Timed UML State Machines Ognyana Hristova Tutor: Priv.-Doz. Dr. Thomas Noll June, 2007
Contents Introduction UML model “Generalised Railroad Crossing” problem Class diagrams State machines Collaborations Timed automata UML Collaboration in UPPAAL Verification Summary
Introduction Present the UML model using “Generalised Railroad Crossing” case study Class diagrams State machines and their verification Collaborations We show what is a tamed automaton and its representation in UPPAAL We show how represent the UML collaborations in UPPAAL
Contents Introduction UML model “Generalised Railroad Crossing” problem Class diagrams State machines Collaborations Timed automata UML Collaboration in UPPAAL Verification Summary
UML model Unified Modeling Language (UML) is a modeling language for specifying, visualizing, constructing, and documenting models of discrete event systems and models of software systems. defines several different structural and behavioral diagram types. For modeling real-time systems especially the behavioral diagrams are important include the dynamic system properties and timing information
Contents Introduction UML model “Generalised Railroad Crossing” problem Class diagrams State machines Collaborations Timed automata UML Collaboration in UPPAAL Verification Summary
UML model “Generalised Railroad Crossing” problem the critical section is guarded by two sensors for each track (entry and exit sensors) for every track at most one train passes the critical section whenever the gate is occupied, the gate must be closed (safety property) when the gate initiates opening, it must become fully open and must stay open for a certain period (utility property) GRS is a railway control system which controls access to a gate, which is for several railroad tracks lies, in a critical section of the tracks.
UML model “Generalised Railroad Crossing” problem Where: t a ( T a ) - minimal (maximal) time a train may take to pass the distance between A and D t g ( T g ) – minimal (maximal) time a train may take to pass the gate g u ( g d ) -a time for that the gate bars go up (down) from fully closed (open) to fully open (closed) GRS with timing annotation: (part 1) entry sensorexit sensor
UML model “Generalised Railroad Crossing” problem Where: g o - the minimal period the gate has to stay open = g d + Δ ( = g u + g o + Δ) - the time before that gate must initiate closing (open) Δ < t a - - GRS with timing annotation: (part 2) entry sensorexit sensor
Contents Introduction UML model “Generalised Railroad Crossing” problem Class diagrams State machines Collaborations Timed automata UML Collaboration in UPPAAL Verification Summary
UML model Class diagrams The class diagram shows the static structures of the system: -id : int define interfaces of participating objects specify attributes, methods, and associations (communication links) behavior will be defined by associated state machines
Contents Introduction UML model “Generalised Railroad Crossing” problem Class diagrams State machines Collaborations Timed automata UML Collaboration in UPPAAL Verification Summary
UML model State machines The state machine diagrams are used to detail the transitions or changes of state an object can go through in the system. In general they describe the dynamics. Gate behavior:
UML model State machines Track behavior: Where notation is: guard/action “^” means output
UML model State machines Control state machine:
Contents Introduction UML model “Generalised Railroad Crossing” problem Class diagrams State machines Collaborations Timed automata UML Collaboration in UPPAAL Verification Summary
UML model Collaborations Collaborations emphasize the structure of relationships between entities. They describe the flow of messages (calls) between objects. Safe behavior:
UML model Collaborations Erroneous behavior: utility property It is impossible that after the gate received an open signal, a close signal arrives before at least time g u + g o has elapsed Timed state machines are compiled into timed automata that exchange signals and operations.
Contents Introduction UML model “Generalised Railroad Crossing” problem Class diagrams State machines Collaborations Timed automata UML Collaboration in UPPAAL Verification Summary
Timed automata A timed automaton is a non-deterministic finite-state machine extended with clock variables. Definition: Timed Automaton. A timed automaton is a tuple (L, l 0, C, A, E, I), where: L is a set of locations l 0 is the initial location C is the set of clocks A is a set of actions, call actions and the internal –action E is a set of edges between locations with an action, a guard and a set of clocks to be reset I assigns invariants to locations
Timed automata Restriction of general concept of timed automata in UPPAAL: Expressions in UPPAAL modelling language range over clocks and integer variables. States may be associated with invariants of the form x ~ c where x is a clock, c is an integer constant, and ~ {<,≤}.
Timed automata Transitions between states are labelled with triples (gd, sy, ac) where gd represents the guard of the transition, expressed as a conjunction of timing constraints x ~ c or x – y ~ c and ~ { } is a binary relation. sy is a (possibly void) synchronization annotation of the form a! or a? that denotes an offer or an acceptance to synchronize over the channel a, and ac is a set of reset operations x := c on clocks.
Timed automata The UPPAAL modeling language uses timed automata with the following features: the state of a system of timed automata consists of the control state, a valuation of the clocks and variables for each automaton. runs of timed automata are infinite sequences of system states that satisfy the invariants, separated by actions that represent either the passage of time or the execution of transitions. a transition can be fired only if its guard evaluates to true in the current system state.
Timed automata if the transition carries a synchronization annotation of the form a? or a! then some corresponding transition (labelled by a! or a?) of some other timed automaton has to be fired at the same time. resulting system state is obtained by updating the control states of the timed automata involved in the transition, and by updating the valuation by resetting clocks and assigning values to variables.
Timed automata A simple lamp example:
Contents Introduction UML model “Generalised Railroad Crossing” problem Class diagrams State machines Collaborations Timed automata UML Collaboration in UPPAAL Verification Summary
UML Collaboration in UPPAAL Collaborations are compiled into observer automata that may synchronize on the messages exchanged between the interacting instances. Collaborations are incomplete specifications of possible system runs where arbitrary message exchange may occur between the explicitly specified messages. Each message m is represented by an UPPAAL channel mRcvd. A constraint of the form v – u ~ c is associated with a clock x vu
UML Collaboration in UPPAAL Each state of the observer UPPAAL timed automaton checks either the occurrence of a reception of a stimulus according to the order of the collaboration or the violation of a timing constraint If the reception of message m is annotated by u for a timing constraint v – u ~ c the clock x vu is initialised when a stimulus for m is successfully registered If the reception of message m is annotated by v for a timing constraint v – u ~ c, there are two transitions: ( x vu ~ c) leads to an error state
UML Collaboration in UPPAAL ( x vu ~ c) enables the remaining messages Observer UPPAAL timed automata for utility property:
Contents Introduction UML model “Generalised Railroad Crossing” problem Class diagrams State machines Collaborations Timed automata UML Collaboration in UPPAAL Verification Summary
Verification Safety property for the GRS case study fails due to race condition between messages
Contents Introduction UML model “Generalised Railroad Crossing” problem Class diagrams State machines Collaborations Timed automata UML Collaboration in UPPAAL Verification Summary
The essential role in the process of building software system belongs to the design process. The designers use Unified Modeling Language The state machine diagrams are special type of diagram in UML. They are used to detail the transitions or changes of state an object can go through in the system. In general they describe the dynamics.
Thanks!