Testing Railway Interlockings with TTCN-3 Stefan Blom University of Innsbruck Natalia Ioustinova,Jaco van de Pol

Slides:



Advertisements
Similar presentations
Network II.5 simulator ..
Advertisements

Train Gate System A one-directional railway track crosses a road A gate at the crossing may be lowered or raised under computer control A short distance.
Computer Architecture
Distributed Snapshots: Determining Global States of Distributed Systems - K. Mani Chandy and Leslie Lamport.
Distributed Snapshots: Determining Global States of Distributed Systems Joshua Eberhardt Research Paper: Kanianthra Mani Chandy and Leslie Lamport.
COMMUNICATING SEQUENTIAL PROCESSES C. A. R. Hoare The Queen’s University Belfast, North Ireland.
Lecture 8: Asynchronous Network Algorithms
Parallel and Distributed Simulation Global Virtual Time - Part 2.
Time Warp: Global Control Distributed Snapshots and Fossil Collection.
A 2 -MAC: An Adaptive, Anycast MAC Protocol for Wireless Sensor Networks Hwee-Xian TAN and Mun Choon CHAN Department of Computer Science, School of Computing.
Token-Dased DMX Algorithms n LeLann’s token ring n Suzuki-Kasami’s broadcast n Raymond’s tree.
1st DWFTT - 21/06/05 - Amsterdam TT-Medal Project Overview Jaco van de Pol CWI, SEN 2 Amsterdam Stefan Blom, Jens Calamé, Wan Fokkink, Nicu Goga, Natalia.
1/1/ / faculty of Electrical Engineering eindhoven university of technology Architectures of Digital Information Systems Part 1: Interrupts and DMA dr.ir.
Modeling & Simulation. System Models and Simulation Framework for Modeling and Simulation The framework defines the entities and their Relationships that.
Synchronization Chapter clock synchronization * 5.2 logical clocks * 5.3 global state * 5.4 election algorithm * 5.5 mutual exclusion * 5.6 distributed.
1/1/ / faculty of Electrical Engineering eindhoven university of technology Introduction Part 3: Input/output and co-processors dr.ir. A.C. Verschueren.
1 Complexity of Network Synchronization Raeda Naamnieh.
CS 582 / CMPE 481 Distributed Systems
1 Soft Timers: Efficient Microsecond Software Timer Support For Network Processing Mohit Aron and Peter Druschel Rice University Presented By Jonathan.
1 Computer System Overview OS-1 Course AA
Fault-tolerant Adaptive Divisible Load Scheduling Xuan Lin, Sumanth J. V. Acknowledge: a few slides of DLT are from Thomas Robertazzi ’ s presentation.
University College Cork IRELAND Hardware Concepts An understanding of computer hardware is a vital prerequisite for the study of operating systems.
CS533 - Concepts of Operating Systems
Ordering and Consistent Cuts Presented by Chi H. Ho.
EEC-681/781 Distributed Computing Systems Lecture 11 Wenbing Zhao Cleveland State University.
Mahapatra-A&M-Sprong'021 Co-design Finite State Machines Many slides of this lecture are borrowed from Margarida Jacome.
Simulated Time for Host-Based Testing with TTCN-3 Stefan Blom (Innsbruck Univ.), Thomas Deiss (Nokia Research Center, NRC), Natalia Ioustinova (CWI), Ari.
Software Testing and QA Theory and Practice (Chapter 10: Test Generation from FSM Models) © Naik & Tripathy 1 Software Testing and Quality Assurance Theory.
EMBEDDED SOFTWARE Team victorious Team Victorious.
Process Description and Control Chapter 3. Major Requirements of an OS Interleave the execution of several processes to maximize processor utilization.
On Probabilistic Snap-Stabilization Karine Altisen Stéphane Devismes University of Grenoble.
Some Aspects of Propagation. Operators Are Not Functions Network operators rarely behave as functions - they can have multiple outputs a range can turn.
Load Balancing and Termination Detection Load balance : - statically before the execution of any processes - dynamic during the execution of the processes.
Computer System Overview Chapter 1. Operating System Exploits the hardware resources of one or more processors Provides a set of services to system users.
LECTURE9 NET301. DYNAMIC MAC PROTOCOL: CONTENTION PROTOCOL Carrier Sense Multiple Access (CSMA): A protocol in which a node verifies the absence of other.
FINAL MPX DELIVERABLE Due when you schedule your interview and presentation.
On Probabilistic Snap-Stabilization Karine Altisen Stéphane Devismes University of Grenoble.
Chapter 12 Transmission Control Protocol (TCP)
CONTI'20041 Event Management in Distributed Control Systems Gheorghe Sebestyen Technical University of Cluj-Napoca Computers Department.
1 M. Tudruj, J. Borkowski, D. Kopanski Inter-Application Control Through Global States Monitoring On a Grid Polish-Japanese Institute of Information Technology,
Testing Railway Interlockings with N. Ioustinova, J. van de Pol, N. Goga Centrum voor Wiskunde en Informatica Amsterdam, The Netherlands TT-Medal Review.
Modeling VHDL in POSE. Overview Motivation Motivation Quick Introduction to VHDL Quick Introduction to VHDL Mapping VHDL to POSE (the Translator) Mapping.
Communicating Real-Time State Machines (CRSM) State machines that communicate synchronously Unique unidirectional channels are used for the communication.
MODELING EXAMPLES Types of model Conceptual Containing components that have not been clearly Identified in terms of theoretic categories such as state,
1 Interrupts, Resets Today: First Hour: Interrupts –Section 5.2 of Huang’s Textbook –In-class Activity #1 Second Hour: More Interrupts Section 5.2 of Huang’s.
High Level Architecture Time Management. Time management is a difficult subject There is no real time management in DIS (usually); things happen as packets.
HPC HPC-5 Systems Integration High Performance Computing 1 Application Resilience: Making Progress in Spite of Failure Nathan A. DeBardeleben and John.
LECTURE9 NET301 11/5/2015Lect 9 NET DYNAMIC MAC PROTOCOL: CONTENTION PROTOCOL Carrier Sense Multiple Access (CSMA): A protocol in which a node verifies.
Advantages of simulation 1. New policies, operating procedures, information flows and son on can be explored without disrupting ongoing operation of the.
A Survey of Fault Tolerance in Distributed Systems By Szeying Tan Fall 2002 CS 633.
Chapter 3 System Buses.  Hardwired systems are inflexible  General purpose hardware can do different tasks, given correct control signals  Instead.
Distributed Mutual Exclusion Synchronization in Distributed Systems Synchronization in distributed systems are often more difficult compared to synchronization.
Efficient Algorithms for Distributed Snapshots and Global Virtual Time Approximation Author: Friedermann Mattern Presented By: Shruthi Koundinya.
Simulation Examples And General Principles Part 2
Parallel and Distributed Simulation Deadlock Detection & Recovery.
A recurring neurological disorder characterized by random firing of nerve cells in the brain which cause a temporary shutdown of normal brain function.
CPU SCHEDULING.
Programmable Interval Timer
Programmable Interval Timer
Discrete Event Simulation
Computer System Overview
PDES: Time Warp Mechanism Computing Global Virtual Time
Distributed Snapshots & Termination detection
Net301 lecture9 11/5/2015 Lect 9 NET301.
Protocol Basics.
Maya Haridasan April 15th
MECH 3550 : Simulation & Visualization
CIS825 Lecture 5 1.
Presentation transcript:

Testing Railway Interlockings with TTCN-3 Stefan Blom University of Innsbruck Natalia Ioustinova,Jaco van de Pol Centrum voor Wiskunde en Informatica, Amsterdam

Vital Processor Interlocking (VPI) Control cycle:  input of new values  computations  idle waiting  output of results VPI is timed, delays are used to ensure safety Goal: find time semantics suitable for testing VPI`s software

Testing VPI`s software with real and scaled time Real Time: Active Time < Control Cycle =>We wait a lot of time for an idle SUT Scaled Time:  Activities (inputs, computations, outputs) can not be scaled  Finding a time factor such that activities of an SUT and a test system still fit into a scaled control cycle =>difficult, time consuming and error prone  Even if we have determined the factor, it is still not optimal!

Simulated time:  Time is modeled by a discrete logical clock  Actions are instantaneous => time progression has the least priority Why simulated time is adequate for testing VPI`s software:  VPI`s environment is continuous But VPI`s software takes one snapshot of environment per cycle => discrete system  Length of a control cycle is fixed  Max computation time < Min reaction time =>Time spent on the computations is negligible compared to durations of normal events Testing VPI`s software with simulated time

A TTCN-3 test system All entities of a TTCN-3 test system should agree on simulated time Time may progress only if the system is idle We need a mechanism that  detects system`s idleness and  progresses time if idleness is detected

Idleness detection Global idleness: A TTCN-3 system is idle if all the entities of the system are idle Local idleness: An entity of the system is idle if it can not proceed by performing computations, or by receiving/sending messages or by producing/consuming timeouts =>The system is idle iff all entities are in idle state and there are no messages/timeouts pending. We extend Dijkstra’s distributed termination algorithm to detect idleness

Simulated time in TTCN-3 Idleness Handler detects idleness of an entity (local idleness) Time Manager  initiates idleness detection,  detects idleness of the system (global idleness),  triggers time progression if global idleness is detected

Time Manager Initiates idleness detection by sending a token consisting of a global message counter and a global flag along the ring. Initially, global message counter is 0 and the global flag has value IDLE_TAG. If time manager receives the token back with the global message counter equal to 0 and the global flag equal to IDLE_TAG, it detects global idleness. Otherwise, time manager repeats idleness detection. If global idleness is detected, time manager progresses time by sending the token with flag TICK_TAG and restarts idleness detection in the next time slice

Idleness Hanlder

Transformation of TTCN-3 test components Each test component gets a port for communication with its idleness handler. Every TTCN-3 blocking operation is preceded by sending ``IDLE`` to an idleness handler (IH). A receive statement is followed by sending ``RECV`` to an IH. A send statement is followed by sending ``SEND`` to an IH. A timeout statement is followed by sending ``ACTIVATE`` to IH. Sending ``RECV``, ``IDLE``, ``SEND``, ``ACTIVATE`` are followed by receiving of an acknowledgement from an IH. Receiving an acknowledgement for ``ACTIVATE`` is followed by stopping the timer which timeout has caused ``ACTIVATE``.

 We have provided a solution for simulated time in TTCN-3.  The solution can be used for other systems similar to VPIs.  The solution has been used to test VPI`s software for Betuwelijn station Future work  Optimization of the current solution  Extension for dynamic reconfiguration and distributed testing  Proposals for introducing simulated time into the TTCN-3 standard Conclusion