Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Model-Checking of Component-Based Real-Time Embedded Software Based on CORBA Event Service Yuanfang Zhang for Seminar CSE7216 Presentation based on Zonghua.

Published byDelilah Sanders Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Model-Checking of Component-Based Real-Time Embedded Software Based on CORBA Event Service Yuanfang Zhang for Seminar CSE7216 Presentation based on Zonghua."— Presentation transcript:

1 1 Model-Checking of Component-Based Real-Time Embedded Software Based on CORBA Event Service Yuanfang Zhang for Seminar CSE7216 Presentation based on Zonghua Gu and Kang G. Shin, Model-Checking ofModel-Checking of Component-Based Real-time Embedded Software Based on CORBA Event ServiceComponent-Based Real-time Embedded Software Based on CORBA Event Service, Proceedings of 8th IEEE International Symposium on Object-oriented Real-time distributed Computin (ISORC'05)

2 2 Outline Problem  Verification of component-based real-time embedded software based on CORBA Event Service  Example: Avionics Mission Computing (AMC) Finite State Processes (FSP)  Formalize specification of software components and system architecture Labeled Transition System Analyzer (LTSA)  Exhaustively exploring the system state space to prove certain system properties Scalability improvement  State space explosion

3 3 AMC Event Triggers  Publish/Subscribe Method Invocations  Receptacle/Facet Control-push/data pull (data push)

4 4 FSP - event prefix If x is an event and P a process then (x-> P) describes a process that initially synchronizes with the event x and then behaves exactly as described by P. Convention: events begin with lowercase letters PROCESSES begin with uppercase letters ONESHOT = (once -> STOP). ONESHOT state machine (terminating process)

5 5 FSP - recursion Repetitive behaviour uses recursion: SWITCH = OFF, OFF = (on -> ON), ON = (off-> OFF). Substituting to get a more succinct definition: SWITCH = OFF, OFF = (on ->(off->OFF)). And again: SWITCH = (on->off->SWITCH).

6 6 FSP - choice If x and y are events then (x-> P | y-> Q) describes a process which initially engages in either of the events x or y. After the first event has occurred, the subsequent behavior is described by P if the first event was x and Q if the first action was y. FSP model of a drinks machine : DRINKS = (red->coffee->DRINKS |blue->tea->DRINKS ).

7 7 FSP – Composition Process Primitive processes can be composed to form a composition process with the operator | | If processes in a composition have a common shared event, all processes must synchronize on the shared event at the same step MAKER = (make -> ready ->MAKER) USER = (ready -> use ->USER) | | MAKER_USER = (MAKER | | USER) MAKER = (make -> done ->MAKER) USER = (ready -> use ->USER) | | MAKER_USER = (aMaker:MAKER | | aUser:USER) /{aMaker.done / aUser.ready}

8 8 Modeling AMC with FSP ClosedEDComponent ClosedEDComp = (inEvt -> issueGDCall ->receiveGDReply -> outEvt -> ClosedEDComp | receiveGDCall -> issueGDReply ->ClosedEDComp). OpenEDComponent OpenEDComp = (inEvt -> issueGDCall ->receiveGDReply -> outEvt -> OpenEDComp | receiveGDCall -> issueGDReply ->OpenEDComp | receiveSDCall -> issueGDCall -> receiveGDReply -> issueSDReply -> outEvt -> OpenEDComp DeviceComponent DeviceComp = (inEvt -> outEvt -> DeviceComp | receiveGDCall -> issueGDReply -> DeviceComp). DisplayComponent DisplayComp = (inEvt -> issueGDCall -> receiveGDReply -> display ->DisplayComp).

9 9 FSP – Component Interactions (1) Control-Push / Data-Pull  Synchronous: pairwise interactions between components happen instantaneously without the delays introduced by the middleware

10 10 FSP – Component Interactions (2) Input Event Correlation  AND synchronization / OR synchronization

11 11 FSP – Component Interactions (3) Real-Time Issues  A global event tick is shared among all the timers  Schedulable (add an explicit synchronization between the timer and the terminal events) Both 2 display components have been triggered before next 20hz timeout

12 12 FSP – an example application

13 13 Verify System Properties Safety  Deadlock freedom Circular dependency Multiple input events with AND synchronization, but not all of them are available  Event reachability  Sequencing constrains Liveness  progress

14 14 Deadlock Freedom LTSA:

15 15 Event reachability & Sequencing constrains

16 16 Progress Property The action will be executed infinitely often in any infinite execution of a system progress P1 = {navDisplay.display}

17 17 Scalability Lack of scalability due to state-space explosion  Out-of-memory Exploit domain-specific constraints  Omit the synchronization action Compose and check the system hierachically  Can not check for end-to-end sequencing contraints that span multiple groups and involves internal events from these groups

18 18 Exploit domain-specific constraints Reduce the call-return two-way synchronization into a one-way synchronization

19 19

20 20 Both Display components are required to be triggered before the next 1Hz timeout

21 21 Performance Evaluation 3 components to 50 components Seconds or at most a few minutes Hundreds of thousands of components  No model checker can scale up to this size  Rely on designer’s manual work to separate and model-check them individually

Download ppt "1 Model-Checking of Component-Based Real-Time Embedded Software Based on CORBA Event Service Yuanfang Zhang for Seminar CSE7216 Presentation based on Zonghua."

Similar presentations

1 Verification by Model Checking. 2 Part 1 : Motivation.

1 Verification by Model Checking. 2 Part 1 : Motivation.
Modeling issues Book: chapters 4.12, 5.4, 8.4, 10.1.

Modeling issues Book: chapters 4.12, 5.4, 8.4, 10.1.
Partial Order Reduction: Main Idea

Partial Order Reduction: Main Idea
Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.

Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.
PROTOCOL VERIFICATION & PROTOCOL VALIDATION. Protocol Verification Communication Protocols should be checked for correctness, robustness and performance,

PROTOCOL VERIFICATION & PROTOCOL VALIDATION. Protocol Verification Communication Protocols should be checked for correctness, robustness and performance,
Processes and Basic LOTOS Team LOT ‘O Specs Cara Gibbs Terry Peckham Robert Cowles Manon Sanscartier Ergun Gurak.

Processes and Basic LOTOS Team LOT ‘O Specs Cara Gibbs Terry Peckham Robert Cowles Manon Sanscartier Ergun Gurak.
Timed Automata.

Timed Automata.
Concurrency: introduction1 ©Magee/Kramer 2 nd Edition Concurrency State Models and Java Programs Jeff Magee and Jeff Kramer.

Concurrency: introduction1 ©Magee/Kramer 2 nd Edition Concurrency State Models and Java Programs Jeff Magee and Jeff Kramer.
CSC321 §6 Modelling Processes using FSP 1 Section 6 Modelling Processes using FSP.

CSC321 §6 Modelling Processes using FSP 1 Section 6 Modelling Processes using FSP.
ECE 720T5 Fall 2012 Cyber-Physical Systems Rodolfo Pellizzoni.

ECE 720T5 Fall 2012 Cyber-Physical Systems Rodolfo Pellizzoni.
Automatic Verification of Component-Based Real-Time CORBA Applications Gabor Madl Sherif Abdelwahed

Automatic Verification of Component-Based Real-Time CORBA Applications Gabor Madl Sherif Abdelwahed
CIS 540 Principles of Embedded Computation Spring 2015 Instructor: Rajeev Alur

CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur
Synthesis of Embedded Software Using Free-Choice Petri Nets.

Synthesis of Embedded Software Using Free-Choice Petri Nets.
Model Checking. Used in studying behaviors of reactive systems Typically involves three steps: Create a finite state model (FSM) of the system design.

Model Checking. Used in studying behaviors of reactive systems Typically involves three steps: Create a finite state model (FSM) of the system design.
Concurrency ©Magee/Kramer February 05, 2007 Claus Brabrand University of Aarhus Concurrency Spring 2007.

Concurrency ©Magee/Kramer February 05, 2007 Claus Brabrand University of Aarhus Concurrency Spring 2007.
Component-Interaction Automata for Specification and Verification of Component Interactions P. Vařeková and B. Zimmerova Masaryk University in Brno Czech.

Component-Interaction Automata for Specification and Verification of Component Interactions P. Vařeková and B. Zimmerova Masaryk University in Brno Czech.
© 2005 Prentice Hall12-1 Stumpf and Teague Object-Oriented Systems Analysis and Design with UML.

© 2005 Prentice Hall12-1 Stumpf and Teague Object-Oriented Systems Analysis and Design with UML.
System behaviors: state machine diagrams

System behaviors: state machine diagrams
Verifying Distributed Real-time Properties of Embedded Systems via Graph Transformations and Model Checking Gabor Madl

Verifying Distributed Real-time Properties of Embedded Systems via Graph Transformations and Model Checking Gabor Madl
Real-Time Systems Group University of Pennsylvania 5/24/2001 Resource-bound family of real-time process algebras Oleg Sokolsky, Insup Lee Real-Time Systems.

Real-Time Systems Group University of Pennsylvania 5/24/2001 Resource-bound family of real-time process algebras Oleg Sokolsky, Insup Lee Real-Time Systems.

Similar presentations

Ads by Google