1 / 48

Dependable Embedded Software Systems

Kim Guldstrand Larsen. Dependable Embedded Software Systems. UC b. BRICS Machine Basic Research in Computer Science, 1993-2006. 30+40+40 Millkr. 100. 100. Tools. Aarhus. Aalborg. Tools and BRICS. Applications. visualSTATE. UPPAAL. SPIN. PVS. HOL. ALF. TLP. Semantics

kessie-shaffer
Télécharger la présentation

Dependable Embedded Software Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Kim Guldstrand Larsen Dependable Embedded Software Systems UCb

  2. BRICS Machine Basic Research in Computer Science, 1993-2006 30+40+40 Millkr 100 100 Tools Aarhus Aalborg

  3. Tools andBRICS Applications visualSTATE UPPAAL SPIN PVS HOL ALF TLP • Semantics • Concurrency Theory • Abstract Interpretation • Compositionality • Models for real-time • & hybrid systems • Algorithmic • (Timed) Automata Theory • Graph Theory • BDDs • Polyhedra Manipulation • Logic • Temporal Logic • Modal Logic • MSOL

  4. A very complex system Klaus Havelund, NASA

  5. Rotterdam Storm Surge Barrier

  6. Spectacular Software Bugs • ARIANE-5 • INTEL Pentium II floating-point division 470 Mill US $ • Baggage handling system, Denver 1.1 Mill US $/day for 9 months • Mars Pathfinder • Radiation theraphy, Therac-25 • …….

  7. Embedded Systems Indlejrede Systemer = Pervasive Computing • 80% af al software er indlejret i interagerende apparater. • Krav om stigende funktionalitet med minimale resourcer • Udvikler skal ideelt set have adskillige kvalifikationer • sofwarekonstr. og –udvikl. • hardware platforme, • kommunikatíon & protokoller, • validering (test og verifikation),……….

  8. Traditional Software Development The Waterfall Model REVIEWS Problem Area Analyse Design REVIEWS Implementation Testing • Costly in time-to-market and money • Errors are detected late or never • Application of FM’s as early as possible Running System

  9. Modelbased Validation Analysis Validation Design Model • Specification FORMAL METHODS Verification & Refusal UML Implementation Testing

  10. Modelbased Validation Analysis Validation Design Model • Specification FORMAL METHODS Verification & Refusal UML Automatic Code generation Implementation Testing

  11. Modelbased Validation Analysis Validation Design Model • Specification FORMAL METHODS Verification & Refusal UML Automatic Code generation Automatic Test generation Implementation Testing

  12. How? Unified Model=State Machine! b? y! a Output ports x Input ports b? y b a? x! Control states

  13. Tamagotchi C A B ALIVE Passive Feeding Light Meal A B A Health:= Health-1 B A Snack Care Clean A Health=0 or Age=2.000 A A Medicine Discipline Play DEAD Tick A A Health:=Health-1; Age:=Age+1

  14. Digital Watch Statechart=UML, David HAREL

  15. SYNCmaster

  16. SPIN, Gerald Holzmann AT&T

  17. visualSTATE VVS w Baan Visualstate, DTU (CIT project) • Hierarchical state systems • Flat state systems • Multiple and inter-related state machines • Supports UML notation • Device driver access

  18. UPPAAL

  19. Tool Support System DescriptionA No! Debugging Information TOOL Yes, Prototypes Executable Code Test sequences RequirementF Tools:UPPAAL, visualSTATE, SPIN, ESTEREL, Rhapsody, TeleLogic, Statemate, Formalcheck,..

  20. ‘State Explosion’ problem M2 M1 a 1 2 b c 3 4 M1 x M2 2,b 1,c 4,a 1,b 2,c 1,a 4,c 4,a 3,b 4,b 3,c 3,a Provably theoretical intractable All combinations = exponential in no. of components

  21. Train Simulator VVS 1421 machines 11102 transitions 2981 inputs 2667 outputs 3204 local states Declare state sp.: 10^476 BUGS ?

  22. Train Simulator VVS visualSTATE 1421 machines 11102 transitions 2981 inputs 2667 outputs 3204 local states Declare state sp.: 10^476 BUGS ? Our techniuqes has reduced verification time with several orders of magnitude (ex 14 days to 6 sec)

  23. See www.uppaal.com !!!! UPPAAL Modelling and Verification ofReal Timesystems UPPAAL2k > 2000 users > 45 countries

  24. @UPPsala Wang Yi Johan Bengtsson Paul Pettersson Fredrik Larsson Alexandre David Tobias Amnell Oliver Möller @AALborg Kim G Larsen Arne Skou Paul Pettersson Carsten Weise Kåre J Kristoffersen Gerd Behrman Thomas Hune Oliver Möller Collaborators @Elsewhere • David Griffioen, Ansgar Fehnker, Frits Vandraager, Klaus Havelund, Theo Ruys, Pedro D’Argenio, J-P Katoen, J. Tretmans,Judi Romijn, Ed Brinksma,Franck Cassez, Magnus Lindahl, Francois Laroussinie, Patricia Bouyer, Augusto Burgueno, H. Bowmann, D. Latella, M. Massink, G. Faconti, Kristina Lundqvist, Lars Asplund, Justin Pearson...

  25. Real Time Systems Computer Science Control Theory sensors Task Task Task Task actuators Controller Program Discrete Plant Continuous Eg.: Pump Control Air Bags Robots Cruise Control ABS CD Players Production Lines Real Time System A system where correctness not only depends on the logical order of events but also on their timing

  26. a a a 1 1 1 1 2 2 2 2 b b b c c c 3 3 3 3 4 4 4 4 Validation & VerificationConstruction of UPPAAL models Controller Program Discrete Plant Continuous sensors Task Task Task Model of tasks (automatic) Task actuators Model of environment (user-supplied) UPPAAL Model

  27. Intelligent Light Control press? Off Light Bright press? press? press? WANT: if press is issued twice quickly then the light will get brighter; otherwise the light is turned off.

  28. Intelligent Light Control press? X<=3 X:=0 Off Light Bright press? press? press? X>3 Solution: Add real-valued clock x

  29. Timed Automata Alur & Dill 1990 Clocks:x, y Guard Boolean combination of integer bounds on clocks and clock-differences. n Reset Action perfomed on clocks Action used for synchronization x<=5 & y>3 State (location , x=v , y=u ) where v,u are in R a Transitions x := 0 a (n , x=2.4 , y=3.1415 ) (m , x=0 , y=3.1415 ) m e(1.1) (n , x=2.4 , y=3.1415 ) (n , x=3.5 , y=4.2415 )

  30. Timed Automata Invariants n Clocks:x, y x<=5 Transitions x<=5 & y>3 e(3.2) Location Invariants (n , x=2.4 , y=3.1415 ) a e(1.1) (n , x=2.4 , y=3.1415 ) (n , x=3.5 , y=4.2415 ) x := 0 m Invariants ensure progress!! y<=10 g4 g1 g3 g2

  31. buttons Cruise Control When the car ignition is switched on and the on button is pressed, the current speed is recorded and the system is enabled: it maintains the speed of the car at the recorded setting. Pressing the brake, accelerator or off button disables the system. Pressing resume or on re-enables the system.

  32. Model Structure engineOn engineOff on off resume brake accelerator Cruise Control The CONTROL system is structured as two processes. The main actions and interactions are as shown. User clearSpeed recordSpeed enablecontrol disablecontrol Speed Control Engine dSpeed cSpeed acc

  33. User Engine

  34. The CARA System Computer Assisted Resuscitation System Purpose: automate delivery of intravenous fluids to injured persons in catastrophic situations Comprises: software to: monitor patient’s blood pressure control a high-output infusion pump

  35. System Structure

  36. System Structure

  37. Case Studies: Protocols • Philips Audio Protocol[HS’95, CAV’95, RTSS’95, CAV’96] • Collision-Avoidance Protocol [SPIN’95] • Bounded Retransmission Protocol [TACAS’97] • Bang & Olufsen Audio/Video Protocol[RTSS’97] • TDMA Protocol [PRFTS’97] • Lip-Synchronization Protocol [FMICS’97] • Multimedia Streams [DSVIS’98] • ATM ABR Protocol [CAV’99] • ABB Fieldbus Protocol [ECRTS’2k] • IEEE 1394 Firewire Root Contention (2000)

  38. visualSTATE VVS, CIT project

  39. No local nor global dead-ends No never interpreted events No fired actions No conflicting transactions No unreachable states All combinations are checked! No bugs allowed! visualSTATE Tester Verification 100% Tested!

  40. Train Simulator 1421 maskiner 11102 transitioner 2981 inputs 2667 outputs 3204 lokale tilstande Declare state sp.: 10^476 BUGS ?

  41. Experimental BreakthroughsPatented Machine: 166 MHz Pentium PC with 32 MB RAM ---: Out of memory, or did not terminate after 3 hours.

  42. Experimental BreakthroughsPatented Vore teknikker har reduceret verifikationstiden med flere størrelsesordner (ex fra 14 dage til 6 sec) Machine: 166 MHz Pentium PC with 32 MB RAM ---: Out of memory, or did not terminate after 3 hours.

  43. Who is CISS ? ICT Companies Institute of Computer Science Institute of Electronic Systems Distributed Real Time Systems Control Theory; Real Time Systems; Networking. BRICS@Aalborg Modelling and Validation; Programming Languages; Software Engineering Embedded Systems Communication; HW/SW Power Management UCb

  44. VTU 25.5 MDKK Regional Councils of Northern Jutland & Aalborg City 12 MDKK Who is CISS ? ICT Companies AAU 12.75 MDKK Companies 12.75 MDKK Institute of Computer Science Institute of Electronic Systems Distributed Real Time Systems Control Theory; Real Time Systems; Networking. BRICS@Aalborg Modelling and Validation; Programming Languages; Software Engineering Embedded Systems Communication; HW/SW Power Management UCb

  45. Co-financed R&D projects and case-studies Industrial training and education Seminars, workshops and networks of knowledge transfer and exchange Ph.D. and industrial Ph.D. projects Visiting Guest researchers Student projects Typical Activities

  46. Organisation Søren Damgaard, IBM Jørgen Elbæk, RTX Steen Rasmussen, S-Card Frands Voss, MCI & Danfoss Flemming Fredriksen Anders P. Ravn Wladyslaw Pietraszek Kim Guldstrand Larsen Henrik Schiøler Arne Skou Peter Koch

  47. Member Companies

  48. Aalborg University Where is CISS ?

More Related