UPPAAL Model Checking, Performance Analysis and Testing of Real Time Systems Kim G. Larsen CISS – Aalborg University DENMARK
CISS – Center For Embedded Software Systems Regional ICT Center (2002- ) 3 research groups Characteristica : Computer Science Control Theory Hardware Dedicated function Wireless Communication Complex environment SW/HW/Mechanics 20 Employed Networked 25 Associated 20 PhD Students Autonomous 50 Industrial projects Ressource constrained 10 Elite-students : Energy 140+ MDKK : Bandwidth : Memory ARTIST Design : … ARTEMIS ... ... Timing constraints FM Forum -- Model Checking in Action -- Kim G Larsen Kim G. Larsen [2]
Model Checking & Performance Analysis
Origin of UPPAAL TAU CCS & Modal Transition Systems Refinements Modal Mu-Calculus Explicit State Representation Prolog 1989 1989 UPPAAL 1993 1995 Timed Automata 1993 1995 TCTL Zones C++ & Java 2007 2007 EPSILON TCCS 2013 2013 Timed Refinements Timed Mu-Calculus UP4ALL Regions Prolog< CAV Award FM Forum -- Model Checking in Action -- Kim Kim Larsen [4] G Larsen
Contributors @UPPsala @ AALborg Kim G Larsen Wang Yi Alexandre David Paul Pettersson Gerd Behrman John Håkansson Arne Skou Anders Hessel Brian Nielsen Pavel Krcal Jacob I. Rasmussen Leonid Mokrushin Marius Mikucionis Shi Xiaochun Thomas Chatain @Elsewhere Emmanuel Fleury, Didier Lime, Johan Bengtsson, Fredrik Larsson, Kåre J − Kristofgersen, T obias Amnell, Thomas Hune, Oliver Möller, Elena Fersman, Carsten Weise, David Griffjoen, Ansgar Fehnker, Frits Vandraager, Theo Ruys, Pedro D’Argenio, J-P Katoen, Jan T retmans, Judi Romijn, Ed Brinksma, Martijn Hendriks, Klaus Havelund, Franck Cassez, Magnus Lindahl, Francois Laroussinie, Patricia Bouyer, Augusto Burgueno, H. Bowmann, D. Latella, M. Massink, G. Faconti, Kristina Lundqvist, Lars Asplund, Justin Pearson... FM Forum -- Model Checking in Action -- Kim G Larsen Kim Larsen [5]
UPPAAL Model Checker Simulator Discrete Control Concurrency Editor Continuous Aspects Stochasticity Timing Constraints Resources Performance Verifier Analyses FM Forum -- Model Checking in Action -- Kim G Larsen Kim Larsen [6]
Timed Automata [Alur & Dill’89] Synchronizing action Reset Clock Guard Conjunctions of x~n x: real-valued clock ADD a clock x FM Forum -- Model Checking in Action -- Kim G Larsen Kim Larsen [7]
Semantics Semantics in UPPAAL FM Forum -- Model Checking in Action -- Kim G Larsen Kim Larsen [8]
Train Crossing Safe Approaching Crossing Safe River Bridge tracks Time 20 0 3 – 5 FM Forum -- Model Checking in Action -- Kim G Larsen [9]
Train Crossing Safe Approaching Crossing Safe Safe Approaching Crossing Safe River Bridge tracks Time 10 20 0 3 – 5 Stop the train while it still stoppable! FM Forum -- Model Checking in Action -- Kim G Larsen [10]
Train Crossing Safe Approaching Crossing Crossing Safe Safe Safe Approaching Crossing Crossing Crossing Safe Safe Stopped Stopped Restarted Restarted River Bridge tracks 7 – 15 Time 10 20 0 3 – 5 FM Forum -- Model Checking in Action -- Kim G Larsen [11]
Train Crossing Safe Approaching Crossing Safe Add timing + synchronization Stopped Restarted FM Forum -- Model Checking in Action -- Kim G Larsen [12]
Editor GUI • Unlimited undo and redo Language • User defjned functions (C-like) • Syntax and bracket highlighting • New types (records, type • Rectangular selection declarations, meta variables, • Customization of colors scalars) • T ooltip • Partial instantiation of templates • Hiding of information • Select clauses on edges • Improved help menu with search • Forall and exist quantifjers component FM Forum -- Model Checking in Action -- Kim G Larsen Kim Larsen [ 13]
Concrete Simulator Graphical Simulator Graphical Simulator • visualization • visualization and recording and recording • inexpensive fault detection • inexpensive fault detection • inspection of error traces • inspection of error traces • Message Sequence Charts • Message Sequence Charts • Gannt Charts • Gannt Charts FM Forum -- Model Checking in Action -- Kim G Larsen Kim Larsen [ 14]
Symbolic Simulator Graphical Simulator Graphical Simulator • visualization • visualization and recording and recording • inexpensive fault detection • inexpensive fault detection • inspection of error traces • inspection of error traces • Message Sequence Charts • Message Sequence Charts • Gannt Charts • Gannt Charts FM Forum -- Model Checking in Action -- Kim G Larsen Kim Larsen [ 15]
Verifjer Verifier Verifier • Exhaustive & automatic • Exhaustive & automatic checking of requirements checking of requirements • .. including validating, safety, liveness, • .. including validating, safety, liveness, bounded liveness and bounded liveness and response properties response properties • .. performance properties, • .. performance properties, e.g probabilistic and expectation. e.g probabilistic and expectation. • .. generation of debugging information • .. generation of debugging information for visualisation in simulator. for visualisation in simulator. • .. plot composer • .. plot composer FM Forum -- Model Checking in Action -- Kim G Larsen Kim Larsen [ 16]
Demo FM Forum -- Model Checking in Action -- Kim G Larsen Kim Larsen [ 17]
Evolution of Performance FM Forum -- Model Checking in Action -- Kim G Larsen Kim Larsen [ 18]
Evolution of Code Base Client-Server Architecture GUI: Java Engine: C++ Platforms: Linux, MacOS, Solaris, Windows 3 major cycles. FM Forum -- Model Checking in Action -- Kim G Larsen Kim Larsen [ 19]
THE ”secret” of UPPAAL FM Forum -- Model Checking in Action -- Kim G Larsen Kim Larsen [ 20]
Zones & DBMs THE ”secret” UPPAAL DBM package -4 x1 x2 Minimal Constraint 4 Form 3 3 2 -2 -2 2 [RTSS97] x0 x3 1 5 Clock Difgerence Diagrams [CAV99] PW List [SPIN03] FM Forum -- Model Checking in Action -- Kim G Larsen Kim Larsen [ 21]
UPPAAL as a back-end Vooduu: verifjcation of object-oriented designs using Uppaal, 2004. Moby/RT: A T ool for Specifjcation and Verifjcation of Real-Time Systems, 2000. Formalising the ARTS MPSOC Model in UPPAAL, 2007 Marte UML UPPAAL , 2003. Yggdrasil: Statechart UPPAAL, 2003 Component-Based Design and Analysis of Embedded Systems with UPPAAL PORT, 2008 Verifjcation of COMDES-II Systems Using UPPAAL with Model Transformation, 2008 METAMOC: Modular WCET Analysis Using UPPAAL, 2010. … … FM Forum -- Model Checking in Action -- Kim G Larsen Kim Larsen [ 22]
Industrial Usage some examples
Bang & Olufsen (1997) Arne Skou, Klaus Havelund Bug known to exist for 10 years Ill-described: 2.800 loc + 3 fmowchart + 1 B&O eng. 3 months for modeling. UPPAAL detects error with 1.998 transition steps (shortest) Error trace was confjrmed in B&O laboratory. Error corrected and verifjed in UPPAAL. Follow-up project. 1st RTSS’97 talk, Klaus Havelund FM Forum -- Model Checking in Action -- Kim G Larsen Kim Larsen [ 24]
Bang & Olufsen (2001) FM Forum -- Model Checking in Action -- Kim G Larsen Kim Larsen [ 25]
MECEL AB (1998) Gear Controller Lindahl, Pettersson, Yi 1998 GearControl Clutch Interface Paul Pettersson GearBox Engine Network Canbus Flowgraph FM Forum -- Model Checking in Action -- Kim G Larsen Kim Larsen [ 26]
MECEL AB (1998) Gear Controller Lindahl, Pettersson, Yi 1998 GearControl Clutch Interface Paul Pettersson GearBox Engine Network Canbus Flowgraph FM Forum -- Model Checking in Action -- Kim G Larsen Kim Larsen [ 27]
MECEL AB (1998) Gear Controller Lindahl, Pettersson, Yi 1998 GearControl Clutch Interface Paul Pettersson GearBox Engine Network Canbus FM Forum -- Model Checking in Action -- Kim G Larsen Kim Larsen [ 28]
TERMA A/S (2004) Memory Management for Radars y t Radar Video Processing Subsystem i s A d v a n c e d N o i s e r e v R e d u c t i o n T e c h n i q u e s i 9.170 GHz 9.438 GHz D y C o s t a l S u r v e i l l a n c e c n e u e 0,5 q e 1,5 e 0,4 e e 1,4 r e 0,3 e 2,5 echo F e 1,3 e 2,4 e 0,2 Combiner e 1,2 e 2,3 (VP3) e 2,2 e 3,5 e 3,4 e 3,3 e 3,2 e combiner c n a l l i e v r u S t r o p r i A FM Forum -- Model Checking in Action -- Kim G Larsen Kim Larsen [ 29]
Recommend
More recommend