timed uml state machines ognyana hristova tutor: priv.-doz. dr. thomas noll june, 2007

Timed UML State Machines

Ognyana Hristova

Tutor: Priv.-Doz. Dr. Thomas NollJune, 2007

Contents

Introduction UML model

“Generalised Railroad Crossing” problem Class diagrams State machines Collaborations

Timed automata UML Collaboration in UPPAAL Verification Summary

Introduction

Present the UML model using “Generalised Railroad Crossing” case study Class diagrams State machines and their verification Collaborations

We show what is a tamed automaton and its representation in UPPAAL

We show how represent the UML collaborations in UPPAAL

Contents




UML model

Unified Modeling Language (UML) is a modeling languagefor specifying, visualizing, constructing, and documentingmodels of discrete event systems and models of softwaresystems. defines several different structural and behavioral

diagram types. For modeling real-time systems especially the behavioraldiagrams are important include the dynamic system properties and timing

information

Contents




UML model “Generalised Railroad Crossing” problem

the critical section is guarded by two sensors for each track (entry and exit sensors)

for every track at most one train passes the critical section whenever the gate is occupied, the gate must be closed (safety

property) when the gate initiates opening, it must become fully open and

must stay open for a certain period (utility property)

GRS is a railway control system which controls access to a gate, which is for several railroad tracks lies, in a critical section of the tracks.


Where:

ta ( Ta ) - minimal (maximal) time a train may take to pass the

distance between A and D

tg ( Tg ) – minimal (maximal) time a train may take to pass the gate

gu ( gd ) -a time for that the gate bars go up (down) from fully closed

(open) to fully open (closed)

at

GRS with timing annotation: (part 1)

entry sensor exit sensor


Where:

go - the minimal period the gate has to stay open

= gd + Δ ( = gu + go + Δ) - the time before that gate

must initiate closing (open)

Δ < ta - -

at

GRS with timing annotation: (part 2)

entry sensor exit sensor

+dg +

ug

+dg +

ug

Contents




UML model Class diagrams

The class diagram shows the static structures of the system:

-id : int

define interfaces of participating objects specify attributes, methods, and associations

(communication links) behavior will be defined by associated state

machines

Contents




UML model State machines

The state machine diagrams are used to detail the transitions or changes of state an object can go through in the system.

In general they describe the dynamics.

Gate behavior:


Track behavior:

Where notation is: guard/action “^” means output


Control state machine:

Contents




UML model Collaborations

Collaborations emphasize the structure of relationships between entities.

They describe the flow of messages (calls) between objects .

Safe behavior:

UML model Collaborations

Erroneous behavior: utility property

It is impossible that after the gate received an open signal, a

close signal arrives before at least time gu + go has elapsed

Timed state machines are compiled into timed automata that exchange signals and operations.

Contents




Timed automata

A timed automaton is a non-deterministic finite-state

machine extended with clock variables. Definition: Timed Automaton. A timed automaton is a

tuple (L, l0, C, A, E, I), where:

L is a set of locations

l0 is the initial location

C is the set of clocks

A is a set of actions, call actions and the internal –action

E is a set of edges between locations with an action, a guard

and a set of clocks to be reset

I assigns invariants to locations

Timed automata

Restriction of general concept of timed automata in UPPAAL: Expressions in UPPAAL modelling language

range over clocks and integer variables. States may be associated with invariants

of the form x ~ c where x is a clock, c is an integer constant, and ~ {<,≤}.

Timed automata

Transitions between states are labelled with triples (gd, sy, ac) where

gd represents the guard of the transition, expressed as a conjunction of timing constraints x ~ c or x – y ~ c and ~ {<,≤,=,≥,>} is a binary relation.

sy is a (possibly void) synchronization annotation of the form a! or a? that denotes an offer or an acceptance to synchronize over the channel a, and

ac is a set of reset operations x := c on clocks.

Timed automata

The UPPAAL modeling language uses timed automata with the following features:

the state of a system of timed automata consists of the control state, a valuation of the clocks and

variables for each automaton. runs of timed automata are infinite sequences of

system states that satisfy the invariants, separated by actions that represent either the

passage of time or the execution of transitions. a transition can be fired only if its guard

evaluates to true in the current system state.

Timed automata

if the transition carries a synchronization annotation of the form a? or a! then some corresponding transition (labelled by a! or a?) of some other timed automaton has to be fired at

the same time. resulting system state is obtained by updating

the control states of the timed automata involved in the transition, and by updating the valuation by resetting clocks and assigning values to

variables.

Timed automata

A simple lamp example:

Contents




UML Collaboration in UPPAAL

Collaborations are compiled into observer automata that may synchronize on the messages exchanged between the interacting instances.

Collaborations are incomplete specifications of possible system runs where arbitrary message exchange may occur between the explicitly specified messages. Each message m is represented by an UPPAAL

channel mRcvd. A constraint of the form v – u ~ c is associated

with a clock xvu


Each state of the observer UPPAAL timed automaton checks either the occurrence of a reception of a stimulus according to the order of the collaboration or the violation of a timing constraint

If the reception of message m is annotated by u for a timing constraint v – u ~ c the clock xvu is initialised when a stimulus for m is successfully registered

If the reception of message m is annotated by v for a timing constraint v – u ~ c, there are two transitions:

(xvu ~ c) leads to an error state


(xvu ~ c) enables the remaining messages

Observer UPPAAL timed automata for utility property:

Contents




Verification

Track1.Crossing Track2.Crossing Gate.Closed

Safety property for the GRS case study

fails due to race condition between messages

Contents




Summary

The essential role in the process of building software system belongs to the design process. The designers use Unified Modeling Language

The state machine diagrams are special type of diagram in UML. They are used to detail the transitions or changes of state an object can go through in the system. In general they describe the dynamics.

Thanks!

timed uml state machines ognyana hristova tutor: priv.-doz. dr. thomas noll june, 2007

Documents