Lite introduction to Uppaal

1. An introduction to
Uppaal
Ulrik Hørlyk Hjort
BestPractice Consulting & Advising 2010

2. The Uppaal System
► UPPAAL is a tool for modeling, validation and
verification of real-time systems.
► It is appropriate for systems that can be modeled as
a collection of non-deterministic processes with finite
control structure and real-valued clocks (i.e. timed
automata), communicating through channels and (or)
shared data structures.
► Typical application areas include real-time
controllers, communication protocols, and other
systems in which timing aspects are critical.

3. Uppaal System
► Integrated tool environment for:
■ Modelling
■ Simulation
■ Verification

4. The System Editor
► Thesystem editor is used to create and edit the
system model to be analysed
►A system model describe a network of a finite
number of non-deterministic finite state
automata
► Transitions between states may be labeled with:
■ Guards
■ Synchronizations
■ Assignment statements

5. Uppaal Model
Initial Location
Location
Edge
Synchronization

6. Uppaal Model
procedure Factorial is
Result : Integer := 5;
begin
for I in reverse 1 .. 4 loop
Result := Result * I;
end loop;
Put_Line(Integer'Image(Result));
end Factorial;

7. Task Synchronization
task body TaskA is
begin
TaskB.WriteTaskName;
end TaskA;
task body TaskB is
begin
accept WriteTaskName do
Put_Line("Task B");
end WriteTaskName;
end TaskB;

8. Subprogram Synchronization
procedure Main is
procedure Hello is
begin
Put_Line("Hello, World!");
end Hello;
begin
Hello;
end Main;

9. Parametrised Synchronization
procedure Factorial is
function Fac(N: Integer) Return Integer is
Result : Integer := N;
begin
for I in reverse 1 .. N­1 loop
Result := Result * I;
end loop;
return Result;
end Fac;
begin
Put_Line(Integer'Image(Fac(5)));
end Factorial;

10. The Model Checker (Verifier)
► Themodel checker verify the model with respect to a
requirement specification.
► Verifies
safety, bounded-liveness and other user
specified properties by reachability analysis.
► The model checker support three Path formulae:
■ Reachability
■ Safety
■ Liveness

11. E<>φ - “φ Reachable”
► E<>φ – It is possible to reach a state in which
φ is satisfied
► φ is true in – at least – one reachable state

12. The Simulator
► Lets
users simulate the models to visually
explore their dynamic behavior.

13. Simple Phone Case
► Model a phone that can:
■ Receive a call
■ Make a call
■ Receive an sms
► Requirement:
■ Ifa call come while user write an sms, the user
shall be able to answer or reject the call and then
return to the sms editor.

14. Declarations
bool INCOME_CALL = false;
chan letter, digit, send, cancel, accept, acceptCall, rejectCall;
broadcast chan incomeCall, incomeSms, callTone, smsTone, handleCall, handleSms;
chan enterSms, exitSms, enterCall, exitCall, exitReceiveCall;

15. User and Mainscreen Models
User Model
Main Screen Model

16. Make Call

17. Receive Call

18. Send Sms

19. Simple Phone Requirement
Verification
► Requirement:
■ If a call come while user write an sms, the user shall be able to
answer or reject the call and then return to the sms editor.True
► Verify
that there is a path to the location “Call” in the
“ReceiveCall” automata and a path to the location
“ExitReceivedCall” in the “SendSms” automata
► Therequirement can be verified with the reachability
property as:
■ E<>SendSms.ExitReceivedCall and ReceiveCall.Call
► Which evealuate to true in the verifier

20. Simulate the simple phone
model
► Use the simulator to verify that it is possible
to cover all edges in the model and that the
model is deadlock free

21. Questions?
www.uppaal.com