1 / 12

TAXYS : a tool for the Development and Verification of RT Systems

TAXYS : a tool for the Development and Verification of RT Systems. a joint project between France Telecom R&D and VERIMAG E. Closse, M. Poize, J. Pulou, P. Venier, D. Weil (FTR&D) J. Sifakis and S. Yovine (VERIMAG). TAXYS Goals. Verify Timing Constraints on RT Embedded Software

harvey
Download Presentation

TAXYS : a tool for the Development and Verification of RT Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. TAXYS : a tool for the Development and Verification of RT Systems a joint project between France Telecom R&D and VERIMAG E. Closse, M. Poize, J. Pulou, P. Venier, D. Weil (FTR&D) J. Sifakis and S. Yovine (VERIMAG)

  2. TAXYS Goals • Verify Timing Constraints on RT Embedded Software • RT Embedded Software • applications with tight energy&memory constraints • GSM terminal, Airplanes, Automobiles... • Critical Timing constraints : • missing inputs or emitting data too late leads to failure • Testing system in its real environment is long and difficult • Reduce development time by a priori static analysis • model the temporal behavior of the executing code, not of the specification • expressing quantitative timing constraints on this code

  3. TAXYS Approach • Synchronous languages+ Timed Automata : • SAXO-RT ESTEREL Compiler (FTR&D)  Finite State Timed Automata  • OPEN-KRONOS Model Checker (VERIMAG) • TAXYS application = ESTEREL + C • self-sequenced code • control path : ESTEREL • SAXORT ESTEREL compiler • efficient code • time spent in control path is negligible • data path : C • C-functions are called by the control path • Min & Max Execution Time of each C-function is known (e.g. by profiling,…)

  4. tout tin Deadline constraint : tout – tin < d Throughput constraint : no buffer overflow Global Model Embedded System Environment Event Handler Application

  5. TAXYS Specification • Application Model = ESTEREL + timing pragmas • the Embedded Code and its timed model are generated from the same ESTEREL code • timing pragmas contains profiling information and deadline constraints • Event Handler Model : C-code • a simple FIFO model • Environment Model : ESTEREL + timing pragmas + « npause » • non-deterministic timed automata • represent all the possible scenarios

  6. tA TA TB Deadline constraint : tg – ta < d tg Throughput constraint : no buffer overflow A Small Example Sensor E A H A Filter F B Shared Memory Compute G Actuator

  7. [ loop npause; emit A; %{# TA cA TA; cA:=0} end loop || loop npause; emit B; %{# TB cB TB; cB:=0} end loop ] [ loop await A; call F(); %{cpu(Fmin, Fmax)}% end loop || loop await B ; call G(); %{cpu(Gmin, Gmax)}% end loop ] ESTEREL Model A E H

  8. tA TA TB Deadline constraint : tG – tA < d tG Specifying Deadline Constraints Sensor E A H A Filter F B Shared Memory Compute G Actuator

  9. %{# Y = clock(A) %} %{# Y <d %} x1 < d’ Specifying Deadline Constraints [ loop await A; call F(); end loop || loop await B ; call G(); end loop ] x1:=0 x2:=0 y1:=0 x3:=0 E A! A! B! A! tSA tSB H SA SA& SB A F(x) G(x) freshness constraint:

  10. on-the-fly composition Implicit timed automata E Environment Taxys verification module SAXO-RT ESTEREL Compiler OPEN-KRONOS H Handler C compiler A Application SAXO-RT graphical debugger counter-example constraint violated OK Embedded Code TAXYS Design Flow

  11. Experimental Results • ISDN telephone prototype • implemented on a experimental DSP at FTR&D • periodic audio data + aperiodic data produced by a graphic tablet • Proof : a buffer of size > 6 is required • No need to simplify application model • more 10 million symbolic states explored • find appropriate environment model approximations preserving verified properties

  12. Conclusion • Seamless Design Flowfrom specification to embedded code and verification • a unified language for specifying application model, environment model and timing constraints : “timed ESTEREL’’ • no specific knowledge required for the user • counter-example replayed at specification level • Verification is trustworthy : embedded code is executed during verification • Scalable tool: • on-the-fly techniques : no intermediate state explosion • validated industrial-size examples • Alcatel GSM application, France Telecom phone prototype • On Monday at RV’01 : «Timing Analysis and Code Generation of Automated Vehicle Control Software with TAXYS » • more than 107 symbolic states • complexity can reduced by simplifying environment model

More Related