Early Time-Budgeting in Distributed Embedded Control Systems Manoj - - PowerPoint PPT Presentation

1 CMI Workshop: Making Formal Verification Scalable and Usable

Manoj Dixit 10th Jan 2013

Manoj noj G. Dixi xit, t,

Jointly with, Prof. . Palla lab Dasgupt pta, , IIT KGP and Dr. S. Ramesh, h, GM R&D

Early Time-Budgeting in Distributed Embedded Control Systems

2 CMI Workshop: Making Formal Verification Scalable and Usable

Manoj Dixit 10th Jan 2013

Ba Backgroun

• und

How to do a timing layout of entire system to meet end-to-end real-time requirements?



Moder dern embed bedded ed contro rol l syste tems ms are comp mpon

• nent

ent based sed and hav ave e larg rge e number mber of features tures



E.g. AUTOSAR based development



Safet ety y features tures have e stri rict ct real-ti time me end-to to-en end d requir quiremen ements



Many y compon

• nen

ents ts interac eract t toget ether her to meet t syste tem m level el requir quirements ements



Syst stem em is distrib stributed uted in natur ure

3 CMI Workshop: Making Formal Verification Scalable and Usable

Manoj Dixit 10th Jan 2013

Il Illustra ustrativ tive e Exa xample ple

Functional Specification Safety Requirement

4 CMI Workshop: Making Formal Verification Scalable and Usable

Manoj Dixit 10th Jan 2013

illu lustrativ strative e Exa xample mple

Functional Specification Safety Requirement

Standards/Statistical data Actual Implementation

Time Budgeting

5 CMI Workshop: Making Formal Verification Scalable and Usable

Manoj Dixit 10th Jan 2013

Emerging rging Challe allenges nges



Increasing reasing complex mplex features tures



Multi ltipl ple e func nction tions s in n a single e computa putati tional al uni nit, , e.g. . AU AUTOS OSAR R



More re comp mpon

• nen

ent sharing aring prom romot

• ted

ed by the smaller ller compon

• nen

ent size zes



Need ed for advance ance plann nning ing of resou source rces s for extens ensibili lity ty



This is leading to…

 Increasing real-time interdependencies between components

7 CMI Workshop: Making Formal Verification Scalable and Usable

Manoj Dixit 10th Jan 2013

Pr Prev evalent alent Ap Appr proache

• aches

How to budget time for each component is not clear



Ad Ad-ho hoc c estimat imates es about

• ut compon
• nen

ent resp sponse

• nse time

me



Arch chitectur ecture e explora

• rati

tion n to do comp mpone nent-task task mapping ping, comp mpone nent-ECU CU mappi ping ng etc.



On On fail ilur ure, e, diffic fficult t to trace ce the culp lprit rit comp mpone nent

8 CMI Workshop: Making Formal Verification Scalable and Usable

Manoj Dixit 10th Jan 2013

Our Pr Prop

• posal

sal



Earl rly y tim ime-budg budget eting ing for embed bedded ded control rol-system systems



Comp mpon

• nen

ent have e parame ametric tric timi ming ng requir quiremen ements



Use forma mal l specifi ecifica cation tion and analysis ysis method hodolog

• logy

y to gener erat ate e const stra raint nts s on para ramete meter r valua luations tions

9 CMI Workshop: Making Formal Verification Scalable and Usable

Manoj Dixit 10th Jan 2013

Parametric -time Specifications

Ex Example mple

Time-Budgeting: What values of x, y, w, z are good-enough?

Real-time Specifications

10 10 CMI Workshop: Making Formal Verification Scalable and Usable

Manoj Dixit 10th Jan 2013

In Indu dustrial strial relev levanc ance



Shi hift ft towar ards s earl rly y speci ecifi fica cation tion of timin ming g requir quiremen ements



Large component integration, multiple suppliers



Important to know, how a specific choice of timing specification for one component affects the other



AUTOSAR SAR meta a model del allow

• ws

s speci ecifyi fying ng timin ming g specifica ecificati tions ns at dif ifferen ferent levels els of softwa tware re hier erar archy chy – comp mpone nents ts to network

• rk



EAST-ADL and TIMMO2 provides higher level

• f abstractions for specifying functional and

product line requirements



Timing requirements are refined across different levels



Event models – periodic, sporadic etc.



Delay, synchronization constraints

Source: Autosar timing spec from http://www.autosar.org Source: TIMMO Methodology presentation by Stephan Kuntz, Continental Automotive GmbH, 2010

11 11 CMI Workshop: Making Formal Verification Scalable and Usable

Manoj Dixit 10th Jan 2013

The Pr Prob

• blem

lem

 We are

e given ven a set t of

• f features

tures and d th their r real al-time time requ quire irements ments

 We are

e given ven a set t of

• f com
• mpon
• nents

nts and d th their r param ramet etric ric-ti time me requirem irements ents for

• r

impl pleme menting nting th these feat atures ures

 Prop

• pos
• se

e Early ly sta tage ge Time me-Budge udgeting ting Meth thod

• dol
• log
• gy



Find constraints over parameter values



Design space exploration to select suitable valuation



Scalable

12 12 CMI Workshop: Making Formal Verification Scalable and Usable

Manoj Dixit 10th Jan 2013

Sc Scalab ability ility and d Usability bility Consid nsiderations erations -1



In pract ctic ice, , component ponent decomp mposi

• sitio

ions ns are hierarchic ical: l: DAG



Methodology aligned for hierarchical specifications



Large e decompo mpositi ition

• ns:

s:



Each feature component has 10s of requirements



Simultaneous budgeting does not seem to be scalable



Linear constraints are preferred



Requir iremen ents ts become me finer er and more comple plex x (or detaile led) d) as we move down the hierarchy archy



Handling ing large ge hierarchical archical decomp mposi

• sitio

ions ns:



Split component time-budgeting into smaller sub- problems and repeat



Compositional approach



DF-traversal with back-tracking takes care of component re-use case



Specialized lized methods ds to analyze requirement ments s patterns rns

13 13 CMI Workshop: Making Formal Verification Scalable and Usable

Manoj Dixit 10th Jan 2013

Ti Time-Budgeting Budgeting Sing ngle le Step

Formal Analyzer of Parametric Specs

Feature Requirements (known-timing) Component Requirements (unknown-timing) Formalized Feature Requirements (Real-time) Formalized Component Requirements (Parametric-time) Design Constraints Optimization Decisions Linear Constraints On Parameters

Constraint Optimizer Component Time- Budget Time Budgeting Algorithm

• Novelty : System level optimization

gets converted to constraint solving, scalability is much better this way Constraint Solving, Optimization: Well known New Algorithms

14 14 CMI Workshop: Making Formal Verification Scalable and Usable

Manoj Dixit 10th Jan 2013

Formali rmalizati zation n of Requ quireme irement nt Decomposition mposition



Requ quirem rements ents decom compositi position n step ep is formal alize zed as a collec ection tion of requir quirement ement decom

• mposi

position tion pai airs rs



f : feature ture requ quire rement ent and let g1, …, gk are compon

• nen

ent requ quiremen ements ts identi entified fied for f



(f, {g1, …, gk}) }) is a requirem quirement ent decom compos positi tion pair ir



Veri rification fication check: eck:



Informally: component requirements put-together should satisfy all feature requirements



We have the following reduction: Theorem: It is enough to analyze each pair separately, compute validity constraint. Any solution to conjoined constraint defines a suitable time-budget

15 15 CMI Workshop: Making Formal Verification Scalable and Usable

Manoj Dixit 10th Jan 2013

Formal rmal Sp Specific ification ation for r Requirem irements ents

 Parame

rametric tric Tempor

• ral

al Log

• gic

ic (PLTL) TL)



Extends well known Linear Temporal Logic



Semantics is defined by using a parameter valuation

is a Requirement Decomposition Pair

16 16 CMI Workshop: Making Formal Verification Scalable and Usable

Manoj Dixit 10th Jan 2013

Va Valid idity ity of a Requirem irement ent Decomposition mposition Pa Pair

The requirement decomposition pair is valid if and only if PLTL formula is valid.

Due to the parameters, this reduces to constraint computation

17 17 CMI Workshop: Making Formal Verification Scalable and Usable

Manoj Dixit 10th Jan 2013

Abstractly…

Give iven n a PLTL TL for

• rmula

ula φ, we want t to to f find nd th the representatio sentation n of

• f th

the sol

• lution

tion regi gion

• n in

th the for

• rm of
• f a con
• nstraint

traint

φ

x1

PLTL Formula Valid

Not Valid x2 x1

x2

Validity Region

18 18 CMI Workshop: Making Formal Verification Scalable and Usable

Manoj Dixit 10th Jan 2013

Sc Scalab ability ility and d Usability bility Consid nsiderations erations - 2



Scalable ble decisi sion

• n proced

cedur ures for PLTL



Emptiness, universality conditions for a formula



Closed form representation of validity region possibly using linear constraints



Constraint computation involves dealing with large search space to compute boundary



Pattern n specif ific ic scalable ble constrain traint t computat utatio ion n techniqu iques



Requirement decomposition pairs modeled using bounded- response pattern



Suitable for specifying end-to-end response



Developi

• ping

ng modelin ling g guideli eline nes s for

• r enhancing

cing the usabil ility ity



Model requirements at top level of hierarchy using bounded- response pattern



At lower level have more complex pattern



Whenever scalability issues are encountered in constraint computation, perform bounded-response based decomposition and then refine

Bounded-response pattern Model top requirements using bounded-response and then refine

CMI Workshop: Making Formal Verification Scalable and Usable Manoj Dixit 10th Jan 2013

Empt ptin iness, ss, Universalit ersality y and d Finiten niteness ss of V f Validit lidity y Regi gion

• n

+ + Unsu suit itabilit ability y of L f Linear near Predicate dicates s fo for Repr presentin esenting g Va Validit idity y Region ion

20 20 CMI Workshop: Making Formal Verification Scalable and Usable

Manoj Dixit 10th Jan 2013

Empti tiness, ness, Unive iversal rsality ity and d Finit niteness eness Prob

• blem

ems s



Defin fined ed paramet arameter er abstrac stracti tion operation eration for PLTL TL



Improv

• ved

ed Comp mplexi lexity

 Our complexity: Earlier:

21 21 CMI Workshop: Making Formal Verification Scalable and Usable

Manoj Dixit 10th Jan 2013

Unsu suitab itability ility of Li Linear ear pred edic icates ates



Nega gati tive ve resu sult lt



Earli rlier er kno nown n for a wid ider er class ss of PLTL TL formu mulae lae



We have e further ther restri stricted cted thi his to a subc bclass ass of PLTL TL



However.. all is not lost… many nice properties still fall in decidable fragment

CMI Workshop: Making Formal Verification Scalable and Usable Manoj Dixit 10th Jan 2013

Bo Bounded nded-Respons Response e Co Const strai raint nt Extraction traction Me Metho hod

23 23 CMI Workshop: Making Formal Verification Scalable and Usable

Manoj Dixit 10th Jan 2013

A S A Scalab able le Me Method hod for r a w wide dely ly used d Req equirem uirement ent Pa Patter tern



At hig igher her levels els most st of the requ quirem rements ents are e based on a specific pattern… bounded unded-respon response se



: Boolean ean formu mula la



: Boolean ean formu mula la



: Param amet eter er or const stant ant



We consi sider er vali lidity ity checks ecks of requ quirement ement decom composition

• sition pairs

irs usi sing ng this is patte tern rn

Bounded-response formula in PLTL

24 24 CMI Workshop: Making Formal Verification Scalable and Usable

Manoj Dixit 10th Jan 2013

Constraint nstraint Ext xtra raction ction Me Method hod



Reasoning over temporal formulae reduced to Boolean reasoning… hence scalable



And And-or

• r tree

e cons nstructed tructed from m formul mulae ae



We have defined a notion of an irreducible cover for Boolean formulae 

Assi sign n path th constraints traints



Final nal constrain traint: : conjunction junction/d /disjunction sjunction of path h constraints traints

25 25 CMI Workshop: Making Formal Verification Scalable and Usable

Manoj Dixit 10th Jan 2013

Exa xample: ple: Bo Bounded ded-Response esponse Tree ee

CMI Workshop: Making Formal Verification Scalable and Usable Manoj Dixit 10th Jan 2013

Co Corner er Poi

• int

nt Co Const strain raint t Extraction traction Me Method hod

27 27 CMI Workshop: Making Formal Verification Scalable and Usable

Manoj Dixit 10th Jan 2013

A G A Gener neral al Constraint nstraint Ext xtra raction tion Me Method hod for r PL PLTL



Sui uitable table for comp mplex lex tempora

• ral

l prop

• perti

erties es



We focus us on PLTL TL fragme gments ts and d their eir geometri metric c prop

• per

erties ties



PLTL TL Global bal fragme gment t is dow

• wnwar

nward-cl closed

• sed



Downward nward Closed sed Regio gion n hav ave e finite number

• f corner

er-points

• ints



Include Point-at-infinity



Constraint definition using Corner-Points

Downward Closure Property Corner Points

Monotonicity of PLTL operators

28 28 CMI Workshop: Making Formal Verification Scalable and Usable

Manoj Dixit 10th Jan 2013

Al Algo gorit rithm hm Overv rview iew



Prune une and Sear arch ch Approa roach ch



Find a corner point



Partition the further search 

Sear arch ch Step ep



Obtain a farthest useful valuation along diagonal starting from a base



Decide sub-set of parameters for which max limit is reached



Fix them and re-iterate till all parameters are over 

Prune une Step ep



Partition and identify the region(s) where no corner-point can lie



Adjust new base valuation so that those regions get ignored from later search



Repeat Search step recursively for them

Iteration 1 Iteration 2 Max limit for x1 reached New base

CMI Workshop: Making Formal Verification Scalable and Usable Manoj Dixit 10th Jan 2013

Demonst

• nstrat

ration ion of t f the he Meth thod

• dolog
• logy

30 30 CMI Workshop: Making Formal Verification Scalable and Usable

Manoj Dixit 10th Jan 2013

In Integra egrated ted Time-Budge Budgeting ting Me Methodology hodology



NuS uSMV for LTL L checks ecks



Yices ces for cons nstrai traint nt solv lving



Ecli lipse, pse, Jav ava

31 31 CMI Workshop: Making Formal Verification Scalable and Usable

Manoj Dixit 10th Jan 2013

Case se St Studi dies es



Adaptiv ive Cruis ise Control,

• l, Colli

lisi sion

• n Mitiga

gatio tion



120+ + feature ure and compone

• nent

nt prope pertie ties



100+ + add-on n constr straint ints s in the design n space explor

• ration

tion



Budgeting ting for 3 feature ure combinatio binations: ns: ACC only, , CM only and ACC-CM CM

Bounded-Response Algorithm Corner Point Algorithm

32 32 CMI Workshop: Making Formal Verification Scalable and Usable

Manoj Dixit 10th Jan 2013

So Some e Results sults

33 33 CMI Workshop: Making Formal Verification Scalable and Usable

Manoj Dixit 10th Jan 2013

Many Challenges still remain …



Validi idity y checkin cking g of para ramet eter er-free free PLTL TL formula ulae



Presence of large constants lead to scalability of model checkers 

More re scal alab able le decid ecidabili ability y algorit

• rithm

hms for PLTL TL



Seam amless less integr egration ation with th arch chitecture itecture explora loration tion phas ase e to align ign with ith existi sting ng develop evelopmen ent flow

34 34 CMI Workshop: Making Formal Verification Scalable and Usable

Manoj Dixit 10th Jan 2013

Su Summary ry



A Hier erar archic chical al Time me-Bud Budget eting ing Methodol thodolog

• gy



Integrates all of the below techniques 

Empti ptines ness, , Uni nivers versality ality and nd Finiten eness ess Problems

• blems for PLTL

TL



Non-triviality of the solution region 

Bound nded ed-Res Respo ponse nse Constra straint int Extra raction ction Method thod



A specially tuned method for a widely used requirements pattern 

Corn rner er Poin int t Constra straint t Extra racti ction n Method thod



Complex temporal relationships 

Case se Studi udies es



Tool framework and demonstration on automotive features ACC and CM

35 35 CMI Workshop: Making Formal Verification Scalable and Usable

Manoj Dixit 10th Jan 2013

Pu Public ications ations



Manoj

• j G. Dixi

xit, , Palla lab Dasg sgupta ta and S. Ramesh.

• esh. Taming

ing the Compon

• nen

ent t Timing: ng: A CBD D Method thodology logy for Real-ti time e Embedd bedded ed Syst stem

• ems. DATE

TE, , 1649-16 1652, 2, 2010



Manoj noj G. Dixi xit, , S. Ramesh esh and nd Pall llab ab Dasgup sgupta ta. . Some me Resu sult lts s on P n Para rametri metric c Temp mpora

• ral

l Logi gic. . Inform

• rmation

ation Proces cessing ing Lette ters rs, , 994-998 98, , 2011



Manoj

• j G. Dixi

xit, , S. Ramesh esh and Pall llab ab Dasgupt sgupta. . Para ramet etri ric Analysis ysis of Real-tim time e resp spon

• nse

se guar arant antee ees

• n interac

eracting ting softwa tware re compon

• nen

ents ts, World ld Intel ellectua lectual l Propert rty y Organiza anizati tion, n, WO/200 009/ 9/129 2908 089, , Int nterna ernati tional al Patent ent Ap Appl plica cation tion No: PCT/ T/US2009 US2009/0 /039837 837



Manoj

• j G. Dixi

xit, , S. Ramesh esh and Pall llab ab Dasgupt sgupta. . Time-bu budge dgeti ting: ng: A compon

• nen

ent based sed Methodol thodolog

• gy

y for Real-ti time e Embedd bedded ed Syst stem ems. . Accep epte ted, d, Form rmal al Aspects ects of Computing ting, Sprin ringer ger



Manoj noj G. Dixi xit, , S. Ramesh esh and nd Pallab lab Dasg sgupta pta, , Early rly Time me-bu budg dget eting g for Compo mponent ent based sed Embed bedded ed Contro trol l Syste tems, Under er Review ew, , ESWE WEEK K Worksh kshop

• p

36 36 CMI Workshop: Making Formal Verification Scalable and Usable

Manoj Dixit 10th Jan 2013

Refer ferences ences

CMI Workshop: Making Formal Verification Scalable and Usable Manoj Dixit 10th Jan 2013

Th Thank ank You

• u

38 38 CMI Workshop: Making Formal Verification Scalable and Usable

Manoj Dixit 10th Jan 2013

The relev evance ance



AUTOSAR SAR defin fines es a meta-mod model el for specif ecifyi ying ng compon

• nen

ent based sed distrib stributed uted syste tems ms in n automo

• moti

tive ve domain ain



Specifi ecifica cation tions s for compone

• nents,

ts, mid iddleware dleware and hig igher er level el prope

• perties

rties

Source: Autosar timing and VFBspecs from http://www.autosar.org