U PPAAL - Present and Future Gerd Behrmann 1 , Alexandre David 2 , - - PowerPoint PPT Presentation

UPPAAL - Present and Future

Gerd Behrmann1, Alexandre David2, Kim G. Larsen1, M. Oliver M¨

• ller3,

Paul Pettersson2, Wang Yi2

1 Aalborg University, 2 Uppsala University, 3 BRICS ª

Arhus Outline: 1 Model-checking Timed Automata 2 Internal Optimizations 3 Applications: Protocols & Controllers 4 Extensions of the Modeling Language

CDC’01 6 DEC 2001

• M. OLIVER M ¨

OLLER:

UPPAAL – PRESENT AND FUTURE

1

Collaborators

@ UPPsala Wang Yi Johan Bengtsson Paul Pettersson Fredrik Larsson Alexandre David Tobias Amnell Elena Fersmann @ AALborg Kim G. Larsen Arne Skou Carsten Weise Kª are J. Kristoffersen Gerd Behrmann Thomas Hune

• M. Oliver M¨
• ller

@ many other places David Griffioen, Ansgar Fehnker, Frits Vandraager, Klaus Havelund, Theo Ruys, Pedro DArgenio, J-P Katoen, J. Tretmans, Judi Romijn, Ed Brinksma, Franck Cassez, Magnus Lindahl, Francois Laroussinie, Patricia Bouyer, Augusto Burgueno, H. Bowmann, D. Latella, M. Massink, G. Faconti, Kristina Lundqvist, Lars Asplund, Justin Pearson, ...

CDC’01 6 DEC 2001

• M. OLIVER M ¨

OLLER:

UPPAAL – PRESENT AND FUTURE

2

UPPAAL: Model checking Timed Automata

A B

x ≤ 5 x == 5 count : = count+1 D C

count == 3

clock x; int count network of timed automata discrete data types arrays hand-shake synchronization urgency template mechanism committed locations forward state-space exploration

CDC’01 6 DEC 2001

• M. OLIVER M ¨

OLLER:

UPPAAL – PRESENT AND FUTURE

3

Symbolic Transitions

n m x > 3 y := 0

CDC’01 6 DEC 2001

• M. OLIVER M ¨

OLLER:

UPPAAL – PRESENT AND FUTURE

4

Symbolic Transitions

n m x > 3 y := 0

1 <= x <= 4 y 1 <= y <= 2 x

CDC’01 6 DEC 2001

• M. OLIVER M ¨

OLLER:

UPPAAL – PRESENT AND FUTURE

5

Symbolic Transitions

n m x > 3 y := 0

1 <= x <= 4 y 1 <= y <= 2 x

delays to

1 <= x y 1 <= y x

• 2 <= x-y <= 3

y x

CDC’01 6 DEC 2001

• M. OLIVER M ¨

OLLER:

UPPAAL – PRESENT AND FUTURE

6

Symbolic Transitions

n m x > 3 y := 0

1 <= x <= 4 y 1 <= y <= 2 x

delays to

1 <= x y 1 <= y x

• 2 <= x-y <= 3

y x

intersects to

y x 3 < x 1 <= y

• 2 <= x-y <= 3

y x 3 < x 1 <= y

• 2 <= x-y <= 3

CDC’01 6 DEC 2001

• M. OLIVER M ¨

OLLER:

UPPAAL – PRESENT AND FUTURE

7

Symbolic Transitions

n m x > 3 y := 0

1 <= x <= 4 y 1 <= y <= 2 x

delays to

1 <= x y 1 <= y x

• 2 <= x-y <= 3

y x

intersects to

y x 3 < x 1 <= y

• 2 <= x-y <= 3

y x 3 < x 1 <= y

• 2 <= x-y <= 3

projects to

y x y = 0 3 < x

CDC’01 6 DEC 2001

• M. OLIVER M ¨

OLLER:

UPPAAL – PRESENT AND FUTURE

8

Sets of Clock-Evaluations

y − x ≤ 0

1 ≤ x < 3 ∧ y ≤ 2 ∧ y − x ≤ 0

regions: smallest distinguishable sets zones: convex unions of regions representing (unions of) zones: DBMs, CDDs, DDDs, ...

y

• 2

2 x z

• 3

3

difference-bounded matrices canonical static

CDC’01 6 DEC 2001

• M. OLIVER M ¨

OLLER:

UPPAAL – PRESENT AND FUTURE

9

Sets of Clock-Evaluations

y − x ≤ 0

1 ≤ x < 3 ∧ y ≤ 2 ∧ y − x ≤ 0

regions: smallest distinguishable sets zones: convex unions of regions representing (unions of) zones: DBMs, CDDs, DDDs, ...

y

• 2

2 x z

• 3

3 2

• 2
• 4
• 8

3 1 8 8

difference-bounded matrices canonical static

CDC’01 6 DEC 2001

• M. OLIVER M ¨

OLLER:

UPPAAL – PRESENT AND FUTURE

10

Sets of Clock-Evaluations

y − x ≤ 0

1 ≤ x < 3 ∧ y ≤ 2 ∧ y − x ≤ 0

regions: smallest distinguishable sets zones: convex unions of regions representing (unions of) zones: DBMs, CDDs, DDDs, ...

y

• 2

2 x z

• 3

3 2

• 2
• 4
• 8

3 1 8 8 y x y ( oo ; -1 ] [ 0 ; 2 ] [1 ; 2) [2 ; 3] [ 0 ; 2 ] y - x

difference-bounded matrices clock difference diagrams canonical non-canonical static flexible

CDC’01 6 DEC 2001

• M. OLIVER M ¨

OLLER:

UPPAAL – PRESENT AND FUTURE

11

Engineering Improvements Dec ’96 - Sept ’98

50 100 150 200 250 300 2.00 2.04 2.08 2.12 2.16 2.19 Time (s) Version Philips Protocol with Collision Handling Start-up of TDMA Protocol Fischer’s Protocol

CDC’01 6 DEC 2001

• M. OLIVER M ¨

OLLER:

UPPAAL – PRESENT AND FUTURE

12

Internal Optimizations

× committed locations (to reduce interleavings) × active clock reduction × variation of search order × local reduction (compact DBM representation) × global reduction (remove covered states from Passed) ≈ convex hull over-approximation [safe] ≈ bit-state hashing [sound] ... and of course: a lot of software engineering!

CDC’01 6 DEC 2001

• M. OLIVER M ¨

OLLER:

UPPAAL – PRESENT AND FUTURE

13

Benchmarks (without optimizations)

5 10 15 20 25 30 35 40 45 50 2000 2001 1999 Time (s) date dacapo_sim fischer5 audio_big bando

CDC’01 6 DEC 2001

• M. OLIVER M ¨

OLLER:

UPPAAL – PRESENT AND FUTURE

14

Benchmarks (with optimizations)

5 10 15 20 25 30 35 40 45 50 2000 2001 1999 Time (s) date dacapo_sim fischer5 audio_big bando ’’ ’’ ’’ ’’

CDC’01 6 DEC 2001

• M. OLIVER M ¨

OLLER:

UPPAAL – PRESENT AND FUTURE

15

Architecture of UPPAAL

.xml .ta command line Engine

Verifier Simulator Editor

GUI

file file

CDC’01 6 DEC 2001

• M. OLIVER M ¨

OLLER:

UPPAAL – PRESENT AND FUTURE

16

Communication Protocols

Termination

model model

Time Bounds Deadlock-Freedom

) (

Actor Protocol

Model of Actor II Model of Actor I ack? req?

check model- Actor UPPAAL Model

CDC’01 6 DEC 2001

• M. OLIVER M ¨

OLLER:

UPPAAL – PRESENT AND FUTURE

17

Case Studies: Protocols

Philips Audio Protocol [HS95, CAV95, RTSS95, CAV96] Collision-Avoidance Protocol [SPIN95] Bounded Retransmission Protocol [TACAS97] Bang & Olufsen Audio/Video Protocol [RTSS97] TDMA Protocol [PRFTS97] Lip-Synchronization Protocol [FMICS97] Multimedia Streams [DSVIS98] ATM ABR Protocol [CAV99] ABB Fieldbus Protocol [ECRTS2k] IEEE 1394 Firewire Root Contention [STTT’01]

CDC’01 6 DEC 2001

• M. OLIVER M ¨

OLLER:

UPPAAL – PRESENT AND FUTURE

18

Composing the Embedded System Model

Task Task

Plant

continous

Controller Program

discrete sensors actuators

UPPAAL Model

Model of Environment Model of Tasks (user-supplied) (automatic) Task

CDC’01 6 DEC 2001

• M. OLIVER M ¨

OLLER:

UPPAAL – PRESENT AND FUTURE

19

Case Studies: Controllers

Gearbox Controller [TACAS98] Bang & Olufsen Power Controller [RTPS99,FTRTFT2k] SIDMAR Steel Production Plant [RTCSA99, DSVV2k] Real-Time RCX Control-Programs [ECRTS2k] RCX Production Cell (2000) Experimental Batch Plant [ICDCS’01] Saab Car Locking System [RT-TOOLS’01]

CDC’01 6 DEC 2001

• M. OLIVER M ¨

OLLER:

UPPAAL – PRESENT AND FUTURE

20

Extensions of the Modeling Language

◮ Stopwatch extension ◮ Probabilistic timed automata ◮ Hierarchical timed automata ◮ Parameters on clock constraints ◮ Cost-Optimal timed automata ◮ Executable timed automata

CDC’01 6 DEC 2001

• M. OLIVER M ¨

OLLER:

UPPAAL – PRESENT AND FUTURE

21

Hierarchical UPPAAL

Use hierarchical timed automata:

APace? VPace? t := 0 t := 0

X S

t ≤ DELAY AFTER V t ≤ DELAY AFTER A t == delay after A t ≤ noncritical heartstop FLATLINE t := 0 t == delay after V t := 0 t := 0 t == noncritical heartstop entry A entry V VSense! listening == 1 t ≤ 0 t ≤ 0

listening == 0

Waiting Pacing Refractory Ventricular Waiting Pacing Refractory Ventricular A_Pacing Refractory Waiting A_Pacing Refractory Waiting Sensed ToIdle? ToInhibited? Inhibited RefractDone! t==RefTime ToOff? ToOn? inAVI ToTriggered? Triggered t:=0 V_Sense? inIdle

AVI

t==Pulse_Width VPace! t:=0 t==senseTime t:=0 APace!

Atrial

RefractDone? sense? x:=0 x<=0 V_Sense! APace? VPace?

Ventricular

ToAVI?

Off On Self Inhibited Idle Self Triggered

Human Heart Pacemaker

Idle Random Modeswitch ModeswitchDelay PROGRAMMER_TIME <= MODE_SWITCH_DELAY IDLE PrgrmmrMdswtchENTRYtrprgrmmrsm3? triggerVar1 := triggerVar1 + 1 PrgrmmrRdmENTRYtrprgrmmrsm3? PrgrmmrIdlENTRYtrprgrmmrsm3? commandedOn! ALLOW_SWITCH_OFF == 1 commandedOff! toInhibited! toTriggered! toInhibited! PROGRAMMER_TIME :=0, triggerVar1 := triggerVar1 - 1 toTriggered! PROGRAMMER_TIME :=0, triggerVar1 := triggerVar1 - 1 ALLOW_SWITCH_OFF == 1 commandedOff! PROGRAMMER_TIME :=0, triggerVar1 := triggerVar1 - 1 commandedOn! PROGRAMMER_TIME :=0, triggerVar1 := triggerVar1 - 1 toAVI! PROGRAMMER_TIME :=0, triggerVar1 := triggerVar1 - 1 ALLOW_SWITCH_OFF == 1 toIdle! PROGRAMMER_TIME :=0, triggerVar1 := triggerVar1 - 1 PROGRAMMER_TIME == MODE_SWITCH_DELAY triggerVar1 := triggerVar1 + 1 xtSglNR3? triggerVar1 := triggerVar1 - 1

Medic

CDC’01 6 DEC 2001

• M. OLIVER M ¨

OLLER:

UPPAAL – PRESENT AND FUTURE

22

Flattened Version of the Pacemaker

HTA model # XML tags 564 − → 1191 UPPAAL model # proper control locations 35 − → 45

• SAFETY:

A[] ¬heart stops

• LIVENESS:

A[] Vcontract => A<> Acontract

Parameters:

REFRACTORY_TIME = 50 SENSE_TIMEOUT = 15 DELAY_AFTER_V = 50 DELAY_AFTER_A = 5 MODE_SWITCH_DELAY = 66

E.g. for MODE_SWITCH_DELAY = 65, A[] ¬heart stops is violated

CDC’01 6 DEC 2001

• M. OLIVER M ¨

OLLER:

UPPAAL – PRESENT AND FUTURE

23

Cost-Optimality

cost: 20 cost: 10 x ≥ 20 cost: 5 Mixer Crane

Idea: Add cost to locations and actions Starting Point: ’cost’ not necessarily uniform Approach: attach different (integer) prices to locations treat algorithmically with priced zones Applied: compute schedule for a steel batch plant in Gent and a LEGO model of it [Feh99,HLP00] Fact: Cost-Optimal trace is computable

CDC’01 6 DEC 2001

• M. OLIVER M ¨

OLLER:

UPPAAL – PRESENT AND FUTURE

24

Controller Synthesis

Task Task

Plant

continous

Controller Program

discrete sensors actuators Model of Environment Model of Tasks (user-supplied) Task (automatic)

UPPAAL Model

Specification

CDC’01 6 DEC 2001

• M. OLIVER M ¨

OLLER:

UPPAAL – PRESENT AND FUTURE

25

SIDMAR Steel Production Plant (LEGO Version)

’’’’Delay 15 PB.Wait 2, 1500 ’’’’cAIup(); ’’’’Crane A - Pick UP PB.PlaySystemSound 1 PB.SendPBMessage 2, 97 ’ Pick up, on C1 PB.SetVar 1, 15, 0 ’Wait for ack PB.While 0, 1, 3, 2, 97 PB.Wait 2, 20 PB.SetVar 1, 15, 0 ’Read the message PB.ClearPBMessage PB.SumVar 2, 2, 1 PB.If 0, 2, 2, 2, 20 ’If looped 20 times PB.PlaySystemSound 1 PB.SendPBMessage 2, 97 ’Then Send ’message, again same as sendig 0 PB.SetVar 2, 2, 0 PB.EndIf PB.EndWhile ’’’’Delay 10 PB.Wait 2, 1000

c0emp c0full c1emp c1c0emp x<=cdelay c1c0full x<=cdelay c1full c2emp c2c1emp x<=cdelay c2c1full x<=cdelay c2full c1c0aemp x<=cdelay c2c1aemp x<=cdelay c1c0afull x<=cdelay c2c1afull x<=cdelay c1up x<=cup c1down x<=cup c2up x<=cup c2down x<=cup cpos[1]==0, creq1==1 cpos[1]:=1, cpos[2]:=0, x:=0 moveAup? x==cdelay, cpos[0]==0 cpos[0]:=1, cpos[1]:=0, creq1:=0 x==cdelay, cpos[0]==0 cpos[0]:=1, cpos[1]:=0 evom10? cpos[1]==0 cpos[1]:=1, cpos[2]:=0, x:=0 move10? cpos[3]==0, posI[4]+creq1>=1 cpos[3]:=1, cpos[4]:=0, x:=0 moveAup? x==cdelay, cpos[2]==0 cpos[2]:=1, cpos[3]:=0, creq1:=0 x==cdelay, cpos[2]==0 cpos[2]:=1, cpos[3]:=0 evom21? cpos[3]==0 cpos[3]:=1, cpos[4]:=0, x:=0 moveA21? cpos[1]==0, cpos[2]==0, posI[4]==1 cpos[1]:=1, cpos[0]:=0, x:=0 moveAdown? x==cdelay, cpos[2]==0 cpos[2]:=1, cpos[1]:=0 cpos[3]==0, cpos[4]==0, posII[4]==1 cpos[3]:=1, cpos[2]:=0, x:=0, creq2:=1 moveAdown? x==cdelay, cpos[4]==0 cpos[4]:=1, cpos[3]:=0, creq2:=0 cpos[1]==0 cpos[1]:=1, cpos[0]:=0, x:=0 move01? x==cdelay, cpos[2]==0 cpos[2]:=1, cpos[1]:=0 evom01? cpos[3]==0 cpos[3]:=1, cpos[2]:=0, x:=0, creq2:=1 moveA12? x==cdelay, cpos[4]==0 cpos[4]:=1, cpos[3]:=0, creq2:=0 evom12? posI[4]==0 x:=0, posI[4]:=1 cAIdown_start? x==cup cIdown_end! x:=0 cAIup? x==cup posI[4]:=0 creq1!=1 x:=0 cAIIup? x==cup posII[4]:=0 posII[4]==0 x:=0, posII[4]:=1 cAIIdown_start? x==cup cIIdown_end!

CDC’01 6 DEC 2001

• M. OLIVER M ¨

OLLER:

UPPAAL – PRESENT AND FUTURE

26

Cost-Optimal Extension: Summary

completely random schedules not analyzable ◮ guides/optimality restrict behavior the LEGO model helped debugging the UPPAAL model Compared to traditional (LP) methods: reasonably efficient more flexible aircraft landing case study: computed schedules either better or substantially worse

CDC’01 6 DEC 2001

• M. OLIVER M ¨

OLLER:

UPPAAL – PRESENT AND FUTURE

27

Completed Parts

✔ cost-optimal extension ✔ parametric extension ✔ stopwatch extension ✔ distributed UPPAAL

Work in Progress

→ probabilistic extension → hierarchical extension → executable UPPAAL

Work Planned

⋆ dynamic partitioning ⋆ hybrid animation

CDC’01 6 DEC 2001

• M. OLIVER M ¨

OLLER:

UPPAAL – PRESENT AND FUTURE

28

Go, Get It!

UPPAAL2k (3.2.1) available for Linux, SunOS, and MS Windows http : //www.uppaal.com/ Since July 1999: > 1·000 downloads (from different users) > 60 countries Open mailing list: http://groups.yahoo.com/group/uppaal

CDC’01 6 DEC 2001

• M. OLIVER M ¨

OLLER:

UPPAAL – PRESENT AND FUTURE

29

Bibliography

[AHV93] Rajeev Alur, Thomas A. Henzinger, and Moshe Y. Vardi. Parametric Real-time

• Reasoning. In Proceedings of the Twenty-Fifth Annual ACM Symposium on the Theory
• f Computing, pages 592–601, 1993.

[AJ01] Tobias Amnell and Pontus Jansson. In Proc. of Workshop on Real-Time Tools, August 2001. [BSdRT01] GiosuÁ e Bandini, R. F. Lutje Spelberg, R. C. M. de Rooij, and W. J. Toetenel. Application

• f Parametric Model Checking - The Root Contention Protocol. In Proc. of the 34th

Annual Hawaii International Conference on System Sciences (HICSS-34), 2001. [DY00] Alexandre David and Wang Yi. Modelling and analysis of a field bus protocol. In proceedings of the 12th Euromicro Conference On ReaL-Time Systems. IEEE Press, June 2000. [Feh99] Ansgar Fehnker. Scheduling a steel plant with timed automata. In Proceedings of the 6th International Conference on Real-Time Computing Systems and Applications (RTCSA99), pages 280–286. IEEE Computer Society, 1999. [HLP00] Thomas Hune, Kim G. Larsen, and Paul Pettersson. Guided Synthesis of Control Programs Using UPPAAL. In Ten H. Lai, editor, Proc. of the IEEE ICDCS International Workshop on Distributed Systems Verification and Validation, pages E15–E22. IEEE Computer Society Press, April 2000.

CDC’01 6 DEC 2001

• M. OLIVER M ¨

OLLER:

UPPAAL – PRESENT AND FUTURE

30

[HSLL97] Klaus Havelund, Arne Skou, Kim G. Larsen, and Kristian Lund. Formal Modeling and Analysis of an Audio/Video Protocol: An Industrial Case Study Using UPPAAL. In Proc.

• f the 18th IEEE Real-Time Systems Symposium. IEEE Computer Society Press,

December 1997. [Hun99] Thomas Hune. Modelling a real-time language. In Proc. 4th Workshop on Formal Methods for Industrial Critical Systems, FMICS, 1999. [Jen96] H.E. Jensen. Model checking probabilistic real time systems. In B. Bjerner,

• M. Larsson, and B. Nordstr¨
• m, editors, Proceedings of the 7th Nordic Workshop on

Programming Theory, G¨

• teborg Sweden, Report 86, pages 247–261. Chalmers

University of Technolog, 1996. [KGLP98] Wang Yi Kim G. Larsen, Carsten Weise and Justin Pearson. Clock difference

• diagrams. Technical Report 98/99, Department of Computer Systems, Uppsala

University, P .O. Box 325, SE-751 05 Uppsala, Sweden., August 1998. Available as http://www.docs.uu.se/docs/rtmv/papers/lwyp-sub98-1.ps.gz. [KLPW99]

• K. Kristoffersen, K. Larsen, P

. Pettersson, and C. Weise. VHS Case Study 1 - Experimental Batch Plant using UPPAAL. BRICS, University of Aalborg, Denmark, May 1999. [KNSS99]

• M. Kwiatkowska, G. Norman, R. Segala, and J. Sproston. Automatic veri£cation of

real-time systems with probability distributions. In J.-P . Katoen, editor, Proceedings of the 5th AMAST Workshop on Real-Time and Probabilistic System, Bamberg, Germany, volume 1601 of Lecture Notes in Computer Science, pages 75–95. Springer-Verlag, 1999. An extended version will appear in Theoretical Computer

CDC’01 6 DEC 2001

• M. OLIVER M ¨

OLLER:

UPPAAL – PRESENT AND FUTURE

31

Science. [LLPY97] Kim G. Larsen, Fredrik Larsson, Paul Pettersson, and Wang Yi. Efficient verification of real-time systems: Compact data structure and state-space reduction. In proceedings

• f the 18th IEEE Real-Time Systems Symposium. IEEE Press, December 1997.

[SS01]

• D. Simons and M. Stoelinga. Mechanical verification of the ieee1394a root contention

protocol using uppaal2k. 2001. To appear in International Journal on Software Tools for Technology Transfer.

CDC’01 6 DEC 2001

• M. OLIVER M ¨

OLLER:

UPPAAL – PRESENT AND FUTURE

32

Clock Difference Diagrams (CDDs)

Data structure to express disjunction of zones → similar to BDDs → rooted, directed, acyclic graph → every node labeled x or x − y → every edge labeled with an interval → order of labels fixed → one terminal node: true → missing edges lead to false

!

∆ not canonical

CDC’01 6 DEC 2001

• M. OLIVER M ¨

OLLER:

UPPAAL – PRESENT AND FUTURE

33

Clock Difference Diagrams (CDDs) (2)

• X

Y X Y Y [1,3]

[1,4]

[3,4] [2,4] true

[1,2]

]2,3[

X Y

[1,3]

[4,6] true

1 2 3 4 5 6 1 2 3 X 1 2 3 4 6 1 2 3 5

X

1 2 3 4 5 6 1 2 3

X Y Y Y (c) (b) (a) [0,2] true [-3,0] [0,0] [0,1] [2,3] [1,3] Y

X − Y X − Y

CDC’01 6 DEC 2001

• M. OLIVER M ¨

OLLER:

UPPAAL – PRESENT AND FUTURE

34

Stopwatch UPPAAL

timed automaton + stopwatches = SWA Fact: Any timed language accepted by a linear hybrid au- tomaton can also be accepted by a stopwatch automaton linear hybrid automaton —translate → SWA Problem: reachability analysis of SWA is undecidable Observation: often it suffices to over-approximate reachability Approach: run DBM-based SWA, with approximative future (only differences of two stop-watches considered) Notes: way to translate effects accuracy more sophisticated translations could preserve termination

CDC’01 6 DEC 2001

• M. OLIVER M ¨

OLLER:

UPPAAL – PRESENT AND FUTURE

35

Probabilistic UPPAAL

• 1

100 99 100

x := 0 x := 0 send! waiting receive? x ≥ 10 (x ≤ 20) transmiting (x ≤ 20) msg lost

Example Problem: Lossy channel with known probabilites Cannot prove: in time X, message will arrive But: P≥95%( ∀≤1000received ) existing Approaches: Jensen 96, Kwiatkowska et al. 99 Problem: based on region graph construction new Approach: use minimization techniques to obtain stable probabilistic zone graphs use matching data structure

CDC’01 6 DEC 2001

• M. OLIVER M ¨

OLLER:

UPPAAL – PRESENT AND FUTURE

36

Determining Parameters: Parametric-Uppaal

Parameters: in clock guards x ⊲ ⊳ p, x − y ⊲ ⊳ p

⊲ ⊳∈ {<, ≤, =, ≥, >}, p a linear expression

Fact: parameterized timed reachability undecidable for systems with ≥3 clocks [AHV93]

UPPAAL + LP solver (from PMC tool) = semi-algorithm data-structure: parametric DBMs modified algorithm: split, if the outcome of a comparison is dependent

• n parameter values

not guaranteed to terminate ⇒ output partial solutions

CDC’01 6 DEC 2001

• M. OLIVER M ¨

OLLER:

UPPAAL – PRESENT AND FUTURE

37

Executable Timed Automata

P (2,10) A (1,2) A (1,2) x > 10 x : = 0 a? b? x == 40 x == 20 x : = 0 x : = 0 x : = 0 Q (2,20)

Periodic Tasks P, Q Spontaneous Tasks A, B Parameters: worst-case execution time, deadline Delay transition ≡ execute task with earliest deadline Action transition ≡ releases a new task Automaton schedulable ⇔ every a!, b!-sequence schedulable Fact: added Preemption is as expressive as TAs with stop watches

CDC’01 6 DEC 2001

• M. OLIVER M ¨

OLLER:

UPPAAL – PRESENT AND FUTURE

38

UPPAAL in the European WOODDES project

Workshop for Object-Oriented Design and Development of Embedded Systems

Partners: PSA Mecel CEA SOFTEAM I-Logix Intracom Offis Uppsala Aalborg Objectives:

• UML Real-Time profile
• WOODDES methodology & tool platform

I n tools owned by project partners RHAPSODY OBJECTEERI NG TAU / OBJECTGEODE TAU / UML Suite REPOSI TORY AIT−WOODDES Model exchange via XMI Public API s I nternal exchange Format Analysis Design Sim ulation (V&V) Code Gen. Test Gen. TEST COMPOSER AGATHA RATIONAL ROSE ACCORD UPPAAL MODEL CHECKER

CDC’01 6 DEC 2001

• M. OLIVER M ¨

OLLER:

UPPAAL – PRESENT AND FUTURE

39

CDC’01 6 DEC 2001

• M. OLIVER M ¨

OLLER:

UPPAAL – PRESENT AND FUTURE

40

CDC’01 6 DEC 2001

• M. OLIVER M ¨

OLLER:

UPPAAL – PRESENT AND FUTURE

41

CDC’01 6 DEC 2001

• M. OLIVER M ¨

OLLER:

UPPAAL – PRESENT AND FUTURE

42