UCb Symbolic Reachability and Beyound or how UPPAAL really works Kim Guldstrand Larsen

Slides:



Advertisements
Similar presentations
Clocked Mazurkiewicz Traces and Partial Order Reductions for Timed Automata D. Lugiez, P. Niebert, S. Zennou Laboratoire d Informatique Fondamentale de.
Advertisements

McGill University School of Computer Science COMP 763 Ph.D. Student in the Modelling, Simulation and Design Lab Eugene Syriani 1.
Timed Automata Rajeev Alur University of Pennsylvania SFM-RT, Bertinoro, Sept 2004.
UCb Kim Guldstrand Larsen Symbolic Model Checking …and Verification Options How UPPAAL really works & How to make UPPAAL really work.
Real-Time Systems, DTU, Feb 15, 2000 Paul Pettersson, BRICS, Aalborg, Denmark. Timed Automata and Timed Computation Tree Logic Paul Pettersson
Real-Time Systems, DTU, Feb 29, 2000 Paul Pettersson, BRICS, Aalborg, Denmark. UPPAAL’s Modeling and Specification Language & Philips Bounded Retransmission.
Dependable Embedded Software Systems Kim Guldstrand Larsen UCb.
1 Logics & Preorders from logic to preorder – and back Kim Guldstrand Larsen Paul PetterssonMogens Nielsen
nearly Formal Methods Automatic Validation and Verification Tools
Formal methods & Tools UCb CUPPAAL CUPPAAL Efficient Minimum-Cost Reachability for Linearly Priced Timed Automata Gerd Behrman, Ed Brinksma, Ansgar Fehnker,
Solving Timed Games with Variable Observations: Proof of Concept Peter Bulychev Franck Cassez Alexandre David Kim G. Larsen Jean-François Raskin Pierre-Alain.
UPPAAL Introduction Chien-Liang Chen.
Hybrid Systems Presented by: Arnab De Anand S. An Intuitive Introduction to Hybrid Systems Discrete program with an analog environment. What does it mean?
Timed Automata.
UPPAAL T-shirt to (identifiable)
Introduction to Uppaal ITV Multiprogramming & Real-Time Systems Anders P. Ravn Aalborg University May 2009.
Modelling and Analysis of Real Time Systems Kim Guldstrand Larsen UPPAAL2k using UPPAAL2k.
UPPAAL Andreas Hadiyono Arrummaisha Adrifina Harya Iswara Aditya Wibowo Juwita Utami Putri.
CSE 522 UPPAAL – A Model Checking Tool Computer Science & Engineering Department Arizona State University Tempe, AZ Dr. Yann-Hang Lee
ESE601: Hybrid Systems Some tools for verification Spring 2006.
Verification of Hybrid Systems An Assessment of Current Techniques Holly Bowen.
Compatibility between shared variable valuations in timed automaton network model- checking Zhao Jianhua, Zhou Xiuyi, Li Xuandong, Zheng Guoliang Presented.
Hybrid Approach to Model-Checking of Timed Automata DAT4 Project Proposal Supervisor: Alexandre David.
Digital Logic Design Lecture 27.
CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur
Specification and Verification of Trustworthy Component-Based Real-Time Reactive Systems Presented by: Mubarak Mohammad Authors: Vasu Alagar and Mubarak.
Reachability, Schedulability and Optimality
1 Modelling and Validation of Real Time Systems Kim Guldstrand Larsen Paul Pettersson
Reachability Analysis for Some Models of Infinite-State Transition Systems Oscar H. Ibarra, Tevfik Bultan, and Jianwen Su Department of Computer Science.
EECE Hybrid and Embedded Systems: Computation T. John Koo, Ph.D. Institute for Software Integrated Systems Department of Electrical Engineering and.
Sanjit A. Seshia and Randal E. Bryant Computer Science Department
CaV 2003 CbCb 1 Concurrency and Verification What? Why? How?
Assertions in OpenVera Assertions check for the occurrence of sequences during simulation Sequence is an ordered (maybe timed) series of boolean events.
Reasoning about Timed Systems Using Boolean Methods Sanjit A. Seshia EECS, UC Berkeley Joint work with Randal E. Bryant (CMU) Kenneth S. Stevens (Intel,
1 Verification Options & Beyond Reachability or how to make UPPAAL perform better and more Kim Guldstrand Larsen
Timing analysis of an SDL subset in UPPAAL Anders Hessel Institution of Information Technology Department of Computer Systems Uppsala University M.Sc.
1 Efficient Verification of Timed Automata Kim Guldstrand Larsen Paul PetterssonMogens Nielsen
UCb Kim G. Larsen Arne Skou & Peter Koch Anders Brødløs Henrik Schiøler Dynamic Voltage Scaling using Optimal Infinite Scheduling work in progress POTENTIAL.
ECE/CS 584: Hybrid Automaton Modeling Framework Executions, Reach set, Invariance Lecture 03 Sayan Mitra.
Timed UML State Machines Ognyana Hristova Tutor: Priv.-Doz. Dr. Thomas Noll June, 2007.
UPPAAL Ghaith Haddad. Introduction UPPAAL is a tool for modeling, validation and verification of real-time systems. Appropriate for systems that can be.
ULB, November 2004 As cheap as possible: Linearly Priced Timed Automata Gerd Behrmann, Ed Brinksma, Ansgar Fehnker, Thomas Hune, Kim Larsen, Paul Pettersson,
Transformation of Timed Automata into Mixed Integer Linear Programs Sebastian Panek.
1 Timed and Hybrid Systems in UPPAAL2k Kim Guldstrand Larsen Paul Pettersson &
Henrik Schiøler Konstruktion, modellering og validering af sikkerhedskritiske SW systemer.
Lecture51 Timed Automata II CS 5270 Lecture 5.
Lecture 81 Regional Automaton CS 5270 Lecture 8. Lecture 82 What We Need to Do Problem: –We need to analyze the timed behavior of a TTS. –The timed behavior.
CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur
Lecture 81 Optimizing CTL Model checking + Model checking TCTL CS 5270 Lecture 9.
Synchronous Protocol Automata. Formal definitions Definition 1 A synchronous protocol automaton P is defined as a tuple (Q,S,D,V,A,->,clk,q0,qf) Channels.
1 Model Checking of of Timed Systems Rajeev Alur University of Pennsylvania.
Analysis and Synthesis of Synchronous Sequential Circuits A “synchronizing” pulse/edge signal (clock) controls the operation of the memory portion of the.
Event-Clock Visibly Pushdown Automata Mizuhito Ogawa (JAIST) with Nguyen Van Tang SOFSEM
CEC 220 Digital Circuit Design Mealy and Moore State Machines Friday, March 27 CEC 220 Digital Circuit Design Slide 1 of 16.
ECE/CS 584: Verification of Embedded Computing Systems Model Checking Timed Automata Sayan Mitra Lecture 09.
Toward Unbounded Model Checking for Region Automata Fang Yu, Bow-Yaw Wang Institute of Information Science Academia Sinica, Taiwan.
ECE/CS 584: Verification of Embedded Computing Systems Timed to Hybrid Automata Sayan Mitra (edited by Yu Wang) Lecture 10.
TESTCOM/FATES Test Plan Generation for Concurrent Real-Time Systems based on Zone Coverage Analysis Farn Wang Dept. of Electrical Eng. National Taiwan.
CENG 241 Digital Design 1 Lecture 7 Amirali Baniasadi
CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur
CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur
UPPAAL Real-Time Systems Lab. Seolyoung, Jeong.
The Time-abstracting Bisimulation Equivalence  on TA states: Preserve discrete state changes. Abstract exact time delays. s1s2 s3  a s4  a 11 s1s2.
SS 2017 Software Verification Timed Automata
Timed Automata II CS 5270 Lecture Lecture5.
Instructor: Rajeev Alur
On Using Linearly Priced Timed Automata for Flow Analysis
Timed Automata Formal Systems Pallab Dasgupta Professor,
CSE322 NDFA WITH NULL MOVES AND REGULAR EXPRESSION
Course: CS60030 FORMAL SYSTEMS
Presentation transcript:

UCb Symbolic Reachability and Beyound or how UPPAAL really works Kim Guldstrand Larsen

DTU March 7, 2002.Kim G. Larsen UCb 2 Timed Automata n m a Alur & Dill 1990 Clocks: x, y x 3 x := 0 Guard Boolean combination of integer bounds on clocks and clock-differences. Reset Action perfomed on clocks Transitions ( n, x=2.4, y= ) ( n, x=3.5, y= ) e(1.1) ( n, x=2.4, y= ) ( m, x=0, y= ) a State ( location, x=v, y=u ) where v,u are in R Action used for synchronization

DTU March 7, 2002.Kim G. Larsen UCb 3 n m a Clocks: x, y x 3 x := 0 Transitions ( n, x=2.4, y= ) ( n, x=3.5, y= ) e(1.1) ( n, x=2.4, y= ) e(3.2) x<=5 y<=10 Location Invariants g1 g2 g3 g4 Timed Automata Invariants Invariants ensure progress!!

DTU March 7, 2002.Kim G. Larsen UCb 4 A1 B1 CS1 V:=1V=1 A2 B2 CS2 V:=2V=2 Init V=1 2 ´´ V Criticial Section Fischer’s Protocol analysis using zones Y<10 X:=0 Y:=0 X>10 Y>10 X<10

UCb THE UPPAAL ENGINE Symbolic Reachability Checking

DTU March 7, 2002.Kim G. Larsen UCb 6 Zones From infinite to finite State (n, x=3.2, y=2.5 ) x y x y Symbolic state (set ) (n, ) Zone: conjunction of x-y n

DTU March 7, 2002.Kim G. Larsen UCb 7 Symbolic Transitions n m x>3 y:=0 delays to conjuncts to projects to x y 1<=x<=4 1<=y<=3 x y 1<=x, 1<=y -2<=x-y<=3 x y 3<x, 1<=y -2<=x-y<=3 3<x, y=0 x y Thus (n,1 (m,3<x, y=0) a

DTU March 7, 2002.Kim G. Larsen UCb 8 A1 B1 CS1 V:=1V=1 A2 B2 CS2 V:=2V=2 Init V=1 2 ´´ V Criticial Section Fischer’s Protocol analysis using zones Y<10 X:=0 Y:=0 X>10 Y>10 X<10

DTU March 7, 2002.Kim G. Larsen UCb 9 Fischers cont. B1 CS1 V:=1V=1 A2 B2 CS2 V:=2V=2 Y<10 X:=0 Y:=0 X>10 Y>10 X<10 A1,A2,v=1A1,B2,v=2A1,CS2,v=2B1,CS2,v=1CS1,CS2,v=1 Untimed case A1

DTU March 7, 2002.Kim G. Larsen UCb 10 Fischers cont. B1 CS1 V:=1V=1 A2 B2 CS2 V:=2V=2 Y<10 X:=0 Y:=0 X>10 Y>10 X<10 A1,A2,v=1A1,B2,v=2A1,CS2,v=2B1,CS2,v=1CS1,CS2,v=1 Untimed case Taking time into account X Y A1

DTU March 7, 2002.Kim G. Larsen UCb 11 Fischers cont. B1 CS1 V:=1V=1 A2 B2 CS2 V:=2V=2 Y<10 X:=0 Y:=0 X>10 Y>10 X<10 A1,A2,v=1A1,B2,v=2A1,CS2,v=2B1,CS2,v=1CS1,CS2,v=1 Untimed case Taking time into account X Y A1 10 X Y

DTU March 7, 2002.Kim G. Larsen UCb 12 Fischers cont. B1 CS1 V:=1V=1 A2 B2 CS2 V:=2V=2 Y<10 X:=0 Y:=0 X>10 Y>10 X<10 A1,A2,v=1A1,B2,v=2A1,CS2,v=2B1,CS2,v=1CS1,CS2,v=1 Untimed case Taking time into account A1 10 X Y X Y

DTU March 7, 2002.Kim G. Larsen UCb 13 Fischers cont. B1 CS1 V:=1V=1 A2 B2 CS2 V:=2V=2 Y<10 X:=0 Y:=0 X>10 Y>10 X<10 A1,A2,v=1A1,B2,v=2A1,CS2,v=2B1,CS2,v=1CS1,CS2,v=1 Untimed case Taking time into account A1 10 X Y X Y X Y

DTU March 7, 2002.Kim G. Larsen UCb 14 Fischers cont. B1 CS1 V:=1V=1 A2 B2 CS2 V:=2V=2 Y<10 X:=0 Y:=0 X>10 Y>10 X<10 A1,A2,v=1A1,B2,v=2A1,CS2,v=2B1,CS2,v=1CS1,CS2,v=1 Untimed case Taking time into account A1 10 X Y X Y X Y

DTU March 7, 2002.Kim G. Larsen UCb 15 Forward Rechability Passed Waiting Final Init INITIAL Passed := Ø; Waiting := {(n0,Z0)} REPEAT - pick (n,Z) in Waiting - if for some Z’ Z (n,Z’) in Passed then STOP - else (explore) add { (m,U) : (n,Z) => (m,U) } to Waiting; Add (n,Z) to Passed UNTIL Waiting = Ø or Final is in Waiting Init -> Final ?

DTU March 7, 2002.Kim G. Larsen UCb 16 Forward Rechability Passed Waiting Final Init n,Z INITIAL Passed := Ø; Waiting := {(n0,Z0)} REPEAT - pick (n,Z) in Waiting - if for some Z’ Z (n,Z’) in Passed then STOP - else (explore) add { (m,U) : (n,Z) => (m,U) } to Waiting; Add (n,Z) to Passed UNTIL Waiting = Ø or Final is in Waiting n,Z’ Init -> Final ?

DTU March 7, 2002.Kim G. Larsen UCb 17 Forward Rechability Passed Waiting Final Init n,Z INITIAL Passed := Ø; Waiting := {(n0,Z0)} REPEAT - pick (n,Z) in Waiting - if for some Z’ Z (n,Z’) in Passed then STOP - else /explore/ add { (m,U) : (n,Z) => (m,U) } to Waiting; Add (n,Z) to Passed UNTIL Waiting = Ø or Final is in Waiting n,Z’ m,U Init -> Final ?

DTU March 7, 2002.Kim G. Larsen UCb 18 Forward Rechability Passed Waiting Final Init INITIAL Passed := Ø; Waiting := {(n0,Z0)} REPEAT - pick (n,Z) in Waiting - if for some Z’ Z (n,Z’) in Passed then STOP - else /explore/ add { (m,U) : (n,Z) => (m,U) } to Waiting; Add (n,Z) to Passed UNTIL Waiting = Ø or Final is in Waiting n,Z’ m,U n,Z Init -> Final ?

DTU March 7, 2002.Kim G. Larsen UCb 19 Canonical Dastructures for Zones Difference Bounded Matrices Bellman 1958, Dill 1989 x<=1 y-x<=2 z-y<=2 z<=9 x<=1 y-x<=2 z-y<=2 z<=9 x<=2 y-x<=3 y<=3 z-y<=3 z<=7 x<=2 y-x<=3 y<=3 z-y<=3 z<=7 D1 D2 Inclusion 0 x y z x y z ? ? Graph

DTU March 7, 2002.Kim G. Larsen UCb 20 Bellman 1958, Dill 1989 x<=1 y-x<=2 z-y<=2 z<=9 x<=1 y-x<=2 z-y<=2 z<=9 x<=2 y-x<=3 y<=3 z-y<=3 z<=7 x<=2 y-x<=3 y<=3 z-y<=3 z<=7 D1 D2 Inclusion 0 x y z Shortest Path Closure Shortest Path Closure 0 x y z x y z x y z Graph ? ? Canonical Dastructures for Zones Difference Bounded Matrices Canonical Form

DTU March 7, 2002.Kim G. Larsen UCb 21 Bellman 1958, Dill 1989 x<=1 y>=5 y-x<=3 x<=1 y>=5 y-x<=3 D Emptyness 0 y x Negative Cycle iff empty solution set Graph Canonical Dastructures for Zones Difference Bounded Matrices

DTU March 7, 2002.Kim G. Larsen UCb 22 1<= x <=4 1<= y <=3 1<= x <=4 1<= y <=3 D Future x y x y Future D 0 y x 4 3 Shortest Path Closure Remove upper bounds on clocks 1<=x, 1<=y -2<=x-y<=3 1<=x, 1<=y -2<=x-y<=3 y x y x Canonical Dastructures for Zones Difference Bounded Matrices

DTU March 7, 2002.Kim G. Larsen UCb 23 Canonical Dastructures for Zones Difference Bounded Matrices x y D 1<=x, 1<=y -2<=x-y<=3 1<=x, 1<=y -2<=x-y<=3 y x Remove all bounds involving y and set y to 0 x y {y}D y=0, 1<=x Reset y x 0 0 0

DTU March 7, 2002.Kim G. Larsen UCb 24 Improved Datastructures Compact Datastructure for Zones x1-x2<=4 x2-x1<=10 x3-x1<=2 x2-x3<=2 x0-x1<=3 x3-x0<=5 x1-x2<=4 x2-x1<=10 x3-x1<=2 x2-x3<=2 x0-x1<=3 x3-x0<=5 x1x2 x3x x1x2 x3x x1x2 x3x Shortest Path Closure O(n^3) Shortest Path Reduction O(n^3) 3 Canonical wrt = Space worst O(n^2) practice O(n) RTSS’97

DTU March 7, 2002.Kim G. Larsen UCb 25

DTU March 7, 2002.Kim G. Larsen UCb 26

DTU March 7, 2002.Kim G. Larsen UCb 27 v and w are both redundant Removal of one depends on presence of other. v and w are both redundant Removal of one depends on presence of other. Shortest Path Reduction 1st attempt Idea Problem w <=w An edge is REDUNDANT if there exists an alternative path of no greater weight THUS Remove all redundant edges! An edge is REDUNDANT if there exists an alternative path of no greater weight THUS Remove all redundant edges! w v Observation: If no zero- or negative cycles then SAFE to remove all redundancies. Observation: If no zero- or negative cycles then SAFE to remove all redundancies.

DTU March 7, 2002.Kim G. Larsen UCb 28 Shortest Path Reduction Solution G: weighted graph

DTU March 7, 2002.Kim G. Larsen UCb 29 Shortest Path Reduction Solution G: weighted graph 1. Equivalence classes based on 0-cycles. 2. Graph based on representatives. Safe to remove redundant edges

DTU March 7, 2002.Kim G. Larsen UCb 30 Shortest Path Reduction Solution G: weighted graph 1. Equivalence classes based on 0-cycles. 2. Graph based on representatives. Safe to remove redundant edges 3. Shortest Path Reduction = One cycle pr. class + Removal of redundant edges between classes

DTU March 7, 2002.Kim G. Larsen UCb 31 Earlier Termination Passed Waiting Final Init INITIAL Passed := Ø; Waiting := {(n0,Z0)} REPEAT - pick (n,Z) in Waiting - if for some Z’ Z (n,Z’) in Passed then STOP - else /explore/ add { (m,U) : (n,Z) => (m,U) } to Waiting; Add (n,Z) to Passed UNTIL Waiting = Ø or Final is in Waiting n,Z’ m,U n,Z Init -> Final ?

DTU March 7, 2002.Kim G. Larsen UCb 32 Earlier Termination Passed Waiting Final Init INITIAL Passed := Ø; Waiting := {(n0,Z0)} REPEAT - pick (n,Z) in Waiting - if for some Z’ Z (n,Z’) in Passed then STOP - else /explore/ add { (m,U) : (n,Z) => (m,U) } to Waiting; Add (n,Z) to Passed UNTIL Waiting = Ø or Final is in Waiting n,Z’ m,U n,Z Init -> Final ?

DTU March 7, 2002.Kim G. Larsen UCb 33 INITIAL Passed := Ø; Waiting := {(n0,Z0)} REPEAT - pick (n,Z) in Waiting - if for some (n,Z’) in Passed then STOP - else /explore/ add { (m,U) : (n,Z) => (m,U) } to Waiting; Add (n,Z) to Passed UNTIL Waiting = Ø or Final is in Waiting Earlier Termination Passed Waiting Final Init n,Z k m,U n,Z Init -> Final ? n,Z 1 n,Z 2

DTU March 7, 2002.Kim G. Larsen UCb 34 Clock Difference Diagrams = Binary Decision Diagrams + Difference Bounded Matrices CDD-representations CAV99 zNodes labeled with differences zMaximal sharing of substructures (also across different CDDs) zMaximal intervals zLinear-time algorithms for set-theoretic operations. zNDD’s Maler et. al zDDD’s Møller, Lichtenberg

DTU March 7, 2002.Kim G. Larsen UCb 35

DTU March 7, 2002.Kim G. Larsen UCb 36

UCb Beyond Reachability - Bounded Liveness - (Bi) simulations

DTU March 7, 2002.Kim G. Larsen UCb 38 Logical Formulas Safety Properties: F ::=A[ ] P | E <> P Always P P ::= Proc.l | x = n | v = n | x<=n | x<n | P and P | not P | P or P | P imply P Possibly P where atomic properties Process Proc at location l clock comparison boolean combinations

DTU March 7, 2002.Kim G. Larsen UCb 39 Train Crossing River Crossing Gate Stopable Area [10,20] [7,15] Queue [3,5] appr, stop leave go empty nonempty hd, add,rem el Communication via channels and shared variable.

DTU March 7, 2002.Kim G. Larsen UCb 40 Beyound Safety Decoration TACAS98a l n Leadsto: Whenever l is reached then n is reached with t l n Decoration new clock X boolean B X:=0 B:=tt B:=ff A[] (B implies x<=t)

DTU March 7, 2002.Kim G. Larsen UCb 41 Beyond Safety Test automata TACAS98b l n l n a! b! a? x:=0 x<=t x==tb? b urgent! A[] (not T.BAD) BAD T S S

DTU March 7, 2002.Kim G. Larsen UCb 42 Timed Bisimulation Wang’91

DTU March 7, 2002.Kim G. Larsen UCb 43 Timed Simulation

DTU March 7, 2002.Kim G. Larsen UCb 44 Examples

DTU March 7, 2002.Kim G. Larsen UCb 45 Abstraction & Compositionality dealing w stateexplosion a cb a cb a cb a cb a cb a cb a cb a cb Concrete Abstract simulation

DTU March 7, 2002.Kim G. Larsen UCb 46 Abstraction Example a1a2a3a4a5 a b

DTU March 7, 2002.Kim G. Larsen UCb 47 Example Continued abstracted by

DTU March 7, 2002.Kim G. Larsen UCb 48 Proving abstractions using reachability A[] not TestAbstPoP1.BAD Recognizes all the BAD computations of PoP1

UCb

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.