Steam Boiler Control An Example in ASM Formalisation

Size: px

Start display at page:

Download "Steam Boiler Control An Example in ASM Formalisation"

Dayna Owen
5 years ago
Views:

1 Formal Specification and Verification of Software Steam Boiler Control An Example in ASM Formalisation Bernhard Beckert UNIVERSITÄT KOBLENZ-LANDAU B. Beckert: Formal Specification and Verification of Software p.1

2 Steam Boiler Control: Scenario a z d / k δ d w d max System Components steam boiler 4 water level measuring device w/ k w min w four pumps four pump controlers steam quantity measuring device p1 /... / p4 k p1 /... / k l/ δ p4 p v valve for emptying the boiler B. Beckert: Formal Specification and Verification of Software p.2

3 Steam Boiler Control: Scenario a z 4 d / k δ d w d max Physical constants w min w max l minimal water level maximal water level water amount per pump w/ k w min w d max δ p maximal quantity of steam exiting the boiler error in the value of l p1 /... / p4 l/ δ p v δ d error in steam measurement k p1 /... / k p4 B. Beckert: Formal Specification and Verification of Software p.3

4 Steam Boiler Control: Scenario a z 4 d / k δ d w w/ k w d max min w Measured values w water level d amount of steam exiting the boiler k p (i) pump i works/broken k w water level measuring device works/broken p1 /... / p4 l/ δ p v k d steam amount measuring device works/broken k p1 /... / k p4 B. Beckert: Formal Specification and Verification of Software p.4

5 Steam Boiler Control: Scenario a z d / k δ d w d max Control values p(i) pump i on/off k 4 p1 /... / p4 p1 /... / k l/ δ p4 p v w/ k w min w v a z valve open/closed boiler on/off state init/norm/broken/stop B. Beckert: Formal Specification and Verification of Software p.5

6 Steam Boiler with ASMs Restrictions Real-time aspects not modelled Communication between devices not modelled B. Beckert: Formal Specification and Verification of Software p.6

7 Steam Boiler with ASMs Restrictions Real-time aspects not modelled Communication between devices not modelled Measured values Modelled as functions that are changed externally Control values Modelled as functions that are read externally B. Beckert: Formal Specification and Verification of Software p.6

8 Steam Boiler with ASMs: Two Versions First version The possibility that devices are broken is not modelled States: init,normal,stop Second version The possibility that devices are broken is included in the model Additional state: broken B. Beckert: Formal Specification and Verification of Software p.7

9 Û Ñ Ü Û ÓÔØ Û Ñ Ò First Version: Strategy for Filling Additional constant w opt Optimal water level Strategy ØÓÔ ÔÙÑÔ Ó«½ ÔÙÑÔ ÓÒ Û ÓÔØ Ð ¾ ÔÙÑÔ ÓÒ Û ÓÔØ ¾Ð ÔÙÑÔ ÓÒ Û ÓÔØ Ð ÔÙÑÔ ÓÒ ØÓÔ B. Beckert: Formal Specification and Verification of Software p.8

10 First Version: Vocabulary Universes state = {init, norm, stop} openclosed = {open, closed} water = N pumps = {1, 2, 3, 4} onoff = {on, off } B. Beckert: Formal Specification and Verification of Software p.9

11 First Version: Vocabulary Universes state = {init, norm, stop} openclosed = {open, closed} water = N pumps = {1, 2, 3, 4} onoff = {on, off } Note These are unary boolean functions; they define a type/class B. Beckert: Formal Specification and Verification of Software p.9

12 First Version: Vocabulary Dynamic functions External functions Static functions p : pumps onoff controling the pumps v : openclosed controling the steam valve a : onoff controling the boiler z : state boiler state w : water water level d : water steam exiting boiler +,, : N N N arithmetic <, : N N Boole ordering w max, w min, w opt, l, d max N physical constants B. Beckert: Formal Specification and Verification of Software p.10

13 Initial State a = off z = init B. Beckert: Formal Specification and Verification of Software p.11

14 Rule Initialisation if (z = init) then skip else if 0 < d then z := stop else if w < w min + d max then v := closed p(i) := on (i = 1..4) end else if w max < w then v := open p(i) := off (i = 1..4) end else z v := norm := closed a := on p(i) := off (i = 1..4) end endif endif endif endif B. Beckert: Formal Specification and Verification of Software p.12

15 Rule Normal if (z = norm) then skip else if w max < w w < w min then a z end else := off := stop if w w opt then p(1) := on else p(1) := off endif if w w opt l then p(2) := on else p(2) := off endif if w w opt (2 l) then p(3) := on else p(3) := off endif if w w opt (3 l) then p(4) := on else p(4) := off endif end endif endif B. Beckert: Formal Specification and Verification of Software p.13

16 Rule Control Initialisation Normal end B. Beckert: Formal Specification and Verification of Software p.14

17 Second Version: Vocabulary Universes state openclosed water = {init, norm, broken, stop} = {open, closed} = N pumps = {1, 2, 3, 4} onoff = {on, off } worksbroken = {works, broken} B. Beckert: Formal Specification and Verification of Software p.15

18 Second Version: Vocabulary Dynamic functions p : pumps onoff controling the pumps v : openclosed controling steam valve a : onoff controling the boiler z : state boiler state s min, s max : water estimated water level n p : pumps number of active pumps External functions w : water water level d : water steam exiting boiler k p : pumps worksbroken pump works/broken k w : worksbroken water level device k d : worksbroken steam amount device B. Beckert: Formal Specification and Verification of Software p.16

19 Second Version: Vocabulary Static functions +,,, min : N N N arithmetic <, : N N Boole ordering w max, w min, l : N physical constants d max,δ p,δ d : N physical constants optpumps : water water pumps optimal pump number numworking : N worksbroken 4 N number of working pumps controlpumps : pumps 2 worksbroken 4 onoff control for each pump B. Beckert: Formal Specification and Verification of Software p.17

20 Second Version: Vocabulary Static function optpumps (encodes the strategy) optpumps(w 1, w 2 ) = optimal number of pumps for water level between w 1 and w 2 B. Beckert: Formal Specification and Verification of Software p.18

21 Second Version: Vocabulary Static function optpumps (encodes the strategy) optpumps(w 1, w 2 ) = optimal number of pumps for water level between w 1 and w 2 Static function numworking numworking(i, k 1, k 2, k 3, k 4 ) = #{j j i k j = works} B. Beckert: Formal Specification and Verification of Software p.18

22 Second Version: Vocabulary Static function optpumps (encodes the strategy) optpumps(w 1, w 2 ) = optimal number of pumps for water level between w 1 and w 2 Static function numworking numworking(i, k 1, k 2, k 3, k 4 ) = #{j j i k j = works} Static function controlpumps controlpumps(i, n opt, k 1, k 2, k 3, k 4 ) = { on if numworking(i 1, k 1, k 2, k 3, k 4 ) < n opt off otherwise B. Beckert: Formal Specification and Verification of Software p.18

23 Rule Initialisation if (z = init) then skip else if 0 < d k w = broken k d = broken then z := stop else if w < w min + d max then v := closed p(i) := on (i = 1..4) end else if w max < w then v := open p(i) := off (i = 1..4) end else z v := norm := closed s min := w s max := w n p := 0 p(i) := off (i = 1..4) end endif endif endif endif B. Beckert: Formal Specification and Verification of Software p.19

24 Rule NormBroken if (z = norm z = broken) then skip else if k w = works then let min = w, max = w, z val = norm in ControlPumps endlet else if k d = works then let min = s min d + n p l δ d n p δ p, max = s max d + n p l + δ d + n p δ p, z val = broken in ControlPumps endlet else z := stop a := off end endif endif endif B. Beckert: Formal Specification and Verification of Software p.20

25 Rule ControlPumps if min < w min w max < max then z := stop a := off end else let n opt = optpumps(min,max) in p(i) := controlpumps(i, n opt, k p (1),..., k p (4)) (i = 1..4) n p := min(n opt,numworking(4, k p (1),..., k p (4))) s min := min s max := max z := z val end endlet endif B. Beckert: Formal Specification and Verification of Software p.21

26 Rule Control Initialisation NormBroken end B. Beckert: Formal Specification and Verification of Software p.22

27 Alternative Solution: Vocabulary Universes state openclosed water = {init, norm, broken, stop} = {open, closed} = N pumps = {1, 2, 3, 4} onoff = {on, off } worksbroken = {works, broken} waitcompute = {wait, compute} B. Beckert: Formal Specification and Verification of Software p.23

28 Alternative Solution: Vocabulary Additional dynamic functions i : pumps f : waitcompute current pump next cycle Meaning of function f f = compute: f = wait: Control the pumps Measurement B. Beckert: Formal Specification and Verification of Software p.24

29 Alternative: Rule Initialisation if (z = init) then skip else if 0 < d k w = broken k d = broken then z := stop else if w < w min + d max then v := closed p(i) := on (i = 1..4) f := wait end else if w max < w then v := open p(i) := off (i = 1..4) f := wait end else z := norm f := wait v := closed s min := w s max := w n p := 0 p(i) := off (i = 1..4) end endif endif endif endif B. Beckert: Formal Specification and Verification of Software p.25

30 Alternative: Rule NormBroken (1) if ((z = norm z = broken) f = wait) then skip else if k w = works then s min := w s max := w z := norm f := compute i := 1 n p := 0 end B. Beckert: Formal Specification and Verification of Software p.26

31 Alternative: Rule NormBroken (2) else if k d = works then s min := s min d + n p l δ d n p δ p s max := s max d + n p l + δ d + n p δ p z := broken f := compute i := 1 n p := 0 end else z := stop a := off end endif endif endif B. Beckert: Formal Specification and Verification of Software p.27

32 Alternative: Rule ControlPumps (1) if ((z = norm z = broken) f = compute) then skip else if s min < w min w max < s max then z := stop a := off end B. Beckert: Formal Specification and Verification of Software p.28

33 Alternative: Rule ControlPumps (2) else if n p < optpumps(s min, s max ) k p (i) = works then p(i) := on n p := n p + 1 end else p(i) := off endif if i < 4 then i := i + 1 else f := wait endif end endif B. Beckert: Formal Specification and Verification of Software p.29

34 Alternative: Rule Control Initialisation NormBroken ControlPumps end B. Beckert: Formal Specification and Verification of Software p.30

The Object Contraint Language by Example

Formal Specification of Software The Object Contraint Language by Example Bernhard Beckert UNIVERSITÄT KOBLENZ-LANDAU B. Beckert: Formal Specification of Software p.1 The Classifier Context inv ( c :)?