The Montana Toolset: Formal Analysis of AADL Specifications

Similar documents
The AADL behavior annex - experiments and roadmap

Seamless Model Driven Development and Tool Support for Embedded Software-Intensive Systems

Formal Methods in Software Engineering

A Timed CTL Model Checker for Real-Time Maude

ESE 601: Hybrid Systems. Instructor: Agung Julius Teaching assistant: Ali Ahmadzadeh

A Brief Introduction to Model Checking

Logic Model Checking

Formal Verification of Mobile Network Protocols

Embedded Systems 2. REVIEW: Actor models. A system is a function that accepts an input signal and yields an output signal.

Alan Bundy. Automated Reasoning LTL Model Checking

An Introduction to Hybrid Systems Modeling

ECEN 651: Microprogrammed Control of Digital Systems Department of Electrical and Computer Engineering Texas A&M University

Business Process Management

Abstractions and Decision Procedures for Effective Software Model Checking

Safety-Critical Medical Device Development Using the UPP2SF Model

Model Checking. Boris Feigin March 9, University College London

Outline F eria AADL behavior 1/ 78

The Discrete EVent System specification (DEVS) formalism

Algebraic Trace Theory

An Automotive Case Study ERTSS 2016

Stochastic, Hybrid and Real-Time Systems: From Foundations To Applications with Modest

The State Explosion Problem

Algebraic Trace Theory

Andrew Morton University of Waterloo Canada

EMBEDDED SYSTEMS WILLIAM C. ROUNDS AND HOSUNG SONG

Embedded Systems 5. Synchronous Composition. Lee/Seshia Section 6.2

Lecture 4. Applications

An introduction to Uppaal and Timed Automata MVP5 1

Using Timed Input/Output Automata for Implementing Distributed Systems

Multicore Semantics and Programming

Timo Latvala. March 7, 2004

The Underlying Semantics of Transition Systems

7. Queueing Systems. 8. Petri nets vs. State Automata

A Compositional Approach to Bisimulation of Arenas of Finite State Machines

Partial model checking via abstract interpretation

Modelling Real-Time Systems. Henrik Ejersbo Jensen Aalborg University

Generating Linear Temporal Logic Formulas for Pattern-Based Specifications

Timed Automata VINO 2011

Real-Time Software Transactional Memory: Contention Managers, Time Bounds, and Implementations

Software Verification

Special Nodes for Interface

Supporting Intra-Task Parallelism in Real- Time Multiprocessor Systems José Fonseca

Bounded Retransmission in Event-B CSP: a Case Study

On simulations and bisimulations of general flow systems

Verification of Hybrid Systems with Ariadne

From CCS to Hybrid π via baby steps. Bill Rounds CSE, U of Michigan

Formal Verification. Lecture 1: Introduction to Model Checking and Temporal Logic¹

Compiling Techniques

Varieties of Stochastic Calculi

A GENERIC FORMAL SPECIFICATION OF FU- SION OF MODALITIES IN A MULTIMODAL HCI

NCS Lecture 11 Distributed Computation for Cooperative Control. Richard M. Murray (Caltech) and Erik Klavins (U. Washington) 17 March 2008

Distributed Semantics and Implementation for Systems with Interaction and Priority

Meta-reasoning in the concurrent logical framework CLF

One Year Later. Iliano Cervesato. ITT Industries, NRL Washington, DC. MSR 3.0:

Agent-Based HOL Reasoning 1

Theoretical Foundations of the UML

Trace Refinement of π-calculus Processes

Modal and Temporal Logics

Semantic Equivalences and the. Verification of Infinite-State Systems 1 c 2004 Richard Mayr

Verifying Temporal Properties of Reactive Systems: A STeP Tutorial *

Temporal Logic. Stavros Tripakis University of California, Berkeley. We have designed a system. We want to check that it is correct.

Methods for Software Verification. Andrea Corradini Gian Luigi Ferrari. Second Semester 6 CFU

Multiprocessor Scheduling of Age Constraint Processes

Introduction to mcrl2

A Reconfigurable Quantum Computer

THEORY OF SYSTEMS MODELING AND ANALYSIS. Henny Sipma Stanford University. Master class Washington University at St Louis November 16, 2006

Model-based engineering of embedded systems using the hybrid process algebra Chi

Time and Schedulability Analysis of Stateflow Models

TTA and PALS: Formally Verified Design Patterns for Distributed Cyber-Physical

Recent results on Timed Systems

Quantum computing with superconducting qubits Towards useful applications

Embedded Systems Development

Marwan Burelle. Parallel and Concurrent Programming. Introduction and Foundation

Process Algebras and Concurrent Systems

Operational Semantics

Introduction to process algebra

Scalable and Accurate Verification of Data Flow Systems. Cesare Tinelli The University of Iowa

Formal Analysis of UML/OCL Models

Hybrid Systems Modeling, Analysis and Control

Heterogenous Parallel Computing with Ada Tasking

A Formal Model of Clock Domain Crossing and Automated Verification of Time-Triggered Hardware

UML modeling for INF5150

Automata-theoretic analysis of hybrid systems

Chapter 1 Introduction

Defining and validating the behavior of component interfaces in navigation software

EE291E Lecture Notes 3 Autonomous Hybrid Automata

Design of Distributed Systems Melinda Tóth, Zoltán Horváth

Co-simulation of embedded systems: a PVS-Simulink integrated environment

Overview. 1 Lecture 1: Introduction. 2 Lecture 2: Message Sequence Charts. Joost-Pieter Katoen Theoretical Foundations of the UML 1/32

Technical report bds:00-21

Classes and conversions

Computability and Complexity

Object Modeling Approach! Object Modeling Approach!

A framework for simulation and symbolic state space analysis of non-markovian models

The Algebra of Connectors Structuring Interaction in BIP

Verification of Polynomial Interrupt Timed Automata

Decomposition of planning for multi-agent systems under LTL specifications

Abstracting real-valued parameters in parameterised boolean equation systems

Plasma: A new SMC Checker. Axel Legay. In collaboration with L. Traonouez and S. Sedwards.

Complex Systems Design & Distributed Calculus and Coordination

Transcription:

Fremont Associates Process Project QA The Montana Toolset: Formal Analysis of AADL Specifications SAE AS-2 2 Working Group Seal Beach, California 27 January 2005

Outline Origins, Origins, Goals, Plans and Strategy ACSR ACSR and the VERSA Toolkit The The Charon Language and Toolkit The The Montana Toolkit STTR Phase I STTR Phase II

Origins STTR STTR AF04-T023 Modeling Languages and Analysis Tools for Complex Distributed Systems OBJECTIVE: Develop language and computational tool support for modeling and analyzing complex distributed system designs and integrate these methods to build distributed systems.

Origins AADL Language, Eclipse tools, OSATE, EMF ACSR: Algebra of Communicating Shared Resources Real-Time Resources VERSA tool support Charon Hybrid state machines Charon tool support

Goals, Plans and Strategy STTR Phase I Proof of Concept Translation; Annex Prototype Small case studies for demo STTR Phase II Primary R&D Tools Design and Development Methodology Proselytize Phase III Make the world a better place

Goals Plans and Strategy Phase Phase I Eclipse, Osate,, EMF Custom developed interface layer plug-ins C++ Implementation of VERSA Charon

Goals Plans and Strategy Phase Phase II Eclipse,? (AADL front-end), EMF Custom developed analysis plug-ins Fresh implementation of VERSA Interface to special purpose analysis engines CADP, CADP, Spin PVSPVS Books, tutorials, advocacy to support methodology

Outline Origins, Origins, Goals, Plans and Strategy ACSR ACSR and the VERSA Toolkit The The Charon Language and Toolkit The The Montana Toolkit STTR Phase I STTR Phase II

ACSR and the VERSA Toolkit ACSR: ACSR: Algebra of Communicating Shared Resources Process Algebra Real-time Timed Timed Actions Timeouts Interrupts Resources Priorities

ACSR and the VERSA Toolkit Events: (e,p).p( e,p).p,, ('e,p).p e,p).p,, (τ,p).p( Timed Actions: {(r1,p1),(r2,p2), }:P Choice: P1 + P2 Parallel Composition: P1 P2 Temporal Scope: P t a Miscellaneous operators ( P, P, P e t i )

ACSR and the VERSA Toolkit TBB = (in,1).tbb1; TBB1 = (in,1).tbb2 + (out,2).tbb; TBB2 = (out,2).tbb1; (in,1) TBB1 (in,1) TBB (out,2) (out,2) TBB2

ACSR and the VERSA Toolkit SYS = (OBBL OBBR)\{sync}; OBBL = (in,1).(sync,3).obbl; OBBR = ('sync,3).(out,2).obbr; OBBL (in,1) (sync,3) OBBL OBBR ( sync,3) (out,2) OBBR \sync

ACSR and the VERSA Toolkit OBBL (in,1) (sync,3) OBBL OBBR ( sync,3) (out,2) OBBR \sync (in,1) OBBL OBBR (out,2) (τ,6) OBBL OBBR (in,1) OBBL OBBR (out,2) OBBL OBBR

ACSR and the VERSA Toolkit {(r1,1),(r3,5)} {(r2,8),(r4,0)} {(r1,1),(r2,8),(r3,5),(r4,0)} {(r1,1),(r3,5)} (τ,1) (τ,1)

ACSR and the VERSA Toolkit {(r1,1),(r2,5)} {(r2,8),(r4,0)} X

ACSR and the VERSA Toolkit UtilityUtility State space exploration Equivalence testing VERSA: VERSA: Verification Execution and Rewrite System for ACSR Syntax checking State space construction State space exploration Equivalence testing Term rewriting

ACSR and the VERSA Toolkit UtilityUtility Traditional Schedulability Analysis Schedulability Analysis for Arbitrary Systems

Translating AADL to ACSR Threads Threads are modeled as ACSR processes Based on thread semantic automaton Processors and access connections are modeled as resources Event Event and data connections are modeled as communication channels

Example: Cruise Control Standard Standard example (from OSATE release) + auxiliary processes for bookkeeping

Example: Cruise Control Processor and connection bindings determine resources Scheduling protocol determines priorities Periodic processes have activators Scheduling_Protocol => EDF Dispatch_Protocol => periodic

ACSR and the VERSA Toolkit Eclipse + OSATE + EMF + Translator + VERSA + reinterpretation of results in AADL = Schedulability analysis for threads

Outline Origins, Origins, Goals, Plans and Strategy ACSR ACSR and the VERSA Toolkit The The Charon Language and Toolkit The The Montana Toolkit STTR Phase I STTR Phase II

Hybrid Automata: Formalism for Hybrid System Models Continuous dynamics: Mathematical equation Differential equation x = 1 (dx/dt = 1): : constant increase x = x (dx/dt = x): : exponential increase ( (x = e ) t Algebraic equation y = sin(x) Invariant x >= -10 Discrete control: Finite State Machine State: dynamics x = 1, x x = -1, x x = x,, x x = -x, Transition: switching of dynamics x = 1 > 10) > > x x = -1 (x > 10)

CHARON Language Features Individual components described as agents Composition, instantiation, and hiding Individual behaviors described as modes Encapsulation, instantiation, and scoping Support for concurrency Shared variables as well as message passing Support for discrete and continuous behavior Differential as well as algebraic constraints Discrete transitions can call Java routines

Syntax: Modes and Agents t=10 local t, rate {t = 1} global level, infusion { level [2,10] } Compute e dx x de t:=0 de level [4,8] dx level [2,10] Emergency level infusion global level global infusion {level = f(infusion)} Maintain {t<10} dx de Normal Agent Controller Agent Tank Modes describe sequential behavior Agents describe concurrency

Charon toolset: visual editor

Charon toolset: visual editor

Charon toolset: control panel

Charon toolset: simulation

Charon toolset: simulation

Case Study Four-legged Robot: Architectural Input touch sensors Output desired angles of each joint Components Brain: control four legs Four legs: control servo motors Model Instantiated from the same pattern

Case Study Four-legged Robot: Behavioral Model Control objective v = c High-level control laws x& = v x stride / 2 y & = kv L1 v j1 x y&= kv x& = kv x stride / 2 L2 j2 y (x, y) Low-level control laws j j 1 2 x = arctan( x / y) arccos( x = arccos( 2 2 + y + L 2L L 1 2 1 2 2 L + y 2L 2 2 ) 1 2 + L x 2 2 1 + y L 2 2 2 )

Code Generation Framework Front-end Translate CHARON objects into modular C++ objects Back-end Map C++ objects to execution environment CHARON objects agent front-end C++ objects class agent back-end Execution environment scheduler Target platform mode diff eqn transition analog var class mode diff() trans() class var API

Outline Origins, Origins, Goals, Plans and Strategy ACSR ACSR and the VERSA Toolkit The The Charon Language and Toolkit The The Montana Toolkit STTR Phase I STTR Phase II

The Montana Toolkit Phase I Translation of restricted model to ACSR Schedulability analysis of threads General state space exploration Simulation Definition of Charon behavioral annex Simulation Generation of code from AADL AADL architecture Embedded Charon

The Montana Toolkit Phase II Robust interpretation of AADL in ACSR Model checking Schedulability analysis Equivalence preserving system refactoring Equivalence testing Simulation Complete behavioral annex based on Charon Property checking Simulation Analysis

Outline Origins, Origins, Goals, Plans and Strategy ACSR ACSR and the VERSA Toolkit The The Charon Language and Toolkit The The Montana Toolkit STTR Phase I STTR Phase II

Contacts Duncan Clarke http://www.fremontassociates.com dclarke@fremontassociates.com Oleg Sokolsky http://www.cis.upenn.edu/ www.cis.upenn.edu/~sokolsky sokolsky@cis.upenn.edu AFOSR STTR AF04-T023 Program Director: Dr. Robert L. Herklotz Program Manager: Software and Systems Air Force Office of Scientific Research 4015 Wilson Blvd., Room 713 Arlington, VA 22203-1954 email- robert.herklotz@afosr.af.mil (703) 696-6565 6565 fax (703) 696-8450

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback