当前位置:文档之家 › Model checker aided design of a controller for a wafer scanner

Model checker aided design of a controller for a wafer scanner

  • 格式:pdf
  • 大小:236.24 KB
  • 文档页数:16

下载文档原格式

  / 16

合集下载

  1. 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
  2. 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
  3. 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。

ModelCheckerAidedDesignofaControllerfor

aWaferScanner󰀁

MartijnHendriks1,BarendvandenNieuwelaar2󰀇󰀇,andFritsVaandrager1

1NijmegenInstituteforComputingandInformationSciences,RadboudUniversityNijmegen,TheNetherlands{martijnh,fvaan}@cs.ru.nl,2DepartmentofMechanicalEngineeringEindhovenUniversityofTechnology,TheNetherlandsN.J.M.v.d.Nieuwelaar@tue.nl

Abstract.Foracase-studyofawaferscannerfromthesemiconduc-torindustryitisshownhowmodelcheckingtechniquescanbeusedtocompute(i)asimpleyetoptimaldeadlockavoidancepolicy,and(ii)aninfiniteschedulethatoptimizesthroughput.Deadlockavoidanceisstud-iedbasedonasimplefinitestatemodelusingSmv,andforthroughputanalysisamoredetailedtimedautomatonmodelhasbeenconstructedandanalyzedusingtheUppaaltool.TheSmvandUppaalmodelsareformallyrelatedthroughthenotionofastutteringbisimulation.Theresultswereobtainedwithintwoweeks,whichconfirmsoncemorethatmodelcheckingtechniquesmayhelptoimprovethedesignprocessofrealistic,industrialsystems.Methodologically,thecasestudyisinterest-ingsincetwomodels(andinfactalsotwomodelcheckers)wereusedtoobtainresultsthatcouldnothavebeenobtainedusingonlyasinglemodel(tool).

1Introduction

Schedulingandresourceallocationproblemsoccurinmanydifferentdomains,

forinstance(1)schedulingofproductionlinesinfactoriestooptimizecostsand

delays,(2)schedulingofcomputerprogramsin(real-time)operatingsystemsto

meetdeadlineconstraints,(3)schedulingofmicroinstructionsinsideaproces-

sorwithaboundednumberofregistersandprocessingunits,(4)schedulingof

trains(orairplanes)overlimitedquantitiesofrailwaytracksandcrossroads,and

(5)missionplanningforautonomousrobotsonspacecrafts.Typically,ineachof

thesedomainproblemsaresolvedusingdifferentapproachesandmathematical

tools.TheEUISTprojectAmetist(seehttp://ametist.cs.utwente.nl/)en-

visagesaunifyingframeworkfortime-dependentbehavioranddynamicresource

allocationthatcrossestheboundariesofapplicationdomains.

󰀁SupportedbytheEuropeanCommunityProjectIST-2001-35304(Ametist).󰀁󰀁Part-timesoftwarearchitectatASML,Veldhoven,TheNetherlands.IntheAmetistapproach,componentsofasystemaremodeledasdynamical

systemswithastatespaceandawell-defineddynamics.Allthatcanhappen

inasystemisexpressedintermsofbehaviorsthatcanbegeneratedbythe

dynamicalsystems;theseconstitutethesemanticsoftheproblem.Verification,

optimization,synthesisandotherdesignactivitiesexploreandmodifysystem

structuresothattheresultingbehaviorsarecorrect,optimal,etc.Preferably,

thelimitationsofcurrentlyknowncomputationalsolutionsshouldnotinfluence

modelingtoomuch:onlyafterthesemanticsofaproblemisproperlyunder-

stood,abstractionsandspecializationduetocomputationalconsiderationscan

intervene.Insuchsituations,thesoundnessofabstractionsshouldideallyalso

beproved,eitherviadeductiveverificationormodelchecking.

ThemissionofAmetististoextendthisapproach,whichunderliesthesuc-

cessfuldomainofformalverification,toresourceallocation,schedulingandother

time-relatedproblems.ThemathematicalcarrierfortheAmetistmethodology

isthetimedautomatonmodel[2,3],amodelingframeworkfordiscreteevent

dynamicalsystemsthatcanhandlequantitativetimingdelaysbetweenevents.

Sometoolsformodelcheckingtimedautomataalreadyexist,e.g.,Kronos[22]

andUppaal[13].Modelcheckingisamethodforformallyverifyingdynamical

systems.Specificationsaboutthesystemareexpressedastemporallogicfor-

mulas,andefficientsymbolicalgorithmsareusedtotraversethemodelandto

check(fullyautomatically)ifthespecificationholdsornot.Weaimatfurther

improvingmodelcheckingtoolsfortimedautomata,investigatingtheapplica-

bilityofthesetools,andestablishinglinkstotoolsdevelopedinspecificdomains

wheneverappropriate.

Inthispaper,asanillustrationoftheAmetistmethodology,weusemodel

checkingtechniquestosolvethedeadlockavoidanceandthroughputoptimiza-

tionproblemsforarealisticcaseofawaferscannerfromthesemiconductor

industry.

Amajorconcerninthedesignofcontrollersformanyresourceallocation

systems(RASs)isdeadlock,apermanentlyblockingcondition.Therearethree

generalwaysofhandlingdeadlock:(i)deadlockprevention,(ii)deadlockdetec-

tionandresolution,and(iii)deadlockavoidance.Deadlockpreventionrestricts

thesysteminsuchawaythatdeadlockisaprioriimpossible.Asaconsequence,

performancemaybeunnecessarilylow.Deadlockdetectionandresolution,on

theotherhand,isnotrestrictiveatallanddetectsandresolvesadeadlockat

run-time.This,however,maybeveryexpensive.Deadlockavoidanceachieves

amiddleground;itdynamicallychoosesthecontrolactionstoavoidtheoc-

currenceofdeadlock.Inthispaper,weshowhowaleastrestrictivedeadlock

avoidancepolicy(DAP)forthewaferscannercanbeeasilycomputedusing

Smv,amodelcheckerforfiniteautomata.ThisDAPcanberepresentedbya

veryshortpredicateoverthestatesofthewaferscanner,whichcanbeusedby

thecontrollerforthewaferscanner.

Inaddition,weusethetimedautomatontoolUppaaltodefinearefined

modelthataddstimingconstraintstoaddresstheissueofthroughputoptimiza-

tion.WerelatetheUppaalmodeltotheSmvmodelviatheconceptofstuttering