1 / 31

Formal Verification of Embedded Real-Time Software in Component-Based Application Frameworks

Formal Verification of Embedded Real-Time Software in Component-Based Application Frameworks. Pao-Ann Hsiung*, Win-Bin See, Trong-Yen Lee, Jih-Ming Fu, and Sao-Jie Chen *National Chung Cheng University Chiayi-621, Taiwan. Asia-Pacific Software Engineering Conference, December 2001, Macau.

earl
Download Presentation

Formal Verification of Embedded Real-Time Software in Component-Based Application Frameworks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Formal Verification of Embedded Real-Time Software in Component-Based Application Frameworks Pao-Ann Hsiung*, Win-Bin See, Trong-Yen Lee, Jih-Ming Fu, and Sao-Jie Chen *National Chung Cheng University Chiayi-621, Taiwan. Asia-Pacific Software Engineering Conference, December 2001, Macau

  2. Outline • Why Verification of Software? • What Issues? • Previous Work • Formal Object-Oriented Model • Formal Synthesis & Model Checking • Application Example • Conclusions & Future Work

  3. Why Verification of Software? • Software accounts for almost 80% of total system functions! • Examples of real-time embedded systems: home appliances, telecommunication devices, transportation facilities, ... • FlexibilityCOMPLEXITY! • More complex than hardware! • Simple glitches  system FAILURE!

  4. What Issues? • Component-Based Object-Oriented Application Framework (COAF) • Formal Verification (FV) • How to integrate FV into COAF??? • System Model? • Design Methodology v/s Verification Framework • Goals: Seamless + Scalable Integration!!!

  5. A Complex Behaviors!!! D B C Formal Syntax + Precise Semantics … … … … … … … … … … … … … … … System Model? • COAF View: Set of interacting objects • FV View: Network of concurrent tasks

  6. analysis results Error Trace: …. …. …. automata Design v/s Verification? software • COAF: Design Methodology • FV: Verification Framework for x = 1…8 { ……………… while(1) { … } } components

  7. Previous Work • COAFs for designing real-time embedded software applications: OORTSF, SESAG, VERTAF [RTAS’01] • Formal Synthesis: • Quasi-Static Scheduling of Free-Choice Petri nets • Synthesis of Codesign FSM • Formal Verification: • When, Where, How to verify embedded sw? • Hybrid automata-based coverification

  8. Formal Object-Oriented Model • Compromise between OO and formal models • For Task Specification: • Autonomous Timed Object (ATO) • For Modeling Behavior: • Autonomous Timed Process (ATP) ATOs ATPs

  9. Autonomous Timed Object (ATO) • ATO = PBO + TMOPBO = Port-Based Object [IEEE-TSE’97]TMO = Time-triggered Message-triggered Object [IEEE-Computer’00] • Generic structure for embedded systems • Models: • Periodic Task • Aperiodic Task

  10. ATO Generic Structure

  11. Autonomous Timed Process (ATP) • 1 or more ATP associated with 1 ATO • Create ATP on ATO declaration • Update system state • 2 types of interrupts: • Event: aperiodic task, ETM • Timer: periodic task, TTM • After method exec, check violation • If violated, Error state, handle error, reset

  12. ATP State Diagram

  13. Event & Process Tables, Call Graph • Event Table: record all inter ATP events • Call Graph: event relationships • Process Table: record all ATPs and related information • Purposes: • resource allocation, • conflict resolution, • schedulability analysis, and • verification.

  14. Formal Synthesis & Model Checking • What is formal synthesis?A formally modeled system is synthesized to satisfy a given logic specification. • Eg: TFCPN / TRS • What is model checking?A formally modeled system is checked for satisfaction of a given logic specification. • Eg: TA / TCTL

  15. Target Problem COAF-FV Technology Integration Given an embedded real-time system described in a Component-Based Object-Oriented Application Framework (COAF) using the Formal Object-Oriented Model (FOOM) along with a set of temporal constraints, the generated software code is to beformally verified to satisfy all given constraints.

  16. initial condition state invariant condition triggering condition transition clock resets Timed Automaton (TA) x=0 y=0 M0 x ≤ 3 x = 3 y := 0 M1 M2 y ≤ 7 y  7 M3 x:=0 y:=0

  17. Timed Computation Tree Logic (TCTL) • A logic for specification of properties of embedded real-time systems • Syntax:  ::=  | □ ' |  'U~c  |  ' |  '    • Reachability properties • Liveness properties • Temporal properties

  18. Compositional Verification Compositionally_Verify(ATP_Set, Constraints) {  = Gen_TCTL(Constraints); ATA_Set = Gen_TA(ATP_Set); STA_Set = Schedule(ATA_Set, SchedAlg); while (|STA_Set|>1) { MROF(STA_Set); // merging r = FBRS(STA_Set); // reduction sequence Reduce(STA_Set, r); } if (Model_Check(STA_Set, ) return Verified; else return Constraints_Violated; }

  19. Verified OK!orCounterEx … … …  Model Checking(S ┝ ?) S TCTL formula Constraints Scheduled Timed Automaton Merged Timed Automaton Reduced Timed Automaton Autonomous Timed Process Timed Automaton Compositional Verification

  20. Merge Related Objects First (MROF) • Hierarchical Merge Strategy • Same Family: (Syntax) • Merge all TA representing the same ATO. • Near Relatives: (Semantics) •  (Ai, Aj) = #Shared_Vars(Ai, Aj) + #Channels(Ai, Aj) • Highest proximity  merge first!

  21. Find Best Reduction Sequence (FBRS) • State-Graph Manipulators (SGM) Tool:http://www.cs.ccu.edu.tw/~pahsiung/sgm/ • Four reduction techniques (manipulators): • Symmetry Reduction • Clock Shielding • Read-Write Reduction • Internal Transition Bypass • Experiment with different sequences

  22. Find Best Reduction Sequence (FBRS) • No clock variables  skip clock shielding • No discrete variables  skip read-write reduction • Perform symmetry reduction after read-write reduction • Perform internal transition bypass after read-write and clock shielding • Permute reduction sequence to decide symmetry reduction order

  23. Application Example • Autonomous Intelligent Cruise Controller (AICC), Saab automobile [Hansson 1996]. • Receive info from road signs (speed limit)  adapt speed • Slow front vehicle maintain safe distance • Receive info from traffic lights  avoid stop and go

  24. AICC Example: System Architecture

  25. AICC Example: FOOM Model • 5 ATO, • 12 functions (11 software, 1 hardware)  11 ATP, Call Graph

  26. AICC Example: Process Table

  27. AICC Example: Experiments • Sun UltraSPARC II 450 MHz (1 CPU) • 1 GB physical RAM • Model Versions: • Full: 11 TA • Simple: 6 TA • Communication Models: • Shared Memory • Message Passing

  28. AICC Example: Results mg1: sequential merge, mg2: near-relatives merge

  29. AICC Example: Observations • Near-relatives merge better than sequential merge (time, memory) • SM better than MP (broadcast expensive) • 11 TA, no reduction  Out of memory! (Exponentially large state-space) • Reductions give smaller state-spaces • Best sequence: <mg1, rw, sm, sc, bit> (#modes, #transitions)

  30. Conclusions • Technology integration: • Component-Based OO Application Framework • Formal Verification • Common system model: FOOM (ATO/ATP) • Proposed scheme implemented in VERTAF • A separate Verifier component • Autonomous Intelligent Cruise Controller

  31. Future Work • Use design patterns to develop new state-space reduction techniques • API for users to develop new state-space reduction techniques • UML  FOOM • Integration of software synthesis and verification based on Petri Nets

More Related