unit 12 modeling timing constraints
play

Unit-12: Modeling timing constraints B. Srivathsan Chennai - PowerPoint PPT Presentation

Unit-12: Modeling timing constraints B. Srivathsan Chennai Mathematical Institute NPTEL-course July - November 2015 1 / 20 Traffic lights controller Flight control Automatic gear control Pacemaker ATM Controllers need to adhere to strict


  1. Unit-12: Modeling timing constraints B. Srivathsan Chennai Mathematical Institute NPTEL-course July - November 2015 1 / 20

  2. Traffic lights controller Flight control Automatic gear control Pacemaker ATM Controllers need to adhere to strict timing constraints 2 / 20

  3. Traffic lights controller Flight control Automatic gear control Pacemaker ATM eg. when request for gear change is made, response should be within 1s Controllers need to adhere to strict timing constraints 2 / 20

  4. How do we model-check systems with timing constraints? 3 / 20

  5. Adding time to transition systems 4 / 20

  6. Example 1 5 / 20

  7. T RAIN G ATE 6 / 20

  8. T RAIN G ATE approach up near 0 far approach raise 1 3 raise lower enter exit lower exit in 2 down Train Controller Gate 6 / 20

  9. approach up near 0 far approach raise 1 3 raise lower enter exit lower exit 2 in down Train Controller Gate far, 0, up approach Train || Controller || Gate near, 1, up enter lower in, 1, up raise near, 2, down lower enter in, 2, down exit far, 3, down 7 / 20

  10. approach up near 0 far approach raise 1 3 raise lower enter exit lower exit 2 in down Train Controller Gate far, 0, up approach Train || Controller || Gate near, 1, up enter lower in, 1, up raise near, 2, down lower enter in, 2, down exit far, 3, down Unsafe state: Train is in when gate is still up 7 / 20

  11. approach up near 0 far approach raise 1 3 raise lower enter exit lower exit 2 in down Train Controller Gate far, 0, up approach Train || Controller || Gate near, 1, up enter lower in, 1, up raise near, 2, down lower enter in, 2, down exit far, 3, down Unsafe state: Train is in when gate is still up - need to add timing information in the model 7 / 20

  12. T RAIN G ATE approach up near 0 far approach raise 1 3 raise lower enter exit lower exit in 2 down Train Controller Gate < = 1 minute after > 2 minutes after = 1 minute execution time 8 / 20

  13. Coming next: Timed transition systems 9 / 20

  14. approach up near far 0 approach raise enter 1 3 raise lower exit exit lower 2 in down Train Controller Gate 10 / 20

  15. x := 0 approach up near far 0 approach raise enter 1 3 raise lower exit x ≥ 2 exit lower 2 in down Train Controller Gate 10 / 20

  16. x := 0 approach near up far 0 x ≤ 5 approach raise enter 1 3 raise lower exit x ≥ 2 exit lower in 2 in down x ≤ 5 Train Controller Gate 10 / 20

  17. x := 0 approach near up far y := 0 0 x ≤ 5 approach raise enter 1 3 raise lower exit x ≥ 2 exit lower in y == 1 2 in down x ≤ 5 Train Controller Gate 10 / 20

  18. x := 0 approach near up far y := 0 0 y == 1 x ≤ 5 approach raise enter 1 3 raise lower exit x ≥ 2 exit lower in y == 1 y := 0 2 in down x ≤ 5 Train Controller Gate 10 / 20

  19. x := 0 approach lower near comingdown up far y := 0 0 y == 1 x ≤ 5 approach raise enter 1 3 exit x ≥ 2 exit lower in comingup y == 1 y := 0 2 in down x ≤ 5 raise Train Controller Gate 10 / 20

  20. x := 0 z := 0 approach lower near comingdown up far y := 0 0 y == 1 z ≤ 1 x ≤ 5 approach raise enter 1 3 exit x ≥ 2 exit lower in comingup y == 1 y := 0 2 in down x ≤ 5 z ≤ 1 raise z := 0 Train Controller Gate 10 / 20

  21. Reset Invariant Guard x := 0 z := 0 approach lower near comingdown up far y := 0 0 y == 1 z ≤ 1 x ≤ 5 approach raise enter 1 3 exit x ≥ 2 exit lower in comingup y == 1 y := 0 2 in down x ≤ 5 z ≤ 1 raise z := 0 Train Controller Gate 10 / 20

  22. Reset Invariant Guard x := 0 z := 0 approach lower near comingdown up far y := 0 0 y == 1 z ≤ 1 x ≤ 5 approach raise enter 1 3 exit x ≥ 2 exit lower in comingup y == 1 y := 0 2 in down x ≤ 5 z ≤ 1 raise z := 0 Train Controller Gate Train || Gate || Controller 10 / 20

  23. Reset Invariant Guard x := 0 z := 0 approach lower near comingdown up far y := 0 0 y == 1 z ≤ 1 x ≤ 5 approach raise enter 1 3 exit x ≥ 2 exit lower in comingup y == 1 y := 0 2 in down x ≤ 5 z ≤ 1 raise z := 0 Train Controller Gate Train || Gate || Controller Synchronous product gives timed transition system for the joint behaviour 10 / 20

  24. Timed transition system Transition system + Clocks ◮ Resets: to start measuring time ◮ Guards: to impose time constraint on action ◮ Invariants: to limit time spent in a state 11 / 20

  25. UPPAAL - Model-checker for timed transition systems Kim Larsen, Paul Pettersson, Wang Yi - Computer-Aided Verification Award in 2013 for UPPAAL www.uppaal.com 12 / 20

  26. UPPAAL demo 13 / 20

  27. UPPAAL demo ◮ Adding states, transitions and clocks ◮ Simulation environment ◮ (Subset of) CTL property verification 13 / 20

  28. Example 2 14 / 20

  29. p 1 p 3 x y p 2 15 / 20

  30. [ 1, 3 ] p 1 [ 1, 2 ] p 3 x y p 2 [ 1, 3 ] 15 / 20

  31. [ 1, 3 ] Inertial delay p 1 [ 1, 2 ] p 3 x y p 2 [ 1, 3 ] 15 / 20

  32. [ 1, 3 ] Inertial delay p 1 [ 1, 2 ] p 3 x y p 2 [ 1, 3 ] [ 1,3 ] x p 1 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 15 / 20

  33. [ 1, 3 ] Inertial delay p 1 [ 1, 2 ] p 3 x y p 2 [ 1, 3 ] [ 1,3 ] x p 1 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 15 / 20

  34. [ 1, 3 ] Inertial delay p 1 [ 1, 2 ] p 3 x y p 2 [ 1, 3 ] [ 1,3 ] S: Stable (matches truth table) U: Unstable ( does not match truth table) x p 1 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 15 / 20

  35. [ 1, 3 ] Inertial delay p 1 [ 1, 2 ] p 3 x y p 2 [ 1, 3 ] [ 1,3 ] S: Stable (matches truth table) U: Unstable ( does not match truth table) S x p 1 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 15 / 20

  36. [ 1, 3 ] Inertial delay p 1 [ 1, 2 ] p 3 x y p 2 [ 1, 3 ] [ 1,3 ] S: Stable (matches truth table) U: Unstable ( does not match truth table) S U x p 1 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 15 / 20

  37. [ 1, 3 ] Inertial delay p 1 [ 1, 2 ] p 3 x y p 2 [ 1, 3 ] [ 1,3 ] S: Stable (matches truth table) U: Unstable ( does not match truth table) S U S x p 1 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 15 / 20

  38. [ 1, 3 ] Inertial delay p 1 [ 1, 2 ] p 3 x y p 2 [ 1, 3 ] [ 1,3 ] S: Stable (matches truth table) U: Unstable ( does not match truth table) S U S U x p 1 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 15 / 20

  39. [ 1, 3 ] Inertial delay p 1 [ 1, 2 ] p 3 x y p 2 [ 1, 3 ] [ 1,3 ] S: Stable (matches truth table) U: Unstable ( does not match truth table) S U S U S x p 1 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 15 / 20

  40. [ 1, 3 ] Inertial delay p 1 [ 1, 2 ] p 3 x y p 2 [ 1, 3 ] [ 1,3 ] S: Stable (matches truth table) U: Unstable ( does not match truth table) S U S U S U x p 1 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 15 / 20

  41. [ 1, 3 ] Inertial delay p 1 [ 1, 2 ] p 3 x y p 2 [ 1, 3 ] [ 1,3 ] S: Stable (matches truth table) U: Unstable ( does not match truth table) S U S U S U S x p 1 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 15 / 20

  42. p 1 x 〈 x , p 1 〉 16 / 20

  43. p 1 x 〈 x , p 1 〉 〈 0,1 〉 〈 1,1 〉 〈 1,0 〉 〈 0,0 〉 16 / 20

  44. p 1 x 〈 x , p 1 〉 〈 0,1 〉 〈 1,1 〉 〈 1,0 〉 〈 0,0 〉 16 / 20

  45. p 1 x 〈 x , p 1 〉 x : 1, z 1 := 0 〈 0,1 〉 〈 1,1 〉 〈 1,0 〉 〈 0,0 〉 16 / 20

  46. p 1 x 〈 x , p 1 〉 x : 1, z 1 := 0 〈 0,1 〉 〈 1,1 〉 p 1 : 0, 1 ≤ z 1 ≤ 3 〈 1,0 〉 〈 0,0 〉 16 / 20

  47. p 1 x 〈 x , p 1 〉 x : 1, z 1 := 0 〈 0,1 〉 〈 1,1 〉 x : 0, z 1 ≤ 3 p 1 : 0, 1 ≤ z 1 ≤ 3 〈 1,0 〉 〈 0,0 〉 16 / 20

  48. p 1 x 〈 x , p 1 〉 x : 1, z 1 := 0 〈 0,1 〉 〈 1,1 〉 x : 0, z 1 ≤ 3 p 1 : 0, 1 ≤ z 1 ≤ 3 〈 1,0 〉 〈 0,0 〉 x : 0, z 1 := 0 16 / 20

  49. p 1 x 〈 x , p 1 〉 x : 1, z 1 := 0 〈 0,1 〉 〈 1,1 〉 x : 0, z 1 ≤ 3 p 1 : 1, 1 ≤ z 1 ≤ 3 p 1 : 0, 1 ≤ z 1 ≤ 3 〈 1,0 〉 〈 0,0 〉 x : 0, z 1 := 0 16 / 20

  50. p 1 x 〈 x , p 1 〉 x : 1, z 1 := 0 〈 0,1 〉 〈 1,1 〉 x : 0, z 1 ≤ 3 p 1 : 1, 1 ≤ z 1 ≤ 3 p 1 : 0, 1 ≤ z 1 ≤ 3 x : 1, z 1 ≤ 3 〈 1,0 〉 〈 0,0 〉 x : 0, z 1 := 0 16 / 20

  51. x p 2 y p y 〈 x , y , p 2 〉 〈 000 〉 y : 1 x : 1 y : 0 x : 0 〈 010 〉 〈 100 〉 x : 0, z 2 ≤ 3 y : 0, z 2 ≤ 3 x : 1, z 2 := 0 y : 1, z 2 := 0 p 2 : 0 〈 110 〉 p 2 : 0 p 2 : 1 1 ≤ z 2 ≤ 3 1 ≤ z 2 ≤ 3 1 ≤ z 2 ≤ 3 x : 0, z 2 := 0 y : 0, z 2 := 0 〈 011 〉 〈 111 〉 〈 101 〉 x : 1, z 2 ≤ 3 y : 1, z 2 ≤ 3 17 / 20

  52. [ ] p 1 p 3 p 2 〈 p 1 , p 2 , p 3 〉 〈 001 〉 p 2 : 1 p 1 : 1 p 2 : 0 p 1 : 0 〈 011 〉 〈 101 〉 p 1 : 0, z 3 ≤ 2 p 2 : 0, z 3 ≤ 2 p 1 : 1, z 3 := 0 p 2 : 1, z 3 := 0 p 3 : 1 〈 111 〉 p 3 : 1 p 3 : 0 1 ≤ z 3 ≤ 2 1 ≤ z 3 ≤ 2 1 ≤ z 3 ≤ 2 p 1 : 0, z 3 := 0 p 2 : 0, z 3 := 0 〈 010 〉 〈 110 〉 〈 100 〉 p 1 : 1, z 3 ≤ 2 p 2 : 1, z 3 ≤ 2 18 / 20

Recommend


More recommend