0
Model-checking  AUTOSAR BasicSoftware Component             Masters thesis by            Venkata Kalyan Ram   Software Eng...
Agenda•   Introduction     – Problem statement•   Model-Checking     – Modelling     – Specification•   AUTOSAR     – CAN ...
Introduction•   Electronic Control Units (ECUs) are the basic blocks of    many features of an automobile                 ...
Introduction• Example: Parking assistance                     4
Introduction     5
Introduction•   ECUs are connected as a network of nodes•   Networked ECUs forms a distributed and networked system       ...
Introduction           Different bus types           and/or networks like           CAN, LIN, FlexRay,           etc.     ...
Problem statement•   Verifying the design of the software early during the    development life cycle is considered highly ...
•   Introduction     – Problem statement•   Model-Checking     – Modelling     – Specification•   AUTOSAR     – CAN Networ...
Model-checking•   A Formal Verification technique•   Formal Verification     “Mathematically proving the correctness of a ...
Model-checking•   Modeling    –   Finite state machines•   Specification    –   Expressed with temporal aspects of the pro...
Model-checking        Model(Abstract of a system)                                      Answer                             ...
Model-checking                  PROMELA           (PROcess MEta LAnguage)                                                 ...
Modeling•   An example of an audio player     – A finite state model of the audio player                           Stop   ...
Modeling•   PROMELA code of the model of the audio player                            15
Modeling•   PROMELA code of the model of the audio player                            16
Modeling•   PROMELA code of the model of the audio player                            17
Modeling•   PROMELA code of the model of the audio player                            18
Specification•   Common operators of Linear Temporal Logic             G or □ – Globally or Always p             F or ◊ – ...
Specification•   Property to be verified –     “Whenever the play button is pressed, it is guaranteed that the     song wi...
•   Introduction     – Problem statement•   Model-Checking     – Modelling     – Specification•   AUTOSAR     – CAN Networ...
AUTOSAR•     AUtomotive Open Software ARchitecture•     Layered architecture                            Application layer ...
AUTOSAR•   The communication services are the group of modules for    vehicle network communication (CAN, LIN and FlexRay)...
AUTOSAR   24
CAN Network Management•   Decentralized network    management strategy•   Periodic NM-Message    transmission via broadcas...
CAN Network Management          26
CAN Network Management                                         Network mode                              Ready            ...
Tx or Rx                             Network modeCAN NetworkManagement                          NM_Timer     NetRel &     ...
•   Introduction     – Problem statement•   Model-Checking     – Modelling     – Specification•   AUTOSAR     – CAN Networ...
Case-Study: Verification•   Properties are drawn from the key requirements•   3 properties were verified     – 2 are tempo...
•   Introduction     – Problem statement•   Model-Checking     – Modelling     – Specification•   AUTOSAR     – CAN Networ...
Results & Reflections•   All the properties were satisfied on the model•   By this study the characteristic non-determinis...
References•   AUTOSAR illustrations from www.autosar.org•   Clarke, Edmund M. “Model Checking.” Foundations of    Software...
Thank you
Upcoming SlideShare
Loading in...5
×

Thesis Presentation

581

Published on

This is a master’s thesis presentation.

The thesis is a qualitative case study about the application of a formal software verification technique on a module belonging to the standard called AUTOSAR.

Published in: Technology, Business
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
581
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
27
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide
  • DSP – Digital Signal ProcessorFPGA – Field programmable gate array
  • Transcript of "Thesis Presentation"

    1. 1. Model-checking AUTOSAR BasicSoftware Component Masters thesis by Venkata Kalyan Ram Software Engineering and Management Department of Computer Science and Engineering
    2. 2. Agenda• Introduction – Problem statement• Model-Checking – Modelling – Specification• AUTOSAR – CAN Network Management• Case-Study: Verification• Results & Reflections
    3. 3. Introduction• Electronic Control Units (ECUs) are the basic blocks of many features of an automobile 3
    4. 4. Introduction• Example: Parking assistance 4
    5. 5. Introduction 5
    6. 6. Introduction• ECUs are connected as a network of nodes• Networked ECUs forms a distributed and networked system 6
    7. 7. Introduction Different bus types and/or networks like CAN, LIN, FlexRay, etc. • Each node may be a processor, a DSP, an FPGA, etc • Depending on the type of application, nodes may be units of individual chips, or small embedded computers 7
    8. 8. Problem statement• Verifying the design of the software early during the development life cycle is considered highly essential• Testing can only show that a system is working as intended, whereas verification can show the correctness proof of a system• Thus it is the aim of this thesis to perform such verification on a model of a software module which is part of a broader framework called AUTOSAR 8
    9. 9. • Introduction – Problem statement• Model-Checking – Modelling – Specification• AUTOSAR – CAN Network Management• Case-Study: Verification• Results & Reflections
    10. 10. Model-checking• A Formal Verification technique• Formal Verification “Mathematically proving the correctness of a design with respect to mathematical formal specification”• Introduced by Edmund M. Clarke & Joseph Sifakis• Given a model M and a specification P of a system, determine whether the specification P is satisfied on the model M.• This is written as ? M P 10
    11. 11. Model-checking• Modeling – Finite state machines• Specification – Expressed with temporal aspects of the property – Temporal Aspects • Linear time • Discrete time • Branching time• Verification – Process of searching the state space of a model exhaustively to determine whether a specified property fails. 11
    12. 12. Model-checking Model(Abstract of a system) Answer Yes  If Model satisfies Model the specification checker Counter Example  If Model doesn’t satisfy the specification Specification (System property) 12
    13. 13. Model-checking PROMELA (PROcess MEta LAnguage) Answer Yes  If Model satisfies the specification SPIN Counter Example  If Model doesn’t satisfy the specification LTL (Linear Temporal Language)• SPIN – Simple PROMELA INterpreter• Developed in 1980 at Bell Labs by Gerard J. Holzmann 13
    14. 14. Modeling• An example of an audio player – A finite state model of the audio player Stop Idle Playing Play Pause Stop Play Paused 14
    15. 15. Modeling• PROMELA code of the model of the audio player 15
    16. 16. Modeling• PROMELA code of the model of the audio player 16
    17. 17. Modeling• PROMELA code of the model of the audio player 17
    18. 18. Modeling• PROMELA code of the model of the audio player 18
    19. 19. Specification• Common operators of Linear Temporal Logic G or □ – Globally or Always p F or ◊ – Finally or Eventually p 19
    20. 20. Specification• Property to be verified – “Whenever the play button is pressed, it is guaranteed that the song will be played”• Expressed in LTL ((input == play) -> (CURRENT_STATE == PLAYING)) 20
    21. 21. • Introduction – Problem statement• Model-Checking – Modelling – Specification• AUTOSAR – CAN Network Management• Case-Study: Verification• Results & Reflections
    22. 22. AUTOSAR• AUtomotive Open Software ARchitecture• Layered architecture Application layer AUTOSAR Runtime Environment (RTE) System services Memory Communication I/O Hardware Compl ex services services Abstraction drivers Onboard device Memory Communication hardware hardware abstraction abstraction abstraction Microcontroller Memory drivers Communication I/O Drivers devices drivers Microcontroller 22
    23. 23. AUTOSAR• The communication services are the group of modules for vehicle network communication (CAN, LIN and FlexRay)• They are interfacing with communication drivers via the communication hardware abstraction 23
    24. 24. AUTOSAR 24
    25. 25. CAN Network Management• Decentralized network management strategy• Periodic NM-Message transmission via broadcast transmission• Two key-requirements are: – Every node shall transmit messages – If no messages are transmitted, every node shall make a transition to Sleep Mode 25
    26. 26. CAN Network Management 26
    27. 27. CAN Network Management Network mode Ready Sleep State Repeat Message State Normal Operation Bus- Sleep Mode Prepare Bus- Sleep Mode 27
    28. 28. Tx or Rx Network modeCAN NetworkManagement NM_Timer NetRel & Ready Sleep Repeat_Message_Timer State NM_TimerFollowing are called by expiry expiry /Generic NM Wait_Bus Repeat RepeatReq _Sleep_TiCanNm_NetworkRequest() Message mer StateCanNm_NetworkRelease() startCanNm_RepeatMessageReq NetReq NetRel RepeatRequest() NetReq &Following are called by Repeat_Message_Timer expiry NM_TimerCAN_IFCanNm_TxConfirmation() Normal OperationCanNm_RxIndication() Bus- Sleep Mode NetReq || Rx /The timers are NM_Timer startNM_Timer Wait_Bus_Sleep_Timer Rx Prepare Bus-Repeat_Message_Timer Sleep ModeWait_Bus_Sleep_Timer 28
    29. 29. • Introduction – Problem statement• Model-Checking – Modelling – Specification• AUTOSAR – CAN Network Management• Case-Study: Verification• Results & Reflections
    30. 30. Case-Study: Verification• Properties are drawn from the key requirements• 3 properties were verified – 2 are temporal in nature – 1 is an assertion• The temporal properties are – P1 – “CAN NM should enter Normal Operation state whenever network is requested” □(NetReq -> ◊ Normal_Operation) – P2 – “If the network is released, CAN NM shall be put to sleep mode” □(NetRel -> ◊ Bus_Sleep_Mode)• The assertion property is – P3 – “All the states specified for CAN NM are reachable” e.g. – assert(CURRENT_STATE == NORMAL_OPERATION) 30
    31. 31. • Introduction – Problem statement• Model-Checking – Modelling – Specification• AUTOSAR – CAN Network Management• Case-Study: Verification• Results & Reflections
    32. 32. Results & Reflections• All the properties were satisfied on the model• By this study the characteristic non-determinism of CAN NM, has been made explicit• Abstraction played a key role while modeling CAN NM• Model-checking showed to be a good technique for detecting non-determinism and also building a good verification model 32
    33. 33. References• AUTOSAR illustrations from www.autosar.org• Clarke, Edmund M. “Model Checking.” Foundations of Software Technology and Theoretical Computer Science, Lecture Notes in Computer Science. Vol. 1346. Springer Berlin/ Heidelberg, 1997. 54-56.• Temporal Logic Formulas Illustrations by Alessandro Artale, Free University of Bolzano• Parking assistance illustration from Valeo Service, The Netherlands 33
    34. 34. Thank you
    1. A particular slide catching your eye?

      Clipping is a handy way to collect important slides you want to go back to later.

    ×