CLASSI C CLASSI C CLASSI C Modelling , Specification , and - PowerPoint PPT Presentation

Tim ed Autom ata Alur & Dill 1990 Synchronizing Reset action press? Informationsteknologi x:= 0 press? press? Off Light Bright x · 3 Guard press? Conjunctions x: real- x> 3 of x~ n valued clock Transitions: Transitions: ( Off , x= 0 ) States: ( Off , x= 0 ) States: � ( Off , x= 4.32 ) delay 4.32 ( location , x= v) where v ∈ R � ( Off , x= 4.32 ) delay 4.32 ( location , x= v) where v ∈ R � ( Light , x= 0 ) press? � ( Light , x= 0 ) press? � ( Light , x= 2.51 ) delay 2.51 � ( Light , x= 2.51 ) delay 2.51 � ( Bright , x= 2.51 ) press? � ( Bright , x= 2.51 ) press? UCb UC

Tim ed Autom ata Alur & Dill 1990 Synchronizing Reset action press? Informationsteknologi x:= 0 press? press? Off Light Bright x · 3 Guard press? Conjunctions x: real- x> 3 of x~ n valued clock Transitions: Transitions: ( Off , x= 0 ) States: ( Off , x= 0 ) States: � ( Off , x= 4.32 ) delay 4.32 ( location , x= v) where v ∈ R � ( Off , x= 4.32 ) delay 4.32 ( location , x= v) where v ∈ R � ( Light , x= 0 ) press? � ( Light , x= 0 ) press? � ( Light , x= 2.51 ) delay 2.51 � ( Light , x= 2.51 ) delay 2.51 � ( Bright , x= 2.51 ) press? � ( Bright , x= 2.51 ) press? UCb UC

Tim ed Autom ata Alur & Dill 1990 Synchronizing Reset action press? Informationsteknologi x:= 0 press? press? Off Light Bright x · 3 Guard press? Conjunctions x: real- x> 3 of x~ n valued clock Transitions: Transitions: ( Off , x= 0 ) States: ( Off , x= 0 ) States: � ( Off , x= 4.32 ) delay 4.32 ( location , x= v) where v ∈ R � ( Off , x= 4.32 ) delay 4.32 ( location , x= v) where v ∈ R � ( Light , x= 0 ) press? � ( Light , x= 0 ) press? � ( Light , x= 2.51 ) delay 2.51 � ( Light , x= 2.51 ) delay 2.51 � ( Bright , x= 2.51 ) press? � ( Bright , x= 2.51 ) press? UCb UC

I ntelligent Light Control Using I nvariants Informationsteknologi x:= 0 x= 100 x:= 0 press? press? Off Light Bright x · 3 x · 100 x · 100 x:= 0 x:= 0 x= 100 press? press? x:= 0 x> 3 x:= 0 press? X:= 0 press? press? Off Light Bright X< = 3 press? X> 3 UC UCb

Tim ed Autom ata review I nvariants Informationsteknologi n Clocks: x, y x< = 5 Transitions x< = 5 & y> 3 e(3.2) Location ( n , x = 2.4 , y = 3.1415 ) Invariants a e(1.1) ( n , x = 2.4 , y = 3.1415 ) ( n , x = 3.5 , y = 4.2415 ) x := 0 m y< = 10 g4 I nvariants I nvariants g1 g2 g3 ensure ensure progress!! progress!! UC UCb

I ntelligent Light Control Using I nvariants x:= 0 x= 100 Informationsteknologi x:= 0 press? press? Off Light Bright x · 3 x · 100 x · 100 x:= 0 x:= 0 x= 100 press? press? x:= 0 x> 3 x:= 0 X Transitions: Transitions: Note: Note: ( Off , x= 0 ) ( Light , x= 0 ) delay 103 � ( Off , x= 0 ) ( Light , x= 0 ) delay 103 � � ( Off , x= 4.32 ) delay 4.32 � ( Off , x= 4.32 ) delay 4.32 � ( Light , x= 0 ) press? � ( Light , x= 0 ) press? � ( Light , x= 4.51 ) delay 4.51 � ( Light , x= 4.51 ) delay 4.51 � ( Light , x= 0 ) press? � ( Light , x= 0 ) press? Invariants Invariants � ( Light , x= 100) delay 100 � ( Light , x= 100) delay 100 ensures τ ensures τ � ( Off , x= 0) � ( Off , x= 0) progress progress UC UCb

b W ith tw o clocks Exam ple c Reachable? UCb a UC Informationsteknologi

x (L0,x= 0,y= 0) y b W ith tw o clocks Exam ple c Reachable? UCb a UC Informationsteknologi

x (L0,x= 1.4,y= 1.4) (L0,x= 0,y= 0) � ε (1.4) ε (1.4) y b W ith tw o clocks Exam ple c Reachable? UCb a UC Informationsteknologi

x (L0,x= 1.4,y= 0) (L0,x= 1.4,y= 1.4) (L0,x= 0,y= 0) a � ε (1.4) � a ε (1.4) y b W ith tw o clocks Exam ple c Reachable? UCb a UC Informationsteknologi

(L0,x= 3.0,y= 0) (L0,x= 3.0,y= 1.6) x (L0,x= 1.4,y= 0) (L0,x= 1.4,y= 1.4) a ε (1.6) (L0,x= 0,y= 0) � ε (1.6) � a a � ε (1.4) � a ε (1.4) y b W ith tw o clocks Exam ple c Reachable? UCb a UC Informationsteknologi

Netw orks Light Controller & User x:= 0 x= 100 Informationsteknologi x:= 0 press? press? Off Light Bright x · 3 x · 100 x · 100 x:= 0 x:= 0 x= 100 press? press? x:= 0 x> 3 Synchronization x:= 0 press! y:= 0 y ≥ 10 Transitions: Transitions: ( Off, Rest, x= 0, y= 0 ) ( Off, Rest, x= 0, y= 0 ) � ( Off, Rest, x= 20, y= 20 ) delay 20 � ( Off, Rest, x= 20, y= 20 ) delay 20 Rest Busy � ( Light, Busy, x= 0, y= 0 ) press?! � ( Light, Busy, x= 0, y= 0 ) press?! y · 10 � ( Light, Busy, x= 2, y= 2) delay 2 � ( Light, Busy, x= 2, y= 2) delay 2 � ( Bright, Rest, x= 0, y= 0) press?! � ( Bright, Rest, x= 0, y= 0) press?! y:= 0 press! UC UCb

Netw orks of Tim ed Autom ata ( a’la CCS) Informationsteknologi m1 l1 Two-way synchronization Two-way synchronization x> = 2 y< = 4 on complementary actions. …………. on complementary actions. a! a? Closed Systems! Closed Systems! x := 0 l2 m2 Example transitions tau ( l1 , m1 ,………, x= 2, y= 3.5,…..) ( l2,m2 ,……..,x= 0, y= 3.5, …..) 0.2 ( l1,m1 ,………,x= 2.2, y= 3.7, …..) UCb UC If a URGENT CHANNEL

Tim ed Autom ata Form ally

UCb UC Informationsteknologi

UCb UC Informationsteknologi

UCb UC Informationsteknologi

UCb UC Informationsteknologi

Tim ed Autom ata: Exam ple guard Informationsteknologi location a action reset-set UC UCb

Tim ed Autom ata: Exam ple guard Informationsteknologi location a a a a action reset-set UC UCb

Tim ed Autom ata: Exam ple Informationsteknologi ≤ 3 a x Invariant UC UCb

Tim ed Autom ata: Exam ple Informationsteknologi ≤ a a a 3 a x Invariant UC UCb

Brick Sorting

LEGO Mindstorm s/ RCX � Sensors: temperature, Informationsteknologi 3 output ports light, rotation, pressure. � Actuators: motors, lamps, � Virtual machine: − 10 tasks, 4 timers, 16 integers. 1 infra-red port 3 input ports � Several Programming Languages: − NotQuiteC, Mindstorm, Robotics, legOS, etc. UC UCb

A Real Real Tim ed System Informationsteknologi Controller The Plant Program Conveyor Belt & LEGO MINDSTORM Bricks UC UCb

First UPPAAL m odel Sorting of Lego Boxes Ken Tindell Informationsteknologi Piston Boxes eject remove 99 Conveyer Belt Red 81 18 90 9 Blck Yel Controller MAI N PUSH Black Exercise: Design Controller so that black boxes are being pushed out UC UCb

NQC program s int active; int active; int DELAY; int DELAY; int LIGHT_LEVEL ; int LIGHT_LEVEL ; task MAIN{ task MAIN{ DELAY=75; DELAY=75; Informationsteknologi LIGHT_LEVEL=35; LIGHT_LEVEL=35; active=0; task PUSH{ active=0; task PUSH{ Sensor(IN_1, IN_LIGHT); while(true){ Sensor(IN_1, IN_LIGHT); while(true){ Fwd(OUT_A,1); wait(Timer(1)>DELAY && active==1); Fwd(OUT_A,1); wait(Timer(1)>DELAY && active==1); Display(1); active=0; Display(1); active=0; Rev(OUT_C,1); Rev(OUT_C,1); start PUSH; Sleep(8); start PUSH; Sleep(8); Fwd(OUT_C,1); Fwd(OUT_C,1); while(true){ Sleep(12); while(true){ Sleep(12); Off(OUT_C); Off(OUT_C); wait(IN_1<=LIGHT_LEVEL); } wait(IN_1<=LIGHT_LEVEL); } ClearTimer(1); } ClearTimer(1); } active=1; active=1; PlaySound(1); PlaySound(1); wait(IN_1>LIGHT_LEVEL); wait(IN_1>LIGHT_LEVEL); } } } } UC UCb

A Black Brick Informationsteknologi UC UCb

Control Tasks & Piston Informationsteknologi GLOBAL DECLARATI ONS: const int ctime = 75; int [ 0,1] active; clock x, time; chan eject, ok; urgent chan blck, red, remove, go; UC UCb

From RCX to UPPAAL – and back � Model includes Task MAI N Informationsteknologi Round-Robin Scheduler. � Compilation of RCX tasks into TA models. � Presented at ECRTS 2000 in Stockholm. � From UPPAAL to RCX: Martijn Hendriks. UC UCb

Simon Tune Riemanni Rasmus Crüger Lund Course at DTU, Copenhagen The Production Cell in LEGO Production Cell UCb UC Informationsteknologi

Light Control I nterface

Light Control I nterface Informationsteknologi touch! touch! press? I nterface Control press? starthold! starthold! Program L+ + / L--/ L:= 0 L+ + / L--/ L:= 0 endhold! endhold! release? release? Light User UC UCb

L+ + / L--/ L:= 0 L+ + / L--/ L:= 0 Program Control starthold! starthold! Light Control I nterface endhold! endhold! touch! touch! release? press? release? press? UCb User UC Informationsteknologi

Netw orks of Tim ed Autom ata ( a’la CCS) Informationsteknologi m1 l1 Two-way synchronization Two-way synchronization x> = 2 y< = 4 on complementary actions. …………. on complementary actions. a! a? Closed Systems! Closed Systems! x := 0 l2 m2 Example transitions tau ( l1 , m1 ,………, x= 2, y= 3.5,…..) ( l2,m2 ,……..,x= 0, y= 3.5, …..) 0.2 ( l1,m1 ,………,x= 2.2, y= 3.7, …..) UCb UC If a URGENT CHANNEL

Netw ork Sem antics ⎪ ⎪ ⎪ 1 ⎪ = × → ⊆ 1 2 where Informationsteknologi T T ( S S , , s s ) X A X X 2 1 2 0 0 μ μ ⎯ ⎯→ ⎯ ⎯→ s s ´ s s ´ 2 1 2 2 1 1 μ μ ⎪ ⎪ ⎯ ⎯→ ⎯ ⎯→ ⎪ ⎪ ⎪ ⎪ ⎪ ⎪ s s s s ´ s s s ´ s X X 1 2 1 2 1 2 1 2 X X ! ? ⎯ ⎯→ ⎯ ⎯→ a a s s ´ s s ´ 1 2 1 1 2 2 τ ⎯ ⎯→ ⎪ ⎪ ⎪ ⎪ s s s ´ s ´ 1 2 1 2 X X ⎯ ⎯ ⎯ → ⎯ ⎯ ⎯ → e ( d ) e ( d ) s s ´ s s ´ 1 2 1 1 2 2 ⎯ ⎯ ⎯ → ⎪ ⎪ e ( d ) ⎪ ⎪ s s s ´ s ´ 1 X 2 1 2 X UC UCb

Netw ork Sem antics n o i t a z i n o r h c n y ( URGENT synchronization) s t n e g r U + ⎪ ⎪ ⎪ 1 ⎪ = × → ⊆ 1 2 where Informationsteknologi T T ( S S , , s s ) X A X X 2 1 2 0 0 μ μ ⎯ ⎯→ ⎯ ⎯→ s s ´ s s ´ 2 1 2 2 1 1 μ μ ⎪ ⎪ ⎯ ⎯→ ⎯ ⎯→ ⎪ ⎪ ⎪ ⎪ ⎪ ⎪ s s s s ´ s s s ´ s X X 1 2 1 2 1 2 1 2 X X ! ? ⎯ ⎯→ ⎯ ⎯→ a a s s ´ s s ´ 1 2 1 1 2 2 τ ⎯ ⎯→ ⎪ ⎪ ⎪ ⎪ s s s ´ s ´ 1 2 1 2 X X ⎯ ⎯ ⎯ → ⎯ ⎯ ⎯ → e ( d ) e ( d ) s s ´ s s ´ 1 2 1 1 2 2 ⎯ ⎯ ⎯ → ⎪ ⎪ e ( d ) ⎪ ⎪ ∀ d’ < d, ∀ u ∈ UAct: s s s ´ s ´ 1 X 2 1 2 X e(d’) u! e(d’) u? ¬ ( s 1 → → ∧ s 2 → → ) UCb UC

Program Control starthold! starthold! endhold! endhold! touch! touch! Light Control Netw ork release? press? release? press? UCb UC Informationsteknologi

Validation Light Controller Informationsteknologi UC UCb

Druzba: The Show er Problem

Gerd The Druzba MUTEX Problem UCb Kim UC Informationsteknologi

The Druzba MUTEX Problem Informationsteknologi UC UCb

The Druzba MUTEX Problem Using the light as semaphor Informationsteknologi UC UCb

Overview of the UPPAAL Toolkit

UPPAAL’s architecture Informationsteknologi Linux, W indow s, Solaris, MacOS UC UCb

GUI Informationsteknologi Sim ulator Editor UC UCb Verifier

River Crossing [3,5] Train Crossing Gate [10,20] Stopable Area [7,15] UCb Queue UC Informationsteknologi

Train Crossing Communication via channels and shared variable. Informationsteknologi Stopable Area [10,20] appr, leave [3,5] stop Crossing [7,15] el el go River empty Queue nonempty UC UCb hd, add,rem Gate

in UPPAAL Tim ed Autom ata

Declarations Informationsteknologi Constants Constants Bounded integers Bounded integers Channels Channels Clocks Clocks Arrays Arrays Templates Templates Processes Processes Systems Systems UC UCb

Declarations in UPPAAL � The syntax used for declarations in UPPAAL is similar to the syntax used in the C programming language. Informationsteknologi � Clocks : − Syntax : − clock x1, …, xn ; − Example : Declares tw o clocks: x and y. − clock x, y; UC UCb

Declarations in UPPAAL ( cont.) � Data variables − Syntax: Informationsteknologi − int n1, … ; I nteger w ith “default” dom ain. − int[l,u] n1, … ; I nteger w ith dom ain “l” to “u”. − int n1[m], … ; I nteger array w . elem ents n1 [ 0 ] to n1 [ m -1 ] . − Example: − int a, b; − int[0,1] a, b[5][6]; UC UCb

Declarations in UPPAAL ( cont.) � Actions (or channels): − Syntax: Informationsteknologi − chan a, … ; Ordinary channels. − urgent chan b, … ; Urgent actions ( see later) − Example: − chan a, b; − urgent chan c; UC UCb

Declarations U PPAAL ( cont.) � Constants − Syntax: Informationsteknologi − const int c1 = n1; − Example: − const int[0,1] YES = 1; − const bool NO = false; UC UCb

Tim ed Autom ata in UPPAAL Informationsteknologi invariants Discrete Variables Guards Synchronizations Resets UC UCb

Tim ed Autom ata in UPPAAL inv :: x Expr|x Expr|inv,inv = < <= i: Expr = Informationsteknologi invariants Expr :: i|i[Expr]| = n| Expr| − Expr Expr| + Discrete Variables Expr Expr| − Guards Expr *Expr| g :: g |g |g,g Expr/Expr| = c d (g ?Expr :Expr) g :: x Expr|x y Expr = ⊗ ⊗ + d c g :: Expr op Expr = d Synchronizations { , , , , } ⊗∈ < <= == >= > Resets op { , , , , ,! } ∈ < <= == >= > = x := Expr UC UCb

Expressions Informationsteknologi used in used in guards, guards, invariants, invariants, assignments, assignments, synchronizations synchronizations properties, properties, UC UCb

Expressions Informationsteknologi UC UCb

Operators Informationsteknologi UC UCb

Guards, I nvariants, Assignm ents Guards : Assignm ents � It is side-effect free, type � It has a side effect and is Informationsteknologi correct, and evaluates to type correct boolean � Only clock variable, � Only clock variables, integer variables and integer variables, constants are referenced constants are referenced (or arrays of such) (or arrays of such) � Only integer are assigned � Clocks and differences are to clocks only compared to integer expressions I nvariants � Guards over clocks are � It forms conjunctions of essentially conjunctions conditions of the form x<e (I.e. disjunctions are only or x<=e where x is a clock allowed over integer reference and e evaluates conditions) to an integer UC UCb

Synchronization Binary Synchronization Broadcast Synchronization Informationsteknologi � Declared like: � Declared like chan a, b, c[3]; broadcast chan a, b, c[2]; � If a is channel then: � If a is a broadcast channel: a! = Emmision of broadcast a! = Emmision − − a? = Reception of broadcast − a? = Reception − � A set of edges in different � Two edges in different processes can synchronize if processes can synchronize one is emitting and the others if one is emitting and the are receiving on the same b.c. other is receiving on the channle. A process can always same channel. emit. Receivers MUST synchronize if they can. No blocking. UC UCb

More on Types � Multi dimensional arrays − e.g. int b[4][2]; Informationsteknologi � Array initialiser: − e.g. int b[4] := { 1, 2, 3, 4 }; � Arrays of channels, clocks, constants. − e.g. − chan a[3]; − clock c[3]; − const k[3] { 1, 2, 3 }; � Broadcast channels. − e.g. broadcast chan a; UC UCb

Tem plates � Templates may be parameterised: Informationsteknologi − int v; const min; const max − int[0,N] e; const id � Templates are instantiated to form processes: − P:= A(i,1,5); − Q:= A(j,0,4); − Train1:=Train(el, 1); − Train2:=Train(el, 2); UCb UC

Extensions Select statem ent Forall / Exists expressions Informationsteknologi � models a non-deterministic forall (x:int[0,42]) expr � choise true if expr is true for all values in [ 0,42] of x � x : int[0,42] � exists (x:int[0,4]) expr Types true if expr is true for some values in [ 0,42] of x Record types � Type declarations � Example: Meta variables: � forall not stored with state (x:int[0,4])array[x]; meta int x; UC UCb

Urgency & Com m itm ent Urgent Locations Urgent Channels Informationsteknologi � No delay – time is freezed! � No delay if the � May reduce number of synchronization edges can clocks! be taken ! Com m itted Locations � No clock guard allowed. � Guards on data-variables. � No delay. � Next transition MUST � Declarations: involve edge in one of the urgent chan a, b, processes in committed c[3]; location � May reduce considerably state space UC UCb

Queries : Specification Language

Logical Specifications � Validation Properties Possibly: E < > P − Informationsteknologi The expressions P and Q must be type safe, � Safety Properties side effect free, and − Invariant: A[ ] P evaluate to a boolean. − Pos. Inv.: E[ ] P � Liveness Properties Only references to − Eventually: A < > P integer variables, P � Q Leadsto: − constants, clocks, and locations are allowed � Bounded Liveness (and arrays of these). P � · t Q − Leads to within: UC UCb

Logical Specifications � Validation Properties Possibly: E < > P − Informationsteknologi � Safety Properties − Invariant: A[ ] P − Pos. Inv.: E[ ] P � Liveness Properties − Eventually: A< > P P � Q Leadsto: − � Bounded Liveness P � · t Q − Leads to within: UCb UC

Logical Specifications � Validation Properties Possibly: E< > P − Informationsteknologi � Safety Properties − Invariant: A[ ] P − Pos. Inv.: E[ ] P � Liveness Properties − Eventually: A< > P P � Q Leadsto: − � Bounded Liveness P � · t Q − Leads to within: UCb UC

Logical Specifications � Validation Properties Possibly: E< > P − Informationsteknologi � Safety Properties − Invariant: A[ ] P − Pos. Inv.: E[ ] P � Liveness Properties − Eventually: A < > P P � Q Leadsto: − � Bounded Liveness P � · t Q − Leads to within: UCb UC

Logical Specifications � Validation Properties Possibly: E< > P − Informationsteknologi � Safety Properties − Invariant: A[ ] P − Pos. Inv.: E[ ] P · t � Liveness Properties · t − Eventually: A< > P P � Q Leadsto: − � Bounded Liveness P � · t Q − Leads to within: UCb UC