1 / 53

Verification of Real Time Systems

Verification of Real Time Systems. CS 5270 Lecture 1 Hugh Anderson (Helped by P.S. Thiagarajan). Basic Info. Hugh Anderson S15 #06-12 ; Tel Ext. 6903 hugh@comp.nus.edu.sg www.comp.nus.edu.sg/~hugh Course web page: www.comp.nus.edu.sg/~cs5270

gupham
Télécharger la présentation

Verification of Real Time Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Verification of Real Time Systems CS 5270 Lecture 1 Hugh Anderson (Helped by P.S. Thiagarajan) CS5270 Lecture1

  2. Basic Info • Hugh Anderson • S15 #06-12 ; Tel Ext. 6903 • hugh@comp.nus.edu.sg • www.comp.nus.edu.sg/~hugh • Course web page: • www.comp.nus.edu.sg/~cs5270 • We will be using the IVLE system once I set it up…. CS5270 Lecture1

  3. Office Hours • Anytime – I have an “open-door” policy. • Oh – also - a “buy me coffee” policy  (Actually – lets call that a “join me for coffee” policy) • Or … use email and fix an appointment. CS5270 Lecture1

  4. Grading (Tentative) • Assignments    20% • Projects              20% • Mid-Term       10% • Final                50% CS5270 Lecture1

  5. Course Material • My notes and slides • Selected Parts of: • Hard Real-Time Computing Systems: Predictable Scheduling Algorithms and Applications: Giorgio C. Buttazzo • Real-Time Systems: Design Principles for Distributed Embedded Applications: Hermann Kopetz • Real-Time Systems: Scheduling, Analysis and Verification: Albert M.K. Cheng • Concepts, Algorithms and Tools for Model Checking: Lecture notes by Joost-Peter Katoen: • Research Articles. CS5270 Lecture1

  6. Assignments – still not fixed… • Take-home assignments • 2 (?) • Lab Assignments • 2 (?) • UPPAAL tool based – so have a look at Uppaal at http://www.uppaal.com/. • Individual CS5270 Lecture1

  7. Motivation … do we need any? • Ubiquity of processors, Ariane-5 • Software versus hardware • Abstraction and software engineering CS5270 Lecture1

  8. What is the Course About? • Real Time Computing Systems. • Key features and issues • Modeling, analysis • Verification CS5270 Lecture1

  9. Broad Outline • Introduction to Real Time Systems • Timed Automata • Verification Tools and Techniques. • Time-triggered architectures and protocols. CS5270 Lecture1

  10. What are Real Time Computer Systems? • Real Time Computer System • Correct functioning depends on: • the values of the results produced. AND • the physical times at which the results are produced. • Real Time Computer System is embedded in a larger physical system. CS5270 Lecture1

  11. What are real time systems? • The state of the system evolves with time. • Position, velocity, acceleration • Pressure, temperature, level, concentration • The state needs to be sensed and controlled by the computer system. CS5270 Lecture1

  12. Control Function CS5270 Lecture1

  13. Real time • System time and external physical time are the same! • At least must have a predictable relationship. CS5270 Lecture1

  14. Computational Timing Constraints • The computing system must sense, compute and actuate in a timely fashion. • Many sensors and many actuators. • Many control functions! • Must schedule computational tasks for different control functions in a timely fashion. • Computations must finish on time. • Performance CS5270 Lecture1

  15. Types of Real Time Systems • Hard / Soft • Hard: • Must meet timing constraints always. • Reactor control, automotive electronics • Soft: • Must meet timing constraints often. • Transaction Processing system • Multi-media streaming applications. • Hard/Soft determined externally. • Our focus will be on Hard Real Time Systems. CS5270 Lecture1

  16. Characteristics of Hard Real Time Computing Systems. • Timeliness • Peak Load Handling • The system should not fail at peak load conditions • Predictability • Fault Tolerance • Maintainability CS5270 Lecture1

  17. Impact on System Architecture • Must avoid non-determinism (why?). • Sources of non-determinism: • Direct Memory Access (DMA) by peripheral devices. • Contention for system bus. • Cache • Interrupts generated by I/O devices. • Memory Management (paging) • Dynamic data structures, recursion, unbounded loops (language level). CS5270 Lecture1

  18. Applications • Chemical and Nuclear Plant Control • Railway Switching Systems • Automotive applications • Flight control • ….. CS5270 Lecture1

  19. Current State • Ad hoc techniques, heuristic approaches. • Code written in assembly language • Programmed timers • Low level device handling • Direct manipulation of task and interrupt priorities. • Goal: Optimized predictable execution on simple architectures. CS5270 Lecture1

  20. Drawbacks • Tedious programming • Code quality depends on the programmer • Difficult to understand and maintain. • Verification of timing constraints is practically impossible. • System could collapse in rare, unforeseen circumstances, leading to disasters. CS5270 Lecture1

  21. Laws of Real Time Systems: Buttazzo’s Book • If something can go wrong, it will go wrong. (Murphy’s law) CS5270 Lecture1

  22. Laws of Real Time Systems • If something can go wrong, it will go wrong. (Murphy’s law) • Any software bug will tend to maximize damage. CS5270 Lecture1

  23. Laws of Real Time Systems • If something can go wrong, it will go wrong. (Murphy’s law) • Any software bug will tend to maximize damage. • The worst software bug will be discovered 6 months after the field test. CS5270 Lecture1

  24. Laws of Real Time Systems • If something can go wrong, it will go wrong. (Murphy’s law) • Any software bug will tend to maximize damage. • The worst software bug will be discovered 6 months after the field test. • A system will stop working at the worst possible time. CS5270 Lecture1

  25. Laws of Real Time Systems • If something can go wrong, it will go wrong. (Murphy’s law) • Any software bug will tend to maximize damage. • The worst software bug will be discovered 6 months after the field test. • A system will stop working at the worst possible time. • Sooner or later the worst possible combinations of circumstances will occur. CS5270 Lecture1

  26. Formal Methods (Myths?!#$) • Common in hardware design – buildings, bridges, VHDL chip design and so on. • It is a common misconception that FM is hard to use and slows things down. Most studies show the reverse is true. • Design phase slower, implementation and integration faster… Overall FASTER. • CICS, banking, by wire systems. CS5270 Lecture1

  27. FM for real time systems • Model real time systems precisely, mathematically, formally • External events • System events • Verify timing properties • Propagate timing constraints down to the system level. • Verify implementation meets the specification at each level. CS5270 Lecture1

  28. Assurance: Modelling CS5270 Lecture1

  29. Assurance: Synthesis CS5270 Lecture1

  30. What methods can we offer? • Transition systems + accepting states = automata • Timed automata • To capture high level descriptions. • Verification tools and methods • Time triggered architectures. • A mix of these two paradigms. CS5270 Lecture1

  31. State Transition Systems • TS is the 4-tuple (S, Act, ⇒, Sin) • S --- A set of States • Act --- A set of actions • ⇒ ⊆ S Ⅹ Act Ⅹ S ---- Transition Relation • Sin ⊆ S ---- Initial states • TS have graph view, and … often … • S and Act are finite sets. • Sin has only one element. • The transition relation is deterministic. CS5270 Lecture1

  32. Finite State Automata • Finite State Automata (FSAs) are a basic computational model. • FSAs = Regular Languages = Temporal Logics. • Starting point for many system design methodologies. • SDL, UML, POLIS,… • Verification tools (SPIN, SMV) available. CS5270 Lecture1

  33. A Railway System CS5270 Lecture1

  34. The Gate/Train TS – graph view open approach left Fin-Close proceed close brake proceed Gate Train CS5270 Lecture1

  35. The Gate Controller TS approach open left close Fin-Close proceed CS5270 Lecture1

  36. The Signal Space open Gate Fin-close close open Fin-Close approach Gate Controller close proceed left CS5270 Lecture1

  37. Transition system • To model the entire system, construct the parallel composition: Gate ║ Train ║ Controller (This is another TS) CS5270 Lecture1

  38. Parallel composition… CS5270 Lecture1

  39. Timing Considerations • The “untimed” description is not enough! • From the time “approach” is sent, “proceed” must be received within 5 time units. • From the time “close” is sent, “fin-close” must be received within 3 time units. • From the time “close” is received it takes at least 2 time units before “fin-close” is sent out. CS5270 Lecture1

  40. Timed Automata • Automata + clock variables. • Model finite state (control) systems with timing constraints. • Rich theory (too rich?). • Practical tools. • Emerging applications. • Lot more needs to be done for applications. CS5270 Lecture1

  41. The Basic Idea proceed Approach CS5270 Lecture1

  42. The Basic Idea proceed Approach; x x ≤ 5 From the time “approach” was sent “proceed” must be received within 5 time units. CS5270 Lecture1

  43. act ; Y The Basic Idea φ • act is an action (or event, or signal). • Y is a set of clock variables being reset to 0. • φ is a clock constraint. • φ ::= x ≤ c | x ≥ c | x < c | x > c | φ1φ2 • c is a rational number (integer OK for model) CS5270 Lecture1

  44. The Gate/Train Automata open 2 ≤ x ≤ 4 Fin-Close close; x repair x > 4 Gate CS5270 Lecture1

  45. The Gate/Train Automata left Approach; y proceed brake y < 5 y ≥ 5 proceed Train CS5270 Lecture1

  46. Time-Triggered Architectures • A method for organizing real-time computing systems. • Main Application domain: • Automotive electronics. • But also used in AIRBUS 380, … • See: http://www.tttech.com/technology/articles.htm • FlexRay is a closely related industry “standard” • BMW, Daimler-Benz, Philips Semiconductor, Bosch, … CS5270 Lecture1

  47. The Main Idea • Event-triggered • Timed automata • CAN (Controller Area Network) • Meeting of 3 people • Everyone speaks whenever he/she has something to say. • Must wait for the currently speaker to finish before a new speaker can start. • Imagine a meeting of 40 people! CS5270 Lecture1

  48. The Main Idea • Time-triggered • Every speaker is assigned a predetermined time slot. • After one round, the speaker gets a slot again. • Also, a topic-schedule has been worked out in advance. • Top1, Top2, Top4 in the first round. • Top1, Top3 and Top5 in the second round • Top2, Top4 and Top5 in the third round. • Ensure no one breaks the rules! CS5270 Lecture1

  49. Time-Triggered Architecture CS5270 Lecture1

  50. Time-Triggered Architecture • Basic unit: NODE • Node: • A processor with memory • I-O subsystem • Operating system • Application software • Time-triggered communication controller CS5270 Lecture1

More Related