1. No category

Verification of Real Time Systems

Verification of Real Time
Systems
CS 5270 Lecture 1
P.S. Thiagarajan
13.01.05
CS5270 Lecture1
1
Basic Info
•
•
•
•
•
P.S. Thiagarajan
S15 #04 – 14 ; Tel Ext. 7998
[email protected]
www.comp.nus.edu.sg/~thiagu
Course web page:
– www.comp.nus.edu.sg/~cs5270
– We will be using the IVLE system extensively.
13.01.05
CS5270 Lecture1
2
Office Hours
• Fridays 2.30 - 3.30 pm ; my office
• Better Option: Send mail first and fix an
appointment.
13.01.05
CS5270 Lecture1
3
Grading (Tentative)
•
•
•
•
Assignments
Projects
Mid-Term
Final
13.01.05
20%
20%
10%
50%
CS5270 Lecture1
4
Course Material
• Selected Parts of the text books :
– Hard Real-Time Computing Systems: Predictable
Scheduling Algorithms and Applications: Giorgio C.
Buttazzo
– Real-Time Systems: Design Principles for Distributed
Embedded Applications : Hermann Kopetz
• Parts of lecture notes by Joost-Peter Katoen:
“Concepts, Algorithms and tools for Model
Checking”
• Lecture slides.
• Research Articles.
13.01.05
CS5270 Lecture1
5
Assignements
• Take-home asssignments
– 2
• Lab Assignments
–2
– UPPAAL tool based.
– Individual
13.01.05
CS5270 Lecture1
6
What is the Course About?
• Real Time Computing Systems.
– Key features and issues
– Modeling, analysis
– Verification
13.01.05
CS5270 Lecture1
7
Broad Outline
•
•
•
•
Introduction to Real Time Systems
Timed Automata
Verification Tools and Techniques.
Time-triggered architectures and
protocols.
13.01.05
CS5270 Lecture1
8
What are Real Time Computer
Systems?
• Real Time Computer System
– Correct functioning depends on:
 the values of the results produced.
AND
 the physical times at which the results are
produced.
• Real Time Computer System is
embedded in a larger physical system.
13.01.05
CS5270 Lecture1
9
What are real time systems?
• The state of the system evolves with time.
– Position, velocity, acceleration
– Pressure, temperature, level, concentration
• The state needs to be sensed and
controlled by the computer system.
13.01.05
CS5270 Lecture1
10
Control Function
Computing system
Sense
Actuate
Plant
13.01.05
CS5270 Lecture1
11
Real time
• System time and external physical time
are the same!
• At least must have a predictable
relationship.
13.01.05
CS5270 Lecture1
12
Computational Timing Constraints
• The computing system must sense,
compute and actuate in a timely fashion.
• Many sensors and many actuators.
• Many control functions!
• Must schedule computational tasks for
different control functions in a timely
fashion.
• Computations must finish on time.
– Performance
13.01.05
CS5270 Lecture1
13
Types of Real Time Systems
• Hard / Soft
• Hard:
– Must meet timing constraints always.
– Reactor control, automotive electronics
• Soft:
– Must meet timing constraints often.
– Transaction Processing system
– Multi-media streaming applications.
• Hard/Soft determined externally.
• Our focus will be on Hard Real Time Systems.
13.01.05
CS5270 Lecture1
14
Characteristics of Hard Real Time
Computing Systems.
• Timeliness
• Peak Load Handling
– The system should not fail at peak load
conditions
• Predictability
• Fault Tolerance
• Maintainability
13.01.05
CS5270 Lecture1
15
Impact on System Architecture
• Must avoid non-determinism (why?).
• Sources of non-determinism:
– Direct Memory Access (DMA) by peripheral devices.
 Contention for system bus.
–
–
–
–
13.01.05
Cache
Interrupts generated by I/O devices.
Memory Management (paging)
Dynamic data structures, recursion, unbounded
loops (language level).
CS5270 Lecture1
16
Applications
•
•
•
•
•
Chemical and Nuclear Plant Control
Railway Switching Systems
Automotive applications
Flight control
…..
13.01.05
CS5270 Lecture1
17
Current State
•
•
•
•
•
Ad hoc techniques, heuristic approaches.
Code written in assembly language
Programmed timers
Low level device handling
Direct manipulation of task and interrupt
priorities.
• Goal: Optimized predictable execution on
simple architectures.
13.01.05
CS5270 Lecture1
18
Drawbacks
• Tedious programming
– Code quality depends on the programmer
• Difficult to understand and maintain.
• Verification of timing constraints is
practically impossible.
• System could collapse in rare and
unforeseen circumstances leading to
disasters.
13.01.05
CS5270 Lecture1
19
Laws of Real Time Systems:
Buttazzo’s Book
• If something can go wrong, it will go
wrong. (Murphy’s law)
13.01.05
CS5270 Lecture1
20
Laws of Real Time Systems
• If something can go wrong, it will go
wrong. (Murphy’s law)
• Any software bug will tend to maximize
damage.
13.01.05
CS5270 Lecture1
21
Laws of Real Time Systems
• If something can go wrong, it will go
wrong. (Murphy’s law)
• Any software bug will tend to maximize
damage.
• The worst software bug will be discovered
6 months after the field test.
13.01.05
CS5270 Lecture1
22
Laws of Real Time Systems
• If something can go wrong, it will go
wrong. (Murphy’s law)
• Any software bug will tend to maximize
damage.
• The worst software bug will be discovered
6 months after the field test.
• A system will stop working at the worst
possible time.
13.01.05
CS5270 Lecture1
23
Laws of Real Time Systems
• If something can go wrong, it will go wrong.
(Murphy’s law)
• Any software bug will tend to maximize damage.
• The worst software bug will be discovered 6
months after the field test.
• A system will stop working at the worst possible
time.
• Sooner or later the worst possible combinations
of circumstances will occur.
13.01.05
CS5270 Lecture1
24
Laws of Real Time Systems
• If something can go wrong, it will go wrong.
(Murphy’s law)
• Any software bug will tend to maximize damage.
• The worst software bug will be discovered 6
months after the field test.
• A system will stop working at the worst possible
time.
• Sooner or later the worst possible combinations
of circumstances will occur.
13.01.05
CS5270 Lecture1
25
Formal Methods (The Ideal!)
• Model real time systems precisely.
– External events
– System events
• Verify timing properties
• Propagate timing constraints down to the
system level.
• Verify implementation meets the
specification at each level.
13.01.05
CS5270 Lecture1
26
What methods can we offer?
• Timed automata
– To capture high level descriptions.
– Verification tools and methods
• Time triggered architectures.
• A mix of these two paradigms.
13.01.05
CS5270 Lecture1
27
Finite State Automata
• Finite State Automata (FSAs) are a basic
computational model.
• FSAs = Regular Languages
= Temporal Logics.
• Starting point for many system design
methodologies.
– SDL, UML, POLIS,…
• Verification tools (SPIN, SMV) available.
13.01.05
CS5270 Lecture1
28
A Railway System
13.01.05
CS5270 Lecture1
29
The Gate/Train Automata
open
approach
left
Fin-Close
close
break
proceed
proceed
Gate
13.01.05
Train
CS5270 Lecture1
30
The Gate Controller Automaton
approach
open
left
close
Fin-Close
13.01.05
proceed
CS5270 Lecture1
31
The Signal Space
open
Gate
Fin-close
close
open
Fin-Close
approach
left
13.01.05
CS5270 Lecture1
Gate
Controller
close
proceed
32
Timing Considerations
• The “untimed” description is not enough!
• From the time “approach” is sent,
“proceed” must be received within 5 time
units.
• From the time “close” is sent, “fin-close”
must be received within 3 time units.
• From the time “close” is received it takes
at least 2 time units before “fin-close” is
sent out.
13.01.05
CS5270 Lecture1
33
Timed Automata
• Automata + clock variables.
• Model finite state (control) systems with
timing constraints.
• Rich theory (too rich?).
• Practical tools.
• Emerging applications.
• Lot more needs to be done for
applications.
13.01.05
CS5270 Lecture1
34
The Basic Idea
Approach
13.01.05
proceed
CS5270 Lecture1
35
The Basic Idea
Approach; x
proceed
x≤5
From the time “approach” was sent “proceed” must be received
within 5 time units.
13.01.05
CS5270 Lecture1
36
The Basic Idea
act ; Y
φ
•
act is an action.
• Y is the set of clock variables being reset
to 0.
• φ is a clock constraint.
• φ ::= x ≤ c | x ≥ c | x < c | x > c | φ  ψ
• c a rational number (integer)
37
The Gate/Train Automata
open
2≤x≤4
Fin-Close
close; x
repair
x>4
Gate
13.01.05
CS5270 Lecture1
38
The Gate/Train Automata
Approach; y
break
y≥5
left
y<5
proceed
proceed
Train
13.01.05
CS5270 Lecture1
39
Time-Triggered Architectures
• A method organizing real-time computing
systems.
• Main Application domain:
–
–
–
–
Automotive electronics.
But also used in AIRBUS 380, …
See: http://www.tttech.com/technology/articles.htm
FlexRay is a closely related industry “standard”
BMW, Daimler-Benz, Philips Semiconductor, Bosch, …
13.01.05
CS5270 Lecture1
40
The Main Idea
• Event-triggered
– Timed automata
– CAN (Controller Area Network)
– Meeting of 3 people
 Everyone speaks whenever he/she has
something to say.
 Must wait for the currently speaker to finish before
a new speaker can start.
 Imagine a meeting of 40 people!
13.01.05
CS5270 Lecture1
41
The Main Idea
• Time-triggered
– Every speaker is assigned a predetermined time slot.
– After one round, the speaker gets a slot again.
– Also, a topic-schedule has been worked out in
advance.
 Top1, Top2, Top4 in the first round.
 Top1, Top3 and Top5 in the second round
 Top2, Top4 and Top5 in the third round.
– Ensure no one breaks the rules!
13.01.05
CS5270 Lecture1
42
Time-Triggered Architecture
13.01.05
CS5270 Lecture1
43
Time-Triggered Architecture
• Basic unit: NODE
• Node:
 A processor with memory
 I-O subsystem
 Operating system
 Application software
 Time-triggered communication
controller
13.01.05
CS5270 Lecture1
44
Time-Triggered Architecture
• Communication (TTA Protocol)
 Nodes connect to each other via two
independent channels.
 The communication subsystem
executes a periodic Time Division
Multiple Access (TDMA) schedule.
 Read a data frame + state information
from CNI (Communication Node
Interface) at predetermined fetch instant
and deliver to the CNIs of all receiving
nodes at predetermined delivery
instants.
13.01.05
CS5270 Lecture1
45
Time-Triggered Architecture
• Communication
 All the TTPs in a cluster know this
schedule.
 All nodes of a cluster have the “same”
notion of global time.
 fault-tolerant clock synchronization.
 TTA BUS topolgy.
13.01.05
CS5270 Lecture1
46
Topics
• Introduction to Real Time Computing
Environments.
• System Components:
– Processors, tasks, Scheduling policies,
clocks
• Distributed real time embedded systems:
– Multi-processors, synchronization, access
control
13.01.05
CS5270 Lecture1
47
Topics
• Timed Automata
• The UPPAAL Verification Tool and
related techniques.
• Applications.
• Time-Triggered Architectures and
protocols.
• Applications
• Synchronous programming languages.
13.01.05
CS5270 Lecture1
48

 Download  Report

Paperzz.com

Your Paperzz

© Copyright 2026 Paperzz