

### Plan for today

- Part 1: Model Checking of Timed Systems
   A UPPAAL Tutorial
- Part 2: Multicore Real-Time Systems
  Challenges
  - The Timing Analysis Problems and Solutions

### PART 1

## A UPPAAL Tutorial Model-Checking of Timed Systems

Wang Yi Uppsala University, Sweden VTSA Summer School Luxembourg, Sept 2010

## This is simple, simple, simple ... ...



### The main goal of this lecture

What's inside the tool: UPPAAL

### UPPAAL: www.uppaal.com

- Developed jointly by
  - Uppsala university, Sweden
  - Aalorg university, Denmark
- UPPsala + AALborg = UPPAAL

### UPPAAL: www.uppaal.com

- Developed jointly by
  - Uppsala university, Sweden
  - Aalorg university, Denmark
- UPPsala + AALborg = UPPAAL
  - SWEDEN + DENMARK = SWEDEN • SWEDEN + DENMARK = DENMARK

### Main Authors/Contributors of UPPAAL

- Gerd Behrman
- Johan Bengtsson
- Alexandre David
- Kim G Larsen
- Fredrik Larsson
- Paul Pettersson
- Wang Yi



## OUTLINE

- Model Checking in a Nutshell
- Timed automata and TCTL
- A UPPAAL Tutorial
  - Data stuctures & central algorithms
  - UPPAAL input languages

### Main references

.

9

11

- Temporal Logics (CTL)
   Automatic Verification of Finite State Concurrent Systems Using Temporal Logic Specifications: A Practical Approach. Edward Mt. Clarke, E. Allen Emerson, A. Prasad Sistla, POR. 1983: 117-126, also as "Automatic Verification of Finite-State Concurrent Systems Using Temporal Logic Specifications. ACM Trans. Program. Lang. Syst. 8(2): 244-263 (1986) "
   Timed Systems (Timed Automata, TCL)
   A Theory of Timed Automata. Rajeev Alur, David L. Dill. Theor. Comput. Sci. 126(2): 183-235 (1994)"
- (1994)<sup>17</sup>
   Symbolic Model Checking for Real-Time Systems, *Thomso A. Henzinger, Kavier Mcollin, Joseph STaks, and Sergio Vovine. Information and Computation* 111:193-244, 1994.
   UPPAAL in a Nutshell. Kim Galdstrand Larsen, Paul Pettersson, Wang Yi. STIT 1(1-2): 134-152 (1997)
   Timed Automata Semantics, Algorithms and Tools, a tutorial on timed automata Johan Bengtsson and Wang Yi. Glook Chapter in Rozenberg et al, 2004, LNCS).
   On-line help of UPPAAL: www.uppaal.com

#### 10

# **Model-Checking**

in a Nutshell

## Merits of model checking ...

- Checking simple properties (e.g. deadlock-free) is already extremely useful! It is not to prove that a system is completely correct (bug-free)
- The goal is to have tools that can help a developer find errors and improve the quality of her/his design. It is to complement testing
- · Now widely used in hardware design, protocol design, and hopefully soon, embedded systems!



### Example: the Vikings Problem Real time scheduling







Shared Resources -- cpu's, caches, bandwidth, energy budget etc.

CPU

L1 L1 CPU

L1

# Combining Static Analysis & Model-Checking [RTSS 2010]







### Modeling Real Time Systems



23



### A Light Controller (with timer)



Solution: Add real-valued clock x

25





# SPECIFICATION

### How to ask questions: Specs ?

Specification=Requirement, Lamport 1977

### Safety

- Something (bad) should not happen
- Liveness
   Something (good) must happen/should be repeated





# Computation Tree Logic, CTL

Clarke & Emerson 1980





### Specification: Examples

### Safety

- AG ¬(P1.CS1 & P2.CS2)
   AG (temp > 10 & speed < 120)</li>
- EF (time>60 imply viking4.safe) Reachability
  EF (viking1.safe & viking2.safe & viking3.safe & viking4.safe)

#### Liveness

- AF (speed >100)
  AG (P1.try imply AF P1.CS1)

Eventually Leads to

33

35

Invariant

## VERIFICATION Model meets Specs ?

## Verification

- Semantics of a system = all states + state transitions (all possible executions)
- Verification
  - = state space exploration + examination

## Two basic verification algorithms

- Reachability analysis Checking safety properties
- Loop detection Checking liveness properties



39

EXAMPLE

13 components and each with 1 clock & 10 states

# of states = 10,000,000,000,000 = 10,000 G Each needs (10 \* 10)\* 4Bytes = 400 Bytes

Worst case memory usage >> 4,000,000 GB



UPPAAL DEMO