classicclassic modelling specification - … · modelling, specification, and verification kim...
TRANSCRIPT
![Page 1: CLASSICCLASSIC Modelling Specification - … · Modelling, Specification, and Verification Kim Guldstrand Larsen using UPPAAL CLASSICCLASSIC. Modelling ... Robots Cruise Control ABS](https://reader031.vdocuments.mx/reader031/viewer/2022022701/5bbf6eb109d3f280238dcd5e/html5/thumbnails/1.jpg)
Modelling,Specification,
and Verification
Kim Guldstrand Larsen
using UPPAAL
CLASSICCLASSICCLASSIC
![Page 2: CLASSICCLASSIC Modelling Specification - … · Modelling, Specification, and Verification Kim Guldstrand Larsen using UPPAAL CLASSICCLASSIC. Modelling ... Robots Cruise Control ABS](https://reader031.vdocuments.mx/reader031/viewer/2022022701/5bbf6eb109d3f280238dcd5e/html5/thumbnails/2.jpg)
Modellingusing
Finite State Machines
![Page 3: CLASSICCLASSIC Modelling Specification - … · Modelling, Specification, and Verification Kim Guldstrand Larsen using UPPAAL CLASSICCLASSIC. Modelling ... Robots Cruise Control ABS](https://reader031.vdocuments.mx/reader031/viewer/2022022701/5bbf6eb109d3f280238dcd5e/html5/thumbnails/3.jpg)
3Kim G. Larsen
UCbModelling processes
A process is the execution of a sequential program. modeled as a finite state machine (LTS)
transits from state to stateby executing a sequence of atomic actions.
a light switch LTS
on off on off on off ……….a sequence of actions or trace
![Page 4: CLASSICCLASSIC Modelling Specification - … · Modelling, Specification, and Verification Kim Guldstrand Larsen using UPPAAL CLASSICCLASSIC. Modelling ... Robots Cruise Control ABS](https://reader031.vdocuments.mx/reader031/viewer/2022022701/5bbf6eb109d3f280238dcd5e/html5/thumbnails/4.jpg)
4Kim G. Larsen
UCbModelling Choices
•Who or what makes the choice?
•Is there a difference between input and output actions?
![Page 5: CLASSICCLASSIC Modelling Specification - … · Modelling, Specification, and Verification Kim Guldstrand Larsen using UPPAAL CLASSICCLASSIC. Modelling ... Robots Cruise Control ABS](https://reader031.vdocuments.mx/reader031/viewer/2022022701/5bbf6eb109d3f280238dcd5e/html5/thumbnails/5.jpg)
5Kim G. Larsen
UCbNon-deterministic Choice
Tossing a coin
Possible traces?Both outcomes possible
Nothing said about relative frequency
If coin is fair, the outcome is 50/50
![Page 6: CLASSICCLASSIC Modelling Specification - … · Modelling, Specification, and Verification Kim Guldstrand Larsen using UPPAAL CLASSICCLASSIC. Modelling ... Robots Cruise Control ABS](https://reader031.vdocuments.mx/reader031/viewer/2022022701/5bbf6eb109d3f280238dcd5e/html5/thumbnails/6.jpg)
6Kim G. Larsen
UCb
Non-Deterministic Choicemodelling failureHow do we model an unreliable communication channel which accepts packets, and if a failure occurs produces no output, otherwise delivers the packet to the receiver?
Use non-determinism...
![Page 7: CLASSICCLASSIC Modelling Specification - … · Modelling, Specification, and Verification Kim Guldstrand Larsen using UPPAAL CLASSICCLASSIC. Modelling ... Robots Cruise Control ABS](https://reader031.vdocuments.mx/reader031/viewer/2022022701/5bbf6eb109d3f280238dcd5e/html5/thumbnails/7.jpg)
7Kim G. Larsen
UCbInternal-Actions
Spontaneous actionsInternal actionsTau-actionsInternal transitions can be taken on the initiative of a single machine without communication with others
![Page 8: CLASSICCLASSIC Modelling Specification - … · Modelling, Specification, and Verification Kim Guldstrand Larsen using UPPAAL CLASSICCLASSIC. Modelling ... Robots Cruise Control ABS](https://reader031.vdocuments.mx/reader031/viewer/2022022701/5bbf6eb109d3f280238dcd5e/html5/thumbnails/8.jpg)
8Kim G. Larsen
UCbExtended FSM
• EFSM = FSM + variables + enabling conditions + assignments
• Transition still atomic• Can be translated into
FSM if variables have bounded domain
• State: control location+ variable values:
(state,amount,capacity)• (s0,5,10)
![Page 9: CLASSICCLASSIC Modelling Specification - … · Modelling, Specification, and Verification Kim Guldstrand Larsen using UPPAAL CLASSICCLASSIC. Modelling ... Robots Cruise Control ABS](https://reader031.vdocuments.mx/reader031/viewer/2022022701/5bbf6eb109d3f280238dcd5e/html5/thumbnails/9.jpg)
9Kim G. Larsen
UCb
Parallel Composition: interleaving
2 states
3 states
2*3 states
Lecturer =Speaker || Flipper
Speaker
Flipper
from Flipper from Speaker
![Page 10: CLASSICCLASSIC Modelling Specification - … · Modelling, Specification, and Verification Kim Guldstrand Larsen using UPPAAL CLASSICCLASSIC. Modelling ... Robots Cruise Control ABS](https://reader031.vdocuments.mx/reader031/viewer/2022022701/5bbf6eb109d3f280238dcd5e/html5/thumbnails/10.jpg)
10Kim G. Larsen
UCbProcess Interaction
! = Output, ? = InputHandshake communicationTwo-way
Coffee Machine Lecturer
University=Coffee Machine || Lecturer•LTS?•How many states?•Traces ?
4 states4 states
4 states:Interaction constrain overall behavior
synchronization results in internal actions
![Page 11: CLASSICCLASSIC Modelling Specification - … · Modelling, Specification, and Verification Kim Guldstrand Larsen using UPPAAL CLASSICCLASSIC. Modelling ... Robots Cruise Control ABS](https://reader031.vdocuments.mx/reader031/viewer/2022022701/5bbf6eb109d3f280238dcd5e/html5/thumbnails/11.jpg)
Adding Time
![Page 12: CLASSICCLASSIC Modelling Specification - … · Modelling, Specification, and Verification Kim Guldstrand Larsen using UPPAAL CLASSICCLASSIC. Modelling ... Robots Cruise Control ABS](https://reader031.vdocuments.mx/reader031/viewer/2022022701/5bbf6eb109d3f280238dcd5e/html5/thumbnails/12.jpg)
Info
rmat
ionst
eknolo
gi
Collaborators
@UPPsala− Wang Yi− Paul Pettersson− John Håkansson− Anders Hessel− Pavel Krcal− Leonid Mokrushin− Shi Xiaochun
@AALborg− Kim G Larsen− Gerd Behrman − Arne Skou− Brian Nielsen− Alexandre David− Jacob I. Rasmussen− Marius Mikucionis− Thomas Chatain
@Elsewhere− Emmanuel Fleury, Didier Lime, Johan Bengtsson, Fredrik Larsson, Kåre J
Kristoffersen, Tobias Amnell, Thomas Hune, Oliver Möller, Elena Fersman, Carsten Weise, David Griffioen, Ansgar Fehnker, Frits Vandraager, Theo Ruys, Pedro D’Argenio, J-P Katoen, Jan Tretmans, Judi Romijn, Ed Brinksma, Martijn Hendriks, Klaus Havelund, Franck Cassez, Magnus Lindahl, Francois Laroussinie, Patricia Bouyer, Augusto Burgueno, H. Bowmann, D. Latella, M. Massink, G. Faconti, Kristina Lundqvist, Lars Asplund, Justin Pearson...
![Page 13: CLASSICCLASSIC Modelling Specification - … · Modelling, Specification, and Verification Kim Guldstrand Larsen using UPPAAL CLASSICCLASSIC. Modelling ... Robots Cruise Control ABS](https://reader031.vdocuments.mx/reader031/viewer/2022022701/5bbf6eb109d3f280238dcd5e/html5/thumbnails/13.jpg)
Info
rmat
ionst
eknolo
gi
Real Time Systems
PlantContinuous
Controller ProgramDiscrete
Eg.: Realtime ProtocolsPump ControlAir BagsRobotsCruise ControlABSCD PlayersProduction Lines
Real Time SystemA system where correctness not only depends on the logical order of events but also on their timing!!
Real Time SystemA system where correctness not only depends on the logical order of events but also on their timing!!
sensors
actuators
![Page 14: CLASSICCLASSIC Modelling Specification - … · Modelling, Specification, and Verification Kim Guldstrand Larsen using UPPAAL CLASSICCLASSIC. Modelling ... Robots Cruise Control ABS](https://reader031.vdocuments.mx/reader031/viewer/2022022701/5bbf6eb109d3f280238dcd5e/html5/thumbnails/14.jpg)
Info
rmat
ionst
eknolo
gi
Real Time Model Checking
sensors
actuators
a
cb
1 2
43
a
cb
1 2
43
1 2
43
1 2
43
a
cb
UPPAAL Model
Modelofenvironment(user-supplied /non-determinism)
Model oftasks(automatic?)
PlantContinuous
Controller ProgramDiscrete
SAT φ ??SAT φ ??
![Page 15: CLASSICCLASSIC Modelling Specification - … · Modelling, Specification, and Verification Kim Guldstrand Larsen using UPPAAL CLASSICCLASSIC. Modelling ... Robots Cruise Control ABS](https://reader031.vdocuments.mx/reader031/viewer/2022022701/5bbf6eb109d3f280238dcd5e/html5/thumbnails/15.jpg)
Info
rmat
ionst
eknolo
gi
??
Real Time Control Synthesis
PlantContinuous
Controller ProgramDiscrete
sensors
actuators
a
cb
1 2
43
a
cb
1 2
43
1 2
43
1 2
43
a
cb
Partial UPPAAL Model
Modelofenvironment(user-supplied)
Synthesisoftasks/scheduler(automatic)
SAT φ !!SAT φ !!
![Page 16: CLASSICCLASSIC Modelling Specification - … · Modelling, Specification, and Verification Kim Guldstrand Larsen using UPPAAL CLASSICCLASSIC. Modelling ... Robots Cruise Control ABS](https://reader031.vdocuments.mx/reader031/viewer/2022022701/5bbf6eb109d3f280238dcd5e/html5/thumbnails/16.jpg)
Info
rmat
ionst
eknolo
gi
Real-time Model-Based Testing
sensors
actuators
PlantContinuous
Controller ProgramDiscrete
a
cb
1 2
43
a
cb
1 2
43
1 2
43
1 2
43
a
cb
UPPAAL Model
inputs
outputs
Test generation(offline oronline) wrt.Design Model
Conforms-to?
![Page 17: CLASSICCLASSIC Modelling Specification - … · Modelling, Specification, and Verification Kim Guldstrand Larsen using UPPAAL CLASSICCLASSIC. Modelling ... Robots Cruise Control ABS](https://reader031.vdocuments.mx/reader031/viewer/2022022701/5bbf6eb109d3f280238dcd5e/html5/thumbnails/17.jpg)
Info
rmat
ionst
eknolo
gi
UPPAALGraphical Design Tool
• timed automata =• state machines
+• clocks
• communication• datatypes• user defined functions
• cost variable
Graphical Design Tool• timed automata =
• state machines+
• clocks• communication• datatypes• user defined functions
• cost variable
![Page 18: CLASSICCLASSIC Modelling Specification - … · Modelling, Specification, and Verification Kim Guldstrand Larsen using UPPAAL CLASSICCLASSIC. Modelling ... Robots Cruise Control ABS](https://reader031.vdocuments.mx/reader031/viewer/2022022701/5bbf6eb109d3f280238dcd5e/html5/thumbnails/18.jpg)
Info
rmat
ionst
eknolo
gi
UPPAALGraphical Simulator
• visualization and recording
• inexpensive fault detection• inspection of error traces• Message Sequence Charts• (Gannt Charts)
Graphical Simulator• visualization
and recording• inexpensive fault detection• inspection of error traces• Message Sequence Charts• (Gannt Charts)
![Page 19: CLASSICCLASSIC Modelling Specification - … · Modelling, Specification, and Verification Kim Guldstrand Larsen using UPPAAL CLASSICCLASSIC. Modelling ... Robots Cruise Control ABS](https://reader031.vdocuments.mx/reader031/viewer/2022022701/5bbf6eb109d3f280238dcd5e/html5/thumbnails/19.jpg)
Info
rmat
ionst
eknolo
gi
UPPAAL
Verifier• Exhaustive & automatic
checking of requirements• .. including validating, safety, liveness,
bounded liveness andresponse properties
• .. generation of debugging informationfor visualisation in simulator.
• Optimal scheduling for cost models
Verifier• Exhaustive & automatic
checking of requirements• .. including validating, safety, liveness,
bounded liveness andresponse properties
• .. generation of debugging informationfor visualisation in simulator.
• Optimal scheduling for cost models
![Page 20: CLASSICCLASSIC Modelling Specification - … · Modelling, Specification, and Verification Kim Guldstrand Larsen using UPPAAL CLASSICCLASSIC. Modelling ... Robots Cruise Control ABS](https://reader031.vdocuments.mx/reader031/viewer/2022022701/5bbf6eb109d3f280238dcd5e/html5/thumbnails/20.jpg)
Info
rmat
ionst
eknolo
gi
“ImpactUPPAAL downloads
y = 3,236x2 - 13,841x + 582,21
0
5000
10000
15000
20000
25000
9907
9911
0003
0007
0011
0103
0107
0111
0203
0207
0211
0303
0307
0311
0403
0407
0411
0503
0507
0511
0603
0607
Date
Tota
l num
ber o
f Dow
load
s
UPPAAL downloads
0
100
200
300
400
500
600
700
1999 2000 2001 2002 2003 2004 2005 2006
Year
Dow
nloa
ds p
er m
onth
Google:
UPPAAL: 134.000SPIN Verifier: 242.000nuSMV: 57.700
> 1.500 Google Scholar Citations
(Rhapsody/Esterel < 3.500)
![Page 21: CLASSICCLASSIC Modelling Specification - … · Modelling, Specification, and Verification Kim Guldstrand Larsen using UPPAAL CLASSICCLASSIC. Modelling ... Robots Cruise Control ABS](https://reader031.vdocuments.mx/reader031/viewer/2022022701/5bbf6eb109d3f280238dcd5e/html5/thumbnails/21.jpg)
Info
rmat
ionst
eknolo
gi
Impact
Academic Courses @
DTU, MCI, IT-U (DK)Chalmers, Linköping,Lund, Chalmers,Mälardalarn (S)Nijmegen, Twente, CWI (NL)Upenn, Northumbria(US)Braunschweig, Oldenborg, Marktoberdorf(D)Tsinghua, Shanghai, ISS, NUS (Asia)
![Page 22: CLASSICCLASSIC Modelling Specification - … · Modelling, Specification, and Verification Kim Guldstrand Larsen using UPPAAL CLASSICCLASSIC. Modelling ... Robots Cruise Control ABS](https://reader031.vdocuments.mx/reader031/viewer/2022022701/5bbf6eb109d3f280238dcd5e/html5/thumbnails/22.jpg)
Info
rmat
ionst
eknolo
gi
ImpactTutorials Given @
Estonian School (01)IPA Fall Days (01)FTRTFT (02)CPN (02)SFM (02)MOVEP (02)DISC School (03)MOVEP (04)PRISE (04)PDMC (05)ARTIST2 (05)EMSOFT (05)RTSS (05)TECS week (06)TAROT (06)ARTS (06)GLOBAN (06)ARTIST ASIAN SCH (07)
![Page 23: CLASSICCLASSIC Modelling Specification - … · Modelling, Specification, and Verification Kim Guldstrand Larsen using UPPAAL CLASSICCLASSIC. Modelling ... Robots Cruise Control ABS](https://reader031.vdocuments.mx/reader031/viewer/2022022701/5bbf6eb109d3f280238dcd5e/html5/thumbnails/23.jpg)
Info
rmat
ionst
eknolo
gi
ImpactCompany DownloadsMecelJetSymantecSRIRelogicRealworkNASAVerified SystemsMicrosoftABBAirbusPSASaabSiemensVolvoLucent Technologies
![Page 24: CLASSICCLASSIC Modelling Specification - … · Modelling, Specification, and Verification Kim Guldstrand Larsen using UPPAAL CLASSICCLASSIC. Modelling ... Robots Cruise Control ABS](https://reader031.vdocuments.mx/reader031/viewer/2022022701/5bbf6eb109d3f280238dcd5e/html5/thumbnails/24.jpg)
Timed AutomataAlur & Dill 1989
![Page 25: CLASSICCLASSIC Modelling Specification - … · Modelling, Specification, and Verification Kim Guldstrand Larsen using UPPAAL CLASSICCLASSIC. Modelling ... Robots Cruise Control ABS](https://reader031.vdocuments.mx/reader031/viewer/2022022701/5bbf6eb109d3f280238dcd5e/html5/thumbnails/25.jpg)
Info
rmat
ionst
eknolo
gi
UCb
Dumb Light Control
WANT: if press is issued twice quickly then the light will get brighter; otherwise the light is turned off.
Off Light Brightpress? press?
press?
press?
![Page 26: CLASSICCLASSIC Modelling Specification - … · Modelling, Specification, and Verification Kim Guldstrand Larsen using UPPAAL CLASSICCLASSIC. Modelling ... Robots Cruise Control ABS](https://reader031.vdocuments.mx/reader031/viewer/2022022701/5bbf6eb109d3f280238dcd5e/html5/thumbnails/26.jpg)
Info
rmat
ionst
eknolo
gi
UCb
Dumb Light Control
Off Light Brightpress? press?
press?
press?
Solution: Add real-valued clock x
x:=0
x·3
x>3
Alur & Dill 1990
![Page 27: CLASSICCLASSIC Modelling Specification - … · Modelling, Specification, and Verification Kim Guldstrand Larsen using UPPAAL CLASSICCLASSIC. Modelling ... Robots Cruise Control ABS](https://reader031.vdocuments.mx/reader031/viewer/2022022701/5bbf6eb109d3f280238dcd5e/html5/thumbnails/27.jpg)
Info
rmat
ionst
eknolo
gi
UCb
Timed Automata review
n
m
a
Alur & Dill 1990
Clocks: x, y
x<=5 & y>3
x := 0
Guard Boolean combination of integer boundson clocks
ResetAction performed on clocks
Transitions
( n , x=2.4 , y=3.1415 )( n , x=3.5 , y=4.2415 )
e(1.1)
( n , x=2.4 , y=3.1415 )( m , x=0 , y=3.1415 )
a
State( location , x=v , y=u ) where v,u are in R
Actionused
for synchronization
Discrete Trans
Delay Trans
![Page 28: CLASSICCLASSIC Modelling Specification - … · Modelling, Specification, and Verification Kim Guldstrand Larsen using UPPAAL CLASSICCLASSIC. Modelling ... Robots Cruise Control ABS](https://reader031.vdocuments.mx/reader031/viewer/2022022701/5bbf6eb109d3f280238dcd5e/html5/thumbnails/28.jpg)
Info
rmat
ionst
eknolo
gi
UCb
Timed Automata
Off Light Brightpress? press?
press?
press?
x:=0
x·3
x>3
Alur & Dill 1990
Synchronizing action
GuardConjunctions
of x~nx: real-valued clock
Reset
Transitions:( Off , x=0 )
delay 4.32 ( Off , x=4.32 ) press? ( Light , x=0 )delay 2.51 ( Light , x=2.51 )press? ( Bright , x=2.51 )
Transitions:( Off , x=0 )
delay 4.32 ( Off , x=4.32 ) press? ( Light , x=0 )delay 2.51 ( Light , x=2.51 )press? ( Bright , x=2.51 )
States:( location , x=v) where v∈R
States:( location , x=v) where v∈R
![Page 29: CLASSICCLASSIC Modelling Specification - … · Modelling, Specification, and Verification Kim Guldstrand Larsen using UPPAAL CLASSICCLASSIC. Modelling ... Robots Cruise Control ABS](https://reader031.vdocuments.mx/reader031/viewer/2022022701/5bbf6eb109d3f280238dcd5e/html5/thumbnails/29.jpg)
Info
rmat
ionst
eknolo
gi
UCb
Timed Automata
Off Light Brightpress? press?
press?
press?
x:=0
x·3
x>3
Alur & Dill 1990
Synchronizing action
GuardConjunctions
of x~nx: real-valued clock
Reset
Transitions:( Off , x=0 )
delay 4.32 ( Off , x=4.32 ) press? ( Light , x=0 )delay 2.51 ( Light , x=2.51 )press? ( Bright , x=2.51 )
Transitions:( Off , x=0 )
delay 4.32 ( Off , x=4.32 ) press? ( Light , x=0 )delay 2.51 ( Light , x=2.51 )press? ( Bright , x=2.51 )
States:( location , x=v) where v∈R
States:( location , x=v) where v∈R
![Page 30: CLASSICCLASSIC Modelling Specification - … · Modelling, Specification, and Verification Kim Guldstrand Larsen using UPPAAL CLASSICCLASSIC. Modelling ... Robots Cruise Control ABS](https://reader031.vdocuments.mx/reader031/viewer/2022022701/5bbf6eb109d3f280238dcd5e/html5/thumbnails/30.jpg)
Info
rmat
ionst
eknolo
gi
UCb
Timed Automata
Off Light Brightpress? press?
press?
press?
x:=0
x·3
x>3
Alur & Dill 1990
Synchronizing action
GuardConjunctions
of x~nx: real-valued clock
Reset
Transitions:( Off , x=0 )
delay 4.32 ( Off , x=4.32 ) press? ( Light , x=0 )delay 2.51 ( Light , x=2.51 )press? ( Bright , x=2.51 )
Transitions:( Off , x=0 )
delay 4.32 ( Off , x=4.32 ) press? ( Light , x=0 )delay 2.51 ( Light , x=2.51 )press? ( Bright , x=2.51 )
States:( location , x=v) where v∈R
States:( location , x=v) where v∈R
![Page 31: CLASSICCLASSIC Modelling Specification - … · Modelling, Specification, and Verification Kim Guldstrand Larsen using UPPAAL CLASSICCLASSIC. Modelling ... Robots Cruise Control ABS](https://reader031.vdocuments.mx/reader031/viewer/2022022701/5bbf6eb109d3f280238dcd5e/html5/thumbnails/31.jpg)
Info
rmat
ionst
eknolo
gi
UCb
Timed Automata
Off Light Brightpress? press?
press?
press?
x:=0
x·3
x>3
Alur & Dill 1990
Synchronizing action
GuardConjunctions
of x~nx: real-valued clock
Reset
Transitions:( Off , x=0 )
delay 4.32 ( Off , x=4.32 ) press? ( Light , x=0 )delay 2.51 ( Light , x=2.51 )press? ( Bright , x=2.51 )
Transitions:( Off , x=0 )
delay 4.32 ( Off , x=4.32 ) press? ( Light , x=0 )delay 2.51 ( Light , x=2.51 )press? ( Bright , x=2.51 )
States:( location , x=v) where v∈R
States:( location , x=v) where v∈R
![Page 32: CLASSICCLASSIC Modelling Specification - … · Modelling, Specification, and Verification Kim Guldstrand Larsen using UPPAAL CLASSICCLASSIC. Modelling ... Robots Cruise Control ABS](https://reader031.vdocuments.mx/reader031/viewer/2022022701/5bbf6eb109d3f280238dcd5e/html5/thumbnails/32.jpg)
Info
rmat
ionst
eknolo
gi
UCb
Timed Automata
Off Light Brightpress? press?
press?
press?
x:=0
x·3
x>3
Alur & Dill 1990
Synchronizing action
GuardConjunctions
of x~nx: real-valued clock
Reset
Transitions:( Off , x=0 )
delay 4.32 ( Off , x=4.32 ) press? ( Light , x=0 )delay 2.51 ( Light , x=2.51 )press? ( Bright , x=2.51 )
Transitions:( Off , x=0 )
delay 4.32 ( Off , x=4.32 ) press? ( Light , x=0 )delay 2.51 ( Light , x=2.51 )press? ( Bright , x=2.51 )
States:( location , x=v) where v∈R
States:( location , x=v) where v∈R
![Page 33: CLASSICCLASSIC Modelling Specification - … · Modelling, Specification, and Verification Kim Guldstrand Larsen using UPPAAL CLASSICCLASSIC. Modelling ... Robots Cruise Control ABS](https://reader031.vdocuments.mx/reader031/viewer/2022022701/5bbf6eb109d3f280238dcd5e/html5/thumbnails/33.jpg)
Info
rmat
ionst
eknolo
gi
UCb
Intelligent Light Control
Off Light Brightpress? press?
press?
x:=0
x·3
x>3
Off Light Brightpress? press?
press?
press?
X:=0
X<=3
X>3
x·100
x=100x:=0
x·100
x=100x:=0
x:=0
press?x:=0
Using Invariants
x:=0
![Page 34: CLASSICCLASSIC Modelling Specification - … · Modelling, Specification, and Verification Kim Guldstrand Larsen using UPPAAL CLASSICCLASSIC. Modelling ... Robots Cruise Control ABS](https://reader031.vdocuments.mx/reader031/viewer/2022022701/5bbf6eb109d3f280238dcd5e/html5/thumbnails/34.jpg)
Info
rmat
ionst
eknolo
gi
UCb
n
m
a
Clocks: x, y
x<=5 & y>3
x := 0
Transitions
( n , x=2.4 , y=3.1415 )( n , x=3.5 , y=4.2415 )
e(1.1)
( n , x=2.4 , y=3.1415 )e(3.2)
x<=5
y<=10
LocationInvariants
g1g2 g3
g4
Timed Automata reviewInvariants
Invariantsensure
progress!!
Invariantsensure
progress!!
![Page 35: CLASSICCLASSIC Modelling Specification - … · Modelling, Specification, and Verification Kim Guldstrand Larsen using UPPAAL CLASSICCLASSIC. Modelling ... Robots Cruise Control ABS](https://reader031.vdocuments.mx/reader031/viewer/2022022701/5bbf6eb109d3f280238dcd5e/html5/thumbnails/35.jpg)
Info
rmat
ionst
eknolo
gi
UCb
Intelligent Light Control
Off Light Brightpress? press?
press?
x:=0
x·3
x>3
x·100
x=100x:=0
x·100
x=100x:=0
x:=0
press?x:=0
Using Invariants
Transitions:( Off , x=0 )
delay 4.32 ( Off , x=4.32 ) press? ( Light , x=0 )delay 4.51 ( Light , x=4.51 )press? ( Light , x=0 )delay 100 ( Light , x=100)
τ ( Off , x=0)
Transitions:( Off , x=0 )
delay 4.32 ( Off , x=4.32 ) press? ( Light , x=0 )delay 4.51 ( Light , x=4.51 )press? ( Light , x=0 )delay 100 ( Light , x=100)
τ ( Off , x=0)
Note:( Light , x=0 ) delay 103
Note:( Light , x=0 ) delay 103
X
Invariants ensures progress
Invariants ensures progress
x:=0
![Page 36: CLASSICCLASSIC Modelling Specification - … · Modelling, Specification, and Verification Kim Guldstrand Larsen using UPPAAL CLASSICCLASSIC. Modelling ... Robots Cruise Control ABS](https://reader031.vdocuments.mx/reader031/viewer/2022022701/5bbf6eb109d3f280238dcd5e/html5/thumbnails/36.jpg)
Info
rmat
ionst
eknolo
gi
UCb
Example
Reachable?
a b
c
With two clocks
![Page 37: CLASSICCLASSIC Modelling Specification - … · Modelling, Specification, and Verification Kim Guldstrand Larsen using UPPAAL CLASSICCLASSIC. Modelling ... Robots Cruise Control ABS](https://reader031.vdocuments.mx/reader031/viewer/2022022701/5bbf6eb109d3f280238dcd5e/html5/thumbnails/37.jpg)
Info
rmat
ionst
eknolo
gi
UCb
Example
Reachable?
x
y
(L0,x=0,y=0)
a b
c
With two clocks
![Page 38: CLASSICCLASSIC Modelling Specification - … · Modelling, Specification, and Verification Kim Guldstrand Larsen using UPPAAL CLASSICCLASSIC. Modelling ... Robots Cruise Control ABS](https://reader031.vdocuments.mx/reader031/viewer/2022022701/5bbf6eb109d3f280238dcd5e/html5/thumbnails/38.jpg)
Info
rmat
ionst
eknolo
gi
UCb
Example
Reachable?
x
y
(L0,x=0,y=0)ε(1.4)
(L0,x=1.4,y=1.4)
a b
c
ε(1.4)
With two clocks
![Page 39: CLASSICCLASSIC Modelling Specification - … · Modelling, Specification, and Verification Kim Guldstrand Larsen using UPPAAL CLASSICCLASSIC. Modelling ... Robots Cruise Control ABS](https://reader031.vdocuments.mx/reader031/viewer/2022022701/5bbf6eb109d3f280238dcd5e/html5/thumbnails/39.jpg)
Info
rmat
ionst
eknolo
gi
UCb
Example
Reachable?
x
y
(L0,x=0,y=0)ε(1.4)
(L0,x=1.4,y=1.4)a
(L0,x=1.4,y=0)
a b
c
ε(1.4)
a
With two clocks
![Page 40: CLASSICCLASSIC Modelling Specification - … · Modelling, Specification, and Verification Kim Guldstrand Larsen using UPPAAL CLASSICCLASSIC. Modelling ... Robots Cruise Control ABS](https://reader031.vdocuments.mx/reader031/viewer/2022022701/5bbf6eb109d3f280238dcd5e/html5/thumbnails/40.jpg)
Info
rmat
ionst
eknolo
gi
UCb
Example
Reachable?
x
y
(L0,x=0,y=0)ε(1.4)
(L0,x=1.4,y=1.4)a
(L0,x=1.4,y=0)ε(1.6)
(L0,x=3.0,y=1.6)a
(L0,x=3.0,y=0)
a b
c
ε(1.4)
a aε(1.6)
With two clocks
![Page 41: CLASSICCLASSIC Modelling Specification - … · Modelling, Specification, and Verification Kim Guldstrand Larsen using UPPAAL CLASSICCLASSIC. Modelling ... Robots Cruise Control ABS](https://reader031.vdocuments.mx/reader031/viewer/2022022701/5bbf6eb109d3f280238dcd5e/html5/thumbnails/41.jpg)
Info
rmat
ionst
eknolo
gi
UCb
Networks Light Controller & User
Off Light Brightpress? press?
press?
x:=0
x·3
x>3
x·100
x=100x:=0
x·100
x=100x:=0
x:=0
press?x:=0
Rest Busy
y≥10 y:=0
y·10
press!
press!y:=0
Transitions: ( Off, Rest, x=0, y=0 )
delay 20 ( Off, Rest, x=20, y=20 )press?! ( Light, Busy, x=0, y=0 )delay 2 ( Light, Busy, x=2, y=2)press?! ( Bright, Rest, x=0, y=0)
Transitions: ( Off, Rest, x=0, y=0 )
delay 20 ( Off, Rest, x=20, y=20 )press?! ( Light, Busy, x=0, y=0 )delay 2 ( Light, Busy, x=2, y=2)press?! ( Bright, Rest, x=0, y=0)
Synchronization
x:=0
![Page 42: CLASSICCLASSIC Modelling Specification - … · Modelling, Specification, and Verification Kim Guldstrand Larsen using UPPAAL CLASSICCLASSIC. Modelling ... Robots Cruise Control ABS](https://reader031.vdocuments.mx/reader031/viewer/2022022701/5bbf6eb109d3f280238dcd5e/html5/thumbnails/42.jpg)
Info
rmat
ionst
eknolo
gi
UCb
Networks of Timed Automata(a’la CCS)
l1
l2
a!
x>=2
x := 0
m1
m2
a?
y<=4
………….Two-way synchronizationon complementary actions.
Closed Systems!
Two-way synchronizationon complementary actions.
Closed Systems!
(l1, m1,………, x=2, y=3.5,…..) (l2,m2,……..,x=0, y=3.5, …..)
(l1,m1,………,x=2.2, y=3.7, …..)0.2
tau
Example transitions
If a URGENT CHANNEL
![Page 43: CLASSICCLASSIC Modelling Specification - … · Modelling, Specification, and Verification Kim Guldstrand Larsen using UPPAAL CLASSICCLASSIC. Modelling ... Robots Cruise Control ABS](https://reader031.vdocuments.mx/reader031/viewer/2022022701/5bbf6eb109d3f280238dcd5e/html5/thumbnails/43.jpg)
Timed AutomataFormally
![Page 44: CLASSICCLASSIC Modelling Specification - … · Modelling, Specification, and Verification Kim Guldstrand Larsen using UPPAAL CLASSICCLASSIC. Modelling ... Robots Cruise Control ABS](https://reader031.vdocuments.mx/reader031/viewer/2022022701/5bbf6eb109d3f280238dcd5e/html5/thumbnails/44.jpg)
Info
rmat
ionst
eknolo
gi
UCb
![Page 45: CLASSICCLASSIC Modelling Specification - … · Modelling, Specification, and Verification Kim Guldstrand Larsen using UPPAAL CLASSICCLASSIC. Modelling ... Robots Cruise Control ABS](https://reader031.vdocuments.mx/reader031/viewer/2022022701/5bbf6eb109d3f280238dcd5e/html5/thumbnails/45.jpg)
Info
rmat
ionst
eknolo
gi
UCb
![Page 46: CLASSICCLASSIC Modelling Specification - … · Modelling, Specification, and Verification Kim Guldstrand Larsen using UPPAAL CLASSICCLASSIC. Modelling ... Robots Cruise Control ABS](https://reader031.vdocuments.mx/reader031/viewer/2022022701/5bbf6eb109d3f280238dcd5e/html5/thumbnails/46.jpg)
Info
rmat
ionst
eknolo
gi
UCb
![Page 47: CLASSICCLASSIC Modelling Specification - … · Modelling, Specification, and Verification Kim Guldstrand Larsen using UPPAAL CLASSICCLASSIC. Modelling ... Robots Cruise Control ABS](https://reader031.vdocuments.mx/reader031/viewer/2022022701/5bbf6eb109d3f280238dcd5e/html5/thumbnails/47.jpg)
Info
rmat
ionst
eknolo
gi
UCb
![Page 48: CLASSICCLASSIC Modelling Specification - … · Modelling, Specification, and Verification Kim Guldstrand Larsen using UPPAAL CLASSICCLASSIC. Modelling ... Robots Cruise Control ABS](https://reader031.vdocuments.mx/reader031/viewer/2022022701/5bbf6eb109d3f280238dcd5e/html5/thumbnails/48.jpg)
Info
rmat
ionst
eknolo
gi
UCb
Timed Automata: Example
guard
reset-set
location
a
action
![Page 49: CLASSICCLASSIC Modelling Specification - … · Modelling, Specification, and Verification Kim Guldstrand Larsen using UPPAAL CLASSICCLASSIC. Modelling ... Robots Cruise Control ABS](https://reader031.vdocuments.mx/reader031/viewer/2022022701/5bbf6eb109d3f280238dcd5e/html5/thumbnails/49.jpg)
Info
rmat
ionst
eknolo
gi
UCb
Timed Automata: Example
aa a
guard
reset-set
location
a
action
![Page 50: CLASSICCLASSIC Modelling Specification - … · Modelling, Specification, and Verification Kim Guldstrand Larsen using UPPAAL CLASSICCLASSIC. Modelling ... Robots Cruise Control ABS](https://reader031.vdocuments.mx/reader031/viewer/2022022701/5bbf6eb109d3f280238dcd5e/html5/thumbnails/50.jpg)
Info
rmat
ionst
eknolo
gi
UCb
Timed Automata: Example
3≤x a
Invariant
![Page 51: CLASSICCLASSIC Modelling Specification - … · Modelling, Specification, and Verification Kim Guldstrand Larsen using UPPAAL CLASSICCLASSIC. Modelling ... Robots Cruise Control ABS](https://reader031.vdocuments.mx/reader031/viewer/2022022701/5bbf6eb109d3f280238dcd5e/html5/thumbnails/51.jpg)
Info
rmat
ionst
eknolo
gi
UCb
Timed Automata: Example
3≤x a a a a
Invariant
![Page 52: CLASSICCLASSIC Modelling Specification - … · Modelling, Specification, and Verification Kim Guldstrand Larsen using UPPAAL CLASSICCLASSIC. Modelling ... Robots Cruise Control ABS](https://reader031.vdocuments.mx/reader031/viewer/2022022701/5bbf6eb109d3f280238dcd5e/html5/thumbnails/52.jpg)
Brick Sorting
![Page 53: CLASSICCLASSIC Modelling Specification - … · Modelling, Specification, and Verification Kim Guldstrand Larsen using UPPAAL CLASSICCLASSIC. Modelling ... Robots Cruise Control ABS](https://reader031.vdocuments.mx/reader031/viewer/2022022701/5bbf6eb109d3f280238dcd5e/html5/thumbnails/53.jpg)
Info
rmat
ionst
eknolo
gi
UCb
LEGO Mindstorms/RCX
Sensors: temperature, light, rotation, pressure.Actuators: motors, lamps,
Virtual machine:− 10 tasks, 4 timers,
16 integers.
Several Programming Languages:
− NotQuiteC, Mindstorm, Robotics, legOS, etc.
3 input ports
3 output ports
1 infra-red port
![Page 54: CLASSICCLASSIC Modelling Specification - … · Modelling, Specification, and Verification Kim Guldstrand Larsen using UPPAAL CLASSICCLASSIC. Modelling ... Robots Cruise Control ABS](https://reader031.vdocuments.mx/reader031/viewer/2022022701/5bbf6eb109d3f280238dcd5e/html5/thumbnails/54.jpg)
Info
rmat
ionst
eknolo
gi
UCb
A Real Real Timed System
ControllerProgram
LEGO MINDSTORM
The PlantConveyor Belt
& Bricks
![Page 55: CLASSICCLASSIC Modelling Specification - … · Modelling, Specification, and Verification Kim Guldstrand Larsen using UPPAAL CLASSICCLASSIC. Modelling ... Robots Cruise Control ABS](https://reader031.vdocuments.mx/reader031/viewer/2022022701/5bbf6eb109d3f280238dcd5e/html5/thumbnails/55.jpg)
Info
rmat
ionst
eknolo
gi
UCb
First UPPAAL modelSorting of Lego Boxes
Conveyer Belt
Exercise: Design Controller so that black boxes are being pushed out
BoxesPiston
Black
Red9 18 81 90
99
BlckYel
remove
eject
Controller
Ken Tindell
MAIN PUSH
![Page 56: CLASSICCLASSIC Modelling Specification - … · Modelling, Specification, and Verification Kim Guldstrand Larsen using UPPAAL CLASSICCLASSIC. Modelling ... Robots Cruise Control ABS](https://reader031.vdocuments.mx/reader031/viewer/2022022701/5bbf6eb109d3f280238dcd5e/html5/thumbnails/56.jpg)
Info
rmat
ionst
eknolo
gi
UCb
NQC programs
task PUSH{while(true){
wait(Timer(1)>DELAY && active==1);active=0;Rev(OUT_C,1);Sleep(8);Fwd(OUT_C,1);Sleep(12);Off(OUT_C);
}}
task PUSH{while(true){
wait(Timer(1)>DELAY && active==1);active=0;Rev(OUT_C,1);Sleep(8);Fwd(OUT_C,1);Sleep(12);Off(OUT_C);
}}
int active;int DELAY;int LIGHT_LEVEL;
int active;int DELAY;int LIGHT_LEVEL;
task MAIN{DELAY=75;LIGHT_LEVEL=35;active=0;Sensor(IN_1, IN_LIGHT);Fwd(OUT_A,1);Display(1);
start PUSH;
while(true){
wait(IN_1<=LIGHT_LEVEL);ClearTimer(1);active=1;PlaySound(1);
wait(IN_1>LIGHT_LEVEL);}
}
task MAIN{DELAY=75;LIGHT_LEVEL=35;active=0;Sensor(IN_1, IN_LIGHT);Fwd(OUT_A,1);Display(1);
start PUSH;
while(true){
wait(IN_1<=LIGHT_LEVEL);ClearTimer(1);active=1;PlaySound(1);
wait(IN_1>LIGHT_LEVEL);}
}
![Page 57: CLASSICCLASSIC Modelling Specification - … · Modelling, Specification, and Verification Kim Guldstrand Larsen using UPPAAL CLASSICCLASSIC. Modelling ... Robots Cruise Control ABS](https://reader031.vdocuments.mx/reader031/viewer/2022022701/5bbf6eb109d3f280238dcd5e/html5/thumbnails/57.jpg)
Info
rmat
ionst
eknolo
gi
UCb
A Black Brick
![Page 58: CLASSICCLASSIC Modelling Specification - … · Modelling, Specification, and Verification Kim Guldstrand Larsen using UPPAAL CLASSICCLASSIC. Modelling ... Robots Cruise Control ABS](https://reader031.vdocuments.mx/reader031/viewer/2022022701/5bbf6eb109d3f280238dcd5e/html5/thumbnails/58.jpg)
Info
rmat
ionst
eknolo
gi
UCb
Control Tasks & Piston
GLOBAL DECLARATIONS:const int ctime = 75;
int[0,1] active;clock x, time;
chan eject, ok;urgent chan blck, red, remove, go;
![Page 59: CLASSICCLASSIC Modelling Specification - … · Modelling, Specification, and Verification Kim Guldstrand Larsen using UPPAAL CLASSICCLASSIC. Modelling ... Robots Cruise Control ABS](https://reader031.vdocuments.mx/reader031/viewer/2022022701/5bbf6eb109d3f280238dcd5e/html5/thumbnails/59.jpg)
Info
rmat
ionst
eknolo
gi
UCb
From RCX to UPPAAL – and back
Model includesRound-RobinScheduler.Compilation of RCX tasks into TA models. Presented at ECRTS 2000 in Stockholm.
From UPPAAL to RCX: MartijnHendriks.
Task MAIN
![Page 60: CLASSICCLASSIC Modelling Specification - … · Modelling, Specification, and Verification Kim Guldstrand Larsen using UPPAAL CLASSICCLASSIC. Modelling ... Robots Cruise Control ABS](https://reader031.vdocuments.mx/reader031/viewer/2022022701/5bbf6eb109d3f280238dcd5e/html5/thumbnails/60.jpg)
Info
rmat
ionst
eknolo
gi
UCb
The Production Cell in LEGO
Course at DTU, Copenhagen
Production Cell Rasmus Crüger LundSimon Tune Riemanni
![Page 61: CLASSICCLASSIC Modelling Specification - … · Modelling, Specification, and Verification Kim Guldstrand Larsen using UPPAAL CLASSICCLASSIC. Modelling ... Robots Cruise Control ABS](https://reader031.vdocuments.mx/reader031/viewer/2022022701/5bbf6eb109d3f280238dcd5e/html5/thumbnails/61.jpg)
Light Control Interface
![Page 62: CLASSICCLASSIC Modelling Specification - … · Modelling, Specification, and Verification Kim Guldstrand Larsen using UPPAAL CLASSICCLASSIC. Modelling ... Robots Cruise Control ABS](https://reader031.vdocuments.mx/reader031/viewer/2022022701/5bbf6eb109d3f280238dcd5e/html5/thumbnails/62.jpg)
Info
rmat
ionst
eknolo
gi
UCb
Light Control Interface
ControlProgram
User
Interface
Light
endhold!endhold!
touch!touch!
starthold! starthold! press?press?
release?release?
L++
/L--
/L:=
0L+
+/L
--/L
:=0
![Page 63: CLASSICCLASSIC Modelling Specification - … · Modelling, Specification, and Verification Kim Guldstrand Larsen using UPPAAL CLASSICCLASSIC. Modelling ... Robots Cruise Control ABS](https://reader031.vdocuments.mx/reader031/viewer/2022022701/5bbf6eb109d3f280238dcd5e/html5/thumbnails/63.jpg)
Info
rmat
ionst
eknolo
gi
UCb
Light Control Interface
ControlProgram
User
endhold!endhold!
touch!touch!
starthold! starthold! press?press?
release?release?
L++
/L--
/L:=
0L+
+/L
--/L
:=0
![Page 64: CLASSICCLASSIC Modelling Specification - … · Modelling, Specification, and Verification Kim Guldstrand Larsen using UPPAAL CLASSICCLASSIC. Modelling ... Robots Cruise Control ABS](https://reader031.vdocuments.mx/reader031/viewer/2022022701/5bbf6eb109d3f280238dcd5e/html5/thumbnails/64.jpg)
Info
rmat
ionst
eknolo
gi
UCb
Networks of Timed Automata(a’la CCS)
l1
l2
a!
x>=2
x := 0
m1
m2
a?
y<=4
………….Two-way synchronizationon complementary actions.
Closed Systems!
Two-way synchronizationon complementary actions.
Closed Systems!
(l1, m1,………, x=2, y=3.5,…..) (l2,m2,……..,x=0, y=3.5, …..)
(l1,m1,………,x=2.2, y=3.7, …..)0.2
tau
Example transitions
If a URGENT CHANNEL
![Page 65: CLASSICCLASSIC Modelling Specification - … · Modelling, Specification, and Verification Kim Guldstrand Larsen using UPPAAL CLASSICCLASSIC. Modelling ... Robots Cruise Control ABS](https://reader031.vdocuments.mx/reader031/viewer/2022022701/5bbf6eb109d3f280238dcd5e/html5/thumbnails/65.jpg)
Info
rmat
ionst
eknolo
gi
UCb
Network Semantics
A X)s s ,,SS(T T ⊆→×= 20
102121⎪⎪X ⎪⎪X
⎪⎪X⎪⎪X 2121
111
s ´ss s´ss
⎯→⎯⎯→⎯
μ
μ
⎪⎪X⎪⎪X ´s ss s´ss
2121
222
⎯→⎯⎯→⎯
μ
μ
⎪⎪X⎪⎪X ´s ´ss s´ss ´ss aa
2121
222111
⎯→⎯⎯→⎯⎯→⎯
τ
⎪⎪X⎪⎪X ´s ´ss s
´ss ´ss)d(e
)d(e)d(e
2121
222111
⎯⎯ →⎯⎯⎯ →⎯⎯⎯ →⎯
! ?
where
![Page 66: CLASSICCLASSIC Modelling Specification - … · Modelling, Specification, and Verification Kim Guldstrand Larsen using UPPAAL CLASSICCLASSIC. Modelling ... Robots Cruise Control ABS](https://reader031.vdocuments.mx/reader031/viewer/2022022701/5bbf6eb109d3f280238dcd5e/html5/thumbnails/66.jpg)
Info
rmat
ionst
eknolo
gi
UCb
Network Semantics(URGENT synchronization)
A X)s s ,,SS(T T ⊆→×= 20
102121⎪⎪X ⎪⎪X
⎪⎪X⎪⎪X 2121
111
s ´ss s´ss
⎯→⎯⎯→⎯
μ
μ
⎪⎪X⎪⎪X ´s ss s´ss
2121
222
⎯→⎯⎯→⎯
μ
μ
⎪⎪X⎪⎪X ´s ´ss s´ss ´ss aa
2121
222111
⎯→⎯⎯→⎯⎯→⎯
τ
⎪⎪X⎪⎪X ´s ´ss s
´ss ´ss)d(e
)d(e)d(e
2121
222111
⎯⎯ →⎯⎯⎯ →⎯⎯⎯ →⎯
! ?
where+ Urgent synchronization
∀d’ < d, ∀u∈ UAct:
¬ ( s1 → → ∧ s2 → → )e(d’) u!e(d’) u?
![Page 67: CLASSICCLASSIC Modelling Specification - … · Modelling, Specification, and Verification Kim Guldstrand Larsen using UPPAAL CLASSICCLASSIC. Modelling ... Robots Cruise Control ABS](https://reader031.vdocuments.mx/reader031/viewer/2022022701/5bbf6eb109d3f280238dcd5e/html5/thumbnails/67.jpg)
Info
rmat
ionst
eknolo
gi
UCb
ControlProgram
Light Control Network
endhold!endhold!
touch!touch!
starthold! starthold! press?press?
release?release?
![Page 68: CLASSICCLASSIC Modelling Specification - … · Modelling, Specification, and Verification Kim Guldstrand Larsen using UPPAAL CLASSICCLASSIC. Modelling ... Robots Cruise Control ABS](https://reader031.vdocuments.mx/reader031/viewer/2022022701/5bbf6eb109d3f280238dcd5e/html5/thumbnails/68.jpg)
Info
rmat
ionst
eknolo
gi
UCb
Validation Light Controller
![Page 69: CLASSICCLASSIC Modelling Specification - … · Modelling, Specification, and Verification Kim Guldstrand Larsen using UPPAAL CLASSICCLASSIC. Modelling ... Robots Cruise Control ABS](https://reader031.vdocuments.mx/reader031/viewer/2022022701/5bbf6eb109d3f280238dcd5e/html5/thumbnails/69.jpg)
Druzba:The Shower Problem
![Page 70: CLASSICCLASSIC Modelling Specification - … · Modelling, Specification, and Verification Kim Guldstrand Larsen using UPPAAL CLASSICCLASSIC. Modelling ... Robots Cruise Control ABS](https://reader031.vdocuments.mx/reader031/viewer/2022022701/5bbf6eb109d3f280238dcd5e/html5/thumbnails/70.jpg)
Info
rmat
ionst
eknolo
gi
UCb
The Druzba MUTEX Problem
KimGerd
![Page 71: CLASSICCLASSIC Modelling Specification - … · Modelling, Specification, and Verification Kim Guldstrand Larsen using UPPAAL CLASSICCLASSIC. Modelling ... Robots Cruise Control ABS](https://reader031.vdocuments.mx/reader031/viewer/2022022701/5bbf6eb109d3f280238dcd5e/html5/thumbnails/71.jpg)
Info
rmat
ionst
eknolo
gi
UCb
The Druzba MUTEX Problem
![Page 72: CLASSICCLASSIC Modelling Specification - … · Modelling, Specification, and Verification Kim Guldstrand Larsen using UPPAAL CLASSICCLASSIC. Modelling ... Robots Cruise Control ABS](https://reader031.vdocuments.mx/reader031/viewer/2022022701/5bbf6eb109d3f280238dcd5e/html5/thumbnails/72.jpg)
Info
rmat
ionst
eknolo
gi
UCb
The Druzba MUTEX Problem
Using the lightas semaphor
![Page 73: CLASSICCLASSIC Modelling Specification - … · Modelling, Specification, and Verification Kim Guldstrand Larsen using UPPAAL CLASSICCLASSIC. Modelling ... Robots Cruise Control ABS](https://reader031.vdocuments.mx/reader031/viewer/2022022701/5bbf6eb109d3f280238dcd5e/html5/thumbnails/73.jpg)
Overview of theUPPAAL Toolkit
![Page 74: CLASSICCLASSIC Modelling Specification - … · Modelling, Specification, and Verification Kim Guldstrand Larsen using UPPAAL CLASSICCLASSIC. Modelling ... Robots Cruise Control ABS](https://reader031.vdocuments.mx/reader031/viewer/2022022701/5bbf6eb109d3f280238dcd5e/html5/thumbnails/74.jpg)
Info
rmat
ionst
eknolo
gi
UCb
UPPAAL’s architecture
Linux, Windows, Solaris, MacOS
![Page 75: CLASSICCLASSIC Modelling Specification - … · Modelling, Specification, and Verification Kim Guldstrand Larsen using UPPAAL CLASSICCLASSIC. Modelling ... Robots Cruise Control ABS](https://reader031.vdocuments.mx/reader031/viewer/2022022701/5bbf6eb109d3f280238dcd5e/html5/thumbnails/75.jpg)
Info
rmat
ionst
eknolo
gi
UCb
GUI
Editor
Simulator
Verifier
![Page 76: CLASSICCLASSIC Modelling Specification - … · Modelling, Specification, and Verification Kim Guldstrand Larsen using UPPAAL CLASSICCLASSIC. Modelling ... Robots Cruise Control ABS](https://reader031.vdocuments.mx/reader031/viewer/2022022701/5bbf6eb109d3f280238dcd5e/html5/thumbnails/76.jpg)
Info
rmat
ionst
eknolo
gi
UCb
Train Crossing
River
Crossing
Gate
StopableArea
[10,20]
[7,15]
Queue
[3,5]
![Page 77: CLASSICCLASSIC Modelling Specification - … · Modelling, Specification, and Verification Kim Guldstrand Larsen using UPPAAL CLASSICCLASSIC. Modelling ... Robots Cruise Control ABS](https://reader031.vdocuments.mx/reader031/viewer/2022022701/5bbf6eb109d3f280238dcd5e/html5/thumbnails/77.jpg)
Info
rmat
ionst
eknolo
gi
UCb
Train Crossing
River
Crossing
Gate
StopableArea
[10,20]
[7,15]
Queue
[3,5]appr,stop
leave
go
emptynonemptyhd, add,rem
elel
Communication via channels andshared variable.
![Page 78: CLASSICCLASSIC Modelling Specification - … · Modelling, Specification, and Verification Kim Guldstrand Larsen using UPPAAL CLASSICCLASSIC. Modelling ... Robots Cruise Control ABS](https://reader031.vdocuments.mx/reader031/viewer/2022022701/5bbf6eb109d3f280238dcd5e/html5/thumbnails/78.jpg)
Timed Automatain UPPAAL
![Page 79: CLASSICCLASSIC Modelling Specification - … · Modelling, Specification, and Verification Kim Guldstrand Larsen using UPPAAL CLASSICCLASSIC. Modelling ... Robots Cruise Control ABS](https://reader031.vdocuments.mx/reader031/viewer/2022022701/5bbf6eb109d3f280238dcd5e/html5/thumbnails/79.jpg)
Info
rmat
ionst
eknolo
gi
UCb
Declarations
ConstantsBounded integersChannelsClocksArrays
TemplatesProcessesSystems
ConstantsBounded integersChannelsClocksArrays
TemplatesProcessesSystems
![Page 80: CLASSICCLASSIC Modelling Specification - … · Modelling, Specification, and Verification Kim Guldstrand Larsen using UPPAAL CLASSICCLASSIC. Modelling ... Robots Cruise Control ABS](https://reader031.vdocuments.mx/reader031/viewer/2022022701/5bbf6eb109d3f280238dcd5e/html5/thumbnails/80.jpg)
Info
rmat
ionst
eknolo
gi
UCb
Declarations in UPPAAL
The syntax used for declarations in UPPAAL is similar to the syntax used in the C programming language.
Clocks:− Syntax:
− clock x1, …, xn ;
− Example:− clock x, y; Declares two clocks: x and y.
![Page 81: CLASSICCLASSIC Modelling Specification - … · Modelling, Specification, and Verification Kim Guldstrand Larsen using UPPAAL CLASSICCLASSIC. Modelling ... Robots Cruise Control ABS](https://reader031.vdocuments.mx/reader031/viewer/2022022701/5bbf6eb109d3f280238dcd5e/html5/thumbnails/81.jpg)
Info
rmat
ionst
eknolo
gi
UCb
Declarations in UPPAAL (cont.)
Data variables− Syntax:
− int n1, … ; Integer with “default” domain.− int[l,u] n1, … ; Integer with domain “l” to “u”.− int n1[m], … ; Integer array w. elements
n1[0] to n1[m-1].
− Example:− int a, b;− int[0,1] a, b[5][6];
![Page 82: CLASSICCLASSIC Modelling Specification - … · Modelling, Specification, and Verification Kim Guldstrand Larsen using UPPAAL CLASSICCLASSIC. Modelling ... Robots Cruise Control ABS](https://reader031.vdocuments.mx/reader031/viewer/2022022701/5bbf6eb109d3f280238dcd5e/html5/thumbnails/82.jpg)
Info
rmat
ionst
eknolo
gi
UCb
Declarations in UPPAAL (cont.)
Actions (or channels):− Syntax:
− chan a, … ; Ordinary channels.− urgent chan b, … ; Urgent actions (see later)
− Example:− chan a, b;− urgent chan c;
![Page 83: CLASSICCLASSIC Modelling Specification - … · Modelling, Specification, and Verification Kim Guldstrand Larsen using UPPAAL CLASSICCLASSIC. Modelling ... Robots Cruise Control ABS](https://reader031.vdocuments.mx/reader031/viewer/2022022701/5bbf6eb109d3f280238dcd5e/html5/thumbnails/83.jpg)
Info
rmat
ionst
eknolo
gi
UCb
Declarations UPPAAL (cont.)
Constants− Syntax:
− const int c1 = n1;
− Example:− const int[0,1] YES = 1;− const bool NO = false;
![Page 84: CLASSICCLASSIC Modelling Specification - … · Modelling, Specification, and Verification Kim Guldstrand Larsen using UPPAAL CLASSICCLASSIC. Modelling ... Robots Cruise Control ABS](https://reader031.vdocuments.mx/reader031/viewer/2022022701/5bbf6eb109d3f280238dcd5e/html5/thumbnails/84.jpg)
Info
rmat
ionst
eknolo
gi
UCb
Timed Automata in UPPAAL
invariants
Guards
Synchronizations
Resets
Discrete Variables
![Page 85: CLASSICCLASSIC Modelling Specification - … · Modelling, Specification, and Verification Kim Guldstrand Larsen using UPPAAL CLASSICCLASSIC. Modelling ... Robots Cruise Control ABS](https://reader031.vdocuments.mx/reader031/viewer/2022022701/5bbf6eb109d3f280238dcd5e/html5/thumbnails/85.jpg)
Info
rmat
ionst
eknolo
gi
UCb
Timed Automata in UPPAAL
invariants
Guards
Synchronizations
Resets
Discrete Variables
x := Expr
inv :: x Expr|x Expr|inv,inv= < <=
c d
c
d
g :: g |g |g,gg :: x Expr|x y Exprg :: Expr op Expr
{ , , , , }op { , , , , ,! }
=
= ⊗ ⊗ +
=
⊗∈ < <= == >= >
∈ < <= == >= > =
d
i : ExprExpr :: i|i[Expr]|
n| Expr|Expr Expr|Expr Expr|Expr *Expr|Expr/Expr|(g ?Expr :Expr)
=
=
−
+
−
![Page 86: CLASSICCLASSIC Modelling Specification - … · Modelling, Specification, and Verification Kim Guldstrand Larsen using UPPAAL CLASSICCLASSIC. Modelling ... Robots Cruise Control ABS](https://reader031.vdocuments.mx/reader031/viewer/2022022701/5bbf6eb109d3f280238dcd5e/html5/thumbnails/86.jpg)
Info
rmat
ionst
eknolo
gi
UCb
Expressions
used in guards, invariants, assignments,synchronizationsproperties,
used in guards, invariants, assignments,synchronizationsproperties,
![Page 87: CLASSICCLASSIC Modelling Specification - … · Modelling, Specification, and Verification Kim Guldstrand Larsen using UPPAAL CLASSICCLASSIC. Modelling ... Robots Cruise Control ABS](https://reader031.vdocuments.mx/reader031/viewer/2022022701/5bbf6eb109d3f280238dcd5e/html5/thumbnails/87.jpg)
Info
rmat
ionst
eknolo
gi
UCb
Expressions
![Page 88: CLASSICCLASSIC Modelling Specification - … · Modelling, Specification, and Verification Kim Guldstrand Larsen using UPPAAL CLASSICCLASSIC. Modelling ... Robots Cruise Control ABS](https://reader031.vdocuments.mx/reader031/viewer/2022022701/5bbf6eb109d3f280238dcd5e/html5/thumbnails/88.jpg)
Info
rmat
ionst
eknolo
gi
UCb
Operators
![Page 89: CLASSICCLASSIC Modelling Specification - … · Modelling, Specification, and Verification Kim Guldstrand Larsen using UPPAAL CLASSICCLASSIC. Modelling ... Robots Cruise Control ABS](https://reader031.vdocuments.mx/reader031/viewer/2022022701/5bbf6eb109d3f280238dcd5e/html5/thumbnails/89.jpg)
Info
rmat
ionst
eknolo
gi
UCb
Guards, Invariants, Assignments
Guards: It is side-effect free, type correct, and evaluates to booleanOnly clock variables, integer variables, constants are referenced (or arrays of such)Clocks and differences are only compared to integer expressionsGuards over clocks are essentially conjunctions (I.e. disjunctions are only allowed over integer conditions)
AssignmentsIt has a side effect and is type correctOnly clock variable, integer variables and constants are referenced (or arrays of such)Only integer are assigned to clocks
InvariantsIt forms conjunctions of conditions of the form x<eor x<=e where x is a clock reference and e evaluates to an integer
![Page 90: CLASSICCLASSIC Modelling Specification - … · Modelling, Specification, and Verification Kim Guldstrand Larsen using UPPAAL CLASSICCLASSIC. Modelling ... Robots Cruise Control ABS](https://reader031.vdocuments.mx/reader031/viewer/2022022701/5bbf6eb109d3f280238dcd5e/html5/thumbnails/90.jpg)
Info
rmat
ionst
eknolo
gi
UCb
Synchronization
Binary Synchronization
Declared like:chan a, b, c[3];
If a is channel then:− a! = Emmision− a? = Reception
Two edges in different processes can synchronize if one is emitting and the other is receiving on the same channel.
Broadcast Synchronization
Declared likebroadcast chan a, b, c[2];If a is a broadcast channel:
− a! = Emmision of broadcast− a? = Reception of broadcast
A set of edges in different processes can synchronize if one is emitting and the others are receiving on the same b.c. channle. A process can always emit. Receivers MUST synchronize if they can. No blocking.
![Page 91: CLASSICCLASSIC Modelling Specification - … · Modelling, Specification, and Verification Kim Guldstrand Larsen using UPPAAL CLASSICCLASSIC. Modelling ... Robots Cruise Control ABS](https://reader031.vdocuments.mx/reader031/viewer/2022022701/5bbf6eb109d3f280238dcd5e/html5/thumbnails/91.jpg)
Info
rmat
ionst
eknolo
gi
UCb
More on Types
Multi dimensional arrays− e.g. int b[4][2];
Array initialiser:− e.g. int b[4] := { 1, 2, 3, 4 };
Arrays of channels, clocks, constants. − e.g. − chan a[3];− clock c[3];− const k[3] { 1, 2, 3 };
Broadcast channels.− e.g. broadcast chan a;
![Page 92: CLASSICCLASSIC Modelling Specification - … · Modelling, Specification, and Verification Kim Guldstrand Larsen using UPPAAL CLASSICCLASSIC. Modelling ... Robots Cruise Control ABS](https://reader031.vdocuments.mx/reader031/viewer/2022022701/5bbf6eb109d3f280238dcd5e/html5/thumbnails/92.jpg)
Info
rmat
ionst
eknolo
gi
UCb
Templates
Templates may be parameterised:
− int v; const min; const max
− int[0,N] e; const id
Templates are instantiatedto form processes:
− P:= A(i,1,5);− Q:= A(j,0,4);
− Train1:=Train(el, 1);− Train2:=Train(el, 2);
![Page 93: CLASSICCLASSIC Modelling Specification - … · Modelling, Specification, and Verification Kim Guldstrand Larsen using UPPAAL CLASSICCLASSIC. Modelling ... Robots Cruise Control ABS](https://reader031.vdocuments.mx/reader031/viewer/2022022701/5bbf6eb109d3f280238dcd5e/html5/thumbnails/93.jpg)
Info
rmat
ionst
eknolo
gi
UCb
Extensions
Select statement
models a non-deterministicchoisex : int[0,42]
Types
Record typesType declarationsMeta variables:not stored with statemeta int x;
Forall / Exists expressions
forall (x:int[0,42]) exprtrue if expr is true for allvalues in [0,42] of x
exists (x:int[0,4]) exprtrue if expr is true for somevalues in [0,42] of x
Example:forall(x:int[0,4])array[x];
![Page 94: CLASSICCLASSIC Modelling Specification - … · Modelling, Specification, and Verification Kim Guldstrand Larsen using UPPAAL CLASSICCLASSIC. Modelling ... Robots Cruise Control ABS](https://reader031.vdocuments.mx/reader031/viewer/2022022701/5bbf6eb109d3f280238dcd5e/html5/thumbnails/94.jpg)
Info
rmat
ionst
eknolo
gi
UCb
Urgency & Commitment
Urgent Channels
No delay if the synchronization edges can be taken !
No clock guard allowed.Guards on data-variables.
Declarations:urgent chan a, b, c[3];
Urgent Locations
No delay – time is freezed!May reduce number of clocks!
Committed Locations
No delay.Next transition MUST involve edge in one of the processes in committed locationMay reduce considerably state space
![Page 95: CLASSICCLASSIC Modelling Specification - … · Modelling, Specification, and Verification Kim Guldstrand Larsen using UPPAAL CLASSICCLASSIC. Modelling ... Robots Cruise Control ABS](https://reader031.vdocuments.mx/reader031/viewer/2022022701/5bbf6eb109d3f280238dcd5e/html5/thumbnails/95.jpg)
Queries : Specification Language
![Page 96: CLASSICCLASSIC Modelling Specification - … · Modelling, Specification, and Verification Kim Guldstrand Larsen using UPPAAL CLASSICCLASSIC. Modelling ... Robots Cruise Control ABS](https://reader031.vdocuments.mx/reader031/viewer/2022022701/5bbf6eb109d3f280238dcd5e/html5/thumbnails/96.jpg)
Info
rmat
ionst
eknolo
gi
UCb
Logical SpecificationsValidation Properties
− Possibly: E<> P
Safety Properties− Invariant: A[] P− Pos. Inv.: E[] P
Liveness Properties− Eventually: A<> P− Leadsto: P Q
Bounded Liveness− Leads to within: P · t Q
The expressions P and Q must be type safe, side effect free, and evaluate to a boolean.
Only references to integer variables, constants, clocks, and locations are allowed (and arrays of these).
![Page 97: CLASSICCLASSIC Modelling Specification - … · Modelling, Specification, and Verification Kim Guldstrand Larsen using UPPAAL CLASSICCLASSIC. Modelling ... Robots Cruise Control ABS](https://reader031.vdocuments.mx/reader031/viewer/2022022701/5bbf6eb109d3f280238dcd5e/html5/thumbnails/97.jpg)
Info
rmat
ionst
eknolo
gi
UCb
Logical SpecificationsValidation Properties
− Possibly: E<> P
Safety Properties− Invariant: A[] P− Pos. Inv.: E[] P
Liveness Properties− Eventually: A<> P− Leadsto: P Q
Bounded Liveness− Leads to within: P · t Q
![Page 98: CLASSICCLASSIC Modelling Specification - … · Modelling, Specification, and Verification Kim Guldstrand Larsen using UPPAAL CLASSICCLASSIC. Modelling ... Robots Cruise Control ABS](https://reader031.vdocuments.mx/reader031/viewer/2022022701/5bbf6eb109d3f280238dcd5e/html5/thumbnails/98.jpg)
Info
rmat
ionst
eknolo
gi
UCb
Logical SpecificationsValidation Properties
− Possibly: E<> P
Safety Properties− Invariant: A[] P− Pos. Inv.: E[] P
Liveness Properties− Eventually: A<> P− Leadsto: P Q
Bounded Liveness− Leads to within: P · t Q
![Page 99: CLASSICCLASSIC Modelling Specification - … · Modelling, Specification, and Verification Kim Guldstrand Larsen using UPPAAL CLASSICCLASSIC. Modelling ... Robots Cruise Control ABS](https://reader031.vdocuments.mx/reader031/viewer/2022022701/5bbf6eb109d3f280238dcd5e/html5/thumbnails/99.jpg)
Info
rmat
ionst
eknolo
gi
UCb
Logical SpecificationsValidation Properties
− Possibly: E<> P
Safety Properties− Invariant: A[] P− Pos. Inv.: E[] P
Liveness Properties− Eventually: A<> P− Leadsto: P Q
Bounded Liveness− Leads to within: P · t Q
![Page 100: CLASSICCLASSIC Modelling Specification - … · Modelling, Specification, and Verification Kim Guldstrand Larsen using UPPAAL CLASSICCLASSIC. Modelling ... Robots Cruise Control ABS](https://reader031.vdocuments.mx/reader031/viewer/2022022701/5bbf6eb109d3f280238dcd5e/html5/thumbnails/100.jpg)
Info
rmat
ionst
eknolo
gi
UCb
Logical SpecificationsValidation Properties
− Possibly: E<> P
Safety Properties− Invariant: A[] P− Pos. Inv.: E[] P
Liveness Properties− Eventually: A<> P− Leadsto: P Q
Bounded Liveness− Leads to within: P · t Q
· t
· t
![Page 101: CLASSICCLASSIC Modelling Specification - … · Modelling, Specification, and Verification Kim Guldstrand Larsen using UPPAAL CLASSICCLASSIC. Modelling ... Robots Cruise Control ABS](https://reader031.vdocuments.mx/reader031/viewer/2022022701/5bbf6eb109d3f280238dcd5e/html5/thumbnails/101.jpg)
Info
rmat
ionst
eknolo
gi
UCb
Train Crossing
River
Crossing
Gate
StopableArea
[10,20]
[7,15]
Queue
[3,5]appr,stop
leave
go
emptynonemptyhd, add,rem
elel
Communication via channels andshared variable.
![Page 102: CLASSICCLASSIC Modelling Specification - … · Modelling, Specification, and Verification Kim Guldstrand Larsen using UPPAAL CLASSICCLASSIC. Modelling ... Robots Cruise Control ABS](https://reader031.vdocuments.mx/reader031/viewer/2022022701/5bbf6eb109d3f280238dcd5e/html5/thumbnails/102.jpg)
Info
rmat
ionst
eknolo
gi
UCb
Gear Controllerwith MECEL AB Lindahl, Pettersson, Yi 1998
Volv
oSa
a b
Network Canbus
GearBox Engine
Interface
ClutchGearControl
Flowgraph
![Page 103: CLASSICCLASSIC Modelling Specification - … · Modelling, Specification, and Verification Kim Guldstrand Larsen using UPPAAL CLASSICCLASSIC. Modelling ... Robots Cruise Control ABS](https://reader031.vdocuments.mx/reader031/viewer/2022022701/5bbf6eb109d3f280238dcd5e/html5/thumbnails/103.jpg)
Info
rmat
ionst
eknolo
gi
UCb
Gear Controllerwith MECEL AB
Requirements
V olv
oS a
a b
GearBox Engine
Interface
ClutchGearControl
![Page 104: CLASSICCLASSIC Modelling Specification - … · Modelling, Specification, and Verification Kim Guldstrand Larsen using UPPAAL CLASSICCLASSIC. Modelling ... Robots Cruise Control ABS](https://reader031.vdocuments.mx/reader031/viewer/2022022701/5bbf6eb109d3f280238dcd5e/html5/thumbnails/104.jpg)
Info
rmat
ionst
eknolo
gi
UCb
UPPAAL 3.4
Gate Template
IntQueue
int[0,N] list[N], len, i;
![Page 105: CLASSICCLASSIC Modelling Specification - … · Modelling, Specification, and Verification Kim Guldstrand Larsen using UPPAAL CLASSICCLASSIC. Modelling ... Robots Cruise Control ABS](https://reader031.vdocuments.mx/reader031/viewer/2022022701/5bbf6eb109d3f280238dcd5e/html5/thumbnails/105.jpg)
Info
rmat
ionst
eknolo
gi
UCb
UPPAAL 3.6 (3.5) with C-Code
Gate Template
Gate Declaration
![Page 106: CLASSICCLASSIC Modelling Specification - … · Modelling, Specification, and Verification Kim Guldstrand Larsen using UPPAAL CLASSICCLASSIC. Modelling ... Robots Cruise Control ABS](https://reader031.vdocuments.mx/reader031/viewer/2022022701/5bbf6eb109d3f280238dcd5e/html5/thumbnails/106.jpg)
Info
rmat
ionst
eknolo
gi
UCb
Case-Studies: ControllersGearbox Controller [TACAS’98]Bang & Olufsen Power Controller [RTPS’99,FTRTFT’2k]SIDMAR Steel Production Plant [RTCSA’99, DSVV’2k]Real-Time RCX Control-Programs [ECRTS’2k]Experimental Batch Plant (2000)RCX Production Cell (2000)Terma, Verification of Memory Management for Radar (2001)Scheduling Lacquer Production (2005)Memory Arbiter Synthesis and Verification for a Radar Memory Interface Card [NJC’05]
![Page 107: CLASSICCLASSIC Modelling Specification - … · Modelling, Specification, and Verification Kim Guldstrand Larsen using UPPAAL CLASSICCLASSIC. Modelling ... Robots Cruise Control ABS](https://reader031.vdocuments.mx/reader031/viewer/2022022701/5bbf6eb109d3f280238dcd5e/html5/thumbnails/107.jpg)
Info
rmat
ionst
eknolo
gi
UCb
Case Studies: ProtocolsPhilips Audio Protocol [HS’95, CAV’95, RTSS’95, CAV’96]Collision-Avoidance Protocol [SPIN’95]Bounded Retransmission Protocol [TACAS’97]Bang & Olufsen Audio/Video Protocol [RTSS’97]TDMA Protocol [PRFTS’97]Lip-Synchronization Protocol [FMICS’97]Multimedia Streams [DSVIS’98]ATM ABR Protocol [CAV’99]ABB Fieldbus Protocol [ECRTS’2k]IEEE 1394 Firewire Root Contention (2000)Distributed Agreement Protocol [Formats05]Leader Election for Mobile Ad Hoc Networks
[Charme05]
![Page 108: CLASSICCLASSIC Modelling Specification - … · Modelling, Specification, and Verification Kim Guldstrand Larsen using UPPAAL CLASSICCLASSIC. Modelling ... Robots Cruise Control ABS](https://reader031.vdocuments.mx/reader031/viewer/2022022701/5bbf6eb109d3f280238dcd5e/html5/thumbnails/108.jpg)
Info
rmat
ionst
eknolo
gi
UCb
www.uppaal.com