Presentation is loading. Please wait.

Presentation is loading. Please wait.

© 2012 Carnegie Mellon University Compositional Sequentialization of Periodic Programs Sagar Chaki 1, Arie Gurfinkel 1, Soonho Kong 2, Ofer Strichman 3.

Published byGwen Tucker Modified over 10 years ago

Similar presentations

Presentation on theme: "© 2012 Carnegie Mellon University Compositional Sequentialization of Periodic Programs Sagar Chaki 1, Arie Gurfinkel 1, Soonho Kong 2, Ofer Strichman 3."— Presentation transcript:

1 © 2012 Carnegie Mellon University Compositional Sequentialization of Periodic Programs Sagar Chaki 1, Arie Gurfinkel 1, Soonho Kong 2, Ofer Strichman 3 Jan 22, 2013 1 Software Engineering Institute, CMU 2 Computer Science Department, CMU 3 Technion, Israel Institute of Technology TexPoint fonts used in EMF. Read the TexPoint manual before you delete this box.: AAAAAA A A A AA

2 2 Verifying Periodic Real-Time Software Chaki, Gurfinkel, Strichman © 2012 Carnegie Mellon University Time-Bounded Verification of Periodic Programs Periodic Program Collection of periodic tasks Execute concurrently with fixed-priority scheduling Priorities respect RMS Communicate through shared memory Synchronize through preemption and priority ceiling locks Time-Bounded Verification Assertion A violated within X ms of a system’s execution from initial state I? A, X, I are user specified Time bounds map naturally to program’s functionality (e.g., air bags) Assumptions System is schedulable WCET of each task is given

3 3 Verifying Periodic Real-Time Software Chaki, Gurfinkel, Strichman © 2012 Carnegie Mellon University Motivation: Real-Time Embedded Systems Avionics Mission System * Rate Monotonic Scheduling (RMS) * Locke, Vogel, Lucas, and Goodenough. “Generic Avionics Software Specification”. SEI/CMU Technical Report CMU/SEI-90-TR-8-ESD-TR-90-209, December, 1990 TaskPeriod weapon release10ms radar tracking40ms target tracking40ms aircraft flight data50ms display50ms steering80ms

4 4 Verifying Periodic Real-Time Software Chaki, Gurfinkel, Strichman © 2012 Carnegie Mellon University Periodic Program (PP) An N-task periodic program PP is a set of tasks {  1, …,  N } A task  is a tuple  I, T, P, C, A , where I is a task identifier T is a task body (i.e., code) P is a period C is the worst-case execution time A is the release time: the time at which task becomes first enabled Semantics of PP is given by an asynchronous concurrent program: Hyper-period = Least Common Multiple of all periods Program is harmonic if periods are multiples of each other k i = 0; while (Wait( i, k i )) T i (); k i = k i + 1; k i = 0; while (Wait( i, k i )) T i (); k i = k i + 1; parallel execution w/ priorities parallel execution w/ priorities blocks task i until next arrival time blocks task i until next arrival time

5 5 Verifying Periodic Real-Time Software Chaki, Gurfinkel, Strichman © 2012 Carnegie Mellon University Time Bounded Semantics of Periodic Program Assumptions (A1) Time window W is divisible by the hyper-period (i.e., W | H ) (A2) Each task arrives in time to complete in 1 st period (i.e., A i + RT i  P i ) The time bound imposes a natural bound on # of jobs: J i = W / P i Time-Bounded Semantics of PP is Job-Bounded Abstraction Abstracts away time Approximates Wait() by a non-deterministic delay Preserves logical (time-independent) properties! k i = 0; while (k i < J i && Wait( i, k i )) T i (); k i = k i + 1; k i = 0; while (k i < J i && Wait( i, k i )) T i (); k i = k i + 1;

6 6 Verifying Periodic Real-Time Software Chaki, Gurfinkel, Strichman © 2012 Carnegie Mellon University Our tool: REK Supports C programs w/ tasks, priorities, priority ceiling protocol, shared variables Works in two stages: 1.Sequentialization – reduction to sequential program w/ prophecy variables 2.Bounded program analysis: CBMC, HAVOC, others SequentializationAnalysis Periodic Program in C Sequential ProgramOK BUG + CEX Periods, WCETs, Initial Condition, Time bound Contribution 1: Compositional Sequentialization – allows fewer interleavings between tasks and shorter counterexamples without losing soundness Contribution 2: Empirical evaluation showing improvement Uses non-determinism (prophecy variables) to allow all possible interleavings between jobs

7 7 Verifying Periodic Real-Time Software Chaki, Gurfinkel, Strichman © 2012 Carnegie Mellon University Example: A Harmonic PP 4 8 1216 DEFG BC A 22 TaskWCET (C i ) Period (P i ) Arrival Time (A i ) 22 140 11 280 00 5160 00 11 3 processors

8 8 Verifying Periodic Real-Time Software Chaki, Gurfinkel, Strichman © 2012 Carnegie Mellon University Example: One Task Schedule 4 8 1216 DEFG BC AAA 22 00 11 1 processor TaskWCET (C i ) Period (P i ) Arrival Time (A i ) 22 140 11 280 00 5160

9 9 Verifying Periodic Real-Time Software Chaki, Gurfinkel, Strichman © 2012 Carnegie Mellon University Compositional sequentialization Leverages two types of temporal separation between jobs Intra-Hyper-Period Between jobs within the same hyper-period Prevents certain jobs in the same hyper-period from interleaving based on their priorities, arrival times, and worst-case execution times Inter-Hyper-Period Between jobs across different hyper-periods Prevents interleaving between jobs from different hyper-periods Relies on assumption A2, which guarantees that all jobs in hyper-period i complete before any job in hyper-period (i+1) starts.

10 10 Verifying Periodic Real-Time Software Chaki, Gurfinkel, Strichman © 2012 Carnegie Mellon University Intra-Hyper-Period Temporal Separation Monolithic Sequentialization (FMCAD11) (A) || (B;C) || (D;E;F;G) Monolithic Sequentialization (FMCAD11) (A) || (B;C) || (D;E;F;G) D starts and finishes before B B starts and finishes before A G starts and finished after every other job Compositional Sequentialization (VMCAI13) D;B; (A || (E;F;C)); G Compositional Sequentialization (VMCAI13) D;B; (A || (E;F;C)); G F starts and finishes before C E starts and finishes before F

11 11 Verifying Periodic Real-Time Software Chaki, Gurfinkel, Strichman © 2012 Carnegie Mellon University Inter-Hyper-Period Temporal Separation Monolithic Sequentialization (FMCAD11) (A;A) || (B;C;B;C) || (D;E;F;G; D;E;F;G) Monolithic Sequentialization (FMCAD11) (A;A) || (B;C;B;C) || (D;E;F;G; D;E;F;G) Under assumptions A1 and A2, All HP1 jobs end before any HP2 job starts Compositional Sequentialization (VMCAI13) D;B; (A || (E;F;C)); G ; D;B; (A || (E;F;C)); G Compositional Sequentialization (VMCAI13) D;B; (A || (E;F;C)); G ; D;B; (A || (E;F;C)); G HP1HP2

12 12 Verifying Periodic Real-Time Software Chaki, Gurfinkel, Strichman © 2012 Carnegie Mellon University Partition Execution into Rounds Execution starts in round 0 A round ends, and a new one begins, each time a job finishes # rounds == # of jobs DEFG BC AAA 22 00 11 0 Rounds 123456 4 8 1216

13 13 Verifying Periodic Real-Time Software Chaki, Gurfinkel, Strichman © 2012 Carnegie Mellon University Compositional Sequentialization Sequential Program for execution of R rounds: 1.for each global variable g, let g[i] be the value of g in round i 2.(ScheduleJobs) choose for each job j – start round: start[j] – end round: end[j] 3.(RunJobs) execute job bodies sequentially – in some well-defined total order – for global variables, use g[i] instead of g when running in round i – non-deterministically decide where to context switch – at a context switch jump to a new round (cannot preempt a higher task) 4.(CheckAssumptions) check that initial value of round i+1 is the final value of round i 5.(CheckAssertions) check user assertions Constrained by /, ", @ Done as soon as job ending at round i is over. Done as soon as job (containing the assertion) and step 4 are over. Ordered by @ Define three job orderings based on priorities, WCET, and arrival time: /, ", @

14 14 Verifying Periodic Real-Time Software Chaki, Gurfinkel, Strichman © 2012 Carnegie Mellon University Job Ordering J 1 / J 2  (¼(J 1 ) · ¼(J 2 ) Æ D(J 1 ) · D(J 2 )) Ç (¼(J 1 ) > ¼(J 2 ) Æ A(J 1 ) · A(J 2 )) J 1 completes before J 2 starts J 1 " J 2  (¼(J 1 ) < ¼(J 2 ) Æ A(J 1 ) < A(J 2 ) < D(J 1 )) J 1 “could be” (due to WCET) preempted by J 2 J 1 @ J 2  (J 1 / J 2 ) Ç (J 1 " J 2 ) Total order: lexicographic by (A,-¼) (see Lemma 1) Priority Departure Time Arrival Time

15 15 Verifying Periodic Real-Time Software Chaki, Gurfinkel, Strichman © 2012 Carnegie Mellon University Compositional Sequentialization: ScheduleJobs

16 16 Verifying Periodic Real-Time Software Chaki, Gurfinkel, Strichman © 2012 Carnegie Mellon University Case Study: A Metal Stamping Robot a.k.a. LEGO Turing Machine Image courtesy of Taras Kowaliw http://www.youtube.com/watch?v=teDyd0d5M4o

17 17 Verifying Periodic Real-Time Software Chaki, Gurfinkel, Strichman © 2012 Carnegie Mellon University Turing Machine: Task Structure

18 18 Verifying Periodic Real-Time Software Chaki, Gurfinkel, Strichman © 2012 Carnegie Mellon University When writer flips a bit, the tape motor and read motor should stop. Controller Task Writer Task An Example Property

19 19 Verifying Periodic Real-Time Software Chaki, Gurfinkel, Strichman © 2012 Carnegie Mellon University NXTway-GS: a 2 wheeled self-balancing robot Original: nxt (2 tasks) balancer (4ms) – Keeps the robot upright and responds to BT commands obstacle (50ms) – monitors sonar sensor for obstacle and communicates with balancer to back up the robot Ours: aso (3 tasks) balancer as above but no BT obstacle as above bluetooth (100ms) – responds to BT commands and communicates with the balancer Verified consistency of communication between tasks

20 20 Verifying Periodic Real-Time Software Chaki, Gurfinkel, Strichman © 2012 Carnegie Mellon University Results: Turing Machine 400x speedup Timeout (1 day)success

21 21 Verifying Periodic Real-Time Software Chaki, Gurfinkel, Strichman © 2012 Carnegie Mellon University Results: Self-Balancing Robot

22 22 Verifying Periodic Real-Time Software Chaki, Gurfinkel, Strichman © 2012 Carnegie Mellon University Results: Self-Balancing Robot

23 23 Verifying Periodic Real-Time Software Chaki, Gurfinkel, Strichman © 2012 Carnegie Mellon University Related Work Sequentialization of Concurrent Programs (Lal & Reps ‘08, and others) Context Bounded Analysis of concurrent programs via sequentialization Arbitrary concurrent software Non-deterministic round robin scheduler Preserve executions with bounded number of thread preemptions Allow for arbitrary number of preemptions between tasks Sequentialization of Periodic Programs (Kidd, Jagannathan, Vitek ’10) Same setting as this work Alternative sol’n: replace preemptions by non-deterministic function calls Additionally, supports recursion and inheritance locks No publicly available implementation – would be interesting to compare Verification of Time Properties of (Models of) Real Time Embedded Systems

24 24 Verifying Periodic Real-Time Software Chaki, Gurfinkel, Strichman © 2012 Carnegie Mellon University Conclusion Past (FMCAD’11) Time Bounded Verification of Periodic C Programs Small (but hard) toy programs Reader/Writer protocols (with locks and lock-free versions) A robot controller for LEGO MINDSTORM from nxtOSEK examples Present (VMCAI’13) Taking into account additional timing constraints for improved scheduling – arrival times, harmonicity, etc. A Lego Metal Stamping Robot (a.k.a. Turing Machine) http://www.andrew.cmu.edu/~arieg/Rek (look for Turing Machine demo)http://www.andrew.cmu.edu/~arieg/Rek Current Work Verification without the time bound Back-End Verification engine Abstraction / Refinement Additional communication and synchronization – Priority-inheritance locks, message passing Modeling physical aspects (i.e., environment) more faithfully More Case studies and model problems

25 25 Verifying Periodic Real-Time Software Chaki, Gurfinkel, Strichman © 2012 Carnegie Mellon University This material is based upon work funded and supported by the Department of Defense under Contract No. FA8721-05-C-0003 with Carnegie Mellon University for the operation of the Software Engineering Institute, a federally funded research and development center. NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN “AS-IS” BASIS. CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. This material has been approved for public release and unlimited distribution. This material may be reproduced in its entirety, without modification, and freely distributed in written or electronic form without requesting formal permission. Permission is required for any other use. Requests for permission should be directed to the Software Engineering Institute at permission@sei.cmu.edu.permission@sei.cmu.edu Carnegie Mellon® is registered in the U.S. Patent and Trademark Office by Carnegie Mellon University. DM-0000142

26 © 2012 Carnegie Mellon University QUESTIONS? http://www.andrew.cmu.edu/~arieg/Rek Sagar Chaki [chaki@sei.cmu.edu]

Download ppt "© 2012 Carnegie Mellon University Compositional Sequentialization of Periodic Programs Sagar Chaki 1, Arie Gurfinkel 1, Soonho Kong 2, Ofer Strichman 3."

Similar presentations

Chapter 7 - Resource Access Protocols (Critical Sections) Protocols: No Preemptions During Critical Sections Once a job enters a critical section, it cannot.

Chapter 7 - Resource Access Protocols (Critical Sections) Protocols: No Preemptions During Critical Sections Once a job enters a critical section, it cannot.
Carnegie Mellon University Software Engineering Institute CERT® Knowledgebase Copyright © 1997 Carnegie Mellon University VU#14202 UNIX rlogin with stack.

Carnegie Mellon University Software Engineering Institute CERT® Knowledgebase Copyright © 1997 Carnegie Mellon University VU#14202 UNIX rlogin with stack.
© 2013 Carnegie Mellon University UFO: From Underapproximations to Overapproximations and Back! Arie Gurfinkel (SEI/CMU) with Aws Albarghouthi and Marsha.

© 2013 Carnegie Mellon University UFO: From Underapproximations to Overapproximations and Back! Arie Gurfinkel (SEI/CMU) with Aws Albarghouthi and Marsha.
A Hierarchical Co-ordination Language for Interacting Real-time Tasks Arkadeb Ghosal, UC Berkeley Thomas A. Henzinger, EPFL Daniel Iercan, Politehnica

A Hierarchical Co-ordination Language for Interacting Real-time Tasks Arkadeb Ghosal, UC Berkeley Thomas A. Henzinger, EPFL Daniel Iercan, "Politehnica"
1 1 Regression Verification for Multi-Threaded Programs Sagar Chaki, SEI-Pittsburgh Arie Gurfinkel, SEI-Pittsburgh Ofer Strichman, Technion-Haifa Originally.

1 1 Regression Verification for Multi-Threaded Programs Sagar Chaki, SEI-Pittsburgh Arie Gurfinkel, SEI-Pittsburgh Ofer Strichman, Technion-Haifa Originally.
© 2011 Carnegie Mellon University SPIN: Part 1 15-414/614 Bug Catching: Automated Program Verification Sagar Chaki April 21, 2014.

© 2011 Carnegie Mellon University SPIN: Part /614 Bug Catching: Automated Program Verification Sagar Chaki April 21, 2014.
© 2011 Carnegie Mellon University System of Systems V&V John B. Goodenough October 19, 2011.

© 2011 Carnegie Mellon University System of Systems V&V John B. Goodenough October 19, 2011.
© 2010 Carnegie Mellon University B OXES : A Symbolic Abstract Domain of Boxes Arie Gurfinkel and Sagar Chaki Software Engineering Institute Carnegie Mellon.

© 2010 Carnegie Mellon University B OXES : A Symbolic Abstract Domain of Boxes Arie Gurfinkel and Sagar Chaki Software Engineering Institute Carnegie Mellon.
© 2013 Carnegie Mellon University Academy for Software Engineering Education and Training, 2013 Session Architect: Tony Cowling Session Chair: Nancy Mead.

© 2013 Carnegie Mellon University Academy for Software Engineering Education and Training, 2013 Session Architect: Tony Cowling Session Chair: Nancy Mead.
© 2011 Carnegie Mellon University Time Bounded Analysis of Real-Time Systems Arie Gurfinkel, Sagar Chaki, and Ofer Strichman Software Engineering Institute.

© 2011 Carnegie Mellon University Time Bounded Analysis of Real-Time Systems Arie Gurfinkel, Sagar Chaki, and Ofer Strichman Software Engineering Institute.
© 2012 Carnegie Mellon University UFO: Verification with Interpolants and Abstract Interpretation Arie Gurfinkel and Sagar Chaki Software Engineering Institute.

© 2012 Carnegie Mellon University UFO: Verification with Interpolants and Abstract Interpretation Arie Gurfinkel and Sagar Chaki Software Engineering Institute.
Chapter 5 CPU Scheduling. CPU Scheduling Topics: Basic Concepts Scheduling Criteria Scheduling Algorithms Multiple-Processor Scheduling Real-Time Scheduling.

Chapter 5 CPU Scheduling. CPU Scheduling Topics: Basic Concepts Scheduling Criteria Scheduling Algorithms Multiple-Processor Scheduling Real-Time Scheduling.
© 2013 Carnegie Mellon University Static Analysis of Real-Time Embedded Systems with REK Arie Gurfinkel 1 joint work with Sagar Chaki 1, Ofer Strichman.

© 2013 Carnegie Mellon University Static Analysis of Real-Time Embedded Systems with REK Arie Gurfinkel 1 joint work with Sagar Chaki 1, Ofer Strichman.
© Katz, 2003 Formal Specifications of Complex Systems-- Real-time 1 Adding Real-time to Formal Specifications Formal Specifications of Complex Systems.

© Katz, 2003 Formal Specifications of Complex Systems-- Real-time 1 Adding Real-time to Formal Specifications Formal Specifications of Complex Systems.
CPSC 668Set 16: Distributed Shared Memory1 CPSC 668 Distributed Algorithms and Systems Fall 2006 Prof. Jennifer Welch.

CPSC 668Set 16: Distributed Shared Memory1 CPSC 668 Distributed Algorithms and Systems Fall 2006 Prof. Jennifer Welch.
Chess Review May 11, 2005 Berkeley, CA Composable Code Generation for Distributed Giotto Tom Henzinger Christoph Kirsch Slobodan Matic.

Chess Review May 11, 2005 Berkeley, CA Composable Code Generation for Distributed Giotto Tom Henzinger Christoph Kirsch Slobodan Matic.
© 2011 Carnegie Mellon University Should-Cost: A Use for Parametric Estimates Additional uses for estimation tools Presenters:Bob Ferguson (SEMA) Date:November.

© 2011 Carnegie Mellon University Should-Cost: A Use for Parametric Estimates Additional uses for estimation tools Presenters:Bob Ferguson (SEMA) Date:November.
USER LEVEL INTERPROCESS COMMUNICATION FOR SHARED MEMORY MULTIPROCESSORS Presented by Elakkiya Pandian CS 533 OPERATING SYSTEMS – SPRING 2011 Brian N. Bershad.

USER LEVEL INTERPROCESS COMMUNICATION FOR SHARED MEMORY MULTIPROCESSORS Presented by Elakkiya Pandian CS 533 OPERATING SYSTEMS – SPRING 2011 Brian N. Bershad.
© Katz, 2007 Formal Specifications of Complex Systems-- Real-time 1 Adding Real-time to Formal Specifications Formal Specifications of Complex Systems.

© Katz, 2007 Formal Specifications of Complex Systems-- Real-time 1 Adding Real-time to Formal Specifications Formal Specifications of Complex Systems.
5: CPU-Scheduling1 Jerry Breecher OPERATING SYSTEMS SCHEDULING.

5: CPU-Scheduling1 Jerry Breecher OPERATING SYSTEMS SCHEDULING.

Similar presentations

Ads by Google