chapter 16 : kronos (model checking of real-time systems) jiho yang
TRANSCRIPT
![Page 1: Chapter 16 : KRONOS (Model Checking of Real-time Systems) JIHO YANG](https://reader036.vdocument.in/reader036/viewer/2022062313/56649c765503460f9492a143/html5/thumbnails/1.jpg)
Chapter 16 : KRONOS (Model Checking of Real-time Systems)
JIHO YANG
![Page 2: Chapter 16 : KRONOS (Model Checking of Real-time Systems) JIHO YANG](https://reader036.vdocument.in/reader036/viewer/2022062313/56649c765503460f9492a143/html5/thumbnails/2.jpg)
What is KRONOS?
KRONOS allows analyzing timed automata.
KRONOS is a model checker for the TCTL(Timed CTL) logic.
KRONOS checks whether a timed automaton satisfies a TCTL.
![Page 3: Chapter 16 : KRONOS (Model Checking of Real-time Systems) JIHO YANG](https://reader036.vdocument.in/reader036/viewer/2022062313/56649c765503460f9492a143/html5/thumbnails/3.jpg)
KRONOS’ Essentials
KRONOS is one of the tools, which implements a model checking algorithm for a timed temporal logic (TCTL).
KRONOS contains no graphical, no simulation modes.
KRONOS is a timed model checker. http://www-verimag.imag.fr/TEMPORISE/kronos
![Page 4: Chapter 16 : KRONOS (Model Checking of Real-time Systems) JIHO YANG](https://reader036.vdocument.in/reader036/viewer/2022062313/56649c765503460f9492a143/html5/thumbnails/4.jpg)
Railroad crossing example(Two train, a gate, a controller, a counter)
![Page 5: Chapter 16 : KRONOS (Model Checking of Real-time Systems) JIHO YANG](https://reader036.vdocument.in/reader036/viewer/2022062313/56649c765503460f9492a143/html5/thumbnails/5.jpg)
Cont.
![Page 6: Chapter 16 : KRONOS (Model Checking of Real-time Systems) JIHO YANG](https://reader036.vdocument.in/reader036/viewer/2022062313/56649c765503460f9492a143/html5/thumbnails/6.jpg)
Cont.KRONOS Code (Tr1.tg) /* train1 */ #locs 3 /* number of states*/#trans 3 /* number of transitions */#clocks x1 /* clock */#sync app1 exit1 /* synchronization labels */ loc: 0prop: farinv: TRUEtrans: TRUE => app1; x1:=0 ; goto 1 loc: 1prop: nearinv: x1 < 30trans: x1 > 20 and x1 < 30 => enter; ; goto 2 loc: 2prop: oninv: x1 < 50trans: x1 > 20 and x1 < 50 => exit1; ; goto 0(trans: x1 > 30 and x1 < 50 => exit1; ; goto 0)
![Page 7: Chapter 16 : KRONOS (Model Checking of Real-time Systems) JIHO YANG](https://reader036.vdocument.in/reader036/viewer/2022062313/56649c765503460f9492a143/html5/thumbnails/7.jpg)
Synchronized Product In order for several components of a
system to communicate, KRONOS introduce a synchronization function.
KRONOS, a synchronization label is simply obtained by the union of the label sets of the components.
A set of transitions are synchronized if and only if each label occurring in one of the transition sets also belongs to one set of another transition.
![Page 8: Chapter 16 : KRONOS (Model Checking of Real-time Systems) JIHO YANG](https://reader036.vdocument.in/reader036/viewer/2022062313/56649c765503460f9492a143/html5/thumbnails/8.jpg)
Cont. (example)
A1 containts the single transition {a,b} t1 : q1 ------- r1 A2 contains the single transition {b,c} t2 : q2 ------- r2
![Page 9: Chapter 16 : KRONOS (Model Checking of Real-time Systems) JIHO YANG](https://reader036.vdocument.in/reader036/viewer/2022062313/56649c765503460f9492a143/html5/thumbnails/9.jpg)
Cont. (example)
If b is a synchronization label, then the product of automata A1 and A2 contains transition of
{a,b,c} q1,q2 ---------- r1,r2.
![Page 10: Chapter 16 : KRONOS (Model Checking of Real-time Systems) JIHO YANG](https://reader036.vdocument.in/reader036/viewer/2022062313/56649c765503460f9492a143/html5/thumbnails/10.jpg)
Kronos code (Example) Extension “.tg” : “timed graph”
Make the product of A1 and A2: A(12)
Kronos -out A12.tg A1.tg A2.tg
![Page 11: Chapter 16 : KRONOS (Model Checking of Real-time Systems) JIHO YANG](https://reader036.vdocument.in/reader036/viewer/2022062313/56649c765503460f9492a143/html5/thumbnails/11.jpg)
Cont.(Example)
Compose the result A(12) with A3: (we can express kronos code like)
Kronos -out A12A3.tg A12.tg A3.tg
![Page 12: Chapter 16 : KRONOS (Model Checking of Real-time Systems) JIHO YANG](https://reader036.vdocument.in/reader036/viewer/2022062313/56649c765503460f9492a143/html5/thumbnails/12.jpg)
Cont. The automaton A(12)3 – the
product of A1 and A2, and then compose the result A(12) with A3
The automaton A1(23) – the product of A2 and A3, and then compose the result A(23) with A1
It is not easy to use a modular approach.
![Page 13: Chapter 16 : KRONOS (Model Checking of Real-time Systems) JIHO YANG](https://reader036.vdocument.in/reader036/viewer/2022062313/56649c765503460f9492a143/html5/thumbnails/13.jpg)
Cont.
There is two ways to overcome. The first one consists in building in a
single operation the product of all components of a given system.
Kronos code:
Kronos –out S.tg Tr1.tg Tr2.tg Gate.tg Contr.tg Ct.tg
![Page 14: Chapter 16 : KRONOS (Model Checking of Real-time Systems) JIHO YANG](https://reader036.vdocument.in/reader036/viewer/2022062313/56649c765503460f9492a143/html5/thumbnails/14.jpg)
Cont. The second way:
use a special option “-sd” Kronos –sd –out A12.tg A1.tg A2.tg
![Page 15: Chapter 16 : KRONOS (Model Checking of Real-time Systems) JIHO YANG](https://reader036.vdocument.in/reader036/viewer/2022062313/56649c765503460f9492a143/html5/thumbnails/15.jpg)
Model checking
The properties to be checked must be expressed by TCTL.
Each being in a separate file with extension “.tctl”
![Page 16: Chapter 16 : KRONOS (Model Checking of Real-time Systems) JIHO YANG](https://reader036.vdocument.in/reader036/viewer/2022062313/56649c765503460f9492a143/html5/thumbnails/16.jpg)
Safety property Safety property : Under certain
conditions, an event never occur. ……???
“when a train is inside the crossing, the gate is closed.”
Safe.tctl : Init impl AB(on impl closed)
• AB correspond A and G of CTL• Impl : Boolean combinator
![Page 17: Chapter 16 : KRONOS (Model Checking of Real-time Systems) JIHO YANG](https://reader036.vdocument.in/reader036/viewer/2022062313/56649c765503460f9492a143/html5/thumbnails/17.jpg)
Cont.
Verifying safety property KRONOS command:
Kronos –back S.tg safe.tctl (backward analysis)
Kronos –forw S.tg safe.tctl (forwards analysis)
Safe.eval contains the result
![Page 18: Chapter 16 : KRONOS (Model Checking of Real-time Systems) JIHO YANG](https://reader036.vdocument.in/reader036/viewer/2022062313/56649c765503460f9492a143/html5/thumbnails/18.jpg)
Liveness property
Liveness property: under certain condition, some event will ultimately occur.
“from the moment where no train arrives anymore, the gate will be open after d time units.”
Express TCTL
![Page 19: Chapter 16 : KRONOS (Model Checking of Real-time Systems) JIHO YANG](https://reader036.vdocument.in/reader036/viewer/2022062313/56649c765503460f9492a143/html5/thumbnails/19.jpg)
Cont.
Init => AG (┐near ^ ┐on => ┐E(┐near ^ ┐on ^ ┐open) U (>d) true))
Write KRONOS when d = 20;Init implAB((not near and not on) impl not((not near and not on and not open) EU{>20}
TRUE))
![Page 20: Chapter 16 : KRONOS (Model Checking of Real-time Systems) JIHO YANG](https://reader036.vdocument.in/reader036/viewer/2022062313/56649c765503460f9492a143/html5/thumbnails/20.jpg)
Questions…