- •CONTENTS
- •PREFACE
- •LIST OF FIGURES
- •INTRODUCTION
- •1.1 WHAT IS TIME?
- •1.2 SIMULATION
- •1.3 TESTING
- •1.4 VERIFICATION
- •1.6 USEFUL RESOURCES
- •2.1 SYMBOLIC LOGIC
- •2.1.1 Propositional Logic
- •2.1.2 Predicate Logic
- •2.2 AUTOMATA AND LANGUAGES
- •2.2.1 Languages and Their Representations
- •2.2.2 Finite Automata
- •2.3 HISTORICAL PERSPECTIVE AND RELATED WORK
- •2.4 SUMMARY
- •EXERCISES
- •3.1 DETERMINING COMPUTATION TIME
- •3.2 UNIPROCESSOR SCHEDULING
- •3.2.1 Scheduling Preemptable and Independent Tasks
- •3.2.2 Scheduling Nonpreemptable Tasks
- •3.2.3 Nonpreemptable Tasks with Precedence Constraints
- •3.2.5 Periodic Tasks with Critical Sections: Kernelized Monitor Model
- •3.3 MULTIPROCESSOR SCHEDULING
- •3.3.1 Schedule Representations
- •3.3.3 Scheduling Periodic Tasks
- •3.4 AVAILABLE SCHEDULING TOOLS
- •3.4.2 PerfoRMAx
- •3.4.3 TimeWiz
- •3.6 HISTORICAL PERSPECTIVE AND RELATED WORK
- •3.7 SUMMARY
- •EXERCISES
- •4.1 SYSTEM SPECIFICATION
- •4.2.1 Analysis Complexity
- •4.3 EXTENSIONS TO CTL
- •4.4 APPLICATIONS
- •4.4.1 Analysis Example
- •4.5 COMPLETE CTL MODEL CHECKER IN C
- •4.6 SYMBOLIC MODEL CHECKING
- •4.6.1 Binary Decision Diagrams
- •4.6.2 Symbolic Model Checker
- •4.7.1 Minimum and Maximum Delays
- •4.7.2 Minimum and Maximum Number of Condition Occurrences
- •4.8 AVAILABLE TOOLS
- •4.9 HISTORICAL PERSPECTIVE AND RELATED WORK
- •4.10 SUMMARY
- •EXERCISES
- •VISUAL FORMALISM, STATECHARTS, AND STATEMATE
- •5.1 STATECHARTS
- •5.1.1 Basic Statecharts Features
- •5.1.2 Semantics
- •5.4 STATEMATE
- •5.4.1 Forms Language
- •5.4.2 Information Retrieval and Documentation
- •5.4.3 Code Executions and Analysis
- •5.5 AVAILABLE TOOLS
- •5.6 HISTORICAL PERSPECTIVE AND RELATED WORK
- •5.7 SUMMARY
- •EXERCISES
- •6.1 SPECIFICATION AND SAFETY ASSERTIONS
- •6.4 RESTRICTED RTL FORMULAS
- •6.4.1 Graph Construction
- •6.5 CHECKING FOR UNSATISFIABILITY
- •6.6 EFFICIENT UNSATISFIABILITY CHECK
- •6.6.1 Analysis Complexity and Optimization
- •6.7.2 Timing Properties
- •6.7.3 Timing and Safety Analysis Using RTL
- •6.7.5 RTL Representation Converted to Presburger Arithmetic
- •6.7.6 Constraint Graph Analysis
- •6.8 MODECHART SPECIFICATION LANGUAGE
- •6.8.1 Modes
- •6.8.2 Transitions
- •6.9.1 System Computations
- •6.9.2 Computation Graph
- •6.9.3 Timing Properties
- •6.9.4 Minimum and Maximum Distance Between Endpoints
- •6.9.5 Exclusion and Inclusion of Endpoint and Interval
- •6.10 AVAILABLE TOOLS
- •6.11 HISTORICAL PERSPECTIVE AND RELATED WORK
- •6.12 SUMMARY
- •EXERCISES
- •7.1.1 Timed Executions
- •7.1.2 Timed Traces
- •7.1.3 Composition of Timed Automata
- •7.1.4 MMT Automata
- •7.1.6 Proving Time Bounds with Simulations
- •7.2.1 Untimed Traces
- •7.2.2 Timed Traces
- •7.3.1 Clock Regions
- •7.3.2 Region Automaton
- •7.4 AVAILABLE TOOLS
- •7.5 HISTORICAL PERSPECTIVE AND RELATED WORK
- •7.6 SUMMARY
- •EXERCISES
- •TIMED PETRI NETS
- •8.1 UNTIMED PETRI NETS
- •8.2 PETRI NETS WITH TIME EXTENSIONS
- •8.2.1 Timed Petri Nets
- •8.2.2 Time Petri Nets
- •8.3 TIME ER NETS
- •8.3.1 Strong and Weak Time Models
- •8.5.1 Determining Fireability of Transitions from Classes
- •8.5.2 Deriving Reachable Classes
- •8.6 MILANO GROUP’S APPROACH TO HLTPN ANALYSIS
- •8.6.1 Facilitating Analysis with TRIO
- •8.7 PRACTICALITY: AVAILABLE TOOLS
- •8.8 HISTORICAL PERSPECTIVE AND RELATED WORK
- •8.9 SUMMARY
- •EXERCISES
- •PROCESS ALGEBRA
- •9.1 UNTIMED PROCESS ALGEBRAS
- •9.2 MILNER’S CALCULUS OF COMMUNICATING SYSTEMS
- •9.2.1 Direct Equivalence of Behavior Programs
- •9.2.2 Congruence of Behavior Programs
- •9.2.3 Equivalence Relations: Bisimulation
- •9.3 TIMED PROCESS ALGEBRAS
- •9.4 ALGEBRA OF COMMUNICATING SHARED RESOURCES
- •9.4.1 Syntax of ACSR
- •9.4.2 Semantics of ACSR: Operational Rules
- •9.4.3 Example Airport Radar System
- •9.5 ANALYSIS AND VERIFICATION
- •9.5.1 Analysis Example
- •9.5.2 Using VERSA
- •9.5.3 Practicality
- •9.6 RELATIONSHIPS TO OTHER APPROACHES
- •9.7 AVAILABLE TOOLS
- •9.8 HISTORICAL PERSPECTIVE AND RELATED WORK
- •9.9 SUMMARY
- •EXERCISES
- •10.3.1 The Declaration Section
- •10.3.2 The CONST Declaration
- •10.3.3 The VAR Declaration
- •10.3.4 The INPUTVAR Declaration
- •10.3.5 The Initialization Section INIT and INPUT
- •10.3.6 The RULES Section
- •10.3.7 The Output Section
- •10.5.1 Analysis Example
- •10.6 THE ANALYSIS PROBLEM
- •10.6.1 Finite Domains
- •10.6.2 Special Form: Compatible Assignment to Constants,
- •10.6.3 The General Analysis Strategy
- •10.8 THE SYNTHESIS PROBLEM
- •10.8.1 Time Complexity of Scheduling Equational
- •10.8.2 The Method of Lagrange Multipliers for Solving the
- •10.9 SPECIFYING TERMINATION CONDITIONS IN ESTELLA
- •10.9.1 Overview of the Analysis Methodology
- •10.9.2 Facility for Specifying Behavioral Constraint Assertions
- •10.10 TWO INDUSTRIAL EXAMPLES
- •10.10.2 Specifying Assertions for Analyzing the FCE Expert System
- •Meta Rules of the Fuel Cell Expert System
- •10.11.1 General Analysis Algorithm
- •10.11.2 Selecting Independent Rule Sets
- •10.11.3 Checking Compatibility Conditions
- •10.12 QUANTITATIVE TIMING ANALYSIS ALGORITHMS
- •10.12.1 Overview
- •10.12.2 The Equational Logic Language
- •10.12.3 Mutual Exclusiveness and Compatibility
- •10.12.5 Program Execution and Response Time
- •10.12.8 Special Form A and Algorithm A
- •10.12.9 Special Form A
- •10.12.10 Special Form D and Algorithm D
- •10.12.11 The General Analysis Algorithm
- •10.12.12 Proofs
- •10.13 HISTORICAL PERSPECTIVE AND RELATED WORK
- •10.14 SUMMARY
- •EXERCISES
- •11.1 THE OPS5 LANGUAGE
- •11.1.1 Overview
- •11.1.2 The Rete Network
- •11.2.1 Static Analysis of Control Paths in OPS5
- •11.2.2 Termination Analysis
- •11.2.3 Timing Analysis
- •11.2.4 Static Analysis
- •11.2.5 WM Generation
- •11.2.6 Implementation and Experiment
- •11.3.1 Introduction
- •11.3.3 Response Time of OPS5 Systems
- •11.3.4 List of Symbols
- •11.3.5 Experimental Results
- •11.3.6 Removing Cycles with the Help of the Programmer
- •11.4 HISTORICAL PERSPECTIVE AND RELATED WORK
- •11.5 SUMMARY
- •EXERCISES
- •12.1 INTRODUCTION
- •12.2 BACKGROUND
- •12.3 BASIC DEFINITIONS
- •12.3.1 EQL Program
- •12.3.4 Derivation of Fixed Points
- •12.4 OPTIMIZATION ALGORITHM
- •12.5 EXPERIMENTAL EVALUATION
- •12.6 COMMENTS ON OPTIMIZATION METHODS
- •12.6.1 Qualitative Comparison of Optimization Methods
- •12.7 HISTORICAL PERSPECTIVE AND RELATED WORK
- •12.8 SUMMARY
- •EXERCISES
- •BIBLIOGRAPHY
- •INDEX
PREFACE
This text is based on two rich sources: (1) materials in lecture notes I taught to senior and graduate-level computer science and electrical engineering students at Rice University and at the University of Houston, and (2) my research in the area of timing analysis and verification of real-time systems since the late 1980s, especially in the emerging area of embedded rule-based systems. Condensed forms of key concepts appearing in this text have been presented in my tutorials and seminars at many major international conferences. The focus is on the formal analysis and verification of real-time systems. The text is self-contained in that it includes a presentation of basic real-time scheduling algorithms and schedulability analysis as well as a description of the necessary background in logic and automata theory for understanding the more advanced materials. It provides a clear presentation of the concepts underlying the formal methods for real-time systems design.
Many of the systems and devices used in our modern society must provide a response that is both correct and timely. More and more computer systems are built as integral parts of many of these systems to monitor and control their functions and operations. These embedded systems often operate in environments where safety is a major concern. Examples range from simple systems such as climate-control systems, toasters, and rice cookers to highly complex systems such as airplanes and space shuttles. Other examples include hospital patient-monitoring devices and braking controllers in automobiles. Toward the goal of ensuring that these safety-critical systems operate as specified by the design and safety requirements, we have to develop sound methodologies and apply the corresponding tools to analyze and verify that these systems meet their specifications.
Much has been written in the area of formal analysis and verification of realtime systems in the form of technical papers that assume an advanced mathematical
xiii
xiv PREFACE
background on the part of the reader. Many of these presentations tend to be narrow in their coverage and many are model, architecture, or implementation dependent. Although they are timely and useful disseminations of state-of-the-art results, often there is little unifying discussion or foundation linking or relating the different results, making it difficult to make use of the results in practice. They are usually written in a formal manner with extensive notation and proofs, and with the assumption that the reader is a knowledgeable researcher in the same field. Since research results must be reported in a timely manner in the scientific field, authors of these papers do not have the time and space to show extensive examples or to provide a more tutorial perspective. Several books are available on the subject of analysis and verification of real-time systems, but they are basically collections of papers in their original form, sometimes with very brief, additional introductions to the papers.
Therefore, the purpose of this text is to make the most significant of these state- of-the-art materials accessible to upper-division undergraduates (juniors and seniors) and first-year graduates while still serving as a resourceful reference for more advanced practitioners and researchers by providing an extensive bibliography and pointers to more detailed papers on selected topics. This text is also a more unified treatment of the different approaches to analysis and verification. It compares these approaches and relates one approach to another so that the reader can decide when to use which approach or combination of approaches. The text does not attempt to be comprehensive but does present the most significant trends in the field. Thus, it also serves as a motivating source to generate interest in the area in order to tackle the many difficult problems awaiting correct or efficient solutions.
EXAMPLES
The text describes the application of the presented techniques and tools to a variety of industrial and toy examples. For easy reference, we list the major examples:
•Automatic air conditioning and heating unit (chapter 2)
•Simplified automobile control (chapters 2, 4, 7)
•Smart traffic light system for a traffic intersection (chapters 2, 8)
•Railroad crossing (chapters 4, 6)
•Mutual exclusion problem for processes (chapter 5)
•NASA X-38 Crew Return Vehicle avionics (chapter 6)
•NASA Mars Odyssey Orbiter (chapter 5)
•Message sending and acknowledgment (chapter 7)
•Airport radar system (chapter 9)
•Object detection (chapter 9)
•Space Shuttle Cryogenic Hydrogen Pressure Malfunction Procedure (chapter 10)
•Fuel cell expert system (FCE) (chapter 10)
PREFACE xv
•Integrated status assessment expert system (ISA) (chapters 10, 11, 12)
•Seat assignment (chapter 11)
•Analysis of 2D line-drawing representation of 3D objects (chapter 11)
•Space Shuttle Orbital Maneuvering and Reaction Control Systems’ Valve and Switch Classification Expert System (OMS) (chapter 11)
TEXT OUTLINE
Common to every chapter is a description of the available design, analysis, and verification tools; a section on historical perspective and related work; a summary; and a set of exercises.
Chapter 1 introduces real-time systems, defines the notion of time and how to measure it, and provides a synopsis of several analysis techniques, including simulation, testing, verification, and run-time monitoring. It also gives pointers to useful resources in the study and design of real-time systems.
Chapter 2 describes the analysis and verification of non-real-time systems using symbolic logic and automata-theoretic approaches. It covers topics in propositional logic, proving satisfiability using the resolution procedure, predicate logic, prenex normal forms, Skolem standard forms, proving unsatisfiability of a clause set with Herbrand’s procedure and the resolution procedure, languages and their representations, finite automata, and the specification and verification of untimed systems.
Chapter 3 presents real-time scheduling and schedulability analysis, covering topics in computation time prediction, uniprocessor scheduling, scheduling preemptable and independent tasks, fixed-priority schedulers, rate-monotonic and deadlinemonotonic algorithms, dynamic-priority schedulers, earliest-deadline-first (EDF) algorithm, least-laxity-first (LL) algorithm, scheduling nonpreemptable sporadic tasks, nonpreemptable tasks with precedence constraints, periodic tasks with precedence constraints, communicating periodic tasks, deterministic rendezvous model, periodic tasks with critical sections, kernelized monitor model, multiprocessor scheduling, schedule representations, scheduling game board, sufficient conditions for conflictfree task sets, scheduling periodic tasks on a multiprocessor, PERTS, PerfoRMAx, TimeWiz, and real-time operating systems (RTOSs).
Chapter 4 describes model checking of finite-state systems. Topics covered include system specification, Clarke–Emerson–Sistla model checker, CTL, complete CTL model checker in C, symbolic model checking, binary decision diagrams, realtime CTL, minimum and maximum delays, minimum and maximum number of condition occurrences, and state graphs with non-unit transition time.
Chapter 5 presents visual formalism, Statecharts, and Statemate, covering basic Statecharts features, including OR-decomposition, AND-decomposition, delays and timeouts, condition and selection entrances, and unclustering. It also describes activity-charts, module-charts, Statechart semantics, and code executions and analysis.
Chapter 6 describes real-time logic (RTL), graph-theoretic analysis, and Modechart, covering specification and safety assertions, event-action model, restricted
xvi PREFACE
RTL formulas, constraint-graph construction, unsatisfiability check, analysis complexity and optimization, NASA X-38 Crew Return Vehicle X-38 Avionics Architecture, Modechart, verification of timing properties of Modechart specifications, system computations, and computation graphs. It presents techniques for finding the minimum and maximum distance between endpoints, and exclusion and inclusion of endpoint and interval.
Chapter 7 describes verification using timed automata. Topics covered include Lynch–Vaandrager automata-theoretic approach, timed executions, timed traces, composition of timed automata, MMT automata, proving time bounds with simulations, Alur–Dill automata-theoretic approach, untimed traces, timed traces, Alur–Dill timed automata, Alur–Dill region automaton and verification, and clock regions.
Chapter 8 presents untimed Petri nets and time/timed Petri nets. Topics covered include conditions for firing enabled transitions, environment/relationship nets, high-level timed Petri nets (HLTPNs), time ER nets, strong and weak time models, properties of high-level Petri Nets, Berthomieu–Diaz analysis algorithm for TPNs, determining fireability of transitions, deriving reachable classes, Milano Group’s approach to HLTPN analysis, and facilitating analysis with TRIO.
Chapter 9 presents process-algebraic approaches to verification, covering untimed process algebra, Milner’s Calculus of Communicating Systems (CCS), direct equivalence of behavior programs, congruence of behavior programs, equivalence relations, bisimulation, timed process algebras, Algebra of Communicating Shared Resources (ACSR), syntax of ACSR and semantics of ACSR, operational rules, analysis, and VERSA.
Chapter 10 describes the design and timing analysis of propositional-logic rulebased systems. Topics covered include real-time decision systems, real-time expert systems, EQL language, state space representation, computer-aided design tools, response time analysis problem, finite domains, special form, general analysis strategy, synthesis problem, time complexity of scheduling equational rule-based programs, method of Lagrange multipliers, specifying termination conditions in Estella, behavioral constraint assertions, syntax and semantics of Estella, specifying Special Forms with Estella, context-free grammar for Estella, Estella-General Analysis Tool, selecting independent rule set, constructing and checking the dependency graph, checking compatibility conditions, checking cycle-breaking conditions, quantitative timing analysis algorithms, mutual exclusiveness and compatibility, high-level dependency graph, and rule-dependency graph.
Chapter 11 presents the timing analysis of predicate-logic rule-based systems, covering the OPS5 language, Rete network, Cheng–Tsai timing analysis methodology, static analysis of control paths in OPS5, termination analysis, termination detection, enabling conditions of a cycle, prevention of cycles, program refinement, redundant conditions, redundant extra rules, timing analysis, prediction of the number of rule firings, WM generation, maximizing matching time, maximizing rule firings, complexity and space reduction, ordering of the initial WMEs, Cheng–Chen timing analysis methodology, classification of OPS5 programs, maximal numbers of new matching WMEs number of comparisons, the class of cyclic programs, and removing cycles with programmer’s help.
PREFACE xvii
Chapter 12 describes the optimization of rule-based systems. Topics covered include execution model of a real-time decision system based on a state space representation, several optimization algorithms, derivation of an optimized state space graph, synthesis of an optimized EQL(B) program, EQL(B) programs without cycles, EQL(B) programs with cycles, qualitative comparison of optimization methods, constraints over EQL language required by optimization, and optimization of other real-time rule-based systems.
ACKNOWLEDGMENTS
I would like to express my sincere thanks to editor Andrew J. Smith, who first inivited me to embark on this textbook project, to the current senior editor Philip Meyler, who is very supportive and flexible with deadlines, to the anonymous reviewers for providing constructive comments, to my Ph.D. student Mark T.-I. Huang for drawing many of the figures, and to associate managing editor Angioline Loredo, Kirsten Rohsted, and the editorial staff for professional editing. My family and friends have provided continuous encouragement and support for which I am greatly indebted.
ALBERT M. K. CHENG
Houston, TX