Presentation is loading. Please wait.

Presentation is loading. Please wait.

Interface-based Design of Embedded Systems Thomas A. Henzinger University of California, Berkeley.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Interface-based Design of Embedded Systems Thomas A. Henzinger University of California, Berkeley."— Presentation transcript:

1 Interface-based Design of Embedded Systems Thomas A. Henzinger University of California, Berkeley

2 Interface-based Design

3

4

5

6 Compositional Component Models If A||B is defined and A  a and B  b, then a||b is defined and A||B  a||b. enable independent component verification Compositional Interface Models If a||b is defined and A  a and B  b, then A||B is defined and A||B  a||b. enable independent interface implementation

7 x  Nat  y  Nat\{0}  z = x  y A Component Model x  Nat  y  Nat\{0}  z  Nat An Interface Model -constrains the environment -example: type declaration -(mis)behaves in every environment -examples: circuit; executable code

8  x,y.  z. ( x  Nat  y  Nat\{0}  z = x  y ) The Component Model input-universal (adversarial environment)  x,y.  z. ( x  Nat  y  Nat\{0}  z  Nat ) The Interface Model input-existential (helpful environment)

9 The Interface Model x  Nat y  Nat\{0} z  Nat Prescriptive: “How can the component be put together with other components?” Input assumptionOutput guarantee

10 x y z x=0  y=0 true Propagation of Environment Constraints

11 x y z x=0  y=0 true Propagation of Environment Constraints

12 x y z x=0  y=0 true y = 0  x,z. ( true  x=z  ( x=0  y=0 )) Propagation of Environment Constraints

13 y z true y = 0 The resulting interface. Propagation of Environment Constraints

14 y z true y = 0 Illegal connection. Propagation of Environment Constraints

15 Stateless interface models (traditional “types”): value constraints Stateful interface models (“behavioral types”): temporal ordering constraints, real-time constraints, etc. open_file? close_file? get_block? get_blockclose_fileopen_file put_block! put_block

16 a! b! a? b? a b

17 a! b! a? ?

18 a! b! a? A Component Model: I/O Automata This is an illegal component, because it is not prepared to accept input b. [ Lynch, also Lamport, Alur/H ]

19 a! b! a? a Another Component Model: CSP Composition may lead to deadlocks, and requires verification if this is undesirable. [ Hoare, also Milner, Harel ]

20 a! b! a? An Interface Model: Interface Automata These interfaces are incompatible, because the receiver expects the environment to provide input b. [ de Alfaro/H, also Dill ]

21 Component Models -composition || is conjunction/product -abstraction  is covariant Interface Models -composition || is game-theoretic -implementation  is contravariant

22 2 2 4042 msg?send! nack?fail! ok!ack? acksend msgfailok ack?

23 2 2 4042 msg?send! fail! ok!ack? send msgfailok msg! ok? msgokfail ack? ack

24 2 4042 msgsend! fail! okack? acksend Incompatible product state, but environment can prevent this state. ack?

25 2 4042 msgsend! fail! okack? send The Composite Interface. ack? ack

26 44 send! send The Composite Interface. ack? ack send!

27 Computing the Composite Interface 1.Construct product automaton. 2.Mark deadlock states as incompatible. 3.Until no more incompatible states can be added: mark state q as incompatible if the environment cannot prevent an incompatible state to be entered from q. 4.If the initial state is incompatible, then the two interfaces are incompatible. Otherwise, the composite interface is the product automaton without the incompatible states. This computes the states from which the environment has a strategy to avoid deadlock. The propagated environment constraint is that it will apply such a strategy.

28 x  Odd  y = 2x x  Nat y y = 2x y Component Abstraction Abstraction is implication (simulation; trace containment). x  Nat  

29 x  Odd Interface Implementation Implementation is I/O contravariant. x  Nat    x  Even

30 x  Nat Interface Implementation Implementation must obey output guarantee. x  Nat    x  Oddx  Nat X X

31 Interface Implementation Implementation must accept all permissible inputs. x  Even    x  Nat X X

32 2 2 4042 msg?send! fail! ok!ack? acksend msgfailok ack?

33 2 2 4042 msg?send! fail! ok!ack? acksend msgfailok 1 1 6061 msg?send! fail! ok!ack? acksend msgfailok 28 send!once? 2 2 fail! ok!ack? once  ack?

34 Alternating Simulation Q  q iff 1. for all inputs i, if q –i?-> q’, then there exists Q’ such that Q –i?-> Q’ and Q’  q’, and 2. for all outputs o, if Q –o!-> Q’, then there exists q’ such that q –o!-> q’ and Q’  q’. If there is a helpful environment at q, then there is a helpful environment at Q [Alur/H/Kupferman/Vardi].

35 Algorithms & Tools -interface compatibility (reachability game) can be checked in linear time -interface implementation (alternating simulation) can be checked in quadratic time We are currently implementing this in JBuilder [Chakrabarti/de Alfaro/H/Jurdzinski/Mang].

Download ppt "Interface-based Design of Embedded Systems Thomas A. Henzinger University of California, Berkeley."

Similar presentations

Model Checking Lecture 2. Three important decisions when choosing system properties: 1automata vs. logic 2branching vs. linear time 3safety vs. liveness.

Model Checking Lecture 2. Three important decisions when choosing system properties: 1automata vs. logic 2branching vs. linear time 3safety vs. liveness.
Interface Theories in Practice Luca de Alfaro UC Santa Cruz GDV 2006.

Interface Theories in Practice Luca de Alfaro UC Santa Cruz GDV 2006.
An improved on-the-fly tableau construction for a real-time temporal logic Marc Geilen 12 July 2003 /e.

An improved on-the-fly tableau construction for a real-time temporal logic Marc Geilen 12 July 2003 /e.
Interface Theories With Component Reuse Laurent DoyenEPFL Thomas HenzingerEPFL Barbara JobstmannEPFL Tatjana PetrovEPFL.

Interface Theories With Component Reuse Laurent DoyenEPFL Thomas HenzingerEPFL Barbara JobstmannEPFL Tatjana PetrovEPFL.
Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:

Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:
Interface-based design Philippe Giabbanelli CMPT 894 – Spring 2008.

Interface-based design Philippe Giabbanelli CMPT 894 – Spring 2008.
Sensor Network Platforms and Tools

Sensor Network Platforms and Tools
CIS 540 Principles of Embedded Computation Spring 2015 Instructor: Rajeev Alur

CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur
Fault-Tolerant Real-Time Networks Tom Henzinger UC Berkeley MURI Kick-off Workshop Berkeley, May 2000.

Fault-Tolerant Real-Time Networks Tom Henzinger UC Berkeley MURI Kick-off Workshop Berkeley, May 2000.
EECS 20 Lecture 38 (April 27, 2001) Tom Henzinger Review.

EECS 20 Lecture 38 (April 27, 2001) Tom Henzinger Review.
Overview of PTIDES Project

Overview of PTIDES Project
Interface Automata 29-September-2011. Modeling Temporal Behavior of Component Component behaves with Environment Traditional (pessimistic) approach –

Interface Automata 29-September Modeling Temporal Behavior of Component Component behaves with Environment Traditional (pessimistic) approach –
Convertibility Verification and Converter Synthesis: Two Faces of the Same Coin Jie-Hong Jiang EE249 Discussion 11/21/2002 Passerone et al., ICCAD ’ 02.

Convertibility Verification and Converter Synthesis: Two Faces of the Same Coin Jie-Hong Jiang EE249 Discussion 11/21/2002 Passerone et al., ICCAD ’ 02.
STARI: A Case Study in Compositional and Hierarchical Timing Verification Serdar Tasiran, Prof. Robert K. Brayton Department of Electrical Engineering.

STARI: A Case Study in Compositional and Hierarchical Timing Verification Serdar Tasiran, Prof. Robert K. Brayton Department of Electrical Engineering.
Advanced Tool Architectures Supporting Interface-Based Design

Advanced Tool Architectures Supporting Interface-Based Design
Type System, March 12, 2002 - 1 Data Types and Behavioral Types Yuhong Xiong Edward A. Lee Department of Electrical Engineering and Computer Sciences University.

Type System, March 12, Data Types and Behavioral Types Yuhong Xiong Edward A. Lee Department of Electrical Engineering and Computer Sciences University.
Models and Theory of Computation (MTC) EPFL Dirk Beyer, Jasmin Fisher, Nir Piterman Simon Kramer: Logic for cryptography Marc Schaub: Models for biological.

Models and Theory of Computation (MTC) EPFL Dirk Beyer, Jasmin Fisher, Nir Piterman Simon Kramer: Logic for cryptography Marc Schaub: Models for biological.
Department of Electrical Engineering and Computer Sciences University of California at Berkeley Behavioral Types for Actor-Oriented Design Edward A. Lee.

Department of Electrical Engineering and Computer Sciences University of California at Berkeley Behavioral Types for Actor-Oriented Design Edward A. Lee.
Behavioral Types as Interface Definitions for Concurrent Components Center for Hybrid and Embedded Software Systems Edward A. Lee Professor UC Berkeley.

Behavioral Types as Interface Definitions for Concurrent Components Center for Hybrid and Embedded Software Systems Edward A. Lee Professor UC Berkeley.
02/02/20091 Logic devices can be classified into two broad categories Fixed Programmable Programmable Logic Device Introduction Lecture Notes – Lab 2.

02/02/20091 Logic devices can be classified into two broad categories Fixed Programmable Programmable Logic Device Introduction Lecture Notes – Lab 2.

Similar presentations

Ads by Google