UPPAAL Ghaith Haddad Introduction UPPAAL is a tool
![Example: Mutual Exclusion Algorithm typedef int[1, 2] turn; typedef int[1, 2] flag; flag guard.](https://slidetodoc.com/presentation_image_h/eb7e516fe9ca534a8b5aae0401f9c3cd/image-10.jpg "Example: Mutual Exclusion Algorithm typedef int[1, 2] turn; typedef int[1, 2] flag; flag guard.")
- Slides: 13
UPPAAL Ghaith Haddad
Introduction • UPPAAL is a tool for modeling, validation and verification of real-time systems. • Appropriate for systems that can be modeled as a collection of non-deterministic processes with finite control structure and real-valued clocks (i. e. timed automata)
Introduction • Communication is through channels and (or) shared data structures. • Typical application areas: – Real-time controllers – Communication protocols – Other systems in which timing aspects are critical
UPPAAL? ? !! • SWEden + DENmark = SWEDEN – REJECTED • swe. DEN + den. MARK = DENMARK – REJECTED • UPPsala + AALborg = UPPAAL – ACCEPTED
UPPAAL Tool Parts • Graphical user interface (GUI) – Used for modeling, simulation, and verification. Uses the verification server for simulation and verification. • Verification server – Used for simulation and verification. In simulation, it is used to compute successor states. • A command line tool – A stand-alone verifier, appropriate for e. g. batch verifications.
Example: state types P 0 = T 0(); P 1 = T 1(); P 2 = T 2(); system P 0, P 1, P 2;
Locations can have an optional name. Besides serving as an identifier allowing you to refer to the location from the requirement specification language. The name must be a valid identifier. Conjunction of simple conditions on clocks, differences between clocks, and boolean expressions not involving clocks. The bound must be given by an integer expression. Lower bounds on clocks are disallowed. States which violate the invariants are undefined; by definition, such states do not exist. Exactly one per Template Like urgent locations, committed locations freeze time. Furthermore, if any process is in a committed location, the next transition must involve an edge from one of the committed locations. Freeze time; i. e. time is not allowed to pass when a process is in an urgent location.
Edges non-deterministically bind a given identifier to a value in a given range. The other three labels of an edge are within the scope of this binding. When executed, the update expression of the edge is evaluated. The side effect of this expression changes the state An edge is enabled in a state if and only if the guard evaluates to true. Processes can synchronize over channels. Edges labeled with complementary actions over a common channel synchronize.
Example: Mutual Exclusion Algorithm (Peterson’s)
Example: Mutual Exclusion Algorithm typedef int[1, 2] turn; typedef int[1, 2] flag; flag guard. Flag=1; P 1 = T 1(1); P 2 = T 1(2); system P 1, P 2;
Example: The Observer clock x; chan reset; P 1 = P(); Obs 1 = Obs(); system P 1, Obs 1;
Verifying Properties • E<> p: there exists a path where p eventually hold. (Possibly) • A[] p: for all paths p always hold. (Invariantly) • E[] p: there exists a path where p always hold. (Potentially Always) • A<> p: for all paths p will eventually hold. (Eventually) • p --> q: whenever p holds q will eventually hold. (Leads To)
References • http: //www. cs. aau. dk/~kgl/ARTES/index. ht m • http: //www. it. uu. se/research/group/darts/pa pers/texts/new-tutorial. pdf • http: //www. it. uu. se/research/group/darts/up paal/tutorial. pdf • http: //www. uppaal. com/