ComS 512 Project John Altidor Michelle Ruse Jonathan Schroeder.

Slides:

Advertisements

Similar presentations

R&D Attitude Control System in AADL How will complexity and variation in embedded systems be captured? Can system-level design process benefit from system-level.

Advertisements

Network II.5 simulator ..

Copyright 2000 Cadence Design Systems. Permission is granted to reproduce without modification. Introduction An overview of formal methods for hardware.

Implementation and Verification of a Cache Coherence protocol using Spin Steven Farago.

HARP-B HARP Software Demo July CAN Node Emulator Using the Vector CAN-Tech CANalyzer Raj Atwal CAN Node Emulator.

Model Checking for an Executable Subset of UML Fei Xie 1, Vladimir Levin 2, and James C. Browne 1 1 Dept. of Computer Sciences, UT at Austin 2 Bell Laboratories,

Openflow App Testing Chao SHI, Stephen Duraski. Motivation Network is still a complex stuff ! o Distributed mechanism o Complex protocol o Large state.

Workflow Verification Project BY: Toomas Kütt Fraz Tabassam Jens Kaae Christensen.

UPPAAL Introduction Chien-Liang Chen.

UPPAAL Andreas Hadiyono Arrummaisha Adrifina Harya Iswara Aditya Wibowo Juwita Utami Putri.

CSE 522 UPPAAL – A Model Checking Tool Computer Science & Engineering Department Arizona State University Tempe, AZ Dr. Yann-Hang Lee

Introduction to LUSTRE 22c181 Spring Background Developed in 1980’s at Verimag (Fr) Currently used by Estrel Technologies in Scade development tools.

The Spin Model Checker Promela Introduction Nguyen Tuan Duc Shogo Sawai.

Automatic Verification of Component-Based Real-Time CORBA Applications Gabor Madl Sherif Abdelwahed

An Automata-based Approach to Testing Properties in Event Traces H. Hallal, S. Boroday, A. Ulrich, A. Petrenko Sophia Antipolis, France, May 2003.

© 2008 Cisco Systems, Inc. All rights reserved.CIPT1 v6.0—5-1 Implementing Media Resources, Features, and Applications Implementing Cisco Unified Video.

Synthesis of Embedded Software Using Free-Choice Petri Nets.

Architecture Modeling and Analysis for Embedded Systems Oleg Sokolsky CIS700 Fall 2005.

© Katz, 2003 Formal Specifications of Complex Systems-- Real-time 1 Adding Real-time to Formal Specifications Formal Specifications of Complex Systems.

Model Checking. Used in studying behaviors of reactive systems Typically involves three steps: Create a finite state model (FSM) of the system design.

Presenter : Shih-Tung Huang Tsung-Cheng Lin Kuan-Fu Kuo 2015/6/15 EICE team Model-Level Debugging of Embedded Real-Time Systems Wolfgang Haberl, Markus.

DISTRIBUTED CONSISTENCY MANAGEMENT IN A SINGLE ADDRESS SPACE DISTRIBUTED OPERATING SYSTEM Sombrero.

Component Symbols process Thread Auto-sized with text label Processor Memory System data Device bus Threadgroup subprogram.

© Katz, 2007 Formal Specifications of Complex Systems-- Real-time 1 Adding Real-time to Formal Specifications Formal Specifications of Complex Systems.

Figure 1.1 Interaction between applications and the operating system.

Verifying Distributed Real-time Properties of Embedded Systems via Graph Transformations and Model Checking Gabor Madl

November 18, 2004 Embedded System Design Flow Arkadeb Ghosal Alessandro Pinto Daniele Gasperini Alberto Sangiovanni-Vincentelli

System-Level Types for Component-Based Design Paper by: Edward A. Lee and Yuhong Xiong Presentation by: Dan Patterson.

Timing analysis of an SDL subset in UPPAAL Anders Hessel Institution of Information Technology Department of Computer Systems Uppsala University M.Sc.

Advances in Language Design

02/06/05 “Investigating a Finite–State Machine Notation for Discrete–Event Systems” Nikolay Stoimenov.

Cheng/Dillon-Software Engineering: Formal Methods Model Checking.

Timed UML State Machines Ognyana Hristova Tutor: Priv.-Doz. Dr. Thomas Noll June, 2007.

UPPAAL Ghaith Haddad. Introduction UPPAAL is a tool for modeling, validation and verification of real-time systems. Appropriate for systems that can be.

ECE 720T5 Winter 2014 Cyber-Physical Systems Rodolfo Pellizzoni.

VeriFlow: Verifying Network-Wide Invariants in Real Time

The Architecture of Secure Systems Jim Alves-Foss Laboratory for Applied Logic Department of Computer Science University of Idaho By, Nagaashwini Katta.

GUI For A Virtual Pipeline Simulation Testbed By, Revathi Manni Ranganathan Major Professor: Dr.Virgil Wallentine.

Using Formal Verification to Exhaustively Verify SoC Assemblies by Mark Handover Kenny Ranerup Applications Engineer ASIC Consultant Mentor Graphics Corp.

CPSC 875 John D. McGregor C10 – Physical architecture.

Yang Liu, Jun Sun and Jin Song Dong School of Computing National University of Singapore.

1 AADL Architectural Analysis and Design Language Jason Mowry UW-Platteville Undergraduate Software Engineering.

MACCE and Real-Time Schedulers Steve Roberts EEL 6897.

Lecture51 Timed Automata II CS 5270 Lecture 5.

C. André, J. Boucaron, A. Coadou, J. DeAntoni,

CPSC 372 John D. McGregor Module 3 Session 1 Architecture.

Fall 2004EE 3563 Digital Systems Design EE 3563 VHSIC Hardware Description Language  Required Reading: –These Slides –VHDL Tutorial  Very High Speed.

CPSC 871 John D. McGregor Module 3 Session 1 Architecture.

1 CSEP590 – Model Checking and Automated Verification Lecture outline for August 6, 2003.

Temporal Logic Model-checking with SPIN

Modeling and Simulating Time- Sensitive Networking Harri Laine.

HACNet Simulation-based Validation of Security Protocols Vinay Venkataraghavan Advisors: S.Nair, P.-M. Seidel HACNet Lab Computer Science and Engineering.

Constraints Assisted Modeling and Validation Presented in CS294-5 (Spring 2007) Thomas Huining Feng Based on: [1]Constraints Assisted Modeling and Validation.

Architecture Analysis and Design Language: An Overview Drew Gardner.

Software Systems Verification and Validation Laboratory Assignment 4 Model checking Assignment date: Lab 4 Delivery date: Lab 4, 5.

Winter 2007SEG2101 Chapter 121 Chapter 12 Verification and Validation.

SystemC Semantics by Actors and Reduction Techniques in Model Checking Marjan Sirjani Formal Methods Lab, ECE Dept. University of Tehran, Iran MoCC 2008.

Architecture Description Languages (ADLs) Cf. Architecture Analysis and Design Languages.

1 Budapest University of Technology and Economics Department of Measurement and Information Systems Budapest University of Technology and Economics Fault.

CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur

Faculty Advisor – Dr. Suraj Kothari Client – Jon Matthews Team Members – Chaz Beck Marcus Rosenow Shaun Brockhoff Jason Lackore Importance of SoftwareProject.

CS5270 Lecture 41 Timed Automata I CS 5270 Lecture 4.

A Brief Introduction to Architectural Modeling Using AADL and Collaborative, Adaptive Cruise Control John D. McGregor Roselane S. Silva.

UPPAAL Real-Time Systems Lab. Seolyoung, Jeong.

SOFTWARE DESIGN AND ARCHITECTURE

Timed Automata II CS 5270 Lecture Lecture5.

Figure 5. 1 An example of AND-OR logic

Model Checking for an Executable Subset of UML

Presentation transcript:

ComS 512 Project John Altidor Michelle Ruse Jonathan Schroeder

Outline Tools AADL Overview UppAal Overview Generating the Real Time Model from Flows Demo (Partial)

Tools Used OSATE AADL Editor Checks safety properties for the model UppAal Real-Time Model Checker Verifies Timing properties for the systems

AADL Overview Architecture Analysis & Design Language Developed Originally for Avionics A language to model the interactions of software and hardware components of embedded real-time systems

AADL Models What can we model Software Components Threads / Thread Groups Processes Data Subprograms Hardware Components Processor Memory Device Bus Composite System process Encryption features input_a: in data port storage; output_a: out data port storage ; input_b: in data port storage; output_b: out data port storage ; end Encryption; process implementation Encryption.basic end Encryption.basic;

Component Communication Components send and receive data through ports – Data – Event Components interact with each other through connections – Connections are directional – Each input port can only have 1 incoming connection – Each output port can have multiple outgoing connections

Controller Example Event Port Data Port Connection

Flow Specifications We can track how the data is moving through the system with flows Flow elements – Source: Where is the data coming from – Sink: Where the data will eventually end up – Flow Path: The route the data takes through a component – End to End Flow: A flow path beginning at a source and ending at a sink

Controller Flow fp: end to end flow Sensor_a.fp -> c1 -> Controller.fp -> c2 -> Monitor_a.fp; fp: flow path input_a -> c1 -> Encryption.fp -> c2 -> output_a;

What can we do with Flows? Latency Calculations Connections and some subcomponents can have latency information Currently statistics are generated for each individual flow Max Latency from source to sink What if we want to check more interesting properties?

Modeling Flows Transform the flows into a real-time model Use a simplified CTL query to check model for interesting properties UppAal: Tool for validating real time systems

UppAal Overview System Editor Draw Automata: locations, edges, etc. Declare global and local const, vars, functions Create instances of system and processes Simulator Traces: next, prev, replay, open, save, random Message sequences (nice visual) Verifier Loads.q or manually input query comment

UppAal Files UppAal (March 2007) supports.ta,.xta formats and.xml Ver 3.2 GUI-supported Ver 3.4 verification supported Trace files.xtr (linked to model) Query files (verification).q

UppAal.xml Process (aka Templates) process procName… /* c-code */ tName Instantiation occurs in System sysName; Inter-process synchronization occurs via channels (think Spin!) or shared memory. chan or urgent chan (no delay)

UppAal CTL Verifier NamePropertyEquivalence PossiblyE<>p InvariantlyA[ ] pnot E<> not p Potentially Always E[ ] p EventuallyA<>not E[ ] not p Leads top --> qA[ ] (p imply A<> q)

UppAal Symbolic Traces We assume (incorrectly) A[ ] beginflow imply endflow Timed automata: delays and timing Backward Stable given a symbolic trace with states {A, B} s.t. A is before B, every state in B can be reached by a state in A. not Forward Stable given a symbolic trace with states {A,B} s.t. A is before B, every state in A can reach a state in B. Solution: urgent and committed locations! However, we want timing information

Flow1 Model

Example: Flow1.xml clock c; chan mychan; Encryption clock t; Encryptioninput Encryptionoutput t mychan! system Test,Encryption;

Flow1.q /* The system is deadlock free. But here deadlock occurs at end of flow! */ A[] not deadlock /* Whenever eventually SensedData (beginning) to Monitorinput (end) will fail. */ Test.SensorSensedData --> Test.Monitorinput /* Eventually from end to beginning? */ A<> Test.Monitorinput imply Test.SensorSensedData /* Potentially always flows does info get to port p in time t? */ E[] Test.ControllerInput and c<5 /* potentially always flows does info get to port p in time t? */ E<> ((Test.SensorSensedData imply Test.Monitorinput) and c < 5) /* is there at least one path where info gets to port p in time t? */ E<> Test.ControllerInput and c<5

RUN UPPAAL

AADL to UppAal Transformation OSATEProjectUppAal AADL Text Real-Time Model AAXL CTL Formula Verification Counter-Example

Aadl to UppAal Controller  System instance defined in template Process  System instance defined in template (or could be process) Ports  locations Transitions  edges with timing location edge properties: guard, sync, select, update used for timing check  Edges used to sync with sub-systems

Transforming a Flow to a Real-time Model Flow Structure – Port -> Connection -> Port -> Subcomponent -> … UppAal Model – Location -> Transition -> Location -> Transition -> … Let Locations be the Ports Let Subcomponents be their own Template – Use channels to synchronize the subcomponents We will let our transitions be the connections that have the associated latency timing information