1 / 22

Research Topic: Finding Shortest paths in Vector Rally using a Model Checker

Research Topic: Finding Shortest paths in Vector Rally using a Model Checker. Win a T-Shirt!. Vector Rally: Essentials. Question: What is the smallest number of steps from Start to Finish, such that the car reaches the Finish Line and halts?. A Model Checker. - Or a Verification Machine.

jon
Download Presentation

Research Topic: Finding Shortest paths in Vector Rally using a Model Checker

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Research Topic:Finding Shortest paths in Vector Rally using a Model Checker Win a T-Shirt! Kåre J. Kristoffersen

  2. Vector Rally: Essentials Question: What is the smallest number of steps from Start to Finish, such that the car reaches the Finish Line and halts? Kåre J. Kristoffersen

  3. A Model Checker - Or a Verification Machine model (program) YES  NO  specification (a requirement) www.uppaal.com Kåre J. Kristoffersen

  4. Parallel composition of Finite State Machines. This means we can model things like threads and communication protocols. State machines may be nondetermisistic. Augmented with Integer variables, arrays, clocks (timers) and synchronization labels for modelling handshake. Uppaal: Model Language Kåre J. Kristoffersen

  5. Uppall : Handshake M N N || M n0 m0 (n0, m0) x<5 a! a? x<5 z:=z+2 y := y-7 z:=z+2 y:=y-7 n1 m1 (n1, m1) Kåre J. Kristoffersen

  6. Temporal Logic for expressing safety and Liveness properties. Safety: Something bad will never happen. Liveness: Something good will eventually happen. Uppaal: Spec. Language Kåre J. Kristoffersen

  7. A state satisfying prodicate Error is never reached: A[]not(Error) Safety Properties: For all executions For all states in an execution Kåre J. Kristoffersen

  8. A[]not(x > 100) A[](Gate.Open and Train.AtCrossing) Safety Example: Kåre J. Kristoffersen

  9. A State satisfying Good is eventually reached: E<> (Good) Liveness Properties There exists an execution For some state in this execution Kåre J. Kristoffersen

  10. Liveness Example: E<>(8<=x and x<=10 and y==0 and dx==0 and dy==0) There exist an execution (of Vector Rally) such that the car reaches the Finish Line and Halts. Nice: If there is such a path then UPPAAL will give us the shortest  Kåre J. Kristoffersen

  11. Global Declarations //The obstacles int[0,10] b[4][4] := {{2,2,4,4},{0,7,3,8},{6,0,7,7},{9,6,10,7}}; // The speed vector int[-5,10] dx,dy; // Position and number of obstacles int[0,10] x:=0; int[0,10] y:=0; int[0,4] rect; // Sync. labels between Car and Checker chan check, ok; Kåre J. Kristoffersen

  12. The Automaton Car Kåre J. Kristoffersen

  13. Principle of Collision Detection Here, collision because: x1 <= a <= x2 AND L<= (a-x1)dy/dx +y1 <= h, which reduces to: x1 <= a <= x2 AND L*dx<= (a-x1)dy + y1*dx <= h*dx Kåre J. Kristoffersen

  14. The Atomaton Checker Kåre J. Kristoffersen

  15. Collision Condition: (((dx>0 and x<=b[rect][0] and x+dx>=b[rect][0])or(dx>0 and x>=b[rect][0] and x+dx<=b[rect][0])) and b[rect][1]*dx<= (y*dx)+(b[rect][0]-x)*dy and (y*dx)+(b[rect][0]-x)*dy<=b[rect][3]*dx) or (((dx<0 and x<=b[rect][0] and x+dx>=b[rect][0])or(dx<0 and x>=b[rect][0] and x+dx<=b[rect][0])) and b[rect][1]*dx>= (y*dx)+(b[rect][0]-x)*dy and (y*dx)+(b[rect][0]-x)*dy>=b[rect][3]*dx) or (((dx>0 and x<=b[rect][2] and x+dx>=b[rect][2])or(dx>0 and x>=b[rect][2] and x+dx<=b[rect][2])) and b[rect][1]*dx <= (y*dx)+(b[rect][2]-x)*dy and (y*dx)+(b[rect][2]-x)*dy<=b[rect][3]*dx) or (((dx<0 and x<=b[rect][2] and x+dx>=b[rect][2])or(dx<0 and x>=b[rect][2] and x+dx<=b[rect][2])) and b[rect][1]*dx >= (y*dx)+(b[rect][2]-x)*dy and (y*dx)+(b[rect][2]-x)*dy>=b[rect][3]*dx) or(((dy>0 and y<=b[rect][1] and y+dy>=b[rect][1]) or (dy>0 and y>=b[rect][1] and y+dy<=b[rect][1])) and b[rect][0]*dy<= (x*dy)+(b[rect][1]-y)*dx and (x*dy)+(b[rect][1]-y)*dx <= b[rect][2]*dy) or(((dy<0 and y<=b[rect][1] and y+dy>=b[rect][1]) or (dy<0 and y>=b[rect][1] and y+dy<=b[rect][1])) and b[rect][0]*dy>= (x*dy)+(b[rect][1]-y)*dx and (x*dy)+(b[rect][1]-y)*dx >= b[rect][2]*dy) or(((dy>0 and y<=b[rect][3] and y+dy>=b[rect][3]) or (dy>0 and y>=b[rect][3] and y+dy<=b[rect][3])) and b[rect][0]*dy<= (x*dy)+(b[rect][3]-y)*dx and (x*dy)+(b[rect][3]-y)*dx <= b[rect][2]*dy) or(((dy<0 and y<=b[rect][3] and y+dy>=b[rect][3]) or (dy<0 and y>=b[rect][3] and y+dy<=b[rect][3])) and b[rect][0]*dy>= (x*dy)+(b[rect][3]-y)*dx and (x*dy)+(b[rect][3]-y)*dx >= b[rect][2]*dy) ) not( x+dx<0 or x+dx>10 or y+dy<0 or y+dy>10 or (dx==0 and b[rect][0]<=x and x<=b[rect][2] and ((y<=b[rect][1] and y+dy>=b[rect][1])or (y>=b[rect][1] and y+dy<=b[rect][1])or (y<=b[rect][3] and y+dy>=b[rect][3])or (y>=b[rect][3] and y+dy<=b[rect][3]))) or (dy==0 and b[rect][1]<=y and y<=b[rect][3] and ((x<=b[rect][0] and x+dx>=b[rect][0])or (x>=b[rect][0] and x+dx<=b[rect][0])or (x<=b[rect][2] and x+dx>=b[rect][2])or (x>=b[rect][2] and x+dx<=b[rect][2]))) or Kåre J. Kristoffersen

  16. Modelling Simulation Verification Let’s try Uppaal Kåre J. Kristoffersen

  17. The Solution: Kåre J. Kristoffersen

  18. Algorithm: Reachability Analysis InitializePassed := Ø Waiting := {n0} Repeat Pick n from Waiting if n already in Passed then do nothing else add {m: n->m} to Waiting and move n to Passed Until (Waiting = Ø) OR (Goal in Waiting) Kåre J. Kristoffersen

  19. How many Combinations? y 1 Q: How many different states are there in this very simple grid? Hint: A state is a four tuple (x,y,dx,dy). 0 0 x 1 Kåre J. Kristoffersen

  20. Exhaustive Verification • 100 % coverage • Precomputes all possible execution paths and checks them prior to the execution of the program • Used for checking safety critical systems (controllers, drivers, etc.) • Suffers from the State Explosion problem  • However, the limits of application of verification is constantly being pushed  Kåre J. Kristoffersen

  21. Performed at Runtime Only a single program trace is being checked. Almost like testing Feasible for less safety critical systems like e.g. financial software Current research project (NEXT) on checking temporal business rules. Runtime Verification Kåre J. Kristoffersen

  22. Start/Finish Chellenge: Driving a Loop We need a small trick in the model to find the shortest path here!! Kåre J. Kristoffersen

More Related