Create Presentation
Download Presentation

Download

Download Presentation

Research Topic: Finding Shortest paths in Vector Rally using a Model Checker

103 Views
Download Presentation

Download Presentation
## Research Topic: Finding Shortest paths in Vector Rally using a Model Checker

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -

**Research Topic:Finding Shortest paths in Vector Rally using**a Model Checker Win a T-Shirt! Kåre J. Kristoffersen**Vector Rally: Essentials**Question: What is the smallest number of steps from Start to Finish, such that the car reaches the Finish Line and halts? Kåre J. Kristoffersen**A Model Checker**- Or a Verification Machine model (program) YES NO specification (a requirement) www.uppaal.com Kåre J. Kristoffersen**Parallel composition of Finite State Machines. This means we**can model things like threads and communication protocols. State machines may be nondetermisistic. Augmented with Integer variables, arrays, clocks (timers) and synchronization labels for modelling handshake. Uppaal: Model Language Kåre J. Kristoffersen**Uppall : Handshake**M N N || M n0 m0 (n0, m0) x<5 a! a? x<5 z:=z+2 y := y-7 z:=z+2 y:=y-7 n1 m1 (n1, m1) Kåre J. Kristoffersen**Temporal Logic for expressing safety and Liveness**properties. Safety: Something bad will never happen. Liveness: Something good will eventually happen. Uppaal: Spec. Language Kåre J. Kristoffersen**A state satisfying prodicate Error is never reached:**A[]not(Error) Safety Properties: For all executions For all states in an execution Kåre J. Kristoffersen**A[]not(x > 100)**A[](Gate.Open and Train.AtCrossing) Safety Example: Kåre J. Kristoffersen**A State satisfying Good is eventually reached:**E<> (Good) Liveness Properties There exists an execution For some state in this execution Kåre J. Kristoffersen**Liveness Example:**E<>(8<=x and x<=10 and y==0 and dx==0 and dy==0) There exist an execution (of Vector Rally) such that the car reaches the Finish Line and Halts. Nice: If there is such a path then UPPAAL will give us the shortest Kåre J. Kristoffersen**Global Declarations**//The obstacles int[0,10] b[4][4] := {{2,2,4,4},{0,7,3,8},{6,0,7,7},{9,6,10,7}}; // The speed vector int[-5,10] dx,dy; // Position and number of obstacles int[0,10] x:=0; int[0,10] y:=0; int[0,4] rect; // Sync. labels between Car and Checker chan check, ok; Kåre J. Kristoffersen**The Automaton Car**Kåre J. Kristoffersen**Principle of Collision Detection**Here, collision because: x1 <= a <= x2 AND L<= (a-x1)dy/dx +y1 <= h, which reduces to: x1 <= a <= x2 AND L*dx<= (a-x1)dy + y1*dx <= h*dx Kåre J. Kristoffersen**The Atomaton Checker**Kåre J. Kristoffersen**Collision Condition:**(((dx>0 and x<=b[rect][0] and x+dx>=b[rect][0])or(dx>0 and x>=b[rect][0] and x+dx<=b[rect][0])) and b[rect][1]*dx<= (y*dx)+(b[rect][0]-x)*dy and (y*dx)+(b[rect][0]-x)*dy<=b[rect][3]*dx) or (((dx<0 and x<=b[rect][0] and x+dx>=b[rect][0])or(dx<0 and x>=b[rect][0] and x+dx<=b[rect][0])) and b[rect][1]*dx>= (y*dx)+(b[rect][0]-x)*dy and (y*dx)+(b[rect][0]-x)*dy>=b[rect][3]*dx) or (((dx>0 and x<=b[rect][2] and x+dx>=b[rect][2])or(dx>0 and x>=b[rect][2] and x+dx<=b[rect][2])) and b[rect][1]*dx <= (y*dx)+(b[rect][2]-x)*dy and (y*dx)+(b[rect][2]-x)*dy<=b[rect][3]*dx) or (((dx<0 and x<=b[rect][2] and x+dx>=b[rect][2])or(dx<0 and x>=b[rect][2] and x+dx<=b[rect][2])) and b[rect][1]*dx >= (y*dx)+(b[rect][2]-x)*dy and (y*dx)+(b[rect][2]-x)*dy>=b[rect][3]*dx) or(((dy>0 and y<=b[rect][1] and y+dy>=b[rect][1]) or (dy>0 and y>=b[rect][1] and y+dy<=b[rect][1])) and b[rect][0]*dy<= (x*dy)+(b[rect][1]-y)*dx and (x*dy)+(b[rect][1]-y)*dx <= b[rect][2]*dy) or(((dy<0 and y<=b[rect][1] and y+dy>=b[rect][1]) or (dy<0 and y>=b[rect][1] and y+dy<=b[rect][1])) and b[rect][0]*dy>= (x*dy)+(b[rect][1]-y)*dx and (x*dy)+(b[rect][1]-y)*dx >= b[rect][2]*dy) or(((dy>0 and y<=b[rect][3] and y+dy>=b[rect][3]) or (dy>0 and y>=b[rect][3] and y+dy<=b[rect][3])) and b[rect][0]*dy<= (x*dy)+(b[rect][3]-y)*dx and (x*dy)+(b[rect][3]-y)*dx <= b[rect][2]*dy) or(((dy<0 and y<=b[rect][3] and y+dy>=b[rect][3]) or (dy<0 and y>=b[rect][3] and y+dy<=b[rect][3])) and b[rect][0]*dy>= (x*dy)+(b[rect][3]-y)*dx and (x*dy)+(b[rect][3]-y)*dx >= b[rect][2]*dy) ) not( x+dx<0 or x+dx>10 or y+dy<0 or y+dy>10 or (dx==0 and b[rect][0]<=x and x<=b[rect][2] and ((y<=b[rect][1] and y+dy>=b[rect][1])or (y>=b[rect][1] and y+dy<=b[rect][1])or (y<=b[rect][3] and y+dy>=b[rect][3])or (y>=b[rect][3] and y+dy<=b[rect][3]))) or (dy==0 and b[rect][1]<=y and y<=b[rect][3] and ((x<=b[rect][0] and x+dx>=b[rect][0])or (x>=b[rect][0] and x+dx<=b[rect][0])or (x<=b[rect][2] and x+dx>=b[rect][2])or (x>=b[rect][2] and x+dx<=b[rect][2]))) or Kåre J. Kristoffersen**Modelling**Simulation Verification Let’s try Uppaal Kåre J. Kristoffersen**The Solution:**Kåre J. Kristoffersen**Algorithm: Reachability Analysis**InitializePassed := Ø Waiting := {n0} Repeat Pick n from Waiting if n already in Passed then do nothing else add {m: n->m} to Waiting and move n to Passed Until (Waiting = Ø) OR (Goal in Waiting) Kåre J. Kristoffersen**How many Combinations?**y 1 Q: How many different states are there in this very simple grid? Hint: A state is a four tuple (x,y,dx,dy). 0 0 x 1 Kåre J. Kristoffersen**Exhaustive Verification**• 100 % coverage • Precomputes all possible execution paths and checks them prior to the execution of the program • Used for checking safety critical systems (controllers, drivers, etc.) • Suffers from the State Explosion problem • However, the limits of application of verification is constantly being pushed Kåre J. Kristoffersen**Performed at Runtime**Only a single program trace is being checked. Almost like testing Feasible for less safety critical systems like e.g. financial software Current research project (NEXT) on checking temporal business rules. Runtime Verification Kåre J. Kristoffersen**Start/Finish**Chellenge: Driving a Loop We need a small trick in the model to find the shortest path here!! Kåre J. Kristoffersen