150 likes | 263 Views
Verification of a timed multitask system with Uppaal case study. ETFA 2005 Beatrice Berard, Houda Bel mokadem, Vincent Gourcuff , Jean-Marc Roussel, Olivier De Smet LURPA - EA 1385 - ENS de Cachan LSV - CNRS UMR 8643 - ENS de Cachan LAMSADE - CNRS UMR 7024 & Université Paris-Dauphine.
E N D
Verification of a timed multitask system with Uppaalcase study ETFA 2005 Beatrice Berard, Houda Bel mokadem, Vincent Gourcuff, Jean-Marc Roussel, Olivier De Smet LURPA - EA 1385 - ENS de Cachan LSV - CNRS UMR 8643 - ENS de Cachan LAMSADE - CNRS UMR 7024 & Université Paris-Dauphine
Outline Context Programmable Logic Controllers (PLC) Multitask behaviour Case study Modelling with Uppaal Idea Overview of the model Control program Operative part Verification Property Results Conclusion
Context Safe control of production systems • Strong interaction Control/Process • large number of inputs and outputs • Strong temporal requirements • reactivity in relation to the process • taking physical times into account • Control made by • Programmable Logical Controllerprogrammed in IEC 61131-3 standard languages:SFC, Ladder Diagram,… +TON blocks • Cyclic behaviour with Multitask possibility PLC Control Process MSS Bosh didactic system (82 inputs / 50 outputs)
Mono-task Multi-task CPU activity Event EVENT-DRIVEN TASK t INPUT I P O MAIN TASK I P O I P O I P O PROGRAM t OUTPUT Context The multi-task behaviour • Cyclic behaviour: Response Time (RT) depend of Time Cycle (TC) TC ≤ RT ≤ 2 TC Standard approachMaterial dependant • React to a specific event: Response Time (RT) depend of the event-driven task RT? Better RT with same materialMore complex program
Case study MSS Bosh didactic system • Constrain: the conveyor must stop in a small range. => Strong timed requirements:Time variation for physical stop of the conveyor must be less than 5 ms • Is multitask a solution? => Formal verification
Main problem Property Satisfy Formalization Formalization Modelled temporal Logic (LTL, CTL, …) observer + Synchronisedwith Timed Automaton Timed Automaton AG(APBAF ~horn) AG(~d1AF ~lig) Model-checker (UPPAAL) [LP97] Property True or False Modelling with UPPAAL Verification by Model – Checking control ⊨
Modelling with UPPAAL Overview of the model • Synchronous non-deterministic processes • 13 timed automata Operative part PLC Output messages Component 1 Main task Input variables Binary synchronization with messages Communication through shared variables Activation messages Component 2 Component 3 Event-driven task
Operative part PLC message shared variable Modelling with UPPAAL Overview of the model • Synchronous non-deterministic processes • 13 timed automata Pos_test ==1 Pos_test:=1 Stop! Stop! Stop?
Evolution condition Step activation Output activation Computation of outputs Modelling with UPPAAL Model of control program The atomicity hypothesis: • Each one of the 4 steps of the main program executes instantaneously. • The time can elapse only in 4 states. Based on Mader – Wupper approach [MW99] X ≤ TCmax X ≤ TCmax Input scan Evolution condition Step activation Idle C C C C X := 0 X ≤ TCmax C X ≤ TCmax Output activation X ≥ TCmin Computation of outputs C C C C
Modelling with UPPAAL Model of timer • Mader – Wupper model: 3 channels for each timer • Our model : one broadcast channel for all the timers
Modelling with UPPAAL Operative partconveyor Loading position Capacitive sensor position Steel-bearing test position Optical sensor position Inductive sensor position Right position
Verification Property • Property P to check: the conveyor stops in less than 5ms at the steel-bearing test point • In CTL or LTL: difficult to write => Add an external observer to measure elapsed time => Express the negation of P:E<> observer.stop and Xobs > 5
Verification Results
Verification Conclusion on this case study • E<> obs.stop and Xobs > 5 : YesSo the conveyor may stop in more the 5 ms. • This configuration of multitask is not sufficient to assume the property.
Conclusion Conclusion and perspectives • Achievements • Method to represent time dependant system : control + process • Improvement in modelling control program • Easier modelling of TON • Less time and memory cost in verification • Real case application in Ladder Diagram • Future works • Automated modelling of control program • Timed property library • Function bloc • Other IEC 61131-3 languages • …