Verification & Test
Activities
@
CISS – Aalborg
Brian Nielsen
Kim Guldstrand Larsen
Arne Skou
Overview
CISS
Verification & Scheduling
S/E-machines, UML & visualSTATE
Timed Automata & UPPAAL
Priced Timed Automata & UPPAAL CORA
Markov Decision Processes & RAPTURE
Testing
Connectivety Testing
On-line Testing & UPPAAL TRON
GateHouse, Generic Test Adaptation
visualSTATE Test Extensions
ARTIST2 NoE, Test & Verification Meeting 1
2
CISS
Center for Embedded Software Systems, 2002 –
MVTU
Regional & City
25.5 MDKK
External Councils
collaboration:
12 MDKK
EE&CS
Berkeley
Twente U
Uppsala
U
Aalb. Uni
AMETIST
12.75 MDKK
ARTIST
NASACompanies
Ames
ICT Companies
12.75 MDKK
Institute for
Computer Scienc
BRICS@Aalborg
Modelling and Validation;
Programming Languages;
Software Engineering
Institute for
Elektronic Systemer
Distributed
Real Time Systems
Control Theory;
Real Time Systems;
Networking.
Embedded Systems
Communication;
HW/SW
Power Management
20 Staff / 12 PhD studens
ARTIST2 NoE, Test & Verification Meeting 1
4
Focus Areas
Applikationer
Model Based Development of Embedded Software
Home automation
Mobile robotter
Intelligente sensorer Intelligent
Ad hoc netværk
Sensor Networks
Mobiltlf
Embedded & RT Platform LAB
Audio/Video
Konsum elektr
Kontrolsystemer
Resource Optimal Scheduling
Automobile
X-by wire
Safety Critical Software Systems
Embedded System Testing & Verification
HW/SW Co-Design, Design Space Exploration
ARTIST2 NoE, Test & Verification Meeting 1
5
Modeller
Metoder
visualSTATE
 UML compatible
development tool
 Automatic code-generation
 Check for generic properties.
 Patented CBR technique
developed in 1998 [TACAS98,
TACAS99]
 New project:
Extension of visualSTATE w
test-case generation facilities
Context dependent codegeneration [FASE05]
Improvement of verification
engine (handling of signalqueue).
ARTIST2 NoE, Test & Verification Meeting 1
6
UPPAAL
ARTIST2 NoE, Test & Verification Meeting 1
7
Modus Operandi
Theoretical development & validation
IDEA
e.g.
language extension
datastructure
abstraction
algorithm
…
Prototype implementation
&
performance evaluation
In-house evaluataion
Incorporation in official release
ARTIST2 NoE, Test & Verification Meeting 1
8
Issues
 Datastructures for Passed
and Waiting
 Datastructures for zones
 Do we really need to always
store in Passed ?
 Do we really need to add all
successors ?
ARTIST2 NoE, Test & Verification Meeting 1
 Which symbolic state to
select from Waiting
?
9
Passed/Waiting
[SPIN03]
States
Hash
table
PASSED
Hash
table
WAITING
ARTIST2 NoE, Test & Verification Meeting 1
10
Passed/Waiting
[SPIN03]
States
Hash
table
States
Hash
table
PASSED
Hash
table
Waiting queue
WAITING
ARTIST2 NoE, Test & Verification Meeting 1
11
UNIFIED
Passed/Waiting
[SPIN03]
States
Hash
table
States
Hash
table
PASSED
Hash
table
Waiting queue
ARTIST2 NoE, Test & Verification Meeting 1
12
UNIFIED
To-store-or-not
[CAV03]
ARTIST2 NoE, Test & Verification Meeting 1
117 statestotal
!
81 statesentrypoint
!
9 states
13
Datastructures for Zones
-4
DBMs
x1
4
3
3
2
Minimal Constraint
Form
x0
CDDs
ARTIST2 NoE, Test & Verification Meeting 1
x2
14
-2
1
5
-2
x3
2
Zone Abstractions
[TACAS03,TACAS04]
 Abstraction taking maximum constant
into account necessary for termination
 Utilization of distinction between
lower and upper bounds
 Utilization of location-dependency
ARTIST2 NoE, Test & Verification Meeting 1
15
LU Abstraction
[TACAS04]
THEOREM
For any state in the LU- abstraction there is a state
in the original set simulating it

LU abstraction is exact wrt reachability
ARTIST2 NoE, Test & Verification Meeting 1
16
Zone abstractions
Classical
ARTIST2 NoE, Test & Verification Meeting 1
Loc. dep. Max
17
Loc. dep. LU
Convex Hull
Symmetry Reduction
[Formats 2003]
 Exploitation of full
symmetry may give
factorial reduction
 Many timed systems are
inherently symmetric
 Computation of canonical
state representative using
swaps.
ARTIST2 NoE, Test & Verification Meeting 1
18
Symmetry Reduction
[Formats 2003]
ARTIST2 NoE, Test & Verification Meeting 1
19
Analysis Methods Identified
 Techniques identified and implemented:
Zone abstractions (max constant, loc.dep., lower/upper bounds)
Storage techniques
Symmetry reduction
Cost-guiding search and pruning
Distributed exploration
Cycle acceleration
Sweep line reduction
 Conclusion:
 Future:
ARTIST2 NoE, Test & Verification Meeting 1
“ Progress by far exceeding expectations ”
“ Consolitation & combination ”
20
UPPAAL CORA
ARTIST2 NoE, Test & Verification Meeting 1
21
UPPAAL CORA
Priced Timed Automata
 Branch of UPPAAL with support for costoptimal reachability.
 Based on priced zones
 Substantial performance improvement by
translation to min-cost-flow problems
 Competitive with MILP
 Possibility of guiding (improving) search by
heur and remaining meta-variable.
 Fully compatible w UPPAAL (GUI).
 Application to AXXOM case-study.
 Application to vehicle routing problems w
time-windows (Carmen Consulting).
 Applied to Dynamic Voltage Scheduling,
WCET analysis.
[HSCC’01, CAV’01, EMSOFT’03, TACAS’04]
x¸4
x:=0
C
c’=1
c’=5
x · 2 y:=0
A
x:=0
B
c´=10
Cx¸4
x¸3
s = (A x=y=0)
!0 (B x=y=0)
!0 (C x=y=0)
!5,5 (C x=y=5) !1 G
 New optimization problems to be added:
 Optimal Infinite schedules [HSCC’04]
 Conditional Optimal Schedules [FOSSACS’05]
22
c+=1
G
y=0
 Visualization of generated optimal schedules
using Gantt charts (to be finished during
beginning of 2005).
ARTIST2 NoE, Test & Verification Meeting 1
x¸5
c+=7
Aircraft Landing
cost
d+l*(t-T)
e*(T-t)
E
T
t
L
E
T
L
e
l
d
earliest landing time
target time
latest time
cost rate for being early
cost rate for being late
fixed cost for being late
Planes have to keep separation
distance to avoid turbulences
caused by preceding planes
ARTIST2 NoE, Test & Verification Meeting 1
Runway
23
UPPAAL CORA
Source: Baesley et al’2000
PTA versus MILP on Aircraft Landing Benchmark
DEC300/700 (225MHz) vs Pentium MMX (200 MHz)
ARTIST2 NoE, Test & Verification Meeting 1
24
RAPTURE
Probabilistic Reachability for Markov Decision Processes
Pedro D’Argenio, Henrik Jensen, Bertrand Jeannet , Kim Larsen
PAPM’01, PAPM’02
x:=x+1
send
x:=0
init #send and x=0 and t=0;
x5
loc send:
when x>=4 goto { success 0.01 ; wait 0.99 };
when x<5 and t<200 goto send assign {x:=x+1; t:=t+1};
x4
x=8
99
100
loc wait:
when x=8 goto send assign {x:=0};
when x<8 and t<200 goto wait assign {x:=x+1; t:=t+1};
1
100
loc success:
when true goto success;
}
x:=x+1
x8
wait
process A
{
var x : uint(4);
t : uint(10);
success
ARTIST2 NoE, Test & Verification Meeting 1
system A;
initial #A.send and A.x=0 and A.t=0;
final #A.success and A.t<200;
25
Partition/Refinement
T
0.5
1
0.5
1
0.5
0.4
1
0.6
1
0.5
1
0.5
0.5
0.5
0.5
ARTIST2 NoE, Test & Verification Meeting 1
26
Partition/Refinement
T
Ta
0.5
0.5
1
1
1
0.5
0.5
1
0.5
0.4
1
0.6
1
0.5
1
0.5
0.5
1
0.5
0.5
0.5
0.5
1
Theorem
0.5
0.5
ARTIST2 NoE, Test & Verification Meeting 1
27