Zones From infinte to finite

Download Report

Transcript Zones From infinte to finite 

Dependable Embedded
Software Systems
Kim Guldstrand Larsen
UCb
BRICS Machine
Basic Research in Computer Science, 19932006
30+40+40 Millkr
100
100
Tools
Aalborg
UCb
Aarhus
2
Tools and BRICS
Applications
visualSTATE
UPPAAL
SPIN
PVS
HOL
TLP
ALF
Semantics
Algorithmic
Logic
• Concurrency Theory
• (Timed) Automata Theory
• Temporal Logic
• Abstract Interpretation
• Graph Theory
• Modal Logic
• MSOL
•
•
UCb
• BDDs
• Polyhedra Manipulation
•
•
3
• Compositionality
• Models for real-time
& hybrid systems
•
•
A very complex system
Klaus Havelund, NASA
UCb
4
Rotterdam Storm Surge Barrier
UCb
5
Spectacular Software Bugs
 ARIANE-5
 INTEL Pentium II floating-point division
470 Mill US $
 Baggage handling system, Denver
1.1 Mill US $/day for 9 months
 Mars Pathfinder
 Radiation theraphy, Therac-25
 …….
UCb
6
Embedded
Systems
 80% af al software er
indlejret i interagerende
apparater.
 Krav om stigende
funktionalitet med
minimale resourcer
 Udvikler skal ideelt set
have adskillige
kvalifikationer
UCb
sofwarekonstr. og –udvikl.
hardware platforme,
kommunikatíon &
protokoller,
validering (test og
verifikation),……….
7
Traditional Software Development
The Waterfall Model
Problem
Area
Analyse
Design
Implementation
 Costly in time-to-market and money
 Errors are detected late or never
 Application of FM’s as early as possible
UCb
8
Testing
Modelbased Validation
Analysis
Validation
Design Model
Specification
Verification & Refusal
Implementation
Testing
UCb
9
Modelbased Validation
Analysis
Validation
Design Model
Specification
Verification & Refusal
Automatic
Code generation
Implementation
Testing
UCb
10
Modelbased Validation
Analysis
Validation
Design Model
Specification
Verification & Refusal
Automatic
Code generation
Automatic
Test generation
Implementation
Testing
UCb
11
How?
Unified Model = State Machine!
b?
a
Input
ports
y!
x
b?
b
a?
x!
Control states
UCb
12
y
Output
ports
Tamagotchi
A
B
C
ALIVE
Passive
Feeding
Meal
A
Light
B
A
B
Care A
Health:=
Health-1
Snack
A
Clean
Health=0 or Age=2.000
Tick
A
Medicine
A
Discipline
Play
A
A
Health:=Health-1; Age:=Age+1
UCb
13
DEAD
Digital Watch
UCb
Statechart=UML, David HAREL
14
SYNCmaster
UCb
15
UCb
16
visualSTATE
VVS
w Baan Visualstate, DTU (CIT project)
 Hierarchical state
systems
 Flat state systems
 Multiple and interrelated state
machines
 Supports UML
notation
 Device driver
access
UCb
17
UCb
18
Tool Support
System Description A
No!
Debugging Information
TOOL
Yes,
Prototypes
Executable Code
Test sequences
Requirement F
Tools: UPPAAL, visualSTATE,
SPIN, ESTEREL, Rhapsody,
TeleLogic, Statemate, Formalcheck,..
UCb
19
‘State Explosion’
problem
M1
b
a
1
c
3
M2
2
4
M1 x M2
1,a
3,a
4,a
4,a
2,b
1,b
3,b
4,b
1,c
3,c
All combinations = exponential in no. of components
UCb
20
2,c
4,c
Train Simulator
1421 machines
11102 transitions
2981 inputs
2667 outputs
3204 local states
Declare state sp.: 10^476
UCb
VVS
BUGS ?
21
Train Simulator
1421 machines
11102 transitions
2981 inputs
2667 outputs
3204 local states
Declare state sp.: 10^476
UCb
VVS
visualSTATE
BUGS ?
22
See
www.uppaal.com
!!!!
UPPAAL
Modelling and Verification
of Real Time systems
UPPAAL2k
> 2000 users
> 45 countries
Collaborators
@AALborg
@UPPsala
Kim G Larsen
Arne Skou
Paul Pettersson
Carsten Weise
Kåre J Kristoffersen
Gerd Behrman
Thomas Hune
Oliver Möller
Wang Yi
Johan Bengtsson
Paul Pettersson
Fredrik Larsson
Alexandre David
Tobias Amnell
Oliver Möller
@Elsewhere
 David Griffioen, Ansgar Fehnker, Frits Vandraager, Klaus Havelund,
Theo Ruys, Pedro D’Argenio, J-P Katoen, J. Tretmans,
Judi Romijn, Ed Brinksma, Franck Cassez, Magnus Lindahl,
Francois Laroussinie, Patricia Bouyer, Augusto Burgueno,
H. Bowmann, D. Latella, M. Massink, G. Faconti, Kristina Lundqvist,
Lars Asplund, Justin Pearson...
UCb
24
Real Time Systems
Computer Science
Control Theory
sensors
actuators
Plant
Controller Program
Discrete
Continuous
Eg.:
UCb
Pump Control
Air Bags
Robots
Cruise Control
ABS
CD Players
Production Lines
Task
Task
Task
Task
Real Time System
A system where correctness not only
depends on the logical order of events
but also on their timing
25
Validation & Verification
Construction of UPPAAL models
Controller Program
Plant
Continuous
Discrete
sensors
Task
Task
Task
Task
actuators
Model
of
environment
(user-supplied)
a
b
2
3
4
c
1
a
b
UCb
1
3
c
UPPAAL Model
26
2
Model
of
tasks
(automatic)
1
2
3
4
1
2
3
4
a
4
b
c
Intelligent Light Control
press?
Off
press?
Light
press?
Bright
press?
WANT: if press is issued twice quickly
then the light will get brighter; otherwise the light is
turned off.
UCb
27
Intelligent Light Control
Off
press?
X:=0
X<=3
Light
press?
press?
Bright
press?
X>3
Solution: Add real-valued clock x
UCb
28
Timed Automata
Alur & Dill 1990
Clocks: x, y
Guard
n
Action
used
for synchronization
Boolean combination of integer bounds
on clocks and clock-differences.
Reset
x<=5 & y>3
Action perfomed on clocks
a
State
( location , x=v , y=u )
x := 0
Transitions
m
where v,u are in R
a
( n , x=2.4 , y=3.1415 )
( m , x=0 , y=3.1415 )
e(1.1)
( n , x=2.4 , y=3.1415 )
( n , x=3.5 , y=4.2415 )
UCb
29
Timed Automata
Invariants
n
Clocks: x, y
x<=5
Transitions
x<=5 & y>3
Location
Invariants
( n , x=2.4 , y=3.1415 )
a
e(3.2)
e(1.1)
( n , x=2.4 , y=3.1415 )
( n , x=3.5 , y=4.2415 )
x := 0
m
y<=10
g1
UCb
g4
Invariants
ensure
progress!!
g2 g3
30
Cruise Control
When the car ignition
is switched on and
the on button is
pressed, the current
speed is recorded
and the system is
enabled: it maintains
the speed of the car
at the recorded
setting.
Pressing the brake,
accelerator or off
button disables the
system. Pressing
resume or on reenables the system.
buttons
UCb
31
Model Structure
The
CONTROL
system is
structured as
two
processes.
User
engineOn
engineOff
on
off
resume
brake
accelerator
The main
actions and
interactions
are as
shown.
Cruise
Control
clearSpeed
recordSpeed
enablecontrol
disablecontrol
Speed
Control
Engine
dSpeed
cSpeed
acc
UCb
32
User
UCb
Engine
33
The CARA System
Computer Assisted
Resuscitation System
Purpose:
automate delivery of
intravenous fluids to
injured persons in
catastrophic situations
Comprises: software to:
monitor patient’s
blood pressure
control a high-output
infusion pump
UCb
34
System Structure
UCb
35
System Structure
UCb
36
Case Studies: Protocols
Philips Audio Protocol [HS’95, CAV’95, RTSS’95, CAV’96]
Collision-Avoidance Protocol [SPIN’95]
Bounded Retransmission Protocol [TACAS’97]
Bang & Olufsen Audio/Video Protocol [RTSS’97]
TDMA Protocol [PRFTS’97]
Lip-Synchronization Protocol [FMICS’97]
Multimedia Streams [DSVIS’98]
ATM ABR Protocol [CAV’99]
ABB Fieldbus Protocol [ECRTS’2k]
IEEE 1394 Firewire Root Contention (2000)
UCb
37
visualSTATE
UCb
VVS, CIT project
38
visualSTATE Tester Verification





No
No
No
No
No
local nor global dead-ends
never interpreted events
fired actions
conflicting transactions
unreachable states
 All combinations are
checked!
100%
Tested!
UCb
39
No bugs allowed!
Train Simulator
1421 maskiner
11102 transitioner
2981 inputs
2667 outputs
3204 lokale tilstande
Declare state sp.: 10^476
UCb
BUGS ?
40
Experimental Breakthroughs
Patented
System Mach.
VCR
JVC
HI-FI
Motor
AVS
Video
Car
N6
N5
N4
Train1
Train2
7
8
9
12
12
13
20
14
25
23
373
1421
State Space
Declared
Reach
10^5
10^4
10^7
10^7
10^7
10^8
10^11
10^10
10^12
10^13
10^136
10^476
Checks Visual
ST
1279
352
1416384
34560
1438416
1219440
9.2 10^9
6399552
5.0 10^10
3.7 10^8
-----
Machine: 166 MHz Pentium PC with 32 MB RAM
---: Out of memory, or did not terminate after 3 hours.
UCb
41
50
22
120
123
173
122
83
443
269
132
1335
4708
<1
<1
1200
32
3780
---------------
St-of-Art ComBack
Sec MB Sec MB
<1
<1
1.0
<1
6.7
1.1
3.8
32.3
56.2
622
-----
6
<1
6
<1
6
3.9
6
2,0
6
5.7
6
1.5
9
1.8
7 218
7
9.1
7
6.3
--- 25.9
--- 739
7
6
6
6
6
6
6
6
6
6
11
Experimental Breakthroughs
Patented
System Mach.
VCR
JVC
HI-FI
Motor
AVS
Video
Car
N6
N5
N4
Train1
Train2
7
8
9
12
12
13
20
14
25
23
373
1421
State Space
Declared
Reach
10^5
10^4
10^7
10^7
10^7
10^8
10^11
10^10
10^12
10^13
10^136
10^476
Checks Visual
ST
1279
352
1416384
34560
1438416
1219440
9.2 10^9
6399552
5.0 10^10
3.7 10^8
-----
Machine: 166 MHz Pentium PC with 32 MB RAM
---: Out of memory, or did not terminate after 3 hours.
UCb
42
50
22
120
123
173
122
83
443
269
132
1335
4708
<1
<1
1200
32
3780
---------------
St-of-Art ComBack
Sec MB Sec MB
<1
<1
1.0
<1
6.7
1.1
3.8
32.3
56.2
622
-----
6
<1
6
<1
6
3.9
6
2,0
6
5.7
6
1.5
9
1.8
7 218
7
9.1
7
6.3
--- 25.9
--- 739
7
6
6
6
6
6
6
6
6
6
11
Who is CISS ?
ICT Companies
Institute of
Computer Science
BRICS@Aalborg
Modelling and Validation;
Programming Languages;
Software Engineering
UCb
UCb
Institute of
Electronic Systems
Distributed
Real Time Systems
Control Theory;
Real Time Systems;
Networking.
43
Embedded Systems
Communication;
HW/SW
Power Management
VTU
25.5 MDKK
Regional
Councils of
Northern Jutland &
Aalborg City
12 MDKK
ICT Companies
AAU
12.75 MDKK
Who is CISS ?
Companies
12.75 MDKK
Institute of
Computer Science
BRICS@Aalborg
Modelling and Validation;
Programming Languages;
Software Engineering
UCb
UCb
Institute of
Electronic Systems
Distributed
Real Time Systems
Control Theory;
Real Time Systems;
Networking.
44
Embedded Systems
Communication;
HW/SW
Power Management
Typical Activities
 Co-financed R&D projects and
case-studies
 Industrial training and
education
 Seminars, workshops and
networks of knowledge
transfer and exchange
 Ph.D. and industrial Ph.D.
projects
 Visiting Guest researchers
 Student projects
UCb
45
Søren Damgaard, IBM
Organisation
Jørgen Elbæk, RTX
Steen Rasmussen, S-Card
Frands Voss, MCI & Danfoss
CISS Board
Director
Flemming Fredriksen
Anders P. Ravn
Wladyslaw Pietraszek
Kim Guldstrand Larsen
Henrik Schiøler
Arne Skou
Peter Koch
Technical
Integration Board
UCb
Administrator
46
Member Companies
UCb
47
Where is CISS ?
Aalborg University
UCb
48