Compositional Analysis of Timed Systems by Abstraction
-
Upload
petra-ingram -
Category
Documents
-
view
36 -
download
2
description
Transcript of Compositional Analysis of Timed Systems by Abstraction
Info
rmati
onst
ekn
olo
gi
Institutionen för informationsteknologi | www.it.uu.se
Outline
Motivation Arrival/Service Curves Compositional Analysis TA as Curve Transformers Abstracting TA Examples and Demo Conclusions
Info
rmati
onst
ekn
olo
gi
Institutionen för informationsteknologi | www.it.uu.se
The ABB Robot Controller
ABB robot controller (2 500 000 loc) Real time tasks A,B,C,D Read inputs from channels write output
to channels Task priority order D>C>B>A (FPS) Buffer overflow/underflow, WCRT
A B C DCommands High-level
instructions
Precise moves
Requests
Weldingprogram
Info
rmati
onst
ekn
olo
gi
Institutionen för informationsteknologi | www.it.uu.se
Old Results (CFSM)
Turing power
Equivalent to finite automata
people: Brand, Zafiropulo, Pachl, Purush Iyer, Finkel, Abdulla, Jonsson
A B A A B
A B С A B
Halfduplex
Info
rmati
onst
ekn
olo
gi
Institutionen för informationsteknologi | www.it.uu.se
Communicating Timed Automata (CTA)
Replace Finite Automata by Timed Automata Communication via unbounded FIFO channels Time is global (time passes globally and for all
automata in the same pace)
A, B, C – Timed Automata Negative results carry over Positive results – do not carry over (previous
proofs do not work in timed setting)
A B С
Info
rmati
onst
ekn
olo
gi
Institutionen för informationsteknologi | www.it.uu.se
CTA - Results
CTA with one channel
Accepts non-regular context free languages Only regular languages in the untimed case! Equivalent to Petri Nets with one unbounded
place (Eager reading: One-counter machines)
CTA with two channels
Non-context free context sensitive languages Petri Nets with two unbounded places (Eager
reading: Turing machines)
[CAV06, Pavel & Wang]
A B
A B С
Info
rmati
onst
ekn
olo
gi
Institutionen för informationsteknologi | www.it.uu.se
The ABB Robot Controller
TAA TAB TAC TAD
TASCH
TaskReadyQueue
Shared variables
TAAxTABxTACxTADxTASCH with queues is TOO BIG
Info
rmati
onst
ekn
olo
gi
Institutionen för informationsteknologi | www.it.uu.se
In general:
Precise analysis is impossible
Our hope:
Find a suitable abstraction
Info
rmati
onst
ekn
olo
gi
Institutionen för informationsteknologi | www.it.uu.se
Kahn Process Networks (‘70s)
S1, S2, S3,… – streams possibly infinite sequences of letters
A,B,C – processes mappings from streams to streams, e.g., B:(S2, S6) S5
A
B C
S1
S3S2
S6
S5
S4
Modeling Distributed, Signal Processing Systems
Info
rmati
onst
ekn
olo
gi
Institutionen för informationsteknologi | www.it.uu.se
Abstract Stream Transformers
Components = Abstract stream transformers Abstract stream defines a timed language
Asynchronous communication Network Calculus (Cruz, Boudec, Thiran ‘91-’04)
Arrival Curves Real-Time Calculus (Thiele, Chakraborty ‘00s)
Upper/Lower Arrival/Service Curves
A2
A3
A1
Q1
Q2
Abstract stream
Abstract stream
Abstract stream
Abstract stream
Abstract stream
Info
rmati
onst
ekn
olo
gi
Institutionen för informationsteknologi | www.it.uu.se
Arrival/Service Curves
time
events
windowsize
numberof events
window sizetime
availableresources
windowsize
availableservice
window size
upper bound
lower bound
upper bound
lower bound
Arrival Curves(events / data)
Service Curves(resources)
(a,3)(a,3.34)(a,3.39)(a,4)(a,10)... (100%,0)(50%,3.3)(100%,7)...
Info
rmati
onst
ekn
olo
gi
Institutionen för informationsteknologi | www.it.uu.se
Building an Arrival Curve
t
window size slide
Slide a timed window of a fixed size Count max/min number of events in the window
Choose another window etc.
t
window size
events
[0,4]
[1,5]
Info
rmati
onst
ekn
olo
gi
Institutionen för informationsteknologi | www.it.uu.se
Timing Analysis
Delay bound = max vertical distance required buffer size
Backlog bound = max horizontal distance flow delay bound
requiredbuffersize
guaranteedresource(lowerservicecurve)
worst caserequest(upperarrivalcurve)
windowsize
numberof events
response time(flow delay bound)
Info
rmati
onst
ekn
olo
gi
Institutionen för informationsteknologi | www.it.uu.se
Compositional Timing Analysis
Component = Stream Transformer Stream = Upper & Lower Bounds Real-Time Calculus
SO = fE(SI, SAR), SRR = fR(SI, SAR)
Compositional Analysis Scheduling, end-to-end delay, backlog
TASK
AvailableResources
RemainingResources
OutputInputT1
T2
T3
T4
=
=
Event Stream
Resource StreamSO
SRR
SI
SAR
Info
rmati
onst
ekn
olo
gi
Institutionen för informationsteknologi | www.it.uu.se
Resources & Scheduling
Fixed priority scheduling policy Priority order:
Priority(A)<Priority(B)<Priority(C)<Priority(D) Highest priority task has 100% of CPU Negative service curve = non-schedulable Opposite direction gives min resource
A B C D100%
<100%
Info
rmati
onst
ekn
olo
gi
Institutionen för informationsteknologi | www.it.uu.se
Timed Automata with Tasks Events
Actions
Timing constraints Clocks / Guards / Resets Complex event pattern
Tasks Asynchronous execution WCET, Deadline Scheduling policy Precedence constraints Resource constraints
Task (C,D)Task (C,D)
x<3
a!
x:=0
Info
rmati
onst
ekn
olo
gi
Institutionen för informationsteknologi | www.it.uu.se
Run of TAT
(Idle, x=0, [])
Idle
P
Q
0.1 (Idle, x=0.1, [])
(RelP, x=0, [P(2,8)]) 1.5 (RelP, x=1.5, [P(0.5,6.5)])
(RelQ, x=1.5, [P(0.5,6.5),Q(2,20)])
1.5 (RelQ, x=3, [Q(1,18.5)])
(Idle, x=3, [Q(1,18.5)])
(RelP, x=0, [P(2,8),Q(1,18.5)])
0.1 1.6 2.1 3.1
2 (RelP, x=2, [Q(1,16.5)])
5.1
Info
rmati
onst
ekn
olo
gi
Institutionen för informationsteknologi | www.it.uu.se
TA as Curve Transformers
Timed Automata as complex task release patterns We have to make them operate on curves
TA1
T2
T1
TA2
a!
b? c! T3
Ready queue
a!
Timed Automaton
OS SchedulingPolicy
Safe
Stop
Crossx<=5
Apprx<=20
Startx<= 15
x>=10x=0
x<=10stop[id]?
x>=3leave[id]!
appr[id]!x=0
x>=7x=0
go[id]?x=0
CPU
b?Taskcompleted
Taskreleased
TIMESTool
Info
rmati
onst
ekn
olo
gi
Institutionen för informationsteknologi | www.it.uu.se
TA <-> Curve Transformation
TA Modelof a SystemComponent
Event Generator Event Observer
L(EG) = L(AC)
ArrivalCurve
DepartureCurve
Curve transformation using UPPAAL
input output
F L(F(AC)) L(EO)
window size
numberof events
upper bound
lower bound
window size
numberof events
upper bound
lower boundAEG || AFi
|| AEOfor every component Fi is possible
Assumption:
Info
rmati
onst
ekn
olo
gi
Institutionen för informationsteknologi | www.it.uu.se
Encoding Arrival Curves as TA
wait forall(j:int[0,LB-1])m[j]==0 ||x[getIndex(m[j])]<j+1
upper
v<UB &&M[v]<=counter &&x[getIndex(M[v])]>vv++
v==UB ||M[v]>countera!addNewEvent(),v:=0
const int LB = 12;const int UB = 12;const int m[LB] = {0,0,0,1,1,1,2,2,3,3,3,4};const int M[UB] = {2,2,4,4,4,4,5,5,7,7,7,7};const int CN = m[LB-1]<M[UB-1]?M[UB-1]:m[LB-1];
clock x[CN];int[0,CN-1] index;int[0,CN] counter;int[0,UB] v;
int[0,CN-1] getIndex(int backtrack) { int i = index-backtrack; if(i<0) i += CN; return i;}
void addNewEvent() { x[index]:=0; index = (index==CN-1?0:index+1); if(counter<CN) counter++;}
const int LB = 12;const int UB = 12;const int m[LB] = {0,0,0,1,1,1,2,2,3,3,3,4};const int M[UB] = {2,2,4,4,4,4,5,5,7,7,7,7};const int CN = m[LB-1]<M[UB-1]?M[UB-1]:m[LB-1];
clock x[CN];int[0,CN-1] index;int[0,CN] counter;int[0,UB] v;
int[0,CN-1] getIndex(int backtrack) { int i = index-backtrack; if(i<0) i += CN; return i;}
void addNewEvent() { x[index]:=0; index = (index==CN-1?0:index+1); if(counter<CN) counter++;}
time
window size
numberof events
M[UB]
m[LB] CN=7
circular clock buffer
x1 x2 x3 x4 x5 x6 x7
pointer
X4>M[i-1]
X3>M[i-2]
X2>M[i-3]
X1>M[i-4]
Invariant lower bound
Guard upper bound
Generator
Info
rmati
onst
ekn
olo
gi
Institutionen för informationsteknologi | www.it.uu.se
Approximating TA with Arrival Curves
idle
countx<=dt+1
stop
x:=0
x<=dta?counter++
x>dt
clock x;int counter;
clock x;int counter;
ASYSTEM || AOBSERVER
One clock & one integer Non-deterministic window offset One window one state space
exploration Max considerable window size (dt)
must be specified
numberof events
dt
time
dt
max & min
Observer
dt
time
dttime
x==0 x==dt
Info
rmati
onst
ekn
olo
gi
Institutionen för informationsteknologi | www.it.uu.se
A Problem with Approximation
numberof events
window size
Last measured dt
Actual stream
Overapproximated stream
t
We need to know “safe” value of dt
Info
rmati
onst
ekn
olo
gi
Institutionen för informationsteknologi | www.it.uu.se
A Problem with Approximation
numberof events
window size
response time
Service curve
Sometimes we can still perform timing analysis using “precise” data
An adaptive approach?
Info
rmati
onst
ekn
olo
gi
Institutionen för informationsteknologi | www.it.uu.se
Another algorithm
numberof events
window size
Search for the segment that touches the curve Find the smallest intersection point and repeat Encoding of the intersection criterion into TA
=m/n
Angle is rational
m,n - integers LCM(m,n) can
become very big (hyperperiod)
Rapid slow down
Info
rmati
onst
ekn
olo
gi
Institutionen för informationsteknologi | www.it.uu.se
Simple Scheduling Example
4 tasks: 3 periodic+1 aperiodic (TA) Preemptive fixed priority scheduling Given BCET/WCET Abstracting release pattern with streams Analysis
Worst case response time Required OS ready queue size
Info
rmati
onst
ekn
olo
gi
Institutionen för informationsteknologi | www.it.uu.se
An Example with Feedback
TASK1 input depends on the TASK2 output TASK1 uses TASK2’s remaining resource TASK2 input depends on TASK1 output Given
TASK1 input stream Initial condition on activation of TASK2
Iterative computation until fixed point
TASK1 TASK2AND
CPUInitial
Condition
InputStream
100%
Info
rmati
onst
ekn
olo
gi
Institutionen för informationsteknologi | www.it.uu.se
Books & Papers
Rene L. Cruz. A Calculus for Network Delay. IEEE Transactions on Information Theory, 1991
J.-Y. Le Boudec, P. Thiran. Network Calculus. A Theory of Deterministic Queuing Systems for the Internet. 2004
L. Thiele and S. Chakraborty and M. Naedele. Real-time Calculus for Scheduling Hard Real-Time Systems. Proc. of ISCAS, 2000
L. Thiele and S. Chakraborty and M. Gries and A. Maxiaguine and J. Greutert. Embedded Software in Network Processors - Models and Algorithms. Proc. of EMSOFT, 2001
E. Wandeler, L. Thiele. Real-Time Interfaces for Interface-Based Design of Real-Time Systems with Fixed Priority Scheduling. 2005
P. Krcal, L. Mokrushin, W. Yi. A Tool for Compositional Analysis of Timed Systems by Abstraction. Tool paper submitted to CAV 2007.…
Info
rmati
onst
ekn
olo
gi
Institutionen för informationsteknologi | www.it.uu.se
Conclusions Abstraction technique for timed component
systems One component at a time
no big product (GALP) Possibility to parallelize verification Heterogeneous systems
a potential to combine different formalisms Prototype
How good is our abstraction? (Examples) Feedback? (Termination) Bound on max window size? (Adaptation?) Shared resources? (Priority Ceiling Protocol)