Real Real Real Time Real-Time Time Time Model Checking Model - - PowerPoint PPT Presentation
Real Real Real Time Real-Time Time Time Model Checking Model Model Checking Model Checking Checking Patricia Bouyer-Decitre Patricia Bouyer-Decitre Kim Kim G Larsen Kim Kim G. . Larsen Larsen Larsen Nicolas Markey Nicolas
Patricia Bouyer-Decitre Patricia Bouyer-Decitre Kim Kim G Larsen Larsen Kim Kim G. . Larsen Larsen Nicolas Markey Nicolas Markey
Patricia Bouyer-Decitre Patricia Bouyer-Decitre Kim Kim G Larsen Larsen Kim Kim G. . Larsen Larsen Nicolas Markey Nicolas Markey
System Description
No!
Debugging Information
Time Cost Probability
Yes
Debugging Information Requirement
Yes
Prototypes Executable Code Test sequences
A( req ⇒ A♦ grant) A( req ⇒ A♦t<30s grant) A ( A♦ t) A( req ⇒ A♦t<30s,c<5$ grant) A( req ⇒ A♦t<30s , p>0.90 grant)
Kim Lars Kim Larsen [3] en [3]
QM QMC, PhD PhD School School, Ma , March 3, 3, 201 2010
System Description
No!
Debugging Information
Time Cost Probability
?
Yes
Debugging Information Requirement
Yes
Control Strategy
A( req ⇒ A♦ grant) A( req ⇒ A♦t<30s grant) A ( A♦ t) A( req ⇒ A♦t<30s,c<5$ grant) A( req ⇒ A♦t<30s , p>0.90 grant)
QM QMC, PhD PhD School School, Ma , March 3, 3, 201 2010
Kim Lars Kim Larsen [4] en [4]
Introduction to Timed Automata Timed Automata
Decidability and undecidability results
CLASSI C CLASSI C CLASSI C CLASSI C
undecidability results
Temporal Logics
UPPAAL (hands on)
CLASSI C CLASSI C CLASSI C CLASSI C CORA CORA CORA CORA
UPPAAL .. (hands-on)
Games P i P i d Ti d A t t TRON TRON TI GA TI GA TI GA TI GA
ced Timed Automata
Open Problems Problems TRON TRON PRO PRO
QM QMC, PhD PhD Sch School, March March 3, 3, 2010 2010
Kim Lars Kim Larsen [5] en [5]
@UPPsala @UPPsala
@AALborg
AALborg
Paul Pettersson
Jacob I. Rasmussen
@Elsewhere
Emmanuel Fleury, Didier Lime, Johan Bengtsson, Fredrik Larsson, Kåre J Kristoffersen, Tobias Amnell, Thomas Hune, Oliver Möller, Elena Fersman, C W i D id G iffi A F h k J T F i Carsten Weise, David Griffioen, Ansgar Fehnker, Jan Tretmans, Frits Vandraager, Theo Ruys, Pedro D’Argenio, J-P Katoen,, Judi Romijn, Ed Brinksma, Martijn Hendriks, Klaus Havelund, Franck Cassez, Magnus Lindahl, Francois Laroussinie, Patricia Bouyer, Augusto Burgueno, H. B D L t ll M M i k G F ti K i ti L d i t L
QMC, PhD School, March 3, QMC, PhD School, March 3, 2010 2010 Kim Lars Kim Larsen [7] en [7]
Bowmann, D. Latella, M. Massink, G. Faconti, Kristina Lundqvist, Lars Asplund, Justin Pearson.....
sensors actuators
Plant
Continuous
Controller Program
Discrete
Eg.:
Realtime Protocols Pump Control Air Bags
Real Time System A system where correctness not only
Robots Cruise Control ABS CD Players
A system where correctness not only depends on the logical order of events but also on their timing!!
QMC, PhD School, March 3, QMC, PhD School, March 3, 2010 2010 Kim Lars Kim Larsen [8] en [8]
CD Players Production Lines
QMC, PhD School, March 3, QMC, PhD School, March 3, 2010 2010 Kim Lars Kim Larsen [9] en [9]
[ Alur & Dill’89]
Synchronizing action Reset Clock Guard Conjunctions of n
ADD a ADD a clock clock x
x~n x: real-valued clock
QMC, PhD School, March 3, QMC, PhD School, March 3, 2010 2010 Kim Larsen [10] Kim Larsen [10]
States: ( location , x= v) where v∈R Transitions: ( Off , x= 0 ) delay 4 32 ( Off x= 4 32 ) delay 4.32 ( Off , x= 4.32 ) press? ( Light , x= 0 ) delay 2.51 ( Light , x= 2.51 ) press? ( Bright , x= 2.51 )
QMC, PhD School, March 3, QMC, PhD School, March 3, 2010 2010 Kim Larsen [11] Kim Larsen [11]
Invariant (Henzinger)
QMC, PhD School, March 3, QMC, PhD School, March 3, 2010 2010 Kim Larsen [12] Kim Larsen [12]
Transitions: ( Off , x= 0 ) delay 4.32 ( Off , x= 4.32 ) ? ( Li ht 0 ) Note: ( Light , x= 0 ) delay 103
X
press? ( Light , x= 0 ) delay 4.51 ( Light , x= 4.51 ) press? ( Light , x= 0 ) delay 100 ( Light , x= 100)
Invariants ensures
QMC, PhD School, March 3, QMC, PhD School, March 3, 2010 2010 Kim Larsen [13] Kim Larsen [13]
( Off , x= 0)
progress
QMC, PhD School, March 3, QMC, PhD School, March 3, 2010 2010 Kim Larsen [14] Kim Larsen [14]
QMC, PhD School, March 3, QMC, PhD School, March 3, 2010 2010 Kim Larsen [15] Kim Larsen [15]
QMC, PhD School, March 3, QMC, PhD School, March 3, 2010 2010 Kim Larsen [16] Kim Larsen [16]
QMC, PhD School, March 3, QMC, PhD School, March 3, 2010 2010 Kim Larsen [17] Kim Larsen [17]
a b c
QMC, PhD School, March 3, QMC, PhD School, March 3, 2010 2010 Kim Larsen [18] Kim Larsen [18]
y
a b
x
c
QMC, PhD School, March 3, QMC, PhD School, March 3, 2010 2010 Kim Larsen [19] Kim Larsen [19]
y
a b
x
c
QMC, PhD School, March 3, QMC, PhD School, March 3, 2010 2010 Kim Larsen [20] Kim Larsen [20]
y
a
a b
x
a
c
QMC, PhD School, March 3, QMC, PhD School, March 3, 2010 2010 Kim Larsen [21] Kim Larsen [21]
y
a a
a b
x
a a
c
QMC, PhD School, March 3, QMC, PhD School, March 3, 2010 2010 Kim Larsen [22] Kim Larsen [22]
gi
press? d release? touch! 0.5≤d≤ 1 press? 1 starthold! press? d release? endhold! d >1
knolog
Interface touch! touch!
Control Program touch! touch! starthold! starthold! press? press?
rmatio
Light endhold! endhold! release? release?
Infor
User Light
press? 0.2 release? … press? 0.7 release? … press? 1.0 2.4 release? …
Ø touch! starthold! endhold!
24 QMC, PhD School, March 3, 2010
gi knolog
t h! t h!
Control Program touch! touch! starthold! starthold! press? press?
rmatio
endhold! endhold! release? release?
Infor
User
25 QMC, PhD School, March 3, 2010
Light Control Netw ork
gi knolog
t h! t h!
Control Program touch! touch! starthold! starthold! press? press?
rmatio
endhold! endhold! release? release?
Infor
26 QMC, PhD School, March 3, 2010
Resource Task Synchronization Shared variable Sem antics: ( Idle Init B 0) ( Idle , Init , B= 0, x= 0) d(3.1415) ( Idle , Init , B= 0 , x= 3.1415 ) use ( InUse , Using , B= 6, x= 0 ) d(6) ( InUse , Using , B= 6, x= 6 )
QMC, PhD School, March 3, QMC, PhD School, March 3, 2010 2010 Kim Larsen [28] Kim Larsen [28]
done ( Idle , Done , B= 6 , x= 6 )
2 1
Compute : (D * ( C * ( A + B )) + (( A + B ) + ( C * D )) using 2 processors
A B C D
3 4
using 2 processors
P1 (fast) P2 (slow)
C
3ps
*
2ps
+
7ps
*
5ps
+
6 5
C
P1
5 10 15 20 25 6 5
2 3 6 5
D
P1 P2
1 2 3 6 5 4
QMC, PhD School, March 3, QMC, PhD School, March 3, 2010 2010 Kim Larsen [29] Kim Larsen [29]
time
2 1
Compute : (D * ( C * ( A + B )) + (( A + B ) + ( C * D )) using 2 processors
A B C D
3 4
using 2 processors
P1 (fast) P2 (slow)
C
3ps
*
2ps
+
7ps
*
5ps
+
6 5
C
P1
5 10 15 20 25 6 5
D
1 3 6 5 4
P1 P2
1 2 3 6 5 4
QMC, PhD School, March 3, QMC, PhD School, March 3, 2010 2010 Kim Larsen [30] Kim Larsen [30]
time
P2 P1
2 ,3 1 6 ,1 0
P6 P3 P4
2 ,3 6 ,6 1 0 ,1 6
P7 P5
2 ,2 8 ,2
M = { M1,M2}
QMC, PhD School, March 3, QMC, PhD School, March 3, 2010 2010 Kim Guld Kim Guldstrand Larsen [31] Larsen [31]
P2 P1
2 ,3 1 6 ,1 0
P6 P3 P4
2 ,3 6 ,6 1 0 ,1 6
P7 P5
2 ,2 8 ,2
M = { M1,M2}
E<> (Task1 End and and Task7 End)
QMC, PhD School, March 3, QMC, PhD School, March 3, 2010 2010 Kim Guld Kim Guldstrand Larsen [32] Larsen [32]
E<> (Task1.End and … and Task7.End)
Experimental Results Experimental Results
Symbolic A* Branch-&-Bound 60 sec 60 sec
QMC, PhD School, March 3, QMC, PhD School, March 3, 2010 2010 Kim Larsen [33] Kim Larsen [33]
Abdeddaïm, Kerbaa, Maler
gi
Sensors: temperature
3 output
knolog
Sensors: temperature,
light, rotation, pressure.
Actuators: motors, lamps,
3 output ports
Actuators: motors, lamps,
Virtual machine:
10 tasks, 4 timers,
rmatio
0 tas s, t e s, 16 integers.
Several Programming
3 input ports 1 infra-red port
Infor Languages:
NotQuiteC, Mindstorm, Robotics, legOS, etc.
35 QMC, PhD School, March 3, 2010
gi knolog
Controller Program The Plant
Conveyor Belt
Program
LEGO MINDSTORM Conveyor Belt & Bricks
rmatio Infor
36 QMC, PhD School, March 3, 2010
Sorting of Lego Boxes
K Ti d ll
gi
Ken Tindell
knolog
Boxes
Piston
eject
Conveyer Belt
Red
81 99
remove
rmatio
Red
9 18 81 90
Blck Yel
Controller
Infor
Black
Co t o e MAI N PUSH Exercise: Design Controller so that black boxes are being pushed out
37 QMC, PhD School, March 3, 2010
int active; int DELAY;
gi
; int LIGHT_LEVEL; task MAIN{ DELAY=75; LIGHT LEVEL 35
knolog
task PUSH{ while(true){ wait(Timer(1)>DELAY && active==1); LIGHT_LEVEL=35; active=0; Sensor(IN_1, IN_LIGHT); Fwd(OUT_A,1); Displa (1)
active=0; Rev(OUT_C,1); Sleep(8); Fwd(OUT_C,1); Display(1); start PUSH; while(true){
rmatio
Sleep(12); Off(OUT_C); } } while(true){ wait(IN_1<=LIGHT_LEVEL); ClearTimer(1); active=1;
Infor
active=1; PlaySound(1); wait(IN_1>LIGHT_LEVEL); } }
38 QMC, PhD School, March 3, 2010
gi knolog
rmatio Infor
39 QMC, PhD School, March 3, 2010
gi knolog
rmatio
GLOBAL DECLARATI ONS: const int ctime = 75; int[ 0 1] active;
Infor
int[ 0,1] active; clock x, time; chan eject ok; chan eject, ok; urgent chan blck, red, remove, go;
40 QMC, PhD School, March 3, 2010
R l Ti RCX C l P [ECRTS’2k]
and Uppaal, 2006
Designing, Mo signing, Modelling delling and Ve nd Verif rifying a ying a Co Container T ntainer Terminal rminal System Using UPPAAL, 2008 System Using UPPAAL, 2008
industrial case study, 2008
g ,
Kim Larsen [41] Kim Larsen [41] QMC, PhD School, March 3, QMC, PhD School, March 3, 2010 2010
Leader Election for Mobile Ad Hoc Networks [Charme05]
local addresses using Uppaal, 2006 F li i SHIM6 P d I S d d i UPPAAL
2007
i U l 2007 using Uppaal, 2007
Analysi ysis of
the Zeroco Zeroconf protoco protocol usi using UPPAAL, 2009 g UPPAAL, 2009
Sensor Networks, 2009
Kim Larsen [42] Kim Larsen [42] QMC, PhD School, March 3, QMC, PhD School, March 3, 2010 2010
using Uppaal 2004 using Uppaal, 2004
Real-Time Systems, 2000
2007 Ti d t t t l t f U l t PVS
Component-Based Design and Analysis of Embedded Embedded Systems ystems with with UPPAAL UPPAAL PORT, PORT, 2008 2008 Embedded Embedded Systems Systems with with UPPAAL UPPAAL PORT, PORT, 2008 2008
with Model Transformation, 2008
QMC, PhD School, March 3, QMC, PhD School, March 3, 2010 2010 Kim Larsen [43] Kim Larsen [43]