Efficient Verification of Timed Automata Kim Guldstrand Larsen BRICS@Aalborg
-
Upload
luke-jensen -
Category
Documents
-
view
31 -
download
0
description
Transcript of Efficient Verification of Timed Automata Kim Guldstrand Larsen BRICS@Aalborg
1
Efficient Verification of Timed Automata
Kim Guldstrand Larsen
BRICS@Aalborg
2Estonian Winter School in Computer Science Kim G. Larsen UCb
The UPPAAL Model= Networks of Timed Automata + Integer Variables +….
l1
l2
a!
x>=2i==3
x := 0i:=i+4
m1
m2
a?
y<=4
………….Two-way synchronizationon complementary actions.
Closed Systems!
Two-way synchronizationon complementary actions.
Closed Systems!
(l1, m1,………, x=2, y=3.5, i=3,…..) (l2,m2,……..,x=0, y=3.5, i=7,…..)
(l1,m1,………,x=2.2, y=3.7, I=3,…..)
0.2
tau
Example transitions
If a URGENT CHANNEL
3Estonian Winter School in Computer Science Kim G. Larsen UCb
Timed Automata in UPPAAL
Timed (Safety) Automata+ urgent actions + urgent locations+ committed locations+ data-variables (with bounded domains)+ arrays of data-variables + constants + guards and assignments over data-variables and arrays…+ templates with local clocks, data-variables, and constants.
4Estonian Winter School in Computer Science Kim G. Larsen UCb
Declarations in UPPAAL
clock x1, …, xn;
int i1, …, im;
chan a1, …, ao;
const c1 n1, …, cp np;
Examples:
clock x, y;
int i, J0; int[0,1] k[5];
const delay 5, true 1, false 0;
Array k of five booleans.
5Estonian Winter School in Computer Science Kim G. Larsen UCb
Timed Automata in UPPAAL
n
m
a
x<=5 & y>3
x := 0
x<=5
y<=10
g1g2 g3
g4
invinvnxnxinv ,||::
clock natural number and
}!,,,,,{
},,,,{
::
|::
,||::
op
ExpropExprg
nyxnxg
ggggg
d
c
dc
nx :
clock guards
data guards
clock assignments
clock assignments
):?(
|/
|*
|
|
||
|][|::
:
ExprExprg
ExprExpr
ExprExpr
ExprExpr
ExprExpr
Exprn
ExpriiExpr
Expri
d
location invariants
6Estonian Winter School in Computer Science Kim G. Larsen UCb
Urgent Channels
urgent chan hurry;
Informal Semantics:• There will be no delay if transition with urgent action can be taken.
Restrictions:• No clock guard allowed on transitions with urgent actions.
• Invariants and data-variable guards are allowed.
7Estonian Winter School in Computer Science Kim G. Larsen UCb
Urgent Locations
Click “Urgent” in State Editor.
Informal Semantics:• No delay in urgent location.
Note: the use of urgent locations reduces the number of clocks
in a model, and thus the complexity of the analysis.
8Estonian Winter School in Computer Science Kim G. Larsen UCb
Committed Locations
Click “Committed” in State Editor.
Informal Semantics:• No delay in committed location.• Next transition must involve an automaton in committed location.
Note: the use of committed locations reduces the number of
clocks in a model, and allows for more space and time efficient
analysis.
9Estonian Winter School in Computer Science Kim G. Larsen UCb
Logical Formulas
Safety Properties:F ::= A[ ] P |
E<> P Always P
P ::= Proc.l | x = n | v = n | x<=n | x<n | P and P | not P | P or P | P imply P
Possibly P
where
atomic properties
Process Proc at location l
clock comparison
boolean combinations
10Estonian Winter School in Computer Science Kim G. Larsen UCb
Train Crossing
River
Crossing
Gate
StopableArea
[10,20]
[7,15]
Queue
[3,5]appr,stop
leave
go
emptynonemptyhd, add,rem
11Estonian Winter School in Computer Science Kim G. Larsen UCb
Beyound SafetyDecoration TACAS98a
l
n
Leadsto: Whenever l is reached then n is reached with t
l
n
Decorationnew clock Xboolean B
X:=0
B:=tt
B:=ff
A[] (B implies x<=t)
)( ba t AFAG
12
THE UPPAAL ENGINE
Reachability & ZonesProperty and system dependent
partitioning
13Estonian Winter School in Computer Science Kim G. Larsen UCb
ZonesFrom infinite to finite
State(n, x=3.2, y=2.5 )
x
y
x
y
Symbolic state (set)(n, )
Zone:conjunction ofx-y<=n, x<=>n
3y4,1x1
14Estonian Winter School in Computer Science Kim G. Larsen UCb
Symbolic Transitions
n
m
x>3
y:=0
x
ydelays to
conjuncts to
projects to
x
y
1<=x<=41<=y<=3
x
y1<=x, 1<=y-2<=x-y<=3
x
y 3<x, 1<=y-2<=x-y<=3
3<x, y=0
Thus (n,1<=x<=4,1<=y<=3) =a => (m,3<x, y=0)Thus (n,1<=x<=4,1<=y<=3) =a => (m,3<x, y=0)
a
15Estonian Winter School in Computer Science Kim G. Larsen UCb
A1 B1 CS1V:=1 V=1
A2 B2 CS2V:=2 V=2
Init V=1
2´
VCriticial Section
Fischer’s Protocolanalysis using zones
Y<10
X:=0
Y:=0
X>10
Y>10
X<10
16Estonian Winter School in Computer Science Kim G. Larsen UCb
Fischers cont. B1 CS1
V:=1 V=1
A2 B2 CS2V:=2 V=2Y<10
X:=0
Y:=0
X>10
Y>10
X<10
A1,A2,v=1 A1,B2,v=2 A1,CS2,v=2 B1,CS2,v=1 CS1,CS2,v=1
Untimed case
A1
17Estonian Winter School in Computer Science Kim G. Larsen UCb
Fischers cont. B1 CS1
V:=1 V=1
A2 B2 CS2V:=2 V=2Y<10
X:=0
Y:=0
X>10
Y>10
X<10
A1,A2,v=1 A1,B2,v=2 A1,CS2,v=2 B1,CS2,v=1 CS1,CS2,v=1
Untimed case
Taking time into account
X
Y
A1
18Estonian Winter School in Computer Science Kim G. Larsen UCb
Fischers cont. B1 CS1
V:=1 V=1
A2 B2 CS2V:=2 V=2Y<10
X:=0
Y:=0
X>10
Y>10
X<10
A1,A2,v=1 A1,B2,v=2 A1,CS2,v=2 B1,CS2,v=1 CS1,CS2,v=1
Untimed case
Taking time into account
X
Y
A1
10X
Y1010
19Estonian Winter School in Computer Science Kim G. Larsen UCb
Fischers cont. B1 CS1
V:=1 V=1
A2 B2 CS2V:=2 V=2Y<10
X:=0
Y:=0
X>10
Y>10
X<10
A1,A2,v=1 A1,B2,v=2 A1,CS2,v=2 B1,CS2,v=1 CS1,CS2,v=1
Untimed case
Taking time into account
A1
10X
Y10
X
Y10
20Estonian Winter School in Computer Science Kim G. Larsen UCb
Fischers cont. B1 CS1
V:=1 V=1
A2 B2 CS2V:=2 V=2Y<10
X:=0
Y:=0
X>10
Y>10
X<10
A1,A2,v=1 A1,B2,v=2 A1,CS2,v=2 B1,CS2,v=1 CS1,CS2,v=1
Untimed case
Taking time into account
A1
10X
Y10
X
Y10
10X
Y10
21Estonian Winter School in Computer Science Kim G. Larsen UCb
Fischers cont. B1 CS1
V:=1 V=1
A2 B2 CS2V:=2 V=2Y<10
X:=0
Y:=0
X>10
Y>10
X<10
A1,A2,v=1 A1,B2,v=2 A1,CS2,v=2 B1,CS2,v=1 CS1,CS2,v=1
Untimed case
Taking time into account
A1
10X
Y10
X
Y10
10X
Y10
22Estonian Winter School in Computer Science Kim G. Larsen UCb
Forward Rechability
Passed
WaitingFinal
Init
INITIAL Passed := Ø; Waiting := {(n0,Z0)}
REPEAT - pick (n,Z) in Waiting - if for some Z’ Z (n,Z’) in Passed then STOP - else (explore) add
{ (m,U) : (n,Z) => (m,U) } to Waiting; Add (n,Z) to Passed
UNTIL Waiting = Ø or Final is in Waiting
Init -> Final ?
23Estonian Winter School in Computer Science Kim G. Larsen UCb
Forward Rechability
Passed
Waiting Final
Init
n,Z
INITIAL Passed := Ø; Waiting := {(n0,Z0)}
REPEAT - pick (n,Z) in Waiting - if for some Z’ Z (n,Z’) in Passed then STOP - else (explore) add
{ (m,U) : (n,Z) => (m,U) } to Waiting; Add (n,Z) to Passed
UNTIL Waiting = Ø or Final is in Waiting
n,Z’
Init -> Final ?
24Estonian Winter School in Computer Science Kim G. Larsen UCb
Forward Rechability
Passed
Waiting Final
Init
n,Z
INITIAL Passed := Ø; Waiting := {(n0,Z0)}
REPEAT - pick (n,Z) in Waiting - if for some Z’ Z (n,Z’) in Passed then STOP - else /explore/ add
{ (m,U) : (n,Z) => (m,U) } to Waiting; Add (n,Z) to Passed
UNTIL Waiting = Ø or Final is in Waiting
n,Z’
m,U
Init -> Final ?
25Estonian Winter School in Computer Science Kim G. Larsen UCb
Forward Rechability
Passed
Waiting Final
Init
INITIAL Passed := Ø; Waiting := {(n0,Z0)}
REPEAT - pick (n,Z) in Waiting - if for some Z’ Z (n,Z’) in Passed then STOP - else /explore/ add
{ (m,U) : (n,Z) => (m,U) } to Waiting; Add (n,Z) to Passed
UNTIL Waiting = Ø or Final is in Waiting
n,Z’
m,U
n,Z
Init -> Final ?
26Estonian Winter School in Computer Science Kim G. Larsen UCb
Canonical Dastructures for ZonesDifference Bounded Matrices Bellman 1958, Dill 1989
x<=1y-x<=2z-y<=2z<=9
x<=1y-x<=2z-y<=2z<=9
x<=2y-x<=3y<=3z-y<=3z<=7
x<=2y-x<=3y<=3z-y<=3z<=7
D1
D2
Inclusion
0
x
y
z
1 2
29
0
x
y
z
2 3
37
3
? ?
Graph
Graph
27Estonian Winter School in Computer Science Kim G. Larsen UCb
Bellman 1958, Dill 1989
x<=1y-x<=2z-y<=2z<=9
x<=1y-x<=2z-y<=2z<=9
x<=2y-x<=3y<=3z-y<=3z<=7
x<=2y-x<=3y<=3z-y<=3z<=7
D1
D2
Inclusion
0
x
y
z
1 2
29
ShortestPath
Closure
ShortestPath
Closure
0
x
y
z
1 2
25
0
x
y
z
2 3
37
0
x
y
z
2 3
36
3
3 3
Graph
Graph
? ?
Canonical Dastructures for ZonesDifference Bounded Matrices
28Estonian Winter School in Computer Science Kim G. Larsen UCb
Bellman 1958, Dill 1989
x<=1y>=5y-x<=3
x<=1y>=5y-x<=3
D
Emptiness
0y
x1
3
-5
Negative Cycleiffempty solution set
Graph
Canonical Dastructures for ZonesDifference Bounded Matrices
Compact
29Estonian Winter School in Computer Science Kim G. Larsen UCb
1<= x <=41<= y <=3
1<= x <=41<= y <=3
D
Future
x
y
x
y
Future D
0
y
x4
-1
3
-1
ShortestPath
Closure
Removeupper
boundson clocks
1<=x, 1<=y-2<=x-y<=3
1<=x, 1<=y-2<=x-y<=3
y
x
-1
-1
3
2
0
y
x
-1
-1
3
2
0
4
3
Canonical Dastructures for ZonesDifference Bounded Matrices
30Estonian Winter School in Computer Science Kim G. Larsen UCb
Canonical Dastructures for ZonesDifference Bounded Matrices
x
y
D
1<=x, 1<=y-2<=x-y<=3
1<=x, 1<=y-2<=x-y<=3
y
x
-1
-1
3
2
0
Remove allbounds
involving yand set y to 0
x
y
{y}D
y=0, 1<=xy=0, 1<=x
Reset
y
x
-1
0
0 0
31Estonian Winter School in Computer Science Kim G. Larsen UCb
Improved DatastructuresCompact Datastructure for Zones
x1-x2<=4x2-x1<=10x3-x1<=2x2-x3<=2x0-x1<=3x3-x0<=5
x1-x2<=4x2-x1<=10x3-x1<=2x2-x3<=2x0-x1<=3x3-x0<=5
x1 x2
x3x0
-4
10
22
5
3
x1 x2
x3x0
-4
4
22
5
3 3 -2 -2
1
ShortestPath
ClosureO(n^3)
RTSS 1997
32Estonian Winter School in Computer Science Kim G. Larsen UCb
Improved DatastructuresCompact Datastructure for Zones
x1-x2<=4x2-x1<=10x3-x1<=2x2-x3<=2x0-x1<=3x3-x0<=5
x1-x2<=4x2-x1<=10x3-x1<=2x2-x3<=2x0-x1<=3x3-x0<=5
x1 x2
x3x0
-4
10
22
5
3
x1 x2
x3x0
-4
4
22
5
3
x1 x2
x3x0
-4
22
3
3 -2 -2
1
ShortestPath
ClosureO(n^3)
ShortestPath
ReductionO(n^3) 3
Canonical wrt =Space worst O(n^2) practice O(n)
RTSS 1997
33Estonian Winter School in Computer Science Kim G. Larsen UCb
SPACE PERFORMANCE
0
0,1
0,2
0,3
0,4
0,5
0,6
0,7
0,8
0,9
1
Per
cen
t Minimal Constraint
Global Reduction
Combination
34Estonian Winter School in Computer Science Kim G. Larsen UCb
TIME PERFORMANCE
0
0,5
1
1,5
2
2,5
Per
cen
t Minimal Constraint
Global Reduction
Combination
35Estonian Winter School in Computer Science Kim G. Larsen UCb
v and w are both redundantRemoval of one depends on presence of other.
v and w are both redundantRemoval of one depends on presence of other.
Shortest Path Reduction1st attempt
Idea
Problem
w
<=wAn edge is REDUNDANT if there existsan alternative path of no greater weight THUS Remove all redundant edges!
An edge is REDUNDANT if there existsan alternative path of no greater weight THUS Remove all redundant edges!
w
v
Observation: If no zero- or negative cycles then SAFE to remove all redundancies.
Observation: If no zero- or negative cycles then SAFE to remove all redundancies.
36Estonian Winter School in Computer Science Kim G. Larsen UCb
Shortest Path ReductionSolution
G: weighted graph
37Estonian Winter School in Computer Science Kim G. Larsen UCb
Shortest Path ReductionSolution
G: weighted graph
1. Equivalence classes based on 0-cycles.
2. Graph based on representatives. Safe to remove redundant edges
38Estonian Winter School in Computer Science Kim G. Larsen UCb
Shortest Path ReductionSolution
G: weighted graph
1. Equivalence classes based on 0-cycles.
2. Graph based on representatives. Safe to remove redundant edges
3. Shortest Path Reduction = One cycle pr. class + Removal of redundant edges between classes
39Estonian Winter School in Computer Science Kim G. Larsen UCb
Earlier Termination
Passed
Waiting Final
Init
INITIAL Passed := Ø; Waiting := {(n0,Z0)}
REPEAT - pick (n,Z) in Waiting - if for some Z’ Z (n,Z’) in Passed then STOP - else /explore/ add
{ (m,U) : (n,Z) => (m,U) } to Waiting; Add (n,Z) to Passed
UNTIL Waiting = Ø or Final is in Waiting
n,Z’
m,U
n,Z
Init -> Final ?
40Estonian Winter School in Computer Science Kim G. Larsen UCb
Earlier Termination
Passed
Waiting Final
Init
INITIAL Passed := Ø; Waiting := {(n0,Z0)}
REPEAT - pick (n,Z) in Waiting - if for some Z’ Z (n,Z’) in Passed then STOP - else /explore/ add
{ (m,U) : (n,Z) => (m,U) } to Waiting; Add (n,Z) to Passed
UNTIL Waiting = Ø or Final is in Waiting
n,Z’
m,U
n,Z
Init -> Final ?
ZZ'
41Estonian Winter School in Computer Science Kim G. Larsen UCb
INITIAL Passed := Ø; Waiting := {(n0,Z0)}
REPEAT - pick (n,Z) in Waiting - if for some (n,Z’) in Passed then STOP - else /explore/ add
{ (m,U) : (n,Z) => (m,U) } to Waiting; Add (n,Z) to Passed
UNTIL Waiting = Ø or Final is in Waiting
Earlier Termination
Passed
Waiting Final
Init
n,Zk
m,U
n,Z
Init -> Final ?
n,Z1
n,Z2 ZZii
ZZ'
42Estonian Winter School in Computer Science Kim G. Larsen UCb
Clock Difference Diagrams= Binary Decision Diagrams + Difference Bounded Matrices
CDD-representationsCDD-representations
CAV99
Nodes labeled with differences
Maximal sharing of substructures (also across different CDDs)
Maximal intervals Linear-time algorithms
for set-theoretic operations.
NDD’s Maler et. al
DDD’s Møller, Lichtenberg
43Estonian Winter School in Computer Science Kim G. Larsen UCb
SPACE PERFORMANCE
0
0,5
1
1,5
2
2,5
3
3,5
4
4,5
Per
cen
t CDD
Reduced CDD
CDD+BDD
44Estonian Winter School in Computer Science Kim G. Larsen UCb
TIME PERFORMANCE
0
1
2
3
4
5
6
Per
cen
t CDD
Reduced CDD
CDD+BDD
45Estonian Winter School in Computer Science Kim G. Larsen UCb
Verification Options• Diagnostic Trace
• Breadth-First• Depth-First
• Local Reduction• Active-Clock Reduction• Global Reduction
• Re-Use State-Space
• Over-Approximation• Under-Approximation
• Diagnostic Trace
• Breadth-First• Depth-First
• Local Reduction• Active-Clock Reduction• Global Reduction
• Re-Use State-Space
• Over-Approximation• Under-Approximation
Case Studies
46Estonian Winter School in Computer Science Kim G. Larsen UCb
Representation of symbolic states (In)Active Clock Reduction
x is only active in location S1
x>3x<5
x:=0
x:=0
S x is inactive at S if on all path fromS, x is always reset before beingtested.
Definitionx<7
Case Studies
47Estonian Winter School in Computer Science Kim G. Larsen UCb
Representation of symbolic states Active Clock Reduction
x>3x<5
S
x is inactive at S if on all path fromS, x is always reset before beingtested.
Definitiong1
gkg2r1
r2 rk
iii
ii
rClocks/SAct
gClocks
)S(Act
S1
S2 Sk
Only save constraints on active clocks
48Estonian Winter School in Computer Science Kim G. Larsen UCb
When to store symbolic stateGlobal Reduction
No Cycles: Passed list not needed for termination
However,Passed list useful forefficiency
Case Studies
49Estonian Winter School in Computer Science Kim G. Larsen UCb
When to store symbolic stateGlobal Reduction
Cycles: Only symbolic states involving loop-entry points need to be saved on Passed list
Case Studies
50Estonian Winter School in Computer Science Kim G. Larsen UCb
Reuse State Space
Passed
Waiting
prop1
A[] prop1
A[] prop2A[] prop3A[] prop4A[] prop5...A[] propn
Searchin existingPassedlist beforecontinuingsearch
Which orderto search?
prop2
Case Studies
51Estonian Winter School in Computer Science Kim G. Larsen UCb
Reuse State Space
Passed
Waiting
prop1
A[] prop1
A[] prop2A[] prop3A[] prop4A[] prop5...A[] propn
Searchin existingPassedlist beforecontinuingsearch
Which orderto search?Hashtable
prop2
Case Studies
52Estonian Winter School in Computer Science Kim G. Larsen UCb
Over-approximationConvex Hull
x
y
Convex Hull
1 3 5
1
3
5
Case Studies
53Estonian Winter School in Computer Science Kim G. Larsen UCb
Under-approximationBitstate Hashing
Passed
Waiting Final
Init
n,Z’
m,U
n,Z
54Estonian Winter School in Computer Science Kim G. Larsen UCb
Under-approximationBitstate Hashing
Passed
Waiting Final
Init
n,Z’
m,U
n,Z
Passed= Bitarray
1
0
1
0
0
1
UPPAAL 8 Mbits
HashfunctionF
55Estonian Winter School in Computer Science Kim G. Larsen UCb
Bitstate Hashing
INITIAL Passed := Ø; Waiting := {(n0,Z0)}
REPEAT - pick (n,Z) in Waiting - if for some Z’ Z (n,Z’) in Passed thenthen STOPSTOP - else /explore/ add
{ (m,U) : (n,Z) => (m,U) } to Waiting; Add (n,Z) to Passed
UNTIL Waiting = Ø or Final is in Waiting
INITIAL Passed := Ø; Waiting := {(n0,Z0)}
REPEAT - pick (n,Z) in Waiting - if for some Z’ Z (n,Z’) in Passed thenthen STOPSTOP - else /explore/ add
{ (m,U) : (n,Z) => (m,U) } to Waiting; Add (n,Z) to Passed
UNTIL Waiting = Ø or Final is in Waiting
Passed(F(n,Z)) = 1
Passed(F(n,Z)) := 1
56
Distributed Implementationof UPPAALUPPAAL
Gerd Behrmann, Thomas Hune,Frits Vandraager CAV2k
57Estonian Winter School in Computer Science Kim G. Larsen UCb
Distributing UPPAALUPPAAL
P
W
Gerd Behrmann, Thomas Hune,Frits Vandraager CAV2k
58Estonian Winter School in Computer Science Kim G. Larsen UCb
Distributing UPPAALUPPAAL
P
W
Gerd Behrmann, Thomas Hune,Frits Vandraager CAV2k
P1
W1
P2
W2
P4
W4
P3
W3
Passedstructuredistributed
Passedstructuredistributed
59Estonian Winter School in Computer Science Kim G. Larsen UCb
Distributing UPPAALUPPAAL Gerd Behrmann, Thomas Hune,Frits Vandraager CAV2k
P1
W1
P2
W2
P4
W4
P3
W3
Passedstructuredistributed
Passedstructuredistributed
Check in local Passedlist.If not present save,explore and distribute ...
Check in local Passedlist.If not present save,explore and distribute ...
? MPI
60Estonian Winter School in Computer Science Kim G. Larsen UCb
Distributing UPPAALUPPAAL Gerd Behrmann, Thomas Hune,Frits Vandraager CAV2k
P1
W1
P2
W2
P4
W4
P3
W3
Passedstructuredistributed
Passedstructuredistributed
?
Implemented usingMPI
on SUN Interprise 10000Beowulf cluster
Implemented usingMPI
on SUN Interprise 10000Beowulf cluster
Check in local Passedlist.If not present save,explore and distribute ...
Check in local Passedlist.If not present save,explore and distribute ...
61Estonian Winter School in Computer Science Kim G. Larsen UCb
Performance
DACAPODACAPO
T(n)T(1)
SUN Interprise 10000Shared Memory 12GB Ram24 333Mhz CPU’s
62Estonian Winter School in Computer Science Kim G. Larsen UCb
Performance
FullState SpaceGeneration
FullState SpaceGeneration
Super-linearSpeed-up
SUN Interprise 10000Shared Memory 12GB Ram24 333Mhz CPU’s
63Estonian Winter School in Computer Science Kim G. Larsen UCb
Performance
ShortestPath
Buscoupler
SUN Interprise 10000Shared Memory 12GB Ram24 333Mhz CPU’s
64Estonian Winter School in Computer Science Kim G. Larsen UCb
Performance
T(n)n
Linux Beowulf -- alpha clusterDistributed Memory 10 450 Mhz CPU/5 machines
65
Compositionality &Abstraction
66Estonian Winter School in Computer Science Kim G. Larsen UCb
The State Explosion Problem
a
cb
a
cb
a
cb
a
cb
a
cb
a
cb
a
cb
a
cb
sat
Model-checking is either EXPTIME-complete or PSPACE-complete
(for TA’s this is true even for a single TA)
Model-checking is either EXPTIME-complete or PSPACE-complete
(for TA’s this is true even for a single TA)
Sys
67Estonian Winter School in Computer Science Kim G. Larsen UCb
Abstraction
satSys AbsSys satAbs
a
cb
a
cb
a
cb
a
cb
a
cb
a
cb
a
cb
a
cb
sat
Sys
1 2
43 sat
Abs
REDUCE TO Preserving safetyproperties
68Estonian Winter School in Computer Science Kim G. Larsen UCb
Compositionality
AbsSysAbsAbs |Abs
Abs Sys
Abs Sys
21
22
11
a
cb
a
cb
a
cb
a
cb
a
cb
a
cb
a
cb
a
cb
Sys
1 2
43
1 2
43
Sys1 Sys2
Abs1 Abs2
2121
22
11
Abs |AbsSys |Sys Abs Sys
Abs Sys
69Estonian Winter School in Computer Science Kim G. Larsen UCb
Timed Simulation
R)t',(s' st. t't
then s's if -
R)t',(s' st. t't
then s's if -
then Rt)(s,Whenever b)
R)t,(s a)
s.t. StStR
relation a is there if TT
a
a
00
21
21
)(
)(
de
de
R)t',(s' st. t't
then s's if -
R)t',(s' st. t't
then s's if -
then Rt)(s,Whenever b)
R)t,(s a)
s.t. StStR
relation a is there if TT
a
a
00
21
21
)(
)(
de
de
)Test(T ||Tfor question
ty reachabili a to reduced bemay
TT then cdetermisti is T If *
decidable is *
ncompositio parallelby preserved is *
propertiessafety preserves *
21
212
)Test(T ||Tfor question
ty reachabili a to reduced bemay
TT then cdetermisti is T If *
decidable is *
ncompositio parallelby preserved is *
propertiessafety preserves *
21
212
UPPAALUPPAAL
70Estonian Winter School in Computer Science Kim G. Larsen UCb
R)t',(s' st. t't
then s's if -
R)t',(s' st. t't
then s's if -
then Rt)(s,Whenever b)
R)t,(s a)
s.t. StStR
relation a is there if TT
a
a
00
21
21
)(
)(
de
de
R)t',(s' st. t't
then s's if -
R)t',(s' st. t't
then s's if -
then Rt)(s,Whenever b)
R)t,(s a)
s.t. StStR
relation a is there if TT
a
a
00
21
21
)(
)(
de
de
Timed Simulation
)Test(T ||Tfor question
ty reachabili a to reduced bemay
TT then cdetermisti is T If *
decidable is *
ncompositio parallelby preserved is *
propertiessafety preserves *
21
212
)Test(T ||Tfor question
ty reachabili a to reduced bemay
TT then cdetermisti is T If *
decidable is *
ncompositio parallelby preserved is *
propertiessafety preserves *
21
212
UPPAALUPPAAL
Applied to
IEEE 1394a Root contention protocol (Simons, Stoelinga)
B&O Power Down Protocol (Ejersbo, Larsen, Skou, FTRTFT2k)
Modifications identified
when urgency
and shared integers
71
END