Verification Verification, Performance Performance Analysis - PowerPoint PPT Presentation

Leader Election Leader Election (1,1) (1,0) 2 1 (0,0) (0,0) 0 3 (1,1) AVACS PhD AVACS PhD School, Oldenburgh, March School, Oldenburgh, March 2010 2010 Kim Larsen [30] Kim Larsen [30]

Leader Election Leader Election (0,1) (0,1) 2 1 (0,0) (0,0) 0 3 (0,2) AVACS PhD AVACS PhD School, Oldenburgh, March School, Oldenburgh, March 2010 2010 Kim Larsen [31] Kim Larsen [31]

Variable timeout Variable timeout hops timeout timer 2 2 1 0 time AVACS PhD AVACS PhD School, Oldenburgh, March School, Oldenburgh, March 2010 2010 Kim Larsen [32] Kim Larsen [32]

Leader Election Leader Election Claim to be Claim to be verified verified Correct leader is known at a node i after t(i) = Δ TO + Δ TDELAY + d i · Δ MDELAY ( ) TO TDELAY i MDELAY A A model checking problem model checking problem IMP ² ▫ >t(i) l(i)=L(i) IMP ² l(i) L(i) for all i. AVACS PhD AVACS PhD School, Oldenburgh, March School, Oldenburgh, March 2010 2010 33 33

Modelling (RT) protocols Modelling (RT) protocols Users All, P Protocol stacks l k Thanks for the spec. It seems to run fine. As expected, it's 2 or 3 orders of magnitude Medium faster than TLC. I'm wondering if your algorithms could be used for checking specs written in a hi h higher level language l l l like TLA+. AVACS PhD AVACS PhD School, Oldenburgh, March School, Oldenburgh, March 2010 2010 Kim Larsen [34] Kim Larsen [34]

Modelling the Modelling the election protocol election protocol 0 1 P Per process dist i : N leader i : Node 2 timeout i : N i Message Message src: Node dst: Node leader: Node hopss: N AVACS PhD AVACS PhD School, Oldenburgh, March School, Oldenburgh, March 2010 2010 Kim Larsen [35] Kim Larsen [35]

Global Declaration Global Declaration AVACS PhD AVACS PhD School, Oldenburgh, March School, Oldenburgh, March 2010 2010 Kim Larsen [36] Kim Larsen [36]

Message Message AVACS PhD AVACS PhD School, Oldenburgh, March School, Oldenburgh, March 2010 2010 Kim Larsen [37] Kim Larsen [37]

Node[id] Node[id] AVACS PhD AVACS PhD School, Oldenburgh, March School, Oldenburgh, March 2010 2010 Kim Larsen [38] Kim Larsen [38]

Local Declarations (Node[id]) Local Declarations (Node[id]) AVACS PhD AVACS PhD School, Oldenburgh, March School, Oldenburgh, March 2010 2010 Kim Larsen [39] Kim Larsen [39]

Demo Demo AVACS PhD AVACS PhD School, Oldenburgh, March School, Oldenburgh, March 2010 2010 Kim Larsen [40] Kim Larsen [40]

Optimisations Optimisations  Reducin Reducing the number of active variables g  If variable is never used until next reset, then the value does not matter.  Symmetry Symmetry of message processes Symmetry of message processes Symmetry  The message processes are symmetric: It does not matter which is used to transfer a does not matter which is used to transfer a message. AVACS PhD AVACS PhD School, Oldenburgh, March School, Oldenburgh, March 2010 2010 41 41

Priced Priced Timed Priced Priced Timed Timed Timed Automata Automata Automata Automata

Task Graph Scheduling Task Graph Scheduling – Revisited Revisited Compute : B C D (D * ( C * ( A + B )) + (( A + B ) + ( C * D )) 1 2 A * + + using 2 processors using 2 processors P2 (slow) P1 (fast) 4 3 * * + + C C + + 2ps 5ps * * 3ps 7ps 5 5 6 6 Idle Idle Idle Idle 1oW 1oW * * + 20W 20W D ENERGY: In use In use 90W 30W 5 10 15 20 25 P1 P1 5 5 4 4 6 6 1 1 3 3 P2 2 time AVACS PhD AVACS PhD School, Oldenburgh, March School, Oldenburgh, March 2010 2010 Kim Larsen [43] Kim Larsen [43]

Task Graph Scheduling Task Graph Scheduling – Revisited Revisited Compute : B C D (D * ( C * ( A + B )) + (( A + B ) + ( C * D )) 1 2 A * + + using 2 processors using 2 processors P2 (slow) P1 (fast) 4 3 * * + + C C + + 2ps 5ps * * 3ps 7ps 5 5 6 6 Idle Idle Idle Idle 10W 10W * * + 20W 20W D ENERGY: In use In use 90W 30W 5 10 15 20 25 P1 P1 4 4 1 1 3 3 P2 2 5 6 time AVACS PhD AVACS PhD School, Oldenburgh, March School, Oldenburgh, March 2010 2010 Kim Larsen [44] Kim Larsen [44]

Task Graph Scheduling Task Graph Scheduling – Revisited Revisited Compute : B C D (D * ( C * ( A + B )) + (( A + B ) + ( C * D )) 1 A 2 * + + using 2 processors using 2 processors P2 (slow) P1 (fast) 4 3 * * + + C C + + 2ps 5ps * * 3ps 7ps 5 5 6 6 Idle Idle Idle Idle 10W 10W * * + 20W 20W D ENERGY: In use In use 90W 30W 5 10 15 20 25 P1 P1 4 4 1 1 3 3 P2 2 5 6 time AVACS PhD AVACS PhD School, Oldenburgh, March School, Oldenburgh, March 2010 2010 Kim Larsen [45] Kim Larsen [45]

A simple example A simple example AVACS PhD AVACS PhD School, Oldenburgh, March School, Oldenburgh, March 2010 2010 Kim Larsen [46] Kim Larsen [46]

A simple example A simple example Q : What is cheapest cost for reaching ? AVACS PhD AVACS PhD School, Oldenburgh, March School, Oldenburgh, March 2010 2010 Kim Larsen [47] Kim Larsen [47]

A simple example A simple example THM [Behrmann, Fehnker ..01] [Alur,Torre,Pappas 01] Optimal reachability is decidable for PTA THM [Bouyer, Brojaue, Briuere, Raskin 07] Optimal reachability is PSPACE-complete for PTA Q : What is cheapest cost for reaching ? AVACS PhD AVACS PhD School, Oldenburgh, March School, Oldenburgh, March 2010 2010 Kim Larsen [48] Kim Larsen [48]

Priced Zones Priced Zones [CAV01] [CAV01] A zone Z : 1 ≤ x ≤ 2 Æ 0 ≤ y ≤ 2 Æ x - y ≥ 0 x - y ≥ 0 A cost function C A cost function C C(x,y)= 2 · x - 1 · y + 3 AVACS PhD AVACS PhD School, Oldenburgh, March School, Oldenburgh, March 2010 2010 Kim Larsen [49] Kim Larsen [49]

Priced Zones – Reset Priced Zones [CAV01] [CAV01] A zone Z : 1 ≤ x ≤ 2 Æ Z [x=0] : 0 ≤ y ≤ 2 Æ x 0 Æ x=0 Æ x - y ≥ 0 x - y ≥ 0 0 ≤ y ≤ 2 C = 1 · y + 3 1 y + 3 A cost function C A cost function C C C(x,y) = 2 · x - 1 · y + 3 C = -1 · y + 5 AVACS PhD AVACS PhD School, Oldenburgh, March School, Oldenburgh, March 2010 2010 Kim Larsen [50] Kim Larsen [50]

Symbolic Symbolic Branch Branch & Bound & Bound Algorithm Algorithm Z  ' Z Z’ is bigger & cheaper than Z cheaper than Z ≤ is a well-quasi ≤ is a well quasi ordering which guarantees termination! AVACS PhD AVACS PhD School, Oldenburgh, March School, Oldenburgh, March 2010 2010 Kim Larsen [51] Kim Larsen [51]

Cost- Cost-Optimality Reachability Optimality Reachability Behrmann, Fehnker, et all (HSCC’01) Behrmann, Fehnker, et all (HSCC’01) Alur, Torre, Pappas (HSCC’01) Alur, Torre, Pappas (HSCC’01) Cost of step n c 3 3 c 2 c 1 c n GOAL  C Competitive with and Complementary C Value of path  : val(  ) = c 1 + c 2 + ... + c n to MILP Optimal Schedule  * : val(  * ) = inf  val(  ) Optimal Schedule  : val(  ) inf  val(  ) AVACS PhD AVACS PhD School, Oldenburgh, March School, Oldenburgh, March 2010 2010 Kim Larsen [52] Kim Larsen [52]

Aircraft Landing Problem Aircraft Landing Problem cost t d + l *(t-T) E earliest landing time T target time e *(T-t) L latest time e cost rate for being early l cost rate for being late d fixed cost for being late t E E T L Planes have to keep separation distance to avoid turbulences caused by preceding planes AVACS PhD AVACS PhD School, Oldenburgh, March School, Oldenburgh, March 2010 2010 Kim Larsen [53] Kim Larsen [53] Runway

Modeling ALP with PTA Modeling ALP with PTA 129 : Earliest landing time 153 : Target landing time 559 : Latest landing time 10 : Cost rate for early 20 : Cost rate for late Runway handles 2 types of Runway handles 2 types of planes Planes have to keep separation distance to avoid turbulences caused by preceding planes AVACS PhD AVACS PhD School, Oldenburgh, March School, Oldenburgh, March 2010 2010 Kim Larsen [54] Kim Larsen [54] Runway

Modelling ALP Modelling ALP with MILP with MILP [Beasley00] minimize  i=1 P( e i  i + d i  i ) where where t i : landing time of plane i  i : how early plane i lands before target T i  i : how late plane i lands after target T i  : if i lands before then 0 otherwise 1  ij : if i lands before then 0 otherwise 1 AVACS PhD AVACS PhD School, Oldenburgh, March School, Oldenburgh, March 2010 2010 Kim Larsen [55] Kim Larsen [55]

Aircraft Landing Aircraft Landing AVACS PhD AVACS PhD School, Oldenburgh, March School, Oldenburgh, March 2010 2010 Kim Larsen [56] Kim Larsen [56]

Optimal Optimal Infinite Infinite Schedule Schedule AVACS PhD AVACS PhD School, Oldenburgh, March School, Oldenburgh, March 2010 2010 Kim Larsen [57] Kim Larsen [57]

Optimal Optimal Infinite Infinite Scheduling Scheduling Maximize throughput: i.e. maximize Reward / Time in the long run! AVACS PhD AVACS PhD School, Oldenburgh, March School, Oldenburgh, March 2010 2010 Kim Larsen [58] Kim Larsen [58]

Optimal Optimal Infinite Infinite Scheduling Scheduling Minimize Energy Consumption: i.e. minimize Cost / Time in the long run AVACS PhD AVACS PhD School, Oldenburgh, March School, Oldenburgh, March 2010 2010 Kim Larsen [59] Kim Larsen [59]

Optimal Optimal Infinite Infinite Scheduling Scheduling Maximize throughput: i.e. maximize Reward / Cost in the long run AVACS PhD AVACS PhD School, Oldenburgh, March School, Oldenburgh, March 2010 2010 Kim Larsen [60] Kim Larsen [60]

Mean Pay-Off Mean Pay-Off Optimality Optimality Bouyer, Brinksma, Larsen: Bouyer, Brinksma, Larsen: HSCC04,FMSD07 HSCC04,FMSD07 Accumulated cost c 3 c n c c 1 c c 2 r 3 r n  r 1 r 2 Accumulated reward ¬ BAD Value of path  : val(  ) = lim n →∞ c n /r n Optimal Schedule  : val(  ) Optimal Schedule  * : val(  * ) = inf inf  val(  ) val(  ) AVACS PhD School, Oldenburgh, March AVACS PhD School, Oldenburgh, March 2010 2010 Kim Larsen [61] Kim Larsen [61]

Discount Discount Optimality Optimality   1 : discounting factor Larsen, Fahrenberg: Larsen, Fahrenberg: INFINITY’08 INFINITY’08 Cost of time t n c(t 3 ) c(t n ) c(t 1 ) c(t 2 ) (t ) c(t ) t 3 t n  t 1 t 2 Time of step n ¬ BAD Value of path  : val(  ) = Optimal Schedule  : val(  ) = inf  val(  ) * : val( * ) Optimal Schedule inf val( ) AVACS PhD AVACS PhD School, Oldenburgh, March School, Oldenburgh, March 2010 2010 Kim Larsen [62] Kim Larsen [62]

Soundness Soundness of of Corner Corner Point Point Abstraction Abstraction AVACS PhD AVACS PhD School, Oldenburgh, March School, Oldenburgh, March 2010 2010 Kim Larsen [63] Kim Larsen [63]

Consuming Consuming & Harvesting Harvesting Energy Energy Bouyer, Fahrenberg, Bouyer, Fahrenberg, Larsen, Markey, Srba: Larsen, Markey, Srba: FORMATS 2 0 0 8 FORMATS 2 0 0 8 FORMATS 2 0 0 8 FORMATS 2 0 0 8 HSCC 2 0 1 0 HSCC 2 0 1 0 Maximize throughput while respecting: 0 ≤ E ≤ MAX while respecting: 0 ≤ E ≤ MAX AVACS PhD AVACS PhD School, Oldenburgh, March School, Oldenburgh, March 2010 2010 Kim Larsen [64] Kim Larsen [64]

Energy-Bounded Energy-Bounded Infinite Runs Infinite Runs Bouyer, Fahrenberg, Bouyer, Fahrenberg, Larsen, Markey, Srba: Larsen, Markey, Srba: Cost of time t n FORMATS 2008 FORMATS 2008 FORMATS 2008 FORMATS 2008 c(t 4 ) c(t n ) c(t ) c(t 2 ) c(t 1 ) t 4 t t n  t 1 t 2 Time of step n ¬ BAD MAX MAX … t t 2 t t 3 t t 4 t t 1 AVACS PhD AVACS PhD School, Oldenburgh, March School, Oldenburgh, March 2010 2010 Kim Larsen [65] Kim Larsen [65]

Multiple Objective Multiple Objective Scheduling Scheduling P 2 P 1 2 ,3 1 6 ,1 0 cost 2 6 ,6 1 0 ,1 6 P 6 P 3 P 4 2 ,3 Pareto Frontier cost 2 ’==3 cost 1 ’==4 1 P P 7 P P 5 2 2 2 ,2 8 ,2 3 W cost 1 4 W 1 AVACS PhD AVACS PhD School, Oldenburgh, March School, Oldenburgh, March 2010 2010 Kim Larsen [66] Kim Larsen [66]

”Experimental” Results ”Experimental” Results AVACS PhD AVACS PhD School, Oldenburgh, March School, Oldenburgh, March 2010 2010 Kim Larsen [67] Kim Larsen [67]

Schedulability Analysis Schedulability Analysis

Embedded Systems Embedded Systems Tasks: Computation times Resources Deadlines Execution platform p Dependencies CPU, Memory Scheduling Principles (OS) Arrival patterns Networks EDF, FPS, RMS, DVS, .. uncertainties Drivers uncertainties uncertainties AVACS PhD AVACS PhD School, Oldenburgh, March School, Oldenburgh, March 2010 2010 Kim Larsen [69] Kim Larsen [69]

Task Scheduling Task Scheduling utilization of CPU P(i), [E(i), L(i)], .. : period or earliest/ latest arrival or .. for T i C(i): execution time for T i D(i): deadline for T i D(i): deadline for T i T 1 T 1 ready Scheduler Scheduler done T 2 T 2 2 4 1 3 stop run T n T T n { T 4 , T 1 , T 3 } ready T 2 is running ordered according to some given priority: g p y (e.g. Fixed Priority, Earliest Deadline,..) AVACS PhD AVACS PhD School, Oldenburgh, March School, Oldenburgh, March 2010 2010 Kim Larsen [70] Kim Larsen [70]

Modeling Task Modeling Task ready T T 1 T 1 Scheduler Scheduler done T 2 T 2 4 1 3 2 stop run T n T n AVACS PhD AVACS PhD School, Oldenburgh, March School, Oldenburgh, March 2010 2010 Kim Larsen [71] Kim Larsen [71]

Modeling Scheduler Modeling Scheduler ready T T 1 T 1 Scheduler Scheduler done T 2 T 2 4 1 3 2 stop run T n T n AVACS PhD AVACS PhD School, Oldenburgh, March School, Oldenburgh, March 2010 2010 Kim Larsen [72] Kim Larsen [72]

Modeling Queue Modeling Queue In UPPAAL 4.0 User Defined Function ready T T 1 T 1 Scheduler Scheduler done T 2 T 2 4 1 3 2 stop run T n T n …… AVACS PhD AVACS PhD School, Oldenburgh, March School, Oldenburgh, March 2010 2010 Kim Larsen [73] Kim Larsen [73]

Schedulability = Safety Property Schedulability = Safety Property May be extended with preemption ¬ (Task0.Error or Task1.Error or …) (T k0 E T k1 E ) A ฀ ¬ (Task0.Error or Task1.Error or …) AVACS PhD AVACS PhD School, Oldenburgh, March School, Oldenburgh, March 2010 2010 Kim Larsen [74] Kim Larsen [74]

Preemption – Preemption – Stopwatches Stopwatches! Scheduler Task Task Defeating undecidability  D f ti d id bilit  AVACS PhD AVACS PhD School, Oldenburgh, March School, Oldenburgh, March 2010 2010 Kim Larsen [75] Kim Larsen [75]

Stopwatches Stopwatches & Zones Zones Z : x=y=z Z*: x=0 Æ y=z x=0 Æ y-x=z Z**: z ≥ 0 Æ y-x=z Not a Zone Not a Zone AVACS PhD AVACS PhD School, Oldenburgh, March School, Oldenburgh, March 2010 2010 Kim Larsen [76] Kim Larsen [76]

Handling realistic applications? Handling realistic applications? Jan Madsen / DTU Jan Madsen / DTU Smart phone: MP3 Decoder 0 2 1 4 3 6 5 7 8 9 10 11 12 13 14 15 [Application from Marcus Schmitz, TU Linkoping] AVACS PhD AVACS PhD School, Oldenburgh, March School, Oldenburgh, March 2010 2010 Kim Larsen [77] Kim Larsen [77]

Timed Automata for a task Timed Automata for a task AVACS PhD AVACS PhD School, Oldenburgh, March School, Oldenburgh, March 2010 2010 78 78

Smart phone Smart phone  Tasks: 114  Deadlines: [0 02: 0 5] sec  Deadlines: [0.02: 0.5] sec  Execution: [52 : 266.687] cycles cycles MP3 Decoder  Platform: 0 2 1  6 processors 25 MHz  6 processors, 25 MHz 4 3  1 bus 6 5 7  Verified in 1 5 hours! Verified in 1.5 hours! 8 9 10 11 12 13 14 15 AVACS PhD AVACS PhD School, Oldenburgh, March School, Oldenburgh, March 2010 2010 Kim Larsen [79] Kim Larsen [79]

ESA Mission ESA Mission Q uasiomodo Solar System, cold dust clouds and cores, star and galaxy  formations cataloging galaxies gravitational lensing cosmic formations, cataloging galaxies, gravitational lensing, cosmic microwave background, topology of the universe... Terma: Develop software for Attitude and Orbit Control System  AVACS PhD AVACS PhD School, Oldenburgh, March School, Oldenburgh, March 2010 2010 Kim Larsen [80] Kim Larsen [80]

Herschel & Herschel & Planck Planck  Launch: http://www.youtube.com/watch?v=x4siTwB4LSc AVACS PhD AVACS PhD School, Oldenburgh, March School, Oldenburgh, March 2010 2010 Kim Larsen [81] Kim Larsen [81]

Herschel & Herschel & Planck Satelites Planck Satelites Application so Application soft ftware (ASW) ware (ASW)  built and tested by Terma: y  does attitude and orbit control, tele-  commanding, fault detection isolation and recovery. Basic soft are (BSW) Basic software (BSW)  low level communication and scheduling  periodic events. Real time operating system (RTEMS), Real-time operating system (RTEMS)   Hardware  single processor, a few communication  buses, sensors and actuators. buses, se so s a d actuato s Requirements: Requi ements:  Software tasks should be schedulable.  CPU utilization should not exceed 50% load.  AVACS PhD AVACS PhD School, Oldenburgh, March School, Oldenburgh, March 2010 2010 Kim Larsen [82] Kim Larsen [82]

Results Results System System Herschel Herschel Planck Planck Mode d Nominal l +Events Nominal l +Events Max Max 58.7% 58.7% 62.4 62.4 66.1% 66.1% 70.8 70.8 Utiliz Utilization tion  Not schedulable in one configuration h d l bl f (without harmful effects)  Worst case utilization too high (>50%) W t tili ti t hi h ( 50%) AVACS PhD AVACS PhD School, Oldenburgh, March School, Oldenburgh, March 2010 2010 Kim Larsen [83] Kim Larsen [83]

UPPAAL Model UPPAAL Model AVACS PhD AVACS PhD School, Oldenburgh, March School, Oldenburgh, March 2010 2010 Kim Larsen [84] Kim Larsen [84]

Periodic Periodic Task Task – no Resources esources Global AVACS PhD AVACS PhD School, Oldenburgh, March School, Oldenburgh, March 2010 2010 Kim Larsen [85] Kim Larsen [85]

BSW Task BSW Task Using Using Resource esource AVACS PhD AVACS PhD School, Oldenburgh, March School, Oldenburgh, March 2010 2010 Kim Larsen [86] Kim Larsen [86]

PrimaryF PrimaryF and SecondaryF and SecondaryF using using lcb_R cb_R and Sgm_R and Sgm_R AVACS PhD AVACS PhD School, Oldenburgh, March School, Oldenburgh, March 2010 2010 Kim Larsen [87] Kim Larsen [87]

Verification Verification AVACS PhD AVACS PhD School, Oldenburgh, March School, Oldenburgh, March 2010 2010 Kim Larsen [88] Kim Larsen [88]

Gantt Gantt Chart hart 1. cycle . cycle AVACS PhD AVACS PhD School, Oldenburgh, March School, Oldenburgh, March 2010 2010 Kim Larsen [89] Kim Larsen [89]

Blocking Blocking & WCRT & WCRT AVACS PhD AVACS PhD School, Oldenburgh, March School, Oldenburgh, March 2010 2010 Page 90 Page 90

Conclusion Conclusion AVACS PhD AVACS PhD School, Oldenburgh, March School, Oldenburgh, March 2010 2010 Kim Larsen [91] Kim Larsen [91]

Priced Priced Timed Games Timed Games

Scheduling under Scheduling under Uncertainty Uncertainty When you are in ( Task1.End Task2.End Task3._id2 Task4.End Task5._id0 Task6._id0 Task7._id0 M1._id4 M2._id7 ) f1=1 f2=1 f3=0 f4=1 f5=0 f6=0 f7=0 f0=1 B1=0 B2=6 (4<=x2 && time==18 && x2<=8), Take transition Take transition Task6._id0->Task6._id1 { a == 1 && b == 1, use1!, B1 := D1 } M1._id4->M1._id5 { 1, use1?, x1 := 0 } When you are in ( Task1.End Task2.End Task3.End Task4.End Task5. id0 Task6. id1 Task7. id0 M1. id5 M2. id6 ) ( _ _ _ _ _ ) f1=1 f2=1 f3=1 f4=1 f5=0 f6=0 f7=0 f0=1 B1=3 B2=10 (18<=time && x1<=6 && time<=22 && time-x1<=18), Take transition Task5._id0->Task5._id2 { a == 1 && b == 1, use2!, B2 := D2 } M2._id6->M2._id7 { 1, use2?, x2 := 0 } When you are in ( Task1.End Task2.End Task3.End Task4._id0 Task5._id0 Task6._id1 Task7._id0 M1._id5 M2._id6 ) f1=1 f2=1 f3=1 f4=0 f5=0 f6=0 f7=0 f0=1 B1=3 B2=2 (x1-time==-10 && time==10), Take transition Take transition Task4._id0->Task4._id2 { a == 1 && b == 1, use2!, B2 := D2 } M2._id6->M2._id7 { 1, use2?, x2 := 0 } When you are in ( Task1.End Task2.End Task3.End Task4.End Task5._id1 Task6._id0 Task7._id0 M1._id5 M2._id6 ) ( _ _ _ _ _ ) f1=1 f2=1 f3=1 f4=1 f5=0 f6=0 f7=0 f0=1 B1=8 B2=8 (x1<=3 && x1-time==-18) || (20<=time && x1-time<=-12 && time<=21 && time-x1<18), CONCUR05, Take transition CAV07, Task6._id0->Task6._id2 { a == 1 && b == 1, use2!, B2 := D2 } M2._id6->M2._id7 { 1, use2?, x2 := 0 } FORMATS07 HSCC’09 When you are in ... AVACS PhD School, Oldenburgh, March AVACS PhD School, Oldenburgh, March 2010 2010 Kim Larsen [93] Kim Larsen [93]

Optimal Optimal Scheduling under Scheduling under Uncertainty Uncertainty Decidable with 1 clock [BLMR06] Acyclic Acyclic [LTMM02] [LTMM02] Bounded length [ABM04] Strong non-zeno cost-behaviour g [BCFL04] [ ] Undecidable with 3 clocks or more [BBR05, BBM06] Open problem with 2 clocks , cost’=4 , cost’=3 AVACS PhD AVACS PhD School, Oldenburgh, March School, Oldenburgh, March 2010 2010 Kim Larsen [94] Kim Larsen [94]

Two Tank Example Two Tank Example T1 T’=-0.1*T + 10 T’=-0.1*T + 10 on/off on? off? on? on? off? ff? on/off T’=-0.1*T T’=-0.1*T T2 AVACS PhD AVACS PhD School, Oldenburgh, March School, Oldenburgh, March 2010 2010 Kim Larsen [95] Kim Larsen [95]

Two Tank Example Two Tank Example T1 Temp Temp on/off on/off T2 time AVACS PhD AVACS PhD School, Oldenburgh, March School, Oldenburgh, March 2010 2010 Kim Larsen [96] Kim Larsen [96]

Two Tank Example Two Tank Example [80,100] T1 Temp Temp [60,70] [30,40] on/off [0,10] [80,100] on/off [60,70] [30,40] T2 [0,10] [ ] 4 time 8 AVACS PhD AVACS PhD School, Oldenburgh, March School, Oldenburgh, March 2010 2010 Kim Larsen [97] Kim Larsen [97]

Two Tank Example Two Tank Example [80,100] T1 [60,70] [30,40] on/off [0,10] [80,100] on/off [60,70] [30,40] T2 [0,10] [ ] AVACS PhD AVACS PhD School, Oldenburgh, March School, Oldenburgh, March 2010 2010 Kim Larsen [98] Kim Larsen [98]

Two Two Tank Example ank Example AVACS PhD AVACS PhD School, Oldenburgh, March School, Oldenburgh, March 2010 2010 Kim Larsen [99] Kim Larsen [99]

Plastic Injection Molding Machine Plastic Injection Molding Machine Q uasiomodo [HSCC’09]  Robust and optimal control  Tool Chain Tool Chain  Synthesis: UPPAAL UPPAAL TIGA TIGA  Verification: PHAVer PHAVer  Performance: SIMULINK SIMULINK  40% improvement of existing solutions.. AVACS PhD AVACS PhD School, Oldenburgh, March School, Oldenburgh, March 2010 2010 Kim Larsen [100] Kim Larsen [100]