1 / 21

Verifica e Validazione Automatica di Sistemi Complessi

Verifica e Validazione Automatica di Sistemi Complessi. Enrico Tronci Dipartimento di Informatica, Università di Roma “La Sapienza”, Via Salaraia 113, 00198 Roma, Italy, tronci@di.uniroma1.it , http://www.dsi.uniroma1.it/~tronci. Workshop on Research and Innovations NEXT 20 Mat 2005.

kaycee
Download Presentation

Verifica e Validazione Automatica di Sistemi Complessi

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Verifica e Validazione Automatica di Sistemi Complessi Enrico Tronci Dipartimento di Informatica, Università di Roma “La Sapienza”, Via Salaraia 113, 00198 Roma, Italy,tronci@di.uniroma1.it, http://www.dsi.uniroma1.it/~tronci Workshop on Research and Innovations NEXT 20 Mat 2005

  2. Automatic Verification: A Money Saver Testing without automation tends to discover errors towards the end of the design flow. Error fixing is very expensive at that point and may delay product release. Methods to discover errors as soon as possible are needed. Source: Mercury Interactive, Siebel Siemens Errors caught (percent) Number of times more expensive to fix Early development Implementation

  3. Model Checking Game Sys (VHDL, Verilog, C, C++ Java, MathLab, Simulink, …) BAD (CTL, CTL*, LTL, …) Model Checker (Equivalent to Exhaustive testing) PASS FAIL I.e. no sequence of events (states) can possibly lead to an undesired state. What went wrong … Counterexample I.e. sequence of events (states) leading to an undesired state.

  4. S1=n1 & S2=t2 S1 S2 n1 t1 n2 t2 1 T 2 S2 = n2 S1 = n1 S1=t1 & T=2 S2=t2 & T=1 S2=n2 & S1=t1 c1 c2 Mutual Exclusion (Mutex) n1, n2, 1 t1, n2, 1 c1, n2, 1 n1, t2, 1 t1, t2, 1 c1, t2, 1 n1, c2, 1 t1, c2, 1 c1, c2, 1 n1, n2, 2 t1, n2, 2 c1, n2, 2 n1, t2, 2 t1, t2, 2 c1, t2, 2 n1, c2, 2 t1, c2, 2 c1, c2, 2 SPEC Mutual exclusion: AG (S1 != c1 | S2 != c2) … true No starvation S1: AG (S1 = t1 --> AF (S1 = c1)) … true

  5. S1=n1 & S2=t2 S1 S2 n1 t1 n2 t2 1 T 2 S2 = n2 S1 = n1 S1=t1 & T=2 S2=t2 & T=1 S2=n2 & S1=t1 c1 c2 Mutex (~ arbitrary initial state) Mutual exclusion: AG (S1 != c1 | S2 != c2) … No starvation S1: AG (S1 = t1 --> AF (S1 = c1)) …

  6. SMV output (mutex) -- specificationAG (S1 != c1 | S2 != c2) is true --specificationAG (S1 = t1 -> AF S1 = c1) is true resources used: user time: 0.02 s, system time: 0.04 s BDD nodes allocated: 635 Bytes allocated: 1245184 BDD nodes representing transition relation: 31 + 6

  7. Hybrid Systems Hybrid Systems are systems with discrete as well as continuous state variables. Typically requirements analysis for embedded software/hardware leads to study verification of hybrid systems. • Examples of hybrid systems: • Industrial Plants • Automotive systems (cost of software in new cars compares with that of the mechanics) • Avionics • Biological models • …

  8. Gas Turbine System Disturbances: electric users, param. var, etc Settings Fuel Valve Opening FG102 Controller Gas Turbine (Turbogas) Vrot, Texh, Pel, Pmc Vrot: Turbine Rotation speed Texh: Exhaust smokes Temperature Pel: Generated Electric Power Pmc: Compressor Pressure

  9. PLAN • Build discrete time model of ICARO Turbogas Control System. • Code system model with Murphi verifier. This is very similar to simulation code, only more abstract because of model checking limitations (state explosion). • Run verification experiments.

  10. Experimental Results Results on a INTEL Pentium 4, 2GHz Linux PC with 512 MB RAM. Murphi options: -b, -c, --cache, -m350

  11. Fail trace: MAX_D_U = 2500 KW/sec 10 ms time step (100 Hz sampling frequency) Electric user demand (KW) Rotation speed (percentage of max = 22500 rpm) Allowed range for rotation speed: 40-120

  12. Fail trace: MAX_D_U = 5000 Kw/sec 10 ms time step (100 Hz sampling frequency) Electric user demand (KW) Rotation speed (percentage of max = 22500 rpm) Allowed range for rotation speed: 40-120

  13. Probabilistic Model Checking (1) Sometimes we can associate a probability with each transition. In such cases reachability analysis becomes the task of computing the stationary distribution of a Markov Chain. This can be done using a Probabilistic Model Checker (state space too big for matrices). 0.4 1 0.3 0 0.7 0.2 0.8 2 0.6

  14. Finite Horizon Markov Chain Analysis… of our turbogas

  15. Obstructions State Explosion: That is the HUGE number of reachable states that large systems have. Integration in the design flow: People devoted to verification, validation, specification and testing needed … among other things

  16. Open Source Model Checkers Here are a few examples of open source model checkers. SMV, NuSMV (Carnegie Mellon University, IRST) [smv,VHDL / CTL] SPIN (Bell Labs) [PROMELA (C like)/ LTL] Murphi (Stanford, “La Sapienza”, L’Aquila) [Pascal like/assert() style] VIS (Berkeley, Stanford, Colorado University) [BLIF, Verilog/CTL, LTL] PVS (Stanford) [PVS/PVS] TVLA (Tel-Aviv) [TVLA/TVLA] Java PathFinder (NASA) [Java Bytecode/LTL] BLAST (Berkeley) [C/assert()]

  17. Java Verification (BANDERA)SAnToS Group at Kansas State University

  18. Some Commercial Model Checkers Here are a few examples of commercial model checkers. Cadence (Verilog, VHDL) Synopsis (Verilog, VHDL) Innologic (Verilog) Telelogic (inside SDL suite) Esterel Coverity (C, C++)

  19. In House Model Checkers Here are a few examples of in house model checkers. FORTE (INTEL) [Verilog, VHDL/Temporal Logic] SLAM (Microsoft) [C/assert()] BEBOP (Microsoft) [C/assert()] Rule Based (IBM) [Verilog, VHDL/CTL, LTL] CANVAS (IBM) [Java/constraints-guarantees] Verisoft (Bell Labs) [C/C]

  20. Summing Up Automatic Verification (reachability analysis) is a very useful tool for design and analysis of complex systems such as: digital hardware, embedded software and hybrid systems. Automatic Verification allows us to: Decrease the probability of leaving undetected bugs in our design, thus increasing design quality. Speed up the testing/simulation process, thus decreasing costs and time-to-market. Early error detection, thus decreasing design costs. Support exploration of more complex, hopefully more efficient, solutions by supporting their debugging.

  21. Adoption Paths • Integrating Automatic Verification in Design Flow • (to reach state of the art) • Custom Model Checker • (for competitive advantage, to go beyond state of the art)

More Related