timing analysis of embedded systems using model checking
play

Timing Analysis of Embedded Systems using Model Checking Vallabh R. - PowerPoint PPT Presentation

Dec 29, 2022 •132 likes •399 views

Timing Analysis of Embedded Systems using Model Checking Vallabh R. Anwikar and Purandar Bhaduri Dept. of Computer Science & Engineering IIT Guwahati, India pbhaduri@iitg.ernet.in 18th International Conference on Real-Time and Network

  1. Timing Analysis of Embedded Systems using Model Checking Vallabh R. Anwikar and Purandar Bhaduri Dept. of Computer Science & Engineering IIT Guwahati, India pbhaduri@iitg.ernet.in 18th International Conference on Real-Time and Network Systems Toulouse, France November 4-5, 2010 V.R. Anwikar & P. Bhaduri (IIT Guwahati) Timing Analysis using Model Checking RTNS 2010 1 / 26

  2. Outline 1 Introduction 2 Background: Timed Automata 3 Model of Preemptable Tasks 4 Explicit-Time Model Checking 5 Conclusion V.R. Anwikar & P. Bhaduri (IIT Guwahati) Timing Analysis using Model Checking RTNS 2010 2 / 26

  3. Introduction Embedded control systems are often distributed with a shared bus for communication. automotive aerospace Distributed real-time embedded systems Tasks run on processors, communicate through messages. Tasks: Fixed priority preemptive scheduling. Messages: Bus access protocol ( e.g. , FPNPS, TDMA, etc. ). Accurate timing analysis a challenging task. V.R. Anwikar & P. Bhaduri (IIT Guwahati) Timing Analysis using Model Checking RTNS 2010 3 / 26

  4. Timing Analysis Existing approaches Extensions of Classical Schedulability Theory 1 Holistic Scheduling SymTA/S Real-Time Calculus 2 Model Checking 3 The first two approaches are too approximate and therefore pessimistic. Timed Automata Suffer from state space explosion. Cannot model preemption accurately. Goal: Test the limits of timed automata based analysis using: A novel approach due to Waszniowski et al. , 2005 to approximately model preemption in timed automata. A generalized task model for preemptable tasks. V.R. Anwikar & P. Bhaduri (IIT Guwahati) Timing Analysis using Model Checking RTNS 2010 4 / 26

  5. Related Work Modeling preemption accurately requires stopwatches. Reachability for stopwatch automata is undecidable. [Krc´ al et al. , 2004] Preemption in timed automata with approximation: Method proposed by Madl et al. , 2009 Approximates stopwatch automata using timed automata. Discretizes clocks by introducing ’checkpoints’ to store execution time before preemption. Constructs a generalized task model implementing the approach in the Dream Tool. Method proposed by Waszniowski et al. , 2005 Approximates the clock value by nearest lower and upper integers. No generalized task model as in case of Madl et al. V.R. Anwikar & P. Bhaduri (IIT Guwahati) Timing Analysis using Model Checking RTNS 2010 5 / 26

  6. Related Work (cont.) – More Recent Approaches Uppaal 4.1 [David et al. , 2010] has added stopwatches, with a zone based approximation algorithm for reachability. Approach using Calendar Automata and discrete time by Rajeev et al. , 2010. V.R. Anwikar & P. Bhaduri (IIT Guwahati) Timing Analysis using Model Checking RTNS 2010 6 / 26

  7. Contribution Constructed a generalized task model based on Waszniowski’s method. Performed case studies applying this method. Compared with method proposed in Dream in terms of time taken. Experimented with explicit-time approach for timing analysis. Compared explicit-time results with implicit-time results. V.R. Anwikar & P. Bhaduri (IIT Guwahati) Timing Analysis using Model Checking RTNS 2010 7 / 26

  8. Timed Automata (Alur et al. , 1994) Timed Automaton : A timed automaton over set of actions Act and set of clocks C is a tuple � L , l 0 , E , I , V � where L is a finite set of locations l 0 is the initial location E ⊆ L × Ψ ( C ) × Act × 2 C × L is the set of edges. When g , a , r ′ � ∈ E , we write l ′ � l , g , a , r , l − → l I : L − → Ψ ( C ) is a function which assigns a clock constraint called invariant to a location V : L → 2 AP is a a function which for each location assigns a set of atomic propositions that hold in the location Timed Automaton Example y >= 3 y:=0 y<=10 y<=5 x:=0 x<=8 y >= 4 && x >= 6 V.R. Anwikar & P. Bhaduri (IIT Guwahati) Timing Analysis using Model Checking RTNS 2010 8 / 26

  9. Uppaal Tool Tool for modeling, validation and verification of real-time systems modeled as networks of timed automata. Timed automata are extended with bounded integers, arrays etc. Real valued clock variables are used for measuring time. Supports communication using synchronization and shared variables. Uppaal Example B 0 A 0 y <= 4 a? a! y >= 4 a? y >= 4 i = i + 1 a! i = i + 1 y= 0 y= 0 a? y >= 4 i = i + 1 a! B B A A 1 2 y= 0 1 2 y <= 4 y <= 4 V.R. Anwikar & P. Bhaduri (IIT Guwahati) Timing Analysis using Model Checking RTNS 2010 9 / 26

  10. Timed Automata Models used in Verification TA model for a distributed real-time system includes: Scheduler model Preemptable task model Message model V.R. Anwikar & P. Bhaduri (IIT Guwahati) Timing Analysis using Model Checking RTNS 2010 10 / 26

  11. Scheduler Model (Madl et al. , 2009) For fixed priority preemptive scheduling. Task1 has higher priority than Task2. Scheduler Model in Uppaal Task1 is released by U ! P C _ t m p e C timer 1 while Task2 is e P r en[1] timer_1? r u n Preempt t a s k 1 ! released by the !en[1] && !en[2] finishtask1? U en[2] && !en[1] completion of Task3 Schedule r u Runtask1 n Idle t a s k 2 finishtask3? ! The guard en[1] indicates f n i i s h t a s k 2 t ? i m that Task1 is enabled. e r _ 1 ? Runtask2 Whenever a higher priority task is scheduled, the Preempt signal is broadcast V.R. Anwikar & P. Bhaduri (IIT Guwahati) Timing Analysis using Model Checking RTNS 2010 11 / 26

  12. Preemptable Task Model Approximates the elapsed execution Preemptable Task Model in Uppaal time by using Init a bisection (lc+uc)/2 <= t && lc < t algorithm to && uc > t && (uc−lc) > 1 t >= bcet1 && t <= wcet1 && t= 0 p_buf <= buf_limit obtain: lc = (lc + uc)/2 bcet1 = bcet finishtask! wcet1 = wcet p_buf−−, (lc+uc)/2 >= t && lc < t runtask? nearest && uc > t && (uc−lc) > 1 t=0 uc = (lc + uc)/2 Preempt_CPU! lower C t < wcet1 lc = 0 run integer uc = wcet1 lc==t uc = lc bound lc , lc < && uc > t runtask? && (uc−lc) <= 1 lc = uc and t= 0 p_buf > buf_limit uc==t nearest C C upper bcet1 = bcet1 > uc ? bcet1 − uc : 0 wcet1 = wcet1 − lc, PreemptWait error t = 0 integer bound uc . V.R. Anwikar & P. Bhaduri (IIT Guwahati) Timing Analysis using Model Checking RTNS 2010 12 / 26

  13. Over-approximation in Handling Preemption (Waszniowski et al. , 2005) Clock value c is approximated to closest upper and lower integers uc and lc BCET new := BCET − uc WCET new := WCET − lc BCET new ≤ BCET Real WCET new ≥ WCET Real Real behavior ⊆ Modeled behavior V.R. Anwikar & P. Bhaduri (IIT Guwahati) Timing Analysis using Model Checking RTNS 2010 13 / 26

  14. Message Model Message Model in Uppaal init Model of messages in the system. Execution time represents transmission finishtask? cd=0 time of message. t>=bcet finishmsg! wait Non-preemptive, i.e. , higher priority ce=0 en[i]=0 ce=0 message waits for lower priority runmsg? cd=0 message on the bus. run cd > dl ce<=wcet Clocks cd and ce model deadline and transmission time of the message. cd > dl C error V.R. Anwikar & P. Bhaduri (IIT Guwahati) Timing Analysis using Model Checking RTNS 2010 14 / 26

  15. Case Study 2 Using Uppaal Application containing CAN bus (di Natale et al. , 2007) ECU2 O14 8 O15 2 6 8 2 15 T1 m4 m2 T3 T3 O16 6 O17 2 14 40 T6 T8 m7 O19 O18 8 2 6 2 2 30 T11 T9 T13 m10 m12 ECU1 ECU3 CAN V.R. Anwikar & P. Bhaduri (IIT Guwahati) Timing Analysis using Model Checking RTNS 2010 15 / 26

  16. Application containing CAN bus Time taken by a message to reach an actuator from a sensor is called the end-to-end latency . Important design parameter and has to be within a certain limit . Multiple active chains in the system. Preemptive scheduling for tasks mapped on the ECUs, and Non-preemptive for messages Array of clocks used for modeling each active chain. Problem faced with the Dream tool. V.R. Anwikar & P. Bhaduri (IIT Guwahati) Timing Analysis using Model Checking RTNS 2010 16 / 26

  17. Results for Case Study 2: CAN Bus Application Traditional methods considers blocking of lower priority tasks by higher priority tasks ( critical instant ): in reality such scenario may never occur in the system. Model checking is more accurate Explores each and every execution path of the system. Chain Uppaal Real -Time Calculus O 14 − O 15 28 32 O 16 − O 17 50 60 O 18 − O 19 110 210 Table: Worst case latencies of three task chains V.R. Anwikar & P. Bhaduri (IIT Guwahati) Timing Analysis using Model Checking RTNS 2010 17 / 26

  18. Implicit-Time and Explicit-Time Model Checking Implicit-Time Approach Formalisms are extended with time e.g. , Timed automata, Timed Petri Nets LTL, CTL need extension for handling timed automata specific properties Specialized data structures representing clock variables e.g. , Differences Bounded Matrices. V.R. Anwikar & P. Bhaduri (IIT Guwahati) Timing Analysis using Model Checking RTNS 2010 18 / 26

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

EECS 388: Embedded Systems 10. Timing Analysis Heechul Yun 1 Agenda Execution time analysis

EECS 388: Embedded Systems 10. Timing Analysis Heechul Yun 1 Agenda Execution time analysis

EECS 388: Embedded Systems 10. Timing Analysis Heechul Yun 1 Agenda Execution time analysis Static timing analysis Measurement based timing analysis 2 Execution Time Analysis Will my brake-by-wire system actuate the brakes

1.31k views • 37 slides
UPPAAL Model Checking, Performance Analysis and Testing of Real Time Systems Kim G. Larsen CISS

UPPAAL Model Checking, Performance Analysis and Testing of Real Time Systems Kim G. Larsen CISS

UPPAAL Model Checking, Performance Analysis and Testing of Real Time Systems Kim G. Larsen CISS Aalborg University DENMARK CISS Center For Embedded Software Systems Regional ICT Center (2002- ) 3 research groups

536 views • 49 slides
SMT-Based Bounded Model Checking for Embedded ANSI-C Software for Embedded ANSI-C Software

SMT-Based Bounded Model Checking for Embedded ANSI-C Software for Embedded ANSI-C Software

SMT-Based Bounded Model Checking for Embedded ANSI-C Software for Embedded ANSI-C Software Lucas Cordeiro, Bernd Fischer, Joao Marques-Silva b.fischer@ecs.soton.ac.uk Bounded Model Checking (BMC) Basic Idea: check negation of given property

957 views • 33 slides
Directed Model Checking (not only) for Timed Automata Sebastian Kupferschmid March, 2010 Model

Directed Model Checking (not only) for Timed Automata Sebastian Kupferschmid March, 2010 Model

Directed Model Checking (not only) for Timed Automata Sebastian Kupferschmid March, 2010 Model Checking Motivation Embedded Systems Omnipresent Safety relevant systems Pentium bug Ariane 5 Errors can be extremely harmful Correct

837 views • 67 slides
Using CPAL to model and validate the timing behaviour of embedded systems Sebastian Altmeyer,

Using CPAL to model and validate the timing behaviour of embedded systems Sebastian Altmeyer,

Using CPAL to model and validate the timing behaviour of embedded systems Sebastian Altmeyer, Nicolas Navet, Lo c Fejoz FMTV Challenge - WATERS 2015 - Lund Cyber Physical Action Language (CPAL) C-like intuitive language (with automata

750 views • 12 slides
CANAL: A Cache Timing Analysis Framework via LLVM Transformation Chungha Sung | Brandon Paulsen |

CANAL: A Cache Timing Analysis Framework via LLVM Transformation Chungha Sung | Brandon Paulsen |

ASE 2018 CANAL: A Cache Timing Analysis Framework via LLVM Transformation Chungha Sung | Brandon Paulsen | Chao Wang Software verification &amp; analysis Checking Functional Model properties Checking Ex) Abstract assert(x &gt; 1);

638 views • 24 slides
Hoare Logic and Model Checking 1. You should be able to model simple systems in NuSMV, an LTL

Hoare Logic and Model Checking 1. You should be able to model simple systems in NuSMV, an LTL

Hoare Logic and Model Checking 1. You should be able to model simple systems in NuSMV, an LTL Other interesting books: Model Checking by Clarke, Grumberg, and Peled Principles of Model Checking by Baier and Katoen 3 Course

636 views • 11 slides
Modeling and Analyzing Concurrent Systems using Model Checking Robert B. France 1 What is

Modeling and Analyzing Concurrent Systems using Model Checking Robert B. France 1 What is

Modeling and Analyzing Concurrent Systems using Model Checking Robert B. France 1 What is Model Checking? Model checking is an automated technique that, given a finite-state model of a system and a logical property , systematically

484 views • 36 slides
1 How are embedded systems different Timing and Concurrency than traditional software? Fire

1 How are embedded systems different Timing and Concurrency than traditional software? Fire

What is an Embedded System? Definition of an embedded computer system: Embedded Systems is a digital system. Introduction uses a microprocessor (usually). runs software for some or all of its functions. frequently used as a

158 views • 3 slides
Model Checking in Systems Biology s Brim and Milan ska and David Lubo Ce Safr

Model Checking in Systems Biology s Brim and Milan ska and David Lubo Ce Safr

Model Checking in Systems Biology s Brim and Milan ska and David Lubo Ce Safr anek Masaryk University Czech Republic SFM 2013 1/150 Outline Introduction 1 LTL Model Checking 2 Parallel LTL Model Checking 3 Discrete

2.18k views • 199 slides
Model Checking Finite State Finite State Model Checking Finite State Systems

Model Checking Finite State Finite State Model Checking Finite State Systems

Model Checking Finite State Finite State Model Checking Finite State Systems Informationsteknologi System Description A No! Debugging Information TOOL TOOL Yes, Requirement F Prototypes C T L Executable Code Test sequences Tools:

637 views • 34 slides
A Compact and Accurate Timing Macro Model for Efficient Hierarchical Timing Analysis Pei-Yu Lee ,

A Compact and Accurate Timing Macro Model for Efficient Hierarchical Timing Analysis Pei-Yu Lee ,

A Compact and Accurate Timing Macro Model for Efficient Hierarchical Timing Analysis Pei-Yu Lee , Iris Hui-Ru Jiang, Ting-You Yang National Chiao Tung University Outline Introduction Problem Formulation Proposed Algorithm

807 views • 36 slides
Bifrst Visualizing and Checking Behavior of Embedded Systems across Hardware and Software

Bifrst Visualizing and Checking Behavior of Embedded Systems across Hardware and Software

Bifrst Visualizing and Checking Behavior of Embedded Systems across Hardware and Software Will McGrath wmcgrath@stanford.edu Jeremy Warner jeremy.warner@berkeley.edu e M bedded G ateway C loud [MGC] embedded gateway cloud 2 e M

1.17k views • 60 slides
Model Checking Game System Model Reqs + Init States (undesired/desired states) Param. Ranges

Model Checking Game System Model Reqs + Init States (undesired/desired states) Param. Ranges

Automatic Verification of Embedded Automatic Verification of Embedded Systems Systems Enrico Tronci Dipartimento di Informatica Universit di Roma La Sapienza WIRTES 2007 Pisa, Italy July 2, 2007 Enrico Tronci 1 WIRTES 2007

654 views • 17 slides
Lecture 5. Symbolic model checking. NuSMV and SPIN model checkers. User-friendly model checking

Lecture 5. Symbolic model checking. NuSMV and SPIN model checkers. User-friendly model checking

Lecture 5. Symbolic model checking. NuSMV and SPIN model checkers. User-friendly model checking ELEC-E8110 Automation Systems Synthesis and Analysis Igor Buzhinsky igor.buzhinskii@aalto.fi 2018 Igor Buzhinsky Lecture 5 2018 1 / 28 Symbolic

833 views • 61 slides
Statistical Statistical Statistical Model Statistical Model Model Checking Model Checking

Statistical Statistical Statistical Model Statistical Model Model Checking Model Checking

Statistical Statistical Statistical Model Statistical Model Model Checking Model Checking Checking Checking for Timed Automata Timed Automata Coll C l C ll b llabora orators: t ors: Peter Bulychev, Alexandre David Axel Legay, Marius

725 views • 59 slides
Mitigating Software Instrumentation Cache Effects in Measurement-Based Timing Analysis 1 Enrique

Mitigating Software Instrumentation Cache Effects in Measurement-Based Timing Analysis 1 Enrique

Mitigating Software Instrumentation Cache Effects in Measurement-Based Timing Analysis 1 Enrique Daz 1,2 , Jaume Abella 2 , Enrico Mezzetti 2 , 4 Irune Agirre 3 , Mikel Azkarate-Askasua 3 , 2 Tullio Vardanega 4 , Francisco J. Cazorla 2,5 5 3

545 views • 25 slides
Last Time Response time analysis Blocking terms Priority inversion And solutions

Last Time Response time analysis Blocking terms Priority inversion And solutions

Last Time Response time analysis Blocking terms Priority inversion And solutions Release jitter Release jitter Other extensions Today Timing analysis Answers a question we commonly ask: At most long can this

749 views • 25 slides
THE SEN2AGRI THE SEN2AGRI SYSTEM DATABASE SYSTEM DATABASE WHO? WHO? Laureniu Nicola, CS

THE SEN2AGRI THE SEN2AGRI SYSTEM DATABASE SYSTEM DATABASE WHO? WHO? Laureniu Nicola, CS

THE SEN2AGRI THE SEN2AGRI SYSTEM DATABASE SYSTEM DATABASE WHO? WHO? Laureniu Nicola, CS Romania Sentinel-2 for Agriculture developer laurentiu.nicola@c-s.ro lnicola@c-s.ro , http://forum.esa-sen2agri.org/ WHAT? WHAT? We'll cover the

643 views • 24 slides
Temporal Alignment os 1 ohlen 1 Johann Gamper 2 Anton Dign Michael H. B 1 University of Z

Temporal Alignment os 1 ohlen 1 Johann Gamper 2 Anton Dign Michael H. B 1 University of Z

Temporal Alignment os 1 ohlen 1 Johann Gamper 2 Anton Dign Michael H. B 1 University of Z urich, Switzerland 2 Free University of Bozen-Bolzano, Italy SIGMOD 2012 May 24, 2012 - Scottsdale, Arizona, USA Outline Goal and Problem

630 views • 39 slides
VHDL Design flow General design flow steps Design entry Register Transfer Level (RTL)

VHDL Design flow General design flow steps Design entry Register Transfer Level (RTL)

VHDL Design flow General design flow steps Design entry Register Transfer Level (RTL) description of design (schematic or HDL) Design Entry Synthesis Checks code syntax, converts abstract form of desired circuit behavior

240 views • 4 slides
Timing Analysis of Linux-Based CAN-to-CAN Gateway Michal Sojka Czech Technical University in

Timing Analysis of Linux-Based CAN-to-CAN Gateway Michal Sojka Czech Technical University in

Timing Analysis of Linux-Based CAN-to-CAN Gateway Michal Sojka Czech Technical University in Prague Faculty of Electrical Engineering sojkam1@fel.cvut.cz February 3, 2011 Center for Applied Cybernetics Embedded Systems Colloquium Michal

602 views • 21 slides
Nobuyuki Kawai and Yoshikazu Kanai (Tokyo Tech) On behalf of Fermi/LAT Collaboration Motivation

Nobuyuki Kawai and Yoshikazu Kanai (Tokyo Tech) On behalf of Fermi/LAT Collaboration Motivation

X-ray Observations of New Gamma-ray Pulsars Discovered by Fermi LAT Nobuyuki Kawai and Yoshikazu Kanai (Tokyo Tech) On behalf of Fermi/LAT Collaboration Motivation - Fermi LAT detected 55 pulsars including 24 new ones - X-ray observations are

207 views • 16 slides
Pyramid: Machine Learning Framework to Estimate the Optimal Timing and Resource Usage of a

Pyramid: Machine Learning Framework to Estimate the Optimal Timing and Resource Usage of a

Pyramid: Machine Learning Framework to Estimate the Optimal Timing and Resource Usage of a High-Level Synthesis Design Hosein Mohamamdi Makrani, Farnoud Farahmand, Hossein Sayadi, Sara, Bondi, Sai Manoj PD, Houman Homayoun, And Setareh

511 views • 16 slides

More recommend