Zones From infinte to finite

Download Report

Transcript Zones From infinte to finite 

Formal
methods
& Tools
Real Time Model Checking
…and Beyond
using UPPAAL2k
Kim Guldstrand Larsen
BRICS@Aalborg & FMT@Twente
UCb
Tanenbaum
UCb
Model Checking Tools
Milner, Hoare
Hajek (Eindhoven)
80
PAN (Holzmann)
TAU
90
SPIN (Holzman)
BDDs (Bryant)
CWB, AUTO,
LOTOS
Symbolic Model Checking
(Clarke, Coudert)
CESAR
FDR
SMV (McMillan)
SPIN Workshop
SPIN w POR
00
MFPS, May 2001, Aarhus
Kim G. Larsen
2
Tanenbaum
UCb
Model Checking Tools
Milner, Hoare
Hajek (Eindhoven)
80
w Time
PAN (Holzmann)
TAU
90
SPIN (Holzman)
BDDs (Bryant)
CWB, AUTO,
LOTOS
Symbolic Model Checking
(Clarke, Coudert,…)
CESAR
SMV (McMillan)
SPIN Workshop
SPIN w POR
FDR
Timed Automata
(Alur,Dill)
EPSILON, TAB
KRONOS, HyTech,
UPPAAL
DT SPIN, PMC
00
MFPS, May 2001, Aarhus
UPPAAL2k
Kim G. Larsen
3
Collaborators
@UPPsala
UCb
@AALborg
Kim G Larsen
Arne Skou
Paul Pettersson
Carsten Weise
Kåre J Kristoffersen
Gerd Behrman
Thomas Hune
Oliver Möller
Wang Yi
Johan Bengtsson
Paul Pettersson
Fredrik Larsson
Alexandre David
Tobias Amnell
Oliver Möller
@Elsewhere
David Griffioen, Ansgar Fehnker, Frits Vandraager, Klaus Havelund,
Theo Ruys, Pedro D’Argenio, J-P Katoen, J. Tretmans,
Judi Romijn, Ed Brinksma, Franck Cassez, Magnus Lindahl,
Francois Laroussinie, Patricia Bouyer, Augusto Burgueno,
H. Bowmann, D. Latella, M. Massink, G. Faconti, Kristina Lundqvist,
Lars Asplund, Justin Pearson...
MFPS, May 2001, Aarhus
Kim G. Larsen
4
UCb
Real Time Systems
sensors
actuators
Plant
Controller Program
Discrete
Continuous
Eg.:
Realtime Protocols
Pump Control
Air Bags
Robots
Cruise Control
ABS
CD Players
Production Lines
MFPS, May 2001, Aarhus
Task
Task
Task
Task
Real Time System
A system where correctness not only
depends on the logical order of events but
also on their timing!!
Kim G. Larsen
5
UCb
Real Time Model Checking
Construction of UPPAAL models
Controller Program
Plant
Continuous
Discrete
sensors
Task
Task
Task
Task
actuators
Model
of
environment
(user-supplied)
1
a
4
c
1
a
b
3
c
UPPAAL Model
MFPS, May 2001, Aarhus
2
3
b
Kim G. Larsen
Model
of
tasks
(automatic?)
2
1
2
3
4
1
2
3
4
a
4
b
c
6
…and Beyond
UCb
Synthesis of Control Program
Controller Program
Plant
Continuous
Discrete
sensors
Task
Task
Task
Task
actuators
Model
of
environment
(user-supplied)
1
a
4
c
1
a
b
3
c
Partial UPPAAL Model
MFPS, May 2001, Aarhus
2
3
b
Kim G. Larsen
Synthesis
of
tasks/scheduler
(automatic)
2
1
2
3
4
1
2
3
4
a
4
b
c
7
UCb
Overview
UPPAAL
Timed Automata
Tool and Demo
Case Studies
Verification Engine
CUPPAAL
Linearly Priced Timed Automata
(Optimal) Scheduling and Control Synthesis
Concluding Remarks
MFPS, May 2001, Aarhus
Kim G. Larsen
8
UCb
Intelligent Light Control
press?
Off
press?
Light
press?
Bright
press?
WANT: if press is issued twice quickly
then the light will get brighter; otherwise the light is
turned off.
MFPS, May 2001, Aarhus
Kim G. Larsen
9
UCb
Intelligent Light Control
Off
press?
X:=0
Light
X<=3
press?
press?
Bright
press?
X>3
Solution: Add real-valued clock x
MFPS, May 2001, Aarhus
Kim G. Larsen
10
UCb
Timed Automata
Alur & Dill 1990
Clocks: x, y
Guard
n
Action
used
for synchronization
Boolean combination of integer bounds
on clocks and clock-differences.
Reset
x<=5 & y>3
Action perfomed on clocks
a
State
( location , x=v , y=u )
x := 0
Transitions
m
where v,u are in R
a
( n , x=2.4 , y=3.1415 )
( m , x=0 , y=3.1415 )
e(1.1)
( n , x=2.4 , y=3.1415 )
( n , x=3.5 , y=4.2415 )
MFPS, May 2001, Aarhus
Kim G. Larsen
11
UCb
Timed Automata
Invariants
n
Clocks: x, y
x<=5
x<=5 & y>3
Location
Invariants
Transitions
( n , x=2.4 , y=3.1415 )
a
e(3.2)
e(1.1)
x := 0
( n , x=2.4 , y=3.1415 )
( n , x=3.5 , y=4.2415 )
m
y<=10
g1
MFPS, May 2001, Aarhus
g4
Invariants ensure
progress!!
g2 g3
Kim G. Larsen
12
UCb
The UPPAAL Model
= Networks of Timed Automata + Integer Variables +….
m1
l1
x>=2
i==3
y<=4
a!
a?
………….
x := 0
i:=i+4
l2
Two-way synchronization
on complementary actions.
Closed Systems!
m2
Example transitions
(l1, m1,………, x=2, y=3.5, i=3,…..)
0.2
tau
(l2,m2,……..,x=0, y=3.5, i=7,…..)
(l1,m1,………,x=2.2, y=3.7, I=3,…..)
If a URGENT CHANNEL
MFPS, May 2001, Aarhus
Kim G. Larsen
13
UCb
Train Crossing
Communication via channels and
shared variable.
Stopable
Area
[10,20]
[3,5]
Crossing
[7,15]
River
Queue
Gate
MFPS, May 2001, Aarhus
Kim G. Larsen
14
UCb
Train Crossing
Communication via channels and
shared variable.
Stopable
Area
appr,
stop
[10,20]
leave
[3,5]
Crossing
[7,15]
go
el
River
empty
nonempty
hd, add, rem
Queue
Gate
MFPS, May 2001, Aarhus
Kim G. Larsen
15
UCb
LEGO Mindstorms/RCX
Sensors: temperature,
3 output ports
light, rotation, pressure.
Actuators: motors, lamps,
Virtual machine:
10 tasks, 4 timers,
16 integers.
1 infra-red port
3 input ports
Several Programming Languages:
NotQuiteC, Mindstorm, Robotics, legOS, etc.
MFPS, May 2001, Aarhus
Kim G. Larsen
16
UCb
First UPPAAL model
Ken Tindell
Sorting of Lego Boxes
Piston
Boxes
eject
remove
99
Conveyer Belt
81
18
9
90
Blck
Yel
Black
Controller
MAIN
Exercise:
MFPS, May 2001, Aarhus
PUSH
Yellow
Design Controller so that only yellew boxes are being pushed out
Kim G. Larsen
17
UCb
int active;
int DELAY;
int LIGHT_LEVEL;
NQC programs
task MAIN{
DELAY=75;
LIGHT_LEVEL=35;
active=0;
Sensor(IN_1, IN_LIGHT);
Fwd(OUT_A,1);
Display(1);
start PUSH;
while(true){
wait(IN_1>=LIGHT_LEVEL);
ClearTimer(1);
active=1;
PlaySound(1);
wait(IN_1<LIGHT_LEVEL);
}
task PUSH{
while(true){
wait(Timer(1)>DELAY && active==1);
active=0;
Rev(OUT_C,1);
Sleep(8);
Fwd(OUT_C,1);
Sleep(12);
Off(OUT_C);
}
}
}
MFPS, May 2001, Aarhus
Kim G. Larsen
18
Formal
methods
& Tools
UPPAAL Demo
UCb
The Production Cell in LEGO
UCb
Course at DTU, Copenhagen
Rasmus Crüger Lund
Simon Tune Riemanni
Production Cell
MFPS, May 2001, Aarhus
Kim G. Larsen
20
UCb
Case Studies: Protocols
Philips Audio Protocol [HS’95, CAV’95, RTSS’95, CAV’96]
Collision-Avoidance Protocol [SPIN’95]
Bounded Retransmission Protocol [TACAS’97]
Bang & Olufsen Audio/Video Protocol [RTSS’97]
TDMA Protocol [PRFTS’97]
Lip-Synchronization Protocol [FMICS’97]
Multimedia Streams [DSVIS’98]
ATM ABR Protocol [CAV’99]
ABB Fieldbus Protocol [ECRTS’2k]
IEEE 1394 Firewire Root Contention (2000)
MFPS, May 2001, Aarhus
Kim G. Larsen
21
UCb
Case-Studies: Controllers
Gearbox Controller [TACAS’98]
Bang & Olufsen Power Controller
[RTPS’99,FTRTFT’2k]
SIDMAR Steel Production Plant [RTCSA’99, DSVV’2k]
Real-Time RCX Control-Programs [ECRTS’2k]
Experimental Batch Plant (2000)
RCX Production Cell (2000)
MFPS, May 2001, Aarhus
Kim G. Larsen
22
Formal
methods
& Tools
THE UPPAAL ENGINE
Symbolic
Reachability
Checking
UCb
UCb
Zones
From infinite to finite
Symbolic state (set)
(n, 1  x  4,1  y  3 )
State
(n, x=3.2, y=2.5 )
y
y
x
MFPS, May 2001, Aarhus
Zone:
conjunction of
x-y<=n, x<=>n
x
Kim G. Larsen
24
UCb
Symbolic Transitions
1<=x<=4
1<=y<=3
y
y
delays to
n
x>3
1<=x, 1<=y
-2<=x-y<=3
x
x
y
y
3<x, 1<=y
-2<=x-y<=3
conjuncts to
a
x
y:=0
x
projects to
3<x, y=0
m
Thus (n,1<=x<=4,1<=y<=3) =a => (m,3<x, y=0)
MFPS, May 2001, Aarhus
Kim G. Larsen
25
UCb
Forward Rechability
Final
Waiting
Init -> Final ?
INITIAL Passed := Ø;
Waiting := {(n0,Z0)}
REPEAT
- pick (n,Z) in Waiting
- if for some Z’
Z
(n,Z’) in Passed then STOP
- else (explore) add
{ (m,U) : (n,Z) => (m,U) }
to Waiting;
Add (n,Z) to Passed
Init
MFPS, May 2001, Aarhus
UNTIL Waiting = Ø
or
Final is in Waiting
Passed
Kim G. Larsen
26
UCb
Forward Rechability
Final
Waiting
n,Z’
MFPS, May 2001, Aarhus
INITIAL Passed := Ø;
Waiting := {(n0,Z0)}
REPEAT
- pick (n,Z) in Waiting
- if for some Z’  Z
(n,Z’) in Passed then STOP
- else (explore) add
{ (m,U) : (n,Z) => (m,U) }
to Waiting;
Add (n,Z) to Passed
n,Z
Init
Init -> Final ?
UNTIL Waiting = Ø
or
Final is in Waiting
Passed
Kim G. Larsen
27
UCb
Forward Rechability
Waiting
m,U
Final
n,Z’
MFPS, May 2001, Aarhus
INITIAL Passed := Ø;
Waiting := {(n0,Z0)}
REPEAT
- pick (n,Z) in Waiting
- if for some Z’  Z
(n,Z’) in Passed then STOP
- else /explore/ add
{ (m,U) : (n,Z) => (m,U) }
to Waiting;
Add (n,Z) to Passed
n,Z
Init
Init -> Final ?
UNTIL Waiting = Ø
or
Final is in Waiting
Passed
Kim G. Larsen
28
UCb
Forward Rechability
Waiting
m,U
Final
n,Z’
MFPS, May 2001, Aarhus
INITIAL Passed := Ø;
Waiting := {(n0,Z0)}
REPEAT
- pick (n,Z) in Waiting
- if for some Z’  Z
(n,Z’) in Passed then STOP
- else /explore/ add
{ (m,U) : (n,Z) => (m,U) }
to Waiting;
Add (n,Z) to Passed
n,Z
Init
Init -> Final ?
UNTIL Waiting = Ø
or
Final is in Waiting
Passed
Kim G. Larsen
29
UCb
Canonical Datastructure for Zones
Difference Bounded Matrices
Bellman’58, Dill’89
-4
-4
x1-x2<=4
x2-x1<=10
x3-x1<=2
x2-x3<=2
x0-x1<=3
x3-x0<=5
x1
x2
10
3
2
2
x0
x3
5
MFPS, May 2001, Aarhus
Kim G. Larsen
Shortest
Path
Closure
O(n^3)
x1
x2
4
3
3
2
x0
-2
1
5
-2
2
x3
30
New Canonical Datastructure
UCb
Minimal collection of constraints
RTSS 1997
-4
-4
x1-x2<=4
x2-x1<=10
x3-x1<=2
x2-x3<=2
x0-x1<=3
x3-x0<=5
x1
Shortest
Path
Closure
O(n^3)
x2
10
3
2
2
x0
x1
x2
4
3
3
2
x0
x3
5
-2
1
5
-2
2
x3
-4
Shortest
Path
Reduction
O(n^3)
x1
3
3
x0
MFPS, May 2001, Aarhus
Kim G. Larsen
x2
2
2
Space worst O(n^2)
practice O(n)
x3
31
UCb
SPACE PERFORMANCE
1
0,9
Percent
0,8
0,7
0,6
0,5
0,4
Minimal Constraint
Global Reduction
Combination
0,3
0,2
Au
Au
di
o
di
o
w
Co
l
B&
Bo
O
x
So
rte
r
M
.P
la
nt
Fi
sc
he
r2
Fi
sc
he
r3
Fi
sc
he
r4
Fi
sc
Tr
he
ai
r5
n
C
ro
ss
in
g
0,1
0
MFPS, May 2001, Aarhus
Kim G. Larsen
32
UCb
TIME PERFORMANCE
2,5
Percent
2
1,5
Minimal Constraint
Global Reduction
1
Combination
0,5
Au
Au
di
o
di
o
w
Co
l
B
Bo &O
x
So
rte
r
M
.P
la
nt
Fi
sc
he
r2
Fi
sc
he
r3
Fi
sc
he
r4
Fi
sc
Tr
he
ai
r5
n
C
ro
ss
in
g
0
MFPS, May 2001, Aarhus
Kim G. Larsen
33
UCb
Earlier Termination
Waiting
m,U
Final
n,Z’
MFPS, May 2001, Aarhus
INITIAL Passed := Ø;
Waiting := {(n0,Z0)}
REPEAT
- pick (n,Z) in Waiting
- if for some Z’  Z
(n,Z’) in Passed then STOP
- else /explore/ add
{ (m,U) : (n,Z) => (m,U) }
to Waiting;
Add (n,Z) to Passed
n,Z
Init
Init -> Final ?
UNTIL Waiting = Ø
or
Final is in Waiting
Passed
Kim G. Larsen
34
UCb
Earlier Termination
Waiting
m,U
Final
n,Z’
MFPS, May 2001, Aarhus
INITIAL Passed := Ø;
Waiting := {(n0,Z0)}
REPEAT
- pick (n,Z) in Waiting
- if for some Z’
Z
Z'
Z
(n,Z’) in Passed then STOP
- else /explore/ add
{ (m,U) : (n,Z) => (m,U) }
to Waiting;
Add (n,Z) to Passed
n,Z
Init
Init -> Final ?
UNTIL Waiting = Ø
or
Final is in Waiting
Passed
Kim G. Larsen
35
UCb
Earlier Termination
Waiting
Final
m,U
n,Z
n,Z1
n,Z2
Init
MFPS, May 2001, Aarhus
n,Zk
Z
i
i
Init -> Final ?
INITIAL Passed := Ø;
Waiting := {(n0,Z0)}
REPEAT
- pick (n,Z) in Waiting
- if for some Z'
Z
(n,Z’) in Passed then STOP
- else /explore/ add
{ (m,U) : (n,Z) => (m,U) }
to Waiting;
Add (n,Z) to Passed
Z
UNTIL Waiting = Ø
or
Final is in Waiting
Passed
Kim G. Larsen
36
Clock Difference Diagrams
UCb
= Binary Decision Diagrams + Difference Bounded Matrices
CDD-representations
MFPS, May 2001, Aarhus
CAV99
Nodes labeled with
differences
 Maximal sharing of
substructures (also
across different CDDs)
Maximal intervals
Linear-time algorithms
for set-theoretic
operations.
Kim G. Larsen
37
UCb
SPACE PERFORMANCE
4,5
4
3,5
Percent
3
CDD
2,5
Reduced CDD
2
CDD+BDD
1,5
1
0,5
MFPS, May 2001, Aarhus
BR
Po
P
we
rD
ow
Po
n1
we
rD
ow
n2
Da
ca
po
G
ea
rB
ox
Fi
sc
he
r4
Fi
sc
he
r5
B&
O
Ph
ilip
s
Ph
ilp
s
co
l
0
Kim G. Larsen
38
Ph
Ph ilips
ilp
s
co
l
B&
O
Po
B
we RP
r
Po Do
we wn
rD 1
ow
n
Da 2
ca
G po
ea
rB
Fi ox
sc
he
r4
Fi
sc
he
r5
Percent
UCb
TIME PERFORMANCE
6
5
4
CDD
3
Reduced CDD
2
CDD+BDD
1
0
MFPS, May 2001, Aarhus
Kim G. Larsen
39
UCb
Distributing UPPAAL
Gerd Behrmann, Thomas Hune,
Frits Vandraager
CAV2k
W3
W1
?
P1
Passed
structure
distributed
Check in local Passed
list.
If not present save,
explore and distribute ...
W4
W2
Implemented using
MPI
on SUN Interprise 10000
Beowulf cluster
MFPS, May 2001, Aarhus
P3
P2
Kim G. Larsen
P4
40
Performance
SUN Interprise 10000
Shared Memory
12GB Ram
24 333Mhz CPU’s
Super-linear
Speed-up
UCb
T(1)
T(n)
Full
State Space
Generation
MFPS, May 2001, Aarhus
Kim G. Larsen
41
UCb
UPPAAL 1995 - 2001
Every 9 month
10 times better
performance!
Dec’96
Sep’98
3.x
MFPS, May 2001, Aarhus
Kim G. Larsen
42
Formal
methods
& Tools
CUPPAAL
Scheduling &
Synthesis of Control Programs
w Gerd Behrman, Ed Brinksma, Ansgar Fehnker,
Thomas Hune, Paul Pettersson,
Judi Romijn, Frits Vaandrager
…,HSCC’01, TACAS’01, CAV’01
UCb
UCb
Observation
Many scheduling problems can be phrased naturally as
reachability problems for timed automata!
UNSAFE
SAFE
Mines
5
10
20
25
At most 2
crossing at a time
Need torch
MFPS, May 2001, Aarhus
Can they make
it within 60 minutes ?
Kim G. Larsen
44
UCb
Observation
Many scheduling problems can be phrased naturally as
reachability problems for timed automata!
UNSAFE
SAFE
Mines
5
10
20
25
MFPS, May 2001, Aarhus
Kim G. Larsen
45
UCb
Steel Production Plant
Crane A
Machine 1
 A. Fehnker
 Hune, Larsen, Pettersson
Machine 4
 Case study of Esprit-LTR
project 26270 VHS
 Physical plant of SIDMAR
located in Gent, Belgium.
 Part between blast furnace and Crane B
hot rolling mill.
Machine 2
Machine 3
Lane 1
Machine 5
Lane 2
Buffer
Storage Place
Objective: model the plant, obtain
schedule and control program for
plant.
MFPS, May 2001, Aarhus
Kim G. Larsen
Continuos
Casting Machine
46
UCb
Steel Production Plant
Crane A
Input: sequence of steel
loads (“pigs”).
Machine 1
Machine 4
Load follows Recipe to
become certain quality,
Crane B
e.g:
start; T1@10; T2@20;
T3@10; T2@10;
end within 120. Output: sequence
of higher quality
steel.
MFPS, May 2001, Aarhus
Kim G. Larsen
Machine 2
Machine 3
Lane 1
Machine 5
Lane 2
Buffer
Storage Place
Continuos
Casting Machine
47
UCb
Steel Production Plant
Crane A
Input: sequence of steel
loads (“pigs”).
Machine 2
Machine 1
@10
2
2
Machine 4
Machine 3
@20
2
@10
Lane 1
Machine 5
5
@10
6
Load follows Recipe to
become certain quality,
Crane B
e.g:
=107
start; T1@10; T2@20;
T3@10; T2@10;
end within 120. Output: sequence
of higher quality
steel.
MFPS, May 2001, Aarhus
Kim G. Larsen
Lane 2
Buffer
Storage Place
@40
Continuos
Casting Machine
48
UCb
Steel Production Plant
Crane A
Input: sequence of steel
loads (“pigs”).
Machine 2
Machine 1
@10
2
2
Machine 4
15
Load follows Recipe to
16
obtain certain quality,
Crane B
e.g:
=127
start; T1@10; T2@20;
T3@10; T2@10;
end within 120. Output: sequence
of higher quality
steel.
MFPS, May 2001, Aarhus
Kim G. Larsen
Machine 3
@20
2
@10
Lane 1
Machine 5
@10
Lane 2
Buffer
Storage Place
@40
Continuos
Casting Machine
49
UCb
Modus Operandi
Program
Physical Plant
4. Execute
program.
1. Model plant as
networks of timed
automata.
Plant Model
3. Synthesise
program.
Trace
2. Reformulate
scheduling as reachability
and apply UPPAAL tool.
MFPS, May 2001, Aarhus
Kim G. Larsen
50
UCb
A single load
(part of)
MFPS, May 2001, Aarhus
Kim G. Larsen
Crane B
51
UCb
Modus Operandi
Program
Physical Plant
4. Execute
program.
1. Model plant as
networks of timed
automata.
3. Synthesise
program.
Plant Model
 System with 5 steel loads:
Parallel composition of:
 15 timed automata (6 - 60
locations),
 18 real-valued clocks,
 28 bounded integer
variables,
 140 action channels.
MFPS, May 2001, Aarhus
Trace
2. Reformulate
scheduling as reachability
and apply UPPAAL .
Verification:
Generating schedule for
three batches FAILS!!!
Kim G. Larsen
52
UCb
Guiding
1971 lines of RCX code (n=5),
24860 - “ - (n=60).
Program
Physical Plant
4. Execute
program.
1(a). Model plant
in UPPAAL
Plant Model
1(b). Add guides
to plant model to
restrict behaviour.
3. Synthesise
program.
Trace
2. Reformulate
scheduling as reachability
and apply UPPAAL .
Guided Plant Model
MFPS, May 2001, Aarhus
Kim G. Larsen
53
UCb
Experiment
n
A l l Gu i d e s
BFS
DFS
BSH
s
MB s
MB s
MB
S o me Gu i d e s
BFS
DFS
BSH
s
MB s
MB s
MB
No Gu i d e s
BFS
DFS
BSH
s
MB s
MB s
MB
1
0 ,1
0 ,9
0 ,1
0 ,9
0 ,1
0 ,9
0 ,1
0 ,9
0 ,1
0 ,9
0 ,1
0 ,9
3 ,2
6 ,1
0 ,8
2 ,2
3 .9
3 .3
2
1 8 ,4
3 6 ,4
0 ,1
1
0 ,1
1 ,1
-
-
4 ,4
7 ,8
7 ,8
1 ,2
-
-
1 9 ,5
3 6 ,1
-
-
3
-
-
3 ,2
6 ,5
3 ,4
1 ,4
-
-
7 2 ,4
9 2 ,1
901
3 ,4
-
-
-
-
-
-
4
-
-
4
8 ,2
4 ,6
1 ,8
-
-
-
-
-
-
-
-
-
-
-
-
5
-
-
5
1 0 ,2
5 ,5
2 ,2
-
-
-
-
-
-
-
-
-
-
-
-
10
-
-
1 3 ,3
2 5 ,3
1 6 ,1
9 ,3
-
-
-
-
-
-
-
-
-
-
-
-
15
-
-
3 1 ,6
5 1 ,2
4 8 ,1
2 2 ,2
-
-
-
-
-
-
-
-
-
-
-
-
20
-
-
6 1 ,8
8 9 ,6
332
4 6 ,1
-
-
-
-
-
-
-
-
-
-
-
-
25
-
-
104
144
8 7 ,2
8 3 ,3
-
-
-
-
-
-
-
-
-
-
-
-
30
-
-
166
216
1 2 4 ,2
136
-
-
-
-
-
-
-
-
-
-
-
-
209
250
-
-
-
-
-
-
-
-
-
-
-
-
-
-
35
• BFS = breadth-first search, DFS = depth-first search, BSH = bit-state hashing,
•“-” = requires >2h (on 450MHz Pentium III), >256 MB, or suitable hash-table size was not found.
• System size: 2n+5 automata and 3n+3 clocks, if n=35: 75 automata and 108 clocks.
• Schedule generated for n=60 on Sun Ultra with 2x300MHz with 1024MB in 2257s .
MFPS, May 2001, Aarhus
Kim G. Larsen
54
UCb
LEGO Plant Model
crane a
LEGO RCX
Mindstorms.
Local controllers
with control
programs.
IR protocol for
remote
invocation of
programs.
Central
controller.
MFPS, May 2001, Aarhus
m1
m4
m2
m3
m5
crane b
buffer
storage
casting
central
controller
Synthesis
Kim G. Larsen
55
LEGO Plant Model
UCb
Belt/Machine Unit.
MFPS, May 2001, Aarhus
Kim G. Larsen
56
UCb
Time Optimality
Asarin & Maler (1999)
Time optimal control using backwards fixed point
computation
Niebert, Tripakis & Yovine (2000)
Minimum-time reachability using forward reachability
Behrmann, Fehnker et all [TACAS01, MBVI01]
Minimum-time reachability using Branch-and-Bound
MFPS, May 2001, Aarhus
Kim G. Larsen
57
UCb
Cost Optimality
 In scheduling theory one is not just interested in shortest or
fastest schedules; also other cost functions are considered.
 This leads us to introduce a model of
Linear Priced Timed Automata
which adds prices to locations and transitions
 Price of a transition:
 Price of a location:
MFPS, May 2001, Aarhus
The cost of taking it.
The cost per time unit of
staying there.
Kim G. Larsen
58
Formal
methods
& Tools
Linearly Priced Timed Automata
UCb
UCb
Example
Prices
MFPS, May 2001, Aarhus
Kim G. Larsen
60
UCb
Example (execution)
MFPS, May 2001, Aarhus
Kim G. Larsen
61
UCb
Example (min-cost)
MFPS, May 2001, Aarhus
Kim G. Larsen
62
UCb
EXAMPLE: Optimal rescue plan for important persons
(Presidents and Actors)
UNSAFE
SAFE
GORE
Mines
5
10
20
CLINTON
9
2
25
BUSH
DIAZ
3
10
OPTIMAL PLAN HAS ACCUMULATED COST=195 and TOTAL TIME=65!
MFPS, May 2001, Aarhus
Kim G. Larsen
63
UCb
Aircraft Landing
runway
MFPS, May 2001, Aarhus
Kim G. Larsen
64
Formal
methods
& Tools
Priced Zones
Computability
 Efficient
of Minimum Cost Reachability
UCb
UCb
Zones
y
Operations
Z
x
MFPS, May 2001, Aarhus
Kim G. Larsen
66
UCb
Priced Zone
y
Z
2
4
-1
x
MFPS, May 2001, Aarhus
Kim G. Larsen
67
UCb
Reset
Z
y
2
0
y:=0
4
-1
x
MFPS, May 2001, Aarhus
Kim G. Larsen
68
UCb
Reset
Z
y
2
0
y:=0
4
-1
x
{y}Z
MFPS, May 2001, Aarhus
Kim G. Larsen
69
UCb
Reset
Z
y
2
0
y:=0
4
-1
x
4
MFPS, May 2001, Aarhus
Kim G. Larsen
{y}Z
70
UCb
Reset
Z
y
2
0
y:=0
4
-1
-1
1
4
2
x
4 {y}Z
A split of {y}Z
MFPS, May 2001, Aarhus
Kim G. Larsen
71
UCb
Delay
y
Z
3
4
-1
x
MFPS, May 2001, Aarhus
Kim G. Larsen
72
Z
Delay
UCb
y
Z
3
4
-1
x
MFPS, May 2001, Aarhus
Kim G. Larsen
73
Z
Delay
3
UCb
3
y
Z
2
3
4
-1
x
MFPS, May 2001, Aarhus
Kim G. Larsen
74
Z
Delay
3
4
-1
y
UCb
0
Z
3
A split of Z 
3
4
-1
x
MFPS, May 2001, Aarhus
Kim G. Larsen
75
UCb
Optimal Forward Reachability
Termination=Bigger and Cheaper
8
6
10
4
10
2
0
0
10
10
10
2 4 6 8
10
10
10
1 1 1 1 1
2
4
6
8
10
8 6 4 2
10
10
10
MFPS, May 2001, Aarhus
Kim G. Larsen
76
UCb
Branch & Bound Algorithm
Selection may be Guided
Exploration may be Pruned
MFPS, May 2001, Aarhus
Kim G. Larsen
77
Formal
methods
& Tools
Experiments
UCb
UCb
EXAMPLE: Optimal rescue plan for important persons
(Presidents and Actors)
UNSAFE
SAFE
GORE
Mines
5
10
20
CLINTON
9
2
25
BUSH
DIAZ
3
10
OPTIMAL PLAN HAS ACCUMULATED COST=195 and TOTAL TIME=65!
MFPS, May 2001, Aarhus
Kim G. Larsen
79
Experiments
UCb
MC Order
COST-rates
SCHEDULE
G5
C10
COST TIME
#Expl
#Pop’d
B20 D25
Min Time
CG> G< BD> C< CG>
60
1762
1538
2638
1
1
1
1
CG> G< BG> G< GD>
55
65
252
378
9
2
3
10 GD> G< CG> G< BG>
195
65
149
233
1
2
3
4
CG> G< BD> C< CG>
140
60
232
350
1
2
3
10
CD> C< CB> C< CG>
170
65
263
408
1
20
30
40
BD> B< CB> C< CG>
975
85
1085
time<85
-
-
0
0
0
0
-
0
-
406
447
MFPS, May 2001, Aarhus
Kim G. Larsen
80
UCb
Aircraft Landing
MFPS, May 2001, Aarhus
Kim G. Larsen
Source of examples:
Baesley et al’2000
81
UCb
Optimal Broadcast
Router2
Router1
k=1
k=0
costA1, costB1
costA2, costB2
Basecost
3 sec
5 sec
costA3, costB3
costA1
costB1
k=0
Router3
costA4, costB4
B
A
k=0
Router4
Given particular subscriptions, what is the cheapest
schedule for broadcasting k?
MFPS, May 2001, Aarhus
Kim G. Larsen
82
UCb
Experimental Results
COST-rates
BC
R1
R2
R3
R4
Min Time
0
SCHEDULE
COST
1>3(B) ; ( 3>4(B) | 1>2(A) )
TIME
#Expl
8
1016
1>4(A) ; 3>4(A) ; 4>2(A)
15
15
2982
3
1>3(B) ; ( 3>4(B) | 1>2(A) )
47
8
1794
0
1>3(A) ; 3>2(A) ; 3>4(A)
60
15
665
3
1>4(A) ; 4>3(B) ; 4>2(B)
95
11
571
1>4(B) ; ( 1>3(A) | 4>2(B) )
946
8
1471
1>4(B) ; 4>2(B) ; 4>3(B)
102
9
1167
1>4(B) ; ( 1>3(A) | 4>2(B) )
146
8
1688
100
1:3
10
:30
1:3 1:3 1:3
5
1:3 6:2
:15
0
t<=10
0
t<=8
MFPS, May 2001, Aarhus
Kim G. Larsen
83
UCb
Current & Future Research
DUPPAAL
GUPPAAL
CUPPAAL

PrUPPAAL
PUPPAAL
HUPPAAL
HyUPPAAL
MFPS, May 2001, Aarhus
Kim G. Larsen
84
UCb
Current & Future Research
DUPPAAL
Distributed
GUPPAALGuided
CUPPAAL
Cost-Optimal
PrUPPAAL
PUPPAAL
HUPPAAL
HyUPPAAL
MFPS, May 2001, Aarhus
Probabilistic
Parameterized
Hierarchical (UML)
Hybrid (stopwatch automata)
Kim G. Larsen
85
Conclusion & Future
UCb
New method for solving and modeling optimal
scheduling/planning problems.
Advantages:
Easy, flexible and very expressive modeling w clear
operational interpretation
Several, small LP problems.
Disadvantages:
existing approaches still somewhat better
Goals:
Integrate Model Checking and Scheduling.
Extension to (optimal) dynamic scheduling/controller
synthesis.
MFPS, May 2001, Aarhus
Kim G. Larsen
86
CONCUR Conference
21.-24. August, Aalborg, DK
Invited Speakers
Prof. Bengt Jonsson (Feature Interaction)
Prof. Robin Milner (Turing Award winner)
Prof. Shankar Sastry (Hybrid Systems)
Prof. Steve Schneider (Security)
UCb
Satelite Workshops
Express Workshop
GetCo
Testing Workshop
Safety Critical Systems
RealTime Tools Workshop
Tutorials
Holger Hermans, Joost-Pieter Katoen (Performance)
John Hatcliff (ModelChecking C-programs)
CALL-FOR-PAPERS
March 25
MFPS, May 2001, Aarhus
Kim G. Larsen
87
Formal
methods
& Tools
Thank you for the attention
For more information
http://www.uppaal.com
UCb