Research Topic:
Finding Shortest paths in Vector
Rally using a Model Checker
Win a T-Shirt!
08-11-2004 Kåre J. Kristoffersen 1
Vector Rally: Essentials
Question: What
is the smallest
number of
steps from
Start to Finish,
such that the
car reaches the
Finish Line and
halts?
08-11-2004 Kåre J. Kristoffersen 2
A Model Checker
- Or a Verification Machine
model
(program)
YES
NO
specification
(a requirement)
www.uppaal.com
08-11-2004 Kåre J. Kristoffersen 3
Uppaal: Model Language
Parallel composition of Finite State
Machines. This means we can model
things like threads and communication
protocols.
State machines may be nondetermisistic.
Augmented with Integer variables, arrays,
clocks (timers) and synchronization labels
for modelling handshake.
08-11-2004 Kåre J. Kristoffersen 4
Uppall : Handshake
N M
N || M
n0 m0
x 100)
A[](Gate.Open and Train.AtCrossing)
08-11-2004 Kåre J. Kristoffersen 8
Liveness Properties
A State satisfying Good is eventually
reached:
E (Good)
There For some state in
exists an this execution
execution
08-11-2004 Kåre J. Kristoffersen 9
Liveness Example:
E(80 and x=b[rect][0])or(dx>0 and x>=b[rect][0] and
not( x+dx10 or y+dy10 or b[rect][1]*dx=b[rect][1])or or
(y>=b[rect][1] and y+dy=b[rect][0])or(dx=b[rect][0] and
(y=b[rect][3])or x+dx=b[rect][3] and y+dy= (y*dx)+(b[rect][0]-x)*dy and
or (y*dx)+(b[rect][0]-x)*dy>=b[rect][3]*dx)
(dy==0 and b[rect][1]=b[rect][0])or (((dx>0 and x=b[rect][2])or(dx>0 and x>=b[rect][2] and
x+dx=b[rect][0] and x+dx=b[rect][2])or
(y*dx)+(b[rect][2]-x)*dy=b[rect][2] and x+dx=b[rect][2])or(dx=b[rect][2] and
x+dx= (y*dx)+(b[rect][2]-x)*dy and
(y*dx)+(b[rect][2]-x)*dy>=b[rect][3]*dx)
or(((dy>0 and y=b[rect][1]) or (dy>0 and y>=b[rect][1] and
y+dy=b[rect][1]) or (dy=b[rect][1] and
y+dy= (x*dy)+(b[rect][1]-y)*dx and
(x*dy)+(b[rect][1]-y)*dx >= b[rect][2]*dy)
or(((dy>0 and y=b[rect][3]) or (dy>0 and y>=b[rect][3] and
y+dy=b[rect][3]) or (dy=b[rect][3] and
y+dy= (x*dy)+(b[rect][3]-y)*dx and
(x*dy)+(b[rect][3]-y)*dx >= b[rect][2]*dy)
)
08-11-2004 Kåre J. Kristoffersen 15
Let’s try Uppaal
• Modelling
• Simulation
• Verification
08-11-2004 Kåre J. Kristoffersen 16
The Solution:
08-11-2004 Kåre J. Kristoffersen 17
Algorithm: Reachability Analysis
Initialize Passed := Ø
Waiting := {n0}
Repeat Pick n from Waiting
if n already in Passed then do nothing
else add {m: n->m} to Waiting and
move n to Passed
Until (Waiting = Ø) OR (Goal in Waiting)
08-11-2004 Kåre J. Kristoffersen 18
How many Combinations?
y
1
Q: How many
different states
are there in this
very simple
grid?
Hint: A state is a
four tuple
(x,y,dx,dy).
0
0 1 x
08-11-2004 Kåre J. Kristoffersen 19
Exhaustive Verification
• 100 % coverage
• Precomputes all possible execution paths and checks them
prior to the execution of the program
• Used for checking safety critical systems (controllers,
drivers, etc.)
• Suffers from the State Explosion problem
• However, the limits of application of verification is constantly
being pushed
08-11-2004 Kåre J. Kristoffersen 20
Runtime Verification
• Performed at Runtime
• Only a single program trace is being
checked.
• Almost like testing
• Feasible for less safety critical systems
like e.g. financial software
• Current research project (NEXT) on
checking temporal business rules.
08-11-2004 Kåre J. Kristoffersen 21
Chellenge: Driving a Loop
We need a
small trick in
the model to Start/Finish
find the
shortest path
here!!
08-11-2004 Kåre J. Kristoffersen 22