Real Tim e Kim G Larsen Model Checking using UPPAAL - PDF document

Real Tim e Kim G Larsen Model Checking using UPPAAL

Collaborators @ AALborg @UPPsala − Kim G Larsen Wang Yi − Informationsteknologi − Gerd Behrman Paul Pettersson − Arne Skou − − John Håkansson − Brian Nielsen − Anders Hessel Alexandre David − − Pavel Krcal Jacob Illum Rasmussen − − Leonid Mokrushin − Marius Mikucionis Shi Xiaochun − @Elsew here Emmanuel Fleury, Didier Lime, Johan Bengtsson, Fredrik Larsson, − Kåre J Kristoffersen, Tobias Amnell, Thomas Hune, Oliver Möller, Elena Fersman, Carsten Weise, David Griffioen, Ansgar Fehnker, Frits Vandraager, Theo Ruys, Pedro D’Argenio, J-P Katoen, Jan Tretmans, Judi Romijn, Ed Brinksma, Martijn Hendriks, Klaus Havelund, Franck Cassez, Magnus Lindahl, Francois Laroussinie, Patricia Bouyer, Augusto Burgueno, H. Bowmann, D. Latella, M. Massink, G. Faconti, Kristina Lundqvist, Lars Asplund, Justin UC UCb Pearson...

Real Tim e System s sensors Informationsteknologi actuators Controller Program Plant Discrete Continuous Eg.: Realtime Protocols Pump Control Air Bags Robots Real Time System Real Time System Cruise Control A system where correctness not only A system where correctness not only ABS depends on the logical order of events depends on the logical order of events CD Players but also on their timing !! but also on their timing !! Production Lines UC UCb

Real Tim e Model Checking Plant Controller Program Informationsteknologi Continuous Discrete sensors Model actuators of tasks (automatic?) 1 2 Model a 1 2 of 3 4 environment b c 3 4 (user-supplied / 1 2 a non-determinism) 1 2 a 3 4 b c b c 3 4 UPPAAL Model UC UCb

Real Tim e Control Synthesis Plant Controller Program Informationsteknologi Continuous Discrete sensors Synthesis of actuators tasks/scheduler (automatic) 1 2 Model a 1 2 of 3 4 environment b c 3 4 (user-supplied) 1 2 a 1 2 a 3 4 b c b c 3 4 Partial UPPAAL Model UC UCb

Model-Checking Model: A Informationsteknologi Yes! UPPAAL No! Requirement Diagnostic A ² F Specification: F Information A – Model: Network of Timed Automata F – Requirement: T CTL formula, e.g.: − Invariant : something bad will never happen − Liveness : something good will eventually happen − Bounded Liveness : something good will happen before some upper time-bound T. UC UCb

Simulation UPPAAL Tool Verification Modeling UCb UC Informationsteknologi

Tim ed Autom ata Alur & Dill 1 9 8 9

Dum b Light Control Informationsteknologi press? press? press? Off Light Bright press? WANT: if press is issued twice quickly then the light will get brighter; otherwise the light is turned off. UC UCb

Solution: Add real-valued clock x press? Bright X< = 3 press? Dum b Light Control press? X> 3 Light X:= 0 press? Off UCb UC Informationsteknologi

Tim ed Autom ata review Alur & Dill 1990 Clocks: x, y Informationsteknologi Guard n Boolean combination of integer bounds on clocks Reset Action x< = 5 & y> 3 Action performed on clocks used for synchronization State a where v,u are in R ( location , x = v , y = u ) Transitions x := 0 a Discrete Trans ( n , x = 2.4 , y = 3.1415 ) m ( m , x = 0 , y = 3.1415 ) e(1.1) Delay Trans ( n , x = 2.4 , y = 3.1415 ) ( n , x = 3.5 , y = 4.2415 ) UC UCb

Tim ed Autom ata review I nvariants Informationsteknologi n Clocks: x, y x< = 5 Transitions x< = 5 & y> 3 e(3.2) Location ( n , x = 2.4 , y = 3.1415 ) Invariants a e(1.1) ( n , x = 2.4 , y = 3.1415 ) ( n , x = 3.5 , y = 4.2415 ) x := 0 m y< = 10 g4 I nvariants I nvariants g1 g2 g3 ensure ensure progress!! progress!! UC UCb

b Exam ple c Reachable? UCb a UC Informationsteknologi

x (L0,x= 0,y= 0) y b Exam ple c Reachable? UCb a UC Informationsteknologi

x (L0,x= 1.4,y= 1.4) (L0,x= 0,y= 0) � ε (1.4) ε (1.4) y b Exam ple c Reachable? UCb a UC Informationsteknologi

x (L0,x= 1.4,y= 0) (L0,x= 1.4,y= 1.4) (L0,x= 0,y= 0) a � ε (1.4) � a ε (1.4) y b Exam ple c Reachable? UCb a UC Informationsteknologi

(L0,x= 3.0,y= 0) (L0,x= 3.0,y= 1.6) x (L0,x= 1.4,y= 0) (L0,x= 1.4,y= 1.4) a ε (1.6) (L0,x= 0,y= 0) � ε (1.6) � a a � ε (1.4) � a ε (1.4) y b Exam ple c Reachable? UCb a UC Informationsteknologi

UCb UC Informationsteknologi

UCb UC Informationsteknologi

UCb UC Informationsteknologi

UCb UC Informationsteknologi

Tim ed Autom ata: Exam ple a a reset-set guard a a UCb action location UC Informationsteknologi

Tim ed Autom ata: Exam ple a a a a UCb Invariant 3 ≤ x UC Informationsteknologi

Light Control I nterface Informationsteknologi touch! touch! press? I nterface Control press? starthold! starthold! Program L+ + / L--/ L:= 0 L+ + / L--/ L:= 0 endhold! endhold! release? release? Light User UC UCb

L+ + / L--/ L:= 0 L+ + / L--/ L:= 0 Program Control starthold! starthold! Light Control I nterface endhold! endhold! touch! touch! release? press? release? press? UCb User UC Informationsteknologi

Netw orks of Tim ed Autom ata ( a’la CCS) Informationsteknologi m1 l1 Two-way synchronization Two-way synchronization x> = 2 y< = 4 on complementary actions. …………. on complementary actions. a! a? Closed Systems! Closed Systems! x := 0 l2 m2 Example transitions tau ( l1 , m1 ,………, x= 2, y= 3.5,…..) ( l2,m2 ,……..,x= 0, y= 3.5, …..) 0.2 ( l1,m1 ,………,x= 2.2, y= 3.7, …..) UCb UC If a URGENT CHANNEL

Netw ork Sem antics ⎪ ⎪ ⎪ 1 ⎪ = × → ⊆ 1 2 where Informationsteknologi T T ( S S , , s s ) X A X X 2 1 2 0 0 μ μ ⎯ ⎯→ ⎯ ⎯→ s s ´ s s ´ 2 1 2 2 1 1 μ μ ⎪ ⎪ ⎯ ⎯→ ⎯ ⎯→ ⎪ ⎪ ⎪ ⎪ ⎪ ⎪ s s s s ´ s s s ´ s X X 1 2 1 2 1 2 1 2 X X ! ? ⎯ ⎯→ ⎯ ⎯→ a a s s ´ s s ´ 1 2 1 1 2 2 τ ⎯ ⎯→ ⎪ ⎪ ⎪ ⎪ s s s ´ s ´ 1 2 1 2 X X ⎯ ⎯ ⎯ → ⎯ ⎯ ⎯ → e ( d ) e ( d ) s s ´ s s ´ 1 2 1 1 2 2 ⎯ ⎯ ⎯ → ⎪ ⎪ e ( d ) ⎪ ⎪ s s s ´ s ´ 1 X 2 1 2 X UC UCb

Netw ork Sem antics + Urgent synchronization ( URGENT synchronization) ⎪ ⎪ ⎪ 1 ⎪ = × → ⊆ 1 2 where Informationsteknologi T T ( S S , , s s ) X A X X 2 1 2 0 0 μ μ ⎯ ⎯→ ⎯ ⎯→ s s ´ s s ´ 2 1 2 2 1 1 μ μ ⎪ ⎪ ⎯ ⎯→ ⎯ ⎯→ ⎪ ⎪ ⎪ ⎪ ⎪ ⎪ s s s s ´ s s s ´ s X X 1 2 1 2 1 2 1 2 X X ! ? ⎯ ⎯→ ⎯ ⎯→ a a s s ´ s s ´ 1 2 1 1 2 2 τ ⎯ ⎯→ ⎪ ⎪ ⎪ ⎪ s s s ´ s ´ 1 2 1 2 X X ⎯ ⎯ ⎯ → ⎯ ⎯ ⎯ → e ( d ) e ( d ) s s ´ s s ´ 1 2 1 1 2 2 ⎯ ⎯ ⎯ → ⎪ ⎪ e ( d ) ⎪ ⎪ ∀ d’ < d, ∀ u ∈ UAct: s s s ´ s ´ 1 X 2 1 2 X e(d’) u! e(d’) u? ¬ ( s 1 → → ∧ s 2 → → ) UC UCb

Program Control starthold! starthold! endhold! endhold! touch! touch! Light Control Netw ork release? press? release? press? UCb UC Informationsteknologi

Overview of the UPPAAL Toolkit

Linux, W indow s, Solaris, MacOS UPPAAL’s architecture UCb UC Informationsteknologi

Verifier Sim ulator UCb GUI Editor UC Informationsteknologi

River Crossing [3,5] Train Crossing Gate [10,20] Stopable Area [7,15] UCb Queue UC Informationsteknologi

Train Crossing Communication via channels and shared variable. Informationsteknologi Stopable Area [10,20] appr, leave [3,5] stop Crossing [7,15] el el go River empty Queue nonempty UC UCb hd, add,rem Gate

in UPPAAL Tim ed Autom ata

Declarations Informationsteknologi Constants Constants Bounded integers Bounded integers Channels Channels Clocks Clocks Arrays Arrays Templates Templates Processes Processes Systems Systems UC UCb

Declarations in UPPAAL � The syntax used for declarations in UPPAAL is similar to the syntax used in the C programming language. Informationsteknologi � Clocks : − Syntax : − clock x1, …, xn ; − Example : Declares tw o clocks: x and y. − clock x, y; UC UCb

Declarations in UPPAAL ( cont.) � Data variables − Syntax: Informationsteknologi − int n1, … ; I nteger w ith “default” dom ain. − int[l,u] n1, … ; I nteger w ith dom ain “l” to “u”. − int n1[m], … ; I nteger array w . elem ents n1 [ 0 ] to n1 [ m -1 ] . − Example: − int a, b; − int[0,1] a, b[5][6]; UC UCb

Declarations in UPPAAL ( cont.) � Actions (or channels): − Syntax: Informationsteknologi − chan a, … ; Ordinary channels. − urgent chan b, … ; Urgent actions ( see later) − Example: − chan a, b; − urgent chan c; UC UCb

Declarations U PPAAL ( cont.) � Constants − Syntax: Informationsteknologi − const int c1 = n1; − Example: − const int[0,1] YES = 1; − const bool NO = false; UC UCb