Symbolic Reachability and Beyound - Aalborg...

Symbolic Reachabilityand Beyound

or how UPPAAL really works

Kim Guldstrand Larsen BRICS@Aalborg

2IDA foredrag 20.4.99

REGIONSreview

3Real Time Systems, DTU, 2001 Kim G. Larsen UCb

A1 B1 CS1V:=1 V=1

A2 B2 CS2V:=2 V=2

Init V=1

2♥´

VCriticial Section

Fischer’s Protocol a simple real time mutual exclusion algorithm

RegionsFinite partitioning of state space

y Definition

w≈w ' iff w and w' satisfythe exact same conditions ofthe form xi≤n and xi−x j≤nwhere n≤max

An equivalence class (i.e. a region)in fact there is only a finite number of regions!!

y Definition

An equivalence class (i.e. a region)

Successor regions, Succ(r)

Definition

An equivalence class (i.e. a region) r

Resetregions

Whenever uv≈u' v ' then[ l,u , v ] sat φ

⇔[ l,u ' , v ' ] sat φ

THEOREM

Fischers again A1 B1 CS1V:=1 V=1

A2 B2 CS2V:=2 V=2Y<1

AG ¬CS1∧CS 2

A1,A2,v=1

A1,B2,v=2

A1,CS2,v=2

B1,CS2,v=1

CS1,CS2,v=1

Untimed case

A1,A2,v=1x=y=0

A1,A2,v=10 <x=y <1

A1,A2,v=1x=y=1

A1,A2,v=11 <x,y

A1,B2,v=20 <x<1

A1,B2,v=20 <y < x<1

A1,B2,v=20 <y < x=1

A1,B2,v=20 <y<1

A1,B2,v=21 <x,y

A1,B2,v=2y=11 <x

A1,CS2,v=21 <x,y

No further behaviour possible!!

Timed case

PartialRegion Graph

Roughly speaking....

Model checking a timed automata against a TCTL-formula amounts to

model checking its region graph against a CTL-formula

Problem to be solved

Model Checking TCTL is PSPACE-hard

THE UPPAAL ENGINE

Reachability & ZonesProperty and system dependent

partitioning

ZonesFrom infinite to finite

State(n, x=3.2, y=2.5 )

Symbolic state (set)(n, )

Zone:conjunction ofx-y<=n, x<=>n

1≤x≤4,1≤ y≤3

Symbolic Transitions

ydelays to

y conjuncts to

projects to

1<=x<=41<=y<=3

1<=x, 1<=y-2<=x-y<=3

3<x, 1<=y-2<=x-y<=3

3<x, y=0

Thus (n,1<=x<=4,1<=y<=3) =a => (m,3<x, y=0)

A1 B1 CS1V:=1 V=1

A2 B2 CS2V:=2 V=2

Init V=1

2♥´

VCriticial Section

Fischer’s Protocolanalysis using zones

Fischers cont. B1 CS1

V:=1 V=1

A2 B2 CS2V:=2 V=2Y<10

A1,A2,v=1 A1,B2,v=2 A1,CS2,v=2 B1,CS2,v=1 CS1,CS2,v=1

Untimed case

V:=1 V=1

A2 B2 CS2V:=2 V=2Y<10

Untimed case

Taking time into account

V:=1 V=1

A2 B2 CS2V:=2 V=2Y<10

Untimed case

V:=1 V=1

A2 B2 CS2V:=2 V=2Y<10

Untimed case

V:=1 V=1

A2 B2 CS2V:=2 V=2Y<10

Untimed case

V:=1 V=1

A2 B2 CS2V:=2 V=2Y<10

Untimed case

Forward Rechability

Passed

WaitingFinal

INITIAL Passed := Ø; Waiting := {(n0,Z0)}

REPEAT - pick (n,Z) in Waiting - if for some Z’ Z (n,Z’) in Passed then STOP - else (explore) add

{ (m,U) : (n,Z) => (m,U) } to Waiting; Add (n,Z) to Passed

UNTIL Waiting = Ø or Final is in Waiting

Init -> Final ?

Forward Rechability

Passed

Waiting Final

REPEAT - pick (n,Z) in Waiting - if for some Z’ Z (n,Z’) in Passed then STOP - else (explore) add

n,Z’

Init -> Final ?

Forward Rechability

Passed

Waiting Final

REPEAT - pick (n,Z) in Waiting - if for some Z’ Z (n,Z’) in Passed then STOP - else /explore/ add

n,Z’

Init -> Final ?

Forward Rechability

Passed

Waiting Final

REPEAT - pick (n,Z) in Waiting - if for some Z’ Z (n,Z’) in Passed then STOP - else /explore/ add

n,Z’

Init -> Final ?

Canonical Dastructures for ZonesDifference Bounded Matrices Bellman 1958, Dill 1989

x<=1y-x<=2z-y<=2z<=9

x<=2y-x<=3y<=3z-y<=3z<=7

Inclusion

Bellman 1958, Dill 1989

x<=1y-x<=2z-y<=2z<=9

x<=2y-x<=3y<=3z-y<=3z<=7

Inclusion

ShortestPath

Closure

ShortestPath

Closure

? ? ¿

Canonical Dastructures for ZonesDifference Bounded Matrices

Bellman 1958, Dill 1989

x<=1y<= -5y-x<=3

Emptyness

Negative Cycleiffempty solution set

1<= x <=41<= y <=3

Future

Future D

ShortestPath

Closure

Removeupper

boundson clocks

1<=x, 1<=y-2<=x-y<=3

D1<=x, 1<=y-2<=x-y<=3

Remove allbounds

involving yand set y to 0

y=0, 1<=x

Improved DatastructuresCompact Datastructure for Zones

x1-x2<=4x2-x1<=10x3-x1<=2x2-x3<=2x0-x1<=3x3-x0<=5

3 -2 -2

ShortestPath

ClosureO(n^3)

ShortestPath

ReductionO(n^3) 3

Canonical wrt =Space worst O(n^2) practice O(n)

her 3 Fisc

SPACE PERFORMANCE

Minimal Constraint

Global Reduction

Combination

her 3 Fisc

TIME PERFORMANCE

Minimal Constraint

Global Reduction

Combination

Beyond Reachability

-Bounded Liveness-Abstraction & Simulation

Logical Formulas

Safety Properties:F ::= A[ ] P |

E<> P Always P

P ::= Proc.l | x = n | v = n | x<=n | x<n | P and P | not P | P or P | P imply P

Possibly P

atomic properties

Process Proc at location l

clock comparison

boolean combinations

Beyound SafetyDecoration TACAS98a

Leadsto: Whenever l is reached then n is reached with t

Decorationnew clock Xboolean B

A[] (B implies x<=t)

AG a⇒AF ¿ t b

Beyond SafetyTest automata TACAS98bAG a⇒AF ¿ t b

a?x:=0

x<=tx==tb?

b urgent!

A[] (not T.BAD)

Example bounded liveness

a1 a2 a3 a4 a5

c1 c2 c3 c4 c5

Abstraction & Compositionality dealing w stateexplosion

C 1 A1 C 2 A2

C 1∣C 2 A1∣A2

Concrete Abstract

”trace” inclusion

Abstraction Example

a1 a2 a3 a4 a5

Example Continued

abstractedby

Proving abstractions using reachability

A[] not TestAbstPoP1.BAD

Recognizesall the BADcomputationsof PoP1

Symbolic Reachability and Beyound - Aalborg...

Documents

Further beyound the Dirac equation: isotope shift, parity ...nuclphys.sinp.msu.ru/hi/heavy_ions_05.pdf · Plan of the lecture • Isotope shift of energy levels: Mass and volume effects

Chapter 6 Wireless and Mobile Networks - people.cs.aau.dkpeople.cs.aau.dk/~adavid/teaching/DNA-11/Chapter6_5th_Aug_2009.pdf · Chapter 6 Wireless and Mobile Networks ... note our

Aalborg Universitet Widening the Schedulability Hierarchical ...people.cs.aau.dk/~adavid/publications/88-facs.pdfAn example of a hierarchical scheduling system is depicted in Fig

Parallel Programming Platforms - Aalborg Universitetpeople.cs.aau.dk/~adavid/teaching/MVP-08/01c+02a-MVP08.pdf · 2014-02-04 · Implicit Parallelism ... Trends in Microprocessors

D.T.U planchers chauffants à eau chaude Cochebat Syndicat ...cochebat.org/wp-content/uploads/DTU.pdf · DTU 65.14 partie 1 tableau annexe C Valeurs minimales des résistances thermiques

· 'ad servidor.unam.mx alaniz servidor.unam.mx uetzalcoat.i ofcu.unammx maaz adavid uetzalcoat.i eofcu.unam.mx lalva tonatiuh.i eofcu.unam.mx Sue cese.mx Saul icese.mx lalvarez

Scalable Algorithmic Techniquespeople.cs.aau.dk/~adavid/teaching/MVP-11/06-chap05-lect06-07.pdf · Scalable Algorithmic Techniques Decompositions & Mapping Alexandre David 1.2.05

Signals & Pipes - Aalborg Universitetpeople.cs.aau.dk/~adavid/teaching/MTP-05/lectures/12/Signals_and_Pipes.pdf15 Sending a Signal (kill) pid: – >0: Sent to the specified PID

Alexandre David 1.2.05 adavid@cs.aaupeople.cs.aau.dk/~adavid/teaching/MVP-10/02-chap02-lect02.pdf · 08-02-2010 MVP'10 - Aalborg University 21 PRAM model Several execution units accessing

Gerd Behrmann Kim Larsen BRICS & Aalborg Universitypeople.cs.aau.dk/~adavid/RTSS05/uppaal-intro.pdf · Gerd Behrmann Kim Larsen BRICS & Aalborg University ... Clocks clock x1, x2,

S.NO. EXPERIMENTS PAGE NO - Innovative Thinking lab manual-DTU.pdf · S.NO. EXPERIMENTS PAGE NO . 1. Architecture or Functional Block Diagram of 8086 2 2. ... Basic Commands of MASM

CHAPTER -VII LOOKING BEYOUND CORRECTIONAL HOMES ...shodhganga.inflibnet.ac.in/bitstream/10603/61421/11/11_chapter 7.pdf · CHAPTER - VII LOOKING BEYOND THE CORRECTIONAL HOMES i_ PERCEPTION

Concurrency 1 – Introductionpeople.cs.aau.dk/~adavid/teaching/MTP-05/01-introduction-slides.pdf · controlled therapy radiation machine, the Therac25, caused 6 known accidents with

Moving from Speciﬁcations to Contracts in …people.cs.aau.dk/~adavid/publications/56-contracts.pdfMoving from Speciﬁcations to Contracts in Component-based Design? Sebastian S

4 Week Online Photography Course Black & White Fine Art ... · PDF fileBlack & White Fine Art Photography & Beyound With ... of the principles of composition and its ... architectural

Concurrency 3 – Concurrent Executionpeople.cs.aau.dk/~adavid/teaching/MTP-05/03... · Parallelism vs. Concurrency Both concurrency and parallelism require controlled access to shared

University of Calgary Webdisk Server - Do Stock …people.ucalgary.ca/~adavid/UOAUOC/KaulMehrotraStefanescu...exclude non U.S. firms, real estate investment trusts, and closed-end

Formal veriﬁcation and simulation for platform screen ...people.cs.aau.dk/~adavid/publications/82-sttt.pdf · proposed, in which the veriﬁcation tool SpaceEx/PHAVer and simulation

352 - project 1 "Beyound style "

A Self Balancing Robot - Aalborg Universitetpeople.cs.aau.dk/~adavid/teaching/TSW-10/OSEKRobot.pdf · • Introduction. • The robot & the model. • Installing and the that jazz