Verification of embedded system specifications using collaborative simulation

Verification of embedded system specifications using collaborative simulation of Sys. ML and Simulink models Ryo Kawahara*, Hiroaki Nakamura*, Dolev Dotan**, Andrei Kirshin**, Takashi Sakairi*, Shinichi Hirose*, Kohichi Ono*, Hiroshi Ishikawa* *Tokyo Research Laboratory, IBM Research **Haifa Research Laboratory, IBM Research © 2009 IBM Corporation

Haifa Research Lab – Model Driven Engineering Technologies Group Abstract § The authors propose an extension of Sys. ML which enables description of continuous-time behavior. § The authors also develop its execution tool integrated on Eclipse-based platform by exploiting co-simulation of Sys. ML and MATLAB / Simulink. § To demonstrate the effectiveness of the tool and the extension to Sys. ML in verifying specifications of an embedded system, we create a sample model and analyze its execution results by checking constraints under a test case. © 2009 IBM Corporation

Haifa Research Lab – Model Driven Engineering Technologies Group Introduction § In the development of an embedded system, it is important to verify that the specification of the system satisfies the requirements at an early stage – One approach to achieve this is to model and simulate the system during the analysis – Systems Modeling Language (Sys. ML) is an extension of UML for embedded systems to include heterogeneous elements such as software, electronics, or mechanics © 2009 IBM Corporation

Haifa Research Lab – Model Driven Engineering Technologies Group Subject § Embedded systems often include control systems – A control system is usually a hybrid system, the mixture of continuous-time and discrete behavior – Continuous-time behavior in UML / Sys. ML has not been defined – Simulation of control system is usually done in a specialized tools, such as the Math. Works MATLAB / Simulink – A UML / Sys. ML behavior is not associated with time § Integration of the continuous-time behavior into the systems model is desired © 2009 IBM Corporation

Haifa Research Lab – Model Driven Engineering Technologies Group Background: Sys. ML § Sys. ML is an extension of UML 2 for systems engineering §Requirements –Requirement diagram §Behaviors –Activity diagram –State machine diagram §Structures –Block definition diagram => class diagram §Parametrics –Parametric diagram => internal block diagram –Internal block diagram => composite structure diagram © 2009 IBM Corporation

Haifa Research Lab – Model Driven Engineering Technologies Group Background: Simulink § Simulink uses Block diagram – Block diagram describes the flow of signal between blocks, which process the signal – This example calculates: © 2009 IBM Corporation

Haifa Research Lab – Model Driven Engineering Technologies Group Approach § Use Sys. ML for a system architecture description § Use specific languages for each domain – Simulink for continuous-time behavior in a control system § Time duration assignment to Sys. ML action § Verify specification by collaborative simulation – Run multiple simulation in parallel with time synchronization – Independent time management module © 2009 IBM Corporation

Haifa Research Lab – Model Driven Engineering Technologies Group Extended Modeling for Simulation in Sys. ML Time assignment to action Continuous data exchange between blocks MARTE <<Ga. Step>> Sys. ML flow ports with stereotype, or sleep() connectors in internal method in action code block diagram Specifying Simulink model as a block behavior <<external. Model>> stereotype to specify model file © 2009 IBM Corporation

Haifa Research Lab – Model Driven Engineering Technologies Group Sys. ML Execution and Debugging § Debugging of behavioral UML models by emulation, supporting: - Class, Composite Structure Diagrams State Machines, Activities Java as Action Language § Extensible to support UML profiles (in this case Sys. ML) § § Debugging UI – Model Debugging Perspective (next slide) Diagram animation § § Debugging modes: Traditional Debugging - § Running Transition Start “main” Run to breakpoint Stepping Interactive debugging (model “exerciser”) - Execution Pending Manually create objects Invoke operations Send signals Current State Breakpoint © 2009 IBM Corporation

Haifa Research Lab – Model Driven Engineering Technologies Group Model Debugging Perspective Breakpoints Debug Variables Diagram Animation Console Sleeping Event Pools Watch Instances Signals Snippet I/O © 2009 IBM Corporation

Haifa Research Lab – Model Driven Engineering Technologies Group Sleeping View Shows the queue

Haifa Research Lab – Model Driven Engineering Technologies Group Time Management § Data is exchanged and the next Simulink step is executed at: – End of timed Sys. ML behavioral step (<<Ga. Step>> or sleep()) – Periodic data exchange event Discrete events Action 2 Action 1 Action 3 Sys. ML object … Sys. ML object Demands of time Add periodic data exchange events into the list consists of the discrete events Periodic data exchange events Time demands to scheduler MATLAB / Simulink Simulation start / stop MATLAB / Simulink command execution Time management module Time 0 100 200 300 400 Timed scheduler UML execution engine © 2009 IBM Corporation

Haifa Research Lab – Model Driven Engineering Technologies Group Co-simulation with Simulink § All the Simulink models are referred from a single temporary Simulink model – Only one Simulink process is used § Simulation data is sent or received through Input/Output S-Functions Temporary generated Simulink model Input S-Function Model reference 1 Model reference 2 Output S-Function Data from Sys. ML Model 1 Data to Sys. ML Model 2 Simulink models which are assigned to Sys. ML behaviors © 2009 IBM Corporation

Haifa Research Lab – Model Driven Engineering Technologies Group Overview of Sample model: Humidifier § Basic mechanism – The water is boiled by the heater Circulator fan – Vapor is emitted to the environment by circulator fan § Requirements Pan Heater Reservoir – The humidifier starts vapor emission within 5 minutes since the power on signal – The humidifier ends cool down within 10 minutes since the power off signal – The humidifier keeps the room humidity at a constant level specified by the user automatically © 2009 IBM Corporation

Haifa Research Lab – Model Driven Engineering Technologies Group Structure of Humidifier. System Internal block diagram of Humidifier. System Block definition diagram Flow ports for continuous I/O Simulink model assigned block State machine assigned block Standard ports for discrete signals Simulink model assigned block © 2009 IBM Corporation

Haifa Research Lab – Model Driven Engineering Technologies Group Behavior of Control block State machine diagram Signal from user interface Change event that monitors values from a Simulink blocks © 2009 IBM Corporation

Haifa Research Lab – Model Driven Engineering Technologies Group Simulink model for Vapor. Generation.

Haifa Research Lab – Model Driven Engineering Technologies Group Test context Block definition diagram Internal block diagram of Test. Context Definition of test environment Simulink model assigned block Flow ports for continuous I/O to consist a closed loop Test target © 2009 IBM Corporation

Haifa Research Lab – Model Driven Engineering Technologies Group Test case and results Time(s) Command 0 Test start 10 Power on 2000 Power off 3600 Test end Cooling down taking too long time Automatic humidity control © 2009 IBM Corporation

Haifa Research Lab – Model Driven Engineering Technologies Group Parametric and time constraint evaluation Parametric diagram Constraint block: Humidity should be kept near target value Sequence diagram with time constraint using MARTE profile Timed constraint: Cool down should be finished within 10 minutes © 2009 IBM Corporation

Haifa Research Lab – Model Driven Engineering Technologies Group Conclusion § We have developed a verification tool based on co-simulation of Simulink and Sys. ML § We have extended the modeling capability of Sys. ML to be able to reference Simulink models and specify timed behavior § These extensions enable one to test specifications of a system which includes continuous-time behavior in a closed control loop © 2009 IBM Corporation

Haifa Research Lab – Model Driven Engineering Technologies Group Overview of the verification tool TPTP-based test driver Time-aware UML execution engine Timed test cases Timed discrete behavior Simulink Continuous behavior Virtual time scheduler Binary tree for fast eval. <x, y, z> {a, b, c} Time constraints |{d, e, (f|g}} {h, i} (OMG MARTE profile) Eval > 80 eval Parametric constraints (OMG Sys. ML) Integer eval Block 2 Integer b = 1 p eval = f(bb, cc) bb Block 3 cc Integer c = 2 Parametric constraint evaluator {j, k} q l p q m {n, o} Time constraint evaluator © 2009 IBM Corporation

Haifa Research Lab – Model Driven Engineering Technologies Group Simulink model for Room block

Haifa Research Lab – Model Driven Engineering Technologies Group State machine diagram of Heater.

Haifa Research Lab – Model Driven Engineering Technologies Group Related works Studies on coupling of UML/Sys. ML and continuous-time simulation (e. g. , Simulink) Coupling method Reichmann et al. (2004), Telelogic Rhapsody® C. Nytsch-Geusen (2007), A. Pop et al. , (2007), T. A. Johnson et al. , (2008) Hooman et al. Our approach (2004) Conversion to source code Conversion to Modelica Co-simulation of Simulink and Rose® RT By Modelica By Simulink Simulation By independent time module management (Rhapsody) By independent module © 2009 IBM Corporation

Haifa Research Lab – Model Driven Engineering Technologies Group Related works § Source code level linkage of UML and Simulink – Reichmann et al. , 2004. Telelogic Rhapsody® § Co-simulation of Simulink and UML model on IBM Rational Rose® Real. Time – J. Hooman, N. Mulyar and L. Posta, 2004 § Conversion of UML/Sys. ML to Modelica language – C. Nytsch-Geusen, 2007. A. Pop et al. , 2007. T. A. Johnson et al. , 2008 – Modelica is a new language to model continuous-time system © 2009 IBM Corporation