Model-based Analysis of Event-driven Distributed Real-time Embedded Systems

Similar documents
Performance Estimation of Distributed Real-time Embedded Systems by Discrete Event Simulations

Verifying Distributed Real-time Properties of Embedded Systems via Graph Transformations and Model Checking

Formal Performance Evaluation of AMBA-based System-on-Chip Designs

Modeling and Simulation of System-on. Platorms. Politecnico di Milano. Donatella Sciuto. Piazza Leonardo da Vinci 32, 20131, Milano

Quantitative Analysis of Transaction Level Models for the AMBA Bus

SEMICON Solutions. Bus Structure. Created by: Duong Dang Date: 20 th Oct,2010

Multi-core microcontroller design with Cortex-M processors and CoreSight SoC

-- the Timing Problem & Possible Solutions

Modeling and Verification of Networkon-Chip using Constrained-DEVS

Estimation of worst case latency of periodic tasks in a real time distributed environment

Software Testing IV. Prof. Dr. Holger Schlingloff. Humboldt-Universität zu Berlin

Transaction Level Modeling with SystemC. Thorsten Grötker Engineering Manager Synopsys, Inc.

Modelling, Analysis and Scheduling with Dataflow Models

Outline. SLD challenges Platform Based Design (PBD) Leveraging state of the art CAD Metropolis. Case study: Wireless Sensor Network

Minje Jun. Eui-Young Chung

Hardware-Software Codesign. 6. System Simulation

Real-Time Mixed-Criticality Wormhole Networks

Buses. Maurizio Palesi. Maurizio Palesi 1

ECE 551 System on Chip Design

Design & Implementation of AHB Interface for SOC Application

A Multi-Modal Composability Framework for Cyber-Physical Systems

Transaction-Level Modeling Definitions and Approximations. 2. Definitions of Transaction-Level Modeling

COMP 763. Eugene Syriani. Ph.D. Student in the Modelling, Simulation and Design Lab School of Computer Science. McGill University

COMMUNICATION AND I/O ARCHITECTURES FOR HIGHLY INTEGRATED MPSoC PLATFORMS OUTLINE

Petri Net-based Thread Composition for Improved System Level Simulation

Compositionality in system design: interfaces everywhere! UC Berkeley

Xuandong Li. BACH: Path-oriented Reachability Checker of Linear Hybrid Automata

Operating System Review Part

A Flexible SystemC Simulator for Multiprocessor Systemson-Chip

An Integration of Imprecise Computation Model and Real-Time Voltage and Frequency Scaling

DESIGN A APPLICATION OF NETWORK-ON-CHIP USING 8-PORT ROUTER

Parametric Real Time System Feasibility Analysis Using Parametric Timed Automata

Bus AMBA. Advanced Microcontroller Bus Architecture (AMBA)

DEVELOPMENT AND VERIFICATION OF AHB2APB BRIDGE PROTOCOL USING UVM TECHNIQUE

SysteMoC. Verification and Refinement of Actor-Based Models of Computation

Modal Models in Ptolemy

A Test Case Generation Algorithm for Real-Time Systems

VLSI Design of Multichannel AMBA AHB

A Predictable RTOS. Mantis Cheng Department of Computer Science University of Victoria

Designing Predictable Real-Time and Embedded Systems

Improved BDD-based Discrete Analysis of Timed Systems

Predictable Interrupt Management and Scheduling in the Composite Component-based System

Resource-bound process algebras for Schedulability and Performance Analysis of Real-Time and Embedded Systems

Editor. Analyser XML. Scheduler. generator. Code Generator Code. Scheduler. Analyser. Simulator. Controller Synthesizer.

NetSpeed ORION: A New Approach to Design On-chip Interconnects. August 26 th, 2013

Assertion Based Verification of AMBA-AHB Using System Verilog

Predicting the Worst-Case Execution Time of the Concurrent Execution. of Instructions and Cycle-Stealing DMA I/O Operations

Improving Parallel MPSoC Simulation Performance by Exploiting Dynamic Routing Delay Prediction

SMD149 - Operating Systems

Investigation on Soundness Regarding Lazy Activities

Tasks. Task Implementation and management

How useful is the UML profile SPT without Semantics? 1

Chapter 2 The AMBA SOC Platform

Distributed Systems Programming (F21DS1) Formal Verification

By: Chaitanya Settaluri Devendra Kalia

A Solution Based on Modeling and Code Generation for Embedded Control System

Cyber Physical System Verification with SAL

Real-Time Architectures 2003/2004. Resource Reservation. Description. Resource reservation. Reinder J. Bril

Hardware/Software Co-design

System Design and Methodology/ Embedded Systems Design (Modeling and Design of Embedded Systems)

Timing Analysis of Distributed End-to-End Task Graphs with Model-Checking

MODEL-BASED DESIGN OF CODE FOR PLC CONTROLLERS

Efficient Synthesis of Production Schedules by Optimization of Timed Automata

HARDWARE/SOFTWARE cosimulation is the key enabler

An Efficient AXI Read and Write Channel for Memory Interface in System-on-Chip

A Process Model suitable for defining and programming MpSoCs

Modeling Event Stream Hierarchies with Hierarchical Event Models

Total No. of Questions : 18] [Total No. of Pages : 02. M.Sc. DEGREE EXAMINATION, DEC First Year COMPUTER SCIENCE.

Multi MicroBlaze System for Parallel Computing

Reasoning about Timed Systems Using Boolean Methods

T Reactive Systems: Kripke Structures and Automata

Design of an Efficient FSM for an Implementation of AMBA AHB in SD Host Controller

4 th European SystemC Users Group Meeting

ISSN Vol.03, Issue.02, March-2015, Pages:

Modeling and Analysis of Real -Time Systems with Mutex Components

The RM9150 and the Fast Device Bus High Speed Interconnect

Lecture 25: Busses. A Typical Computer Organization

Lecture 6. Abstract Interpretation

CPU Scheduling. CSE 2431: Introduction to Operating Systems Reading: Chapter 6, [OSC] (except Sections )

TIMES A Tool for Modelling and Implementation of Embedded Systems

Towards (More) Data Science in Communication Networks NetSys KuVS Preisverleihung - Presentation

Model homogenization for power estimation and design exploration

The CoreConnect Bus Architecture

Verifying Periodic Programs with Priority Inheritance Locks

System-On-Chip Architecture Modeling Style Guide

Embedded software design with Polychrony

Shared Memory Multiprocessors

A Modeling Framework for Schedulability Analysis of Distributed Avionics Systems. Pujie Han MARS/VPT Thessaloniki, 20 April 2018

Building Distributed Access Control System Using Service-Oriented Programming Model

Multiprocessors & Thread Level Parallelism

Energy Estimation Based on Hierarchical Bus Models for Power-Aware Smart Cards

Portable Real-Time Code from PTIDES Models

Using Hybrid Automata for Early Spacecraft Design Evaluation

Towards Translating FSM-SADF to Timed Automata

Cover Page. The handle holds various files of this Leiden University dissertation

CONTENTION IN MULTICORE HARDWARE SHARED RESOURCES: UNDERSTANDING OF THE STATE OF THE ART

Uniprocessor Scheduling. Basic Concepts Scheduling Criteria Scheduling Algorithms. Three level scheduling

Automatic Generation of Cycle Accurate and Cycle Count Accurate Transaction Level Bus Models from a Formal Model

Model-Driven QoS Provisioning Techniques for CCM DRE Systems

DESIGN OF EFFICIENT ROUTING ALGORITHM FOR CONGESTION CONTROL IN NOC

Transcription:

Model-based Analysis of Event-driven Distributed Real-time Embedded Systems Gabor Madl Committee Chancellor s Professor Nikil Dutt (Chair) Professor Tony Givargis Professor Ian Harris University of California, Irvine Bren School of Computer Science Ph.D. Dissertation Defense, 2009 Gabor Madl (UC Irvine) Model-based Analysis of DRE Systems Final Defense 1 / 40

Outline 1 Introduction; Distributed Real-time Embedded (DRE) systems. 2 Formal Modeling; the Alderis Domain-specific Modeling Language (DSML). 3 Real-time Verification by Timed Automata (non-preemptive) [3, 7, 8, 9]. 4 Performance Estimation by Discrete Event Simulations (DES) [5]. 5 Conservative Approximation of Preemptive Scheduling by Timed Automata [4]. 6 Combining Simulations and Model Checking for MPSoCs [1, 6]. 7 Cross-abstraction Analysis of MPSoCs [2]. 8 The Open-source Dream Framework [10]. Gabor Madl (UC Irvine) Model-based Analysis of DRE Systems Final Defense 2 / 40

Introduction Motivation Distributed Real-time Embedded Systems The Platform for the Implementation of Cyber-Physical Systems As embedded systems become increasingly networked, and interact with the physical environment, Cyber-Physical Systems (CPS) emerge. Run in open-environments, in less predictable conditions than previous generations of embedded systems. Distributed Real-time Embedded (DRE) systems provide a highly adaptive and flexible infrastructure for reusable resource management services. Provide a platform for the implementation of CPS. Range from small-scale Multi-processor Systems-on-Chip (MPSoCs) to complex software-intensive systems applied to avionics, shipboard computing, power grids. Component-based design is an emerging design paradigm. Shifts focus to a build-by-composition methodology. Gabor Madl (UC Irvine) Model-based Analysis of DRE Systems Final Defense 3 / 40

Introduction Motivation Distributed Real-time Embedded Systems The Platform for the Implementation of Cyber-Physical Systems As embedded systems become increasingly networked, and interact with the physical environment, Cyber-Physical Systems (CPS) emerge. Run in open-environments, in less predictable conditions than previous generations of embedded systems. Distributed Real-time Embedded (DRE) systems provide a highly adaptive and flexible infrastructure for reusable resource management services. Provide a platform for the implementation of CPS. Range from small-scale Multi-processor Systems-on-Chip (MPSoCs) to complex software-intensive systems applied to avionics, shipboard computing, power grids. Component-based design is an emerging design paradigm. Shifts focus to a build-by-composition methodology. Gabor Madl (UC Irvine) Model-based Analysis of DRE Systems Final Defense 3 / 40

Introduction Motivation Distributed Real-time Embedded Systems The Platform for the Implementation of Cyber-Physical Systems As embedded systems become increasingly networked, and interact with the physical environment, Cyber-Physical Systems (CPS) emerge. Run in open-environments, in less predictable conditions than previous generations of embedded systems. Distributed Real-time Embedded (DRE) systems provide a highly adaptive and flexible infrastructure for reusable resource management services. Provide a platform for the implementation of CPS. Range from small-scale Multi-processor Systems-on-Chip (MPSoCs) to complex software-intensive systems applied to avionics, shipboard computing, power grids. Component-based design is an emerging design paradigm. Shifts focus to a build-by-composition methodology. Gabor Madl (UC Irvine) Model-based Analysis of DRE Systems Final Defense 3 / 40

Introduction Motivation Composing Time- and Event-Driven DRE Systems Time-triggered Distributed Real-time Embedded (TTDRE) Extend the concepts of the time-triggered architecture. Time is synchronized to a global clock, high predictability. Strong in real-time aspect, weak in distributed and embedded. Asynchronous Event-driven Distributed Real-time Embedded (AEDRE) Reactive, event-driven communication paradigm. Better utilization, energy consumption than TTDRE. Strong in distributed and embedded aspect. Gabor Madl (UC Irvine) Model-based Analysis of DRE Systems Final Defense 4 / 40

Introduction Motivation Composing Time- and Event-Driven DRE Systems Time-triggered Distributed Real-time Embedded (TTDRE) Extend the concepts of the time-triggered architecture. Time is synchronized to a global clock, high predictability. Strong in real-time aspect, weak in distributed and embedded. Asynchronous Event-driven Distributed Real-time Embedded (AEDRE) Reactive, event-driven communication paradigm. Better utilization, energy consumption than TTDRE. Strong in distributed and embedded aspect. Gabor Madl (UC Irvine) Model-based Analysis of DRE Systems Final Defense 4 / 40

Introduction Key Contributions Key Contributions of this Dissertation 1 Definition of a formal semantic domain for AEDRE systems. Based on timed automata and discrete event systems. 2 A model checking method for the real-time verification of non-preemptive DRE systems by timed automata. Abstract model of dependencies and platform. 3 A performance estimation method for DRE systems by Discrete Event Simulations (DES). CPU-bound real-time analysis method, can achieve 100% coverage. 4 A conservative approximation method for the verification of preemptive DRE systems by timed automata. First decidable method for the real-time model checking of AEDRE systems. Gabor Madl (UC Irvine) Model-based Analysis of DRE Systems Final Defense 5 / 40

Introduction Key Contributions Key Contributions of this Dissertation 1 Definition of a formal semantic domain for AEDRE systems. Based on timed automata and discrete event systems. 2 A model checking method for the real-time verification of non-preemptive DRE systems by timed automata. Abstract model of dependencies and platform. 3 A performance estimation method for DRE systems by Discrete Event Simulations (DES). CPU-bound real-time analysis method, can achieve 100% coverage. 4 A conservative approximation method for the verification of preemptive DRE systems by timed automata. First decidable method for the real-time model checking of AEDRE systems. Gabor Madl (UC Irvine) Model-based Analysis of DRE Systems Final Defense 5 / 40

Introduction Key Contributions Key Contributions of this Dissertation 1 Definition of a formal semantic domain for AEDRE systems. Based on timed automata and discrete event systems. 2 A model checking method for the real-time verification of non-preemptive DRE systems by timed automata. Abstract model of dependencies and platform. 3 A performance estimation method for DRE systems by Discrete Event Simulations (DES). CPU-bound real-time analysis method, can achieve 100% coverage. 4 A conservative approximation method for the verification of preemptive DRE systems by timed automata. First decidable method for the real-time model checking of AEDRE systems. Gabor Madl (UC Irvine) Model-based Analysis of DRE Systems Final Defense 5 / 40

Introduction Key Contributions Key Contributions of this Dissertation 1 Definition of a formal semantic domain for AEDRE systems. Based on timed automata and discrete event systems. 2 A model checking method for the real-time verification of non-preemptive DRE systems by timed automata. Abstract model of dependencies and platform. 3 A performance estimation method for DRE systems by Discrete Event Simulations (DES). CPU-bound real-time analysis method, can achieve 100% coverage. 4 A conservative approximation method for the verification of preemptive DRE systems by timed automata. First decidable method for the real-time model checking of AEDRE systems. Gabor Madl (UC Irvine) Model-based Analysis of DRE Systems Final Defense 5 / 40

Introduction Key Contributions Application Domains Investigated in this Dissertation 1 The domain of software-intensive DRE systems, in the context of the Boeing Bold Stroke execution platform. 2 The cross-abstraction analysis of multimedia Multi-Processor Systems-on-Chip (MPSoCs). 3 The novelty of our approach: Combining formal methods and symbolic simulations. Utilizing multiple abstractions to trade off analysis accuracy in scalability. Key Contributions Gabor Madl (UC Irvine) Model-based Analysis of DRE Systems Final Defense 6 / 40

Introduction Key Contributions Application Domains Investigated in this Dissertation 1 The domain of software-intensive DRE systems, in the context of the Boeing Bold Stroke execution platform. 2 The cross-abstraction analysis of multimedia Multi-Processor Systems-on-Chip (MPSoCs). 3 The novelty of our approach: Combining formal methods and symbolic simulations. Utilizing multiple abstractions to trade off analysis accuracy in scalability. Key Contributions Gabor Madl (UC Irvine) Model-based Analysis of DRE Systems Final Defense 6 / 40

Introduction Key Contributions Application Domains Investigated in this Dissertation 1 The domain of software-intensive DRE systems, in the context of the Boeing Bold Stroke execution platform. 2 The cross-abstraction analysis of multimedia Multi-Processor Systems-on-Chip (MPSoCs). 3 The novelty of our approach: Combining formal methods and symbolic simulations. Utilizing multiple abstractions to trade off analysis accuracy in scalability. Key Contributions Gabor Madl (UC Irvine) Model-based Analysis of DRE Systems Final Defense 6 / 40

Introduction Model-based Analysis Model-based Design and Analysis of DRE Systems Design flow driven by DSM, a high-level specification that captures key properties. DSM mapped to formal executable model for verification and evaluation. Formal models drive functional verification. Combine simulations and formal methods. Model-based Analysis Gabor Madl (UC Irvine) Model-based Analysis of DRE Systems Final Defense 7 / 40

Formal Modeling The Alderis Domain-specific Modeling Language Specifying the Alderis DSML by Meta-modeling The Alderis DSML is a 6-tuple A = {T, C, TR, TH, M, D} where: T is a set of tasks, C is a set of communication channels: C T, TR is a set of timers: TR T, TH is a set of execution threads, M is a set of machines. D is the task dependency relationship: D T T. Specifying DSMLs by Meta-modeling Gabor Madl (UC Irvine) Model-based Analysis of DRE Systems Final Defense 8 / 40

Formal Modeling The Alderis Domain-specific Modeling Language The DRE Semantic Domain Timed Automata Representation Timer: publishes events at periodic time intervals. Nonp Task: models computation time. Task: approximates a preemptable task. Buffer: models FIFO, allows non-blocking communication. Channel: Buffer with delay. Scheduler: specifies the scheduling policy. The DRE Semantic Domain Gabor Madl (UC Irvine) Model-based Analysis of DRE Systems Final Defense 9 / 40

Formal Modeling The Alderis Domain-specific Modeling Language The DRE Semantic Domain Discrete Event Representation A discrete event system is a 5-tuple G = (Q, Σ, δ, q 0, Q m ) Q is a finite set of states, Σ is a finite alphabet of event labels, δ : Q Σ Q is the transition function, q 0 is the initial state, and Q m is the set of marker states (exiting states). The DRE Semantic Domain Gabor Madl (UC Irvine) Model-based Analysis of DRE Systems Final Defense 10 / 40

Real-time Verification by Timed Automata Model-based Analysis Real-time Verification by Timed Automata DSM specified using Alderis. Alderis mapped to timed automata by Dream. Model check timed automata by Uppaal or Verimag IF. Applied to software-intensive DRE systems. Model-based Analysis Gabor Madl (UC Irvine) Model-based Analysis of DRE Systems Final Defense 11 / 40

Real-time Verification by Timed Automata Model-based Analysis Real-time Verification by Timed Automata DSM specified using Alderis. Alderis mapped to timed automata by Dream. Model check timed automata by Uppaal or Verimag IF. Applied to software-intensive DRE systems. Model-based Analysis Gabor Madl (UC Irvine) Model-based Analysis of DRE Systems Final Defense 11 / 40

Real-time Verification by Timed Automata Software-Intensive DRE Systems The Boeing Bold Stroke Execution Platform Real-time CORBA avionics application. Software timers, asynchronous event propagation. Thread pool policy: half-sync half-async. Event channels have their own thread, asynchronous message invocation (AMI). The Bold Stroke Platform Gabor Madl (UC Irvine) Model-based Analysis of DRE Systems Final Defense 12 / 40

Real-time Verification by Timed Automata Applying Alderis to DRE Systems Modeling The DRE Avionics Application by Alderis Non-preemptive multi-processor platform. 5 Timers on 5 CPUs. Captures dependencies and event flow. Communication delays modeled as Channels. Problem: deciding schedulability. Avionics DRE Application Gabor Madl (UC Irvine) Model-based Analysis of DRE Systems Final Defense 13 / 40

Real-time Verification by Timed Automata The DRE Semantic Domain Partial Timed Automata Model of the Application Gabor Madl (UC Irvine) Model-based Analysis of DRE Systems Final Defense 14 / 40

Performance Estimation by Discrete Event Scheduling Model-based Analysis Performance Estimation by DES DSM specified using Alderis. Alderis utilized by Dream using discrete event semantics. Use Dream for performance estimation or real-time verification. Applied to software-intensive DRE systems. Model-based Analysis Gabor Madl (UC Irvine) Model-based Analysis of DRE Systems Final Defense 15 / 40

Performance Estimation by Discrete Event Scheduling Model-based Analysis Performance Estimation by DES DSM specified using Alderis. Alderis utilized by Dream using discrete event semantics. Use Dream for performance estimation or real-time verification. Applied to software-intensive DRE systems. Model-based Analysis Gabor Madl (UC Irvine) Model-based Analysis of DRE Systems Final Defense 15 / 40

Performance Estimation by Discrete Event Scheduling Problem Formulation Performance Estimation Problem Performance and Schedulability Analysis In AEDRE systems WCET analysis is not sufficient. The product of local WCET times does not necessarily correspond to the global WCET. Analysis has to capture execution intervals in continuous time. Motivating Example for Non-WCET Deadline Miss Gabor Madl (UC Irvine) Model-based Analysis of DRE Systems Final Defense 16 / 40

Performance Estimation by Discrete Event Scheduling Event Order Tree Enumerating Execution Traces Event Order Tree DE semantics, jump to event with the smallest timestamp. A run is the chronological sequence of events occurred. 2 execution traces are equivalent, iff they contain the same events in the same order. Enumerate equivalent execution traces. Gabor Madl (UC Irvine) Model-based Analysis of DRE Systems Final Defense 17 / 40

Performance Estimation by Discrete Event Scheduling Comparison with Alternative Approaches Evaluating the Proposed Method Random/Directed Simulations Proposed method achieves 100% coverage. Continuously increases coverage. Static Analysis Methods Captures dynamic effects such as race conditions, congestions on bus. More accurate. Timed Automata Model Checking Calculates WCET instead of answering yes/no question. CPU-bound; it can return partial results on large models. Gabor Madl (UC Irvine) Model-based Analysis of DRE Systems Final Defense 18 / 40

Performance Estimation by Discrete Event Scheduling Comparison with Alternative Approaches Evaluating the Proposed Method Random/Directed Simulations Proposed method achieves 100% coverage. Continuously increases coverage. Static Analysis Methods Captures dynamic effects such as race conditions, congestions on bus. More accurate. Timed Automata Model Checking Calculates WCET instead of answering yes/no question. CPU-bound; it can return partial results on large models. Gabor Madl (UC Irvine) Model-based Analysis of DRE Systems Final Defense 18 / 40

Performance Estimation by Discrete Event Scheduling Comparison with Alternative Approaches Evaluating the Proposed Method Random/Directed Simulations Proposed method achieves 100% coverage. Continuously increases coverage. Static Analysis Methods Captures dynamic effects such as race conditions, congestions on bus. More accurate. Timed Automata Model Checking Calculates WCET instead of answering yes/no question. CPU-bound; it can return partial results on large models. Gabor Madl (UC Irvine) Model-based Analysis of DRE Systems Final Defense 18 / 40

Conservative Approximation of Preemptive Scheduling Model-based Analysis Conservative Approximation of Preemptive Scheduling DSM specified using Alderis. Alderis mapped to stopwatch automata decidability issues. Alderis mapped to timed automata approximation by Dream. Model check timed automata by Uppaal or Verimag IF. Applied to software-intensive DRE systems. Model-based Analysis Gabor Madl (UC Irvine) Model-based Analysis of DRE Systems Final Defense 19 / 40

Conservative Approximation of Preemptive Scheduling Model-based Analysis Conservative Approximation of Preemptive Scheduling DSM specified using Alderis. Alderis mapped to stopwatch automata decidability issues. Alderis mapped to timed automata approximation by Dream. Model check timed automata by Uppaal or Verimag IF. Applied to software-intensive DRE systems. Model-based Analysis Gabor Madl (UC Irvine) Model-based Analysis of DRE Systems Final Defense 19 / 40

Conservative Approximation of Preemptive Scheduling Task Stopwatch Automata Modeling a Preemptable Task Stopwatch can be stopped, resumed and resetted. Clock valuation v t measures time passed since enabling event. Clock valuation v sw measures time spent executing. 0 v sw v t, 0 v sw wcet. Task Stopwatch Automata en i start (stop start) en j e 2 i=1 τ 2i τ 2i 1 dl wcet. Gabor Madl (UC Irvine) Model-based Analysis of DRE Systems Final Defense 20 / 40

Conservative Approximation of Preemptive Scheduling Task Stopwatch Automata Modeling a Preemptable Task Stopwatch can be stopped, resumed and resetted. Clock valuation v t measures time passed since enabling event. Clock valuation v sw measures time spent executing. 0 v sw v t, 0 v sw wcet. Task Stopwatch Automata en i start (stop start) en j e 2 i=1 τ 2i τ 2i 1 dl wcet. Gabor Madl (UC Irvine) Model-based Analysis of DRE Systems Final Defense 20 / 40

Conservative Approximation of Preemptive Scheduling Task Timed Automata Approximating TSA by TTA Task Timed Automata Reachability analysis undecidable on stopwatch automata in general. Approximate stopwatch automata by timed automata. If TTA schedulable TSA schedulable. Gabor Madl (UC Irvine) Model-based Analysis of DRE Systems Final Defense 21 / 40

Conservative Approximation of Preemptive Scheduling Task Timed Automata Approximating TSA by TTA Task Timed Automata Reachability analysis undecidable on stopwatch automata in general. Approximate stopwatch automata by timed automata. If TTA schedulable TSA schedulable. Gabor Madl (UC Irvine) Model-based Analysis of DRE Systems Final Defense 21 / 40

Conservative Approximation of Preemptive Scheduling Language Inclusion TTA Schedulable TSA Schedulable S L(S) = enable i start (stop start) enable j. S L(T ) = enable i start (stop start) 0...m enable j. TSA: e 2 i=1 τ 2i τ 2i 1 dl wcet. TTA: e 2 i=1 τ 2i τ 2i 1 + t u dl wcet. L(T ) L(S) iff L(T ) L(S) =. t stop + e 2 i=1 t u dl wcet t stop > dl wcet. Since t u R 0, therefore 0 e 2 i=1 t u. Contradiction. If TTA schedulable TSA schedulable. Gabor Madl (UC Irvine) Model-based Analysis of DRE Systems Final Defense 22 / 40

Conservative Approximation of Preemptive Scheduling Language Inclusion TTA Schedulable TSA Schedulable S L(S) = enable i start (stop start) enable j. S L(T ) = enable i start (stop start) 0...m enable j. TSA: e 2 i=1 τ 2i τ 2i 1 dl wcet. TTA: e 2 i=1 τ 2i τ 2i 1 + t u dl wcet. L(T ) L(S) iff L(T ) L(S) =. t stop + e 2 i=1 t u dl wcet t stop > dl wcet. Since t u R 0, therefore 0 e 2 i=1 t u. Contradiction. If TTA schedulable TSA schedulable. Gabor Madl (UC Irvine) Model-based Analysis of DRE Systems Final Defense 22 / 40

Conservative Approximation of Preemptive Scheduling Language Inclusion TTA Schedulable TSA Schedulable S L(S) = enable i start (stop start) enable j. S L(T ) = enable i start (stop start) 0...m enable j. TSA: e 2 i=1 τ 2i τ 2i 1 dl wcet. TTA: e 2 i=1 τ 2i τ 2i 1 + t u dl wcet. L(T ) L(S) iff L(T ) L(S) =. t stop + e 2 i=1 t u dl wcet t stop > dl wcet. Since t u R 0, therefore 0 e 2 i=1 t u. Contradiction. If TTA schedulable TSA schedulable. Gabor Madl (UC Irvine) Model-based Analysis of DRE Systems Final Defense 22 / 40

Conservative Approximation of Preemptive Scheduling Language Inclusion TTA Schedulable TSA Schedulable S L(S) = enable i start (stop start) enable j. S L(T ) = enable i start (stop start) 0...m enable j. TSA: e 2 i=1 τ 2i τ 2i 1 dl wcet. TTA: e 2 i=1 τ 2i τ 2i 1 + t u dl wcet. L(T ) L(S) iff L(T ) L(S) =. t stop + e 2 i=1 t u dl wcet t stop > dl wcet. Since t u R 0, therefore 0 e 2 i=1 t u. Contradiction. If TTA schedulable TSA schedulable. Gabor Madl (UC Irvine) Model-based Analysis of DRE Systems Final Defense 22 / 40

Conservative Approximation of Preemptive Scheduling Language Inclusion TTA Schedulable TSA Schedulable S L(S) = enable i start (stop start) enable j. S L(T ) = enable i start (stop start) 0...m enable j. TSA: e 2 i=1 τ 2i τ 2i 1 dl wcet. TTA: e 2 i=1 τ 2i τ 2i 1 + t u dl wcet. L(T ) L(S) iff L(T ) L(S) =. t stop + e 2 i=1 t u dl wcet t stop > dl wcet. Since t u R 0, therefore 0 e 2 i=1 t u. Contradiction. If TTA schedulable TSA schedulable. Gabor Madl (UC Irvine) Model-based Analysis of DRE Systems Final Defense 22 / 40

Combining Simulations and Model Checking for MPSoCs Model-based Analysis Combining Simulations and Model Checking for MPSoCs DSM specified using Alderis. Alderis mapped to finite state machine model manually using templates. SystemC implementation of the model used to obtain execution parameters. Annotate formal models by simulation data. Perform model checking on the FSM model by NuSMV. Applied to JPEG 2000 multimedia design. Model-based Analysis Gabor Madl (UC Irvine) Model-based Analysis of DRE Systems Final Defense 23 / 40

Combining Simulations and Model Checking for MPSoCs Model-based Analysis Combining Simulations and Model Checking for MPSoCs DSM specified using Alderis. Alderis mapped to finite state machine model manually using templates. SystemC implementation of the model used to obtain execution parameters. Annotate formal models by simulation data. Perform model checking on the FSM model by NuSMV. Applied to JPEG 2000 multimedia design. Model-based Analysis Gabor Madl (UC Irvine) Model-based Analysis of DRE Systems Final Defense 23 / 40

Combining Simulations and Model Checking for MPSoCs Challenges in MPSoC Design Challenges 1 Functional Verification Deadlock-freedom and livelock-freedom not guaranteed. Access to the bus is managed by an arbiter (or several arbiters). Communication subsystem has a major impact. Cycle-accurate Finite State Machine (FSM) model. 2 Performance Estimation MPSoCs can be viewed as DRE systems. Point arbitration in fully connected bus matrices modeled as non-preemptive scheduling. Transaction-level Discrete Event Simulations (DES). 3 Real-time Verification Need to ensure real-time schedulability. End-to-end real-time constraints. Transaction-level timed automata model checking. Gabor Madl (UC Irvine) Model-based Analysis of DRE Systems Final Defense 24 / 40

Combining Simulations and Model Checking for MPSoCs Challenges in MPSoC Design Challenges 1 Functional Verification Deadlock-freedom and livelock-freedom not guaranteed. Access to the bus is managed by an arbiter (or several arbiters). Communication subsystem has a major impact. Cycle-accurate Finite State Machine (FSM) model. 2 Performance Estimation MPSoCs can be viewed as DRE systems. Point arbitration in fully connected bus matrices modeled as non-preemptive scheduling. Transaction-level Discrete Event Simulations (DES). 3 Real-time Verification Need to ensure real-time schedulability. End-to-end real-time constraints. Transaction-level timed automata model checking. Gabor Madl (UC Irvine) Model-based Analysis of DRE Systems Final Defense 24 / 40

Combining Simulations and Model Checking for MPSoCs Challenges in MPSoC Design Challenges 1 Functional Verification Deadlock-freedom and livelock-freedom not guaranteed. Access to the bus is managed by an arbiter (or several arbiters). Communication subsystem has a major impact. Cycle-accurate Finite State Machine (FSM) model. 2 Performance Estimation MPSoCs can be viewed as DRE systems. Point arbitration in fully connected bus matrices modeled as non-preemptive scheduling. Transaction-level Discrete Event Simulations (DES). 3 Real-time Verification Need to ensure real-time schedulability. End-to-end real-time constraints. Transaction-level timed automata model checking. Gabor Madl (UC Irvine) Model-based Analysis of DRE Systems Final Defense 24 / 40

Combining Simulations and Model Checking for MPSoCs Functional Verification Modeling AMBA AHB Cycle-accurate Finite State Machine (FSM) model. Modeled generic master (6 states), slave (4 slaves), round-robin arbiter. Use FSM models for functional verification & performance estimation. Uncovered previously undocumented ambiguity. AMBA AHB Master Gabor Madl (UC Irvine) Model-based Analysis of DRE Systems Final Defense 25 / 40

Combining Simulations and Model Checking for MPSoCs Functional Verification Ambiguity in the AMBA AHB Protocol Possible Deadlock Slave has previously split Master 1. Slave in transaction with Master 2. Issue HSPLIT 1 while setting RETRY response. Should arbiter hold its state, or unmask Master 1? Gabor Madl (UC Irvine) Model-based Analysis of DRE Systems Final Defense 26 / 40

Combining Simulations and Model Checking for MPSoCs Functional Verification Ambiguity in the AMBA AHB Protocol Possible Deadlock Slave has previously split Master 1. Slave in transaction with Master 2. Issue HSPLIT 1 while setting RETRY response. Should arbiter hold its state, or unmask Master 1? Gabor Madl (UC Irvine) Model-based Analysis of DRE Systems Final Defense 26 / 40

Combining Simulations and Model Checking for MPSoCs Application to JPEG 2000 Encoder Combining Simulations and Model Checking for MPSoC Evaluation Obtain execution intervals for components by SystemC simulations. Calculate size of messages on bus. Annotate formal models with parameters from simulations Model check to find actual end-to-end WCET times. Gabor Madl (UC Irvine) Model-based Analysis of DRE Systems Final Defense 27 / 40

Combining Simulations and Model Checking for MPSoCs Application to JPEG 2000 Encoder Combining Simulations and Model Checking for MPSoC Evaluation Obtain execution intervals for components by SystemC simulations. Calculate size of messages on bus. Annotate formal models with parameters from simulations Model check to find actual end-to-end WCET times. Gabor Madl (UC Irvine) Model-based Analysis of DRE Systems Final Defense 27 / 40

Combining Simulations and Model Checking for MPSoCs Evaluating the Performance of Design Alternatives Comparing Simulations and Model Checking Performance Estimates Communication Overhead Estimates Gabor Madl (UC Irvine) Model-based Analysis of DRE Systems Final Defense 28 / 40

Cross-abstraction Real-time Analysis of MPSoCs Model-based Analysis Cross-abstraction Real-time Analysis of MPSoCs SystemC implementation of the model used to obtain execution parameters. Perform functional verification on the FSM model by NuSMV. Use Dream for performance estimation. Real-time verification of timed automata by Uppaal or Verimag IF. Applied to networking router design. Model-based Analysis Gabor Madl (UC Irvine) Model-based Analysis of DRE Systems Final Defense 29 / 40

Cross-abstraction Real-time Analysis of MPSoCs Model-based Analysis Cross-abstraction Real-time Analysis of MPSoCs SystemC implementation of the model used to obtain execution parameters. Perform functional verification on the FSM model by NuSMV. Use Dream for performance estimation. Real-time verification of timed automata by Uppaal or Verimag IF. Applied to networking router design. Model-based Analysis Gabor Madl (UC Irvine) Model-based Analysis of DRE Systems Final Defense 29 / 40

Cross-abstraction Real-time Analysis of MPSoCs The Carta Framework Analysis of Bus Matrix MPSoC Designs The Carta Framework Transaction-level simulations improve the analysis performance for MPSoCs. Could we trade off analysis performance and accuracy for model checking? Key contribution; show how analysis methods for DRE systems can be applied to MPSoCs. Gabor Madl (UC Irvine) Model-based Analysis of DRE Systems Final Defense 30 / 40

Cross-abstraction Real-time Analysis of MPSoCs The Carta Framework Analysis of Bus Matrix MPSoC Designs The Carta Framework Transaction-level simulations improve the analysis performance for MPSoCs. Could we trade off analysis performance and accuracy for model checking? Key contribution; show how analysis methods for DRE systems can be applied to MPSoCs. Gabor Madl (UC Irvine) Model-based Analysis of DRE Systems Final Defense 30 / 40

Cross-abstraction Real-time Analysis of MPSoCs The Carta Framework Analysis of Bus Matrix MPSoC Designs The Carta Framework Transaction-level simulations improve the analysis performance for MPSoCs. Could we trade off analysis performance and accuracy for model checking? Key contribution; show how analysis methods for DRE systems can be applied to MPSoCs. Gabor Madl (UC Irvine) Model-based Analysis of DRE Systems Final Defense 30 / 40

Cross-abstraction Real-time Analysis of MPSoCs Applying Alderis to MPSoC Designs Transaction-level Modeling of Bus Matrix Interconnects Formal analysis is simplified in fully connected bus matrices. Point arbitration can be expressed as non-preemptive scheduling. Networking Router Design Alderis Model Gabor Madl (UC Irvine) Model-based Analysis of DRE Systems Final Defense 31 / 40

Cross-abstraction Real-time Analysis of MPSoCs Evaluating the Networking Router Design Applying Cross-abstraction Analysis to Networking Router Design Analysis Time and Memory Consumption Functional verification at cycle-accurate abstraction, by FSM. Performance estimation at transaction-level, by DES. Real-time verification at transaction-level, by timed automata. Gabor Madl (UC Irvine) Model-based Analysis of DRE Systems Final Defense 32 / 40

Distributed Real-time Embedded Analysis Method The Open-source Dream Framework Distributed Real-time Embedded Analysis Method (Dream) Gabor Madl (UC Irvine) Model-based Analysis of DRE Systems Final Defense 33 / 40

Concluding Remarks & Future Work Concluding Remarks Concluding Remarks 1 Formal Modeling; the Alderis Domain-specific Modeling Language (DSML). 2 Real-time Verification by Timed Automata (non-preemptive) [3, 7, 8, 9]. 3 Performance Estimation by Discrete Event Simulations (DES) [5]. 4 Conservative Approximation of Preemptive Scheduling by Timed Automata [4]. 5 Combining Simulations and Model Checking for MPSoCs [1, 6]. 6 Cross-abstraction Analysis of MPSoCs [2]. 7 The Open-source Dream Framework [10]. Gabor Madl (UC Irvine) Model-based Analysis of DRE Systems Final Defense 34 / 40

Concluding Remarks & Future Work Future Work Future Work Hierarchical (compositional) approach to verification. Energy (and power) verification. Multi-core implementation of the DES-based real-time analysis method. Integration with real-time calculus. Real-time kernel based on the open-source Dream tool. Run-time analysis. Integration with Model Predictive Control/Supervisory Control. Gabor Madl (UC Irvine) Model-based Analysis of DRE Systems Final Defense 35 / 40

Related Publications I Appendix Related Publications G. Madl, S. Pasricha, Q. Zhu, L. A. D. Bathen, and N. Dutt. Combining Transaction-level Simulations and Model Checking for MPSoC Verification and Performance Evaluation. ACM Transactions on Design Automation of Electronic Systems (submitted for publication), 2009. G. Madl, S. Pasricha, N. Dutt, and S. Abdelwahed. Cross-abstraction Functional Verification and Performance Analysis of Chip Multiprocessor Designs. IEEE Transactions on Industrial Informatics, Special Section on Real-time and (Networked) Embedded Systems (submitted for publication), 2009. Gabor Madl (UC Irvine) Model-based Analysis of DRE Systems Final Defense 36 / 40

Related Publications II Appendix Related Publications G. Madl, S. Abdelwahed, and D. C. Schmidt. Verifying Distributed Real-time Properties of Embedded Systems via Graph Transformations and Model Checking. Real-Time Systems, 33:77 100, Jul 2006. G. Madl, N. Dutt, and S. Abdelwahed. A Conservative Approximation Method for the Verification of Preemptive Scheduling using Timed Automata. In Proceedings of RTAS, pages 255 264, April 2009. G. Madl, N. Dutt, and S. Abdelwahed. Performance Estimation of Distributed Real-time Embedded Systems by Discrete Event Simulations. In Proceedings of EMSOFT, October 2007. Gabor Madl (UC Irvine) Model-based Analysis of DRE Systems Final Defense 37 / 40

Related Publications III Appendix Related Publications G. Madl, S. Pasricha, Q. Zhu, L. A. D. Bathen, and N. Dutt. Formal Performance Evaluation of AMBA-based System-on-Chip Designs. In Proceedings of EMSOFT, pages 311 320, October 2006. G. Madl and S. Abdelwahed. Model-based Analysis of Distributed Real-time Embedded System Composition. In Proceedings of EMSOFT, 2005. G. Madl, S. Abdelwahed, and G. Karsai. Automatic Verification of Component-Based Real-Time CORBA Applications. In Proceedings of RTSS, pages 231 240, December 2004. Gabor Madl (UC Irvine) Model-based Analysis of DRE Systems Final Defense 38 / 40

Related Publications IV Appendix Related Publications G. Madl and N. Dutt. Domain-specific Modeling of Power Aware Distributed Real-time Embedded Systems. In Proceedings of the 6th Workshop on Embedded Computer Systems: Architectures, Modeling, and Simulation (SAMOS), 2006. G. Madl and N. Dutt. Tutorial for the Open-source Dream Tool. In CECS Technical Report, 2006. Gabor Madl (UC Irvine) Model-based Analysis of DRE Systems Final Defense 39 / 40

Questions? Appendix Thank you! Open-source Dream Tool: http://dre.sourceforge.net Alderis Modeling Language: http://alderis.ics.uci.edu Gabor Madl (UC Irvine) Model-based Analysis of DRE Systems Final Defense 40 / 40

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback