 Download Download Presentation Research Topic: Finding Shortest paths in Vector Rally using a Model Checker

Research Topic: Finding Shortest paths in Vector Rally using a Model Checker

Download Presentation Research Topic: Finding Shortest paths in Vector Rally using a Model Checker

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

1. Research Topic:Finding Shortest paths in Vector Rally using a Model Checker Win a T-Shirt! Kåre J. Kristoffersen

2. Vector Rally: Essentials Question: What is the smallest number of steps from Start to Finish, such that the car reaches the Finish Line and halts? Kåre J. Kristoffersen

3. A Model Checker - Or a Verification Machine model (program) YES  NO  specification (a requirement) www.uppaal.com Kåre J. Kristoffersen

4. Parallel composition of Finite State Machines. This means we can model things like threads and communication protocols. State machines may be nondetermisistic. Augmented with Integer variables, arrays, clocks (timers) and synchronization labels for modelling handshake. Uppaal: Model Language Kåre J. Kristoffersen

5. Uppall : Handshake M N N || M n0 m0 (n0, m0) x<5 a! a? x<5 z:=z+2 y := y-7 z:=z+2 y:=y-7 n1 m1 (n1, m1) Kåre J. Kristoffersen

6. Temporal Logic for expressing safety and Liveness properties. Safety: Something bad will never happen. Liveness: Something good will eventually happen. Uppaal: Spec. Language Kåre J. Kristoffersen

7. A state satisfying prodicate Error is never reached: A[]not(Error) Safety Properties: For all executions For all states in an execution Kåre J. Kristoffersen

8. A[]not(x > 100) A[](Gate.Open and Train.AtCrossing) Safety Example: Kåre J. Kristoffersen

9. A State satisfying Good is eventually reached: E<> (Good) Liveness Properties There exists an execution For some state in this execution Kåre J. Kristoffersen

10. Liveness Example: E<>(8<=x and x<=10 and y==0 and dx==0 and dy==0) There exist an execution (of Vector Rally) such that the car reaches the Finish Line and Halts. Nice: If there is such a path then UPPAAL will give us the shortest  Kåre J. Kristoffersen

11. Global Declarations //The obstacles int[0,10] b := {{2,2,4,4},{0,7,3,8},{6,0,7,7},{9,6,10,7}}; // The speed vector int[-5,10] dx,dy; // Position and number of obstacles int[0,10] x:=0; int[0,10] y:=0; int[0,4] rect; // Sync. labels between Car and Checker chan check, ok; Kåre J. Kristoffersen

12. The Automaton Car Kåre J. Kristoffersen

13. Principle of Collision Detection Here, collision because: x1 <= a <= x2 AND L<= (a-x1)dy/dx +y1 <= h, which reduces to: x1 <= a <= x2 AND L*dx<= (a-x1)dy + y1*dx <= h*dx Kåre J. Kristoffersen

14. The Atomaton Checker Kåre J. Kristoffersen

15. Collision Condition: (((dx>0 and x<=b[rect] and x+dx>=b[rect])or(dx>0 and x>=b[rect] and x+dx<=b[rect])) and b[rect]*dx<= (y*dx)+(b[rect]-x)*dy and (y*dx)+(b[rect]-x)*dy<=b[rect]*dx) or (((dx<0 and x<=b[rect] and x+dx>=b[rect])or(dx<0 and x>=b[rect] and x+dx<=b[rect])) and b[rect]*dx>= (y*dx)+(b[rect]-x)*dy and (y*dx)+(b[rect]-x)*dy>=b[rect]*dx) or (((dx>0 and x<=b[rect] and x+dx>=b[rect])or(dx>0 and x>=b[rect] and x+dx<=b[rect])) and b[rect]*dx <= (y*dx)+(b[rect]-x)*dy and (y*dx)+(b[rect]-x)*dy<=b[rect]*dx) or (((dx<0 and x<=b[rect] and x+dx>=b[rect])or(dx<0 and x>=b[rect] and x+dx<=b[rect])) and b[rect]*dx >= (y*dx)+(b[rect]-x)*dy and (y*dx)+(b[rect]-x)*dy>=b[rect]*dx) or(((dy>0 and y<=b[rect] and y+dy>=b[rect]) or (dy>0 and y>=b[rect] and y+dy<=b[rect])) and b[rect]*dy<= (x*dy)+(b[rect]-y)*dx and (x*dy)+(b[rect]-y)*dx <= b[rect]*dy) or(((dy<0 and y<=b[rect] and y+dy>=b[rect]) or (dy<0 and y>=b[rect] and y+dy<=b[rect])) and b[rect]*dy>= (x*dy)+(b[rect]-y)*dx and (x*dy)+(b[rect]-y)*dx >= b[rect]*dy) or(((dy>0 and y<=b[rect] and y+dy>=b[rect]) or (dy>0 and y>=b[rect] and y+dy<=b[rect])) and b[rect]*dy<= (x*dy)+(b[rect]-y)*dx and (x*dy)+(b[rect]-y)*dx <= b[rect]*dy) or(((dy<0 and y<=b[rect] and y+dy>=b[rect]) or (dy<0 and y>=b[rect] and y+dy<=b[rect])) and b[rect]*dy>= (x*dy)+(b[rect]-y)*dx and (x*dy)+(b[rect]-y)*dx >= b[rect]*dy) ) not( x+dx<0 or x+dx>10 or y+dy<0 or y+dy>10 or (dx==0 and b[rect]<=x and x<=b[rect] and ((y<=b[rect] and y+dy>=b[rect])or (y>=b[rect] and y+dy<=b[rect])or (y<=b[rect] and y+dy>=b[rect])or (y>=b[rect] and y+dy<=b[rect]))) or (dy==0 and b[rect]<=y and y<=b[rect] and ((x<=b[rect] and x+dx>=b[rect])or (x>=b[rect] and x+dx<=b[rect])or (x<=b[rect] and x+dx>=b[rect])or (x>=b[rect] and x+dx<=b[rect]))) or Kåre J. Kristoffersen

16. Modelling Simulation Verification Let’s try Uppaal Kåre J. Kristoffersen

17. The Solution: Kåre J. Kristoffersen

18. Algorithm: Reachability Analysis InitializePassed := Ø Waiting := {n0} Repeat Pick n from Waiting if n already in Passed then do nothing else add {m: n->m} to Waiting and move n to Passed Until (Waiting = Ø) OR (Goal in Waiting) Kåre J. Kristoffersen

19. How many Combinations? y 1 Q: How many different states are there in this very simple grid? Hint: A state is a four tuple (x,y,dx,dy). 0 0 x 1 Kåre J. Kristoffersen

20. Exhaustive Verification • 100 % coverage • Precomputes all possible execution paths and checks them prior to the execution of the program • Used for checking safety critical systems (controllers, drivers, etc.) • Suffers from the State Explosion problem  • However, the limits of application of verification is constantly being pushed  Kåre J. Kristoffersen

21. Performed at Runtime Only a single program trace is being checked. Almost like testing Feasible for less safety critical systems like e.g. financial software Current research project (NEXT) on checking temporal business rules. Runtime Verification Kåre J. Kristoffersen

22. Start/Finish Chellenge: Driving a Loop We need a small trick in the model to find the shortest path here!! Kåre J. Kristoffersen