Presentation is loading. Please wait.

Presentation is loading. Please wait.

UCb Kim Guldstrand Larsen Symbolic Model Checking …and Verification Options How UPPAAL really works & How to make UPPAAL really work.

Published byLeonel Hucker Modified over 10 years ago

Similar presentations

Presentation on theme: "UCb Kim Guldstrand Larsen Symbolic Model Checking …and Verification Options How UPPAAL really works & How to make UPPAAL really work."— Presentation transcript:

1 UCb Kim Guldstrand Larsen BRICS@Aalborg Symbolic Model Checking …and Verification Options How UPPAAL really works & How to make UPPAAL really work

2 UCb IDA foredrag 20.4.99 THE UPPAAL ENGINE Symbolic Reachability Checking

3 TOV 2002, Lektion 3.Kim G. Larsen UCb 3 Zones From infinite to finite State (n, x=3.2, y=2.5 ) x y x y Symbolic state (set ) (n, ) Zone: conjunction of x-y n

4 TOV 2002, Lektion 3.Kim G. Larsen UCb 4 Symbolic Transitions n m x>3 y:=0 delays to conjuncts to projects to x y 1<=x<=4 1<=y<=3 x y 1<=x, 1<=y -2<=x-y<=3 x y 3<x, 1<=y -2<=x-y<=3 3<x, y=0 x y Thus (n,1 (m,3<x, y=0) a

5 TOV 2002, Lektion 3.Kim G. Larsen UCb 5 A1 B1 CS1 V:=1V=1 A2 B2 CS2 V:=2V=2 Init V=1 2 ´´ V Criticial Section Fischer’s Protocol analysis using zones Y<10 X:=0 Y:=0 X>10 Y>10 X<10

6 TOV 2002, Lektion 3.Kim G. Larsen UCb 6 Fischers cont. B1 CS1 V:=1V=1 A2 B2 CS2 V:=2V=2 Y<10 X:=0 Y:=0 X>10 Y>10 X<10 A1,A2,v=1A1,B2,v=2A1,CS2,v=2B1,CS2,v=1CS1,CS2,v=1 Untimed case A1

7 TOV 2002, Lektion 3.Kim G. Larsen UCb 7 Fischers cont. B1 CS1 V:=1V=1 A2 B2 CS2 V:=2V=2 Y<10 X:=0 Y:=0 X>10 Y>10 X<10 A1,A2,v=1A1,B2,v=2A1,CS2,v=2B1,CS2,v=1CS1,CS2,v=1 Untimed case Taking time into account X Y A1

8 TOV 2002, Lektion 3.Kim G. Larsen UCb 8 Fischers cont. B1 CS1 V:=1V=1 A2 B2 CS2 V:=2V=2 Y<10 X:=0 Y:=0 X>10 Y>10 X<10 A1,A2,v=1A1,B2,v=2A1,CS2,v=2B1,CS2,v=1CS1,CS2,v=1 Untimed case Taking time into account X Y A1 10 X Y

9 TOV 2002, Lektion 3.Kim G. Larsen UCb 9 Fischers cont. B1 CS1 V:=1V=1 A2 B2 CS2 V:=2V=2 Y<10 X:=0 Y:=0 X>10 Y>10 X<10 A1,A2,v=1A1,B2,v=2A1,CS2,v=2B1,CS2,v=1CS1,CS2,v=1 Untimed case Taking time into account A1 10 X Y X Y

10 TOV 2002, Lektion 3.Kim G. Larsen UCb 10 Fischers cont. B1 CS1 V:=1V=1 A2 B2 CS2 V:=2V=2 Y<10 X:=0 Y:=0 X>10 Y>10 X<10 A1,A2,v=1A1,B2,v=2A1,CS2,v=2B1,CS2,v=1CS1,CS2,v=1 Untimed case Taking time into account A1 10 X Y X Y X Y

11 TOV 2002, Lektion 3.Kim G. Larsen UCb 11 Fischers cont. B1 CS1 V:=1V=1 A2 B2 CS2 V:=2V=2 Y<10 X:=0 Y:=0 X>10 Y>10 X<10 A1,A2,v=1A1,B2,v=2A1,CS2,v=2B1,CS2,v=1CS1,CS2,v=1 Untimed case Taking time into account A1 10 X Y X Y X Y

12 TOV 2002, Lektion 3.Kim G. Larsen UCb 12 Forward Rechability Passed Waiting Final Init INITIAL Passed := Ø; Waiting := {(n0,Z0)} REPEAT - pick (n,Z) in Waiting - if for some Z’ Z (n,Z’) in Passed then STOP - else (explore) add { (m,U) : (n,Z) => (m,U) } to Waiting; Add (n,Z) to Passed UNTIL Waiting = Ø or Final is in Waiting Init -> Final ?

13 TOV 2002, Lektion 3.Kim G. Larsen UCb 13 Forward Rechability Passed Waiting Final Init n,Z INITIAL Passed := Ø; Waiting := {(n0,Z0)} REPEAT - pick (n,Z) in Waiting - if for some Z’ Z (n,Z’) in Passed then STOP - else (explore) add { (m,U) : (n,Z) => (m,U) } to Waiting; Add (n,Z) to Passed UNTIL Waiting = Ø or Final is in Waiting n,Z’ Init -> Final ?

14 TOV 2002, Lektion 3.Kim G. Larsen UCb 14 Forward Rechability Passed Waiting Final Init n,Z INITIAL Passed := Ø; Waiting := {(n0,Z0)} REPEAT - pick (n,Z) in Waiting - if for some Z’ Z (n,Z’) in Passed then STOP - else /explore/ add { (m,U) : (n,Z) => (m,U) } to Waiting; Add (n,Z) to Passed UNTIL Waiting = Ø or Final is in Waiting n,Z’ m,U Init -> Final ?

15 TOV 2002, Lektion 3.Kim G. Larsen UCb 15 Forward Rechability Passed Waiting Final Init INITIAL Passed := Ø; Waiting := {(n0,Z0)} REPEAT - pick (n,Z) in Waiting - if for some Z’ Z (n,Z’) in Passed then STOP - else /explore/ add { (m,U) : (n,Z) => (m,U) } to Waiting; Add (n,Z) to Passed UNTIL Waiting = Ø or Final is in Waiting n,Z’ m,U n,Z Init -> Final ?

16 TOV 2002, Lektion 3.Kim G. Larsen UCb 16 Canonical Dastructures for Zones Difference Bounded Matrices Bellman 1958, Dill 1989 x<=1 y-x<=2 z-y<=2 z<=9 x<=1 y-x<=2 z-y<=2 z<=9 x<=2 y-x<=3 y<=3 z-y<=3 z<=7 x<=2 y-x<=3 y<=3 z-y<=3 z<=7 D1 D2 Inclusion 0 x y z 12 2 9 0 x y z 23 3 7 3 ? ? Graph

17 TOV 2002, Lektion 3.Kim G. Larsen UCb 17 Bellman 1958, Dill 1989 x<=1 y-x<=2 z-y<=2 z<=9 x<=1 y-x<=2 z-y<=2 z<=9 x<=2 y-x<=3 y<=3 z-y<=3 z<=7 x<=2 y-x<=3 y<=3 z-y<=3 z<=7 D1 D2 Inclusion 0 x y z 12 2 9 Shortest Path Closure Shortest Path Closure 0 x y z 12 2 5 0 x y z 23 3 7 0 x y z 23 3 6 3 3 3 Graph ? ? Canonical Dastructures for Zones Difference Bounded Matrices Canonical Form

18 TOV 2002, Lektion 3.Kim G. Larsen UCb 18 Bellman 1958, Dill 1989 x<=1 y>=5 y-x<=3 x<=1 y>=5 y-x<=3 D Emptyness 0 y x 1 3 -5 Negative Cycle iff empty solution set Graph Canonical Dastructures for Zones Difference Bounded Matrices

19 TOV 2002, Lektion 3.Kim G. Larsen UCb 19 1<= x <=4 1<= y <=3 1<= x <=4 1<= y <=3 D Future x y x y Future D 0 y x 4 3 Shortest Path Closure Remove upper bounds on clocks 1<=x, 1<=y -2<=x-y<=3 1<=x, 1<=y -2<=x-y<=3 y x 3 2 0 y x 3 2 0 4 3 Canonical Dastructures for Zones Difference Bounded Matrices

20 TOV 2002, Lektion 3.Kim G. Larsen UCb 20 Canonical Dastructures for Zones Difference Bounded Matrices x y D 1<=x, 1<=y -2<=x-y<=3 1<=x, 1<=y -2<=x-y<=3 y x 3 2 0 Remove all bounds involving y and set y to 0 x y {y}D y=0, 1<=x Reset y x 0 0 0

21 TOV 2002, Lektion 3.Kim G. Larsen UCb 21 Improved Datastructures Compact Datastructure for Zones x1-x2<=4 x2-x1<=10 x3-x1<=2 x2-x3<=2 x0-x1<=3 x3-x0<=5 x1-x2<=4 x2-x1<=10 x3-x1<=2 x2-x3<=2 x0-x1<=3 x3-x0<=5 x1x2 x3x0 -4 10 2 2 5 3 x1x2 x3x0 -4 4 2 2 5 3 x1x2 x3x0 -4 2 2 3 3 -2 1 Shortest Path Closure O(n^3) Shortest Path Reduction O(n^3) 3 Canonical wrt = Space worst O(n^2) practice O(n) RTSS’97

22 TOV 2002, Lektion 3.Kim G. Larsen UCb 22

23 TOV 2002, Lektion 3.Kim G. Larsen UCb 23

24 TOV 2002, Lektion 3.Kim G. Larsen UCb 24 v and w are both redundant Removal of one depends on presence of other. v and w are both redundant Removal of one depends on presence of other. Shortest Path Reduction 1st attempt Idea Problem w <=w An edge is REDUNDANT if there exists an alternative path of no greater weight THUS Remove all redundant edges! An edge is REDUNDANT if there exists an alternative path of no greater weight THUS Remove all redundant edges! w v Observation: If no zero- or negative cycles then SAFE to remove all redundancies. Observation: If no zero- or negative cycles then SAFE to remove all redundancies.

25 TOV 2002, Lektion 3.Kim G. Larsen UCb 25 Shortest Path Reduction Solution G: weighted graph

26 TOV 2002, Lektion 3.Kim G. Larsen UCb 26 Shortest Path Reduction Solution G: weighted graph 1. Equivalence classes based on 0-cycles.

27 TOV 2002, Lektion 3.Kim G. Larsen UCb 27 Shortest Path Reduction Solution G: weighted graph 1. Equivalence classes based on 0-cycles. 2. Graph based on representatives. Safe to remove redundant edges

28 TOV 2002, Lektion 3.Kim G. Larsen UCb 28 Shortest Path Reduction Solution G: weighted graph 1. Equivalence classes based on 0-cycles. 2. Graph based on representatives. Safe to remove redundant edges 3. Shortest Path Reduction = One cycle pr. class + Removal of redundant edges between classes Canonical given order of clocks

29 TOV 2002, Lektion 3.Kim G. Larsen UCb 29 Earlier Termination Passed Waiting Final Init INITIAL Passed := Ø; Waiting := {(n0,Z0)} REPEAT - pick (n,Z) in Waiting - if for some Z’ Z (n,Z’) in Passed then STOP - else /explore/ add { (m,U) : (n,Z) => (m,U) } to Waiting; Add (n,Z) to Passed UNTIL Waiting = Ø or Final is in Waiting n,Z’ m,U n,Z Init -> Final ?

30 TOV 2002, Lektion 3.Kim G. Larsen UCb 30 Earlier Termination Passed Waiting Final Init INITIAL Passed := Ø; Waiting := {(n0,Z0)} REPEAT - pick (n,Z) in Waiting - if for some Z’ Z (n,Z’) in Passed then STOP - else /explore/ add { (m,U) : (n,Z) => (m,U) } to Waiting; Add (n,Z) to Passed UNTIL Waiting = Ø or Final is in Waiting n,Z’ m,U n,Z Init -> Final ?

31 TOV 2002, Lektion 3.Kim G. Larsen UCb 31 INITIAL Passed := Ø; Waiting := {(n0,Z0)} REPEAT - pick (n,Z) in Waiting - if for some (n,Z’) in Passed then STOP - else /explore/ add { (m,U) : (n,Z) => (m,U) } to Waiting; Add (n,Z) to Passed UNTIL Waiting = Ø or Final is in Waiting Earlier Termination Passed Waiting Final Init n,Z k m,U n,Z Init -> Final ? n,Z 1 n,Z 2

32 TOV 2002, Lektion 3.Kim G. Larsen UCb 32 Clock Difference Diagrams = Binary Decision Diagrams + Difference Bounded Matrices CDD-representations CAV99 zNodes labeled with differences zMaximal sharing of substructures (also across different CDDs) zMaximal intervals zLinear-time algorithms for set-theoretic operations. zNDD’s Maler et. al zDDD’s Møller, Lichtenberg

33 TOV 2002, Lektion 3.Kim G. Larsen UCb 33

34 TOV 2002, Lektion 3.Kim G. Larsen UCb 34

35 TOV 2002, Lektion 3.Kim G. Larsen UCb 35 Verification Options Breadth-First Depth-First Clock Reduction State Space Reduction State Space Repr. DBM Compact Over-approximation Under-approx Reuse State Space Diagnostic Trace Breadth-First Depth-First Clock Reduction State Space Reduction State Space Repr. DBM Compact Over-approximation Under-approx Reuse State Space Diagnostic Trace Case Studies

36 TOV 2002, Lektion 3.Kim G. Larsen UCb 36 Representation of symbolic states (In)Active Clock Reduction x is only active in location S1 x>3 x<5 x:=0 S x is inactive at S if on all path from S, x is always reset before being tested. Definition x<7

37 TOV 2002, Lektion 3.Kim G. Larsen UCb 37 Representation of symbolic states Active Clock Reduction x>3 x<5 S x is inactive at S if on all path from S, x is always reset before being tested. Definition g1 gk g2 r1 r2rk S1 S2Sk Only save constraints on active clocks

38 TOV 2002, Lektion 3.Kim G. Larsen UCb 38 When to store symbolic state State Space Reduction No Cycles: Passed list not needed for termination However, Passed list useful for efficiency

39 TOV 2002, Lektion 3.Kim G. Larsen UCb 39 When to store symbolic state State Space Reduction Cycles: Only symbolic states involving loop-entry points need to be saved on Passed list

40 TOV 2002, Lektion 3.Kim G. Larsen UCb 40 Reuse State Space Passed Waiting prop1 A[] prop1 A[] prop2 A[] prop3 A[] prop4 A[] prop5. A[] propn Search in existing Passed list before continuing search Which order to search? prop2

41 TOV 2002, Lektion 3.Kim G. Larsen UCb 41 Reuse State Space Passed Waiting prop1 A[] prop1 A[] prop2 A[] prop3 A[] prop4 A[] prop5. A[] propn Search in existing Passed list before continuing search Which order to search? Hashtable prop2

42 TOV 2002, Lektion 3.Kim G. Larsen UCb 42 Over-approximation Convex Hull x y Convex Hull 135 1 3 5

43 TOV 2002, Lektion 3.Kim G. Larsen UCb 43 Under-approximation Bitstate Hashing Passed Waiting Final Init n,Z’ m,U n,Z

44 TOV 2002, Lektion 3.Kim G. Larsen UCb 44 Under-approximation Bitstate Hashing Passed Waiting Final Init n,Z’ m,U n,Z Passed= Bitarray 1 0 1 0 0 1 UPPAAL 8 Mbits Hashfunction F

45 TOV 2002, Lektion 3.Kim G. Larsen UCb 45 Bitstate Hashing INITIAL Passed := Ø; Waiting := {(n0,Z0)} REPEAT - pick (n,Z) in Waiting - if for some Z’ Z then STOP (n,Z’) in Passed then STOP - else /explore/ add { (m,U) : (n,Z) => (m,U) } to Waiting; Add (n,Z) to Passed UNTIL Waiting = Ø or Final is in Waiting INITIAL Passed := Ø; Waiting := {(n0,Z0)} REPEAT - pick (n,Z) in Waiting - if for some Z’ Z then STOP (n,Z’) in Passed then STOP - else /explore/ add { (m,U) : (n,Z) => (m,U) } to Waiting; Add (n,Z) to Passed UNTIL Waiting = Ø or Final is in Waiting Passed(F(n,Z)) = 1 Passed(F(n,Z)) := 1

46 TOV 2002, Lektion 3.Kim G. Larsen UCb 46 Best Options for Fischer

47 TOV 2002, Lektion 3.Kim G. Larsen UCb 47 Best Options for Fischer

48 TOV 2002, Lektion 3.Kim G. Larsen UCb 48 Overview zTimed Automata (review) zUPPAAL 3.2 zSymbolic Reachability & Datastructures yDBMs yCompact Datastructure yCDDs zVerification Options zBeyond Model Checking

49 TOV 2002, Lektion 3.Kim G. Larsen UCb 49 The State Explosion Problem a cb a cb a cb a cb a cb a cb a cb a cb Model-checking is either EXPTIME-complete or PSPACE-complete (for TA’s this is true even for a single TA) Model-checking is either EXPTIME-complete or PSPACE-complete (for TA’s this is true even for a single TA) Sys

50 TOV 2002, Lektion 3.Kim G. Larsen UCb 50 Abstraction a cb a cb a cb a cb a cb a cb a cb a cb Sys 1 2 43 Abs REDUCE TO Preserving safety properties

51 TOV 2002, Lektion 3.Kim G. Larsen UCb 51 Compositionality Sys 1 2 43 1 2 43 Sys 1 Sys 2 a cb a cb a cb a cb a cb a cb a cb a cb Abs 1 Abs 2

52 TOV 2002, Lektion 3.Kim G. Larsen UCb 52 Timed Simulation UPPAAL

53 TOV 2002, Lektion 3.Kim G. Larsen UCb 53 Timed Simulation UPPAAL Applied to IEEE 1394a Root contention protocol (Simons, Stoelinga) B&O Power Down Protocol (Ejersbo, Larsen, Skou, FTRTFT2k) Modifications identified when urgency and shared integers

54 UCb IDA foredrag 20.4.99 THE END (almost)almost

55 TOV 2002, Lektion 3.Kim G. Larsen UCb 55

56 TOV 2002, Lektion 3.Kim G. Larsen UCb 56

57 TOV 2002, Lektion 3.Kim G. Larsen UCb 57

58 TOV 2002, Lektion 3.Kim G. Larsen UCb 58

59 TOV 2002, Lektion 3.Kim G. Larsen UCb 59

Download ppt "UCb Kim Guldstrand Larsen Symbolic Model Checking …and Verification Options How UPPAAL really works & How to make UPPAAL really work."

Similar presentations

Model Checking Base on Interoplation

Model Checking Base on Interoplation
Checking correctness properties of object-oriented programs K. Rustan M. Leino Microsoft Research, Redmond, WA Lecture 2 EEF summer school on Specification,

Checking correctness properties of object-oriented programs K. Rustan M. Leino Microsoft Research, Redmond, WA Lecture 2 EEF summer school on Specification,
Model Checking Lecture 3. Specification Automata Syntax, given a set A of atomic observations: Sfinite set of states S 0 Sset of initial states S S transition.

Model Checking Lecture 3. Specification Automata Syntax, given a set A of atomic observations: Sfinite set of states S 0 Sset of initial states S S transition.
McGill University School of Computer Science COMP 763 Ph.D. Student in the Modelling, Simulation and Design Lab Eugene Syriani 1.

McGill University School of Computer Science COMP 763 Ph.D. Student in the Modelling, Simulation and Design Lab Eugene Syriani 1.
UCb Symbolic Reachability and Beyound or how UPPAAL really works Kim Guldstrand Larsen

UCb Symbolic Reachability and Beyound or how UPPAAL really works Kim Guldstrand Larsen
1 Logics & Preorders from logic to preorder – and back Kim Guldstrand Larsen Paul PetterssonMogens Nielsen

1 Logics & Preorders from logic to preorder – and back Kim Guldstrand Larsen Paul PetterssonMogens Nielsen
nearly Formal Methods Automatic Validation and Verification Tools

nearly Formal Methods Automatic Validation and Verification Tools
Memory Interface Analysis Using the Real-Time Model Checker UPPAAL Egle Sasnauskaite Marius Mikucionis Supervisor: Gerd Behrmann Co-cupervisor: Thomas.

Memory Interface Analysis Using the Real-Time Model Checker UPPAAL Egle Sasnauskaite Marius Mikucionis Supervisor: Gerd Behrmann Co-cupervisor: Thomas.
Formal methods & Tools UCb CUPPAAL CUPPAAL Efficient Minimum-Cost Reachability for Linearly Priced Timed Automata Gerd Behrman, Ed Brinksma, Ansgar Fehnker,

Formal methods & Tools UCb CUPPAAL CUPPAAL Efficient Minimum-Cost Reachability for Linearly Priced Timed Automata Gerd Behrman, Ed Brinksma, Ansgar Fehnker,
Algorithmic Software Verification VII. Computation tree logic and bisimulations.

Algorithmic Software Verification VII. Computation tree logic and bisimulations.
Tree Regular Model Checking P. Abdulla, B. Jonsson, P. Mahata and J. d’Orso Uppsala University.

Tree Regular Model Checking P. Abdulla, B. Jonsson, P. Mahata and J. d’Orso Uppsala University.
Corso di Sistemi in Tempo Reale Laurea in Ingegneria dell‘Automazione a.a. 2008-2009 Paolo Pagano

Corso di Sistemi in Tempo Reale Laurea in Ingegneria dell‘Automazione a.a Paolo Pagano
Solving Timed Games with Variable Observations: Proof of Concept Peter Bulychev Franck Cassez Alexandre David Kim G. Larsen Jean-François Raskin Pierre-Alain.

Solving Timed Games with Variable Observations: Proof of Concept Peter Bulychev Franck Cassez Alexandre David Kim G. Larsen Jean-François Raskin Pierre-Alain.
Lecture #21 Software Model Checking: predicate abstraction Thomas Ball Testing, Verification and Measurement Microsoft Research.

Lecture #21 Software Model Checking: predicate abstraction Thomas Ball Testing, Verification and Measurement Microsoft Research.
UPPAAL Introduction Chien-Liang Chen.

UPPAAL Introduction Chien-Liang Chen.
Hybrid Systems Presented by: Arnab De Anand S. An Intuitive Introduction to Hybrid Systems Discrete program with an analog environment. What does it mean?

Hybrid Systems Presented by: Arnab De Anand S. An Intuitive Introduction to Hybrid Systems Discrete program with an analog environment. What does it mean?
UPPAAL T-shirt to (identifiable)

UPPAAL T-shirt to (identifiable)
Introduction to Uppaal ITV Multiprogramming & Real-Time Systems Anders P. Ravn Aalborg University May 2009.

Introduction to Uppaal ITV Multiprogramming & Real-Time Systems Anders P. Ravn Aalborg University May 2009.
Modelling and Analysis of Real Time Systems Kim Guldstrand Larsen UPPAAL2k using UPPAAL2k.

Modelling and Analysis of Real Time Systems Kim Guldstrand Larsen UPPAAL2k using UPPAAL2k.
UPPAAL Andreas Hadiyono Arrummaisha Adrifina Harya Iswara Aditya Wibowo Juwita Utami Putri.

UPPAAL Andreas Hadiyono Arrummaisha Adrifina Harya Iswara Aditya Wibowo Juwita Utami Putri.

Similar presentations

Ads by Google