Скачать презентацию Verification of a timed multitask system with Uppaal Скачать презентацию Verification of a timed multitask system with Uppaal

2a9f59a9b6fa44140797e667b879aacf.ppt

  • Количество слайдов: 15

Verification of a timed multitask system with Uppaal case study ETFA 2005 Beatrice Berard, Verification of a timed multitask system with Uppaal case study ETFA 2005 Beatrice Berard, Houda Bel mokadem, Vincent Gourcuff, Jean-Marc Roussel, Olivier De Smet LURPA - EA 1385 - ENS de Cachan LSV - CNRS UMR 8643 - ENS de Cachan LAMSADE - CNRS UMR 7024 & Université Paris-Dauphine LSV

Outline Context Programmable Logic Controllers (PLC) Multitask behaviour Case study Modelling with Uppaal Idea Outline Context Programmable Logic Controllers (PLC) Multitask behaviour Case study Modelling with Uppaal Idea Overview of the model Control program Operative part Verification Property Results Conclusion LSV 2

Context Safe control of production systems § Strong interaction Control/Process • large number of Context Safe control of production systems § Strong interaction Control/Process • large number of inputs and outputs PLC § Strong temporal requirements • reactivity in relation to the process • taking physical times into account Control § Control made by • Programmable Logical Controller programmed in IEC 61131 -3 standard languages: SFC, Ladder Diagram, … +TON blocks • Cyclic behaviour with Multitask possibility LSV Process MSS Bosh didactic system (82 inputs / 50 outputs) 3

Context The multi-task behaviour Mono-task INPUT PROGRAM OUTPUT § Cyclic behaviour: Response Time (RT) Context The multi-task behaviour Mono-task INPUT PROGRAM OUTPUT § Cyclic behaviour: Response Time (RT) depend of Time Cycle (TC) TC ≤ RT ≤ 2 TC Standard approach Material dependant LSV Multi-task CPU activity Event EVENT-DRIVEN TASK MAIN TASK I PO I P t O I P O § React to a specific event: Response Time (RT) depend of the event-driven task RT? Better RT with same material More complex program 4 t

Case study MSS Bosh didactic system § Constrain: the conveyor must stop in a Case study MSS Bosh didactic system § Constrain: the conveyor must stop in a small range. => Strong timed requirements: Time variation for physical stop of the conveyor must be less than 5 ms § Is multitask a solution? => Formal verification LSV 5

Modelling with UPPAAL Verification by Model – Checking Main problem control Satisfy Formalization Modelled Modelling with UPPAAL Verification by Model – Checking Main problem control Satisfy Formalization Modelled Synchronised Timed Automaton with Timed Automaton Property ⊨ observer + temporal Logic (LTL, CTL, …) AG(APB AF ~horn) AG(~d 1 AF ~lig) Model-checker (UPPAAL) [LP 97] Property True or False LSV 6

Modelling with UPPAAL Overview of the model § Synchronous non-deterministic processes § 13 timed Modelling with UPPAAL Overview of the model § Synchronous non-deterministic processes § 13 timed automata Operative part PLC Main task Output messages Component 1 Input variables Binary synchronization with messages Communication through shared variables Event-driven task LSV Activation messages Component 2 Component 3 7

Modelling with UPPAAL Overview of the model § Synchronous non-deterministic processes § 13 timed Modelling with UPPAAL Overview of the model § Synchronous non-deterministic processes § 13 timed automata PLC Operative part Pos_test ==1 Pos_test: =1 shared variable Stop! Stop? message LSV 8

Modelling with UPPAAL Model of control program The atomicity hypothesis: § Each one of Modelling with UPPAAL Model of control program The atomicity hypothesis: § Each one of the 4 steps of the main program executes instantaneously. § The time can elapse only in 4 states. Based on Mader – Wupper approach [MW 99] Idle X ≤ TCmax Input scan C Evolution condition X ≤ TCmax C C Step activation C X : = 0 X ≤ TCmax C C LSV Output activation X ≤ TCmax C X ≥ TCmin C Computation of outputs C 9

Modelling with UPPAAL Model of timer § Mader – Wupper model: 3 channels for Modelling with UPPAAL Model of timer § Mader – Wupper model: 3 channels for each timer § Our model : one broadcast channel for all the timers LSV 10

Modelling with UPPAAL Operative part conveyor Loading position Capacitive sensor Steel-bearing position test position Modelling with UPPAAL Operative part conveyor Loading position Capacitive sensor Steel-bearing position test position LSV Optical sensor Inductive sensor position Right position 11

Verification Property § Property P to check: the conveyor stops in less than 5 Verification Property § Property P to check: the conveyor stops in less than 5 ms at the steel-bearing test point § In CTL or LTL: difficult to write => Add an external observer to measure elapsed time => Express the negation of P: E<> observer. stop and Xobs > 5 LSV 12

Verification Results name property Verified Computation Memory time used C 1 C 2 C Verification Results name property Verified Computation Memory time used C 1 C 2 C 3 Multitask E<> obs. stop and Xobs > 5 E<> obs. stop and Xobs <= 5 E<> obs. stop and Xobs > 10 Yes No 15 s 22 s 30 Mo 61 Mo C 5 C 6 C 7 Monotask E<> obs. stop and Xobs > 10 Yes E<> obs. stop and Xobs <= 10 No E<> obs. stop and Xobs > 20 No 16 s 22 s 30 Mo 70 Mo 69 Mo C 5' Monotask with Mader-Wupper model E<> obs. stop and Xobs > 5 > 29 h > 1 Go LSV - 13

Verification Conclusion on this case study § E<> obs. stop and Xobs > 5 Verification Conclusion on this case study § E<> obs. stop and Xobs > 5 : Yes So the conveyor may stop in more the 5 ms. § This configuration of multitask is not sufficient to assume the property. LSV 14

Conclusion and perspectives § Achievements • Method to represent time dependant system : control Conclusion and perspectives § Achievements • Method to represent time dependant system : control + process • Improvement in modelling control program - Easier modelling of TON - Less time and memory cost in verification • Real case application in Ladder Diagram § Future works • • • Automated modelling of control program Timed property library Function bloc Other IEC 61131 -3 languages … LSV 15