Applied Formal Methods - From CSP to Executable Hybrid Specifications

Similar documents
Dr. Ing. Cornelia Zahlten. Prof. Dr. Jan Peleska. Concepts and Implementation. Hard Real-Time Test Tools

In this presentation,...

Testing Operating Systems with RT-Tester

Turn Indicator Model Overview

Applied Formal Methods - From CSP to Executable Hybrid Specifications

Model-based testing in the automotive industry challenges and solutions

Practical Model-based Testing With Papyrus and RT-Tester

Software Testing IV. Prof. Dr. Holger Schlingloff. Humboldt-Universität zu Berlin

Testing Distributed Systems

COMP 763. Eugene Syriani. Ph.D. Student in the Modelling, Simulation and Design Lab School of Computer Science. McGill University

Process and data flow modeling

Advanced Tool Architectures. Edited and Presented by Edward A. Lee, Co-PI UC Berkeley. Tool Projects. Chess Review May 10, 2004 Berkeley, CA

Embedded Software Engineering

A Test Case Generation Algorithm for Real-Time Systems

The Embedded Systems Design Challenge. EPFL Verimag

Embedded software design with Polychrony

Moby/plc { Graphical Development of. University of Oldenburg { Department of Computer Science. P.O.Box 2503, D Oldenburg, Germany

Programming Languages for Real-Time Systems. LS 12, TU Dortmund

A Model-Driven Approach to Embedded Control System Implementation

System-level co-modeling AADL and Simulink specifications using Polychrony (and Syndex)

HW/SW Design Space Exploration on the Production Cell Setup

Distributed Systems Programming (F21DS1) Formal Verification

V&V: Model-based testing

What are Embedded Systems? Lecture 1 Introduction to Embedded Systems & Software

DIVERSITY TG Automatic Test Case Generation from Matlab/Simulink models. Diane Bahrami, Alain Faivre, Arnault Lapitre

THE ETSI TEST DESCRIPTION LANGUAGE (TDL)

An Information Model for High-Integrity Real Time Systems

Dynamic Modeling - Finite State Machines

SWE 760 Lecture 1: Introduction to Analysis & Design of Real-Time Embedded Systems

Hierarchical Modeling and Analysis of Embedded Systems

Modal Models in Ptolemy

Hardware Description Languages & System Description Languages Properties

Timed Automata: Semantics, Algorithms and Tools

Functional Safety and Safety Standards: Challenges and Comparison of Solutions AA309

Exercise Unit 2: Modeling Paradigms - RT-UML. UML: The Unified Modeling Language. Statecharts. RT-UML in AnyLogic

Platform modeling and allocation

Model-Based Testing for the Second Generation of Integrated Modular Avionics

Outline. SLD challenges Platform Based Design (PBD) Leveraging state of the art CAD Metropolis. Case study: Wireless Sensor Network

System Level Design with IBM PowerPC Models

Interactions A link message

FZI Forschungszentrum Informatik

Refinement Using µ-charts: The Compaq Grand Slam Cup Case Study Revisited

Towards Compositional Testing of Real-Time Systems

CIS 1.5 Course Objectives. a. Understand the concept of a program (i.e., a computer following a series of instructions)

Automated Formal Methods for Embedded Systems

Using Hybrid Automata for Early Spacecraft Design Evaluation

Test Automation for Hybrid Systems

Safety and Reliability of Software-Controlled Systems Part 14: Fault mitigation

Integrated HW/SW Systems: Requirements

Towards an Integrated System Model for Testing and Verification

AN AUTOMATED, FLEXIBLE TESTING ENVIRONMENT FOR UMTS

Hardware Description Languages & System Description Languages Properties

Hybrid System Modeling: Operational Semantics Issues

13 AutoFocus 3 - A Scientific Tool Prototype for Model-Based Development of Component-Based, Reactive, Distributed Systems

Cover Page. The handle holds various files of this Leiden University dissertation

Deriving safety requirements according to ISO for complex systems: How to avoid getting lost?

Real-time HOOD. Analysis and Design of Embedded Systems and OO* Object-oriented Programming Jan Bendtsen Automation and Control

A scenario-based test approach for testing reactive concurrent systems

Nepal Telecom Nepal Doorsanchar Company Ltd.

21) Functional and Modular Design

Specifications Part 1

Modelling, Specification and Verification of an Emergency Closing System

Formal Modeling and Verification of Interlocking Systems Featuring Sequential Release

Formal Modelling of Railway Interlockings Using Event-B and the Rodin Tool-chain

Model-based Analysis of Event-driven Distributed Real-time Embedded Systems

Testing: Test design and testing process

MARTE Based Modeling Tools Usage Scenarios in Avionics Software Development Workflows

Component Design. Systems Engineering BSc Course. Budapest University of Technology and Economics Department of Measurement and Information Systems

Design For High Performance Flexray Protocol For Fpga Based System

Failure Modelling in Software Architecture Design for Safety

Rhapsody in C Tutorial

Expressing Environment Assumptions and Real-time Requirements for a Distributed Embedded System with Shared Variables

Simulation of LET Models in Simulink and Ptolemy

The AUTOSAR Timing Model --- Status and Challenges. Dr. Kai Richter Symtavision GmbH, Germany

AN INTRODUCTION TO FUZZY SETS Analysis and Design. Witold Pedrycz and Fernando Gomide

Strato and Strato OS. Justin Zhang Senior Applications Engineering Manager. Your new weapon for verification challenge. Nov 2017

Kami: A Framework for (RISC-V) HW Verification

COMPASS: FORMAL METHODS FOR SYSTEM-SOFTWARE CO-ENGINEERING

Programming Embedded Systems

21) Functional and Modular Design

MODEL-BASED DESIGN OF CODE FOR PLC CONTROLLERS

Hardware/Software Co-design

Cyber Physical System Verification with SAL

Modelling and verification of cyber-physical system

An Introduction to Lustre

Introduction to Formal Methods

Hierarchical Composition and Abstraction In Architecture Models

Automatic Code Generation Technology Adoption Lessons Learned from Commercial Vehicle Case Studies

Formal Methods Expert to IMA-SP Kernel Qualification Preparation

CS4514 Real-Time Systems and Modeling

AN EFFICIENT APPROACH FOR MODEL- BASED TESTING: SIEMENS USE CASE IN THE MBAT EUROPEAN PROJECT

Model-based Testing Using Scenarios and Event-B Refinements

Resource-bound process algebras for Schedulability and Performance Analysis of Real-Time and Embedded Systems

Tutorial for TestConductor for RiJ. RiJ Tutorial. for. IBM Rational Rhapsody TestConductor Add On

Simulink/Stateflow. June 2008

Verification of the Requirements Specification

Overall Structure of RT Systems

SoftCOM 2000 THE EFFICIENT SYMBOLIC TOOLS PACKAGE

Concurrent Design of Embedded Control Software

Functional Design of Web Applications. (partially, Chapter 7)

Transcription:

Applied Formal Methods - From CSP to Executable Hybrid Specifications Jan Peleska Technologie-Zentrum Informatik TZI, Universität Bremen and Verified Systems International GmbH, jp@verified.de

Overview 1. Overview: Practice Stimulates Theory Applied CSP and Beyond 2. Specification-Based Hard Real-Time Testing Test Automation for TCSP 3. Hybrid Low-Level Language Framework Transformational semantics and hard real-time execution environment for hybrid formalisms 4. Conclusion Extended abstract and presentation slides available under http://www.tzi.de/~jp

Overview 1. Overview: Practice Stimulates Theory Applied CSP and Beyond 2. Specification-Based Hard Real-Time Testing Test Automation for TCSP 3. Hybrid Low-Level Language Framework Transformational semantics and hard real-time execution environment for hybrid formalisms 4. Conclusion

Practice Stimulates Theory: Applied CSP Fault Tolerant System Development (Philips 1985...) motivates research about CSP Specification Reasoning about Failures Combination of Denotational and Operational Semantics Occam Code Verification for International Space Station ISS (TZI 1996...) motivates research about Code Abstraction Model Checking Compositional Reasoning Testing the Airbus Cabin Communication System (A340,A318) (Verified Systems 1998...) motivates research about Timed CSP Specifications Automated Specification Based Real Time Testing

Practice Stimulates Theory: Beyond CSP Testing Airbus Integrated Modular Avioncis (A380) (Verified Systems 2002...) motivates research about Hybrid Statecharts Test Automation for Hybrid Systems Development of Railway Control Systems from Domain Specific Descriptions motivates research about Hybrid Low Level Language and Execution Framework Transformational Semantics for High Level Formalisms

Overview 1. Overview: Practice Stimulates Theory Applied CSP and Beyond 2. Specification-Based Hard Real-Time Testing Test Automation for TCSP 3. Hybrid Low-Level Language Framework Transformational semantics and hard real-time execution environment for hybrid formalisms 4. Conclusion

Specification-Based Hard Real-Time Testing Hardware-in-the-loop test configurations OPERATIONAL SYSTEM CONFIGURATION HARDWARE IN THE LOOP TEST CONFIGURATION System to be Tested Operational Environment Target System (embedded Controller) Hardware in the Loop Test System System Under Test Target System (embedded Controller) Analog Sensors Analog Actuators Analog Interfaces Discrete Interfaces tested by additional monitoring and state manipulation channels

Specification-Based Hard Real-Time Testing Building blocks of a test automation system Test Generator creates test cases from specifications. This requires Environment Specification: simulation of environment behaviour stimulation all relevant events, in order to trigger specific reactions of system under test (SUT) SUT Specification: to avoid creation of irrelevant tests Test Driver executes test cases in real-time Test Oracle checks SUT test execution against SUT specification Test Monitor checks whether test case executions are complete and required test coverage has been achieved

Specification-Based Hard Real-Time Testing Structural Decomposition Theorem for Networks of Sequential TCSP Processes: TCSP process P may be decomposed into P = PU [ { s0, s1,..., e0, e1,... } ] TIM where PU only contains untimed CSP operators [ ],, \, ->, [], ~, ; and TIM is an interleaving of Timer Processes T following the pattern T = s.t -> ((WAIT t; e.t -> T) [] T) P is timed-failures equivalent to P.

Specification-Based Hard Real-Time Testing Examples for structural decomposition: TCSP processes P = WAIT t; a -> b-> P Q = (a -> Q) [t> (x -> Q) are transformed into PU = s.t -> e.t -> a -> b -> PU QU = s.u -> (a -> QU [] e.u -> x -> QU) with timers T1 = s.t -> ((WAIT t; e.t -> T) [] T) T2 = s.u -> ((WAIT u; e.u -> T) [] T)

Specification-Based Hard Real-Time Testing The system SYS = P [ a ] Q is transformed into SYS = ((PU [ a ] QU) [ s.t, s.u, e.t, e.u ] (T1 t2)) \ { s.t, s.u, e.t, e.u }

Specification-Based Hard Real-Time Testing Basic approach to automated specification-based testing with TCSP: Use un-normalised transition graph representation TG(SYS ) for SYS as defined and implemented for Untimed CSP. TG(SYS ) encodes complete timed failures model of SYS, and therefore of the equivalent original process SYS. Test data generation and checking algorithms are based on traversal of TG(SYS )

Specification-Based Hard Real-Time Testing Test Oracles are implemented by back-to-back checking of SUT behaviour against TG(SYS ). Since TG(SYS ) encodes all information about timers, correctness of timed traces can be checked on-the-fly in hard real-time for deterministic SUT currently applied to development of built-in-test equipment of train control systems. Non-deterministic SUT may be checked in soft real-time by maintaining set S of potential SUT states in the test oracle. Timed trace behaviour of SUT is correct as long as S.

Specification-Based Hard Real-Time Testing Test data generation for timed-failures testing is based on a zone abstraction of TG(SYS ) During time intervals where no timer elapses, SUT behaviour remains stable with respect to refused and accepted events. Since TCSP asserts maximal progress, events refused by SUT may be probed using test patterns like TEST = (a -> ACCEPTED(a)) [t> REFUSED(a) for small t > 0. By blocking specific inputs to or outputs from SUT, testing environment may explore SUT behaviour at time boundaries

Specification-Based Hard Real-Time Testing TG(PU) TG(QU) TIMER1 TIMER2 s.t e.t s.u e.u s.t a s.u x b PU a QU c b e.t e.u e.w TEST SYSTEM a P = WAIT t; a > b > P PU = s.t > e.t > a > b > PU e.v Q = (a > Q) [u> (x > Q) QU = s.u > ( a > QU [] e.u > x > QU) structural decomposition

Overview 1. Overview: Practice Stimulates Theory Applied CSP and Beyond 2. Specification-Based Hard Real-Time Testing Test Automation for TCSP 3. Hybrid Low-Level Language Framework Transformational semantics and hard real-time execution environment for hybrid formalisms 4. Conclusion

Hybrid Low-Level Language Framework Motivation Development, test and formal verification of Hybrid Control Systems, with discrete and time-continuous observables Requirements engineering with physical models requires global observables Specifications to be developed in various formalisms, e. g. Hybrid Statecharts, Hybrid Automata, Duration Calculus, Hybrid CSP,...

Hybrid Low-Level Language Framework Specifications should be automatically transformed into hard real-time execution environment, because development by stepwise refinement... offers too many degrees of freedom, cannot be performed by domain specialists who are not formal methods specialists at the same time. Execution environment should have well-defined real-time semantics

Hybrid Low-Level Language Framework Semantics for new (high-level) formalisms should be defined by transformation into execution environment: Obtain semantic specification model and executable system in a single step Extensions of the new high-level formalism only require extension of the transformation Automatic compilation seems feasible for specific well-defined application domains, such as railway-control systems

Hybrid Low-Level Language Framework HybridUML UML 2.0 Profile Semantics Intuition: Hierarchic Hybrid Automata (Alur et al. CHARON) RTTL REAL TIME TEST LANGUAGE Channel Port Communication Abstraction Test Support Functions: Automated Test Data Generation Automated Checking of SUT Responses Test Verdict Management Automated Log Generation Test Stub Generator HW Drivers+HW Abstraction Associate Formal Semantics by Transformation HL3 HYBRID LOW LEVEL LANGUAGE User Thread Scheduler User Threads: @abstract machine Flows: @flow Atomic transformation: @put(x,timetag) Host Language C/C++ Wait on Condition: @waitcond() Return Thread Ctrl: @yield() Global Variables Thread Context Variables Thread >CPU allocation: @CPU() Timed State Transition System Semantics OPERATING SYSTEM MECHANISMS CPU Reservation Light Weight Processes (LWP) High Resolution Clock Interrupt Relaying Cluster Communication (Myrinet) Reflective Memory (VMIC) competes with GIOTTO

Hybrid Low-Level Language Framework Features of the Hybrid Low-Level Language Framework HL3. Designed as an alternative to Henzinger s GIOTTO HL3 more flexible with respect to applicable programming paradigms Timed transition system semantics Atomic transformations implemented using visibility time tags for global state variables Discretised stepwise integration of flows with guaranteed scheduling precision High-level formalisms are transformed into HL3 Abstract Machines, global state, scheduling conditions and mappings between HW/SW interfaces.

Overview 1. Overview: Practice Stimulates Theory Applied CSP and Beyond 2. Specification-Based Hard Real-Time Testing Test Automation for TCSP 3. Hybrid Low-Level Language Framework Transformational semantics and hard real-time execution environment for hybrid formalisms 4. Conclusion

Conclusion Since 1985, CSP has been applied successfully by the author s research teams at TZI and verifications teams at Philips, DST and Verified Systems International GmbH for Formal specification and verification of dependability mechanisms Code verification by abstraction, model checking and compositional reasoning Automated hard real-time testing Automated generation of real-time simulations

Conclusion (... continued) The main application domains for the listed verification projects have been Fault-tolerant systems (Philips) Space applications (DASA Space Infrastructure) Avionics (Airbus) Railway interlocking and train control systems (Siemens) Automotive control (Daimler Chrysler)

Conclusion (... continued) In order to incorporate physical modelling into the development phases, Hybrid Statecharts have been designed, combining Global discrete and analogue observables, Hierarchical real-time Statecharts Invariants on global state Flow conditions on time-continuous evolutions

Conclusion (... continued) To cope with the evolution of (hybrid) real-time formalisms, the Hybrid Low-Level Language Frame Work (HL3) has been designed to Compile high-level specifications from different formalisms into HL3, Define semantics of high-level specifications by transformation into HL3, Generate executable hard-real time systems by transformation.

Conclusion (... continued) Ongoing research work focuses on Completion of theory and tool support for test automation based on TCSP Development of test data generation methods and strategies for Hybrid Systems Combined model checking and test automation Automated generation of executable systems from domain-specific descriptions

Contributions by...... Peter Amthor, Kirsten Berkenkötter, Stefan Bisanz, Jan Bredereke, Bettina Buth, Markus Dahlweid, Christof Efkemann, Hans-Jürgen Ficker, Ulrich Hannemann, Anne E. Haxthausen, Oliver Meyer, Michael O. Möller, Anders Ravn, Willem-Paul de Roever, Raymond Scholz, Michael B. Schronen, Uwe Schulze, Hauke Steenbock, Aliki Tsiolakis, Cornelia Zahlten,...

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback