Modelling%20and%20Validation%20of%20Real%20Time%20Systems%20Kim%20Guldstrand%20Larsen%20Paul%20Pettersson%20BRICS@Aalborg

1
Modelling and Validationof Real Time
SystemsKim Guldstrand LarsenPaul
PetterssonBRICS_at_Aalborg
2
BRICS Machine Basic Research in Computer Science
304040 Millkr
100
100
Tools
Other revelvant projects UPPAAL, VHS, VVS
Aarhus
Aalborg
3
Tools and BRICS
Applications
visualSTATE
UPPAAL
SPIN
PVS
HOL
ALF
TLP

• Semantics
• Concurrency Theory
• Abstract Interpretation
• Compositionality
• Models for real-time
• hybrid systems

• Algorithmic
• (Timed) Automata Theory
• Graph Theory
• BDDs
• Polyhedra Manipulation

• Logic
• Temporal Logic
• Modal Logic
• MSOL

4
What?

• Validation and Verification
• of
• software and hardware DESIGNS!
• (E.g., real time systems, embedded systems,
• communication protocols)

5
A REAL real time system
Klaus Havelund, NASA
6
Embedded Systems
SyncMaster 17GLsi
Mobile Phone
Telephone
Digital Watch
Tamagotchi
7
Why?

• Testing/simulation of designs/implementations may
  not reveal error (e.g., no errors revealed after
  2 days)
• Formal verification (exhaustive testing) of
  design provides 100 coverage (e.g., error
  revealed within 5 min).
• TOOL support.

8
Traditional Software Development
The Waterfall Model
REVIEWS
Problem Area

Analysis
Design
REVIEWS
Implementation
Testing

• Costly in time-to-market and money
• Errors are detected late or never
• Application of FMs as early as possible

Running System
9
Introducing, detecting and repairing errors
Liggesmeyer 98
10
Formal Verification Validation
Analysis
Validation
Design Model
Specification
FORMAL METHODS
Verification Refusal
UML
Implementation
Testing
11
Formal Verification Validation
Analysis
Validation
Design Model
Specification
FORMAL METHODS
Verification Refusal
UML
TOOLS UPPAAL visualSTATE SPIN
Implementation
Testing
12
Formal Verification Validation
Analysis
Validation
Design Model
Specification
FORMAL METHODS
Verification Refusal
UML
TOOLS UPPAAL visualSTATE ..
Automatic Code generation
Implementation
Testing
13
Formal Verification Validation
Analysis
Validation
Design Model
Specification
FORMAL METHODS
Verification Refusal
UML
TOOLS UPPAAL visualSTATE ..
Automatic Code generation
Automatic Test generation
Implementation
Testing
14
How?

• Unified Model State Machine!

y!
b?
a
Output ports
x
Input ports
b?
y
b
a?
x!
Control states
15
UPPAAL
16
SPIN, Gerald Holzmann ATT
17
visualSTATE
VVS w Baan Visualstate, DTU (CIT project)

• Hierarchical state systems
• Flat state systems
• Multiple and inter-related state machines
• Supports UML notation
• Device driver access

18
Train Simulator
VVS visualSTATE
1421 machines 11102 transitions 2981 inputs 2667
outputs 3204 local states Declare state sp.
10476
BUGS ?
Our techniuqes has reduced verification time
with several orders of magnitude (ex 14 days to
6 sec)
19
State Explosion problem
M2
M1
a
1
2
c
b
4
3
M1 x M2
1,a
4,a
1,b
2,b
1,c
2,c
3,a
4,a
3,b
4,b
3,c
4,c
Provably theoretical intractable
All combinations exponential in no. of
components
20
Tool Support
System Description A
No! Debugging Information
TOOL
Yes, Prototypes Executable Code Test
sequences
Requirement F

• Course Objectives
• Model systems and specify requirements
• Validate models using TOOLS
• Understand main underlying theoretical and
  practical problems

Tools UPPAAL, SPIN, VisualSTATE,
Statemate, Verilog, Formalcheck,...
21
Uppsala (6 persons), Aalborg (10 persons),
1995- 21 papers, 6 invited talks/tutorials 9
industrial case studies http//www.docs.uu.se/docs
/rtmv/uppaal/index.shtml
UPPAAL
Modelling and Verification of Real Time systems
E.g.
Pump Controls Airbags Robots Cruise
Control ABS CD players
22
Collaborators

• _at_UPPsala
• Wang Yi
• Johan Bengtsson
• Paul Pettersson
• Fredrik Larsson
• Alexandre David
• Justin Pearson
• ...

• _at_AALborg
• Kim G Larsen
• Arne Skou
• Paul Pettersson
• Carsten Weise
• Kåre J Kristoffersen
• Gerd Behrman
• Thomas Hune
• ..

• _at_Elsewhere
• Magnus Lindahl, Francois Laroussinie, Augusto
  Burgueno, David Griffioen, Ansgar Fehnker, Frits
  Vandraager, Klaus Havelund, Theo Ruys, Pedro
  DArgenio, J-P Katoen, J. Tretmans, H. Bowmann,
  D. Latella, M. Massink, G. Faconti, Kristina
  Lundqvist, Lars Asplund, Carsten Weise...

23
Dec96
Sep98
24
from 7.5 hrs / 527 MB on ONYX with 2GB
(4Mill DKK) to 12.75 sec / 2.1 MB on
Pentium 150 MHz, 32 MB or Every 9 month 10 times
better performance!
Dec96
Sep98
25
Hybrid Real Time Systems
Computer Science
Control Theory
sensors
Task
Task
Task
Task
actuators
Controller Program Discrete
Plant Continuous
Eg.
Pump Control Air Bags Robots Cruise
Control ABS CD Players Production Lines
Real Time System A system where correctness not
only depends on the logical order of events but
also on their timing
26
Validation VerificationConstruction of UPPAAL
models
Controller Program Discrete
Plant Continuous
sensors
Task
Task
Task
Model of tasks (automatic)
Task
actuators
Model of environment (user-supplied)
UPPAAL Model
27
Intelligent Light Control
press?
Off
Light
Bright
press?
press?
press?
WANT if press is issued twice quickly then
the light will get brighter otherwise the light
is turned off.
28
Intelligent Light Control
press?
Xlt3
Off
Light
Bright
X0
press?
press?
press?
Xgt3
Solution Add real-valued clock x
29
Timed Automata
Alur Dill 1990
Clocks x, y
Guard Boolean combination of comp with integer
bounds
n
Reset Action perfomed on clocks
Action used for synchronization
xlt5 ygt3
State ( location , xv , yu ) where v,u are
in R
a
Transitions
x 0
a
( n , x2.4 , y3.1415 )
( m , x0 , y3.1415 )
m
e(1.1)
( n , x2.4 , y3.1415 )
( n , x3.5 , y4.2415 )
30
Timed Automata - Invariants
n
Clocks x, y
xlt5
Transitions
xlt5 ygt3
e(3.2)
Location Invariants
( n , x2.4 , y3.1415 )

a
e(1.1)
( n , x2.4 , y3.1415 )
( n , x3.5 , y4.2415 )
x 0
m
ylt10
g4
g1
g3
Invariants insure progress!!
g2
31
The UPPAAL Model Networks of Timed Automata
Integer Variables .
m1
l1
xgt2 i3
ylt4
.
Two-way synchronization on complementary
actions. Closed Systems!

a!
a?

x 0 ii4

l2
m2
Example transitions
(l1, m1,, x2, y3.5, i3,..)
(l2,m2,..,x0, y3.5, i7,..)
(l1,m1,,x2.2, y3.7, I3,..)
tau
0.2
If a URGENT CHANNEL
32
Lego RCX BrickLEGO MINDSTORMS, LEGO ROBOLAB
3 Input (sensors) Light, rotation, temperature,
pressure,.....
1 Infra-red port
3 Output ports (actuators) motor, light
33
First UPPAAL modelSorting of Lego Boxes
Ken Tindell
Piston
Boxes
eject
remove
99
Conveyer Belt
Red
81
18
90
9
Blck Rd
Controller
Black
Main
Skub_af
Exercise Design Controller so that only
black boxes are being pushed out

34
NQC programs
int active int DELAY int LIGHT_LEVEL
task main DELAY25 LIGHT_LEVEL35
active0 Sensor(IN_1, IN_LIGHT)
Fwd(OUT_A,1) Display(1) start skub_af
while(true) wait(IN_1ltLIGHT_LEVEL)
ClearTimer(1) active1 PlaySound(1)
wait(IN_1gtLIGHT_LEVEL)
task skub_af while(true)
wait(Timer(1)gtDELAY active1) active0
Rev(OUT_C,1) Sleep(8) Fwd(OUT_C,1)
Sleep(12) Off(OUT_C)
35
UPPAAL Demo
36
Exercise 2
Each message must be delivered before next
message can be accepted. 1. perfect media
2. loosy media 3. retransmission
4. delaying media 5. XXXX
Synchronization between two processes.
L
ack
pack
Sender
Receiver
out
in
K
snd
pass
37
Exercise 3
Person
Machine
Observer
coin! y0
pub!
cof
Wait ylt3
pub
Go
y3
coin
Ready
cof? y0
y2
Wait ylt2
Design Machine and Observer