Presentation is loading. Please wait.

Presentation is loading. Please wait.

1/30/2016COSC-4301-01, Lecture 111 Real-Time Systems, COSC-4301-01, Lecture 11 Stefan Andrei.

Published byClaud Cannon Modified over 9 years ago

Similar presentations

Presentation on theme: "1/30/2016COSC-4301-01, Lecture 111 Real-Time Systems, COSC-4301-01, Lecture 11 Stefan Andrei."— Presentation transcript:

1 1/30/2016COSC-4301-01, Lecture 111 Real-Time Systems, COSC-4301-01, Lecture 11 Stefan Andrei

2 1/30/2016 COSC-4301-01, Lecture 11 2 Reminder of the last lecture Systematic and Automatic Debugging of Real- Time Systems based on Incremental Satisfiability Counting

3 1/30/2016 COSC-4301-01, Lecture 11 3 Overview of This Lecture Optimization of Specifications expressed in path-RTL [AnC06]  [AnC06] Andrei, S., Cheng, A.M.K.: Optimization of Real-Time Systems Timing Specifications. Proceedings of the 12th IEEE International Conference on Embedded and Real-Time Computing Systems and Applications (RTCSA 2006), 7 pages, IEEE Computer Society, Sydney, August 16-18, 2006RTCSA 2006

4 1/30/2016 COSC-4301-01, Lecture 11 4 Real-Time Systems Specification [JaM87, Che02] Structural-functional specification Behavioral specification (SP) A specification is correct if  SP implies the safety assertion (SA) [JaM87] Jahanian, F., Mok, A.: A Graph-Theoretic Approach for Timing Analysis and its Implementation. IEEE Transactions on Computers. Vol. C-36, No. 8, 1987 [Che2002] Cheng, A.M.K.: Real-time systems. Scheduling, Analysis, and Verification. Wiley-Interscience, 2002

5 1/30/2016 COSC-4301-01, Lecture 11 5 Optimization of Specifications [AnC06] Motivation: After verifying SP -> SA, and the system implementing SP is deployed, performance changes as a result of power-saving, faulty components, and cost-saving in the processing platform for the tasks specified in SP. This leads to a different but related SP. It is desirable to determine an optimal SP with the slowest possible computation times for its tasks such that SA holds.

6 1/30/2016 COSC-4301-01, Lecture 11 6 Examples A slower processing platform leads to longer tasks’ computation times. Performance changes in the processing platform can be:  the result of power-saving (a voltage scalable CPU running at a slower speed),  faulty components (one of two motors moving a railroad- crossing gate malfunctions),  cost-saving (a subset of the water pumps in a process control system is shutdown),  other unexpected reasons. Deriving optimal theorems (or quantifying tolerances), will allow the system designer to determine how far the performance of the processing platform can drift from the norm without violating the SA.

7 1/30/2016 COSC-4301-01, Lecture 11 7 The Main Idea This is clearly a fundamental issue in the design and implementation of highly dependable real-time / embedded systems. The idea: relax SP and tighten SA such that SP -> SA is still a theorem. Example:  SP = {@(e 1,x) + 10 ≤ @(e 3,y), @(e 3,y) - 20 ≤ @(e 2,z)} and  SA = {@(e 1,x)-15 ≤ @(e 2,z)}, then SP  SA is a tautology. If we relax SP to {@(e 1,x) + 5 ≤ @(e 3,y), @(e 3,y) - 20 ≤ @(e 2,z)}, then SP  SA is still a tautology (in fact, this is an optimal one).

8 1/30/2016 COSC-4301-01, Lecture 11 8 Real-Time Logic (RTL) [JaM86] RTL = first-order logic with special features to capture the timing requirements. Occurrence Function: @:: Event x Occurrence  Time, where Occurrence = Nat - {0} and Time = Nat. @(e, i) = t means the i-th occurrence of event e occurs at time t.  e  Event,  i  Occurrence, @(e,i) < @(e,i+1) if @(e,i+1) is defined. Jahanian, F., Mok, A.K.: Safety analysis of timing properties in real- time systems, IEEE Transactions on Software Engineering, vol. SE- 12, no.~9, pp. 890--904, 1986.

9 1/30/2016 COSC-4301-01, Lecture 11 9 Real-Time Logic (cont) Three types of RTL constants:  Actions: schedulable units of work  Events constants are temporal markers External Events:  event-name Start Events:  event-name Stop Events:  event-name Transition Events: event-name  Integers: used for timing constraints.

10 1/30/2016 COSC-4301-01, Lecture 11 10 The Path-RTL formulas [JaM87, WaM94] The general form of path-RTL formulas: functionOccurrence  integerConstant  functionOccurrence Industrial real-time systems:  Railroad crossing [JaM87], [JaS88], [Che02]  Moveable control rods in a reactor [JaM87]  Boeing 777 Integrated Airplane Information Management System [MTR96]  X-38, an autonomous spacecraft build by NASA [RiC99] [WaM94] Wang, F., Mok, A. K.: RTL and Refutation by Positive Cycles. Proceedings of Formal Methods Europe Symposium, 873, Lecture Notes in Computer Science, pp. 659-680, 1994

11 1/30/2016 COSC-4301-01, Lecture 11 11 The Constraint Graph Technique [JaM87] F – the initial path-RTL formula; F’ – the corresponding Presburger formula; PF = C 1  C 2  …  C n is the propositional formula of SP    SA:  C i = L i,1  L i,2  …  L i,n and  Each L i,j has the general form: v 1   I  v 2, I being a positive integer constant.  For each literal v 1  I  v 2, we construct a node labeled v 1, a node labeled v 2, and an edge with weight  I from node v 1 to node v 2 ;  For each X j,1, X j,2,…, X j,nj the j-th positive cycle, the clause C j =  X j,1   X j,2  …   X j,nj is added to PF.

12 1/30/2016 COSC-4301-01, Lecture 11 12 The Optimization Problem The previous approaches were focused on the verification and debugging of SP  SA [ACCL06], and not the optimization of this tautology. However, it may happen that SP contains overly strong timing constraints or SA can be improved by stronger timing constraints. Can we provide the most relaxed specification SP and/or the most tight safety assertion SA such that SP  SA is a theorem (without repeating the verification of SP  SA)? [ACCL06] Andrei, S., Chin, W.-N., Cheng, A.M.K., Lupu, M.: Automatic Debugging of Real-Time Systems based on Incremental Satisfiability Counting. IEEE Transaction on Computers, vol. 55(7), pp. 830-842 (2006) Selected as July ToC issue's Feature Article.IEEE Transaction on Computers

13 1/30/2016 COSC-4301-01, Lecture 11 13 Notations Given S a set of timing constraints, ground(S) denotes {(x,y) | x+I≤y  S, where I  Z}. Example: For S 1 ={x 1 +3<x 2, x 2 -7<x 3 }, we have ground(S 1 )={(x 1,x 2 ), (x 2,x 3 )}. The timing constraint x+I≤y is (strictly) stronger than x+I–J≤y if and only if (J>0) J ≥ 0. Example: x-5<y is a stronger constraint than x-7<y.

14 1/30/2016 COSC-4301-01, Lecture 11 14 Notations Given two sets of timing constraints SP 1 and SP 2, we say that SP 1 is stronger than SP 2 (denoted as SP 1  SP 2 ) if and only if for any timing constraint of SP 2 there exists a stronger timing constraint of SP 1. If there exists at least one timing constraint of SP 1 that is strictly stronger than any (comparable) timing constraint of SP 2, then SP 1 is strictly stronger than SP 2 (denoted as SP 1  SP 2 ). Example: {x-5<y, x+4<z}  {x-7<y, x+3<z}.

15 1/30/2016 COSC-4301-01, Lecture 11 15 Strong-ness, Implication and Optimality Theorem. Given S 1 and S 2 two sets of timing constraints such that S 1  S 2 then S 1  S 2 is a tautology. Example: {x 1 +4 < x 2, x 2 - 5< x 3 }  {x 1 +3 < x 2, x 2 - 7< x 3 } is a tautology. We say that SP  SA is an optimal tautology if there are no other SP' and SA' where ground(SP)=ground(SP'), ground(SA)=ground(SA'), SP  SP' and SA'  SA, such that SP'  SA' is a tautology.

16 1/30/2016 COSC-4301-01, Lecture 11 16 Optimal Tautologies Example: SP={x+10≤y, y-20≤z} and SA={x-15≤z}. SP  SA is a tautology, but is not an optimal one! Examples: 1. SP 1 ={x+10≤y, y-20≤z}, SA 1 ={x-10≤z}; 2. SP 2 ={x+5≤y, y-20≤z}, SA 2 ={x-15≤z}; 3. SP 3 ={x+8≤y, y-20≤z}, SA 3 ={x-12≤z}. SP 1  SA 1, SP 2  SA 2 and SP 3  SA 3 are optimal tautologies.

17 1/30/2016 COSC-4301-01, Lecture 11 17 Algorithm to Compute Optimal Tautology

18 1/30/2016 COSC-4301-01, Lecture 11 18 The Key Point Question: Which SP k+1 and SA k+1 to choose such that the condition from the if statement (line 5) is always evaluated to true? Idea: Preserve PF 1 and change only some weights of arcs from positive cycles of CG 1 (e.g., keep the same positive cycles). These changes will be reflected back into the original SP and SA. Since PF 1 is unchanged, there is no need to repeat the verification of SP  SA.

19 1/30/2016 COSC-4301-01, Lecture 11 19 Refinement of the Optimization Algorithm

20 1/30/2016 COSC-4301-01, Lecture 11 20 Experimental Results OPRATEL (Optimization of Path ReAl-TimE Logic) is our Java implementation of the optimization algorithm. The overhead between SDRTL and OPRATEL is only up to 20%. The verification part was done only once, at the beginning of checking whether SP  SA is a theorem. The subsequent task is responsible only for changing SP and/or SA such that SP  SA becomes an optimal theorem.

21 1/30/2016 COSC-4301-01, Lecture 11 21 Future Work Extension to a larger class of RTL formulas Modularization technique of that class

22 1/30/2016 COSC-4301-01, Lecture 11 22 Summary  Optimization of Specifications

23 1/30/2016 COSC-4301-01, Lecture 11 23 Reading suggestions  [AnC06] Andrei, S., Cheng, A.M.K.: Optimization of Real- Time Systems Timing Specifications. Proceedings of the 12th IEEE International Conference on Embedded and Real-Time Computing Systems and Applications (RTCSA 2006), 7 pages, IEEE Computer Society, Sydney, August 16-18, 2006RTCSA 2006

24 1/30/2016 COSC-4301-01, Lecture 11 24 Coming up next Faster Verification of RTL-Specified Systems via Decomposition Constraint Extension  [AnC06] Andrei, S., Cheng, A.M.K.: Faster Verification of RTL-Specified Systems via Decomposition and Constraint Extension. Proceedings of the IEEE Real- Time Systems Symposium (RTSS 2006), 10 pages, IEEE Computer Society, Rio de Janeiro, December 5- 8, 2006RTSS 2006

25 1/30/2016 COSC-4301-01, Lecture 11 25 Thank you for your attention! Questions?

Download ppt "1/30/2016COSC-4301-01, Lecture 111 Real-Time Systems, COSC-4301-01, Lecture 11 Stefan Andrei."

Similar presentations

CS 267: Automated Verification Lecture 2: Linear vs. Branching time. Temporal Logics: CTL, CTL*. CTL model checking algorithm. Counter-example generation.

CS 267: Automated Verification Lecture 2: Linear vs. Branching time. Temporal Logics: CTL, CTL*. CTL model checking algorithm. Counter-example generation.
Partial Order Reduction: Main Idea

Partial Order Reduction: Main Idea
ECOE 560 Design Methodologies and Tools for Software/Hardware Systems Spring 2004 Serdar Taşıran.

ECOE 560 Design Methodologies and Tools for Software/Hardware Systems Spring 2004 Serdar Taşıran.
Introducing Formal Methods, Module 1, Version 1.1, Oct., 1998 1 Formal Specification and Analytical Verification L 5.

Introducing Formal Methods, Module 1, Version 1.1, Oct., Formal Specification and Analytical Verification L 5.
Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:

Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:
ECE 667 - Synthesis & Verification - L271 ECE 697B (667) Spring 2006 Synthesis and Verification of Digital Systems Model Checking basics.

ECE Synthesis & Verification - L271 ECE 697B (667) Spring 2006 Synthesis and Verification of Digital Systems Model Checking basics.
Timed Automata.

Timed Automata.
1 University of Toronto Department of Computer Science © 2001, Steve Easterbrook Lecture 10: Formal Verification Formal Methods Basics of Logic first order.

1 University of Toronto Department of Computer Science © 2001, Steve Easterbrook Lecture 10: Formal Verification Formal Methods Basics of Logic first order.
Background information Formal verification methods based on theorem proving techniques and model­checking –to prove the absence of errors (in the formal.

Background information Formal verification methods based on theorem proving techniques and model­checking –to prove the absence of errors (in the formal.
Presenter: PCLee – 2011.03.02. This paper outlines the MBAC tool for the generation of assertion checkers in hardware. We begin with a high-level presentation.

Presenter: PCLee – This paper outlines the MBAC tool for the generation of assertion checkers in hardware. We begin with a high-level presentation.
SAT and Model Checking. Bounded Model Checking (BMC) A.I. Planning problems: can we reach a desired state in k steps? Verification of safety properties:

SAT and Model Checking. Bounded Model Checking (BMC) A.I. Planning problems: can we reach a desired state in k steps? Verification of safety properties:
Constraint Logic Programming Ryan Kinworthy. Overview Introduction Logic Programming LP as a constraint programming language Constraint Logic Programming.

Constraint Logic Programming Ryan Kinworthy. Overview Introduction Logic Programming LP as a constraint programming language Constraint Logic Programming.
ESC Java. Static Analysis Spectrum Power Cost Type checking Data-flow analysis Model checking Program verification AutomatedManual ESC.

ESC Java. Static Analysis Spectrum Power Cost Type checking Data-flow analysis Model checking Program verification AutomatedManual ESC.
Temporal Logic of Actions (TLA) Leslie Lamport

Temporal Logic of Actions (TLA) Leslie Lamport
Design of Fault Tolerant Data Flow in Ptolemy II Mark McKelvin EE290 N, Fall 2004 Final Project.

Design of Fault Tolerant Data Flow in Ptolemy II Mark McKelvin EE290 N, Fall 2004 Final Project.
Strategic Directions in Real- Time & Embedded Systems Aatash Patel 18 th September, 2001.

Strategic Directions in Real- Time & Embedded Systems Aatash Patel 18 th September, 2001.
Monadic Predicate Logic is Decidable Boolos et al, Computability and Logic (textbook, 4 th Ed.)

Monadic Predicate Logic is Decidable Boolos et al, Computability and Logic (textbook, 4 th Ed.)
1 Formal Engineering of Reliable Software LASER 2004 school Tutorial, Lecture1 Natasha Sharygina Carnegie Mellon University.

1 Formal Engineering of Reliable Software LASER 2004 school Tutorial, Lecture1 Natasha Sharygina Carnegie Mellon University.
Abstract Verification is traditionally done by determining the truth of a temporal formula (the specification) with respect to a timed transition system.

Abstract Verification is traditionally done by determining the truth of a temporal formula (the specification) with respect to a timed transition system.
Propositional Calculus Math Foundations of Computer Science.

Propositional Calculus Math Foundations of Computer Science.

Similar presentations

Ads by Google