Parametric Real Time System Feasibility Analysis Using Parametric Timed Automata

Transcription

1 Parametric Real Time System Feasibility Analysis Using Parametric Timed Automata PhD Dissertation Yusi Ramadian Advisor : Luigi Palopoli Co advisor : Alessandro Cimatti 1

2 Real Time System Applications A computer based system, which produces results to inputs complying with some temporal constraints Page 2

3 Main Research Idea Real Time System Design Process Parameters Feasibility Analysis on Parametric Real Time System Parameter2 Region of Feasibility Correct and Robust Real Time System Parameter1 3

4 Contribution of PhD research Parametric Timed Automata (PTA) definition and representation of Real Time System Parametric Verification of Temporal Properties (PVTP) method Implementation in tool Quinq Application in case problems : periodic task system [RTSS08], heterogeneous system [ETFA10], collaboration with Modular Performance Analysis Toolbox (MPA) [CASES11]. Page 4

5 Presentation Outline Motivation Real time system design Example scenario Problem Statement Solution Parametric Timed Automata Parametric Verification of Temporal Property Method Implementation in Quinq Architecture Demo State of the art Conclusion 5

6 The Importance of CORRECT & ROBUST Real Time System Safety consideration Manufacturing consideration Variability in environment and run time Need for formalization of design process Page 6

7 Design Process Design & Modelling Activation pattern Timing properties Scheduling Algorithm Robustness & Parameter Tuning Assign values Evaluate system robustness w.r.t to parameters Functional Design Schedulability Region Functional Specification Mapping on RTS Architecture Design RTS Model RTS Model Environment Design Parameter Exogenous Parameter Parametric Feasibility Analysis Correct and Robust RTS Page 7

8 Presentation Outline Motivation Real time system design Example scenario Problem Statement Solution Parametric Timed Automata Parametric Verification of Temporal Property Method Implementation in Quinq Architecture Demo State of the art Conclusion 8

9 Sensitivity Analysis : Example Scenario Parameters Task 1 Task 2 Period Deadline Computation Time Offset 0 0 Task Task ? Page 9

10 Sensitivity Analysis : Example Scenario Discussion #1 Classical scheduling theory system failure Task system is not schedulable Solution Stronger machine (Hardware solution) Tweaking offset.. Page 10

11 Sensitivity Analysis : Region of Schedulability on Offsets Parameters Task 1 Task 2 Period Deadline Computation Time Offset 0? 0? O O Page 11

12 Sensitivity Analysis: Corrected Scenario Parameters Task 1 Task 2 Period Deadline Computation Time Offset 05 0 Task Task Page 12

13 Page 13 Sensitivity Analysis: Example Scenario Discussion #2: Robustness Parameters Task 1 Task 2 Period Deadline Computation Time 11? 12? Offset 5 0? System robustness =? C O2 O1 = 10 O2 O1 = 8 O2 O1= C1

14 Sensitivity Analysis Requirement conclusion #1: We want to find out : the schedulability regions in the space of parameters most robust design for our real-time systems Page 14

15 Sensitivity Analysis: Example Scenario Discussion #3: System model not in classical RTS Examples: System with buffers Complex activation pattern Heterogeneous, distributed system Flexible deadline (e.g. Firm Deadline) Page 15

16 Sensitivity Analysis Requirement conclusion #2 Sensitivity analysis for general real time system Page 16

17 Presentation Outline Motivation Real time system design Example scenario Problem Statement Solution Parametric Timed Automata Parametric Verification of Temporal Property Method Implementation in Quinq Architecture Demo State of the art Conclusion 17

18 Sensitivity Analysis: Formal problem definition Problem 1: System S Task 1 Task 2 Task n Scheduling Algorithm P :{P1, P2, Pn} P1 R P2 Page 18

19 Sensitivity Analysis: Formal problem definition Problem 2: System S Task 1 Task 2 Task n P :{P1, P2, Pn} P1 R Γ P2 Page 19

20 Presentation Outline Motivation Real time system design Example scenario Problem Statement Solution Parametric Timed Automata Parametric Verification of Temporal Property Method Implementation in Quinq Architecture Demo State of the art Conclusion 20

21 Parametric Timed Automata Timed automata with parameters extension Main differences: Parameters Auxiliary variables General update statement Page 21

22 Real Time System in PTA: Activation Pattern Allow complex activation pattern Avoiding restrictive 0 offset Wait for offset Clock O1 Activation depending on other tasks Release τ1 Clock=O1 Clock:= 0 Release τ2 Clock=Q2 Clock:= 0 Release τ2 Clock=Q2 Clock:= 0 Wait for Q1 Clock Q1 Wait for Q2 Clock Q2 Wait for event Activation depending on time Release τ1 General Clock=Q1 update Clock:= Clock Q2 Activation depending on environment Release τ3 Event_e = True Clock:= 0 Page 22

23 Real Time System in PTA: Feasibility Checker Parameter Idle Release τ1 Clock_x:=0 r:= C1 Release τ1 Check Clock_x=D1 Clock_x r Error Clock_x=r Busy Release τ1 Clock_x:=0 r:= C1 Clock_x=r Release τ1 r:= r + C1 Release τ1 Clock_x:=0 r:= r + C1 Clock_x Auxiliary Variables Page 23

24 Sensitivity Analysis via PTA PTA : L4 P1 L4 L1 L3 Activation Automata L2 P1 Activation Automata Feasibility region R: P2 L4 L4 L1 L3 Activation Automata P2 L2 Pn L4 L4 L1 Pn L3 Feasibility Checker Automata L2 P1 R R P2 Page 24

25 Symbolic representation of PTA Current state variables V: Discrete vars D: Location, transitions as boolean Continuous vars X: Clocks and other variables as real Symbolic model of PTA : set of constraints on boolean and real variables Examples: Loc i x y O1 Trans i (x C1) (x = C1+x) (y = y) Page 25

26 Bounded Model Checking (BMC) Look only for counterexample made of k states BMC(k): I(V 0 ) R(V 0,V 1 ) R(V k 1,V k ) Error(V k ) Completeness of the solution is not guaranteed Complementing method : inductive reasoning S0 S1 Sk Error Error Error Page 26

27 Presentation Outline Motivation Real time system design Example scenario Problem Statement Solution Parametric Timed Automata Parametric Verification of Temporal Property Method Implementation in Quinq Architecture Demo State of the art Conclusion 27

28 PTVP algorithm intuition: Search for an error trace Verification on reachability problem using BMC: An error trace for every found counterexample Alternatively, error trace can be searched via nonparametric model checker An error trace π : L1 L2 Error Page 28

29 PTVP algorithm intuition: An error trace π Along with the trace, an assignment for the parameters that validate the trace is produced L1 L2 Error P2? Γ P1 Page 29

30 PTVP algorithm intuition: Sensitivity analysis to an error trace By processing the trace, the surrounding region of parameters that make the trace true is identified And we rule this region out from the next search L1 L2 Error P2? Γ P1 Page 30

31 PTVP algorithm intuition: Schedulability region Feasibility region : found by iteratively bounding the parameter space from the unschedulability regions L1 L2 Error P2 Γ Final Schedulability Region P1 31

32 Parametric Verification of Temporal Properties (PVTP) Algorithm Error Trace Search Sensitivity Analysis Region Exclusion Collection of regions Page 32

33 Sensitivity Analysis Given Polyhedron in the space of clocks and parameters Poly{P, X} Obtain Poly{P} < > X, Poly {P, X} Existential Quantifier Elimination Page 33

34 Presentation Outline Motivation Real time system design Example scenario Problem Statement Solution Parametric Timed Automata Parametric Verification of Temporal Property Method Implementation in Quinq Architecture Demo State of the art Conclusion 34

35 Implementation in Quinq Based on NuSMV3 symbolic model checker with underlying MathSAT SMT solver Main functionalities : Input handling PVTP algorithm implementation Completion check Output handling Components Sensitivity add on High level periodic system analysis Search optimization Model checker drivers Graph generator Blackbox components : UPPAAL, JUNT, existelim Page 35

36 Architecture RTS Model QUINQ Input Handling NuSMV3 PVTP Implementation UPPAAL Output handling Feasibility Region Page 36

37 Input Handling Periodic System Input Input Handling Automatic Periodic Analysis NuSMV Model JUNT UPPAAL Model NuSMV Model 37

38 Input via UPPAAL Model UPPAAL Model Parameters JUNT NuSMV Model (Non Parametric) Parametric Model Generator NuSMV Model (Parametric) Point of Considerations: Integer vs Real domain Array data structure Clocks Transition synchronization Page 38

39 Architecture RTS Model QUINQ Input Handling NuSMV3 PVTP Implementation UPPAAL Output handling Feasibility Region Page 39

40 Parametric Verification of Temporal Property Implementation NuSMV Model PVTP Implementation Error Trace Search Error Trace Sensitivity Analysis Feasibility Region 40

41 PTVP Algorithm Implementation NuSMV Model Error Trace Search NuSMV3 Parametric search Non parametric search UPPAAL Error Trace Page 41

42 Non Parametric Search UPPAAL Model+Parameters Non parametric search UPPAAL Search Point Generator Trace Translation Trace Replication NuSMV3 Error Trace Page 42

43 Sensitivity Analysis : Implementation Sensitivity Analysis Model + Error Trace Polyhedral region in parameters space Trace Extraction Constraint Processing After Processing Polyhedral region in clocks and variables space Parametric Constraints Page 43

44 Constraint Processing Constraint Processing Constraints in Clocks & Vars Reorder expression Case Handling Equality Constraint Propagation Existelim Parametric Constraints Page 44

45 Presentation Outline Motivation Real time system design Example scenario Problem Statement Solution Parametric Timed Automata Parametric Verification of Temporal Property Method Implementation in Quinq Architecture Demo State of the art Conclusion 45

46 DEMO Previously Illustrated example: 2 periodic tasks system with 3 parameters S = {task1, task2} Periodic tasks : T1=D1=20, T2=D2=30 Offset : O1 = 0 Parameters : Computation time: C1, C2 Offset : O2 Page 46

47 Demo:result Offset2 = 15 8 Page 47

48 Presentation Outline Motivation Real time system design Example scenario Problem Statement Solution Parametric Timed Automata Parametric Verification of Temporal Property Method Implementation in Quinq Architecture Demo State of the art Conclusion 48

49 Sensitivity Analysis Tools Tool Flexible RTS Expression System known apriori Inference Point Number of Parameters Feasibility Region Bini No limit MAST SMART * No limit* IMITATOR * 2 QUINQ No limit* Page 49

50 Presentation Outline Motivation Real time system design Example scenario Problem Statement Solution Parametric Timed Automata Parametric Verification of Temporal Property Method Implementation in Quinq Architecture Demo State of the art Conclusion 50

51 Conclusion PTA representation flexible activation pattern, general RTS presentation PVTP algorithm General method to obtain feasibility region Implemented in Quinq with applications on some example cases Edge on comparison with other tools: Flexible RTS representation No reference point input needed Whole region of schedulability result Page 51

52 K Induction Does there exist k such that the following formula is unsatisfiable S0 S1 Sk 1 Error Error Error Sk Error if unsatisfiable and BMC(k) unsatisfiable then error state unreachable 52