [N] steps represents a fixed property up to parameters' instantiation. • Semantics: a fixed automaton. A patterns library developed by OFFIS (Oldenburg) • Parameters instantiation – state expressions • Semantics over discrete time model • Idea acceptable by users (format, less) but shortly patterns became complex, like: inv [P] triggers [Q] unless [S] within [B] after_reaching [R] and library grew up to ~400 patterns, not manageable.

  13. SPEEDS - CSL (Contracts Specification Language) CSL – A pattern based specification language for hybrid systems HRC {HRC-Id} Interface controlled: {variables declaration} uncontrolled: {variables declaration} Contracts {viewpoint-id} contract {contract-id} * Assumption: {assertion} Promise: {assertion}

  14. CSL – What’s new (I) • Time model: R. • Variables: • Discrete range • Continuous range • - pwc evolution •  pw derivable • Events (non-Zenon)

  15. C E I E2 E1 I E C I CSL Patterns – What’s new ? • More intuitive names • Temporal/Continuous expressions for parameters: • Events • Conditions • Intervals • whenever [E] occurs [C] holds during following [I] • whenever[E1] occurs [E2] occurs within [I] • [C] during [I] raises [E]

  16. Pattern parameters: Events & Conditions • Events: • Primitive: a, b, c,… Startup,e~v (evalued event) • Derived: edefined-bystate-change ,e.g., tr(C), fs(C) • Time delay: e+T • Expressions: e1e2, e1e2, e1-e2, e1;e2, ewhenC • Conditions • Boolean variable: A, B, C,… • Boolean expression constructed by: , , , ,  • Relations overx, x∂: x>5,x∂=-x+5 • predefined functions:Timer(T) at e, PeriodicTimer(T) at e

  17. Timers • Timer(T) at e • e+Ttr(c=T) where c=Timer(T) at e • PeriodicTimer(T) at e

  18. Intervals • Interval definition: |e1,e2,…,en| where n1, and |..|{ [ ], [ ), ( ], ( ) } • Occurs when e1;e2;…;en occurs, and lasts from e1 to en. • Special cases: • |n:e||e,e,…,e|, for n>2 - sliding window • Singletons appear only as closed intervals: [e] • For periodic e: |n+1:e|  |n e|, thus |3 sec| defines 3 sec. interval. • For condition C: |C| |tr(C), fs(C)|,

  19. CSL Examples • Whenever the request button is pressed a car should arrives • at the station within 3 minutes • Whenever[car-request]occurs[car-arrives]occurs within[3min] • Dispatching commands will be refused during first 5 seconds • after a car arrives at station • Whenever [car-arrives]occurs • [dispatch-cmd]implies[refuse-msg]during following[5sec] • 40 sec. minimal delay between trains: • Whenever[Tin]occurs[Tin]does not occur during following(40 sec] • Between the time an elevator is called at a floor and the time it • stops at that floor the elevator can pass that floor at most twice. • [PassFloor[m]]occurs at most[2]times • during(CallAtFloor[m], StopAtFloor[m])

  20. F<3m3/s A A A Pattern Occurrence Types • Iterative occurrences – non interleaving occurrence's instances Whenever [car-request] occurs [car-arrives] occurs within [3min] • Flowing occurrences - interleaving occurrence's instances [F<3]during[3 Sec]raises[AlarmSignal]

  21. Pattern 1: Automaton Representation Pattern #1: whenever [E_1] occurs [C] holds during following [E_2, E_3]

  22. Pattern 2: Automaton Representation (by Verimag)

  23. Pattern 4: Automaton Representation whenever[E] occurs [ER] occurs within[ES,EF]

  24. Event Identification Automata state change event: e, e1e2,e1e2, e1-e2 state change event: tr(C) delay event: e+T sequence event: e1;e2

  25. CSL • Why ? • Number of patterns starts increasing (14); some simpler, • some more complex. • Compilation is not trivial, needs experts. • Idea motivated by the observation: • Pattern behavior: triggering behavior implies promised behavior Triggering behavior Promised behavior Whenever [car-request] occurs [car-arrives] occurs within [3min] Hence: few simple patterns + combination operators

  26. Improved Version of CSL • 3 basic (simple) patterns: • [C: condition] during |I: interval| • [E: event] occurs within |I: interval| • [E: event] does not occur during |I: interval| • Compound patterns by 2 composition operators: • patternimpliespattern • patternentailspattern Examples: • [Gate_closed] during [Car_in, Car_out] • [Car_request] entails [Car_arrives] occurs within [3min] • Extends expressive power while reducing complexity • Compilation into HRC becomes simpler

  27. Derived patterns & examples • [e] occurs within [e] is abbreviated to [e]. • whenever [E] occurs [C] holds during following |I| • [E] entails [C] during |I| • whenever [E1] occurs [E2] implies [E3] during following |I| • [E1] entails [E2-E3] does not occur during |I| • [C] during [I] raises [E] •  [C] during [I] entails [E] occurs within [0]

  28. Compilation of Basic Patterns

  29. Compound Patterns: Front-Back Fusion (I)

  30. Compound Patterns: Front-Back Fusion (II) Fusion algorithm ? [e] occurs within [e1,e2] entails [C] during [e3,e4]

  31. Fusion by Composition (I) [e] occurs within [e1,e2] entails [e’] occurs within [e3,e4] Triggering behavior Promised behavior

  32. Three forms of a basic pattern [e] occurs within [e1,e2] entails [e’] occurs within [e3,e4]

  33. Fusion by Composition (II)

  34. Indevedual vs. fusion version

  35. Fusion by Composition (III)

  36. Fusion by Composition • Result: • Each basic pattern appears in 3 versions: • Individual, • Front fusion • Back fusion • then fusion reduces to composition of automata (well defined)

  37. Further work • Practical: • Build a compiler for CSL (then gain all the power of • analysis tools created in SPEEDS). • Theoretical: • Examine the expressive power of CSL (w.r.t. metric LTL, HA) • Examine different sets of basic patterns + operators (is there a • ‘minimal’ configuration?, more expressive one? (is it needed in • practice), • Examine different models of intervals deployment

More Related