uppaal lite
DESCRIPTION
Lite introduction to UppaalTRANSCRIPT
An introduction toAn introduction to
Uppaal Uppaal
Ulrik Hørlyk HjortUlrik Hørlyk HjortBestPractice Consulting & Advising 2010BestPractice Consulting & Advising 2010
The Uppaal SystemThe Uppaal System
► UPPAAL is a tool for modeling, validation and UPPAAL is a tool for modeling, validation and verification of real-time systems.verification of real-time systems.
► It is appropriate for systems that can be modeled as It is appropriate for systems that can be modeled as a collection of non-deterministic processes with finite a collection of non-deterministic processes with finite control structure and real-valued clocks (i.e. timed control structure and real-valued clocks (i.e. timed automata), communicating through channels and (or) automata), communicating through channels and (or) shared data structures.shared data structures.
► Typical application areas include real-time Typical application areas include real-time controllers, communication protocols, and other controllers, communication protocols, and other systems in which timing aspects are critical.systems in which timing aspects are critical.
Uppaal SystemUppaal System
► Integrated tool environment for:Integrated tool environment for:■ ModellingModelling
■ SimulationSimulation
■ VerificationVerification
The System EditorThe System Editor
► The system editor is used to create and edit the The system editor is used to create and edit the system model to be analysedsystem model to be analysed
► A system model describe a network of a finite A system model describe a network of a finite number of non-deterministic finite state number of non-deterministic finite state automataautomata
► Transitions between states may be labeled with:Transitions between states may be labeled with:
■ GuardsGuards
■ SynchronizationsSynchronizations
■ Assignment statementsAssignment statements
Uppaal ModelUppaal Model
Initial Location
Location
Edge
Synchronization
Uppaal ModelUppaal Model
procedure Factorial is
Result : Integer := 5;
begin for I in reverse 1 .. 4 loop Result := Result * I; end loop;
Put_Line(Integer'Image(Result));
end Factorial;
Task SynchronizationTask Synchronizationtask body TaskA isbegin TaskB.WriteTaskName;end TaskA;
task body TaskB isbegin accept WriteTaskName do Put_Line("Task B"); end WriteTaskName;end TaskB;
Subprogram SynchronizationSubprogram Synchronizationprocedure Main is
procedure Hello is begin Put_Line("Hello, World!"); end Hello;
begin Hello;end Main;
Parametrised SynchronizationParametrised Synchronizationprocedure Factorial is
function Fac(N: Integer) Return Integer is Result : Integer := N; begin for I in reverse 1 .. N1 loop Result := Result * I; end loop; return Result; end Fac;
begin Put_Line(Integer'Image(Fac(5)));end Factorial;
The Model Checker (Verifier)The Model Checker (Verifier)
► The model checker verify the model with respect to a The model checker verify the model with respect to a requirement specification. requirement specification.
► Verifies safety, bounded-liveness and other user Verifies safety, bounded-liveness and other user specified properties by reachability analysis.specified properties by reachability analysis.
► The model checker support three Path formulae:The model checker support three Path formulae:
■ ReachabilityReachability
■ Safety Safety
■ LivenessLiveness
E<>φ - “φ Reachable”E<>φ - “φ Reachable”► E<>φ – It is possible to reach a state in which E<>φ – It is possible to reach a state in which
φ is satisfied φ is satisfied
► φ is true in – at least – one reachable stateφ is true in – at least – one reachable state
The SimulatorThe Simulator
► Lets users simulate the models to visually Lets users simulate the models to visually explore their dynamic behavior.explore their dynamic behavior.
Simple Phone CaseSimple Phone Case
► Model a phone that can:Model a phone that can:■ Receive a callReceive a call
■ Make a callMake a call
■ Receive an smsReceive an sms
► Requirement:Requirement:■ If a call come while user write an sms, the user If a call come while user write an sms, the user
shall be able to answer or reject the call and then shall be able to answer or reject the call and then return to the sms editor.return to the sms editor.
DeclarationsDeclarationsbool INCOME_CALL = false;
chan letter, digit, send, cancel, accept, acceptCall, rejectCall;
broadcast chan incomeCall, incomeSms, callTone, smsTone, handleCall, handleSms;
chan enterSms, exitSms, enterCall, exitCall, exitReceiveCall;
User and Mainscreen ModelsUser and Mainscreen Models
User Model
Main Screen Model
Make CallMake Call
Receive CallReceive Call
Send SmsSend Sms
Simple Phone Requirement Simple Phone Requirement VerificationVerification
► Requirement:Requirement:
■ If a call come while user write an sms, the user shall be able to If a call come while user write an sms, the user shall be able to answer or reject the call and then return to the sms editor.Trueanswer or reject the call and then return to the sms editor.True
► Verify that there is a path to the location “Call” in the Verify that there is a path to the location “Call” in the “ReceiveCall” automata and a path to the location “ReceiveCall” automata and a path to the location “ExitReceivedCall” in the “SendSms” automata“ExitReceivedCall” in the “SendSms” automata
► The requirement can be verified with the reachability The requirement can be verified with the reachability property as:property as:
■ E<>SendSms.ExitReceivedCall and ReceiveCall.CallE<>SendSms.ExitReceivedCall and ReceiveCall.Call
► Which evealuate to true in the verifier Which evealuate to true in the verifier
Simulate the simple phone Simulate the simple phone modelmodel
► Use the simulator to verify that it is possible Use the simulator to verify that it is possible to cover all edges in the model and that the to cover all edges in the model and that the model is deadlock freemodel is deadlock free
Questions?Questions?
www.uppaal.comwww.uppaal.com