Modeling and Verification OUTLINE of Real Time Systems � A Brief Introduction • Historical remarks, what are the problems to solve � Untimed Systems • Transition systems, and composition • Basic model-checking algorithms: CTL and LTL � Timed Systems • Timed automata, and timed automata in UPPAAL • Verification problems Paul Pettersson and Wang Yi • What is inside UPPAAL Uppsala University • Zones and Symbolic verification � Further Topics • Optimal reachability analysis • Scheduling and Verification What is inside TIMES � • RT UML • Synchronous programming Main references (Papers) Main references (Books) Computation Tree Logics (CTL) � Model Checking � • Edmund M. Clarke, E. Allen Emerson, A. Prasad Sistla: Automatic Verification of Finite Edmund M. Clarke, Orna Grumberg and Doron A. Peled State Concurrent Systems Using Temporal Logic Specifications : A Practical � Design and Validation of Computer Protocols , G.J. Holzmann, Approach. POPL 1983: 117-126, also as ”Automatic Verification of Finite-State Concurrent Systems Using Temporal Logic Specifications. ACM Trans. Program. Lang. Syst. 8(2): 244- Prentice Hall 1991 (new book: The SPIN MODEL CHECKER Primer and Reference 263 (1986) ” Manual , 2003) � Linear Temporal Logic (LTL) � Concepts, Algorithms, and Tools for Model Checking, Joost-Pieter • Moshe Y. Vardi, Pierre Wolper: An Automata-Theoretic Approach to Automatic Katoen (draft book on the web) Program Verification (Preliminary Report). LICS 1986: 332-344. Also as ” Reasoning About Infinite Computations. Inf. Comput. 115(1): 1-37 (1994)” � Timed Systems (Timed Automata, TCTL) • Rajeev Alur, David L. Dill: Automata For Modeling Real-Time Systems . ICALP 1990: 322-335 also as ”A Theory of Timed Automata. Theor. Comput. Sci. 126(2): 183-235 (1994)” • Kim Guldstrand Larsen, Paul Pettersson, Wang Yi: UPPAAL in a Nutshell . STTT 1(1-2): 134-152 (1997) • Johan Bengtsson and Wang Yi: Timed Automata – Semantics, Algorithms and Tools , a tutorial on timed automata (a book chapter in Rozenberg et al, 2004, LNCS). Main Goal UPPAAL: www.uppaal.com � What is inside the tools � developed jointly by Uppsala university and Aalorg university • UPPAAL • TIMES � UPPsala + AALborg = UPPAAL • SWEDEN + DENMARK = SWEDEN • SWEDEN + DENMARK = DENMARK
TIMES: www.timestool.com � developed by Uppsala University Modeling and Verification Lecture 1 � TIMES = a Tool for Modeling and Implemenation of a brief introduction Embedded Systems What does this program do? History: how the dream started 35 years ago (Partial correctness) � Program verification, Hoare logic: {P} program {Q} [Floyd 1967, Hoare 1969] � It computes the greatest common divisor (An example from Pierre Wolper: what does this program do?) (gcd) of x1 and x2 and you can prove it start [Floyd 67]: y1;y2:=x1,x2 • Initially Y stop � x1>0, x2>0 y1==y2 print(y1) • At each iteration of the loop: N � y1>0, y2>0, gcd(x1,x2) = gcd(y1,y2) y1>y2 N Y • When done � y1=gcd(x1,x2) y1:=y1-y2 y2:=y2-y1 One more example (from Pierre Wolper) What this program does? (Partial correctness) (Total correctness) Function foo(n :integer): integer start x1>0, x2>0 begin y1,y2:=x1,x2 if n==1 then 1 y1>0, y2>0, gcd(y1,y2)=gcd(x1,x2) Y stop y1==y2 else if even(n) then foo(n/2) print(y1) N else foo(3*n+1) y1>y2 N Y end y1:=y1-y2 y2:=y2-y1 Does this program terminate for any n? (WCET?)
History: Model checking for reative systems invented in Reality: 10 years later (1980) the early 80s [Pnueli 77, Clarke et al 83, POPL83, Sifakis et al 82] � Temporal logics/verification, Model ╞ φ ( mainly in US) � The majority of programs are never proven • nonterminination, control-intensive, less data • Finite state systems [ABP ca 140 states, 1984] correct! what went wrong? � (Infinite state systems, a hot topic right now) • Difficult to find and prove invariants: • BDD-based symbolic technique [Bryant 86] • SMV 1990 Clarke, McMillan et al, state-space 10 20 (Hardware) � partial correctness • Many followers e.g SPIN, COSPAN ... were developed • Difficult to prove termination: • ... total correctness (theoretically impossible) � � Concurrency theory (mainly in Europe) • Difficult to write complete specifications: � what I really want? • CCS, CSP (”hundreds of” process equivalences) � What to do? • Petri Nets • (In)Finite Automata • Start another research program! In 20 years, the problems will be • Specification languages etc solved, hopefully • ... History: Model checking for real time Reality 35 years later (2004) systems, started in the 80s � Many extensions and improvements have been • Timed automata, timed process algebras proposed, various tools exist: (non-)commercial [Alur&Dill 1990, I was also doing this] • Kronos, Hytech, 1993-1995 � Good complete specifications are still hard to obtain • TAB, 1993, UPPAAL 1995, TIMES 2002 � However this is not a real problem ! Reality 35 years later (2004) Traditional software development � Checking simple properties (e.g. Is a program deadlock free?) is already extremely useful! Problem The Waterfall Model � The goal is no longer seen as proving that a system is completely, Area Analysis absolutely and undoutedly correct (bug-free) Design � The objective is to have tools that can help a developer find errors Implementation and gain confidence in her design. That is achievable � Now widely used in hardware design, protocol design, embedded Testing systems... Running System
Software development: the future Software development: the future Problem Problem Area Area Analysis Modelling and verification Analysis Modelling and verification Design Design Implementation Implementation Automatic Automatic Code generation Code generation Testing Testing Running Running System System Software development Software Development : the Future Problem Area Components Analysis Modelling and verification Design Test case generation Design/modelling Implementation Automatic Code generation Error? Testing Verification Running Test case System generation Production Testing Traditional software development S W E I V E R Problem The Waterfall Model Model Checking Area Analysis S Design W in a Nutshell (why and how) E I Implementation V E R Testing ♦ Errors are detected late or never: Running 30-50% of time for testing System ♦ Errors detected: the late the more expensive
Introducing, Detecting and Correcting errors Finding errors as early as possible! HOW? Reachable? Reachable? (bug?) (bug?) Example: Petersson’s algorithm An ’abstract’ version of a fieled bus protocol turn, flag1, flag2: shared variable � Process 1 � Process 2 � Loop � Loop � flag2:=1; turn:=1 � flag1:=1; turn:=2 � While (flag1 and turn=1) wait � While (flag2 and � CS2 turn=2) wait � flag2:=0 � CS1 � End loop � flag1:=0 � End loop Question: no more than one process run in CS? Example: Fischer’s Protocol Example: the Vikings Problem Real time scheduling 8 UNSAFE SAFE � ´ Mines V Criticial Section X<100 X:=0 X>100 5 10 25 20 Init V := 1 V=1 A1 B1 CS1 V=1 What is the fastest time What is the fastest time At most 2 At most 2 for getting all vikings on for getting all vikings on Torch Can they make crossing at a time Can they make the crossing at a time the Y<100 Y:=0 Y>100 it within 60 minutes ? safe side ? Need torch it within 60 minutes ? V := 2 V=2 safe side ? Need torch B2 CS2 A2
How do we know they all work? Performance Estimation in H/S Co-Design � Alternating bit protocol •A program P which contains modules/blocks P1, P2, ..., Pn � Sliding window protocol Micro-processor •Improve the performance by 50% using Hardware for some of the Pi’s � Leader selection algorithm •What is the optimal partition ? � Start-up synchronization protocols � TTCAN, TTP � ... ... Hardware Hardware Circuit 1 Circuits m This is an optimal reachability problem ! UPPAAL = UPP sala + AAL borg A tool set for modelling and verification of real-time systems Tools for modelling and verification developed jointly by Uppsala and Aalborg University Applications System Model A No! SMV SPIN COSPAN CESAR MONA UPPAAL KRONOS Hyteck vUML network of timed automata Debugging Information VisualSTATE Statemate TAU Rhapsody ... ... UPPAAL HOL PVS NP-tool ALF ... ... Yes Question Q Debugging Information (Requirement) Semantics Logic Algorithmic Prototypes • Concurrency Theory • Temporal Logic • (Timed) Automata Theory • Abstract Interpretation Executable Code • Modal Logic • Graph Theory • Compositionality • MSOL • BDDs TIMES will do this for you! • Models for real-time • • Polyhedra Manipulation & hybrid systems • • • • Modeling = programming+abstraction Program as State Machine ! M ODELING y! a Output x Input How to construct Model ? ports a? ports y b X! b? Control states
Recommend
More recommend
