Dependable Embedded Software Systems

  • View
    32

  • Download
    0

Embed Size (px)

DESCRIPTION

Kim Guldstrand Larsen. Dependable Embedded Software Systems. UC b. BRICS Machine Basic Research in Computer Science, 1993-2006. 30+40+40 Millkr. 100. 100. Tools. Aarhus. Aalborg. Tools and BRICS. Applications. visualSTATE. UPPAAL. SPIN. PVS. HOL. ALF. TLP. Semantics - PowerPoint PPT Presentation

Text of Dependable Embedded Software Systems

  • Dependable Embedded Software SystemsKim Guldstrand LarsenUCb

    IDA foredrag 20.4.99

    UCb

    BRICS Machine Basic Research in Computer Science, 1993-200630+40+40 Millkr100100AalborgAarhusTools

    IDA foredrag 20.4.99

    UCb

    Tools and BRICSLogic Temporal Logic Modal Logic MSOL

    Algorithmic (Timed) Automata Theory Graph Theory BDDs Polyhedra Manipulation Semantics Concurrency Theory Abstract Interpretation Compositionality Models for real-time & hybrid systems

    HOLTLPApplicationsPVSALFSPINvisualSTATEUPPAAL

    IDA foredrag 20.4.99

    UCb

    A very complex systemKlaus Havelund, NASA

    IDA foredrag 20.4.99

    UCb

    Rotterdam Storm Surge Barrier

    IDA foredrag 20.4.99

    UCb

    Spectacular Software Bugs ARIANE-5 INTEL Pentium II floating-point division 470 Mill US $ Baggage handling system, Denver 1.1 Mill US $/day for 9 months Mars Pathfinder Radiation theraphy, Therac-25 .

    IDA foredrag 20.4.99

    UCb

    Embedded Systems80% af al software er indlejret i interagerende apparater.Krav om stigende funktionalitet med minimale resourcerUdvikler skal ideelt set have adskillige kvalifikationersofwarekonstr. og udvikl.hardware platforme,kommunikaton & protokoller, validering (test og verifikation),.Indlejrede Systemer =Pervasive Computing

    IDA foredrag 20.4.99

    UCb

    Traditional Software DevelopmentThe Waterfall Model

    AnalyseDesignImplementationTesting Costly in time-to-market and money Errors are detected late or never Application of FMs as early as possibleProblemAreaRunning SystemREVIEWSREVIEWS

    IDA foredrag 20.4.99

    UCb

    Modelbased ValidationDesign Model SpecificationVerification & Refusal AnalysisValidationFORMAL METHODSImplementation TestingUML

    IDA foredrag 20.4.99

    UCb

    Modelbased ValidationDesign Model SpecificationVerification & Refusal AnalysisValidationFORMAL METHODSImplementation TestingUMLAutomaticCode generation

    IDA foredrag 20.4.99

    UCb

    Modelbased ValidationDesign Model SpecificationVerification & Refusal AnalysisValidationFORMAL METHODSImplementation TestingUMLAutomaticCode generationAutomaticTest generation

    IDA foredrag 20.4.99

    UCb

    How?Unified Model = State Machine!

    abxya?b?x!y!b?Control statesInputportsOutputports

    IDA foredrag 20.4.99

    UCb

    TamagotchiACHealth=0 or Age=2.000BPassiveFeedingLightCleanPlayDisciplineMedicineCareTickHealth:=Health-1; Age:=Age+1AAAAAAAAMealSnackB

    BALIVEDEADHealth:= Health-1

    IDA foredrag 20.4.99

    UCb

    Digital WatchStatechart=UML, David HAREL

    IDA foredrag 20.4.99

    UCb

    SYNCmaster

    IDA foredrag 20.4.99

    UCb

    SPIN, Gerald Holzmann AT&T

    IDA foredrag 20.4.99

    UCb

    visualSTATEHierarchical state systemsFlat state systemsMultiple and inter-related state machinesSupports UML notationDevice driver accessVVS w Baan Visualstate, DTU (CIT project)

    IDA foredrag 20.4.99

    UCb

    UPPAAL

    IDA foredrag 20.4.99

    UCb

    Tool Support

    TOOL

    System Description A

    Requirement FYes, Prototypes Executable Code Test sequencesNo!Debugging InformationTools: UPPAAL, visualSTATE, SPIN, ESTEREL, Rhapsody, TeleLogic, Statemate, Formalcheck,..

    IDA foredrag 20.4.99

    UCb

    State Explosion problemacb12431,a4,a3,a4,a1,b2,b3,b4,b1,c2,c3,c4,cAll combinations = exponential in no. of componentsM1M2M1 x M2Provably theoretical intractable

    IDA foredrag 20.4.99

    UCb

    Train Simulator1421 machines11102 transitions2981 inputs2667 outputs3204 local statesDeclare state sp.: 10^476BUGS ?VVS

    IDA foredrag 20.4.99

    UCb

    Train Simulator1421 machines11102 transitions2981 inputs2667 outputs3204 local statesDeclare state sp.: 10^476BUGS ?VVSvisualSTATEOur techniuqes has reduced verification time with several orders of magnitude (ex 14 days to 6 sec)

    IDA foredrag 20.4.99

  • UPPAALModelling and Verification of Real Time systemsUPPAAL2k > 2000 users > 45 countriesSee www.uppaal.com !!!!

    IDA foredrag 20.4.99

    UCb

    Collaborators@UPPsalaWang YiJohan BengtssonPaul PetterssonFredrik LarssonAlexandre DavidTobias AmnellOliver Mller @AALborgKim G LarsenArne SkouPaul PetterssonCarsten Weise Kre J KristoffersenGerd BehrmanThomas HuneOliver Mller @ElsewhereDavid Griffioen, Ansgar Fehnker, Frits Vandraager, Klaus Havelund, Theo Ruys, Pedro DArgenio, J-P Katoen, J. Tretmans, Judi Romijn, Ed Brinksma, Franck Cassez, Magnus Lindahl, Francois Laroussinie, Patricia Bouyer, Augusto Burgueno, H. Bowmann, D. Latella, M. Massink, G. Faconti, Kristina Lundqvist, Lars Asplund, Justin Pearson...

    IDA foredrag 20.4.99

    UCb

    Real Time SystemsPlantContinuousController ProgramDiscreteControl TheoryComputer ScienceEg.:Pump ControlAir BagsRobotsCruise ControlABSCD PlayersProduction LinesReal Time SystemA system where correctness not only depends on the logical order of events but also on their timingsensorsactuatorsTaskTaskTaskTask

    IDA foredrag 20.4.99

    UCb

    Validation & VerificationConstruction of UPPAAL modelsPlantContinuousController ProgramDiscretesensorsactuatorsTaskTaskTaskTaskUPPAAL ModelModelofenvironment(user-supplied)Model oftasks(automatic)

    IDA foredrag 20.4.99

    UCb

    Intelligent Light ControlOffLightBrightpress?press?press?press?WANT: if press is issued twice quickly then the light will get brighter; otherwise the light is turned off.

    IDA foredrag 20.4.99

    UCb

    Intelligent Light ControlOffLightBrightpress?press?press?press?Solution: Add real-valued clock x X:=0X3

    IDA foredrag 20.4.99

    UCb

    Timed AutomatanmaAlur & Dill 1990Clocks: x, yx3x := 0Guard Boolean combination of integer boundson clocks and clock-differences.ResetAction perfomed on clocksTransitions( n , x=2.4 , y=3.1415 ) ( n , x=3.5 , y=4.2415 )e(1.1)( n , x=2.4 , y=3.1415 ) ( m , x=0 , y=3.1415 )aState ( location , x=v , y=u ) where v,u are in RActionusedfor synchronization

    IDA foredrag 20.4.99

    UCb

    Timed Automata InvariantsnmaClocks: x, yx3x := 0Transitions( n , x=2.4 , y=3.1415 ) ( n , x=3.5 , y=4.2415 ) e(1.1)( n , x=2.4 , y=3.1415 ) e(3.2)x

Related documents