modeling, verification, (sthisynthesis) d ), and...
TRANSCRIPT
Modeling, Modeling, Verification, Verification, ((S th iS th i ) d ) d T tiT ti((SynthesisSynthesis), and ), and TestingTesting
ofofofofof Embedded Systemsof Embedded Systems
Brian NielsenCentre of
Embedded Software SystemsAalborg University, DK
Course Outline1. Introduction2. Modeling
M d lli E b dd d t
olog
i 1. Modelling Embedded systems2. Introduction to timed automata (TA)
3. Verification using Uppaal
tekn
o
4. Beyond Verification: Synthesis1. Optimal Scheduling & Planning2 Controller Synthesis
tions
t 2. Controller Synthesis
5. Real-Time Conformance1. Testing theory
orm
at 2. Real-time extensions of the ioco testing theory
6. Real-Time Test Generation 1. Off-line generation using model checkers
Info g g
2. (optimal) quantitative test-sequences (based on Priced TA)3. Online real-time testing 4. Testing strategies using Timed Games
7. Conclusions
Real-time Synthesis
Pl t C t ll P
olog
i
sensors
PlantContinuous
Controller ProgramDiscrete
tekn
o
actuators
Synthesis ofTasks/Scheduler(automatic)
tions
tor
mat
a
cb
1 2
431 2
43
Model ofEnvironment(non-deterministic/
inputs
Info cb
a
cb
1 2
43
43
1 2a
b
User-supplied)outputs SAT !!
43 cb
Partial UPPAAL Model
Scheduling and optimization
Example: Bridge Problem
5night
olog
i 510
20
tekn
o
25
damaged bride (max 2 men) with holes
tions
t
Unsafe Side Safe Sidelamp
orm
at Unsafe Side
If possible find schedule for all four men
Info to reach safe side in 60 min.
Bridge Problem
UNSAFE SAFE
olog
i UNSAFE SAFEMines
tekn
o
5 10 20 25
tions
tor
mat
Info
Can be modeled and solved with timed automata in UPPAAL.and solved with timed automata in UPPAAL.
Optimal Scheduling – Time
*21
Compute : (D * ( C * ( A + B )) + (( A + B ) + ( C * D ))
AB C D
olog
i + *4
using 2 processors
P1 P2 ( l )
A
tekn
o
* + 2ns+ 5ns+
3 4 P1 (fast) P2 (slow)C
tions
t
+*3ns* 7ns*
65D
orm
at
P15 10 15 20 25
2 3 65
Info
P2 1 4
time
Optimal Scheduling – Time
*21
Compute : (D * ( C * ( A + B )) + (( A + B ) + ( C * D ))
AB C D
olog
i + *4
using 2 processors
P1 P2 ( l )
A
tekn
o
* +2ns+ 5ns+
3 4 P1 (fast) P2 (slow)C
tions
t
+*3ns* 7ns*
65D
orm
at
P15 10 15 20 25
1 3 65 4
Info
P2 2
time
Optimal Scheduling – Power
*21
Compute : (D * ( C * ( A + B )) + (( A + B ) + ( C * D ))
AB C D
olog
i + *4
using 2 processors
P1 (f t) P2 ( l )
A
tekn
o
* +3 4 P1 (fast) P2 (slow)
C5ns+2ns+
tions
t
+*65
D9WI
1WIdle3WI
2WIdleENERGY:
7ns*3ns*
orm
at
P15 10 15 20 25
1 3 65 4
9WIn use 3WIn use
Info
P2 2
time
Optimal Scheduling – Power
*21
Compute : (D * ( C * ( A + B )) + (( A + B ) + ( C * D ))
AB C D
olog
i + *4
using 2 processors
P1 (f ) P2 ( l )
A
tekn
o
* +*+
*+
3 4 P1 (fast) P2 (slow)C
2ns 5ns
tions
t
+** *
65D
9WIn use
1WIdle3WIn use
2WIdleENERGY:
3ns 7ns
orm
at
P15 10 15 20 259WIn use 3WIn use
1 3 4
Info
P2 2 65
time
Task Graph SchedulingOptimal Static Task SchedulingOptimal Static Task Scheduling
Task P={P1,.., Pm} P2 P116 10 2,3
olog
i Machines M={M1,..,Mn} Duration : (PM) N
P d P
16,10 ,
tekn
o Predeces. : p.o. on P
A task can be executed only P6 P3 P42,3 6,6 10,16
tions
t A task can be executed only if all predecessors have completedE h hi
6 3 4
orm
at Each machine can process at most one task at a time
Task cannot be preempted. P7 P52,2 8,2
Info
p p
Compute schedule with i i l ti ti !
,
M = {M1,M2}minimum completion-time!
Task Graph SchedulingOptimal Static Task SchedulingOptimal Static Task Scheduling
Task P={P1,.., Pm} P2 P116 10 2,3
olog
i Machines M={M1,..,Mn} Duration : (PM) N
P ( d )
16,10 ,
tekn
o < : p.o. on P (pred.)
A task can be executed only P6 P3 P42,3 6,6 10,16
tions
t A task can be executed only if all predecessors have completedE h hi
6 3 4
orm
at Each machine can process at most one task at a time
Task cannot be preempted. P7 P52,2 8,2
Info
p p
Compute schedule with i i l ti ti !
,
M = {M1,M2}minimum completion-time!
Task Graph SchedulingOptimal Static Task SchedulingOptimal Static Task Scheduling
Task P={P1,.., Pm} P2 P12 3
olog
i 1 m
Machines M={M1,..,Mn} Duration : (P£M) ! N1
( d )
2 116,10 2,3
tekn
o < : p.o. on P (pred.)
P6 P3 P42 3 6,6 10,16
tions
t P6 P3 P42,3
orm
at
P7 P52,2 8 2
Info P7 P52,2 8,2
M = {M1 M2}E<> (Task1.End and … and Task7.End)M {M1,M2}( )
Experimental Resultsol
ogi
tekn
o
Symbolic A*
tions
t
Brand-&-Bound60 sec
orm
atIn
fo
Abdeddaïm Kerbaa MalerAbdeddaïm, Kerbaa, Maler
Linearly Priced Timed AAutomata
4
olog
i
cba1 2 5
x<3
y>3
x<31
tekn
o cba
Timed Automata + costs on transitions and
y>3
{x:=0}
tions
t
Timed Automata + costs on transitions and locations
Cost of performing transition: transition cost
orm
at Cost of performing transition: transition cost Cost of performing delay : ( x location cost ) Trace:
Info
(a,x=y=0) (b,x=y=0) (b,x=y=2)(2.5) (a,x=0,y=2)4 2.5 x 2 0
Cost of Execution Trace: Cost of Execution Trace: Sum of costs: 4 + 5 + 0 = 9
Optimal Task Graph SchedulingPower-OptimalityPower Optimality
Energy-rates: P2 P1
16 10 2,3
olog
i Energy rates: C : M N
Compute schedule with i i l ti t!
16,10 ,
tekn
o minimum completion-cost!
P6 P3 P42,3 6,6 10,16
tions
t 6 3 4
orm
at
P7 P52,2 8,2
Info ,
4W 3W4W 3W
Verification vs. Optimization
Verification Algorithms: Checks a logical property of
?State reachable?
olog
i Checks a logical property of the entire state-space of a model.
Efficient Blind search 80
tekn
o Efficient Blind search. Optimization Algorithms:
Finds (near) optimal solutions.
80
tions
t ( ) p Uses techniques to avoid non-
optimal parts of the state-space (e.g. Branch and
e?Min time of reaching state?
orm
at
p ( gBound).
Objective: B id b t th t
Info Bridge gap between the two. New techniques and
applications in UPPAAL. 60
Controller Synthesis
Controller Synthesis and Ti d GTimed Games
Production Cell
olog
ite
kno
tions
tor
mat
GIVEN S S
InfoGIVEN System moves S,
Controller moves C, and property FIND strategy sC such that sC||S sat A Two-Player Game
Timed Game Automata [Maler, Pnueli, Sifakis’95].
Uncontrollable
ControllableThe controller continuously observes all delays & moves
[ , , ]ol
ogi Controllable all delays & moves
Move:controllable edge: c
tekn
o gdelay:
Winning strategy: a function that ll h ll h
tions
t
tells the controller how to move in any given state to win the game:
orm
at Memoryless strategy:F : State Ec
Info Reachability Games: Reach Goal
Safety Games: Avoid loose
Timed Games
a winning strategy:ol
ogi L0:
tekn
o
L1:
tions
t
L2:
orm
at
L3:
Info
Timed Game Solverol
ogi
tekn
otio
nst
orm
atIn
fo
Controller Synthesis: HydacCCase
Plastic Injection Molding
olog
i j gMachine
Robust and optimal control
tekn
o Robust and optimal control
Tool Chain
tions
t Tool Chain Synthesis: UPPAAL TIGA Verification: PHAVer
P f SIMULINK
orm
at Performance: SIMULINK
40% improvement of existing
Info 40% improvement of existing
solutions.
d l blQ Underlying PTA problem.Quasimodo
The Molding Machine
The Machine consumes
olog
i oil from the Accumulator
tekn
o
The Machine returns oil to the ReservoirTh t t l t f il
tions
t
The total amount of oil in the system is constant
orm
at constant. The Pump can move
oil from Reservoir to
Info oil from Reservoir to
the Accumulator.
Oil Pump Control Problem
R1: stay within safe
olog
i R1: stay within safe interval [4.9,25.1]
tekn
o
R2: minimize average/overall oil
tions
t average/overall oil volume
orm
atIn
fo
The Machine (consumption)ol
ogi
tekn
otio
nst
Infinite cyclic demand F: noise 0 1 l/s
orm
at
yto be satisfied by our control strategy.P l t 2 b t
F: noise 0.1 l/s
Info P: latency 2 s between
state change of pump
Machine (uncontrollable)ol
ogi
tekn
o
Checks whether V under noise gets outside
tions
t
[Vmin+0.1,Vmax-0.1]
orm
atIn
fo
Pump (controllable)ol
ogi
tekn
otio
nst
orm
atIn
fo
Every 1 (one) seconds
Global Approach
Find some interval 25
0 s 20 sol
ogi I1=[V1,V2] [4.9,25.1] s.t
25
20
tekn
o
I1 is m-stable i.e. from any V0 in I1 there is strategy st
h t fl t ti 15
20
tions
t whatever fluctuation volume is always within [5 25] and at the end 10
15
orm
at [5,25] and at the end within I2=[V1+m,V1-m]
10
I1 I2
Info 2 [ 1 , 1 ]
I1 is optimal among all m-0
5
1 p gstable intervals.
0
Resultsol
ogi
tekn
otio
nst
orm
atIn
fo
D=1, m=0.4: Optimal stable interval I1=[5.1,10]
Resultsol
ogi
tekn
otio
nst
orm
atIn
fo
Resultsol
ogi
tekn
otio
nst
orm
atIn
fo
Cli t C t lClimate Controlol
ogi
tekn
otio
nst
orm
atIn
fo
B J J JBy Jan J. JessenJacob I. Rasmussen
Cli t C t lClimate Controlol
ogi
tekn
otio
nst
orm
atIn
fo
Climate Control / N i hbNeighbor
olog
iNeighboring zone
tekn
o
Neighbor wants to
tions
t
receive flow?
orm
atIn
fo
Temperature in i hbneighbor zone
(lower/higher)
Finite State Machine (M l )(Mealy)
q1condition effect
olog
i
coin / -tea-but / tea
current state
input output next state
q coin q
tekn
o
q2cof-but / cof
coin / -
q1 coin - q2
q2 coin - q3
tions
t
q3
/q3 cof-but cof q1
q3 tea-but tea q1
orm
atInputs = {cof-but, tea-but, coin}Outputs = {cof,tea}States: {q1,q2,q3} Sample run:
InfoInitial state = q1
Transitions= {(q1, coin, -, q2),(q coin - q )
Sample run:
coin/ - coin/- coin/ -cof-but / cofq1 q2 q3 q1(q2, coin, -, q3),(q3, cof-but, cof, q1),(q3, tea-but, tea, q1) }
coin/ -q2cof-but / cofq1q3
Fully Specified FSM (input enabled)(input enabled)
condition effectcof-but / -tea-but / -
olog
i
q1current state
input output next state
i
tea but /
tekn
o
q2
coin / - tea-but / tea
cof-but / cof
q1 coin - q2
q2 coin - q3cof-but / -
tions
t q2/
coin / -q3 cof-but cof q1
q3 tea-but tea q1
tea-but / -
orm
at q3q1 cof-but - q1
q1 tea-but - q1
Info q2 cof-but - q2
q2 tea-but - q2
i i
coin / coin
q3 coin coin q3
FSM 1q1
coin / -FSM as program 1enum currentState {q1,q2,q3};
i { i f b b }
q2
coin / -tea-but / tea
cof-but / cof
olog
ienum input {coin, cof_but,tea_but};int nextStateTable[numStates][numInputs] = {
q2,q1,q1, q3 q2 q2
q3
coin / -
tekn
o q3,q2,q2,q3,q1,q1 };
int outputTable[numStates][numInputs] = {
tions
t
0,0,0, 0,0,0,coin,cof,tea};
orm
atWhile(Input=waitForInput()) {OUTPUT(outputTable[currentState,input])currentState=nextStateTable[currentState,input];
Info [ , p ];
}
FSM as program 2 q1
coin / -p genum currentState {q1,q2,q3};enum input {coin,cof,tea_but,cof_but};
Whil (i i ){
q2
coin / -tea-but / tea
cof-but / cof
olog
iWhile(input=waitForInput){Switch(currentState){case q1: {
s itch (inp t) {q3
coin / -
tekn
o switch (input) {case coin: currentState=q2; break;case cuf_but:case tea but: break;
tions
t case tea_but: break;default: ERROR(”Unexpected Input”);}
break;
orm
at break;case q3: {
switch(input) { case cof buf: {currentState=q1;
Info _ { q ;
OUTPUT(cof);break;}
… default: ERROR(”unknown currentState}