1 / 83

Practical matters + Case studies

Practical matters + Case studies. CS 5270 Lecture 10. AU:  1   2 until  2. DBMs – matrix view. DBMs – halfspace view. DBMs – halfspace view. DBMs – halfspace view. DBMs – graph view. DBMs – graph view. RTS, time passing and TA. RTS, time passing and TA. RTS, time passing and TA.

abe
Download Presentation

Practical matters + Case studies

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Practical matters+Case studies CS 5270Lecture 10 Lecture 10

  2. AU: 1  2 until 2 Lecture 10

  3. DBMs – matrix view Lecture 10

  4. DBMs – halfspace view Lecture 10

  5. DBMs – halfspace view Lecture 10

  6. DBMs – halfspace view Lecture 10

  7. DBMs – graph view Lecture 10

  8. DBMs – graph view Lecture 10

  9. RTS, time passing and TA Lecture 10

  10. RTS, time passing and TA Lecture 10

  11. RTS, time passing and TA Lecture 10

  12. RTS, time passing and TA Lecture 10

  13. RTS, time passing and TA Lecture 10

  14. RTS, time passing and TA Lecture 10

  15. RTS, time passing and TA Lecture 10

  16. RTS, Time abstracted Lecture 10

  17. ZTS, time passing and TA Lecture 10

  18. ZTS, time passing and TA Lecture 10

  19. ZTS, time passing and TA Lecture 10

  20. Today… • RTOS – in the field • PCP in TRON, RMS in RTEMS • Giotto • LTL MC using spin • CTL MC using smv • Model examples: • BRP • Scheduling Lecture 10

  21. TRON/ITRON • ITRON is the most common OS in the world (!). • Japanese, 1984, embedded systems, detailed docs mostly in Japanese. • Documentation and standards are open, although implementations may not be. http://www.sakamura-lab.org/TRON/ITRON/home-e.html Lecture 10

  22. Mutexes in ITRON • When you create a Mutex in an ITRON system, you specify attributes in the mtxattr field: TA_INHERIT (=2) priority inheritance TA_CEILING (=3) priority ceiling • The ceiling protocol in ITRON is a variant of that in class Lecture 10

  23. RTEMS • Open source project, hopes to be of similar quality to commercial RTOS. • Uses standard interfaces such as POSIX/ITRON… http://www.rtems.com/ • Multitasking, event-driven, priority-based pre-emptive scheduling. • Optional: **rate-monotonic scheduling** • Priority inheritance • Portable, micros, embedded… Lecture 10

  24. RTEMS – RMS scheduling… • General structure turns a task into RMS task: rate_monotonic_create(taskname,&period); while (true) { if ( rate_monotonic_period(period,30)==TIMEOUT ) break; performTask(); } • Scheduler uses RMS scheduling… Lecture 10

  25. Giotto • Environment, standards, and language for implementing embedded hard real-time systems. • Use language to specify periodic tasks (a time-triggered architecture) http://embedded.eecs.berkeley.edu/giotto/ • API centers on reactive tasks, communicating with ports • Each task is scheduled, the compiler finding suitable schedules Lecture 10

  26. Giotto • Compiler generates E-code and S-code for an abstract time-triggered architecture • Various systems that interpret/run the code (distribution uses a Java interpreter…) • Example of a helicopter control system, running on a strong-arm system, code developed in Giotto, using HelyOS – on the web site Lecture 10

  27. Giotto – Helicopter control Lecture 10

  28. Today… • RTOS – in the field • PCP in TRON, RMS in RTEMS • Giotto • LTL MC using spin • CTL MC using smv • Model examples: • BRP • Scheduling Lecture 10

  29. Spin, Xspin, PROMELA… • spin is the name of an LTL model checker • xspin is a graphical interface for it • PROMELA is the model checking language it uses. • Developed by Gerard Holzmann at Bell Labs http://www.spinroot.com/ Lecture 10

  30. Modelling protocols… Lecture 10

  31. Modelling protocol with Spin… Lecture 10

  32. Modelling protocol with Spin… Lecture 10

  33. Modelling protocol with Spin… (Promela – do..od is do forever…) proctype protocol( chan in, out, chin, chout ) { byte o,i; in?next(o); do :: chin?ack(i) -> out!accept(i); in?next(o); chout!ack(o) :: chin?nak(i) -> out!accept(i); chout!ack(o) :: chin?err(i) -> chout!nak(o) od } Lecture 10

  34. Modelling protocol with Spin… • Add assertions in the PROMELA code for reachability claims: assert(maxbuffered=3); • Convert LTL formula into Buchi automata for (negative) temporal claims… Lecture 10

  35. Modelling protocol with Spin… • To assert an LTL temporal formula/claim on a model, we have to show that the language of the model (all executions) is included in the language of the claim. • It is easier to claim the negative – It is easier to prove that the intersection of the language of the model and the claim is empty. • Hence NEVER claims in PROMELA. Lecture 10

  36. A(FG p) … spin –f “<>[]p” never { /* <>[]p */ T0_init: if :: ((p)) -> goto accept_S4 :: (1) -> goto T0_init fi; accept_S4: if :: ((p)) -> goto accept_S4 fi; } • If the product of the model and the negation of this automaton is empty (i.e. no acceptance), then A(FG p). Lecture 10

  37. Model without (and with) media Lecture 10

  38. Modelling media proctype medium( chan in, out ) { byte typ; int data; do :: in?typ,data -> if :: out!typ,data :: out!err,0 fi od }; Lecture 10

  39. Modelling media chan Ain = [2] of { byte }; chan MedtoA = [2] of { byte, int }; … atomic { run protocol( Ain, Aout, MedtoA, AtoMed ); run protocol( Bin, Bout, MedtoB, BtoMed ); run medium( AtoMed, MedtoB ); run medium( BtoMed, MedtoA ); run application( Aout, Ain ); run application( Bout, Bin ) }; Lecture 10

  40. Today… • RTOS – in the field • PCP in TRON, RMS in RTEMS • Giotto • LTL MC using spin • CTL MC using smv • Model examples: • BRP • Scheduling Lecture 10

  41. NuSMV and smv… • McMillan (1992) wrote smv – a CTL model checker, making sources public • More recently, NuSMV is being developed furhter, and now includes LTL, and other extensions – including SAT solvers, BMC… • Now has an extensive history Lecture 10

  42. Hardware and software together… • The tool smv has been particularly useful for hardware design checking, although it is similar to all the other style systems we have seen – specifying a model in an automata style – useful for any responsive software system (protocols…) • For a change give a hardware verification example …electronic circuit to detect the START condition for I2C signalling. Lecture 10

  43. I2C – detect START condition… If SDA goes low while SCL is high… Lecture 10

  44. I2C – modelling in smv. MODULE mainVAR inv1 : boolean; inv2 : boolean; inv3 : boolean; or2gate1 : boolean; and2gate1 : boolean; and3gate1 : boolean; SCLIN : boolean; SDAIN : boolean; ASSIGN inv1 := !SCLIN; inv2 := !SDAIN; inv3 := !or2gate1; next( or2gate1 ) := inv1 | and2gate1; and2gate1 := inv2 & or2gate1; and3gate1 := inv3 & SCLIN & inv2; SPEC ( AG ( (SDAIN=1)&(SCLIN=1)&(AX SDAIN=0) ) -> AF and3gate1 ) Lecture 10

  45. I2C – modelling in smv. • When we try it out… [hugh@pnp176-44 FormalVerification]$ NuSMV SMV-ofI2C-start-detector-parallel *** This is NuSMV 2.3.1 (compiled on Mon Apr 3 10:11:22 UTC 2006) *** For more information on NuSMV see <http://nusmv.irst.itc.it> *** or email to <nusmv-users@irst.itc.it>. *** Please report bugs to <nusmv@irst.itc.it>. -- specification (AG ((SDAIN = 1 & SCLIN = 1) & AX SDAIN = 0) -> AF and3gate1) is true [hugh@pnp176-44 FormalVerification]$ • Verifies that it is always true that if SDA and SCL were both HIGH, and that if the next state had SDA LOW, then eventually and3gate=START will be HIGH Lecture 10

  46. I2C – ROBDD: • ROBDD representation of model • (Generated automatically from within smv – don’t know what corresponds with what…) Lecture 10

  47. Today… • RTOS – in the field • PCP in TRON, RMS in RTEMS • Giotto • LTL MC using spin • CTL MC using smv • Model examples: • BRP • Scheduling Lecture 10

  48. Outline • The Bounded Retransmission Protocol. • The TTA model • The verification issues • Task arrival patterns and their schedulability. • Periodic, aperiodic, sporadic tasks. • More sophisticated patterns captured by timed automata. • Timed automata can also be used for schedulabilty analysis ! Lecture 10

  49. Case Studies • Available from the UPPAAL home page (“Examples”). • Bang & Olufsen Audio/Video Protocol. • Bang & Olufsen Power Down Protocol. • Commercial Field Bus Protocol. • Gear Box Controller. • Multimedia Stream. Lecture 10

  50. BRP • Bounded Retransmission Protocol (BRP). • Developed by Phillips Electronics Corporation. • A real-time bounded variant of the alternating-bit protocol. • Used to transfer in burst-mode a list of data (a file) • via an infra-red communication medium between AV equipment and a remote control unit. Lecture 10

More Related