efficient verification of timed automata kim guldstrand larsen brics@aalborg
DESCRIPTION
Efficient Verification of Timed Automata Kim Guldstrand Larsen BRICS@Aalborg. The UPPAAL Model = Networks of Timed Automata + Integer Variables +…. m1. l1. Two-way synchronization on complementary actions. Closed Systems!. x>=2 i==3. yTRANSCRIPT
![Page 1: Efficient Verification of Timed Automata Kim Guldstrand Larsen BRICS@Aalborg](https://reader030.vdocuments.mx/reader030/viewer/2022032605/56812c26550346895d90923d/html5/thumbnails/1.jpg)
1
Efficient Verification of Timed Automata
Kim Guldstrand Larsen
BRICS@Aalborg
![Page 2: Efficient Verification of Timed Automata Kim Guldstrand Larsen BRICS@Aalborg](https://reader030.vdocuments.mx/reader030/viewer/2022032605/56812c26550346895d90923d/html5/thumbnails/2.jpg)
2Estonian Winter School in Computer Science Kim G. Larsen UCb
The UPPAAL Model= Networks of Timed Automata + Integer Variables +….
l1
l2
a!
x>=2i==3
x := 0i:=i+4
m1
m2
a?
y<=4
………….Two-way synchronizationon complementary actions.
Closed Systems!
Two-way synchronizationon complementary actions.
Closed Systems!
(l1, m1,………, x=2, y=3.5, i=3,…..) (l2,m2,……..,x=0, y=3.5, i=7,…..)
(l1,m1,………,x=2.2, y=3.7, I=3,…..)
0.2
tau
Example transitions
If a URGENT CHANNEL
![Page 3: Efficient Verification of Timed Automata Kim Guldstrand Larsen BRICS@Aalborg](https://reader030.vdocuments.mx/reader030/viewer/2022032605/56812c26550346895d90923d/html5/thumbnails/3.jpg)
3Estonian Winter School in Computer Science Kim G. Larsen UCb
Timed Automata in UPPAAL
Timed (Safety) Automata+ urgent actions + urgent locations+ committed locations+ data-variables (with bounded domains)+ arrays of data-variables + constants + guards and assignments over data-variables and arrays…+ templates with local clocks, data-variables, and constants.
![Page 4: Efficient Verification of Timed Automata Kim Guldstrand Larsen BRICS@Aalborg](https://reader030.vdocuments.mx/reader030/viewer/2022032605/56812c26550346895d90923d/html5/thumbnails/4.jpg)
4Estonian Winter School in Computer Science Kim G. Larsen UCb
Declarations in UPPAAL
clock x1, …, xn;
int i1, …, im;
chan a1, …, ao;
const c1 n1, …, cp np;
Examples:
clock x, y;
int i, J0; int[0,1] k[5];
const delay 5, true 1, false 0;
Array k of five booleans.
![Page 5: Efficient Verification of Timed Automata Kim Guldstrand Larsen BRICS@Aalborg](https://reader030.vdocuments.mx/reader030/viewer/2022032605/56812c26550346895d90923d/html5/thumbnails/5.jpg)
5Estonian Winter School in Computer Science Kim G. Larsen UCb
Timed Automata in UPPAAL
n
m
a
x<=5 & y>3
x := 0
x<=5
y<=10
g1g2 g3
g4
invinvnxnxinv ,||::
clock natural number and
}!,,,,,{
},,,,{
::
|::
,||::
op
ExpropExprg
nyxnxg
ggggg
d
c
dc
nx :
clock guards
data guards
clock assignments
clock assignments
):?(
|/
|*
|
|
||
|][|::
:
ExprExprg
ExprExpr
ExprExpr
ExprExpr
ExprExpr
Exprn
ExpriiExpr
Expri
d
location invariants
![Page 6: Efficient Verification of Timed Automata Kim Guldstrand Larsen BRICS@Aalborg](https://reader030.vdocuments.mx/reader030/viewer/2022032605/56812c26550346895d90923d/html5/thumbnails/6.jpg)
6Estonian Winter School in Computer Science Kim G. Larsen UCb
Urgent Channels
urgent chan hurry;
Informal Semantics:• There will be no delay if transition with urgent action can be taken.
Restrictions:• No clock guard allowed on transitions with urgent actions.
• Invariants and data-variable guards are allowed.
![Page 7: Efficient Verification of Timed Automata Kim Guldstrand Larsen BRICS@Aalborg](https://reader030.vdocuments.mx/reader030/viewer/2022032605/56812c26550346895d90923d/html5/thumbnails/7.jpg)
7Estonian Winter School in Computer Science Kim G. Larsen UCb
Urgent Locations
Click “Urgent” in State Editor.
Informal Semantics:• No delay in urgent location.
Note: the use of urgent locations reduces the number of clocks
in a model, and thus the complexity of the analysis.
![Page 8: Efficient Verification of Timed Automata Kim Guldstrand Larsen BRICS@Aalborg](https://reader030.vdocuments.mx/reader030/viewer/2022032605/56812c26550346895d90923d/html5/thumbnails/8.jpg)
8Estonian Winter School in Computer Science Kim G. Larsen UCb
Committed Locations
Click “Committed” in State Editor.
Informal Semantics:• No delay in committed location.• Next transition must involve an automaton in committed location.
Note: the use of committed locations reduces the number of
clocks in a model, and allows for more space and time efficient
analysis.
![Page 9: Efficient Verification of Timed Automata Kim Guldstrand Larsen BRICS@Aalborg](https://reader030.vdocuments.mx/reader030/viewer/2022032605/56812c26550346895d90923d/html5/thumbnails/9.jpg)
9Estonian Winter School in Computer Science Kim G. Larsen UCb
Logical Formulas
Safety Properties:F ::= A[ ] P |
E<> P Always P
P ::= Proc.l | x = n | v = n | x<=n | x<n | P and P | not P | P or P | P imply P
Possibly P
where
atomic properties
Process Proc at location l
clock comparison
boolean combinations
![Page 10: Efficient Verification of Timed Automata Kim Guldstrand Larsen BRICS@Aalborg](https://reader030.vdocuments.mx/reader030/viewer/2022032605/56812c26550346895d90923d/html5/thumbnails/10.jpg)
10Estonian Winter School in Computer Science Kim G. Larsen UCb
Train Crossing
River
Crossing
Gate
StopableArea
[10,20]
[7,15]
Queue
[3,5]appr,stop
leave
go
emptynonemptyhd, add,rem
![Page 11: Efficient Verification of Timed Automata Kim Guldstrand Larsen BRICS@Aalborg](https://reader030.vdocuments.mx/reader030/viewer/2022032605/56812c26550346895d90923d/html5/thumbnails/11.jpg)
11Estonian Winter School in Computer Science Kim G. Larsen UCb
Beyound SafetyDecoration TACAS98a
l
n
Leadsto: Whenever l is reached then n is reached with t
l
n
Decorationnew clock Xboolean B
X:=0
B:=tt
B:=ff
A[] (B implies x<=t)
)( ba t AFAG
![Page 12: Efficient Verification of Timed Automata Kim Guldstrand Larsen BRICS@Aalborg](https://reader030.vdocuments.mx/reader030/viewer/2022032605/56812c26550346895d90923d/html5/thumbnails/12.jpg)
12
THE UPPAAL ENGINE
Reachability & ZonesProperty and system dependent
partitioning
![Page 13: Efficient Verification of Timed Automata Kim Guldstrand Larsen BRICS@Aalborg](https://reader030.vdocuments.mx/reader030/viewer/2022032605/56812c26550346895d90923d/html5/thumbnails/13.jpg)
13Estonian Winter School in Computer Science Kim G. Larsen UCb
ZonesFrom infinite to finite
State(n, x=3.2, y=2.5 )
x
y
x
y
Symbolic state (set)(n, )
Zone:conjunction ofx-y<=n, x<=>n
3y4,1x1
![Page 14: Efficient Verification of Timed Automata Kim Guldstrand Larsen BRICS@Aalborg](https://reader030.vdocuments.mx/reader030/viewer/2022032605/56812c26550346895d90923d/html5/thumbnails/14.jpg)
14Estonian Winter School in Computer Science Kim G. Larsen UCb
Symbolic Transitions
n
m
x>3
y:=0
x
ydelays to
conjuncts to
projects to
x
y
1<=x<=41<=y<=3
x
y1<=x, 1<=y-2<=x-y<=3
x
y 3<x, 1<=y-2<=x-y<=3
3<x, y=0
Thus (n,1<=x<=4,1<=y<=3) =a => (m,3<x, y=0)Thus (n,1<=x<=4,1<=y<=3) =a => (m,3<x, y=0)
a
![Page 15: Efficient Verification of Timed Automata Kim Guldstrand Larsen BRICS@Aalborg](https://reader030.vdocuments.mx/reader030/viewer/2022032605/56812c26550346895d90923d/html5/thumbnails/15.jpg)
15Estonian Winter School in Computer Science Kim G. Larsen UCb
A1 B1 CS1V:=1 V=1
A2 B2 CS2V:=2 V=2
Init V=1
2´
VCriticial Section
Fischer’s Protocolanalysis using zones
Y<10
X:=0
Y:=0
X>10
Y>10
X<10
![Page 16: Efficient Verification of Timed Automata Kim Guldstrand Larsen BRICS@Aalborg](https://reader030.vdocuments.mx/reader030/viewer/2022032605/56812c26550346895d90923d/html5/thumbnails/16.jpg)
16Estonian Winter School in Computer Science Kim G. Larsen UCb
Fischers cont. B1 CS1
V:=1 V=1
A2 B2 CS2V:=2 V=2Y<10
X:=0
Y:=0
X>10
Y>10
X<10
A1,A2,v=1 A1,B2,v=2 A1,CS2,v=2 B1,CS2,v=1 CS1,CS2,v=1
Untimed case
A1
![Page 17: Efficient Verification of Timed Automata Kim Guldstrand Larsen BRICS@Aalborg](https://reader030.vdocuments.mx/reader030/viewer/2022032605/56812c26550346895d90923d/html5/thumbnails/17.jpg)
17Estonian Winter School in Computer Science Kim G. Larsen UCb
Fischers cont. B1 CS1
V:=1 V=1
A2 B2 CS2V:=2 V=2Y<10
X:=0
Y:=0
X>10
Y>10
X<10
A1,A2,v=1 A1,B2,v=2 A1,CS2,v=2 B1,CS2,v=1 CS1,CS2,v=1
Untimed case
Taking time into account
X
Y
A1
![Page 18: Efficient Verification of Timed Automata Kim Guldstrand Larsen BRICS@Aalborg](https://reader030.vdocuments.mx/reader030/viewer/2022032605/56812c26550346895d90923d/html5/thumbnails/18.jpg)
18Estonian Winter School in Computer Science Kim G. Larsen UCb
Fischers cont. B1 CS1
V:=1 V=1
A2 B2 CS2V:=2 V=2Y<10
X:=0
Y:=0
X>10
Y>10
X<10
A1,A2,v=1 A1,B2,v=2 A1,CS2,v=2 B1,CS2,v=1 CS1,CS2,v=1
Untimed case
Taking time into account
X
Y
A1
10X
Y1010
![Page 19: Efficient Verification of Timed Automata Kim Guldstrand Larsen BRICS@Aalborg](https://reader030.vdocuments.mx/reader030/viewer/2022032605/56812c26550346895d90923d/html5/thumbnails/19.jpg)
19Estonian Winter School in Computer Science Kim G. Larsen UCb
Fischers cont. B1 CS1
V:=1 V=1
A2 B2 CS2V:=2 V=2Y<10
X:=0
Y:=0
X>10
Y>10
X<10
A1,A2,v=1 A1,B2,v=2 A1,CS2,v=2 B1,CS2,v=1 CS1,CS2,v=1
Untimed case
Taking time into account
A1
10X
Y10
X
Y10
![Page 20: Efficient Verification of Timed Automata Kim Guldstrand Larsen BRICS@Aalborg](https://reader030.vdocuments.mx/reader030/viewer/2022032605/56812c26550346895d90923d/html5/thumbnails/20.jpg)
20Estonian Winter School in Computer Science Kim G. Larsen UCb
Fischers cont. B1 CS1
V:=1 V=1
A2 B2 CS2V:=2 V=2Y<10
X:=0
Y:=0
X>10
Y>10
X<10
A1,A2,v=1 A1,B2,v=2 A1,CS2,v=2 B1,CS2,v=1 CS1,CS2,v=1
Untimed case
Taking time into account
A1
10X
Y10
X
Y10
10X
Y10
![Page 21: Efficient Verification of Timed Automata Kim Guldstrand Larsen BRICS@Aalborg](https://reader030.vdocuments.mx/reader030/viewer/2022032605/56812c26550346895d90923d/html5/thumbnails/21.jpg)
21Estonian Winter School in Computer Science Kim G. Larsen UCb
Fischers cont. B1 CS1
V:=1 V=1
A2 B2 CS2V:=2 V=2Y<10
X:=0
Y:=0
X>10
Y>10
X<10
A1,A2,v=1 A1,B2,v=2 A1,CS2,v=2 B1,CS2,v=1 CS1,CS2,v=1
Untimed case
Taking time into account
A1
10X
Y10
X
Y10
10X
Y10
![Page 22: Efficient Verification of Timed Automata Kim Guldstrand Larsen BRICS@Aalborg](https://reader030.vdocuments.mx/reader030/viewer/2022032605/56812c26550346895d90923d/html5/thumbnails/22.jpg)
22Estonian Winter School in Computer Science Kim G. Larsen UCb
Forward Rechability
Passed
WaitingFinal
Init
INITIAL Passed := Ø; Waiting := {(n0,Z0)}
REPEAT - pick (n,Z) in Waiting - if for some Z’ Z (n,Z’) in Passed then STOP - else (explore) add
{ (m,U) : (n,Z) => (m,U) } to Waiting; Add (n,Z) to Passed
UNTIL Waiting = Ø or Final is in Waiting
Init -> Final ?
![Page 23: Efficient Verification of Timed Automata Kim Guldstrand Larsen BRICS@Aalborg](https://reader030.vdocuments.mx/reader030/viewer/2022032605/56812c26550346895d90923d/html5/thumbnails/23.jpg)
23Estonian Winter School in Computer Science Kim G. Larsen UCb
Forward Rechability
Passed
Waiting Final
Init
n,Z
INITIAL Passed := Ø; Waiting := {(n0,Z0)}
REPEAT - pick (n,Z) in Waiting - if for some Z’ Z (n,Z’) in Passed then STOP - else (explore) add
{ (m,U) : (n,Z) => (m,U) } to Waiting; Add (n,Z) to Passed
UNTIL Waiting = Ø or Final is in Waiting
n,Z’
Init -> Final ?
![Page 24: Efficient Verification of Timed Automata Kim Guldstrand Larsen BRICS@Aalborg](https://reader030.vdocuments.mx/reader030/viewer/2022032605/56812c26550346895d90923d/html5/thumbnails/24.jpg)
24Estonian Winter School in Computer Science Kim G. Larsen UCb
Forward Rechability
Passed
Waiting Final
Init
n,Z
INITIAL Passed := Ø; Waiting := {(n0,Z0)}
REPEAT - pick (n,Z) in Waiting - if for some Z’ Z (n,Z’) in Passed then STOP - else /explore/ add
{ (m,U) : (n,Z) => (m,U) } to Waiting; Add (n,Z) to Passed
UNTIL Waiting = Ø or Final is in Waiting
n,Z’
m,U
Init -> Final ?
![Page 25: Efficient Verification of Timed Automata Kim Guldstrand Larsen BRICS@Aalborg](https://reader030.vdocuments.mx/reader030/viewer/2022032605/56812c26550346895d90923d/html5/thumbnails/25.jpg)
25Estonian Winter School in Computer Science Kim G. Larsen UCb
Forward Rechability
Passed
Waiting Final
Init
INITIAL Passed := Ø; Waiting := {(n0,Z0)}
REPEAT - pick (n,Z) in Waiting - if for some Z’ Z (n,Z’) in Passed then STOP - else /explore/ add
{ (m,U) : (n,Z) => (m,U) } to Waiting; Add (n,Z) to Passed
UNTIL Waiting = Ø or Final is in Waiting
n,Z’
m,U
n,Z
Init -> Final ?
![Page 26: Efficient Verification of Timed Automata Kim Guldstrand Larsen BRICS@Aalborg](https://reader030.vdocuments.mx/reader030/viewer/2022032605/56812c26550346895d90923d/html5/thumbnails/26.jpg)
26Estonian Winter School in Computer Science Kim G. Larsen UCb
Canonical Dastructures for ZonesDifference Bounded Matrices Bellman 1958, Dill 1989
x<=1y-x<=2z-y<=2z<=9
x<=1y-x<=2z-y<=2z<=9
x<=2y-x<=3y<=3z-y<=3z<=7
x<=2y-x<=3y<=3z-y<=3z<=7
D1
D2
Inclusion
0
x
y
z
1 2
29
0
x
y
z
2 3
37
3
? ?
Graph
Graph
![Page 27: Efficient Verification of Timed Automata Kim Guldstrand Larsen BRICS@Aalborg](https://reader030.vdocuments.mx/reader030/viewer/2022032605/56812c26550346895d90923d/html5/thumbnails/27.jpg)
27Estonian Winter School in Computer Science Kim G. Larsen UCb
Bellman 1958, Dill 1989
x<=1y-x<=2z-y<=2z<=9
x<=1y-x<=2z-y<=2z<=9
x<=2y-x<=3y<=3z-y<=3z<=7
x<=2y-x<=3y<=3z-y<=3z<=7
D1
D2
Inclusion
0
x
y
z
1 2
29
ShortestPath
Closure
ShortestPath
Closure
0
x
y
z
1 2
25
0
x
y
z
2 3
37
0
x
y
z
2 3
36
3
3 3
Graph
Graph
? ?
Canonical Dastructures for ZonesDifference Bounded Matrices
![Page 28: Efficient Verification of Timed Automata Kim Guldstrand Larsen BRICS@Aalborg](https://reader030.vdocuments.mx/reader030/viewer/2022032605/56812c26550346895d90923d/html5/thumbnails/28.jpg)
28Estonian Winter School in Computer Science Kim G. Larsen UCb
Bellman 1958, Dill 1989
x<=1y>=5y-x<=3
x<=1y>=5y-x<=3
D
Emptiness
0y
x1
3
-5
Negative Cycleiffempty solution set
Graph
Canonical Dastructures for ZonesDifference Bounded Matrices
Compact
![Page 29: Efficient Verification of Timed Automata Kim Guldstrand Larsen BRICS@Aalborg](https://reader030.vdocuments.mx/reader030/viewer/2022032605/56812c26550346895d90923d/html5/thumbnails/29.jpg)
29Estonian Winter School in Computer Science Kim G. Larsen UCb
1<= x <=41<= y <=3
1<= x <=41<= y <=3
D
Future
x
y
x
y
Future D
0
y
x4
-1
3
-1
ShortestPath
Closure
Removeupper
boundson clocks
1<=x, 1<=y-2<=x-y<=3
1<=x, 1<=y-2<=x-y<=3
y
x
-1
-1
3
2
0
y
x
-1
-1
3
2
0
4
3
Canonical Dastructures for ZonesDifference Bounded Matrices
![Page 30: Efficient Verification of Timed Automata Kim Guldstrand Larsen BRICS@Aalborg](https://reader030.vdocuments.mx/reader030/viewer/2022032605/56812c26550346895d90923d/html5/thumbnails/30.jpg)
30Estonian Winter School in Computer Science Kim G. Larsen UCb
Canonical Dastructures for ZonesDifference Bounded Matrices
x
y
D
1<=x, 1<=y-2<=x-y<=3
1<=x, 1<=y-2<=x-y<=3
y
x
-1
-1
3
2
0
Remove allbounds
involving yand set y to 0
x
y
{y}D
y=0, 1<=xy=0, 1<=x
Reset
y
x
-1
0
0 0
![Page 31: Efficient Verification of Timed Automata Kim Guldstrand Larsen BRICS@Aalborg](https://reader030.vdocuments.mx/reader030/viewer/2022032605/56812c26550346895d90923d/html5/thumbnails/31.jpg)
31Estonian Winter School in Computer Science Kim G. Larsen UCb
Improved DatastructuresCompact Datastructure for Zones
x1-x2<=4x2-x1<=10x3-x1<=2x2-x3<=2x0-x1<=3x3-x0<=5
x1-x2<=4x2-x1<=10x3-x1<=2x2-x3<=2x0-x1<=3x3-x0<=5
x1 x2
x3x0
-4
10
22
5
3
x1 x2
x3x0
-4
4
22
5
3 3 -2 -2
1
ShortestPath
ClosureO(n^3)
RTSS 1997
![Page 32: Efficient Verification of Timed Automata Kim Guldstrand Larsen BRICS@Aalborg](https://reader030.vdocuments.mx/reader030/viewer/2022032605/56812c26550346895d90923d/html5/thumbnails/32.jpg)
32Estonian Winter School in Computer Science Kim G. Larsen UCb
Improved DatastructuresCompact Datastructure for Zones
x1-x2<=4x2-x1<=10x3-x1<=2x2-x3<=2x0-x1<=3x3-x0<=5
x1-x2<=4x2-x1<=10x3-x1<=2x2-x3<=2x0-x1<=3x3-x0<=5
x1 x2
x3x0
-4
10
22
5
3
x1 x2
x3x0
-4
4
22
5
3
x1 x2
x3x0
-4
22
3
3 -2 -2
1
ShortestPath
ClosureO(n^3)
ShortestPath
ReductionO(n^3) 3
Canonical wrt =Space worst O(n^2) practice O(n)
RTSS 1997
![Page 33: Efficient Verification of Timed Automata Kim Guldstrand Larsen BRICS@Aalborg](https://reader030.vdocuments.mx/reader030/viewer/2022032605/56812c26550346895d90923d/html5/thumbnails/33.jpg)
33Estonian Winter School in Computer Science Kim G. Larsen UCb
SPACE PERFORMANCE
0
0,1
0,2
0,3
0,4
0,5
0,6
0,7
0,8
0,9
1
Per
cen
t Minimal Constraint
Global Reduction
Combination
![Page 34: Efficient Verification of Timed Automata Kim Guldstrand Larsen BRICS@Aalborg](https://reader030.vdocuments.mx/reader030/viewer/2022032605/56812c26550346895d90923d/html5/thumbnails/34.jpg)
34Estonian Winter School in Computer Science Kim G. Larsen UCb
TIME PERFORMANCE
0
0,5
1
1,5
2
2,5
Per
cen
t Minimal Constraint
Global Reduction
Combination
![Page 35: Efficient Verification of Timed Automata Kim Guldstrand Larsen BRICS@Aalborg](https://reader030.vdocuments.mx/reader030/viewer/2022032605/56812c26550346895d90923d/html5/thumbnails/35.jpg)
35Estonian Winter School in Computer Science Kim G. Larsen UCb
v and w are both redundantRemoval of one depends on presence of other.
v and w are both redundantRemoval of one depends on presence of other.
Shortest Path Reduction1st attempt
Idea
Problem
w
<=wAn edge is REDUNDANT if there existsan alternative path of no greater weight THUS Remove all redundant edges!
An edge is REDUNDANT if there existsan alternative path of no greater weight THUS Remove all redundant edges!
w
v
Observation: If no zero- or negative cycles then SAFE to remove all redundancies.
Observation: If no zero- or negative cycles then SAFE to remove all redundancies.
![Page 36: Efficient Verification of Timed Automata Kim Guldstrand Larsen BRICS@Aalborg](https://reader030.vdocuments.mx/reader030/viewer/2022032605/56812c26550346895d90923d/html5/thumbnails/36.jpg)
36Estonian Winter School in Computer Science Kim G. Larsen UCb
Shortest Path ReductionSolution
G: weighted graph
![Page 37: Efficient Verification of Timed Automata Kim Guldstrand Larsen BRICS@Aalborg](https://reader030.vdocuments.mx/reader030/viewer/2022032605/56812c26550346895d90923d/html5/thumbnails/37.jpg)
37Estonian Winter School in Computer Science Kim G. Larsen UCb
Shortest Path ReductionSolution
G: weighted graph
1. Equivalence classes based on 0-cycles.
2. Graph based on representatives. Safe to remove redundant edges
![Page 38: Efficient Verification of Timed Automata Kim Guldstrand Larsen BRICS@Aalborg](https://reader030.vdocuments.mx/reader030/viewer/2022032605/56812c26550346895d90923d/html5/thumbnails/38.jpg)
38Estonian Winter School in Computer Science Kim G. Larsen UCb
Shortest Path ReductionSolution
G: weighted graph
1. Equivalence classes based on 0-cycles.
2. Graph based on representatives. Safe to remove redundant edges
3. Shortest Path Reduction = One cycle pr. class + Removal of redundant edges between classes
![Page 39: Efficient Verification of Timed Automata Kim Guldstrand Larsen BRICS@Aalborg](https://reader030.vdocuments.mx/reader030/viewer/2022032605/56812c26550346895d90923d/html5/thumbnails/39.jpg)
39Estonian Winter School in Computer Science Kim G. Larsen UCb
Earlier Termination
Passed
Waiting Final
Init
INITIAL Passed := Ø; Waiting := {(n0,Z0)}
REPEAT - pick (n,Z) in Waiting - if for some Z’ Z (n,Z’) in Passed then STOP - else /explore/ add
{ (m,U) : (n,Z) => (m,U) } to Waiting; Add (n,Z) to Passed
UNTIL Waiting = Ø or Final is in Waiting
n,Z’
m,U
n,Z
Init -> Final ?
![Page 40: Efficient Verification of Timed Automata Kim Guldstrand Larsen BRICS@Aalborg](https://reader030.vdocuments.mx/reader030/viewer/2022032605/56812c26550346895d90923d/html5/thumbnails/40.jpg)
40Estonian Winter School in Computer Science Kim G. Larsen UCb
Earlier Termination
Passed
Waiting Final
Init
INITIAL Passed := Ø; Waiting := {(n0,Z0)}
REPEAT - pick (n,Z) in Waiting - if for some Z’ Z (n,Z’) in Passed then STOP - else /explore/ add
{ (m,U) : (n,Z) => (m,U) } to Waiting; Add (n,Z) to Passed
UNTIL Waiting = Ø or Final is in Waiting
n,Z’
m,U
n,Z
Init -> Final ?
ZZ'
![Page 41: Efficient Verification of Timed Automata Kim Guldstrand Larsen BRICS@Aalborg](https://reader030.vdocuments.mx/reader030/viewer/2022032605/56812c26550346895d90923d/html5/thumbnails/41.jpg)
41Estonian Winter School in Computer Science Kim G. Larsen UCb
INITIAL Passed := Ø; Waiting := {(n0,Z0)}
REPEAT - pick (n,Z) in Waiting - if for some (n,Z’) in Passed then STOP - else /explore/ add
{ (m,U) : (n,Z) => (m,U) } to Waiting; Add (n,Z) to Passed
UNTIL Waiting = Ø or Final is in Waiting
Earlier Termination
Passed
Waiting Final
Init
n,Zk
m,U
n,Z
Init -> Final ?
n,Z1
n,Z2 ZZii
ZZ'
![Page 42: Efficient Verification of Timed Automata Kim Guldstrand Larsen BRICS@Aalborg](https://reader030.vdocuments.mx/reader030/viewer/2022032605/56812c26550346895d90923d/html5/thumbnails/42.jpg)
42Estonian Winter School in Computer Science Kim G. Larsen UCb
Clock Difference Diagrams= Binary Decision Diagrams + Difference Bounded Matrices
CDD-representationsCDD-representations
CAV99
Nodes labeled with differences
Maximal sharing of substructures (also across different CDDs)
Maximal intervals Linear-time algorithms
for set-theoretic operations.
NDD’s Maler et. al
DDD’s Møller, Lichtenberg
![Page 43: Efficient Verification of Timed Automata Kim Guldstrand Larsen BRICS@Aalborg](https://reader030.vdocuments.mx/reader030/viewer/2022032605/56812c26550346895d90923d/html5/thumbnails/43.jpg)
43Estonian Winter School in Computer Science Kim G. Larsen UCb
SPACE PERFORMANCE
0
0,5
1
1,5
2
2,5
3
3,5
4
4,5
Per
cen
t CDD
Reduced CDD
CDD+BDD
![Page 44: Efficient Verification of Timed Automata Kim Guldstrand Larsen BRICS@Aalborg](https://reader030.vdocuments.mx/reader030/viewer/2022032605/56812c26550346895d90923d/html5/thumbnails/44.jpg)
44Estonian Winter School in Computer Science Kim G. Larsen UCb
TIME PERFORMANCE
0
1
2
3
4
5
6
Per
cen
t CDD
Reduced CDD
CDD+BDD
![Page 45: Efficient Verification of Timed Automata Kim Guldstrand Larsen BRICS@Aalborg](https://reader030.vdocuments.mx/reader030/viewer/2022032605/56812c26550346895d90923d/html5/thumbnails/45.jpg)
45Estonian Winter School in Computer Science Kim G. Larsen UCb
Verification Options• Diagnostic Trace
• Breadth-First• Depth-First
• Local Reduction• Active-Clock Reduction• Global Reduction
• Re-Use State-Space
• Over-Approximation• Under-Approximation
• Diagnostic Trace
• Breadth-First• Depth-First
• Local Reduction• Active-Clock Reduction• Global Reduction
• Re-Use State-Space
• Over-Approximation• Under-Approximation
Case Studies
![Page 46: Efficient Verification of Timed Automata Kim Guldstrand Larsen BRICS@Aalborg](https://reader030.vdocuments.mx/reader030/viewer/2022032605/56812c26550346895d90923d/html5/thumbnails/46.jpg)
46Estonian Winter School in Computer Science Kim G. Larsen UCb
Representation of symbolic states (In)Active Clock Reduction
x is only active in location S1
x>3x<5
x:=0
x:=0
S x is inactive at S if on all path fromS, x is always reset before beingtested.
Definitionx<7
Case Studies
![Page 47: Efficient Verification of Timed Automata Kim Guldstrand Larsen BRICS@Aalborg](https://reader030.vdocuments.mx/reader030/viewer/2022032605/56812c26550346895d90923d/html5/thumbnails/47.jpg)
47Estonian Winter School in Computer Science Kim G. Larsen UCb
Representation of symbolic states Active Clock Reduction
x>3x<5
S
x is inactive at S if on all path fromS, x is always reset before beingtested.
Definitiong1
gkg2r1
r2 rk
iii
ii
rClocks/SAct
gClocks
)S(Act
S1
S2 Sk
Only save constraints on active clocks
![Page 48: Efficient Verification of Timed Automata Kim Guldstrand Larsen BRICS@Aalborg](https://reader030.vdocuments.mx/reader030/viewer/2022032605/56812c26550346895d90923d/html5/thumbnails/48.jpg)
48Estonian Winter School in Computer Science Kim G. Larsen UCb
When to store symbolic stateGlobal Reduction
No Cycles: Passed list not needed for termination
However,Passed list useful forefficiency
Case Studies
![Page 49: Efficient Verification of Timed Automata Kim Guldstrand Larsen BRICS@Aalborg](https://reader030.vdocuments.mx/reader030/viewer/2022032605/56812c26550346895d90923d/html5/thumbnails/49.jpg)
49Estonian Winter School in Computer Science Kim G. Larsen UCb
When to store symbolic stateGlobal Reduction
Cycles: Only symbolic states involving loop-entry points need to be saved on Passed list
Case Studies
![Page 50: Efficient Verification of Timed Automata Kim Guldstrand Larsen BRICS@Aalborg](https://reader030.vdocuments.mx/reader030/viewer/2022032605/56812c26550346895d90923d/html5/thumbnails/50.jpg)
50Estonian Winter School in Computer Science Kim G. Larsen UCb
Reuse State Space
Passed
Waiting
prop1
A[] prop1
A[] prop2A[] prop3A[] prop4A[] prop5...A[] propn
Searchin existingPassedlist beforecontinuingsearch
Which orderto search?
prop2
Case Studies
![Page 51: Efficient Verification of Timed Automata Kim Guldstrand Larsen BRICS@Aalborg](https://reader030.vdocuments.mx/reader030/viewer/2022032605/56812c26550346895d90923d/html5/thumbnails/51.jpg)
51Estonian Winter School in Computer Science Kim G. Larsen UCb
Reuse State Space
Passed
Waiting
prop1
A[] prop1
A[] prop2A[] prop3A[] prop4A[] prop5...A[] propn
Searchin existingPassedlist beforecontinuingsearch
Which orderto search?Hashtable
prop2
Case Studies
![Page 52: Efficient Verification of Timed Automata Kim Guldstrand Larsen BRICS@Aalborg](https://reader030.vdocuments.mx/reader030/viewer/2022032605/56812c26550346895d90923d/html5/thumbnails/52.jpg)
52Estonian Winter School in Computer Science Kim G. Larsen UCb
Over-approximationConvex Hull
x
y
Convex Hull
1 3 5
1
3
5
Case Studies
![Page 53: Efficient Verification of Timed Automata Kim Guldstrand Larsen BRICS@Aalborg](https://reader030.vdocuments.mx/reader030/viewer/2022032605/56812c26550346895d90923d/html5/thumbnails/53.jpg)
53Estonian Winter School in Computer Science Kim G. Larsen UCb
Under-approximationBitstate Hashing
Passed
Waiting Final
Init
n,Z’
m,U
n,Z
![Page 54: Efficient Verification of Timed Automata Kim Guldstrand Larsen BRICS@Aalborg](https://reader030.vdocuments.mx/reader030/viewer/2022032605/56812c26550346895d90923d/html5/thumbnails/54.jpg)
54Estonian Winter School in Computer Science Kim G. Larsen UCb
Under-approximationBitstate Hashing
Passed
Waiting Final
Init
n,Z’
m,U
n,Z
Passed= Bitarray
1
0
1
0
0
1
UPPAAL 8 Mbits
HashfunctionF
![Page 55: Efficient Verification of Timed Automata Kim Guldstrand Larsen BRICS@Aalborg](https://reader030.vdocuments.mx/reader030/viewer/2022032605/56812c26550346895d90923d/html5/thumbnails/55.jpg)
55Estonian Winter School in Computer Science Kim G. Larsen UCb
Bitstate Hashing
INITIAL Passed := Ø; Waiting := {(n0,Z0)}
REPEAT - pick (n,Z) in Waiting - if for some Z’ Z (n,Z’) in Passed thenthen STOPSTOP - else /explore/ add
{ (m,U) : (n,Z) => (m,U) } to Waiting; Add (n,Z) to Passed
UNTIL Waiting = Ø or Final is in Waiting
INITIAL Passed := Ø; Waiting := {(n0,Z0)}
REPEAT - pick (n,Z) in Waiting - if for some Z’ Z (n,Z’) in Passed thenthen STOPSTOP - else /explore/ add
{ (m,U) : (n,Z) => (m,U) } to Waiting; Add (n,Z) to Passed
UNTIL Waiting = Ø or Final is in Waiting
Passed(F(n,Z)) = 1
Passed(F(n,Z)) := 1
![Page 56: Efficient Verification of Timed Automata Kim Guldstrand Larsen BRICS@Aalborg](https://reader030.vdocuments.mx/reader030/viewer/2022032605/56812c26550346895d90923d/html5/thumbnails/56.jpg)
56
Distributed Implementationof UPPAALUPPAAL
Gerd Behrmann, Thomas Hune,Frits Vandraager CAV2k
![Page 57: Efficient Verification of Timed Automata Kim Guldstrand Larsen BRICS@Aalborg](https://reader030.vdocuments.mx/reader030/viewer/2022032605/56812c26550346895d90923d/html5/thumbnails/57.jpg)
57Estonian Winter School in Computer Science Kim G. Larsen UCb
Distributing UPPAALUPPAAL
P
W
Gerd Behrmann, Thomas Hune,Frits Vandraager CAV2k
![Page 58: Efficient Verification of Timed Automata Kim Guldstrand Larsen BRICS@Aalborg](https://reader030.vdocuments.mx/reader030/viewer/2022032605/56812c26550346895d90923d/html5/thumbnails/58.jpg)
58Estonian Winter School in Computer Science Kim G. Larsen UCb
Distributing UPPAALUPPAAL
P
W
Gerd Behrmann, Thomas Hune,Frits Vandraager CAV2k
P1
W1
P2
W2
P4
W4
P3
W3
Passedstructuredistributed
Passedstructuredistributed
![Page 59: Efficient Verification of Timed Automata Kim Guldstrand Larsen BRICS@Aalborg](https://reader030.vdocuments.mx/reader030/viewer/2022032605/56812c26550346895d90923d/html5/thumbnails/59.jpg)
59Estonian Winter School in Computer Science Kim G. Larsen UCb
Distributing UPPAALUPPAAL Gerd Behrmann, Thomas Hune,Frits Vandraager CAV2k
P1
W1
P2
W2
P4
W4
P3
W3
Passedstructuredistributed
Passedstructuredistributed
Check in local Passedlist.If not present save,explore and distribute ...
Check in local Passedlist.If not present save,explore and distribute ...
? MPI
![Page 60: Efficient Verification of Timed Automata Kim Guldstrand Larsen BRICS@Aalborg](https://reader030.vdocuments.mx/reader030/viewer/2022032605/56812c26550346895d90923d/html5/thumbnails/60.jpg)
60Estonian Winter School in Computer Science Kim G. Larsen UCb
Distributing UPPAALUPPAAL Gerd Behrmann, Thomas Hune,Frits Vandraager CAV2k
P1
W1
P2
W2
P4
W4
P3
W3
Passedstructuredistributed
Passedstructuredistributed
?
Implemented usingMPI
on SUN Interprise 10000Beowulf cluster
Implemented usingMPI
on SUN Interprise 10000Beowulf cluster
Check in local Passedlist.If not present save,explore and distribute ...
Check in local Passedlist.If not present save,explore and distribute ...
![Page 61: Efficient Verification of Timed Automata Kim Guldstrand Larsen BRICS@Aalborg](https://reader030.vdocuments.mx/reader030/viewer/2022032605/56812c26550346895d90923d/html5/thumbnails/61.jpg)
61Estonian Winter School in Computer Science Kim G. Larsen UCb
Performance
DACAPODACAPO
T(n)T(1)
SUN Interprise 10000Shared Memory 12GB Ram24 333Mhz CPU’s
![Page 62: Efficient Verification of Timed Automata Kim Guldstrand Larsen BRICS@Aalborg](https://reader030.vdocuments.mx/reader030/viewer/2022032605/56812c26550346895d90923d/html5/thumbnails/62.jpg)
62Estonian Winter School in Computer Science Kim G. Larsen UCb
Performance
FullState SpaceGeneration
FullState SpaceGeneration
Super-linearSpeed-up
SUN Interprise 10000Shared Memory 12GB Ram24 333Mhz CPU’s
![Page 63: Efficient Verification of Timed Automata Kim Guldstrand Larsen BRICS@Aalborg](https://reader030.vdocuments.mx/reader030/viewer/2022032605/56812c26550346895d90923d/html5/thumbnails/63.jpg)
63Estonian Winter School in Computer Science Kim G. Larsen UCb
Performance
ShortestPath
Buscoupler
SUN Interprise 10000Shared Memory 12GB Ram24 333Mhz CPU’s
![Page 64: Efficient Verification of Timed Automata Kim Guldstrand Larsen BRICS@Aalborg](https://reader030.vdocuments.mx/reader030/viewer/2022032605/56812c26550346895d90923d/html5/thumbnails/64.jpg)
64Estonian Winter School in Computer Science Kim G. Larsen UCb
Performance
T(n)n
Linux Beowulf -- alpha clusterDistributed Memory 10 450 Mhz CPU/5 machines
![Page 65: Efficient Verification of Timed Automata Kim Guldstrand Larsen BRICS@Aalborg](https://reader030.vdocuments.mx/reader030/viewer/2022032605/56812c26550346895d90923d/html5/thumbnails/65.jpg)
65
Compositionality &Abstraction
![Page 66: Efficient Verification of Timed Automata Kim Guldstrand Larsen BRICS@Aalborg](https://reader030.vdocuments.mx/reader030/viewer/2022032605/56812c26550346895d90923d/html5/thumbnails/66.jpg)
66Estonian Winter School in Computer Science Kim G. Larsen UCb
The State Explosion Problem
a
cb
a
cb
a
cb
a
cb
a
cb
a
cb
a
cb
a
cb
sat
Model-checking is either EXPTIME-complete or PSPACE-complete
(for TA’s this is true even for a single TA)
Model-checking is either EXPTIME-complete or PSPACE-complete
(for TA’s this is true even for a single TA)
Sys
![Page 67: Efficient Verification of Timed Automata Kim Guldstrand Larsen BRICS@Aalborg](https://reader030.vdocuments.mx/reader030/viewer/2022032605/56812c26550346895d90923d/html5/thumbnails/67.jpg)
67Estonian Winter School in Computer Science Kim G. Larsen UCb
Abstraction
satSys AbsSys satAbs
a
cb
a
cb
a
cb
a
cb
a
cb
a
cb
a
cb
a
cb
sat
Sys
1 2
43 sat
Abs
REDUCE TO Preserving safetyproperties
![Page 68: Efficient Verification of Timed Automata Kim Guldstrand Larsen BRICS@Aalborg](https://reader030.vdocuments.mx/reader030/viewer/2022032605/56812c26550346895d90923d/html5/thumbnails/68.jpg)
68Estonian Winter School in Computer Science Kim G. Larsen UCb
Compositionality
AbsSysAbsAbs |Abs
Abs Sys
Abs Sys
21
22
11
a
cb
a
cb
a
cb
a
cb
a
cb
a
cb
a
cb
a
cb
Sys
1 2
43
1 2
43
Sys1 Sys2
Abs1 Abs2
2121
22
11
Abs |AbsSys |Sys Abs Sys
Abs Sys
![Page 69: Efficient Verification of Timed Automata Kim Guldstrand Larsen BRICS@Aalborg](https://reader030.vdocuments.mx/reader030/viewer/2022032605/56812c26550346895d90923d/html5/thumbnails/69.jpg)
69Estonian Winter School in Computer Science Kim G. Larsen UCb
Timed Simulation
R)t',(s' st. t't
then s's if -
R)t',(s' st. t't
then s's if -
then Rt)(s,Whenever b)
R)t,(s a)
s.t. StStR
relation a is there if TT
a
a
00
21
21
)(
)(
de
de
R)t',(s' st. t't
then s's if -
R)t',(s' st. t't
then s's if -
then Rt)(s,Whenever b)
R)t,(s a)
s.t. StStR
relation a is there if TT
a
a
00
21
21
)(
)(
de
de
)Test(T ||Tfor question
ty reachabili a to reduced bemay
TT then cdetermisti is T If *
decidable is *
ncompositio parallelby preserved is *
propertiessafety preserves *
21
212
)Test(T ||Tfor question
ty reachabili a to reduced bemay
TT then cdetermisti is T If *
decidable is *
ncompositio parallelby preserved is *
propertiessafety preserves *
21
212
UPPAALUPPAAL
![Page 70: Efficient Verification of Timed Automata Kim Guldstrand Larsen BRICS@Aalborg](https://reader030.vdocuments.mx/reader030/viewer/2022032605/56812c26550346895d90923d/html5/thumbnails/70.jpg)
70Estonian Winter School in Computer Science Kim G. Larsen UCb
R)t',(s' st. t't
then s's if -
R)t',(s' st. t't
then s's if -
then Rt)(s,Whenever b)
R)t,(s a)
s.t. StStR
relation a is there if TT
a
a
00
21
21
)(
)(
de
de
R)t',(s' st. t't
then s's if -
R)t',(s' st. t't
then s's if -
then Rt)(s,Whenever b)
R)t,(s a)
s.t. StStR
relation a is there if TT
a
a
00
21
21
)(
)(
de
de
Timed Simulation
)Test(T ||Tfor question
ty reachabili a to reduced bemay
TT then cdetermisti is T If *
decidable is *
ncompositio parallelby preserved is *
propertiessafety preserves *
21
212
)Test(T ||Tfor question
ty reachabili a to reduced bemay
TT then cdetermisti is T If *
decidable is *
ncompositio parallelby preserved is *
propertiessafety preserves *
21
212
UPPAALUPPAAL
Applied to
IEEE 1394a Root contention protocol (Simons, Stoelinga)
B&O Power Down Protocol (Ejersbo, Larsen, Skou, FTRTFT2k)
Modifications identified
when urgency
and shared integers
![Page 71: Efficient Verification of Timed Automata Kim Guldstrand Larsen BRICS@Aalborg](https://reader030.vdocuments.mx/reader030/viewer/2022032605/56812c26550346895d90923d/html5/thumbnails/71.jpg)
71
END