Presentation is loading. Please wait.

Presentation is loading. Please wait.

Formal Methods Automatic Validation and Verification Tools

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Formal Methods Automatic Validation and Verification Tools"— Presentation transcript:

1 Formal Methods Automatic Validation and Verification Tools Kim Guldstrand Larsen Institute of Computer Science Aalborg University Formal Methods seems to be finding its way into industrial software engineering practice. In particular, methods based on fully automatic verification tools have for a long time been established practice for hardware designs. Today, an increasing number of (commercial) tools offering automatic verification support for industrial designs of embedded systems, real-time systems, and communication protocols are emerging. The scalability of these tools has been significantly improved due to recent, scientific advances in the underlying algorithmic techniques, which have allowed for large industrial applications to be verified. The talk will present the tool UPPAAL, a tool suite for validating and verifying real-time system models. The tool has been developed since 1995 in collaboration between Aalborg and Uppsala Universities. The presentation will be based on on-line demonstration and survey the industrial applications of UPPAAL. The final part of the talk will address the tool visualSTATE, a commercial tool for automatic validation and verification of embedded system models In addition visualSTATE allows for automatic generation of efficient code for a number of platforms. Resent collaboration between visualSTATE, and DTU has resulted in truely significant advances in the size of systems which may be dealt with. Tools & Cases UPPAAL2k Kim Guldstrand Larsen Paul Pettersson Mogens Nielsen

2 Hybrid & Real Time Systems
Control Theory Computer Science sensors Task Task Task Task actuators Controller Program Discrete Plant Continuous Eg.: Pump Control Air Bags Robots Cruise Control ABS CD Players Production Lines Real Time System A system where correctness not only depends on the logical order of events but also on their timing!!

3 Validation & Verification Construction of UPPAAL models
Controller Program Discrete Plant Continuous sensors Task Task Task Task Model of tasks (automatic?) actuators Model of environment (user-supplied) 1 2 4 3 a c b 1 2 4 3 1 2 4 3 a c b 1 2 4 3 a c b UPPAAL Model

4 Real Timed Model Checking
History System Description Timed Automata A Yes! Model Checker UPPAAL A sat F No! Diagnostic Information Requirement Specification F 89 90 93 94 95 97 98 99 Epsilon TAB Regions Timed Automata Decidability HyTech Polyhedra UPPAAL Kronos Zones, DBM Minimal Constraints UPPAAL2k CDDs

5 UPPAAL UPPAAL 2.02 First official release with Graphical Simulator/Validator 1994 1995 Every 9 month 10 times better performance! 1996 UPPAAL 2.17 1997 1998 1999 2k Dec’96 Sep’98

6 Collaborators @UPPsala @AALborg @Elsewhere Wang Yi Johan Bengtsson
Paul Pettersson Fredrik Larsson Alexandre David Tobias Amnell @AALborg Kim G Larsen Arne Skou Paul Pettersson Carsten Weise Kåre J Kristoffersen Gerd Behrman Thomas Hune @Elsewhere Franck Cassez, Magnus Lindahl, Francois Laroussinie, Patricia Bouyer, Augusto Burgueno, David Griffioen, Ansgar Fehnker, Frits Vandraager, Klaus Havelund, Theo Ruys, Pedro D’Argenio, J-P Katoen, J. Tretmans, H. Bowmann, D. Latella, M. Massink, G. Faconti, Kristina Lundqvist, Lars Asplund, Justin Pearson...

7 Alur, Dill 1990 TIMED AUTOMATA

8 The UPPAAL Model = Networks of Timed Automata + Integer Variables +….
x>=2 i==3 y<=4 …………. Two-way synchronization on complementary actions. Closed Systems! a! a? x := 0 i:=i+4 l2 m2 Example transitions (l1, m1,………, x=2, y=3.5, i=3,…..) (l2,m2,……..,x=0, y=3.5, i=7,…..) (l1,m1,………,x=2.2, y=3.7, I=3,…..) tau 0.2 If a URGENT CHANNEL

9 UPPAAL & LEGO MINDSTORM DEMO

10 LEGO Mindstorms/RCX Sensors: temperature, light, rotation, pressure.
Actuators: motors, lamps, Virtual machine: 10 tasks, 4 timers, 16 integers. Several Programming Languages: NotQuiteC, Mindstorm, Robotics, legOS, etc. 3 output ports 1 infra-red port 3 input ports

11 LEGO Mindstorms/RCX LEGO bricks!!! SIDMAR Steel Plant Production Cell

12 First UPPAAL model Sorting of Lego Boxes
Ken Tindell Piston Boxes eject remove 99 Conveyer Belt Red 9 18 81 90 Blck Rd Controller MAIN PUSH Black Exercise: Design Controller so that only black boxes are being pushed out

13 NQC programs int active; int DELAY; int LIGHT_LEVEL; task MAIN{
Sensor(IN_1, IN_LIGHT); Fwd(OUT_A,1); Display(1); start PUSH; while(true){ wait(IN_1<=LIGHT_LEVEL); ClearTimer(1); active=1; PlaySound(1); wait(IN_1>LIGHT_LEVEL); } task PUSH{ while(true){ wait(Timer(1)>DELAY && active==1); active=0; Rev(OUT_C,1); Sleep(8); Fwd(OUT_C,1); Sleep(12); Off(OUT_C); }

14 UPPAAL Demo IDA foredrag

15 From RCX to UPPAAL Model includes Round-Robin Scheduler.
Compilation of RCX tasks into TA models. Presented at ECRTS 2000 (yesterday) in Stockholm. Task MAIN

16 Case Studies IDA foredrag

17 Case Studies: Protocols
Philips Audio Protocol [HS’95, CAV’95, RTSS’95, CAV’96] Collision-Avoidance Protocol [SPIN’95] Bounded Retransmission Protocol [TACAS’97] Bang & Olufsen Audio/Video Protocol [RTSS’97] TDMA Protocol [PRFTS’97] Lip-Synchronization Protocol [FMICS’97] Multimedia Streams [DSVIS’98] ATM ABR Protocol [CAV’99] ABB Fieldbus Protocol [ECRTS’2k] IEEE 1394 Firewire Root Contention (2000)

18 Case-Studies: Controllers
Gearbox Controller [TACAS’98] Bang & Olufsen Power Controller [RTPS’99,FTRTFT’2k] SIDMAR Steel Production Plant [RTCSA’99, DSVV’2k] Real-Time RCX Control-Programs [ECRTS’2k] Experimental Batch Plant (2000) RCX Production Cell (2000)

19 The Soldiers Problem Real time scheduling
UNSAFE SAFE Mines 5 10 25 20 At most 2 crossing at a time Need torch Can they make it within 60 minutes ?

20 Steel Production Plant
Crane A A. Fehnker, T. Hune, K. G. Larsen, P. Pettersson Case study of Esprit-LTR project VHS Physical plant of SIDMAR located in Gent, Belgium. Part between blast furnace and hot rolling mill. Objective: model the plant, obtain schedule and control program for plant. Machine 1 Machine 2 Machine 3 Lane 1 Machine 4 Machine 5 Lane 2 Buffer Crane B Storage Place Continuos Casting Machine

21 Steel Production Plant
Crane A Input: sequence of steel loads (“pigs”). Machine 1 Machine 2 Machine 3 Lane 1 Machine 4 Machine 5 Lane 2 Load follows Recipe to become certain quality, e.g: start; end within 120. Buffer Crane B Storage Place Continuos Casting Machine Output: sequence of higher quality steel.

22 Steel Production Plant
Crane A Input: sequence of steel loads (“pigs”). Machine 1 Machine 2 Machine 3 @10 @20 2 @10 2 2 Lane 1 Machine 4 Machine 5 5 @10 Lane 2 Load follows Recipe to become certain quality, e.g: start; end within 120. 6 Buffer Crane B =107 Storage Place @40 Continuos Casting Machine Output: sequence of higher quality steel.

23 Steel Production Plant
Crane A Input: sequence of steel loads (“pigs”). Machine 1 Machine 2 Machine 3 @10 @20 2 @10 2 2 Lane 1 Machine 4 Machine 5 15 @10 Lane 2 Load follows Recipe to obtain certain quality, e.g: start; end within 120. 16 Buffer Crane B =127 Storage Place @40 Continuos Casting Machine Output: sequence of higher quality steel.

24 Modus Operandi Physical Plant Program 4. Execute
1. Model plant as networks of timed automata. 3. Synthesise program. Plant Model Trace 2. Reformulate scheduling as reachability and apply UPPAAL tool.

25 Overview of Plant Model
Machine 1 & 4 Machine 2 & 5 Machine 3 Crane A Crane B Casting Machine Production Order Load Positions Recipe TEST BATCHES PLANT Check for E<>( test.final ) UPPAAL generates diagnostic trace if property holds.

26 Load Automaton Models all possible movements of load.
Clock tRB1 used to model time consumption. Bit vectors posI and posII models mutex.

27 Steel Recipe Clock tot to constrain upper total time bound.
Clock t to measure duration of machine treatment. Channel quality1! signaled when steel converted.

28 Production Order Specifies the steel qualities to be produced.
Allows for scheduling to be reformulated as reachability. Reachable only with feasible schedule. E<>( final )

29 Modus Operandi Physical Plant Program 4. Execute
1. Model plant as networks of timed automata. 3. Synthesise program. Plant Model Trace 2. Reformulate scheduling as reachability and apply UPPAAL . System with 5 steel loads: Parallel composition of: 15 timed automata ( locations), 18 real-valued clocks, 28 bounded integer variables, 140 action channels. Verification: Generating schedule for three batches FAILS!!!

30 Modus Operandi Physical Plant Program 4. Execute program.
1(a). Model plant in UPPAAL 3. Synthesise program. Plant Model Trace 1(b). Add guides to plant model to restrict behaviour. 2. Reformulate scheduling as reachability and apply UPPAAL . Guided Plant Model

31 Guiding the Model Idea: Guide model according to chosen strategies:
enforce desired behaviors, restrict undesired behaviors. Implementation: Annotate model with: clock and integer variables, assignments (to added clock or variable), and guards (to any clock or variable). Fact: Trace of guided model is guaranteed to be trace of unguided model.

32 Experiment BFS = breadth-first search, DFS = depth-first search, BSH = bit-state hashing, “-” = requires >2h (on 450MHz Pentium III), >256 MB, or suitable hash-table size was not found. System size: 2n+5 automata and 3n+3 clocks, if n=35: 75 automata and 108 clocks. Schedule generated for n=60 on Sun Ultra with 2x300MHz with 1024MB in 2257s .

33 Modus Operandi Physical Plant Program 4. Execute program.
1(a). Model plant in UPPAAL 3. Synthesise program. Plant Model Trace 1(b). Add guides to plant model to restrict behaviour. 2. Reformulate scheduling as reachability and apply UPPAAL . Guided Plant Model

34 LEGO Plant Model LEGO RCX Mindstorms.
crane a m1 m2 m3 LEGO RCX Mindstorms. Local controllers with control programs. IR protocol for remote invocation of programs. Central controller. m4 m5 crane b buffer storage central controller casting Synthesis

35 Local Control Programs
Belts: move left/right, receive from left/right, Machine: start, stop, Cranes: move up/down, set down, pick up, Casting Machine: start, stop, ...

36 Extracting Programs Trace Schedule Program ...
( loadB1.p1 recipeB1.gotoT1 loadB2... { loadB1.x=5 recipeB1.tot=5 recipeB1… Sync: b1right ( loadB1.pre recipeB1.gotoT1 loadB2… delay( 5 ) { loadB1.x=10 recipeB1.tot=10 recipe… Sync: B1M1on ( loadB1.onM1 recipeB1.onT1 loadB2… { loadB1.x=0 recipeB1.tot=10 recipe… delay( 10 ) { loadB1.x=10 recipeB1.tot=20 recipe… Sync: B1M1off ( loadB1.pre recipeB1.gotoT2 loadB2… { loadB1.x=0 recipeB1.tot=20 recipe... Schedule ... belt1 right delay 5 load B1 on Machine 1 delay 10 load B1 off Machine 1 Program ... // Belt Unit 1 move RIGHT PB.SendPBMessage 2, 20 // Delay 5 PB.Wait 2, 500 // Machine 1 START PB.SendPBMessage 2, 23 // Delay 10 PB.Wait 2, 100 // Machine 2 STOP PB.SendPBMessage 2,24

37 Modus Operandi Physical Plant Program 4. Execute program.
1971 lines of RCX code (n=5), “ - (n=60). Physical Plant Program 4. Execute program. 1. Model plant as networks of timed automata. 4. Synthesise program. Specification Errors. Plant Model Trace 2. Add guides to plant model to restrict behaviour. 3. UPPAAL to generate “schedule” by reachability analysis. Experiment Guided Plant Model

38 LEGO Plant Model Belt/Machine Unit.

Download ppt "Formal Methods Automatic Validation and Verification Tools"

Similar presentations

IGCSE ICT Control Systems.

IGCSE ICT Control Systems.
UCb Kim Guldstrand Larsen Symbolic Model Checking …and Verification Options How UPPAAL really works & How to make UPPAAL really work.

UCb Kim Guldstrand Larsen Symbolic Model Checking …and Verification Options How UPPAAL really works & How to make UPPAAL really work.
UCb Symbolic Reachability and Beyound or how UPPAAL really works Kim Guldstrand Larsen

UCb Symbolic Reachability and Beyound or how UPPAAL really works Kim Guldstrand Larsen
Dependable Embedded Software Systems Kim Guldstrand Larsen UCb.

Dependable Embedded Software Systems Kim Guldstrand Larsen UCb.
1 Logics & Preorders from logic to preorder – and back Kim Guldstrand Larsen Paul PetterssonMogens Nielsen

1 Logics & Preorders from logic to preorder – and back Kim Guldstrand Larsen Paul PetterssonMogens Nielsen
nearly Formal Methods Automatic Validation and Verification Tools

nearly Formal Methods Automatic Validation and Verification Tools
Formal methods & Tools UCb CUPPAAL CUPPAAL Efficient Minimum-Cost Reachability for Linearly Priced Timed Automata Gerd Behrman, Ed Brinksma, Ansgar Fehnker,

Formal methods & Tools UCb CUPPAAL CUPPAAL Efficient Minimum-Cost Reachability for Linearly Priced Timed Automata Gerd Behrman, Ed Brinksma, Ansgar Fehnker,
Knowledge Based Synthesis of Control for Distributed Systems Doron Peled.

Knowledge Based Synthesis of Control for Distributed Systems Doron Peled.
UPPAAL Introduction Chien-Liang Chen.

UPPAAL Introduction Chien-Liang Chen.
Timed Automata.

Timed Automata.
UPPAAL T-shirt to (identifiable)

UPPAAL T-shirt to (identifiable)
Modelling and Analysis of Real Time Systems Kim Guldstrand Larsen UPPAAL2k using UPPAAL2k.

Modelling and Analysis of Real Time Systems Kim Guldstrand Larsen UPPAAL2k using UPPAAL2k.
UPPAAL Andreas Hadiyono Arrummaisha Adrifina Harya Iswara Aditya Wibowo Juwita Utami Putri.

UPPAAL Andreas Hadiyono Arrummaisha Adrifina Harya Iswara Aditya Wibowo Juwita Utami Putri.
CSE 522 UPPAAL – A Model Checking Tool Computer Science & Engineering Department Arizona State University Tempe, AZ 85287 Dr. Yann-Hang Lee

CSE 522 UPPAAL – A Model Checking Tool Computer Science & Engineering Department Arizona State University Tempe, AZ Dr. Yann-Hang Lee
Verification of Hybrid Systems An Assessment of Current Techniques Holly Bowen.

Verification of Hybrid Systems An Assessment of Current Techniques Holly Bowen.
Hybrid Approach to Model-Checking of Timed Automata DAT4 Project Proposal Supervisor: Alexandre David.

Hybrid Approach to Model-Checking of Timed Automata DAT4 Project Proposal Supervisor: Alexandre David.
Model Checking for Probabilistic Timed Systems Jeremy Sproston Università di Torino VOSS Dagstuhl seminar 9th December 2002.

Model Checking for Probabilistic Timed Systems Jeremy Sproston Università di Torino VOSS Dagstuhl seminar 9th December 2002.
UCb Tools and Application of Timed Automata UPPAAL & Optimal Scheduling Kim G. Larsen

UCb Tools and Application of Timed Automata UPPAAL & Optimal Scheduling Kim G. Larsen
Predictable Design for Real-time Embedded Control A Case Study Jinfeng Huang & Jeroen Voeten Eindhoven University of Technology PROGRESS.

Predictable Design for Real-time Embedded Control A Case Study Jinfeng Huang & Jeroen Voeten Eindhoven University of Technology PROGRESS.
Reachability, Schedulability and Optimality

Reachability, Schedulability and Optimality

Similar presentations

Ads by Google