FRESCO Formal REaltime Software COmponents - PowerPoint PPT Presentation

1 / 55
About This Presentation
Title:

FRESCO Formal REaltime Software COmponents

Description:

Funded by the Darpa SEC (Software-Enabled Control) program. French Guyana, ... Interface (the 'statics'): Variables: input/output, discrete/continuous (data) ... – PowerPoint PPT presentation

Number of Views:70
Avg rating:3.0/5.0
Slides: 56
Provided by: valued86
Category:

less

Transcript and Presenter's Notes

Title: FRESCO Formal REaltime Software COmponents


1
The FRESCO Project (Formal Real-time Software
Components)
Tom Henzinger University of California, Berkeley
Funded by the Darpa SEC (Software-Enabled
Control) program
2
French Guyana, June 4, 1996
800 million embedded software failure
3
Mars, July 4, 1997
Lost contact due to embedded software failure
4
4 billion development effort
gt 50 system integration validation cost
5
The Current State in the Design of Embedded
Control Systems
(semi)formal/mathematical
Design Derive Verify
Model
CONTROL ENGINEER
DESIGN TIME
e.g. mode automata, differential equations
ProgramCompile
informal
Code
SOFTWARE ENGINEER
Debug
RUN TIME
e.g. RTOS C
6
The Current State in the Design of Embedded
Control Systems
(semi)formal/mathematical
nonmodular nonhierarchical
Design Derive Verify
Model
CONTROL ENGINEER
DESIGN TIME
e.g. mode automata, differential equations
ProgramCompile
informal
Code
SOFTWARE ENGINEER
Debug
RUN TIME
e.g. RTOS C
7
F
given
SLDL 1
SLDL
SLDL
R
DESIGN
REQUIREMENTS
MASACCIO
ATL
E
MODEL
S
CONSTRAINTS
GIOTTO
GIOTTO-ASC
C
PROGRAM
O
RTOS 1
SLDL
ARCHITECTURE SCHEDULER COMMUNICATION
SLDL
EXECUTABLE
8
given
SLDL 1
SLDL
SLDL
Model-check
DESIGN
REQUIREMENTS
Hierarchical Hybrid Modules
MASACCIO
ATL
MODEL
Synthesize
Refine
CONSTRAINTS
Time-Triggered Blocks of C Code
GIOTTO
GIOTTO-ASC
PROGRAM
Compile
RTOS 1
SLDL
ARCHITECTURE SCHEDULER COMMUNICATION
SLDL
EXECUTABLE
9
Entities physical and logical
processes Communication shared variables
(math) Time time derivatives
(math)
For verifying hard real time
MASACCIO
15th century First use of 3D perspective (hierarch
y)
Assume-Guarantee Refinement
Event-Clock Simulation
For implementing hard real time
GIOTTO
14th century First depiction of
interhuman relations (reactivity)
Entities software
processes Communication time-triggered value
passing Time process
frequencies
10
MASACCIOA Formal Model for Embedded Components
  • Predecessors
  • Parallel composition Reactive Modules (Mocha )
  • Real time Hybrid Automata (HyTech)
  • New
  • Parallel and sequential composition, arbitrarily
    nested
  • Discrete and continuous dynamics, arbitrarily
    composed

11
MASACCIOA Formal Model for Embedded Components
  • Semantics
  • Component interface behaviors
  • Interface (the statics)
  • Variables input/output, discrete/continuous
    (data)
  • Locations entry/exit (control)
  • Behavior (the dynamics)
  • Jumps all variables may change (instantaneous)
  • Flows continuous variables evolve (real-valued
    duration)

12
MASACCIOA Formal Model for Embedded Components
  • Syntax
  • Component operators applied to atomic
    components
  • Operators (six)
  • Parallel and sequential composition
  • Variable and location renaming (connection)
  • Variable and location hiding (abstraction)
  • Atomic components (two)
  • Atomic discrete comp. guarded difference
    equation
  • Atomic continuous comp. guarded differential
    equation

13
MASACCIOA Formal Model for Embedded Components
z
y
g(z) -gt x f(x,y)
a
b
x
14
MASACCIOA Formal Model for Embedded Components
z
y
g(z) -gt x f(x,y)
a
b
x
y h(x,y)
a
b
y
15
MASACCIOA Formal Model for Embedded Components
z
g(z) -gt x f(x,y)
a
b
x
y h(x,y)
a
b
y
16
MASACCIOA Formal Model for Embedded Components
z
g(z) -gt x f(x,y)
a
b
x y y x
x
y h(x,y)
a
b
y
17
MASACCIOA Formal Model for Embedded Components
z
g(z) -gt x f(x,y)
a
b
x
y h(x,y)
a
b
y
18
MASACCIOA Formal Model for Embedded Components
z

g(z) -gt x f(x,y)
a
b
Behavior a,(z,y),(z,y),b
x
entry condition g(z)
y h(x,y)
y
19
MASACCIOA Formal Model for Embedded Components
z

g(z) -gt dx f(x,dy)
a
b
Behaviors a, ,b
x
(x,y)
time may progress condition g(z)
dy h(x,y)
real time
y
20
MASACCIOA Formal Model for Embedded Components
z

g(z) -gt dx f(x,dy)
a
b
x
time may progress condition g(z) g(z)
g(z) -gt dy h(x,y)
y
21
MASACCIOA Formal Model for Embedded Components
y
y
a
b
x y
c
g(y) -gt xx1
x
x
22
MASACCIOA Formal Model for Embedded Components
y
y
a
b
x y
c
g(y) -gt xx1
x
x
23
MASACCIOA Formal Model for Embedded Components
x
y
a
c
x y
g(y) -gt xx1
b
entry condition g(y)
Behaviors a, (x,y), (x,y), b b, (x,y),
(x,y), c
24
MASACCIOA Formal Model for Embedded Components
x
y
a
x y
g(y) -gt xx1
c
Behavior a, (x,y), (x,y), (x,y), c
25
MASACCIOA Formal Model for Embedded Components
x
y
a
x y
g(y) -gt xx1
c
May deadlock internally!
Behavior a, (x,y), (x,y), (x,y), c
26
MASACCIOA Formal Model for Embedded Components

c
a
x y
g(y) -gt xx1
y
g(y) -gt xx
d
x
b
entry condition g(y) v g(y)
27
MASACCIOA Formal Model for Embedded Components
x
y
a
c
g(y) -gt xx1
x y
g(y) -gt xx
d
Behavior a, (x,y), (x,y), (x,y), c or a,
(x,y), (x,y), (x,y), d
28
MASACCIO
MASACCIO
29
MASACCIO
MASACCIO
30
MASACCIO
MASACCIO
31
MASACCIO
MASACCIO
32
MASACCIO
MASACCIO
33
MASACCIO
MASACCIO
34
Assume-Guarantee Decomposition
lt
35
Assume-Guarantee Decomposition
lt
lt
lt
36
Assume-Guarantee Decomposition
lt
A2 -gt B2
lt
A1 -gt B1
lt
A1 A2 -gt B1 B2
37
Assume-Guarantee Decomposition
lt
lt
lt
38
Assume-Guarantee Decomposition
lt
lt
lt
Chandy Misra Abadi Lamport Alur
Henzinger Alur Grosu
39
Assume-Guarantee Decomposition
lt
B1 A2 -gt B2
lt
A1 B2 -gt B1
lt
A1 A2 -gt B1 B2
40
Assume-Guarantee Decomposition
lt
I will not launch
lt
lt
41
Assume-Guarantee Decomposition
I will disarm by noon
lt
lt
lt
42
MASACCIOA Formal Model for Embedded Components
Assume-Guarantee Decomposition
lt
lt
lt
43
MASACCIOA Formal Model for Embedded Components
A lt B means A is more specific than B
  • Parallel Composition

Every behavior of A has a projection which is a
behavior of B
Exists C s.t. A B C
approx. iff
A lt B
iff
Sequential Composition
Every behavior of A has a prefix which is a
behavior of B
approx. iff
Exists C s.t. A B C
A lt B
iff
44
F
given
SLDL 1
SLDL
SLDL
R
DESIGN
REQUIREMENTS
MASACCIO
ATL
E
MODEL
S
CONSTRAINTS
GIOTTO
GIOTTO-ASC
C
PROGRAM
O
RTOS 1
SLDL
ARCHITECTURE SCHEDULER COMMUNICATION
SLDL
EXECUTABLE
45

GIOTTO A Platform-Independent Language for
Real-Time Programming
  • Units of computation
  • Mode set of concurrent tasks
  • Task C procedure
  • Communication
  • Parameter passing
  • Real time
  • Task invocation time-triggered
  • Mode switching event-triggered

46
GIOTTO A Platform-Independent Language for
Real-Time Programming
start md_A (3,4,5) mode md_A ( int x, int
y, int z ) period 10 ms taskfreq 10 do
x task_1 (y,z) taskfreq 5 do y
task_2 (x,z) taskfreq 1 do z task_3
(x,y) exitfreq 5 if y 0 then md_B
(x,y) exitfreq 1 if z gt x then md_C (0)
mode md_B ( int x, int y ) period 20 ms
task_3
Task 3
Task 2
Mode A
T 1
10 ms
47

GIOTTO A Platform-Independent Language for
Real-Time Programming
Task 3
LOGICAL BEHAVIOR
Task 2
T 1
PHYSICAL BEHAVIOR
48

GIOTTO A Platform-Independent Language for
Real-Time Programming
Task 3
LOGICAL BEHAVIOR
Task 2
T 1
PHYSICAL BEHAVIOR
49

GIOTTO A Platform-Independent Language for
Real-Time Programming
T 1
50
GIOTTO A Platform-Independent Language for
Real-Time Programming
Mode Switch Change of Schedule
Task 3
Task 2
T 1
Task 4
not y0
  • Mode B
  • period 20 ms
  • entry point at 2/5 of task 3, which is 4 ms

Mode A
Y0
51
GIOTTO-ASC Compiling Platform-Independent
Real-Time Programs
Architecture (Giotto-A)
Giotto Program
Scheduler (Giotto-S)
Comm (Giotto-C)
Compiler
Executable or Answer Overconstrained
52

GIOTTO-ASC Compiling Platform-Independent
Real-Time Programs
  • Giotto-A
  • Hosts (cpus, sensors, actuators) performance
  • Nets (busses, point-to-point links) performance
  • Giotto-S
  • Map each task to a host and an invocation
    priority
  • E.g. most remotely needed output first
  • Giotto-C
  • Connection task output -gt task input
  • Map each connection to a net and a TDMA slot

53
F
Summary Orthogonalization of Concerns
R
E
  • Function Timing
  • Masaccio design verification
  • Giotto time-triggered implementation

S
  • Constraints
  • A hardware architecture
  • S scheduling algorithm
  • C communication protocol
  • Either given, or to be optimized.
  • Can be nonuniform (e.g., multiple RTOS).

C
O
54
Current Activities
  • Compositional and hierarchical model checking in
    Masaccio
  • Component-wise refinement and event-clock
    simulation between Masaccio models and Giotto
    programs
  • Implementation of Giotto-ASC on LegOS, Vxworks,
    Qnx, and TTA
  • Probabilistic extension of Masaccio

Credits
Luca de Alfaro Ben Horowitz
Rupak Majumdar Freddy Mang Marius
Minea Christoph Meyer Vinayak Prabhu
55
The End
(Assisi, the Upper Chapel, by Giotto, 14C)
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "FRESCO Formal REaltime Software COmponents" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!