University of Paderborn Software Engineering Group Mechatronic systems of the future will be … Incremental Case Study: New Railway � networked, University of Technology Paderborn Paderborn � hard real-time, Design and Formal � safety-critical, A shuttle system that builds convoys Verification with UML/RT in � embedded, and to optimize the energy consumption: � will contain safety-critical maneuvers the FUJABA Real-Time complex software. Tool Suite How to ensure Sven Burmester, Holger Giese , correctness? A shuttle system that builds convoys Martin Hirsch, and Daniela Schilling to optimize the energy consumption: Software Engineering Group University of Paderborn safety-critical maneuvers Warburger Str. 100 D-33098 Paderborn, Germany [ burmi|hg|mahirsch|das ]@upb.de Incremental Design and Formal Verification with UML/RT in the FUJABA Real-Time Tool Suite 11.10.2004 2 Holger Giese University of Paderborn University of Paderborn Software Engineering Group Software Engineering Group I. UML/RT Subset Verify UML models with Real-Time Model checking: limited today due to two main obstacles: S2 S1 (1) state explosion � restricted model size frontRole frontRole frontRole frontRole frontRole frontRole rearRole rearRole rearRole rearRole rearRole rearRole frontRole frontRole frontRole frontRole frontRole frontRole rearRole rearRole rearRole rearRole rearRole rearRole (2) batch style model checking vs. iterative design process :Shuttle :Shuttle :Shuttle :Shuttle :Shuttle :Shuttle :Shuttle :Shuttle :Shuttle :Shuttle :Shuttle :Shuttle � incremental design and verification with UML/RT statechart (FUJABA Real-Time Tool Suite) statechart statechart OCL OCL statechart statechart statechart statechart Distance Distance Distance Distance Distance Distance Coordination Coordination Coordination Coordination Coordination Coordination Underlying techniques (Outline): Elements: Elements: Elements: Elements: Elements: Elements: Pattern (Distance Coordination): I. Restrict approach to a UML/RT subset • Components • Components • Components • Components • Components • Components � Model: Statecharts for roles and connector II. compositional reasoning [ESEC03] • Ports • Ports • Ports • Ports • Ports OCL � Specification: required OCL RT properties • Connectors • Connectors • Connectors • Connectors III. mapping of the UML/RT subset to HUppaal Components (Shuttles): • Patterns • Patterns • Patterns � Model: Statecharts for ports (refined roles) and synchronization IV. incremental checking of modified submodels • Roles • Roles � Specification: local OCL constraints Incremental Design and Formal Verification with UML/RT in the FUJABA Real-Time Tool Suite 11.10.2004 3 Incremental Design and Formal Verification with UML/RT in the FUJABA Real-Time Tool Suite 11.10.2004 4 Holger Giese Holger Giese 1
University of Paderborn University of Paderborn Software Engineering Group Software Engineering Group Real-Time Statecharts II. Compositional Reasoning RT @ PIM: Pattern Specification & Verification Add Clocks � (s. TA) Example: rearRole frontRole � No collision for convoys � resets � guards Roles: statechart � invariants � Interface statechart statechart � Deadline � RT Statechart intervals � Invariants Distance FrontRole.convoy ⇒ for each RearRole.convoy Coordination ⇒ CanBrakeFully ¬ CanBrakeFully transition Pattern: Set of roles � Becomes later part Automatic code of the invariants ψ j of � Connector Automatic code synthesis later the components synthesis later � Properties ensures that the φ = AG ¬ (RearRole.convoy ∧ FrontRole.noConvoy) ensures that the specified real- specified real- Modelchecking: time properties time properties M RearRole || M FrontRole || M Connector Ö φ ∧ ¬δ are guaranteed are guaranteed Incremental Design and Formal Verification with UML/RT in the FUJABA Real-Time Tool Suite 11.10.2004 5 Incremental Design and Formal Verification with UML/RT in the FUJABA Real-Time Tool Suite 11.10.2004 6 Holger Giese Holger Giese University of Paderborn University of Paderborn Software Engineering Group Software Engineering Group Component Design & Verification After Composition? rearRole frontRole frontRole rearRole :Distance frontRole rearRole frontRole rearRole statechart Coordination :Shuttle :Distance :Shuttle :Shuttle statechart statechart Distance Coordination Coordination Distance Distance Distance Coordination Coordination Coordination statechart refining statechart statechart ψ = combination of all role invariants Behavior: Theorem (in [ESEC03]): Theorem (in [ESEC03]): � Port statecharts which refine the related role protocols � A synchronization statechart which coordinates all realized roles All systems build of verified components that All systems build of verified components that � Iterations until appropriate component behavior has been found cooperate only via verified patterns via correctly cooperate only via verified patterns via correctly Model checking: M RearPort || M FrontPort || M Synchronisation Ö ψ ∧ ¬δ refined pattern roles (= syntactical correct refined pattern roles (= syntactical correct composition) will behave correctly . composition) will behave correctly . with ψ =(RearPort.convoy ⇒ CanBrakeFully) ∧ (FrontPort.convoy ⇒ ¬ CanBrakeFully) Incremental Design and Formal Verification with UML/RT in the FUJABA Real-Time Tool Suite 11.10.2004 7 Incremental Design and Formal Verification with UML/RT in the FUJABA Real-Time Tool Suite 11.10.2004 8 Holger Giese Holger Giese 2
University of Paderborn University of Paderborn Software Engineering Group Software Engineering Group RTSC � ExHTA III. Mapping ( RTSC � ExHTA � HTA ) Incremental Design and Formal Verification with UML/RT in the FUJABA Real-Time Tool Suite 11.10.2004 9 Incremental Design and Formal Verification with UML/RT in the FUJABA Real-Time Tool Suite 11.10.2004 10 Holger Giese Holger Giese University of Paderborn University of Paderborn Software Engineering Group Software Engineering Group ExHTA � HTA: Priorities Asynchronous Messages & History Incremental Design and Formal Verification with UML/RT in the FUJABA Real-Time Tool Suite 11.10.2004 11 Incremental Design and Formal Verification with UML/RT in the FUJABA Real-Time Tool Suite 11.10.2004 12 Holger Giese Holger Giese 3
University of Paderborn University of Paderborn Software Engineering Group Software Engineering Group Abstract form Methods … Mapping Process Compositional reasoning: � Pattern mapping (closed model): � Map role statecharts � Map connector � Parallel composition � Component Mapping (open model) � Map port statecharts � special treatment of external events ( � closed model) � Map synchronization statechart � Parallel composition Also other submodels … Remark: Currently no OCL Mapping � TCTL is used Incremental Design and Formal Verification with UML/RT in the FUJABA Real-Time Tool Suite 11.10.2004 13 Incremental Design and Formal Verification with UML/RT in the FUJABA Real-Time Tool Suite 11.10.2004 14 Holger Giese Holger Giese University of Paderborn University of Paderborn Software Engineering Group Software Engineering Group IV. Incremental Design & Verification Conclusion � Sufficient UML/RT subset (mechatronic control) � Consistency Management detects updates � Compositional Verification with Patterns & Components � Model Checking of modified parts (background) � Automatic mapping of UML/RT models to HUPPAAL � Consistency management for properties � Modes: � true, � false, � incremental and iterative design and verification � unsafe (not up-to-date) Current Work � Other model checking back ends (RAVEN) � Hybrid UML models (presented on FSE04) Future Work .de www. � Counter examples visualization Incremental Design and Formal Verification with UML/RT in the FUJABA Real-Time Tool Suite 11.10.2004 15 Incremental Design and Formal Verification with UML/RT in the FUJABA Real-Time Tool Suite 11.10.2004 16 Holger Giese Holger Giese 4
Recommend
More recommend
