forges: formal synthesis of generators for embedded … · 2011. 5. 13. · asme trans. v111, dec....

AFRL-IF-RS-TR-2005-196 Final Technical Report May 2005 FORGES: FORMAL SYNTHESIS OF GENERATORS FOR EMBEDDED SYSTEMS Kestrel Institute Sponsored by Defense Advanced Research Projects Agency DARPA Order No. K217

APPROVED FOR PUBLIC RELEASE; DISTRIBUTION UNLIMITED.

The views and conclusions contained in this document are those of the authors and should not be interpreted as necessarily representing the official policies, either expressed or implied, of the Defense Advanced Research Projects Agency or the U.S. Government.

AIR FORCE RESEARCH LABORATORY INFORMATION DIRECTORATE

ROME RESEARCH SITE ROME, NEW YORK

STINFO FINAL REPORT

This report has been reviewed by the Air Force Research Laboratory, Information Directorate, Public Affairs Office (IFOIPA) and is releasable to the National Technical Information Service (NTIS). At NTIS it will be releasable to the general public, including foreign nations. AFRL-IF-RS-TR-2005-196 has been reviewed and is approved for publication APPROVED: /s/ NANCY A. ROBERTS Project Engineer FOR THE DIRECTOR: /s/ JAMES A. COLLINS, Acting Chief Advanced Computing Division Information Directorate

REPORT DOCUMENTATION PAGE Form Approved

OMB No. 074-0188 Public reporting burden for this collection of information is estimated to average 1 hour per response, including the time for reviewing instructions, searching existing data sources, gathering and maintaining the data needed, and completing and reviewing this collection of information. Send comments regarding this burden estimate or any other aspect of this collection of information, including suggestions for reducing this burden to Washington Headquarters Services, Directorate for Information Operations and Reports, 1215 Jefferson Davis Highway, Suite 1204, Arlington, VA 22202-4302, and to the Office of Management and Budget, Paperwork Reduction Project (0704-0188), Washington, DC 20503 1. AGENCY USE ONLY (Leave blank)

2. REPORT DATEMay 2005

3. REPORT TYPE AND DATES COVERED Final Jun 00 – Jun 04

4. TITLE AND SUBTITLE FORGES: FORMAL SYNTHESIS OF GENERATORS FOR EMBEDDED SYSTEMS

6. AUTHOR(S) Lindsay Errington

5. FUNDING NUMBERS C - F30602-00-C-0155 PE - 62302E PR - MOBI TA - 00 WU - 02

7. PERFORMING ORGANIZATION NAME(S) AND ADDRESS(ES) Kestrel Institute 3260 Hillview Avenue Palo Alto CA 94304

8. PERFORMING ORGANIZATION REPORT NUMBER N/A

9. SPONSORING / MONITORING AGENCY NAME(S) AND ADDRESS(ES) Defense Advanced Research Projects Agency AFRL/IFT 3701 North Fairfax Drive 525 Brooks Road Arlington VA 22203-1714 Rome NY 13441-4505

10. SPONSORING / MONITORING AGENCY REPORT NUMBER AFRL-IF-RS-TR-2005-196

11. SUPPLEMENTARY NOTES AFRL Project Engineer: Nancy A. Roberts/IFT/(315) 330-3566 [email protected]

12a. DISTRIBUTION / AVAILABILITY STATEMENT APPROVED FOR PUBLIC RELEASE; DISTRIBUTION UNLIMITED.

12b. DISTRIBUTION CODE

13. ABSTRACT (Maximum 200 Words) A number of tools exist that allow engineers to construct models of embedded systems. Models are expressed in a variety of languages including domain specific languages. These models provide input to generators that: 1) produce code, test suites, views of components in the model, and/or 2) analyze or compose models. Generators, however, are often difficult and expensive to develop. Moreover, due to the safety critical nature of embedded systems, it is crucial that generators be high assurance. This project has developed technology for the automated synthesis of model-based generators from language meta-models. Using partial evaluation, Kestrel has demonstrated the synthesis of generators that are provably correct, and that can be produced and modified with drastically less time and effort compared with manual production. The success of the project can be traced to two major contributions. The first, a technology breakthrough, is a new tractable formulation of partial evaluation. The second is a collection of meta-models that serve as comprehensive definitions of the semantics of widely-used commercial modeling languages.

15. NUMBER OF PAGES14. SUBJECT TERMS Model-based generators, partial evaluation, embedded systems model based development, Matlab, Stateflow, high assurance of COTS, production code 16. PRICE CODE

17. SECURITY CLASSIFICATION OF REPORT

UNCLASSIFIED

18. SECURITY CLASSIFICATION OF THIS PAGE

UNCLASSIFIED

19. SECURITY CLASSIFICATION OF ABSTRACT

UNCLASSIFIED

20. LIMITATION OF ABSTRACT

UL

NSN 7540-01-280-5500 Standard Form 298 (Rev. 2-89) Prescribed by ANSI Std. Z39-18 298-102

41

��

� ��

� ��

# $ "�� "�� %

� ��

� ��

% $ �� &�� '

� ��

! �� "

# �� "

( $ !��)�� $*( $ $ !�� !�� $#( $ # �� !�� $%( $ + ,�� $-

( # �� $-( # $ �� $.( # # �� #*( # + ,�� ##( # % /�� #+

( + !0��1 #+

$��

$ ��%�& �'�� !

� ��( �'��

�

��

$ "�� 0�� ## �� 2�� -+ �� (% "�� 3- !��2�� .' !�� $$( !�� &�� !�� $'3 !�� &��

�� !�� $(. ,�� !��)�� !�� $3$* !��4 �� !��)�� !�� $3$$ �� !��)�� #($# !��5 6�7��4 �� 67��8�� ++$+ �� !�� 67��8�� +%$% 9�� "�� 0�� 67��8�� +-

��

��

� �� 1�� : ��

�� ;�� 2� �� "��

�� 1��

�� 86�"&! �� 9�� :� �� &��

�� 1��?��4� �� 1�� !��4 �� !��)�� :� 1�� /�� @�1/A �� !�� 4� !��:�� /�� @!�/A �� :

��;�� B�� C �� D

��

��:�� 4�� &�� B��C �� !��)�� E(F �� !�� 4�� E+F ��

�� B�� 5� ��

8�� $ �� 0��

$

�!/

!��)��

!��4

!��

!�/

1��/�7

��!�5G

!1,

0

,H�/

�!/

!��

��

8�� $C "�� 0��

�� :�� 4 ��

�� !��)�� !��)�� 0 �� H�� /�� 4� !��)�� !��4�� !�� 2�� :�� !��

?�� :�� 6�� 7�� 4�� !�� 4�� :�� :��

!�� 22�� !��)�� 0 ��

�� ?� �� 8�� !��4 �� !��)�� !�� 8�� 1��

�� !��4 �� !��)�� 0 �� 8�� 0 �� !��

�� 8�� ?�� )�� 5� �� =�� 4� ��> E3F ��

#

�� :�� B�� @�� 2�� A �� 4� �� B��

�� B�� &�� 4�!��)�� !�� 5� �� 2�� 4�8�� =�� > �� !��4 �� !��)��

��

�� 1�� 2� �� 7� �� :�� 2�� B� ��

�� 4�� 4�� &�� 4 �� @�� E%FA�� !�� E$F ��

��

� ��

��

� ��

��

��

�

8�� #C �� 2��

�� !��2��

��

� �� &�� 5� �� 4�� 4�� 1��

��:�� ?� �� :�� 4�� J E.F !�� /��K� �/� E-F

�� :��

�� )�� 8�� :��

)��

� � ��

� � ��

� � ��

� � ��

* ��

* ��

8�� + �� &��

� � ��

� ��

��

��

��

�

�

�

�

��

� � ��

8�� +C ��

�� :�� 4� �� 1��

��

�� 8�� 8�� + ��

��

�� :�� 8�� @� ��A ��

)�� !�� "

� ��

� ��

� #�� $��

* ��

(

* ��

* ��

* ��

* � ��

� � �

�

�

�

�

! ! !

!

! � ��

��

� � �

��

� � ��

� �� "�

8�� %C "��

8�� % �� G�� :��

8�� - �� 2�� 8�� % �� 8�� % ��

! ��"�� #��

�� 2�� H�� 2��

�� :�� 4 ��

5�� :�� %�� 6�� :�� 4��K�� 6��

3

��

��

��

��

��

��

��

��

��

��

��

��

��

! � ! � ! �

! � ! �

! �

! �

! �

! �

! � � ��

��

��

��

��

��

��

��

8�� -C !��2��

.

$ ��

�� 2��

�� 5� �� H�� 4 �� 8��

?� �� 5�� 0� �� 2�� 0 �� ;�� 0 5� �� 0 �� 8�� 0 �� 4� ��

�� 2�� 4� 0 �� 5� ��

�� 4 �� 2�� :��

� �� :�� 2�� 8�� :�� :�� 7� �� :�� 0� ��

% ��"��

��

!��)�� !�� E#F� �� K� !��4 E'F �� ?�� !��)��

�� !�� 2� �� B�� ?�� @��A �� @��AL�� B�� )�� B��

+�� C �� 4��4��

$*

1�� 6��@�� !��)��A

6��

��

1�� 7!��

��&��

1��@�� !��)�� A

1�� 7!��

5��@�� 0A

0��@�� 0A

8�� 'C !��

$$

)�� &��

�� ;�� !��)�� 0 �� !��4

,�� &��

�� !��)�� H��

��

��

��

�� !��)�� 2�� 1��?��4�� !��)�� :��

��

�� !�� " ��#

�� !�� " ��#

�� !�� " ��#

�� !�� " ��#

�� !�� " ��#

�� !�� " ��#

�� !�� " ��#

�� !�� " ��#

�� !�� " ��#

�� !�� " � ��#

0�� 8�� :�� 6�� 6��

�� " $� !%�� #

" &�� !%�� #

" ��

� ��

� ��$��

H�� $�� &�� G�� $�� :��

��

�� /�4��

�� " ��

" ��

� ��$�� $��

� ��$��

��

/�� :�� &��

:��

��

�� 4� ��

��M�� 5� �� :� ��

��

�� M��

�� 4��

��

$+

?� �:��

� ��$�� $��

� ��$�� $��

� ��&��$�� $��

� ��$�� $��

�� :� �� 5��

� �� %��

� ��$�� %��

� ��$�� %��

��

#-�-� )��

�� !��)�� 6�� :�� !��)��

��

�� !��)�� 5�� =��> �� =��> �� ?�� 4� � �� 5� ��

�� ?��

$ !�� ?��

# ��

+ �� 6��

��

�� =��>

% 6� �� 4�� 5�� 4� ��!��)�� 4��4� ��4��

��

$%

- ��

� �� !�� " �� # $��%&' �� %� �� # ��!��' �� " �� # $��%&' �� !��%#�� (� � �� " �� " �� # $��%&' �� )� ��(� �� (�� #�� %&

��

�� C

� 5� �� :��

� 5� ��

� ��

� 1��4 ��

8�� (C !�� &�� !��

$'

� �� !�� *� �� # $

��+��%#�� " ,-� �� " ��.��/0�� +��%#�� # $��.��' �� " ��1��)!��%�!�� # $��%&' �� # $

��+��%#�� " ,-� �� " ��.��/0�� +��%#�� # $��.��' �� %&�� !�� " ��!�� # $��%&' �� %&�� %� �� #�� $��!��' �� !��' �� " ��!�� 2!�� %� �� 2 33 �(� �� 33 2 �� 2�

��

��

�� C

� �� )��

�� @�� &��

�� !�� 8��"��A 5� ��

�� @G�� B�� A

� ��

� �� )��

�� 5� ��

�� $ ��

��

8�� 3C !�� &��

�� !��

$(

EventsFrom Proxy

Eventsto

Proxy

Matlab

Mathworks

Meta−Model

Kestrel

8�� .C ,�� !��)�� !��

References:− D. Cho and J.K. Hedrick: "Automotive Powertrain Modeling for Control",

ASME Trans. V111, Dec. 1989, pp. 568−576.− Butts, K., "Analysis Needs for Automotive Powertrain Control,"

Proceedings of The 7th Mechatronics Forum International Conference, September 6−8 2000, Atlanta, Georgia.

1

ngear

gear

V

shift_speed_12

shift_speed_21

shift_speed_23

shift_speed_32

shift_speed_34

shift_speed_43

to_gear

shift_schedule

1

power

m_s_to_km_h

m_s_to_km_h

0.75

economy

Scope

4_3shift

3_4_shift

3_2_shift

2_3_shift

2_1_shift

1_2_shift

Proxy

4

gear

3

p_e_switch

2

vss

1

tps

shift_speed_34

shift_speed_32

shift_speed_23

shift_speed_21

shift_speed_12

vss_kmh

shift_speed_43

to_gear

8�� $*C !��4 �� !��)�� !��

$3

�� 4 �� '�� 2� �� 4� �� :�� :�� 4� �� :��

��

9��K� �� 0 �� 4� ��

��

�� !��)��

�� !��5 �� :�� 4� ��

#-�-� /��

�� 2�� 6�� : ��

�� B�� :�� 8�� C

�� '() �* � !�) +#

( � ��,!�#-

� � ( . +-

��

5� � �� + �� ( ��

�� :�� 8�� )�� C

( � / . 0 1 - 22 �,��( ��

� � 3�34

( � !( . #560- 22 �� +��

��

( � ( � - 22 � 34

�� -

( � - 22 �,��( ��

$.

�� 8��C

(!3# � 0- 22 3(3) ��+��

(!0# � - 22 3(0) �,��( !��+��#

(!0)3# � /- 22 0(0) �,��( !��+��#

�� 6� �� B��

#-�-� ��

�� !��5K� �� 4� !�� C

)�0�� (��

�� C

� (��

� � � 51 + 51 � 51 � . � 51 51 < 51 �-

��

��,�3 � � 51 + 51 � 51 �-

��,�0 � � 51 51 < 51 �-

� � ��,�3 . ��,�0-

�� ,�0-

�� ,�3-

�� ,�3 �� ,�0 �� :� �� B��

/�� 0�� :�� @�� A ��

2 �� 0 �� B�� @�� A �� 0 �� 0��: �� @$A �� 0 �� @#A �� 0 �� @�� 4A ��

#-�-� .��

�� 0 �� 4� �� !��5K� &�� !�� &% �� 4� �� !��5K� 0 ��4� �� :�� !��5

!��5K� �� '� �� !��4K� &�� 8�� 4� �� 4� �� 1��?��4� ��

�� 9��K� �� )�� 1��?��4� �� C �� 1��?��4� �� :��

#-�-� 3��

6��

� 0�� B��

� ��

?�� B�� !��)�� 0 ��

�� 7�� 1�� 8�� 1��?��4� �� !�� B�� 7�� 1��K� �� C

�� 9�� B�� 2� �� 5� �� 4�� !�� 1��?��4�� 9��4 �� 5� �� !��)��

�� ?� �� 4� ��

�� :�� $***� �� 5� �� 0 �� 5� ��

?�� 1�� 0 �� ,�� 5��!�� !��5 �� 6&� �� C

�� 9�� 0 �� 0 �� ## �� %- ��4�� &% ?� ��

�� 2� �� !��)�� 0 �� &�� :�� < �� $*��

8�� "�� 0 7��4�� 1�75&! �� 6&� ��

1� "�� 9��K� !��)�� 0 ��

�� K� �� 5� �� !��)�� !��)��

�� !��)�� :� � �� 1� "��

�� 4�� 0�� :��

1� "�� :�� !��)��

�� :�� =!��> �� !��)�� H�� 4��

�� C

�� (��;��=��!�� #-

>�� (��&�� !��

' ��(�) �*��

8�� $$ �� !��)�� 4�� 6&� 5� �:�� 9�� 0 ��

#'

forges1a/shift_schedule

Printed 30−Nov−2004 13:07:31

third_gearentry: to_gear=3;first_gear

entry: to_gear = 1;

shift_pending1entry: ctr=0; to_gear=1;during: ctr=ctr+1;

shift_pending2entry: ctr=0; to_gear=2;during: ctr=ctr + 1;

shift_pending3entry: ctr=0; to_gear=3;during: ctr = ctr+1;

shifting1entry: to_gear=2;



fourth_gearentry: to_gear =4;

second_gearentry: to_gear=2;

shift_pending6entry: ctr=0; to_gear =4;during: ctr=ctr+1;

shift_pending5entry: ctr=0; to_gear=3;during: ctr=ctr+1;

shift_pending4entry: ctr=0; to_gear=2;during: ctr = ctr+1;




[gear ==3]

[gear == 3]

[V shift_speed_23]

[V > shift_speed_23]

[V shift_speed_34]

[V DELAY][ctr > DELAY]

[gear == 2]

[gear == 4]

[V shift_speed_34]

[V shift_speed_34][gear == 2][V shift_speed_12]

[V > shift_speed_12]

[ctr > DELAY]

[ctr > DELAY]

[ctr > DELAY]

8��

��

$$C

��

��

��

��

��

��

��!

��)

��#(

27

adamspText Box

adamspText Box

��

��

��

��

��

��

��

��

��

��

��

��

��

��

��

��

��

��

��

��

��

��

��

��

��

�� !"#$�

��

��

��

��

�� %�

��

&�� '( )

�� '��( )

�� '��( )

�� * � +* ��

�� '��( )

�� * ��

�� * ��

�� * ��

�� * ��

, �� )

�� * � + ��

�� '��( )

�� * ��

�� * ��

�� * ��

�� * ��

,,

, �� )

�� '��( )

�� * � + ��

�� '��( )

�� * ��

�� * ��

�� * ��

�� * ��

,, �� )

�� '��( )

�� * �� ** ��

�� '��( )

�� * ��

�� * ��

�� * ��

, �� )

�� * � + ��

�� '��( )

�� * ��

�� * ��

�� * ��

,,

, �� )

�� '��( )

�� * � + ��

�� '��( )

�� * ��

�� * ��

�� * ��

#3

28

adamspText Box

adamspText Box

, �� )

�� * �� ** ��

�� '��( )

�� * ��

forges: formal synthesis of generators for embedded … · 2011. 5. 13. · asme trans. v111, dec....

Documents