Code Generation from CHARON Rajeev Alur, Yerang Hur, Franjo Ivancic, Jesung Kim, Insup Lee, and Oleg Sokolsky University of Pennsylvania.

Slides:



Advertisements
Similar presentations
Tintu David Joy. Agenda Motivation Better Verification Through Symmetry-basic idea Structural Symmetry and Multiprocessor Systems Mur ϕ verification system.
Advertisements

Model Checking for an Executable Subset of UML Fei Xie 1, Vladimir Levin 2, and James C. Browne 1 1 Dept. of Computer Sciences, UT at Austin 2 Bell Laboratories,
Masahiro Fujita Yoshihisa Kojima University of Tokyo May 2, 2008
Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.
ECE 720T5 Fall 2011 Cyber-Physical Systems Rodolfo Pellizzoni.
Timed Automata.
Department of Computer Science and Engineering University of Washington Brian N. Bershad, Stefan Savage, Przemyslaw Pardyak, Emin Gun Sirer, Marc E. Fiuczynski,
Model Checker In-The-Loop Flavio Lerda, Edmund M. Clarke Computer Science Department Jim Kapinski, Bruce H. Krogh Electrical & Computer Engineering MURI.
Programming Languages Marjan Sirjani 2 2. Language Design Issues Design to Run efficiently : early languages Easy to write correctly : new languages.
Chapter 6 Security Kernels.
ECE 720T5 Fall 2012 Cyber-Physical Systems Rodolfo Pellizzoni.
Combining Symbolic Simulation and Interval Arithmetic for the Verification of AMS Designs Mohamed Zaki, Ghiath Al Sammane, Sofiene Tahar, Guy Bois FMCAD'07.
CS 355 – Programming Languages
Automatic Verification of Component-Based Real-Time CORBA Applications Gabor Madl Sherif Abdelwahed
Automated creation of verification models for C-programs Yury Yusupov Saint-Petersburg State Polytechnic University The Second Spring Young Researchers.
Modular Specification of Hybrid Systems in CHARON R. Alur, R. Grosu, Y. Hur, V. Kumar, I. Lee University of Pennsylvania SDRL and GRASP.
Modeling and Verification of Embedded Software Rajeev Alur POPL Mentoring Workshop, Jan 2012 University of Pennsylvania.
Integrated Design and Analysis Tools for Software-Based Control Systems Shankar Sastry (PI) Tom Henzinger Edward Lee University of California, Berkeley.
System Design Research Lab University of Pennylvania 2/8/2006 CHARON modeling language.
Testing and Monitoring at Penn Testing and Monitoring Model-based Generated Program Li Tan, Jesung Kim, and Insup Lee July, 2003.
DIVES: Design, Implementation and Validation of Embedded Software Alur, Kumar, Lee(PI), Pappas, Sokolsky GRASP/SDRL University of Pennsylvania
Behavioral Design Outline –Design Specification –Behavioral Design –Behavioral Specification –Hardware Description Languages –Behavioral Simulation –Behavioral.
1 University of Pennsylvania Demonstrations Alur, Kumar, Lee, Pappas Rafael Fierro Yerang Hur Franjo Ivancic PK Mishra.
SDRL and GRASP University of Pennsylvania 6/27/00 MoBIES 1 Design, Implementation, and Validation of Embedded Software (DIVES) Contract No. F C-1707.
From Hybrid Models to Embedded Software Rajeev Alur System Design Research Lab University of Pennsylvania Workshop on Robustness,
University of Pennsylvania 1 SDRL CHARON SDRL and GRASP University of Pennsylvania Funded by DARPA ITO.
Modeling Hybrid Systems Yerang Hur CIS 640, October 10, 2002 Department of Computer and Information Science University of Pennsylvania Code generation.
Chapter 13 Embedded Systems
Mixing Models of Computation Jie Liu Palo Alto Research Center (PARC) 3333 Coyote Hill Rd., Palo Alto, CA joint work with Prof. Edward.
CIS 700-3: Selected Topics in Embedded Systems Insup Lee University of Pennsylvania June 24, 2015 Introduction.
Expressing Giotto in xGiotto and related schedulability problems Class Project Presentation Concurrent Models of Computation for Embedded Software University.
February 21, 2008 Center for Hybrid and Embedded Software Systems Mapping A Timed Functional Specification to a Precision.
Interfaces for Control Components Rajeev Alur University of Pennsylvania Joint work with Gera Weiss (and many others)
System Design Research Laboratory Model-based Testing and Monitoring for Hybrid Embedded Systems Li Tan Jesung Kim Oleg Sokolsky Insup Lee University of.
Model-based Analysis of Distributed Real-time Embedded System Composition Gabor Madl Sherif Abdelwahed
November 18, 2004 Embedded System Design Flow Arkadeb Ghosal Alessandro Pinto Daniele Gasperini Alberto Sangiovanni-Vincentelli
DIVES Alur, Lee, Kumar, Pappas: University of Pennsylvania  Charon: high-level modeling language and a design environment reflecting the current state.
Testing and Monitoring at Penn An Integrated Framework for Validating Model-based Embedded Software Li Tan University of Pennsylvania September, 2003.
Tool Integration of Ptolemy II EE290N Class Project Haiyang Zheng May
MOBIES Project Progress Report Engine Throttle Controller Design Using Multiple Models of Computation Edward Lee Haiyang Zheng with thanks to Ptolemy Group.
NSF Foundations of Hybrid and Embedded Software Systems UC Berkeley: Chess Vanderbilt University: ISIS University of Memphis: MSI Program Review May 10,
5/24/011 Advanced Tool Integration for Embedded Systems Assurance Insup Lee Department of Computer and Information Science University of Pennsylvania.
David Garlan Ivan Ruchkin Carnegie Mellon University Pittsburgh, PA, USA December 2014.
Formal Methods 1. Software Engineering and Formal Methods  Every software engineering methodology is based on a recommended development process  proceeding.
EECE **** Embedded System Design
Chapter 6 System Engineering - Computer-based system - System engineering process - “Business process” engineering - Product engineering (Source: Pressman,
ECE 720T5 Winter 2014 Cyber-Physical Systems Rodolfo Pellizzoni.
Model-based Analysis and Implementation of Embedded Systems
Extreme Makeover for EDA Industry
Department of Mechanical Engineering The University of Strathclyde, Glasgow Hybrid Systems: Modelling, Analysis and Control Yan Pang Department of Mechanical.
Programming Models & Runtime Systems Breakout Report MICS PI Meeting, June 27, 2002.
5/27/03MDES Supporting Model-Based Validation at Run-time Insup Lee and Oleg Sokolsky Department of Computer and Information Science University of.
1 LiSyC ENSIETA/DTN 02/04/2008 AADL execution semantics transformation for formal verification Joel Champeau, Thomas Abdoul, Pierre Yves Pillain, Philippe.
Software Synthesis from Hybrid Automata Rajeev Alur System Design Research Lab University of Pennsylvania SEES Workshop, Chicago,
System Design Research Lab University of Pennylvania 1/29/2002 CHARON modeling language.
Instrumentation in Software Dynamic Translators for Self-Managed Systems Bruce R. Childers Naveen Kumar, Jonathan Misurda and Mary.
1 Model Checking of Robotic Control Systems Presenting: Sebastian Scherer Authors: Sebastian Scherer, Flavio Lerda, and Edmund M. Clarke.
1 Compiler Construction (CS-636) Muhammad Bilal Bashir UIIT, Rawalpindi.
Abstract A Structured Approach for Modular Design: A Plug and Play Middleware for Sensory Modules, Actuation Platforms, Task Descriptions and Implementations.
Title 11/5/2000 eSimplex Architecture Using MaCS Insup Lee Oleg Sokolsky Moonjoo Kim Anirban Majumdar Sampath Kannan Mahesh Viswanathan Insik Shin and.
SAFEWARE System Safety and Computers Chap18:Verification of Safety Author : Nancy G. Leveson University of Washington 1995 by Addison-Wesley Publishing.
CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur
Real-time Systems Group University of Pennsylvania 10/13/98 1 Design-time and Run-time Assurance Insup Lee Department of Computer and Information Science.
Programming Languages Salihu Ibrahim Dasuki (PhD) CSC102 INTRODUCTION TO COMPUTER SCIENCE.
Marilyn Wolf1 With contributions from:
Designing and Debugging Batch and Interactive COBOL Programs
Shanna-Shaye Forbes Ben Lickly Man-Kit Leung
Compositional Refinement for Hierarchical Hybrid Systems
CHARON modeling language
Detecting Attacks Against Robotic Vehicles:
Presentation transcript:

Code Generation from CHARON Rajeev Alur, Yerang Hur, Franjo Ivancic, Jesung Kim, Insup Lee, and Oleg Sokolsky University of Pennsylvania

Contents ► Motivation ► CHARON overview ► Example: Sony dog ► Code generation procedure ► Soundness of generated code ► Preventing switching errors ► Conclusion

Motivation ► Formal specification of hybrid systems –Subject to formal verification ► Automatic generation of the code –Elimination of coding errors ► Formulation of the differences between the model and the generated code –Bounded difference desired ► Case study in a robotic platform (AIBO) –Code generation for fairly complicated systems

CHARON Framework ► Language for formal specification of hybrid systems –Analog variable –Differential/algebraic equation –Discrete state transition ► Hierarchical specification –Architectural hierarchy agent: communicating entity –Behavioral hierarchy mode: hierarchical state machine with continuous dynamics ► Simulation ► Model checking ► Code generation ► Run-time verification

Example: Four Legged Robot ► Control objective –v = c ► High-level control laws ► Low-level control laws x y j1 j2 L1 (x, y) v L2 *[LCTES 2003] R. Alur, F. Ivancic, J. Kim, I. Lee, and O. Sokolsky. Generating embedded software from hierarchical hybrid models.

CHARON Code Generator ► CHARON code generator translates CHARON models into C++ code –Each object of CHARON models is translated into a C++ structure ► Generated C++ code is compiled by the target compiler along with additional code –Run-time scheduler: invokes active components periodically –API interface routines: associates variables with devices

Translation of CHARON models ► Analog variable –C++ class: read and write to variables can be mapped to system API ► Differential equation –Euler’s method: x’ == 10  x += 10 * h (h: step size) –Runge-Kutta method ► Algebraic equation –Assignment statement executed in a data dependency order x == 2y; y == 2z  y = 2z; x = 2y; ► Discrete transition –If-then statement urgent transition policy –“Instrumented” if-then statement not-so-urgent transition policy ► Mode –C++ class: collection of variables, equations, transitions, and reference to submodes ► Agent –C++ class: interleave execution of each step of subagents

Soundness of Generated Code ► Code may differ from the model: –Numerical errors (numerical integration) –Floating-point errors (fixed precision arithmetic) –Switching errors Missed switching: enabled transition is missed due to discrete testing of switching conditions [LCTES 2003] Invalid switching: disabled transition is evaluated as enabled due to different update frequencies of shared variables [HSCC 2004] Properties held in the model may not be guaranteed in the code even if automatically generated! ► Our focus: preventing invalid switching –Exploit non-determinism in the switching conditions –Transition policy: instrumentation [LCTES 2003] R. Alur, F. Ivancic, J. Kim, I. Lee, and O. Sokolsky. Generating embedded software from hierarchical hybrid models. [HSCC 2004] Y. Hur, J. Kim, J. Choi, and I. Lee. Sound code generation from communicating hybrid models.

invariantguard Transition Policy lead to future invariant violation  model checking inconsistent behavior due to noisy values  instrumentation sound behavior trajectory sound behavior performing better event detection

Invalid Switching ► Variables x 1, x 2, … are updated at different periods h 1, h 2, … ► Tasks evaluate switching conditions f(x 1, x 2, …) by referencing x 1 (t 1 ), x 2 (t 2 ), … –(x 1 (t 1 ), x 2 (t 2 ), …) may not on the trajectory of (x 1, x 2, …) unless t 1 == t 2 == … x2x2 guard of the model instrumented guard of the code  false-enabled transition condition maximum error x1x1

Preventing Switching Errors through Instrumentation ► Exploit non-determinism in the guard conditions –Transition can (but need not immediately) be taken when the guard is enabled ► Compute a maximum error due to different update rates –max(|x’|)*(hi+hj), x in I –max(|x’|)*max(hi,hj), x in I, if EDF is employed assumption: independend dynamics and rectangular guard sets ► “Tighten” the guards such that transitions are not falsely enabled at the presence of the maximum error –Trace of discrete state transitions are equivalent to that of the model while differences in continuous variables are bounded

Example x≥50+ , y>2  max(h)) max x(t)(= max (-100t + 200)= = 0.4 switching error h=0.002 h=0.001  *[HSCC 2004] Y. Hur, J. Kim, J. Choi, and I. Lee. Sound code generation from Communicating Hybrid models.

Summary ► CHARON code generator automates translation of complicated hybrid systems specification into modular C++ code ► Each C++ module can be mapped to a periodic task of RTOS of the target system to approximate continuous update ► Even automatically generated code is not semantically equivalent to the original model: –Numerical errors, floating-point errors, switching errors… ► Switching errors due to different update rates of shared variables can be prevented through instrumentation of the switching conditions

Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.