![Page 1: UCb Kim Guldstrand Larsen BRICS@Aalborg Symbolic Model Checking …and Verification Options How UPPAAL really works & How to make UPPAAL really work](https://reader035.vdocument.in/reader035/viewer/2022070307/551b08f15503465e7d8b5beb/html5/thumbnails/1.jpg)
UCb
Kim Guldstrand LarsenBRICS@Aalborg
Symbolic Model Checking…and Verification Options
How UPPAAL really works&
How to make UPPAAL really work
![Page 2: UCb Kim Guldstrand Larsen BRICS@Aalborg Symbolic Model Checking …and Verification Options How UPPAAL really works & How to make UPPAAL really work](https://reader035.vdocument.in/reader035/viewer/2022070307/551b08f15503465e7d8b5beb/html5/thumbnails/2.jpg)
IDA foredrag 20.4.99 UCb
THE UPPAAL ENGINE
Symbolic Reachability Checking
![Page 3: UCb Kim Guldstrand Larsen BRICS@Aalborg Symbolic Model Checking …and Verification Options How UPPAAL really works & How to make UPPAAL really work](https://reader035.vdocument.in/reader035/viewer/2022070307/551b08f15503465e7d8b5beb/html5/thumbnails/3.jpg)
3TOV 2002, Lektion 3. Kim G. Larsen
UCb ZonesFrom infinite to finite
State(n, x=3.2, y=2.5 )
x
y
x
y
Symbolic state (set)(n, )
Zone:conjunction ofx-y<=n, x<=>n
3y4,1x1
![Page 4: UCb Kim Guldstrand Larsen BRICS@Aalborg Symbolic Model Checking …and Verification Options How UPPAAL really works & How to make UPPAAL really work](https://reader035.vdocument.in/reader035/viewer/2022070307/551b08f15503465e7d8b5beb/html5/thumbnails/4.jpg)
4TOV 2002, Lektion 3. Kim G. Larsen
UCb
Symbolic Transitions
n
m
x>3
y:=0
delays to
conjuncts to
projects to
x
y
1<=x<=41<=y<=3
x
y1<=x, 1<=y-2<=x-y<=3
x
y 3<x, 1<=y-2<=x-y<=3
3<x, y=0
x
y
Thus (n,1<=x<=4,1<=y<=3) =a => (m,3<x, y=0)Thus (n,1<=x<=4,1<=y<=3) =a => (m,3<x, y=0)
a
![Page 5: UCb Kim Guldstrand Larsen BRICS@Aalborg Symbolic Model Checking …and Verification Options How UPPAAL really works & How to make UPPAAL really work](https://reader035.vdocument.in/reader035/viewer/2022070307/551b08f15503465e7d8b5beb/html5/thumbnails/5.jpg)
5TOV 2002, Lektion 3. Kim G. Larsen
UCb
A1 B1 CS1V:=1 V=1
A2 B2 CS2V:=2 V=2
Init V=1
2´
VCriticial Section
Fischer’s Protocolanalysis using zones
Y<10
X:=0
Y:=0
X>10
Y>10
X<10
![Page 6: UCb Kim Guldstrand Larsen BRICS@Aalborg Symbolic Model Checking …and Verification Options How UPPAAL really works & How to make UPPAAL really work](https://reader035.vdocument.in/reader035/viewer/2022070307/551b08f15503465e7d8b5beb/html5/thumbnails/6.jpg)
6TOV 2002, Lektion 3. Kim G. Larsen
UCb
Fischers cont. B1 CS1
V:=1 V=1
A2 B2 CS2V:=2 V=2Y<10
X:=0
Y:=0
X>10
Y>10
X<10
A1,A2,v=1 A1,B2,v=2 A1,CS2,v=2 B1,CS2,v=1 CS1,CS2,v=1
Untimed case
A1
![Page 7: UCb Kim Guldstrand Larsen BRICS@Aalborg Symbolic Model Checking …and Verification Options How UPPAAL really works & How to make UPPAAL really work](https://reader035.vdocument.in/reader035/viewer/2022070307/551b08f15503465e7d8b5beb/html5/thumbnails/7.jpg)
7TOV 2002, Lektion 3. Kim G. Larsen
UCb
Fischers cont. B1 CS1
V:=1 V=1
A2 B2 CS2V:=2 V=2Y<10
X:=0
Y:=0
X>10
Y>10
X<10
A1,A2,v=1 A1,B2,v=2 A1,CS2,v=2 B1,CS2,v=1 CS1,CS2,v=1
Untimed case
Taking time into account
X
Y
A1
![Page 8: UCb Kim Guldstrand Larsen BRICS@Aalborg Symbolic Model Checking …and Verification Options How UPPAAL really works & How to make UPPAAL really work](https://reader035.vdocument.in/reader035/viewer/2022070307/551b08f15503465e7d8b5beb/html5/thumbnails/8.jpg)
8TOV 2002, Lektion 3. Kim G. Larsen
UCb
Fischers cont. B1 CS1
V:=1 V=1
A2 B2 CS2V:=2 V=2Y<10
X:=0
Y:=0
X>10
Y>10
X<10
A1,A2,v=1 A1,B2,v=2 A1,CS2,v=2 B1,CS2,v=1 CS1,CS2,v=1
Untimed case
Taking time into account
X
Y
A1
10X
Y1010
![Page 9: UCb Kim Guldstrand Larsen BRICS@Aalborg Symbolic Model Checking …and Verification Options How UPPAAL really works & How to make UPPAAL really work](https://reader035.vdocument.in/reader035/viewer/2022070307/551b08f15503465e7d8b5beb/html5/thumbnails/9.jpg)
9TOV 2002, Lektion 3. Kim G. Larsen
UCb
Fischers cont. B1 CS1
V:=1 V=1
A2 B2 CS2V:=2 V=2Y<10
X:=0
Y:=0
X>10
Y>10
X<10
A1,A2,v=1 A1,B2,v=2 A1,CS2,v=2 B1,CS2,v=1 CS1,CS2,v=1
Untimed case
Taking time into account
A1
10X
Y10
X
Y10
![Page 10: UCb Kim Guldstrand Larsen BRICS@Aalborg Symbolic Model Checking …and Verification Options How UPPAAL really works & How to make UPPAAL really work](https://reader035.vdocument.in/reader035/viewer/2022070307/551b08f15503465e7d8b5beb/html5/thumbnails/10.jpg)
10TOV 2002, Lektion 3. Kim G. Larsen
UCb
Fischers cont. B1 CS1
V:=1 V=1
A2 B2 CS2V:=2 V=2Y<10
X:=0
Y:=0
X>10
Y>10
X<10
A1,A2,v=1 A1,B2,v=2 A1,CS2,v=2 B1,CS2,v=1 CS1,CS2,v=1
Untimed case
Taking time into account
A1
10X
Y10
X
Y10
10X
Y10
![Page 11: UCb Kim Guldstrand Larsen BRICS@Aalborg Symbolic Model Checking …and Verification Options How UPPAAL really works & How to make UPPAAL really work](https://reader035.vdocument.in/reader035/viewer/2022070307/551b08f15503465e7d8b5beb/html5/thumbnails/11.jpg)
11TOV 2002, Lektion 3. Kim G. Larsen
UCb
Fischers cont. B1 CS1
V:=1 V=1
A2 B2 CS2V:=2 V=2Y<10
X:=0
Y:=0
X>10
Y>10
X<10
A1,A2,v=1 A1,B2,v=2 A1,CS2,v=2 B1,CS2,v=1 CS1,CS2,v=1
Untimed case
Taking time into account
A1
10X
Y10
X
Y10
10X
Y10
![Page 12: UCb Kim Guldstrand Larsen BRICS@Aalborg Symbolic Model Checking …and Verification Options How UPPAAL really works & How to make UPPAAL really work](https://reader035.vdocument.in/reader035/viewer/2022070307/551b08f15503465e7d8b5beb/html5/thumbnails/12.jpg)
12TOV 2002, Lektion 3. Kim G. Larsen
UCb
Forward Rechability
Passed
WaitingFinal
Init
INITIAL Passed := Ø; Waiting := {(n0,Z0)}
REPEAT - pick (n,Z) in Waiting - if for some Z’ Z (n,Z’) in Passed then STOP - else (explore) add
{ (m,U) : (n,Z) => (m,U) } to Waiting; Add (n,Z) to Passed
UNTIL Waiting = Ø or Final is in Waiting
Init -> Final ?
![Page 13: UCb Kim Guldstrand Larsen BRICS@Aalborg Symbolic Model Checking …and Verification Options How UPPAAL really works & How to make UPPAAL really work](https://reader035.vdocument.in/reader035/viewer/2022070307/551b08f15503465e7d8b5beb/html5/thumbnails/13.jpg)
13TOV 2002, Lektion 3. Kim G. Larsen
UCb
Forward Rechability
Passed
Waiting Final
Init
n,Z
INITIAL Passed := Ø; Waiting := {(n0,Z0)}
REPEAT - pick (n,Z) in Waiting - if for some Z’ Z (n,Z’) in Passed then STOP - else (explore) add
{ (m,U) : (n,Z) => (m,U) } to Waiting; Add (n,Z) to Passed
UNTIL Waiting = Ø or Final is in Waiting
n,Z’
Init -> Final ?
![Page 14: UCb Kim Guldstrand Larsen BRICS@Aalborg Symbolic Model Checking …and Verification Options How UPPAAL really works & How to make UPPAAL really work](https://reader035.vdocument.in/reader035/viewer/2022070307/551b08f15503465e7d8b5beb/html5/thumbnails/14.jpg)
14TOV 2002, Lektion 3. Kim G. Larsen
UCb
Forward Rechability
Passed
Waiting Final
Init
n,Z
INITIAL Passed := Ø; Waiting := {(n0,Z0)}
REPEAT - pick (n,Z) in Waiting - if for some Z’ Z (n,Z’) in Passed then STOP - else /explore/ add
{ (m,U) : (n,Z) => (m,U) } to Waiting; Add (n,Z) to Passed
UNTIL Waiting = Ø or Final is in Waiting
n,Z’
m,U
Init -> Final ?
![Page 15: UCb Kim Guldstrand Larsen BRICS@Aalborg Symbolic Model Checking …and Verification Options How UPPAAL really works & How to make UPPAAL really work](https://reader035.vdocument.in/reader035/viewer/2022070307/551b08f15503465e7d8b5beb/html5/thumbnails/15.jpg)
15TOV 2002, Lektion 3. Kim G. Larsen
UCb
Forward Rechability
Passed
Waiting Final
Init
INITIAL Passed := Ø; Waiting := {(n0,Z0)}
REPEAT - pick (n,Z) in Waiting - if for some Z’ Z (n,Z’) in Passed then STOP - else /explore/ add
{ (m,U) : (n,Z) => (m,U) } to Waiting; Add (n,Z) to Passed
UNTIL Waiting = Ø or Final is in Waiting
n,Z’
m,U
n,Z
Init -> Final ?
![Page 16: UCb Kim Guldstrand Larsen BRICS@Aalborg Symbolic Model Checking …and Verification Options How UPPAAL really works & How to make UPPAAL really work](https://reader035.vdocument.in/reader035/viewer/2022070307/551b08f15503465e7d8b5beb/html5/thumbnails/16.jpg)
16TOV 2002, Lektion 3. Kim G. Larsen
UCb Canonical Dastructures for Zones
Difference Bounded Matrices Bellman 1958, Dill 1989
x<=1y-x<=2z-y<=2z<=9
x<=1y-x<=2z-y<=2z<=9
x<=2y-x<=3y<=3z-y<=3z<=7
x<=2y-x<=3y<=3z-y<=3z<=7
D1
D2
Inclusion
0
x
y
z
1 2
29
0
x
y
z
2 3
37
3
? ?
Graph
Graph
![Page 17: UCb Kim Guldstrand Larsen BRICS@Aalborg Symbolic Model Checking …and Verification Options How UPPAAL really works & How to make UPPAAL really work](https://reader035.vdocument.in/reader035/viewer/2022070307/551b08f15503465e7d8b5beb/html5/thumbnails/17.jpg)
17TOV 2002, Lektion 3. Kim G. Larsen
UCb
Bellman 1958, Dill 1989
x<=1y-x<=2z-y<=2z<=9
x<=1y-x<=2z-y<=2z<=9
x<=2y-x<=3y<=3z-y<=3z<=7
x<=2y-x<=3y<=3z-y<=3z<=7
D1
D2
Inclusion
0
x
y
z
1 2
29
ShortestPath
Closure
ShortestPath
Closure
0
x
y
z
1 2
25
0
x
y
z
2 3
37
0
x
y
z
2 3
36
3
3 3
Graph
Graph
? ?
Canonical Dastructures for ZonesDifference Bounded Matrices
Canonical Form
![Page 18: UCb Kim Guldstrand Larsen BRICS@Aalborg Symbolic Model Checking …and Verification Options How UPPAAL really works & How to make UPPAAL really work](https://reader035.vdocument.in/reader035/viewer/2022070307/551b08f15503465e7d8b5beb/html5/thumbnails/18.jpg)
18TOV 2002, Lektion 3. Kim G. Larsen
UCb
Bellman 1958, Dill 1989
x<=1y>=5y-x<=3
x<=1y>=5y-x<=3
D
Emptyness
0y
x1
3
-5
Negative Cycleiffempty solution set
Graph
Canonical Dastructures for ZonesDifference Bounded Matrices
![Page 19: UCb Kim Guldstrand Larsen BRICS@Aalborg Symbolic Model Checking …and Verification Options How UPPAAL really works & How to make UPPAAL really work](https://reader035.vdocument.in/reader035/viewer/2022070307/551b08f15503465e7d8b5beb/html5/thumbnails/19.jpg)
19TOV 2002, Lektion 3. Kim G. Larsen
UCb
1<= x <=41<= y <=3
1<= x <=41<= y <=3
D
Future
x
y
x
y
Future D
0
y
x4
-1
3
-1
ShortestPath
Closure
Removeupper
boundson clocks
1<=x, 1<=y-2<=x-y<=3
1<=x, 1<=y-2<=x-y<=3
y
x
-1
-1
3
2
0
y
x
-1
-1
3
2
0
4
3
Canonical Dastructures for ZonesDifference Bounded Matrices
![Page 20: UCb Kim Guldstrand Larsen BRICS@Aalborg Symbolic Model Checking …and Verification Options How UPPAAL really works & How to make UPPAAL really work](https://reader035.vdocument.in/reader035/viewer/2022070307/551b08f15503465e7d8b5beb/html5/thumbnails/20.jpg)
20TOV 2002, Lektion 3. Kim G. Larsen
UCb Canonical Dastructures for Zones
Difference Bounded Matrices
x
y
D
1<=x, 1<=y-2<=x-y<=3
1<=x, 1<=y-2<=x-y<=3
y
x
-1
-1
3
2
0
Remove allbounds
involving yand set y to 0
x
y
{y}D
y=0, 1<=xy=0, 1<=x
Reset
y
x
-1
0
0 0
![Page 21: UCb Kim Guldstrand Larsen BRICS@Aalborg Symbolic Model Checking …and Verification Options How UPPAAL really works & How to make UPPAAL really work](https://reader035.vdocument.in/reader035/viewer/2022070307/551b08f15503465e7d8b5beb/html5/thumbnails/21.jpg)
21TOV 2002, Lektion 3. Kim G. Larsen
UCb Improved DatastructuresCompact Datastructure for Zones
x1-x2<=4x2-x1<=10x3-x1<=2x2-x3<=2x0-x1<=3x3-x0<=5
x1-x2<=4x2-x1<=10x3-x1<=2x2-x3<=2x0-x1<=3x3-x0<=5
x1 x2
x3x0
-4
10
22
5
3
x1 x2
x3x0
-4
4
22
5
3
x1 x2
x3x0
-4
22
3
3 -2 -2
1
ShortestPath
ClosureO(n^3)
ShortestPath
ReductionO(n^3) 3
Canonical wrt =Space worst O(n^2) practice O(n)
RTSS’97
![Page 22: UCb Kim Guldstrand Larsen BRICS@Aalborg Symbolic Model Checking …and Verification Options How UPPAAL really works & How to make UPPAAL really work](https://reader035.vdocument.in/reader035/viewer/2022070307/551b08f15503465e7d8b5beb/html5/thumbnails/22.jpg)
22TOV 2002, Lektion 3. Kim G. Larsen
UCb SPACE PERFORMANCE
0
0,1
0,2
0,3
0,4
0,5
0,6
0,7
0,8
0,9
1
Per
cen
t Minimal Constraint
Global Reduction
Combination
![Page 23: UCb Kim Guldstrand Larsen BRICS@Aalborg Symbolic Model Checking …and Verification Options How UPPAAL really works & How to make UPPAAL really work](https://reader035.vdocument.in/reader035/viewer/2022070307/551b08f15503465e7d8b5beb/html5/thumbnails/23.jpg)
23TOV 2002, Lektion 3. Kim G. Larsen
UCb TIME PERFORMANCE
0
0,5
1
1,5
2
2,5
Per
cen
t Minimal Constraint
Global Reduction
Combination
![Page 24: UCb Kim Guldstrand Larsen BRICS@Aalborg Symbolic Model Checking …and Verification Options How UPPAAL really works & How to make UPPAAL really work](https://reader035.vdocument.in/reader035/viewer/2022070307/551b08f15503465e7d8b5beb/html5/thumbnails/24.jpg)
24TOV 2002, Lektion 3. Kim G. Larsen
UCb
v and w are both redundantRemoval of one depends on presence of other.
v and w are both redundantRemoval of one depends on presence of other.
Shortest Path Reduction1st attempt
Idea
Problem
w
<=wAn edge is REDUNDANT if there existsan alternative path of no greater weight THUS Remove all redundant edges!
An edge is REDUNDANT if there existsan alternative path of no greater weight THUS Remove all redundant edges!
w
v
Observation: If no zero- or negative cycles then SAFE to remove all redundancies.
Observation: If no zero- or negative cycles then SAFE to remove all redundancies.
![Page 25: UCb Kim Guldstrand Larsen BRICS@Aalborg Symbolic Model Checking …and Verification Options How UPPAAL really works & How to make UPPAAL really work](https://reader035.vdocument.in/reader035/viewer/2022070307/551b08f15503465e7d8b5beb/html5/thumbnails/25.jpg)
25TOV 2002, Lektion 3. Kim G. Larsen
UCb Shortest Path ReductionSolution
G: weighted graph
![Page 26: UCb Kim Guldstrand Larsen BRICS@Aalborg Symbolic Model Checking …and Verification Options How UPPAAL really works & How to make UPPAAL really work](https://reader035.vdocument.in/reader035/viewer/2022070307/551b08f15503465e7d8b5beb/html5/thumbnails/26.jpg)
26TOV 2002, Lektion 3. Kim G. Larsen
UCb Shortest Path ReductionSolution
G: weighted graph
1. Equivalence classes based on 0-cycles.
![Page 27: UCb Kim Guldstrand Larsen BRICS@Aalborg Symbolic Model Checking …and Verification Options How UPPAAL really works & How to make UPPAAL really work](https://reader035.vdocument.in/reader035/viewer/2022070307/551b08f15503465e7d8b5beb/html5/thumbnails/27.jpg)
27TOV 2002, Lektion 3. Kim G. Larsen
UCb Shortest Path ReductionSolution
G: weighted graph
1. Equivalence classes based on 0-cycles.
2. Graph based on representatives. Safe to remove redundant edges
![Page 28: UCb Kim Guldstrand Larsen BRICS@Aalborg Symbolic Model Checking …and Verification Options How UPPAAL really works & How to make UPPAAL really work](https://reader035.vdocument.in/reader035/viewer/2022070307/551b08f15503465e7d8b5beb/html5/thumbnails/28.jpg)
28TOV 2002, Lektion 3. Kim G. Larsen
UCb Shortest Path ReductionSolution
G: weighted graph
1. Equivalence classes based on 0-cycles.
2. Graph based on representatives. Safe to remove redundant edges
3. Shortest Path Reduction = One cycle pr. class + Removal of redundant edges between classesCanonical given order of clocks
![Page 29: UCb Kim Guldstrand Larsen BRICS@Aalborg Symbolic Model Checking …and Verification Options How UPPAAL really works & How to make UPPAAL really work](https://reader035.vdocument.in/reader035/viewer/2022070307/551b08f15503465e7d8b5beb/html5/thumbnails/29.jpg)
29TOV 2002, Lektion 3. Kim G. Larsen
UCb
Earlier Termination
Passed
Waiting Final
Init
INITIAL Passed := Ø; Waiting := {(n0,Z0)}
REPEAT - pick (n,Z) in Waiting - if for some Z’ Z (n,Z’) in Passed then STOP - else /explore/ add
{ (m,U) : (n,Z) => (m,U) } to Waiting; Add (n,Z) to Passed
UNTIL Waiting = Ø or Final is in Waiting
n,Z’
m,U
n,Z
Init -> Final ?
![Page 30: UCb Kim Guldstrand Larsen BRICS@Aalborg Symbolic Model Checking …and Verification Options How UPPAAL really works & How to make UPPAAL really work](https://reader035.vdocument.in/reader035/viewer/2022070307/551b08f15503465e7d8b5beb/html5/thumbnails/30.jpg)
30TOV 2002, Lektion 3. Kim G. Larsen
UCb
Earlier Termination
Passed
Waiting Final
Init
INITIAL Passed := Ø; Waiting := {(n0,Z0)}
REPEAT - pick (n,Z) in Waiting - if for some Z’ Z (n,Z’) in Passed then STOP - else /explore/ add
{ (m,U) : (n,Z) => (m,U) } to Waiting; Add (n,Z) to Passed
UNTIL Waiting = Ø or Final is in Waiting
n,Z’
m,U
n,Z
Init -> Final ?
ZZ'
![Page 31: UCb Kim Guldstrand Larsen BRICS@Aalborg Symbolic Model Checking …and Verification Options How UPPAAL really works & How to make UPPAAL really work](https://reader035.vdocument.in/reader035/viewer/2022070307/551b08f15503465e7d8b5beb/html5/thumbnails/31.jpg)
31TOV 2002, Lektion 3. Kim G. Larsen
UCb
INITIAL Passed := Ø; Waiting := {(n0,Z0)}
REPEAT - pick (n,Z) in Waiting - if for some (n,Z’) in Passed then STOP - else /explore/ add
{ (m,U) : (n,Z) => (m,U) } to Waiting; Add (n,Z) to Passed
UNTIL Waiting = Ø or Final is in Waiting
Earlier Termination
Passed
Waiting Final
Init
n,Zk
m,U
n,Z
Init -> Final ?
n,Z1
n,Z2 ZZii
ZZ'
![Page 32: UCb Kim Guldstrand Larsen BRICS@Aalborg Symbolic Model Checking …and Verification Options How UPPAAL really works & How to make UPPAAL really work](https://reader035.vdocument.in/reader035/viewer/2022070307/551b08f15503465e7d8b5beb/html5/thumbnails/32.jpg)
32TOV 2002, Lektion 3. Kim G. Larsen
UCb Clock Difference Diagrams= Binary Decision Diagrams + Difference Bounded Matrices
CDD-representationsCDD-representations
CAV99
Nodes labeled with differences
Maximal sharing of substructures (also across different CDDs)
Maximal intervals Linear-time algorithms
for set-theoretic operations.
NDD’s Maler et. al
DDD’s Møller, Lichtenberg
![Page 33: UCb Kim Guldstrand Larsen BRICS@Aalborg Symbolic Model Checking …and Verification Options How UPPAAL really works & How to make UPPAAL really work](https://reader035.vdocument.in/reader035/viewer/2022070307/551b08f15503465e7d8b5beb/html5/thumbnails/33.jpg)
33TOV 2002, Lektion 3. Kim G. Larsen
UCb
SPACE PERFORMANCE
0
0,5
1
1,5
2
2,5
3
3,5
4
4,5
Per
cen
t CDD
Reduced CDD
CDD+BDD
![Page 34: UCb Kim Guldstrand Larsen BRICS@Aalborg Symbolic Model Checking …and Verification Options How UPPAAL really works & How to make UPPAAL really work](https://reader035.vdocument.in/reader035/viewer/2022070307/551b08f15503465e7d8b5beb/html5/thumbnails/34.jpg)
34TOV 2002, Lektion 3. Kim G. Larsen
UCb
TIME PERFORMANCE
0
1
2
3
4
5
6
Per
cen
t CDD
Reduced CDD
CDD+BDD
![Page 35: UCb Kim Guldstrand Larsen BRICS@Aalborg Symbolic Model Checking …and Verification Options How UPPAAL really works & How to make UPPAAL really work](https://reader035.vdocument.in/reader035/viewer/2022070307/551b08f15503465e7d8b5beb/html5/thumbnails/35.jpg)
35TOV 2002, Lektion 3. Kim G. Larsen
UCb
Verification Options• Breadth-First• Depth-First
• Clock Reduction • State Space Reduction
• State Space Repr.• DBM• Compact • Over-approximation• Under-approx
• Reuse State Space• Diagnostic Trace
• Breadth-First• Depth-First
• Clock Reduction • State Space Reduction
• State Space Repr.• DBM• Compact • Over-approximation• Under-approx
• Reuse State Space• Diagnostic Trace
Case Studies
![Page 36: UCb Kim Guldstrand Larsen BRICS@Aalborg Symbolic Model Checking …and Verification Options How UPPAAL really works & How to make UPPAAL really work](https://reader035.vdocument.in/reader035/viewer/2022070307/551b08f15503465e7d8b5beb/html5/thumbnails/36.jpg)
36TOV 2002, Lektion 3. Kim G. Larsen
UCb Representation of symbolic states (In)Active Clock Reduction
x is only active in location S1
x>3x<5
x:=0
x:=0
S x is inactive at S if on all path fromS, x is always reset before beingtested.
Definitionx<7
![Page 37: UCb Kim Guldstrand Larsen BRICS@Aalborg Symbolic Model Checking …and Verification Options How UPPAAL really works & How to make UPPAAL really work](https://reader035.vdocument.in/reader035/viewer/2022070307/551b08f15503465e7d8b5beb/html5/thumbnails/37.jpg)
37TOV 2002, Lektion 3. Kim G. Larsen
UCb Representation of symbolic states Active Clock Reduction
x>3x<5
S
x is inactive at S if on all path fromS, x is always reset before beingtested.
Definitiong1
gkg2r1
r2 rk
iii
ii
rClocks/SAct
gClocks
)S(Act
S1
S2 Sk
Only save constraints on active clocks
![Page 38: UCb Kim Guldstrand Larsen BRICS@Aalborg Symbolic Model Checking …and Verification Options How UPPAAL really works & How to make UPPAAL really work](https://reader035.vdocument.in/reader035/viewer/2022070307/551b08f15503465e7d8b5beb/html5/thumbnails/38.jpg)
38TOV 2002, Lektion 3. Kim G. Larsen
UCb When to store symbolic stateState Space Reduction
No Cycles: Passed list not needed for termination
However,Passed list useful forefficiency
![Page 39: UCb Kim Guldstrand Larsen BRICS@Aalborg Symbolic Model Checking …and Verification Options How UPPAAL really works & How to make UPPAAL really work](https://reader035.vdocument.in/reader035/viewer/2022070307/551b08f15503465e7d8b5beb/html5/thumbnails/39.jpg)
39TOV 2002, Lektion 3. Kim G. Larsen
UCb When to store symbolic stateState Space Reduction
Cycles: Only symbolic states involving loop-entry points need to be saved on Passed list
![Page 40: UCb Kim Guldstrand Larsen BRICS@Aalborg Symbolic Model Checking …and Verification Options How UPPAAL really works & How to make UPPAAL really work](https://reader035.vdocument.in/reader035/viewer/2022070307/551b08f15503465e7d8b5beb/html5/thumbnails/40.jpg)
40TOV 2002, Lektion 3. Kim G. Larsen
UCb
Reuse State Space
Passed
Waiting
prop1
A[] prop1
A[] prop2A[] prop3A[] prop4A[] prop5...A[] propn
Searchin existingPassedlist beforecontinuingsearch
Which orderto search?
prop2
![Page 41: UCb Kim Guldstrand Larsen BRICS@Aalborg Symbolic Model Checking …and Verification Options How UPPAAL really works & How to make UPPAAL really work](https://reader035.vdocument.in/reader035/viewer/2022070307/551b08f15503465e7d8b5beb/html5/thumbnails/41.jpg)
41TOV 2002, Lektion 3. Kim G. Larsen
UCb
Reuse State Space
Passed
Waiting
prop1
A[] prop1
A[] prop2A[] prop3A[] prop4A[] prop5...A[] propn
Searchin existingPassedlist beforecontinuingsearch
Which orderto search?Hashtable
prop2
![Page 42: UCb Kim Guldstrand Larsen BRICS@Aalborg Symbolic Model Checking …and Verification Options How UPPAAL really works & How to make UPPAAL really work](https://reader035.vdocument.in/reader035/viewer/2022070307/551b08f15503465e7d8b5beb/html5/thumbnails/42.jpg)
42TOV 2002, Lektion 3. Kim G. Larsen
UCb Over-approximationConvex Hull
x
y
Convex Hull
1 3 5
1
3
5
![Page 43: UCb Kim Guldstrand Larsen BRICS@Aalborg Symbolic Model Checking …and Verification Options How UPPAAL really works & How to make UPPAAL really work](https://reader035.vdocument.in/reader035/viewer/2022070307/551b08f15503465e7d8b5beb/html5/thumbnails/43.jpg)
43TOV 2002, Lektion 3. Kim G. Larsen
UCb Under-approximationBitstate Hashing
Passed
Waiting Final
Init
n,Z’
m,U
n,Z
![Page 44: UCb Kim Guldstrand Larsen BRICS@Aalborg Symbolic Model Checking …and Verification Options How UPPAAL really works & How to make UPPAAL really work](https://reader035.vdocument.in/reader035/viewer/2022070307/551b08f15503465e7d8b5beb/html5/thumbnails/44.jpg)
44TOV 2002, Lektion 3. Kim G. Larsen
UCb Under-approximationBitstate Hashing
Passed
Waiting Final
Init
n,Z’
m,U
n,Z
Passed= Bitarray
1
0
1
0
0
1
UPPAAL 8 Mbits
HashfunctionF
![Page 45: UCb Kim Guldstrand Larsen BRICS@Aalborg Symbolic Model Checking …and Verification Options How UPPAAL really works & How to make UPPAAL really work](https://reader035.vdocument.in/reader035/viewer/2022070307/551b08f15503465e7d8b5beb/html5/thumbnails/45.jpg)
45TOV 2002, Lektion 3. Kim G. Larsen
UCb
Bitstate Hashing
INITIAL Passed := Ø; Waiting := {(n0,Z0)}
REPEAT - pick (n,Z) in Waiting - if for some Z’ Z (n,Z’) in Passed thenthen STOPSTOP - else /explore/ add
{ (m,U) : (n,Z) => (m,U) } to Waiting; Add (n,Z) to Passed
UNTIL Waiting = Ø or Final is in Waiting
INITIAL Passed := Ø; Waiting := {(n0,Z0)}
REPEAT - pick (n,Z) in Waiting - if for some Z’ Z (n,Z’) in Passed thenthen STOPSTOP - else /explore/ add
{ (m,U) : (n,Z) => (m,U) } to Waiting; Add (n,Z) to Passed
UNTIL Waiting = Ø or Final is in Waiting
Passed(F(n,Z)) = 1
Passed(F(n,Z)) := 1
![Page 46: UCb Kim Guldstrand Larsen BRICS@Aalborg Symbolic Model Checking …and Verification Options How UPPAAL really works & How to make UPPAAL really work](https://reader035.vdocument.in/reader035/viewer/2022070307/551b08f15503465e7d8b5beb/html5/thumbnails/46.jpg)
46TOV 2002, Lektion 3. Kim G. Larsen
UCb
Best Options for Fischer
![Page 47: UCb Kim Guldstrand Larsen BRICS@Aalborg Symbolic Model Checking …and Verification Options How UPPAAL really works & How to make UPPAAL really work](https://reader035.vdocument.in/reader035/viewer/2022070307/551b08f15503465e7d8b5beb/html5/thumbnails/47.jpg)
47TOV 2002, Lektion 3. Kim G. Larsen
UCb
Best Options for Fischer
![Page 48: UCb Kim Guldstrand Larsen BRICS@Aalborg Symbolic Model Checking …and Verification Options How UPPAAL really works & How to make UPPAAL really work](https://reader035.vdocument.in/reader035/viewer/2022070307/551b08f15503465e7d8b5beb/html5/thumbnails/48.jpg)
48TOV 2002, Lektion 3. Kim G. Larsen
UCb
Overview
Timed Automata (review)UPPAAL 3.2 Symbolic Reachability & Datastructures
DBMs Compact Datastructure CDDs
Verification OptionsBeyond Model Checking
![Page 49: UCb Kim Guldstrand Larsen BRICS@Aalborg Symbolic Model Checking …and Verification Options How UPPAAL really works & How to make UPPAAL really work](https://reader035.vdocument.in/reader035/viewer/2022070307/551b08f15503465e7d8b5beb/html5/thumbnails/49.jpg)
49TOV 2002, Lektion 3. Kim G. Larsen
UCb
The State Explosion Problem
a
cb
a
cb
a
cb
a
cb
a
cb
a
cb
a
cb
a
cb
sat
Model-checking is either EXPTIME-complete or PSPACE-complete
(for TA’s this is true even for a single TA)
Model-checking is either EXPTIME-complete or PSPACE-complete
(for TA’s this is true even for a single TA)
Sys
![Page 50: UCb Kim Guldstrand Larsen BRICS@Aalborg Symbolic Model Checking …and Verification Options How UPPAAL really works & How to make UPPAAL really work](https://reader035.vdocument.in/reader035/viewer/2022070307/551b08f15503465e7d8b5beb/html5/thumbnails/50.jpg)
50TOV 2002, Lektion 3. Kim G. Larsen
UCb Abstraction
satSys AbsSys satAbs
a
cb
a
cb
a
cb
a
cb
a
cb
a
cb
a
cb
a
cb
sat
Sys
1 2
43 sat
Abs
REDUCE TO Preserving safetyproperties
![Page 51: UCb Kim Guldstrand Larsen BRICS@Aalborg Symbolic Model Checking …and Verification Options How UPPAAL really works & How to make UPPAAL really work](https://reader035.vdocument.in/reader035/viewer/2022070307/551b08f15503465e7d8b5beb/html5/thumbnails/51.jpg)
51TOV 2002, Lektion 3. Kim G. Larsen
UCb Compositionality
AbsSysAbsAbs |Abs
Abs Sys
Abs Sys
21
22
11
Sys
1 2
43
1 2
43
Sys1 Sys2
a
cb
a
cb
a
cb
a
cb
a
cb
a
cb
a
cb
a
cb
Abs1 Abs2
2121
22
11
Abs |AbsSys |Sys Abs Sys
Abs Sys
![Page 52: UCb Kim Guldstrand Larsen BRICS@Aalborg Symbolic Model Checking …and Verification Options How UPPAAL really works & How to make UPPAAL really work](https://reader035.vdocument.in/reader035/viewer/2022070307/551b08f15503465e7d8b5beb/html5/thumbnails/52.jpg)
52TOV 2002, Lektion 3. Kim G. Larsen
UCb
Timed Simulation
R)t',(s' st. t't
then s's if -
R)t',(s' st. t't
then s's if -
then Rt)(s,Whenever b)
R)t,(s a)
s.t. StStR
relation a is there if TT
a
a
00
21
21
)(
)(
de
de
R)t',(s' st. t't
then s's if -
R)t',(s' st. t't
then s's if -
then Rt)(s,Whenever b)
R)t,(s a)
s.t. StStR
relation a is there if TT
a
a
00
21
21
)(
)(
de
de
)Test(T ||Tfor question
ty reachabili a to reduced bemay
TT then cdetermisti is T If *
decidable is *
ncompositio parallelby preserved is *
propertiessafety preserves *
21
212
)Test(T ||Tfor question
ty reachabili a to reduced bemay
TT then cdetermisti is T If *
decidable is *
ncompositio parallelby preserved is *
propertiessafety preserves *
21
212
UPPAALUPPAAL
![Page 53: UCb Kim Guldstrand Larsen BRICS@Aalborg Symbolic Model Checking …and Verification Options How UPPAAL really works & How to make UPPAAL really work](https://reader035.vdocument.in/reader035/viewer/2022070307/551b08f15503465e7d8b5beb/html5/thumbnails/53.jpg)
53TOV 2002, Lektion 3. Kim G. Larsen
UCb
R)t',(s' st. t't
then s's if -
R)t',(s' st. t't
then s's if -
then Rt)(s,Whenever b)
R)t,(s a)
s.t. StStR
relation a is there if TT
a
a
00
21
21
)(
)(
de
de
R)t',(s' st. t't
then s's if -
R)t',(s' st. t't
then s's if -
then Rt)(s,Whenever b)
R)t,(s a)
s.t. StStR
relation a is there if TT
a
a
00
21
21
)(
)(
de
de
Timed Simulation
)Test(T ||Tfor question
ty reachabili a to reduced bemay
TT then cdetermisti is T If *
decidable is *
ncompositio parallelby preserved is *
propertiessafety preserves *
21
212
)Test(T ||Tfor question
ty reachabili a to reduced bemay
TT then cdetermisti is T If *
decidable is *
ncompositio parallelby preserved is *
propertiessafety preserves *
21
212
UPPAALUPPAAL
Applied to
IEEE 1394a Root contention protocol (Simons, Stoelinga)
B&O Power Down Protocol (Ejersbo, Larsen, Skou, FTRTFT2k)
Modifications identified
when urgency
and shared integers
![Page 54: UCb Kim Guldstrand Larsen BRICS@Aalborg Symbolic Model Checking …and Verification Options How UPPAAL really works & How to make UPPAAL really work](https://reader035.vdocument.in/reader035/viewer/2022070307/551b08f15503465e7d8b5beb/html5/thumbnails/54.jpg)
IDA foredrag 20.4.99 UCb
THE END (almost)
![Page 55: UCb Kim Guldstrand Larsen BRICS@Aalborg Symbolic Model Checking …and Verification Options How UPPAAL really works & How to make UPPAAL really work](https://reader035.vdocument.in/reader035/viewer/2022070307/551b08f15503465e7d8b5beb/html5/thumbnails/55.jpg)
55TOV 2002, Lektion 3. Kim G. Larsen
UCb
![Page 56: UCb Kim Guldstrand Larsen BRICS@Aalborg Symbolic Model Checking …and Verification Options How UPPAAL really works & How to make UPPAAL really work](https://reader035.vdocument.in/reader035/viewer/2022070307/551b08f15503465e7d8b5beb/html5/thumbnails/56.jpg)
56TOV 2002, Lektion 3. Kim G. Larsen
UCb
![Page 57: UCb Kim Guldstrand Larsen BRICS@Aalborg Symbolic Model Checking …and Verification Options How UPPAAL really works & How to make UPPAAL really work](https://reader035.vdocument.in/reader035/viewer/2022070307/551b08f15503465e7d8b5beb/html5/thumbnails/57.jpg)
57TOV 2002, Lektion 3. Kim G. Larsen
UCb
![Page 58: UCb Kim Guldstrand Larsen BRICS@Aalborg Symbolic Model Checking …and Verification Options How UPPAAL really works & How to make UPPAAL really work](https://reader035.vdocument.in/reader035/viewer/2022070307/551b08f15503465e7d8b5beb/html5/thumbnails/58.jpg)
58TOV 2002, Lektion 3. Kim G. Larsen
UCb
![Page 59: UCb Kim Guldstrand Larsen BRICS@Aalborg Symbolic Model Checking …and Verification Options How UPPAAL really works & How to make UPPAAL really work](https://reader035.vdocument.in/reader035/viewer/2022070307/551b08f15503465e7d8b5beb/html5/thumbnails/59.jpg)
59TOV 2002, Lektion 3. Kim G. Larsen
UCb