model checking systems described using uml activity diagrams within asml l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Model checking systems, described using UML activity diagrams, within ASML PowerPoint Presentation
Download Presentation
Model checking systems, described using UML activity diagrams, within ASML

Loading in 2 Seconds...

play fullscreen
1 / 32

Model checking systems, described using UML activity diagrams, within ASML - PowerPoint PPT Presentation


  • 152 Views
  • Uploaded on

Model checking systems, described using UML activity diagrams, within ASML . Rick van Lierop, Software Architect at ASML The 3rd Dutch Model Checking Day 7th November 2001, TU Eindhoven . ASML – Company overview. Company producing advanced lithography systems ( e.g. a wafer scanner)

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Model checking systems, described using UML activity diagrams, within ASML' - nevan


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
model checking systems described using uml activity diagrams within asml

Model checking systems,described using UML activity diagrams,within ASML

Rick van Lierop, Software Architect at ASML

The 3rd Dutch Model Checking Day

7th November 2001, TU Eindhoven

slide2

ASML – Company overview

  • Company producing advanced lithography systems (e.g. a wafer scanner)
  • Founded in 1984
  • Situated in Veldhoven (the Netherlands)
  • 8,349 employees world-wide
  • Latest product: the TWINSCAN wafer scanner system
slide6

ASML - TWINSCAN

2.9m

5.2m

2.0m

slide7

ASML Wafer Scanner

Reticle Stage

Reticle

Projection Lens

Wafer Stage

Wafer

how to make a control design
How to make a control design?
  • Documentation available:
    • Informal textual descriptions in Dutch-English
    • Incomplete, necessary actions are missing
    • Poor concurrency description, missing productivity opportunities
  • Expertise available:
    • Many domain experts, e.g. ASML System Engineers
    • Few formal language experts
    • Common subset of the above, is the empty set
so what is the strategy
So, what is the strategy?
  • We need a better description of the control behavior
    • Which actions need to be executed?
    • What is the sequence of these actions?
    • Which actions need / can be executed in parallel?
  • …, this description can be made using UML activity diagrams,
    • These allow describing asynchronous concurrency, for designing optimal productivity
    • These are intuitive to use, so Domain Experts can be easily involved
slide11

UML activity diagrams (example 1)

synchronization

condition

control design
Control design
  • This resulted in:
    • Involvement of Domain experts, OK!
    • Complete control sequence design, OK!
    • Reviewed and Accepted control design, OK!
    • Better concurrency and thus, productivity, OK!
    • An informal (we didn’t follow UML standard exactly) UML activity diagram, so what!?
    • Complex concurrent system control description, Mmh!?
control design13
Control design
  • Still, we had some hesitations…
    • Reviewers considered only some of the possible scenario’s, but the state space of this system is huge, did we cover sufficient scenario’s?
    • Is this system free of deadlock?
    • Will all wafers that enter the system, eventually leave it? And, the same, for reticles?
    • Steady state behavior was covered, but what about starting and stopping the system?
    • How do lot-to-lot transitions work out?
    • What throughput (productivity) will this system have?
slide14

Let’s simulate the behavior in time!

  • Example1.
  • Oops, there is no:
    • Timing
  • .. Nor ..
    • Resource Allocation
  • Information available in UML activity diagrams!

synchronization

condition

slide19

Results from c-simulator

< WSE 1 0 15 >

< WH 1 0 8 >

< DO 1 0 7 >

< WSM 1 0 8 >

< RH 1 0 18 >

< RS 1 0 18 >

< RM 1 0 19 >

< IL 1 0 20 >

< RM 0 0.1 19 >

< WSE 0 0.372 15 >

< DO 0 4 7 >

< DO 1 4 25 >

< WSM 0 4.21 8 >

< WH 0 4.21 8 >

< CPU 1 4.21 45 >

< CNT 1 4.21 44 >

< WSM 1 4.21 30 >

……………….

what did simulation verification bring us
What did simulation & verification bring us?
  • Now we have the resulting time domain behavior:
  • It shows resource usage in time for the described behavior
  • It is a diagram for communication about this time behavior
  • It gives an idea about throughput
  • It gives an idea about possible throughput bottlenecks
  • We found and corrected defects in the design, e.g.:
    • Deadlocks detected in startup behavior
    • Possible (race-condition) to place more than one reticle on reticle stage (missing [implicit] requirement!!!)
slide22

Example detected undesired behavior

  • Load Reticle  Load Reticle  Unload Reticle (undesired)
  • Load Reticle  Unload Reticle  Load Reticle (desired)
  • Test: # Reticles on Reticle Stage  1
  • Note: Reticles cost about $50-100K (Mercedes!!!)

2

1

1

1

1

2

slide23

The manual translation process is still cumbersome…

  • Automation of manual translation steps is needed:
    • Now an expert in SPIN/Promela and Chi needed, we don’t have that many (say: none) that are also Domain Expert.
    • It is error prone, large number of Chi and Promela statements can contain a lot of bugs.
    • It is time consuming, because a large number of Chi and Promela statements have to be written
slide24

Approach - High level view

Simulation

Output

GSV Process

UML model

(incl.

Activity

Diagrams)

Verification

Output

Data format

Black box

UML: Unified Modelling Language

GSV: Generation Simulation Verification

slide25

Approach - Analysis

  • TWINSCAN activity diagrams:
    • ‘free-form’ UML
    • insufficient information (single source)
  • We have made a design, that covers:
    • UML extensions
    • UML restrictions
    • Rules that describe how UML elements are translated into Chi and Promela
slide26

UML

Activity1

Activity2

prev1

prev0

next

join

Activity3

Approach - Formal translation

Example translation rule of the ‘join’

Chi

proc join(trigger_prev0,

trigger_prev1: ?void,

trigger_next: !void) =

|[ *[ trigger_prev0? 

[ trigger_prev1? 

trigger_next!

]

| trigger_prev1? 

[ trigger_prev0? 

trigger_next!

]

]

]|

Promela

proctype join(chan trigger_prev0,

trigger_prev1,

trigger_next)

{ do

:: trigger_prev0?true;

trigger_prev1?true;

trigger_next!true

:: trigger_prev1?true;

trigger_prev0?true;

trigger_next!true

od

}

slide27

UML2XMI

Exporter

XMI

specification

Chi

generator

Chi

specification

Chi

simulator

Promela

generator

Promela

model

SPIN

UML

DTD

Data format

Off-the-shelf tool

Black box

Approach - Architecture

GSV Process

UML model

(incl.

Activity

Diagrams)

Simulation

output

Verification

output

XMI: XML Metadata Interchange

DTD: Document Type Definition

slide28

XML

Parser

DOM

tree

DOM2Chi

converter

DOM

API

DOM

impl.

Approach - Component design

Chi generator

UML

DTD

Chi

specification

XMI

specification

Interface

Data format

Off-the-shelf tool

Implemented

component

XML: eXtensible Markup Language

DOM: Document Object Model

API: Application Program Interface

slide29

Conclusions

  • Off-the-shelf-tools and industry standards are available and usable.
  • TWINSCAN activity diagrams contained defects. Simulation results and Verification results led to the solving of defects in the design description
  • Extensions to UML activity diagrams are required.
  • Informal UML to formal (correct) UML: The designer of UML activity diagrams is forced to design concrete and unambiguous diagrams.
slide30

Conclusions

  • Visualization with graphs helps in understanding and communicating the behavior
  • By automating the translation process:
    • The expertise shifts from Chi & SPIN to UML.
    • Less error prone: Consistency between Chi and UML and Promela and UML improved.
    • Less time consuming: From >40 hours to <1 hour.
future extensions ideas
Future extensions (ideas)
  • Some UML possibilities were omitted, but are very useful, e.g. Composite states, allows to decompose a complex activity diagram in several simper connected sub-diagrams. Add this functionality.
  • Compare the results from the real machine with the model simulation results, to pin-point design problems and/or update the model
  • Automatically generate program code (C, C++, Java) for the control sequence
  • Run-time optimization (recipe dependent scheduling)
consideration
Consideration…
  • If one diagram says more than 100 lines of text,
  • if one formula says more than 100 diagrams,
  • if there are not many people grasping the formula’s,
  • if there are many people grasping the diagrams, …
  • then, combine diagrams and formulas, and automate the checking
  • But always, if possible, keep it simple!!!