1 / 77

Test & Verification

Test & Verification. Kim G. Larsen. Semantic Models concurrency, mobility, objects real-time, hybrid systems. Validation & Verification algorithms & tools. Construction real-time & network systems. Research Profile Distributed Systems & Semantics Unit.

zamir
Download Presentation

Test & Verification

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Test & Verification Kim G. Larsen

  2. Semantic Models concurrency, mobility, objects real-time, hybrid systems Validation & Verification algorithms & tools Construction real-time & network systems Research ProfileDistributed Systems & Semantics Unit

  3. BRICS Machine Basic Research in Computer Science 30+40+40 Millkr 100 100 Tools Other revelvant projects UPPAAL, VHS, VVS, WOODDES Aarhus Aalborg

  4. Tools andBRICS Applications visualSTATE UPPAAL SPIN PVS HOL ALF TLP • Semantics • Concurrency Theory • Abstract Interpretation • Compositionality • Models for real-time • & hybrid systems • Algorithmic • (Timed) Automata Theory • Graph Theory • BDDs • Polyhedra Manipulation • Logic • Temporal Logic • Modal Logic • MSOL

  5. A very complex system Klaus Havelund, NASA

  6. Rotterdam Storm Surge Barrier

  7. Spectacular Bugs • ARIANE-5 • INTEL Pentium II floating-point division 470 Mill US $ • Baggage handling system, Denver 1.1 Mill US $/day for 9 months • Mars Pathfinder • Radiation theraphy, Therac-25 • ……. More in JPK, CW

  8. Embedded Systems SyncMaster 17GLsi Mobile Phone Telephone Digital Watch Tamagotchi

  9. A simple program Int x Process INC do :: x<200 --> x:=x+1 od Process DEC do :: x>0 --> x:=x-1 od Process RESET do :: x=200 --> x:=0 od fork INC; fork DEC; fork RESET Which values may x take ? Questions/Properties: E<>(x>1000) E<>(x>2000) A[](x<=2000) E<>(x<0) A[](x>=0) Possibly Always

  10. Introducing, Detecting and Repairing Errors Liggesmeyer 98

  11. Introducing, Detecting and Repairing Errors Liggesmeyer 98

  12. Suggested Solution? Model based validation, verfication and testing of software and hardware

  13. Verification & Validation Analysis Design Model • Specification Implementation Testing

  14. Verification & Validation Analysis Validation Design Model • Specification Verification & Refusal UML SDL Implementation Testing

  15. Verification & Validation Analysis Validation Design Model • Specification Verification & Refusal UML Model Extraction SDL Automatic Code generation Implementation Testing

  16. Verification & Validation Analysis Validation Design Model • Specification Verification & Refusal UML Model Extraction SDL Automatic Test generation Automatic Code generation Implementation Testing

  17. How? Unified Model=State Machine! b? y! a Output ports x Input ports b? y b a? x! Control states

  18. Tamagotchi C A B ALIVE Passive Feeding Light Meal A B A Health:= Health-1 B A Snack Care Clean A Health=0 or Age=2.000 A A Medicine Discipline Play DEAD Tick A A Health:=Health-1; Age:=Age+1

  19. SYNCmaster

  20. Digital Watch

  21. The SDL Editor The SDL Editor Process level

  22. SPIN, Gerald Holzmann AT&T

  23. visualSTATE VVS w Baan Visualstate, DTU (CIT project) • Hierarchical state systems • Flat state systems • Multiple and inter-related state machines • Supports UML notation • Device driver access

  24. ESTEREL

  25. UPPAAL

  26. ‘State Explosion’ problem M2 M1 a 1 2 b c 3 4 M1 x M2 1,a 4,a 1,b 2,b 1,c 2,c 3,a 4,a 3,b 4,b 3,c 4,c Provably theoretical intractable All combinations = exponential in no. of components

  27. Train Simulator VVS visualSTATE 1421 machines 11102 transitions 2981 inputs 2667 outputs 3204 local states Declare state sp.: 10^476 BUGS ? Our techniuqes has reduced verification time with several orders of magnitude (ex 14 days to 6 sec)

  28. Tool Support (model checking) System DescriptionA No! Debugging Information TOOL Yes, Prototypes Executable Code Test sequences RequirementF Tools:UPPAAL, visualSTATE, ESTEREL, SPIN, Statemate, FormalCheck, VeriSoft, Java Pathfinder,…

  29. VVSVerification and Validation of Large SystemsDTU, Aalborg,Baan Visualstate URLs://www.visualSTATE.com //www.it.dtu.dk/~jst/vvs/

  30. BAAN VisualSTATE Tidligere BEOLOGIC Beologic’s Products:salesPLUSvisualSTATE 1980-95:Independent division of B&0 1995- :Independent company B&O, 2M Invest, Danish Municipal Pension Ins. Fund Customers: ABB B&O Daimler-Benz Ericson DIAX ESA/ESTEC FORD Grundfos LEGO PBS Siemens ……. (approx. 90) • Embedded Systems • Simple Model • Verification of Std. Checks • Explicit Representation • (STATEEXPLOSION) • Code Generation • Verification Problems: • 1.000 components • 10400 states Our techniques has reduced verification by an order of magnitude (from 14 days to 6 sec)

  31. visualSTATE 4.0 Product Modules • Navigator • Prototyper • Graphical Simulation of human interface panels • Presenter • Prototyper for distribution • Designer • Diagram Designer • Matrix Designer • Text Editor • Tester • Validator • Simulation • Animation • Analysis • Verificator • Static verification • Dynamic verification • Generator • Coder • Documentor

  32. visualSTATE Prototyper • GUI Builder • GUI Executer • Pick’n place of symbols • No manual coding • Custom designed objects • ActiveX controls • Graphics libraries A virtual prototype of a mobile telephone

  33. visualSTATE Designer • Hierarchical state systems • Flat state systems • Multiple and inter-related state machines • Supports UML notation • Device driver access

  34. No local nor global dead-ends No never interpreted events No fired actions No conflicting transactions No unreachable states All combinations are checked! No bugs allowed! visualSTATE Tester Verification 100% Tested!

  35. Train Simulator VVS 1421 machines 11102 transitions 2981 inputs 2667 outputs 3204 local states Declare state sp.: 10^476 BUGS ?

  36. Experimental Breakthroughs VVS project BRICS/Aalborg, DTU, BAAN visualSTATE Machine: 166 MHz Pentium PC with 32 MB RAM ---: Out of memory, or did not terminate after 3 hours.

  37. Experimental BreakthroughsPatented Our techniques have reduced verification time with several orders of magnitude (ex from 14 days to 6 sec) Machine: 166 MHz Pentium PC with 32 MB RAM ---: Out of memory, or did not terminate after 3 hours.

  38. UPPAAL Modelling and Verification ofReal Timesystems UPPAAL2k > 800 users > 35 countries

  39. @UPPsala Wang Yi Johan Bengtsson Paul Pettersson Fredrik Larsson Alexandre David Tobias Amnell Oliver Möller @AALborg Kim G Larsen Arne Skou Paul Pettersson Carsten Weise Kåre J Kristoffersen Gerd Behrman Thomas Hune Oliver Möller Nicky Oliver Bodentien Lasse Poulsen Collaborators @Elsewhere • David Griffioen, Ansgar Fehnker, Frits Vandraager, Klaus Havelund, Theo Ruys, Pedro D’Argenio, J-P Katoen, J. Tretmans,Judi Romijn, Ed Brinksma,Franck Cassez, Magnus Lindahl, Francois Laroussinie, Patricia Bouyer, Augusto Burgueno, H. Bowmann, D. Latella, M. Massink, G. Faconti, Kristina Lundqvist, Lars Asplund, Justin Pearson...

  40. Dec’96 Sep’98

  41. from 7.5 hrs / 527 MB on ONYX with 2GB (4Mill DKK) to 12.75 sec / 2.1 MB on Pentium 150 MHz, 32 MB or Every 9 month 10 times better performance! Dec’96 Sep’98

  42. Hybrid & Real Time Systems Computer Science Control Theory sensors Task Task Task Task actuators Controller Program Discrete Plant Continuous Eg.: Pump Control Air Bags Robots Cruise Control ABS CD Players Production Lines Real Time System A system where correctness not only depends on the logical order of events but also on their timing

  43. a a a 1 1 1 1 2 2 2 2 b b b c c c 3 3 3 3 4 4 4 4 Construction of UPPAAL models Controller Program Discrete Plant Continuous sensors Task Task Task Model of tasks (automatic?) Task actuators Model of environment (user-supplied) UPPAAL Model

  44. Intelligent Light Control press? Off Light Bright press? press? press? WANT: if press is issued twice quickly then the light will get brighter; otherwise the light is turned off.

  45. Intelligent Light Control press? X<=3 Off Light Bright X:=0 press? press? press? X>3 Solution: Add real-valued clock x

  46. Timed Automata Alur & Dill 1990 Clocks:x, y Guard Boolean combination of integer bounds on clocks and clock-differences. n Reset Action perfomed on clocks Action used for synchronization x<=5 & y>3 State (location , x=v , y=u ) where v,u are in R a Transitions x := 0 a (n , x=2.4 , y=3.1415 ) (m , x=0 , y=3.1415 ) m e(1.1) (n , x=2.4 , y=3.1415 ) (n , x=3.5 , y=4.2415 )

  47. Timed Automata Invariants n Clocks:x, y x<=5 Transitions x<=5 & y>3 e(3.2) Location Invariants (n , x=2.4 , y=3.1415 ) a e(1.1) (n , x=2.4 , y=3.1415 ) (n , x=3.5 , y=4.2415 ) x := 0 m Invariants ensure progress!! y<=10 g4 g1 g3 g2

  48. The UPPAAL Model= Networks of Timed Automata + Integer Variables +…. m1 l1 Two-way synchronization on complementary actions. Closed Systems! x>=2 i==3 y<=4 …………. a! a? x := 0 i:=i+4 l2 m2 Example transitions (l1, m1,………, x=2, y=3.5, i=3,…..) (l2,m2,……..,x=0, y=3.5, i=7,…..) (l1,m1,………,x=2.2, y=3.7, I=3,…..) tau 0.2 If aURGENT CHANNEL

  49. LEGO Mindstorms/RCX • Sensors: temperature, light, rotation, pressure. • Actuators: motors, lamps, • Virtual machine: • 10 tasks, 4 timers, 16 integers. • Several Programming Languages: • NotQuiteC, Mindstorm, Robotics, legOS, etc. 3 output ports 1 infra-red port 3 input ports

  50. First UPPAAL modelSorting of Lego Boxes Ken Tindell Piston Boxes eject remove 99 Conveyer Belt red 81 18 90 9 Blck Rd Controller MAIN PUSH Black Exercise: Design Controller so that only black boxes are being pushed out

More Related