1 modelling and validation of real time systems kim guldstrand larsen paul pettersson brics@aalborg

1

Modelling and Validationof Real Time Systems

Kim Guldstrand LarsenPaul Pettersson

BRICS@Aalborg

2Real Time Systems, DTU, February 1., 2000 Kim G. Larsen & Paul Pettersson UCb

BRICS Machine Basic Research in Computer Science

30+40+40 Millkr

100

100

Aalborg Aarhus

Tools

Other revelvant projects UPPAAL, VHS, VVS


Tools and BRICS

Logic• Temporal Logic• Modal Logic• MSOL • •

Algorithmic• (Timed) Automata Theory• Graph Theory• BDDs• Polyhedra Manipulation• •

Semantics• Concurrency Theory• Abstract Interpretation• Compositionality• Models for real-time & hybrid systems• •

HOL TLP

Applications

PVS ALF

SPINvisualSTATE UPPAAL


What?

Validation and Verification of

software and hardware DESIGNS!

(E.g., real time systems, embedded systems,communication protocols)


A REAL real time system

Klaus Havelund, NASA


Embedded Systems

SyncMaster 17GLsi

Telephone

Tamagotchi

Mobile Phone

Digital Watch


Why?

Testing/simulation of designs/implementations may not reveal error (e.g., no errors revealed after 2 days)

Formal verification (=exhaustive testing) of design provides 100% coverage (e.g., error revealed within 5 min).

TOOL support.


Traditional Software Development

The Waterfall Model

Analysis

Design

Implementation

Testing Costly in time-to-market and money Errors are detected late or never Application of FM’s as early as possible

ProblemArea

Runni

ng

Syst

em

REVI

EWS

REVI

EWS


Introducing, detecting and repairing errors Liggesmeyer 98


Formal Verification & Validation

Design Model SpecificationVerification & Refusal

AnalysisValidation

FORMAL

METHODS

Implementation

Testing

UML




AnalysisValidation

FORMAL

METHODS

Implementation

Testing

UML

TOOLS:

UPPAAL

visu

alSTATE

SPIN




AnalysisValidation

FORMAL

METHODS

Implementation

Testing

UML

AutomaticCode generation

TOOLS:

UPPAAL

visu

alSTATE

…..




AnalysisValidation

FORMAL

METHODS

Implementation

Testing

UML

AutomaticCode generation

AutomaticTest generation

TOOLS:

UPPAAL

visu

alSTATE

…..


How?

Unified Model = State Machine!

a

b

x

ya?

b?

x!

y!b?

Control states

Inputports

Outputports


UP

PA

AL


SP

IN, G

erald H

olzm

ann

AT

&T


visualSTATE

Hierarchical state systems

Flat state systems Multiple and inter-

related state machines

Supports UML notation

Device driver access

VVS w Baan Visualstate, DTU (CIT project)


Train Simulator1421 machines11102 transitions2981 inputs2667 outputs3204 local statesDeclare state sp.: 10^476

BUGS ?

VVSvisualSTATE

Our techniuqes has reduced verific

ation

time w

ith several orders of magnitude

(ex 14 days to 6 sec)


‘State Explosion’ problem

a

cb

1 2

43

1,a 4,a

3,a 4,a

1,b 2,b

3,b 4,b

1,c 2,c

3,c 4,c

All combinations = exponential in no. of components

M1 M2

M1 x M2

Provably theoretical

intractable


Tool Support

TOOLTOOL

System Description A

Requirement F Yes, Prototypes Executable Code Test sequences

No!Debugging Information

Tools: UPPAAL, SPIN, VisualSTATE, Statemate, Verilog, Formalcheck,...

Course Objectives:• Model systems and specify requirements• Validate models using TOOLS• Understand main underlying theoretical and practical problems

21IDA foredrag 20.4.99

UPPAAL

Modelling and Verification of Real Time systems

Uppsala (6 persons), Aalborg (10 persons), 1995-

21 papers, 6 invited talks/tutorials

9 industrial case studies

http://www.docs.uu.se/docs/rtmv/uppaal/index.shtml

Pump ControlsAirbagsRobotsCruise ControlABSCD players

E.g.


Collaborators

@UPPsala Wang Yi Johan Bengtsson Paul Pettersson Fredrik Larsson Alexandre David Justin Pearson ...

@AALborg Kim G Larsen Arne Skou Paul Pettersson Carsten Weise Kåre J Kristoffersen Gerd Behrman Thomas Hune …..

@Elsewhere Magnus Lindahl, Francois Laroussinie, Augusto Burgueno, David Griffioen,

Ansgar Fehnker, Frits Vandraager, Klaus Havelund, Theo Ruys, Pedro D’Argenio, J-P Katoen, J. Tretmans, H. Bowmann, D. Latella, M. Massink, G. Faconti, Kristina Lundqvist, Lars Asplund, Carsten Weise...


Dec’96 Sep’98


Dec’96 Sep’98

from7.5 hrs / 527 MB on ONYX with 2GB (4Mill DKK)to12.75 sec / 2.1 MB on Pentium 150 MHz, 32 MBorEvery 9 month 10 times better performance!


Hybrid & Real Time Systems

PlantContinuous

Controller ProgramDiscrete

Control Theory Computer Science

Eg.:Pump ControlAir BagsRobotsCruise ControlABSCD PlayersProduction Lines

Real Time SystemA system where correctness not only depends on the logical order of events but also on their timing

Real Time SystemA system where correctness not only depends on the logical order of events but also on their timing

sensors

actuators

TaskTask

TaskTask


Validation & VerificationConstruction of UPPAAL models

PlantContinuous

Controller ProgramDiscrete

sensors

actuators

TaskTask

TaskTask

a

cb

1 2

43

a

cb

1 2

43

1 2

43

1 2

43

a

cb

UPPAAL Model

Modelofenvironment(user-supplied)

Model oftasks(automatic)


Intelligent Light Control

Off Light Brightpress? press?

press?

press?

WANT: if press is issued twice quickly then the light will get brighter; otherwise the light is turned off.


Intelligent Light Control

Off Light Brightpress? press?

press?

press?

Solution: Add real-valued clock x

X:=0X<=3

X>3


Timed Automata

n

m

a

Alur & Dill 1990

Clocks: x, y

x<=5 & y>3

x := 0

Guard Boolean combination of comp withinteger bounds

ResetAction perfomed on clocks

Transitions

( n , x=2.4 , y=3.1415 ) ( n , x=3.5 , y=4.2415 )

e(1.1)

( n , x=2.4 , y=3.1415 ) ( m , x=0 , y=3.1415 )

a

State ( location , x=v , y=u ) where v,u are in R

Actionused

for synchronization


n

m

a

Clocks: x, y

x<=5 & y>3

x := 0

Transitions

( n , x=2.4 , y=3.1415 ) ( n , x=3.5 , y=4.2415 )

e(1.1)

( n , x=2.4 , y=3.1415 )

e(3.2)

x<=5

y<=10

LocationInvariants

g1g2 g3

g4

Invariants insure progress!!

Timed Automata - Invariants


The UPPAAL Model= Networks of Timed Automata + Integer Variables +….

l1

l2

a!

x>=2i==3

x := 0i:=i+4

m1

m2

a?

y<=4

…………. Two-way synchronizationon complementary actions.

Closed Systems!

(l1, m1,………, x=2, y=3.5, i=3,…..) (l2,m2,……..,x=0, y=3.5, i=7,…..)

(l1,m1,………,x=2.2, y=3.7, I=3,…..)

0.2

tau

Example transitions

If a URGENT CHANNEL


Lego RCX BrickLEGO MINDSTORMS, LEGO ROBOLAB

3 Input (sensors)Light, rotation, temperature, pressure,.....

3 Output ports (actuators)motor, light

1 Infra-redport


First UPPAAL modelSorting of Lego Boxes

Conveyer Belt

Exercise: Design Controller so that only black boxes are being pushed out

BoxesPiston

Black

Red9 18 81 90

99

BlckRd

remove

eject

Controller

Ken Tindell

Main Skub_af


NQC programs

task skub_af{ while(true){ wait(Timer(1)>DELAY && active==1); active=0; Rev(OUT_C,1); Sleep(8); Fwd(OUT_C,1); Sleep(12); Off(OUT_C); }}

task skub_af{ while(true){ wait(Timer(1)>DELAY && active==1); active=0; Rev(OUT_C,1); Sleep(8); Fwd(OUT_C,1); Sleep(12); Off(OUT_C); }}

int active;int DELAY;int LIGHT_LEVEL;

int active;int DELAY;int LIGHT_LEVEL;

task main{ DELAY=25; LIGHT_LEVEL=35; active=0; Sensor(IN_1, IN_LIGHT); Fwd(OUT_A,1); Display(1);

start skub_af; while(true){ wait(IN_1<=LIGHT_LEVEL); ClearTimer(1); active=1; PlaySound(1); wait(IN_1>LIGHT_LEVEL); }}

task main{ DELAY=25; LIGHT_LEVEL=35; active=0; Sensor(IN_1, IN_LIGHT); Fwd(OUT_A,1); Display(1);

start skub_af; while(true){ wait(IN_1<=LIGHT_LEVEL); ClearTimer(1); active=1; PlaySound(1); wait(IN_1>LIGHT_LEVEL); }}

IDA foredrag 20.4.99 35

UPPAAL Demo


Exercise 2 Each message must be delivered before next message can be accepted. 1. perfect media 2. loosy media 3. retransmission 4. delaying media 5. XXXX

Each message must be delivered before next message can be accepted. 1. perfect media 2. loosy media 3. retransmission 4. delaying media 5. XXXX

Synchronizationbetween two processes.

Sender Receiver

K

L

in

snd pass

out

ackpack


Exercise 3

Machine

Person

Observer

cof

coin

pub

Waity<=3

Ready

Waity<=2

Go

coin!y:=0

y=3

cof?y:=0

y=2

pub!

Design Machine and Observer

1 modelling and validation of real time systems kim guldstrand larsen paul pettersson brics@aalborg

Documents

larsen paul pettersson

aalborg slide

nasa slide

vvs slide

embedded systems syncmaster

verification of software

uppaal visualstate spin

exhaustive testing of