1 / 29

Compositional Analysis of Timed Systems by Abstraction

Compositional Analysis of Timed Systems by Abstraction. Leonid Mokrushin TAPVES 2007-02-08. Outline. Motivation Arrival/Service Curves Compositional Analysis TA as Curve Transformers Abstracting TA Examples and Demo Conclusions. The ABB Robot Controller. Precise moves. Welding

petra-ingram
Download Presentation

Compositional Analysis of Timed Systems by Abstraction

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Compositional Analysis of Timed Systems by Abstraction Leonid Mokrushin TAPVES 2007-02-08

  2. Outline • Motivation • Arrival/Service Curves • Compositional Analysis • TA as Curve Transformers • Abstracting TA • Examples and Demo • Conclusions

  3. The ABB Robot Controller Precise moves Welding program A B C D • ABB robot controller (2 500 000 loc) • Real time tasks A,B,C,D • Read inputs from channels write output to channels • Task priority order D>C>B>A (FPS) • Buffer overflow/underflow, WCRT Commands High-level instructions Requests

  4. Old Results (CFSM) • Turing power • Equivalent to finite automata • people: Brand, Zafiropulo, Pachl, Purush Iyer, Finkel, Abdulla, Jonsson A B A A B Half duplex A B С A B

  5. Communicating Timed Automata (CTA) • Replace Finite Automata by Timed Automata • Communication via unbounded FIFO channels • Time is global (time passes globally and for all automata in the same pace) • A, B, C – Timed Automata • Negative results carry over • Positive results – do not carry over (previous proofs do not work in timed setting) A B С

  6. CTA - Results [CAV06, Pavel & Wang] A B • CTA with one channel • Accepts non-regular context free languages • Only regular languages in the untimed case! • Equivalent to Petri Nets with one unbounded place (Eager reading: One-counter machines) • CTA with two channels • Non-context free context sensitive languages • Petri Nets with two unbounded places (Eager reading: Turing machines) A B С

  7. The ABB Robot Controller TASCH Task Ready Queue TAA TAB TAC TAD Shared variables TAAxTABxTACxTADxTASCH with queues is TOO BIG

  8. In general: Precise analysis is impossible Our hope: Find a suitable abstraction

  9. Kahn Process Networks (‘70s) • Modeling Distributed, Signal Processing Systems S1 S4 A • S1,S2,S3,…– streams • possibly infinite sequences of letters • A,B,C – processes • mappings from streams to streams, e.g., B:(S2,S6) S5 S3 S2 S5 C B S6

  10. Abstract Stream Transformers Q1 A2 Abstract stream Abstract stream A1 Abstract stream • Components = Abstract stream transformers • Abstract stream defines a timed language • Asynchronous communication • Network Calculus (Cruz, Boudec, Thiran ‘91-’04) • Arrival Curves • Real-Time Calculus (Thiele, Chakraborty ‘00s) • Upper/Lower Arrival/Service Curves Abstract stream A3 Q2 Abstract stream

  11. Arrival/Service Curves Arrival Curves (events / data) Service Curves (resources) available resources events time time window size window size upper bound available service number of events upper bound lower bound lower bound window size window size (a,3)(a,3.34)(a,3.39)(a,4)(a,10)... (100%,0)(50%,3.3)(100%,7)...

  12. Building an Arrival Curve • Slide a timed window of a fixed size • Count max/min number of eventsin the window events t window size slide [0,4] • Choose another window etc. t window size [1,5]

  13. Timing Analysis worst case request (upper arrival curve) number of events guaranteed resource (lower service curve) • Delay bound = max vertical distance • required buffer size • Backlog bound = max horizontal distance • flow delay bound required buffer size response time (flow delay bound) window size

  14. Compositional Timing Analysis Available Resources Event Stream SAR = T1 T3 Input Output • Component = Stream Transformer • Stream = Upper & Lower Bounds • Real-Time Calculus • SO = fE(SI, SAR), SRR = fR(SI, SAR) • Compositional Analysis • Scheduling, end-to-end delay, backlog TASK SI SO Resource Stream T2 T4 SRR = Remaining Resources

  15. 100% <100% Resources & Scheduling • Fixed priority scheduling policy • Priority order: Priority(A)<Priority(B)<Priority(C)<Priority(D) • Highest priority task has 100% of CPU • Negative service curve = non-schedulable • Opposite direction gives min resource A B C D

  16. Timed Automata with Tasks • Events • Actions • Timing constraints • Clocks / Guards / Resets • Complex event pattern • Tasks • Asynchronous execution • WCET, Deadline • Scheduling policy • Precedence constraints • Resource constraints x<3 a! x:=0 Task (C,D)

  17. Run of TAT (Idle, x=0, []) 0.1 (Idle, x=0.1, []) (RelP, x=0, [P(2,8)]) 1.5(RelP, x=1.5, [P(0.5,6.5)]) (RelQ, x=1.5, [P(0.5,6.5),Q(2,20)]) 1.5(RelQ, x=3, [Q(1,18.5)]) (Idle, x=3, [Q(1,18.5)]) (RelP, x=0, [P(2,8),Q(1,18.5)]) 2(RelP, x=2, [Q(1,16.5)]) Idle P Q 0.1 1.6 2.1 3.1 5.1

  18. TA as Curve Transformers Timed Automaton Task completed b? • Timed Automata as complex task release patterns • We have to make them operate on curves a! TA1 T1 Task released a! Ready queue c! b? T2 TA2 T3 OS Scheduling Policy TIMES Tool CPU

  19. number of events number of events upper bound upper bound lower bound lower bound window size window size TA <-> Curve Transformation Arrival Curve Curve transformation using UPPAAL TA Model of a System Component input output Event Observer Event Generator F L(F(AC))L(EO) L(EG)=L(AC) Assumption: AEG || AFi || AEO Departure Curve for every component Fi is possible

  20. Encoding Arrival Curves as TA Generator Invariant  lower bound circular clock buffer x1 x2 x3 x4 x5 x6 x7 Guard  upper bound pointer time const int LB = 12; const int UB = 12; const int m[LB] = {0,0,0,1,1,1,2,2,3,3,3,4}; const int M[UB] = {2,2,4,4,4,4,5,5,7,7,7,7}; const int CN = m[LB-1]<M[UB-1]?M[UB-1]:m[LB-1]; clock x[CN]; int[0,CN-1] index; int[0,CN] counter; int[0,UB] v; int[0,CN-1] getIndex(int backtrack) { int i = index-backtrack; if(i<0) i += CN; return i; } void addNewEvent() { x[index]:=0; index = (index==CN-1?0:index+1); if(counter<CN) counter++; } X4>M[i-1] X3>M[i-2] X2>M[i-3] X1>M[i-4] M[UB] number of events m[LB] CN=7 window size

  21. time time dt dt time dt Approximating TA with Arrival Curves Observer • ASYSTEM || AOBSERVER • One clock & one integer • Non-deterministic window offset • One window  one state space exploration • Max considerable window size (dt) must be specified clock x; int counter; number of events max & min x==0 x==dt dt

  22. We need to know “safe” value of dt A Problem with Approximation Last measured dt number of events Overapproximated stream Actual stream window size t

  23. Sometimes we can still perform timing analysis using “precise” data An adaptive approach? A Problem with Approximation number of events Service curve response time window size

  24. Search for the segment that touches the curve Find the smallest intersection point and repeat Encoding of the intersection criterion into TA Another algorithm number of events a=m/n • Angle a is rational • m,n - integers • LCM(m,n) can become very big (hyperperiod) • Rapid slow down window size

  25. Simple Scheduling Example • 4 tasks: 3 periodic+1 aperiodic (TA) • Preemptive fixed priority scheduling • Given BCET/WCET • Abstracting release pattern with streams • Analysis • Worst case response time • Required OS ready queue size

  26. 100% An Example with Feedback CPU Initial Condition AND TASK1 TASK2 Input Stream • TASK1 input depends on the TASK2 output • TASK1 uses TASK2’s remaining resource • TASK2 input depends on TASK1 output • Given • TASK1 input stream • Initial condition on activation of TASK2 • Iterative computation until fixed point

  27. Books & Papers • Rene L. Cruz. A Calculus for Network Delay. IEEE Transactions on Information Theory, 1991 • J.-Y. Le Boudec, P. Thiran. Network Calculus. A Theory of Deterministic Queuing Systems for the Internet. 2004 • L. Thiele and S. Chakraborty and M. Naedele. Real-time Calculus for Scheduling Hard Real-Time Systems. Proc. of ISCAS, 2000 • L. Thiele and S. Chakraborty and M. Gries and A. Maxiaguine and J. Greutert. Embedded Software in Network Processors - Models and Algorithms. Proc. of EMSOFT, 2001 • E. Wandeler, L. Thiele. Real-Time Interfaces for Interface-Based Design of Real-Time Systems with Fixed Priority Scheduling. 2005 • P. Krcal, L. Mokrushin, W. Yi. A Tool for Compositional Analysis of Timed Systems by Abstraction. Tool paper submitted to CAV 2007. …

  28. Abstraction technique for timed component systems One component at a time no big product (GALP) Possibility to parallelize verification Heterogeneous systems a potential tocombine different formalisms Prototype Conclusions • How good is our abstraction? (Examples) • Feedback? (Termination) • Bound on max window size? (Adaptation?) • Shared resources? (Priority Ceiling Protocol)

  29. Thank you!

More Related