The Montana Toolset: Formal Analysis of AADL Specifications

Size: px

Start display at page:

Download "The Montana Toolset: Formal Analysis of AADL Specifications"

Matilda Wade
6 years ago
Views:

1 Fremont Associates Process Project QA The Montana Toolset: Formal Analysis of AADL Specifications SAE AS-2 2 Working Group Seal Beach, California 27 January 2005

2 Outline Origins, Origins, Goals, Plans and Strategy ACSR ACSR and the VERSA Toolkit The The Charon Language and Toolkit The The Montana Toolkit STTR Phase I STTR Phase II

3 Origins STTR STTR AF04-T023 Modeling Languages and Analysis Tools for Complex Distributed Systems OBJECTIVE: Develop language and computational tool support for modeling and analyzing complex distributed system designs and integrate these methods to build distributed systems.

4 Origins AADL Language, Eclipse tools, OSATE, EMF ACSR: Algebra of Communicating Shared Resources Real-Time Resources VERSA tool support Charon Hybrid state machines Charon tool support

5 Goals, Plans and Strategy STTR Phase I Proof of Concept Translation; Annex Prototype Small case studies for demo STTR Phase II Primary R&D Tools Design and Development Methodology Proselytize Phase III Make the world a better place

6 Goals Plans and Strategy Phase Phase I Eclipse, Osate,, EMF Custom developed interface layer plug-ins C++ Implementation of VERSA Charon

7 Goals Plans and Strategy Phase Phase II Eclipse,? (AADL front-end), EMF Custom developed analysis plug-ins Fresh implementation of VERSA Interface to special purpose analysis engines CADP, CADP, Spin PVSPVS Books, tutorials, advocacy to support methodology

8 Outline Origins, Origins, Goals, Plans and Strategy ACSR ACSR and the VERSA Toolkit The The Charon Language and Toolkit The The Montana Toolkit STTR Phase I STTR Phase II

9 ACSR and the VERSA Toolkit ACSR: ACSR: Algebra of Communicating Shared Resources Process Algebra Real-time Timed Timed Actions Timeouts Interrupts Resources Priorities

10 ACSR and the VERSA Toolkit Events: (e,p).p( e,p).p,, ('e,p).p e,p).p,, (τ,p).p( Timed Actions: {(r1,p1),(r2,p2), }:P Choice: P1 + P2 Parallel Composition: P1 P2 Temporal Scope: P t a Miscellaneous operators ( P, P, P e t i )

11 ACSR and the VERSA Toolkit TBB = (in,1).tbb1; TBB1 = (in,1).tbb2 + (out,2).tbb; TBB2 = (out,2).tbb1; (in,1) TBB1 (in,1) TBB (out,2) (out,2) TBB2

12 ACSR and the VERSA Toolkit SYS = (OBBL OBBR)\{sync}; OBBL = (in,1).(sync,3).obbl; OBBR = ('sync,3).(out,2).obbr; OBBL (in,1) (sync,3) OBBL OBBR ( sync,3) (out,2) OBBR \sync

13 ACSR and the VERSA Toolkit OBBL (in,1) (sync,3) OBBL OBBR ( sync,3) (out,2) OBBR \sync (in,1) OBBL OBBR (out,2) (τ,6) OBBL OBBR (in,1) OBBL OBBR (out,2) OBBL OBBR

14 ACSR and the VERSA Toolkit {(r1,1),(r3,5)} {(r2,8),(r4,0)} {(r1,1),(r2,8),(r3,5),(r4,0)} {(r1,1),(r3,5)} (τ,1) (τ,1)

15 ACSR and the VERSA Toolkit {(r1,1),(r2,5)} {(r2,8),(r4,0)} X

16 ACSR and the VERSA Toolkit UtilityUtility State space exploration Equivalence testing VERSA: VERSA: Verification Execution and Rewrite System for ACSR Syntax checking State space construction State space exploration Equivalence testing Term rewriting

17 ACSR and the VERSA Toolkit UtilityUtility Traditional Schedulability Analysis Schedulability Analysis for Arbitrary Systems

18 Translating AADL to ACSR Threads Threads are modeled as ACSR processes Based on thread semantic automaton Processors and access connections are modeled as resources Event Event and data connections are modeled as communication channels

19 Example: Cruise Control Standard Standard example (from OSATE release) + auxiliary processes for bookkeeping

20 Example: Cruise Control Processor and connection bindings determine resources Scheduling protocol determines priorities Periodic processes have activators Scheduling_Protocol => EDF Dispatch_Protocol => periodic

21 ACSR and the VERSA Toolkit Eclipse + OSATE + EMF + Translator + VERSA + reinterpretation of results in AADL = Schedulability analysis for threads

22 Outline Origins, Origins, Goals, Plans and Strategy ACSR ACSR and the VERSA Toolkit The The Charon Language and Toolkit The The Montana Toolkit STTR Phase I STTR Phase II

23 Hybrid Automata: Formalism for Hybrid System Models Continuous dynamics: Mathematical equation Differential equation x = 1 (dx/dt = 1): : constant increase x = x (dx/dt = x): : exponential increase ( (x = e ) t Algebraic equation y = sin(x) Invariant x >= -10 Discrete control: Finite State Machine State: dynamics x = 1, x x = -1, x x = x,, x x = -x, Transition: switching of dynamics x = 1 > 10) > > x x = -1 (x > 10)

24 CHARON Language Features Individual components described as agents Composition, instantiation, and hiding Individual behaviors described as modes Encapsulation, instantiation, and scoping Support for concurrency Shared variables as well as message passing Support for discrete and continuous behavior Differential as well as algebraic constraints Discrete transitions can call Java routines

25 Syntax: Modes and Agents t=10 local t, rate {t = 1} global level, infusion { level [2,10] } Compute e dx x de t:=0 de level [4,8] dx level [2,10] Emergency level infusion global level global infusion {level = f(infusion)} Maintain {t<10} dx de Normal Agent Controller Agent Tank Modes describe sequential behavior Agents describe concurrency

26 Charon toolset: visual editor

27 Charon toolset: visual editor

28 Charon toolset: control panel

29 Charon toolset: simulation

30 Charon toolset: simulation

31 Case Study Four-legged Robot: Architectural Input touch sensors Output desired angles of each joint Components Brain: control four legs Four legs: control servo motors Model Instantiated from the same pattern

32 Case Study Four-legged Robot: Behavioral Model Control objective v = c High-level control laws x& = v x stride / 2 y & = kv L1 v j1 x y&= kv x& = kv x stride / 2 L2 j2 y (x, y) Low-level control laws j j 1 2 x = arctan( x / y) arccos( x = arccos( y + L 2L L L + y 2L 2 2 ) L x y L )

Code Generation Framework Front-end Translate CHARON objects into modular C++ objects Back-end Map C++ objects to execution environment CHARON objects agent

33 Code Generation Framework Front-end Translate CHARON objects into modular C++ objects Back-end Map C++ objects to execution environment CHARON objects agent front-end C++ objects class agent back-end Execution environment scheduler Target platform mode diff eqn transition analog var class mode diff() trans() class var API

34 Outline Origins, Origins, Goals, Plans and Strategy ACSR ACSR and the VERSA Toolkit The The Charon Language and Toolkit The The Montana Toolkit STTR Phase I STTR Phase II

35 The Montana Toolkit Phase I Translation of restricted model to ACSR Schedulability analysis of threads General state space exploration Simulation Definition of Charon behavioral annex Simulation Generation of code from AADL AADL architecture Embedded Charon

36 The Montana Toolkit Phase II Robust interpretation of AADL in ACSR Model checking Schedulability analysis Equivalence preserving system refactoring Equivalence testing Simulation Complete behavioral annex based on Charon Property checking Simulation Analysis

37 Outline Origins, Origins, Goals, Plans and Strategy ACSR ACSR and the VERSA Toolkit The The Charon Language and Toolkit The The Montana Toolkit STTR Phase I STTR Phase II

38 Contacts Duncan Clarke Oleg Sokolsky AFOSR STTR AF04-T023 Program Director: Dr. Robert L. Herklotz Program Manager: Software and Systems Air Force Office of Scientific Research 4015 Wilson Blvd., Room 713 Arlington, VA (703) fax (703)

The AADL behavior annex - experiments and roadmap

The AADL behavior annex - experiments and roadmap R. B. França 1 J-P. Bodeveix 1 M. Filali 1 J-F. Rolland 1 D. Chemouil 2 D. Thomas 3 1 Institut de Recherche en Informatique de Toulouse Université Paul