soundness of the quasi synchronous abstraction
play

Soundness of the Quasi-Synchronous Abstraction Guillaume Baudart - PowerPoint PPT Presentation

Mar 30, 2024 •251 likes •1.21k views

Soundness of the Quasi-Synchronous Abstraction Guillaume Baudart Timothy Bourke Marc Pouzet cole normale suprieure, INRIA Paris, UPMC FMCAD16 Mountain View, 06-10-2016 Distributed Embedded Systems Distributed controllers for critical

  1. Soundness of the Quasi-Synchronous Abstraction Guillaume Baudart Timothy Bourke Marc Pouzet École normale supérieure, INRIA Paris, UPMC FMCAD’16 Mountain View, 06-10-2016

  2. Distributed Embedded Systems Distributed controllers for critical embedded systems sensor1 cmd1 Sensors FGS cmd Actuators sensor2 cmd2 Sensors FGS switch Transfer Switch Example: Flight Control System 
 Generate pitch and roll guidance commands 2 Example from [Miller et al. 2015]

  3. Distributed Embedded Systems Distributed controllers for critical embedded systems Two redundant Flight Guidance Systems 
 Only one active side (pilot side) sensor1 cmd1 Sensors FGS cmd Actuators sensor2 cmd2 Sensors FGS switch Transfer Switch Example: Flight Control System 
 Generate pitch and roll guidance commands 2 Example from [Miller et al. 2015]

  4. Distributed Embedded Systems Distributed controllers for critical embedded systems Two redundant Flight Guidance Systems 
 Only one active side (pilot side) sensor1 cmd1 Sensors FGS cmd Actuators sensor2 cmd2 Sensors FGS switch Transfer Switch Crew can switch from one to the other Example: Flight Control System 
 Generate pitch and roll guidance commands 2 Example from [Miller et al. 2015]

  5. Distributed Embedded Systems Distributed controllers for critical embedded systems Two redundant Flight Guidance Systems 
 Only one active side (pilot side) sensor1 cmd1 Sensors FGS cmd Actuators sensor2 cmd2 Sensors FGS switch Transfer Switch Crew can switch from one to the other Example: Flight Control System 
 Generate pitch and roll guidance commands 2 Example from [Miller et al. 2015]

  6. Distributed Embedded Systems Distributed controllers for critical embedded systems Two redundant Flight Guidance Systems 
 Only one active side (pilot side) sensor1 cmd1 Sensors FGS cmd Actuators sensor2 cmd2 Sensors FGS switch Transfer Switch The two modules must share Crew can switch from one to the other their state to avoid control glitch Example: Flight Control System 
 Generate pitch and roll guidance commands 2 Example from [Miller et al. 2015]

  7. Distributed Embedded Systems Distributed controllers for critical embedded systems Two redundant Flight Guidance Systems 
 Run embedded application... Only one active side (pilot side) sensor1 cmd1 Sensors FGS cmd Actuators sensor2 cmd2 Sensors FGS switch Transfer Switch The two modules must share Crew can switch from one to the other their state to avoid control glitch Example: Flight Control System 
 Generate pitch and roll guidance commands 2 Example from [Miller et al. 2015]

  8. Distributed Embedded Systems Distributed controllers for critical embedded systems Two redundant Flight Guidance Systems 
 Run embedded application... Only one active side (pilot side) ...on distributed architectures sensor1 cmd1 Sensors FGS cmd Actuators sensor2 cmd2 Sensors FGS switch Transfer Switch The two modules must share Crew can switch from one to the other their state to avoid control glitch Example: Flight Control System 
 Generate pitch and roll guidance commands 2 Example from [Miller et al. 2015]

  9. 
 
 Synchronous Real-Time Model For each process, activations are triggered by a local clock Execution: infinite sequence of activations For each process: known bounds for • the time between two activations. 
 0 ≤ T min ≤ κ i − κ i − 1 ≤ T max A B clock activations ( κ i ) i ∈ N Buffered communication without • message inversion or loss C D Bounded communication delay • 0 ≤ τ min ≤ τ ≤ τ max 3

  10. 
 
 Synchronous Real-Time Model For each process, activations are triggered by a local clock Execution: infinite sequence of activations For each process: known bounds for • the time between two activations. 
 0 ≤ T min ≤ κ i − κ i − 1 ≤ T max A B clock activations ( κ i ) i ∈ N Buffered communication without • message inversion or loss C D Bounded communication delay • 0 ≤ τ min ≤ τ ≤ τ max 3

  11. 
 
 Synchronous Real-Time Model For each process, activations are triggered by a local clock Execution: infinite sequence of activations For each process: known bounds for • the time between two activations. 
 0 ≤ T min ≤ κ i − κ i − 1 ≤ T max A B clock activations ( κ i ) i ∈ N Buffered communication without • message inversion or loss C D Bounded communication delay • 0 ≤ τ min ≤ τ ≤ τ max 3

  12. 
 
 Synchronous Real-Time Model For each process, activations are triggered by a local clock Execution: infinite sequence of activations For each process: known bounds for • the time between two activations. 
 0 ≤ T min ≤ κ i − κ i − 1 ≤ T max A B clock activations ( κ i ) i ∈ N Buffered communication without • message inversion or loss C D Bounded communication delay • 0 ≤ τ min ≤ τ ≤ τ max 3

  13. 
 
 Synchronous Real-Time Model For each process, activations are triggered by a local clock Execution: infinite sequence of activations For each process: known bounds for • the time between two activations. 
 0 ≤ T min ≤ κ i − κ i − 1 ≤ T max A B clock activations ( κ i ) i ∈ N Buffered communication without • message inversion or loss C D Bounded communication delay • 0 ≤ τ min ≤ τ ≤ τ max 3

  14. Overview VERIMAG UNITE MIXTE DE RECHERCHE Centre Equation 2 avenue de Vignate 38610 GIERES Tel. +33 4 76 63 48 48 Fax +33 4 76 63 48 50 Centre National de la Recherche Scientifique Universite Joseph Fourier Institut National Polytechnique de Grenoble Industrial practices observed at Airbus 4 [Caspi 2000]

  15. Overview VERIMAG UNITE MIXTE DE RECHERCHE Verification Centre Equation 2 avenue de Vignate 38610 GIERES Tel. +33 4 76 63 48 48 Fax +33 4 76 63 48 50 Verifying safety critical applications running on quasi-periodic architectures Quasi-Synchronous Abstraction Centre National de la Recherche Scientifique Universite Joseph Fourier Institut National Polytechnique de Grenoble Industrial practices observed at Airbus 4 [Caspi 2000]

  16. Overview VERIMAG UNITE MIXTE DE RECHERCHE ACSD'06 Verification Centre Equation 2 avenue de Vignate Verimag'08 38610 GIERES Tel. +33 4 76 63 48 48 Fax +33 4 76 63 48 50 DASC'14 Verifying safety critical applications Memocode'14 running on quasi-periodic architectures Memocode'15 Air Force'15 Quasi-Synchronous Abstraction Centre National de la Recherche Scientifique Universite Joseph Fourier Institut National Polytechnique de Grenoble Industrial practices observed at Airbus 4 [Caspi 2000]

  17. Overview VERIMAG UNITE MIXTE DE RECHERCHE ACSD'06 Verification Centre Equation 2 avenue de Vignate Verimag'08 38610 GIERES Tel. +33 4 76 63 48 48 Fax +33 4 76 63 48 50 DASC'14 Verifying safety critical applications Memocode'14 running on quasi-periodic architectures Memocode'15 Air Force'15 Quasi-Synchronous Abstraction Contributions Abstraction is not sound in general Give exact conditions of application Centre National de la Recherche Scientifique Universite Joseph Fourier Institut National Polytechnique de Grenoble Industrial practices observed at Airbus 4 [Caspi 2000]

  18. The Big Picture 0 < T min ≤ T A , T B ≤ T max Scheduler 0 < τ min ≤ τ A , τ B ≤ τ max c A c B T A T B τ A A B A B τ B A A B B Real-time Model (RT) Discrete-time Model (DT) 5

  19. The Big Picture 0 < T min ≤ T A , T B ≤ T max Scheduler 0 < τ min ≤ τ A , τ B ≤ τ max c A c B T A T B τ A A B A B τ B A A B B Real-time Model (RT) Discrete-time Model (DT) 5

  20. The Big Picture 0 < T min ≤ T A , T B ≤ T max Scheduler 0 < τ min ≤ τ A , τ B ≤ τ max c A c B T A T B τ A A B A B τ B A A B B Real-time Model (RT) Discrete-time Model (DT) l, RT | = ϕ DT | = ϕ . Soundness 5

  21. The Big Picture 0 < T min ≤ T A , T B ≤ T max Scheduler 0 < τ min ≤ τ A , τ B ≤ τ max c A c B T A T B τ A A B A B τ B A A B B Real-time Model (RT) Discrete-time Model (DT) l, RT | = ϕ DT | = ϕ . Soundness Why discretize? Verification in a simpler discrete-time model Use discrete-time model checking tools (Lesar-Verimag, Kind2-UIowa) [Halbwachs et al 1992] 5 [Hagen, Tinelli 2008]

  22. Abstracting Real Time 6

  23. Abstracting Real Time Abstracting execution time 6

  24. Abstracting Real Time Abstracting execution time τ exec τ send 6

  25. Abstracting Real Time Abstracting execution time τ exec τ send τ = τ exec + τ send 6

  26. Abstracting Real Time Abstracting execution time 6

  27. Abstracting Real Time Abstracting execution time 7

  28. Abstracting Real Time Abstracting execution time Abstracting communication 7

  29. Abstracting Real Time Abstracting execution time Abstracting communication 7

  30. Abstracting Real Time Abstracting execution time Abstracting communication 7

  31. Abstracting Real Time Problems: Abstracting execution time Abstracting communication • Lots of possible interleavings • T oo general 7

  32. Abstracting Real Time Problems: Abstracting execution time Abstracting communication • Lots of possible interleavings • T oo general Can we do better using real-time assumptions? 7

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

On the Soundness of Behavioural Abstraction in Hybrid Systems SIM@SYST.Level, 19 th of October,

On the Soundness of Behavioural Abstraction in Hybrid Systems SIM@SYST.Level, 19 th of October,

On the Soundness of Behavioural Abstraction in Hybrid Systems SIM@SYST.Level, 19 th of October, 2014, Cargse, France Simon Bliudze and Sbastien Furic Towards On the Soundness of Behavioural Abstraction in Hybrid Systems SIM@SYST.Level, 19

673 views • 40 slides
Abstraction Relaxing Synchronous Composition with Clock publics ou privs. recherche franais

Abstraction Relaxing Synchronous Composition with Clock publics ou privs. recherche franais

HAL Id: hal-00645333 scientifjques de niveau recherche, publis ou non, with Clock Abstraction. Hardware Design and Functional Languages Workshop, Mar 2009, York, Albert Cohen, Louis Mandel, Florence Plateau, Marc Pouzet. Relaxing Synchronous

490 views • 19 slides
ON THE COST OF TYPE-TAG SOUNDNESS Ben Greenman Zeina Migeed ON THE COST OF TYPE-TAG SOUNDNESS

ON THE COST OF TYPE-TAG SOUNDNESS Ben Greenman Zeina Migeed ON THE COST OF TYPE-TAG SOUNDNESS

ON THE COST OF TYPE-TAG SOUNDNESS Ben Greenman Zeina Migeed ON THE COST OF TYPE-TAG SOUNDNESS 1. Tag soundness 2. Performance cost of soundness 3. Evaluation method 4. Conclusions TYPE-TAG SOUNDNESS Type Soundness e : If

1.28k views • 64 slides
On 1 -soundness and Soundness of Workflow Nets Lu Ping, Hu Hao and L Jian Department of

On 1 -soundness and Soundness of Workflow Nets Lu Ping, Hu Hao and L Jian Department of

On 1 -soundness and Soundness of Workflow Nets Lu Ping, Hu Hao and L Jian Department of Computer Science Nanjing University luping@ics.nju.edu.cn, myou@ics.nju.edu.cn Contents Introduction to Workflow Nets Basic Properties of Workflow

558 views • 27 slides
Abstraction of Clocks in Synchronous Data-flow Systems A. Cohen 1 L. Mandel 2 F. Plateau 2 M.

Abstraction of Clocks in Synchronous Data-flow Systems A. Cohen 1 L. Mandel 2 F. Plateau 2 M.

Abstraction of Clocks in Synchronous Data-flow Systems A. Cohen 1 L. Mandel 2 F. Plateau 2 M. Pouzet 23 (1) INRIA Saclay - Ile-de-France, Orsay, France (2) LRI, Univ. Paris-Sud 11, Orsay, France and INRIA Saclay (3) Institut Universitaire de

504 views • 21 slides
Synchronous Grammars Synchronous grammars are a way of simultaneously generating pairs of

Synchronous Grammars Synchronous grammars are a way of simultaneously generating pairs of

Synchronous Grammars Synchronous grammars are a way of simultaneously generating pairs of recursively related strings Synchronous grammar w w Synchronous grammars were originally invented for programming language compilation

813 views • 65 slides
Point, Line, &amp; Plane 1 Abstraction Abstraction is the act of considering something as a

Point, Line, &amp; Plane 1 Abstraction Abstraction is the act of considering something as a

Point, Line, &amp; Plane 1 Abstraction Abstraction is the act of considering something as a general quality or characteristic, apart from concrete realities, specific objects, or actual instances. 2 Abstraction Abstraction is

478 views • 21 slides
Predicate Abstraction with SATABS Existential Abstraction Predicate Abstraction for Software

Predicate Abstraction with SATABS Existential Abstraction Predicate Abstraction for Software

Outline Introduction Predicate Abstraction with SATABS Existential Abstraction Predicate Abstraction for Software Counterexample-Guided Abstraction Refinement Computing Existential Abstractions of Programs Version 1.0, 2010 Checking the

429 views • 12 slides
The Modal Logic K Contents 1 Soundness and Completeness; Decidability 1 1.1 Soundness . . . .

The Modal Logic K Contents 1 Soundness and Completeness; Decidability 1 1.1 Soundness . . . .

The Modal Logic K Contents 1 Soundness and Completeness; Decidability 1 1.1 Soundness . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 1.2 Completeness: Proof idea . . . . . . . . . . . . . . . . . . . . . . 2 2

361 views • 3 slides
Data Abstraction Announcements Data Abstraction Data Abstraction Programmers Compound

Data Abstraction Announcements Data Abstraction Data Abstraction Programmers Compound

Data Abstraction Announcements Data Abstraction Data Abstraction Programmers Compound values combine other values together All A date: a year, a month, and a day A geographic position: latitude and longitude Data abstraction

430 views • 19 slides
Repetitive Synchronous Imitation A new tool for looking at timing Repetitive Synchronous

Repetitive Synchronous Imitation A new tool for looking at timing Repetitive Synchronous

Repetitive Synchronous Imitation A new tool for looking at timing Repetitive Synchronous Imitation (RSI) + Target Phrase Origins of RSI Language teaching: Swedish prosody to L2 learners Developed by Gabor Harrar, at the Finnish

242 views • 13 slides
Designs Chapter 11 Quasi-Experimentation Quasi-experiments resemble experiments, but lack

Designs Chapter 11 Quasi-Experimentation Quasi-experiments resemble experiments, but lack

Quasi-Experimental Designs Chapter 11 Quasi-Experimentation Quasi-experiments resemble experiments, but lack experimental control lack of random assignment is the key point of distinction between quasi- experiments and true

888 views • 31 slides
HW/SW Codesign w/ FPGAs Data Flow Modeling II ECE 522 Synchronous Data Flow Graphs Synchronous

HW/SW Codesign w/ FPGAs Data Flow Modeling II ECE 522 Synchronous Data Flow Graphs Synchronous

HW/SW Codesign w/ FPGAs Data Flow Modeling II ECE 522 Synchronous Data Flow Graphs Synchronous Data Flow (SDF) graphs refer to systems where the number of tokens consumed and produced per actor firing is fixed and constant The term synchronous

734 views • 17 slides
1 Asynchronous - Behavior Synchronous - Bit Level In a steady stream, interval between

1 Asynchronous - Behavior Synchronous - Bit Level In a steady stream, interval between

Asynchronous and Synchronous Transmission Timing problems require a mechanism to synchronize the transmitter and receiver Two solutions Asynchronous Chapter 6 Synchronous Digital Data Communications Transmission Errors:

848 views • 18 slides
1 quasi-newton in one variable: the secant method In a one dimensional problem, approximating the

1 quasi-newton in one variable: the secant method In a one dimensional problem, approximating the

QUASI-N E W TON MET HODS David F. Gleich February 29, 2012 Te material here is from Chapter 6 in No- Te idea behind Quasi-Newton methods is to make an optimization algorithm with cedal and Wright, and Section 12.3 in Griva, Sofer, and Nash.

56 views • 3 slides
The ``Synchronous The ``Synchronous Painter Painter Joaqun Joaqun Aguado guado

The ``Synchronous The ``Synchronous Painter Painter Joaqun Joaqun Aguado guado

The ``Synchronous The ``Synchronous Painter Painter Joaqun Joaqun Aguado guado University of Bamberg 3-Dec-2008 SYNCHRON08 . Idea Idea Rephrase causality analysis as a Graph Colouring Problem. Explain the step responses of

777 views • 36 slides
Sound and Quasi-Complete Detection of Infeasible Test Requirements Robin David S ebastien

Sound and Quasi-Complete Detection of Infeasible Test Requirements Robin David S ebastien

Sound and Quasi-Complete Detection of Infeasible Test Requirements Robin David S ebastien Bardin Micka el Delahaye Nickola Kosmatov 30 juillet 2015 Outline Introduction Overview Checking assertion validity Implementation

865 views • 42 slides
Dedekind Sums: A Geometric Viewpoint Matthias Beck San Francisco State University

Dedekind Sums: A Geometric Viewpoint Matthias Beck San Francisco State University

Dedekind Sums: A Geometric Viewpoint Matthias Beck San Francisco State University math.sfsu.edu/beck Ubi materia, ibi geometria. Johannes Kepler (1571-1630) Ubi number theory, ibi geometria. Variation on Johannes Kepler

1k views • 48 slides
Numerical Fourier analysis of quasiperiodic functions G. Gmez, 1 J.M. Mondelo 2 C. Sim 1 1

Numerical Fourier analysis of quasiperiodic functions G. Gmez, 1 J.M. Mondelo 2 C. Sim 1 1

Fourier analysis Numerical Fourier analysis of quasiperiodic functions G. Gmez, 1 J.M. Mondelo 2 C. Sim 1 1 Departament de Matemtica Aplicada i Anlisi, Universitat de Barcelona 2 Departament de Matemtiques, Universitat Autnoma de

993 views • 78 slides
GLM and GAMs Workshop By Aaron Greenville Stats model Distributions GLM and GLMM

GLM and GAMs Workshop By Aaron Greenville Stats model Distributions GLM and GLMM

GLM and GAMs Workshop By Aaron Greenville Stats model Distributions GLM and GLMM Over dispersion T emporal autocorrelation GAM and GAMM Random variables Spatial autocorrelation Stats model DETERMINISTIC

547 views • 27 slides
Well-quasi-orders in Logic Sylvain Schmitz Panhellenic Logic Symposium, June 29, 2019 1/18

Well-quasi-orders in Logic Sylvain Schmitz Panhellenic Logic Symposium, June 29, 2019 1/18

Well-Quasi-Orders Verification Proof Theory Finite Model Theory Database Theory Well-quasi-orders in Logic Sylvain Schmitz Panhellenic Logic Symposium, June 29, 2019 1/18 Well-Quasi-Orders Verification Proof Theory Finite Model Theory

811 views • 65 slides
and harmonic measure Stanislav Smirnov In part based on joint work with Kari Astala &amp; Istvn

and harmonic measure Stanislav Smirnov In part based on joint work with Kari Astala &amp; Istvn

Quasiconformal maps and harmonic measure Stanislav Smirnov In part based on joint work with Kari Astala &amp; Istvn Prause quasiconformal maps Def 1 eccentricity Def 2 measurable Riemann mapping theorem: (unique up to Mbius )

511 views • 28 slides
Quasi-Exact Tests for the dichotomous Rasch Model conditional independence (local

Quasi-Exact Tests for the dichotomous Rasch Model conditional independence (local

Introduction Rasch model Properties unidimensionality/homogenous items Quasi-Exact Tests for the dichotomous Rasch Model conditional independence (local independence) specific objectivity/sample independence Ingrid Koller, Vienna

520 views • 6 slides
Noetherian spaces and quantifier elimination Matthew de Brecht 1 CiNet, NICT, Osaka, Japan

Noetherian spaces and quantifier elimination Matthew de Brecht 1 CiNet, NICT, Osaka, Japan

Noetherian spaces and quantifier elimination Matthew de Brecht 1 CiNet, NICT, Osaka, Japan Dagstuhl Seminar: 2016, January 17 - 22 1 This work was supported by JSPS Core-to-Core Program, A. Advanced Research Networks and by JSPS KAKENHI Grant

239 views • 20 slides

More recommend