Die Präsentation wird geladen. Bitte warten

Die Präsentation wird geladen. Bitte warten

© Fachgebiet Softwaretechnik, Heinz Nixdorf Institut, Universität Paderborn 2.3 Timed Automata and Real-Time Statecharts.

Ähnliche Präsentationen


Präsentation zum Thema: "© Fachgebiet Softwaretechnik, Heinz Nixdorf Institut, Universität Paderborn 2.3 Timed Automata and Real-Time Statecharts."—  Präsentation transkript:

1 © Fachgebiet Softwaretechnik, Heinz Nixdorf Institut, Universität Paderborn 2.3 Timed Automata and Real-Time Statecharts

2 © Fachgebiet Softwaretechnik, Heinz Nixdorf Institut, Universität Paderborn 2 Timed Automata und Realtime Statecharts Coding Contest Prize: 100 Amazon voucher Task: Implement a BUZZER app Server-client application Android (4.0+) front-end Java back-end Submit your complete source code until Dec. 23, 2012 to My footnote text - My Name

3 © Fachgebiet Softwaretechnik, Heinz Nixdorf Institut, Universität Paderborn 3 Timed Automata und Realtime Statecharts Summary State Machines Different Semantics possible Trade-off: Flexibility (for the developer) vs. clarity (compactness) Precise specification necessary to guarantee unambiguouity (many developers are involved) to enable formal analysis (to prove that requirements are fulfilled)

4 © Fachgebiet Softwaretechnik, Heinz Nixdorf Institut, Universität Paderborn Timed Automata

5 © Fachgebiet Softwaretechnik, Heinz Nixdorf Institut, Universität Paderborn 5 Timed Automata und Realtime Statecharts Timed Automata Based on State Machines Finite state machine with clocks Clocks handle time which is continuous Clock values can be tested or reset

6 © Fachgebiet Softwaretechnik, Heinz Nixdorf Institut, Universität Paderborn 6 Timed Automata und Realtime Statecharts A Hot Topic Ein digitales Detail stellt die Deutsche Bahn und den Siemens-Konzern vor große Probleme: Das Kommando zum Anhalten eines ICE-3-Zugs irrt etwa eine Sekunde lang durch den Rechner, bis es ausgeführt wird. Nach SPIEGEL-Informationen verweigerte das Eisenbahn-Bundesamt deshalb die Zulassung. Die acht neuen ICE vom Typ Velaro sindICE schon lange bestellt, doch Siemens darf nicht liefern - wegenSiemens Problemen an der Steuerungssoftware. Nach Informationen des SPIEGEL traten bei Testfahrten des ICE 3 mit den bei der Deutschen Bahn üblichen Doppelzügen schwerwiegende Kommunikationsprobleme in der Software auf. Wird der Befehl zur Aktivierung der Bremsen ausgelöst, erlaubt sich die Steuerung eine Art Gedenksekunde, ehe sie das Kommando umsetzt. Bei einer Geschwindigkeit von 250 Stundenkilometern kommt der Zug nach einer Vollbremsung deshalb erst rund 70 Meter später zum Stehen als die alten ICE. Trotzdem strebte Siemens die Zulassung des ICE 3 an. (SPON )

7 © Fachgebiet Softwaretechnik, Heinz Nixdorf Institut, Universität Paderborn 7 Timed Automata und Realtime Statecharts Timed Automata Locations Represent states Transitions Messages Guards Actions Finite state machine with real-valued clocks Clocks handle time which is continuous Clock values can be tested or reset

8 © Fachgebiet Softwaretechnik, Heinz Nixdorf Institut, Universität Paderborn 8 Timed Automata und Realtime Statecharts A simple alarm clock Goal: Model an alarm clock that rings after a specified time. When the snooze button is pressed the alarm is postponed for 5 minutes. The alarm shall not sound more than 10 minutes. Problem: UML allows only rather informal specification of time in State Machines.

9 © Fachgebiet Softwaretechnik, Heinz Nixdorf Institut, Universität Paderborn 9 Timed Automata und Realtime Statecharts A simple alarm clock Solution: Add a clock clock1 Clock runs in back-ground during execution Clock conditions can serve as guards Clock can be reset (or set to any other time)

10 © Fachgebiet Softwaretechnik, Heinz Nixdorf Institut, Universität Paderborn 10 Timed Automata und Realtime Statecharts A simple alarm clock Invariants ensure that the state is active at most the given amount of time Requirement: The alarm shall not sound more than 10 minutes.

11 © Fachgebiet Softwaretechnik, Heinz Nixdorf Institut, Universität Paderborn 11 Timed Automata und Realtime Statecharts Timed Automata Locations Represent states Transitions Guards Tells when the transition is enabled Actions Clocks Test them in guards Reset them in actions Invariants on states

12 © Fachgebiet Softwaretechnik, Heinz Nixdorf Institut, Universität Paderborn 12 Timed Automata und Realtime Statecharts Networked Timed Automata Channels are used to synchronize TA Both automata take respective transition simultaneously Channels are bidirectional Can have an assigned priority Original definition Only 1:1 synchronization Later versions: 1:n synchronization (one ! and many ?) Acts as a guard Transition cannot be taken unless both processes are in the state that enables synchronization

13 © Fachgebiet Softwaretechnik, Heinz Nixdorf Institut, Universität Paderborn 13 Timed Automata und Realtime Statecharts Networked Timed Automata Locations Represent states Transitions Guards Tells when the transition is enabled Action Clocks Test them in guards Reset them in actions Invariants on states Local and global Channels Way of synchronizing processes

14 © Fachgebiet Softwaretechnik, Heinz Nixdorf Institut, Universität Paderborn 14 Timed Automata und Realtime Statecharts Timed Automata Definition A Timed Automaton is a 9-Tupel (L, L 0, Ch, A, C, G, G c, I, E) L : finite, non-empty set of locations (states) L 0 L : initial location Ch: finite set of channels used for synchronization A : set of actions (including synchronizations) C : finite set of clocks G : finite set of guards on the variables and clocks G c G: finite set of propositions depending only on the clocks from C (time constraints) I : L G c assigns a time invariant to a location E: finite set of edges between locations, A Time Constraint on the set of clocks C is defined as φ(C) := c x | c x | φ 1 φ 2 where c is a clock from C and is constant.

15 © Fachgebiet Softwaretechnik, Heinz Nixdorf Institut, Universität Paderborn 15 Tool Support for Networked Timed Automaton: UPPAAL Uppaal is an integrated tool environment for modeling, simulation and verification of real-time systems. Key features of Uppaal v.4 A graphical system editor allowing graphical descriptions of systems. A graphical simulator which provides graphical visualization. A requirement specification editor. A model-checker for automatic verification. Generation of diagnostic trace Timed Automata und Realtime Statecharts Quelle:

16 © Fachgebiet Softwaretechnik, Heinz Nixdorf Institut, Universität Paderborn 16 Timed Automata und Realtime Statecharts Example: Scientists crossing a bridge Scenario: Dijkstra, Turing, Knuth, and Petri are on the return of a conference when their car breaks down in the dark. They cannot stay in the car because there are wild and dangerous animals in the woods. Across a moldered bridge is a house in which they can stay for the night.

17 © Fachgebiet Softwaretechnik, Heinz Nixdorf Institut, Universität Paderborn 17 Timed Automata und Realtime Statecharts Example: Scientists crossing a bridge Requirements The bridge can carry at most two people at the same time They have only one flashlight which only lasts one hour and cannot be thrown. The bridge can only be crossed with the flashlight otherwise its too dark. The speed of a pair is determined by the speed of the slower person. The times each scientist needs to cross the bridge are: 5 min, 10 min, 20 min, and 25 min. How do they manage to cross the river within an hour?

18 © Fachgebiet Softwaretechnik, Heinz Nixdorf Institut, Universität Paderborn 18 Timed Automata und Realtime Statecharts Global Declarations and Templates automaton template for scientists automaton template for the flashlight Urgent location: Time is not allowed to pass in this state. So one of the outgoing transitions is taken immediately, though interlea-ving with other processes is allowed. Legend: guards (green) location name (red) update (purple) sync (cyan) global declaration

19 © Fachgebiet Softwaretechnik, Heinz Nixdorf Institut, Universität Paderborn 19 Timed Automata und Realtime Statecharts System declarations

20 © Fachgebiet Softwaretechnik, Heinz Nixdorf Institut, Universität Paderborn 20 System simulation Timed Automata und Realtime Statecharts

21 © Fachgebiet Softwaretechnik, Heinz Nixdorf Institut, Universität Paderborn 21 Timed Automata und Realtime Statecharts System simulation

22 © Fachgebiet Softwaretechnik, Heinz Nixdorf Institut, Universität Paderborn 22 Timed Automata und Realtime Statecharts Specifying requirements Two different kinds of requirements: Safety: something bad will not happen Liveness: something good will happen where P ::= (Atomic Propositions) Proc.Ioc | (Process Proc at Location Ioc) c = n | c < n | c <= n | (Clock comparison) P and P | P or P | P -> P | (Boolean combinations) not P | P imply P

23 © Fachgebiet Softwaretechnik, Heinz Nixdorf Institut, Universität Paderborn 23 Timed Automata und Realtime Statecharts System verification Verify that the system has no deadlock A[] not deadlock Property is satisfied. Verify that it is possible for every scientist to reach the safe side within 60 minutes: E<> Knuth.safe and Petri.safe and Dijkstra.safe and Turing.safe and time <= 60 Property is satisfied. Scheduling problem reformulated as reachability property

24 © Fachgebiet Softwaretechnik, Heinz Nixdorf Institut, Universität Paderborn 24 Timed Automata und Realtime Statecharts System verification Verify that the system has no deadlock A[] not deadlock Property is satisfied. Verify that it is possible for every scientist to reach the safe side within 60 minutes: E<> Knuth.safe and Petri.safe and Dijkstra.safe and Turing.safe and time <= 60 Property is satisfied. Scheduling problem reformulated as reachability property Hint: Activate fastest diagnostic trace to see fastest solution trace in Simulator

25 © Fachgebiet Softwaretechnik, Heinz Nixdorf Institut, Universität Paderborn Real-Time Statecharts

26 © Fachgebiet Softwaretechnik, Heinz Nixdorf Institut, Universität Paderborn 26 Example: Convoys in RailCab System Motivation RailCabs build convoys to save energy ( slipstream) Safety critical, because only small space between RailCabs => Software has to be correct i.e. It can never happen that FrontRole is in state convoy and RearRole is in state noConvoy. Idea: Specify complex communication between roles independently from other system behavior Validation possible RailCab ConvoyCoordination Role: front Role: rear Fahrtrichtung Timed Automata und Realtime Statecharts

27 © Fachgebiet Softwaretechnik, Heinz Nixdorf Institut, Universität Paderborn 27 Coordination Patterns & Realtime Statecharts Coordination Pattern specifies communication of roles Each role specified by a Real-Time Statechart ConvoyCoordination front rear Timed Automata und Realtime Statecharts

28 © Fachgebiet Softwaretechnik, Heinz Nixdorf Institut, Universität Paderborn 28 Real-Time Statecharts Combine UML Statemachines by concepts of Timed Automata to add timing constraints: periods, deadlines, (worst case) execution times Clocks: assigned to a Statechart apply for all states of the Statechart apply recursively within hierarchically Statecharts Clock-Reset cf: clock name state invariant deadline Timed Automata und Realtime Statecharts Clock guard

29 © Fachgebiet Softwaretechnik, Heinz Nixdorf Institut, Universität Paderborn 29 Mapping RTSCs to Timed Automata Real-Time Statecharts enable hierarchy Timed Automata do not support hierarchy Real-Time Statecharts have to be flattened to verify them with Uppaal Timed Automata und Realtime Statecharts

30 © Fachgebiet Softwaretechnik, Heinz Nixdorf Institut, Universität Paderborn 30 Mapping RTSCs to Timed Automata Timed Automata assume execution of transitions in zero time But: Transitions can have side effects like function calls These are not executable in zero time Therefore, deadlines and WCETs are introduced in RTSCs Can be mapped to Timed Automata (time is consumed within states) Timed Automata und Realtime Statecharts

31 © Fachgebiet Softwaretechnik, Heinz Nixdorf Institut, Universität Paderborn 31 RTSC of FrontRole Timed Automata of FrontRole Mapping RTSCs to Timed Automata Timed Automata und Realtime Statecharts

32 © Fachgebiet Softwaretechnik, Heinz Nixdorf Institut, Universität Paderborn 32 RTSC of RearRole Timed Automata of RearRole Mapping RTSCs to Timed Automata Timed Automata und Realtime Statecharts

33 © Fachgebiet Softwaretechnik, Heinz Nixdorf Institut, Universität Paderborn 33 Verification Input: Timed Automata for FrontRole and RearRole of RailCab Possible Verifications: No Deadlocks: A[ ] not deadlock Property is satisfied. It can never happen that FrontRole is in state convoy and RearRole is in state noConvoy: A[] not (FrontRole.convoy and RearRole.noConvoy) Property is satisfied Timed Automata und Realtime Statecharts

34 © Fachgebiet Softwaretechnik, Heinz Nixdorf Institut, Universität Paderborn 34 Conclusion Timed Automata Finite state machine with continuous clocks and channels for synchronization Automatic verification of requirements via model checking possible Real-Time Statecharts Combination of UML Statecharts and Timed Automata Can be transformed to Timed Automata Coordination Patterns describe complex communications between roles Role behavior is defined by Real-Time Statecharts Timed Automata und Realtime Statecharts


Herunterladen ppt "© Fachgebiet Softwaretechnik, Heinz Nixdorf Institut, Universität Paderborn 2.3 Timed Automata and Real-Time Statecharts."

Ähnliche Präsentationen


Google-Anzeigen