Uppaal introduction
Download
1 / 78

UPPAAL Introduction - PowerPoint PPT Presentation


  • 131 Views
  • Uploaded on

UPPAAL Introduction. Chien-Liang Chen. Outline. Real-Time Verification and Validation Tools Promela and SPIN Simulation Verification Real-Time Extensions: RT-SPIN – Real-Time extensions to SPIN UPPAAL – Toolbox for validation and verification of real-time systems. Modelling. UPPAAL.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'UPPAAL Introduction' - keelty


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Uppaal introduction

UPPAAL Introduction

Chien-Liang Chen


Outline
Outline

  • Real-Time Verification and Validation Tools

    • Promela and SPIN

      • Simulation

      • Verification

    • Real-Time Extensions:

      • RT-SPIN – Real-Time extensions to SPIN

      • UPPAAL – Toolbox for validation and verification of real-time systems



Uppaal
UPPAAL

  • UPPAAL is a tool box for simulation and verification of real-time systems based on constraint solving and other techniques.

  • UPPAAL was developed jointly by Uppsala University and Aalborg University.

  • It can be used for systems that are modeled as a collection of non-deterministic processes w/ finite control structures and real-valued clocks, communicating through channels and/or shared variables.

  • It is designed primarily to check both invariants and reachability properties by exploring the statespace of a system.


Uppaal components
UPPAAL Components

  • UPPAAL consists of three main parts:

    • a description language,

    • a simulator, and

    • a model checker.

  • The description language is a non-deterministic guarded command language with data types. It can be used to describe a system as a network of timed automata using either a graphical (*.atg, *.xml) or textual (*.xta) format.

  • The simulator enables examination of possible dynamic executions of a system during the early modeling stages.

  • The model checker exhaustively checks all possible states.


Uppaal tools earlier version
UPPAAL Tools (earlier version)

  • checkta – syntax checker

  • simta – simulator

  • verifyta – model checker


Example xta file format from uppaal in a nutshell
Example – .xta file format (from UPPAAL in a Nutshell)

clock x, y;

int n;

chan a;

process A {

state A0 { y<=6 }, A1, A2, A3;

init A0;

trans A0 -> A1 {

guard y>=3;

sync a!;

assign y:=0;

},

A1 -> A2 {

guard y>=4;

},

A2 -> A3 {

guard n==5;

}, A3 -> A0;

}


Example cont from uppaal in a nutshell
Example (cont.) (from UPPAAL in a Nutshell)

process B {

state B0 { x<=4 }, B1, B2, B3;

commit B1;

init B0;

trans B0 -> B1 {

guard x>=2;

sync a?;

assign n:=5,x:=0;

},

B1 -> B2 {

assign n:=n+1;

},

B2 -> B3 {

}, B3 -> B0;

}

system A, B;



Linear temporal logic ltl
Linear Temporal Logic (LTL)

  • LTL formulae are used to specify temporal properties.

  • LTL includes propositional logic and temporal operators:

    • [ ]P = always P

    • <>P = eventually P

    • P U Q = P is true until Q becomes true

  • Examples:

    • Invariance: [ ] (p)

    • Response: [ ] ((p) -> (<> (q)))

    • Precedence: [ ] ((p) -> ((q) U (r)))

    • Objective: [ ] ((p) -> <>((q) || (r)))


Labels and transitions
Labels and Transitions

  • The edges of the automata can be labeled with three different types of labels:

    • a guard expressing a condition on the values of clocks and integer variables that must be satised in order for the edge to be taken,

    • a synchronization action which is performed when the edge is taken, and

    • a number of clock resets and assignments to integer variables.

  • Nodes may be labeled with invariants; that is, conditions expressing constraints on the clock values in order for control to remain in a particular node.


Committed locations
Committed Locations

A committed location must be left immediately.

A broadcast can be represented by two transitions with a committed state between sends.


Transitions

  • Action transitions – if two complementary edges of two different components are enabled in a state, then they can synchronize; also, if a component has an enabled internal edge, the edge can be taken without any synchronizaton; e.g., from ((A0,B0),x=3.5,y=3.5,n=0) the two components can synchronize to ((A1,B1),x=0,y=0,n=5).

Transitions

  • Delay transitions – if none of the invariants of the nodes in the current state are violated, time may progress without making a transition; e.g., from ((A0,B0),x=0,y=0,n=0), time may elapse 3.5 units to ((A0,B0),x=3.5,y=3.5,n=0), but time cannot elapse 5 time units because that would violate the invariant on B0.


Transitions cont
Transitions (cont.) different components are enabled in a state, then they can synchronize; also, if a component has an enabled internal edge, the edge can be taken without any synchronizaton; e.g., from ((A

  • Action transitions – if two complementary edges of two different components are enabled in a state, then they can synchronize; also, if a component has an enabled internal edge, the edge can be taken without any synchronizaton; e.g., from ((A0,B0),x=0,y=0,n=0) the two components can synchronize to ((A1,B1),x=0,y=0,n=5).


Uppaal transitions
UPPAAL Transitions different components are enabled in a state, then they can synchronize; also, if a component has an enabled internal edge, the edge can be taken without any synchronizaton; e.g., from ((A


Urgent channels and committed locations
Urgent Channels and Committed Locations different components are enabled in a state, then they can synchronize; also, if a component has an enabled internal edge, the edge can be taken without any synchronizaton; e.g., from ((A

  • Transitions can be overruled by the presence of urgent channels and committed locations:

    • When two components can synchronize on an urgent channel, no further delay is allowed; e.g., if channel a is urgent, time could not elapse beyond 3, because in state ((A0,B0),x=3,y=3,n=0), synchronization on channel a is enabled.


Committed nodes
Committed Nodes different components are enabled in a state, then they can synchronize; also, if a component has an enabled internal edge, the edge can be taken without any synchronizaton; e.g., from ((A

  • Transitions can be overruled by the presence of urgent channels and committed locations:

    • If one of the components is in a committed node, no delay is allowed to occur and any action transition must involve the component committed to continue; e.g., in state ((A1,B1),x=0,y=0,n=5), B1 is commited, so the next state of the network is ((A1,B2),x=0,y=0,n=6).


Uppaal locations
UPPAAL Locations different components are enabled in a state, then they can synchronize; also, if a component has an enabled internal edge, the edge can be taken without any synchronizaton; e.g., from ((A


Translation to uppaal
Translation to UPPAAL different components are enabled in a state, then they can synchronize; also, if a component has an enabled internal edge, the edge can be taken without any synchronizaton; e.g., from ((A

P1 :: while True do

T1 : wait(turn=1)

C1 : turn:=0

endwhile

||

P2 :: while True do

T2 : wait(turn=0)

C2 : turn:=1

endwhile

Mutual Exclusion Program


Example mutual exclusion
Example: Mutual Exclusion different components are enabled in a state, then they can synchronize; also, if a component has an enabled internal edge, the edge can be taken without any synchronizaton; e.g., from ((A


Intelligent light control

x:=0 different components are enabled in a state, then they can synchronize; also, if a component has an enabled internal edge, the edge can be taken without any synchronizaton; e.g., from ((A

x<=3

x>3

Intelligent Light Control

press?

Off

Light

Bright

press?

press?

press?

  • Requirements: If a user quickly presses the light control twice, then the light should get brighter; on the other hand, if the user slowly presses the light control twice, the light should turn off.

  • Solution: Add a real-valued clock, x.


Uppaal model networks of timed automata
UPPAAL Model = different components are enabled in a state, then they can synchronize; also, if a component has an enabled internal edge, the edge can be taken without any synchronizaton; e.g., from ((ANetworks of Timed Automata

A timed automaton is a standard finite state automaton extended with a finite collection of real-valued clocks.


Timed automata
Timed Automata different components are enabled in a state, then they can synchronize; also, if a component has an enabled internal edge, the edge can be taken without any synchronizaton; e.g., from ((A

Alur & Dill 1990

Clocks: x, y

Guard

Boolean combination of comp with

integer bounds

n

Reset

Action perfomed on clocks

x<=5 && y>3

State

(location , x=v , y=u ) where v,u are in R

a

Transitions

x := 0

a

(n , x=2.4 , y=3.1415 )

(m , x=0 , y=3.1415 )

Action

used

for synchronization

m

e(1.1)

(n , x=2.4 , y=3.1415 )

(n , x=3.5 , y=4.2415 )


Timed automata invariants
Timed Automata - Invariants different components are enabled in a state, then they can synchronize; also, if a component has an enabled internal edge, the edge can be taken without any synchronizaton; e.g., from ((A

n

Clocks: x, y

x<=5

Transitions

x<=5 & y>3

e(3.2)

Location

Invariants

(n , x=2.4 , y=3.1415 )

a

e(1.1)

(n , x=2.4 , y=3.1415 )

(n , x=3.5 , y=4.2415 )

x := 0

m

Invariants ensure progress.

y<=10

g4

g1

g3

g2


A simple program
A simple program different components are enabled in a state, then they can synchronize; also, if a component has an enabled internal edge, the edge can be taken without any synchronizaton; e.g., from ((A

Int x

Process P

do

:: x<2000  x:=x+1

od

Process Q

do

:: x>0  x:=x-1

od

Process R

do

:: x=2000  x:=0

od

fork P; fork Q; fork R

What are possible values for x?

Questions/Properties:

E<>(x>1000)

E<>(x>2000)

A[](x<=2000)

E<>(x<0)

A[](x>=0)

Possible

Always


Verification example xta
Verification (example.xta) different components are enabled in a state, then they can synchronize; also, if a component has an enabled internal edge, the edge can be taken without any synchronizaton; e.g., from ((A

int x:=0;

process P{

state S0;

init S0;

trans S0 -> S0{guard x<2000; assign x:=x+1; };

}

process Q{

state S1;

init S1;

trans S1 -> S1{guard x>0; assign x:=x-1; };

}

process R{

state S2;

init S2;

trans S2 -> S2{guard x==0; assign x:=0; };

}

p1:=P();

q1:=Q();

r1:=R();

system p1,q1,r1;

Int x

Process P

do

:: x<2000  x:=x+1

od

Process Q

do

:: x>0  x:=x-1

od

Process R

do

:: x=2000  x:=0

od

fork P; fork Q; fork R


Bnf for q format
BNF for q-format different components are enabled in a state, then they can synchronize; also, if a component has an enabled internal edge, the edge can be taken without any synchronizaton; e.g., from ((A


Example mutual exclusion1
Example: Mutual Exclusion different components are enabled in a state, then they can synchronize; also, if a component has an enabled internal edge, the edge can be taken without any synchronizaton; e.g., from ((A


Example mutex2 xta
Example (mutex2.xta) different components are enabled in a state, then they can synchronize; also, if a component has an enabled internal edge, the edge can be taken without any synchronizaton; e.g., from ((A

//Global declarations

int turn;

int in_CS;

//Process template

process P(const id){

clock x;

state Idle, Try, Crit;

init Idle;

trans Idle -> Try{assign turn:=id, x:=0; },

Try -> Crit{guard turn==(1-id); assign in_CS:=in_CS+1; },

Try -> Try{guard turn==id; },

Crit -> Idle{guard x>3; assign in_CS:=in_CS-1; };

}

//Process assignments

P1:=P(1);

P2:=P(0);

//System definition.

system P1, P2;


From uppaal time models to kripke structures

T1 C2 different components are enabled in a state, then they can synchronize; also, if a component has an enabled internal edge, the edge can be taken without any synchronizaton; e.g., from ((A

t=0

C1 T2

t=1

T1 T2

t=0

T1 T2

t=1

I1 C2

t=0

C1 I2

t=1

I1 T2

t=0

T1 I2

t=0

T1 I2

t=1

I1 T2

t=1

I1 I2

t=1

From UPPAAL-time Models to Kripke Structures

I1 I2

t=0


Ctl models
CTL Models different components are enabled in a state, then they can synchronize; also, if a component has an enabled internal edge, the edge can be taken without any synchronizaton; e.g., from ((A


Computation tree logic ctl clarke and emerson 1980
Computation Tree Logic, CTL different components are enabled in a state, then they can synchronize; also, if a component has an enabled internal edge, the edge can be taken without any synchronizaton; e.g., from ((A(Clarke and Emerson, 1980)

Syntax


Example from uppaal2k small tutorial

Obs different components are enabled in a state, then they can synchronize; also, if a component has an enabled internal edge, the edge can be taken without any synchronizaton; e.g., from ((A

P1

Example(from UPPAAL2k: Small Tutorial)


Example cont1
Example (cont.) different components are enabled in a state, then they can synchronize; also, if a component has an enabled internal edge, the edge can be taken without any synchronizaton; e.g., from ((A


Example cont2

Obs different components are enabled in a state, then they can synchronize; also, if a component has an enabled internal edge, the edge can be taken without any synchronizaton; e.g., from ((A

P1

Example (cont.)

  • Verification:

    • A[](Obs.taken imply x>=2)

    • E<>(Obs.idle and x>3)

    • E<>(Obs.idle and x>3000)


Example cont3
Example (cont.) different components are enabled in a state, then they can synchronize; also, if a component has an enabled internal edge, the edge can be taken without any synchronizaton; e.g., from ((A


Example cont4
Example (cont.) different components are enabled in a state, then they can synchronize; also, if a component has an enabled internal edge, the edge can be taken without any synchronizaton; e.g., from ((A


Translation to uppaal1
Translation to UPPAAL different components are enabled in a state, then they can synchronize; also, if a component has an enabled internal edge, the edge can be taken without any synchronizaton; e.g., from ((A

P1 :: while True do

T1 : wait(turn=1)

C1 : turn:=0

endwhile

||

P2 :: while True do

T2 : wait(turn=0)

C2 : turn:=1

endwhile

Mutual Exclusion Program


Ctl models1
CTL Models different components are enabled in a state, then they can synchronize; also, if a component has an enabled internal edge, the edge can be taken without any synchronizaton; e.g., from ((A


Computation tree logic ctl clarke and emerson 19801
Computation Tree Logic, CTL different components are enabled in a state, then they can synchronize; also, if a component has an enabled internal edge, the edge can be taken without any synchronizaton; e.g., from ((A(Clarke and Emerson, 1980)

Syntax


Uppaal introduction

p different components are enabled in a state, then they can synchronize; also, if a component has an enabled internal edge, the edge can be taken without any synchronizaton; e.g., from ((A

s

s1

p

s2

s3...

p

Path

The set of path starting in s


Formal semantics
Formal Semantics different components are enabled in a state, then they can synchronize; also, if a component has an enabled internal edge, the edge can be taken without any synchronizaton; e.g., from ((A


Ctl derived operators
CTL, Derived Operators different components are enabled in a state, then they can synchronize; also, if a component has an enabled internal edge, the edge can be taken without any synchronizaton; e.g., from ((A

possible

inevitable

AF p

EF p

p

p

p

p

. . .

. . .

. . .

. . .

. . .

. . .

. . .

. . .


Ctl derived operators1
CTL, Derived Operators different components are enabled in a state, then they can synchronize; also, if a component has an enabled internal edge, the edge can be taken without any synchronizaton; e.g., from ((A

potentially always

always

AG p

EG p

p

p

p

p

p

p

p

p

p

p

. . .

. . .

. . .

. . .

. . .

. . .

. . .

. . .


Theorem
Theorem different components are enabled in a state, then they can synchronize; also, if a component has an enabled internal edge, the edge can be taken without any synchronizaton; e.g., from ((A

  • All operators are derivable from

    • EX f

    • EG f

    • E[ f U g ]

  • and boolean connectives


Uppaal specification language
UPPAAL Specification Language different components are enabled in a state, then they can synchronize; also, if a component has an enabled internal edge, the edge can be taken without any synchronizaton; e.g., from ((A

A[] p (AG p)

E<> p (EF p)

p::= a.l | gd | gc | p and p |

p or p | not p | p imply p |

( p )

process location

data guards

clock guards


Semantics example
Semantics: Example different components are enabled in a state, then they can synchronize; also, if a component has an enabled internal edge, the edge can be taken without any synchronizaton; e.g., from ((A

push

push

click


Light switch cont
Light Switch (cont.) different components are enabled in a state, then they can synchronize; also, if a component has an enabled internal edge, the edge can be taken without any synchronizaton; e.g., from ((A

A[] (x <= y)

P.on --> P.off

push

push

click


Paths
Paths different components are enabled in a state, then they can synchronize; also, if a component has an enabled internal edge, the edge can be taken without any synchronizaton; e.g., from ((A

push

Example Path:

push

click


Elapsed time in path
Elapsed Time in Path different components are enabled in a state, then they can synchronize; also, if a component has an enabled internal edge, the edge can be taken without any synchronizaton; e.g., from ((A

Example:

s=

D(s,1)=3.5, D(s,6)=3.5+9=12.5


Infinite state space
Infinite State Space? different components are enabled in a state, then they can synchronize; also, if a component has an enabled internal edge, the edge can be taken without any synchronizaton; e.g., from ((A


Regions finite partitioning of state space
Regions different components are enabled in a state, then they can synchronize; also, if a component has an enabled internal edge, the edge can be taken without any synchronizaton; e.g., from ((AFinite partitioning of state space

Definition

y

2

1

1

2

3

x

An equivalence class (i.e. a region)

in fact there are only a finite number of regions!


Regions finite partitioning of state space1
Regions different components are enabled in a state, then they can synchronize; also, if a component has an enabled internal edge, the edge can be taken without any synchronizaton; e.g., from ((AFinite partitioning of state space

Definition

y

2

1

r

Successor regions, Succ(r)

1

2

3

x

An equivalence class (i.e. a region)


Regions finite partitioning of state space2
Regions different components are enabled in a state, then they can synchronize; also, if a component has an enabled internal edge, the edge can be taken without any synchronizaton; e.g., from ((AFinite partitioning of state space

Definition

y

2

1

THEOREM

r

{x}r

{y}r

1

2

3

x

Reset

regions

An equivalence class (i.e. a region) r


Region graph of simple timed automata
Region graph of simple timed automata different components are enabled in a state, then they can synchronize; also, if a component has an enabled internal edge, the edge can be taken without any synchronizaton; e.g., from ((A


Modified light switch
Modified light switch different components are enabled in a state, then they can synchronize; also, if a component has an enabled internal edge, the edge can be taken without any synchronizaton; e.g., from ((A


Uppaal introduction

Reachable part different components are enabled in a state, then they can synchronize; also, if a component has an enabled internal edge, the edge can be taken without any synchronizaton; e.g., from ((A

of region graph

Properties


Roughly speaking
Roughly speaking.... different components are enabled in a state, then they can synchronize; also, if a component has an enabled internal edge, the edge can be taken without any synchronizaton; e.g., from ((A

Model checking a timed automata

against a TCTL-formula amounts to

model checking its region graph

against a CTL-formula


Problem to be solved
Problem to be solved different components are enabled in a state, then they can synchronize; also, if a component has an enabled internal edge, the edge can be taken without any synchronizaton; e.g., from ((A

Model Checking TCTL is PSPACE-hard


Zones from infinite to finite

y different components are enabled in a state, then they can synchronize; also, if a component has an enabled internal edge, the edge can be taken without any synchronizaton; e.g., from ((A

y

x

x

Zones: From Infinite to Finite

Symbolic state (set)

(n, )

State

(n, x=3.2, y=2.5)

Zone:

conjunction of

x-y<=n, x<=>n


Symbolic transitions
Symbolic Transitions different components are enabled in a state, then they can synchronize; also, if a component has an enabled internal edge, the edge can be taken without any synchronizaton; e.g., from ((A

1<=x, 1<=y

-2<=x-y<=3

y

y

1<=x<=4

1<=y<=3

delays to

n

x

x

x>3

y

y

3<x, 1<=y

-2<=x-y<=3

conjuncts to

a

x

x

y:=0

projects to

3<x, y=0

m

Thus (n,1<=x<=4,1<=y<=3) =a => (m, 3<x, y=0)


Forward reachability
Forward Reachability different components are enabled in a state, then they can synchronize; also, if a component has an enabled internal edge, the edge can be taken without any synchronizaton; e.g., from ((A

Init -> Final ?

INITIALPassed:= Ø;

Waiting:= {(n0,Z0)}

REPEAT

- pick (n,Z) in Waiting

- if for some Z’ Z

(n,Z’) in PassedthenSTOP

- else (explore) add

{ (m,U) : (n,Z) => (m,U) }

to Waiting;

Add (n,Z) to Passed

UNTILWaiting = Ø

or

Final is in Waiting

Final

Waiting

Init

Passed


Forward reachability1
Forward Reachability different components are enabled in a state, then they can synchronize; also, if a component has an enabled internal edge, the edge can be taken without any synchronizaton; e.g., from ((A

Init -> Final ?

INITIALPassed:= Ø;

Waiting:= {(n0,Z0)}

REPEAT

- pick (n,Z) in Waiting

- if for some Z’ Z

(n,Z’) in PassedthenSTOP

- else (explore) add

{ (m,U) : (n,Z) => (m,U) }

to Waiting;

Add (n,Z) to Passed

UNTILWaiting = Ø

or

Final is in Waiting

Final

Waiting

n,Z

n,Z’

Init

Passed


Forward reachability2
Forward Reachability different components are enabled in a state, then they can synchronize; also, if a component has an enabled internal edge, the edge can be taken without any synchronizaton; e.g., from ((A

Init -> Final ?

INITIALPassed:= Ø;

Waiting:= {(n0,Z0)}

REPEAT

- pick (n,Z) in Waiting

- if for some Z’ Z

(n,Z’) in PassedthenSTOP

- else /explore/ add

{ (m,U) : (n,Z) => (m,U) }

to Waiting;

Add (n,Z) to Passed

UNTILWaiting = Ø

or

Final is in Waiting

Waiting

Final

m,U

n,Z

n,Z’

Init

Passed


Forward reachability3
Forward Reachability different components are enabled in a state, then they can synchronize; also, if a component has an enabled internal edge, the edge can be taken without any synchronizaton; e.g., from ((A

Init -> Final ?

INITIALPassed:= Ø;

Waiting:= {(n0,Z0)}

REPEAT

- pick (n,Z) in Waiting

- if for some Z’ Z

(n,Z’) in PassedthenSTOP

- else /explore/ add

{ (m,U) : (n,Z) => (m,U) }

to Waiting;

Add (n,Z) to Passed

UNTILWaiting = Ø

or

Final is in Waiting

Waiting

Final

m,U

n,Z

n,Z’

Init

Passed


Uppaal verification options
UPPAAL Verification Options different components are enabled in a state, then they can synchronize; also, if a component has an enabled internal edge, the edge can be taken without any synchronizaton; e.g., from ((A

  • Diagnostic Trace

  • Breadth-First

    • Depth-First

  • Local Reduction

  • Global Reduction

  • Active-Clock Reduction

  • Re-Use State-Space

  • Over-Approximation

  • Under-Approximation


Forward rechability
Forward Rechability different components are enabled in a state, then they can synchronize; also, if a component has an enabled internal edge, the edge can be taken without any synchronizaton; e.g., from ((A

Init -> Final ?

INITIALPassed:= Ø;

Waiting:= {(n0,Z0)}

REPEAT

- pick (n,Z) in Waiting

- if for some Z’ Z

(n,Z’) in PassedthenSTOP

- else /explore/ add

{ (m,U) : (n,Z) => (m,U) }

to Waiting;

Add (n,Z) to Passed

UNTILWaiting = Ø

or

Final is in Waiting

Waiting

Final

m,U

location

zone

n,Z

n,Z’

Init

Passed


Order of exploration depth first vs breadth first
Order of Exploration different components are enabled in a state, then they can synchronize; also, if a component has an enabled internal edge, the edge can be taken without any synchronizaton; e.g., from ((ADepth-First vs Breadth-First

Depth-First

Waitingstored on stack

Breadth-First

Waitingstored in queue

Waiting

Final

m,U

n,Z

In most cases BF is preferred because

it allows for generation of “shortest”

traces.

DF is useful in situations when

reachability may be concluded without

generating the full state-space.

Easy computation of traces.

n,Z’

Init

Passed


Philips bounded retransmission protocol brp

Philips Bounded Retransmission Protocol (BRP) different components are enabled in a state, then they can synchronize; also, if a component has an enabled internal edge, the edge can be taken without any synchronizaton; e.g., from ((A

[D’Argenio et.al. 97]


Protocol overview
Protocol Overview different components are enabled in a state, then they can synchronize; also, if a component has an enabled internal edge, the edge can be taken without any synchronizaton; e.g., from ((A

  • Protocol developed by Philips.

  • Transfer data between Audio/Video components via infra-red communication.

  • Data files are sent in smaller chunks.

  • Problem: Unreliable communication medium.

  • Solution:

    • Sender retransmits if receiver responds too late.

    • Receiver aborts if sender sends too late.


Overview of brp
Overview of BRP different components are enabled in a state, then they can synchronize; also, if a component has an enabled internal edge, the edge can be taken without any synchronizaton; e.g., from ((A

Input: file = p1, …, pn

Output: p1, …, pn

Sender

Receiver

S

R

BRP

pi

K

lossy

ack

L

lossy


How it works
How It Works different components are enabled in a state, then they can synchronize; also, if a component has an enabled internal edge, the edge can be taken without any synchronizaton; e.g., from ((A

  • Sender input: file = p1, …, pn.

  • S sends (p1,FST,0), (p2,INC,1), …, (pn-1,INC,1), (pn,OK,0).

  • R sends: ack, …, ack.

  • S retransmits pi if timeout.

  • Receiver recives: p1, …, pn.

  • Sender and Receiver receive NOK or OK.

more parts

will follow

first part of file

whole file OK


Brp model overview
BRP Model Overview different components are enabled in a state, then they can synchronize; also, if a component has an enabled internal edge, the edge can be taken without any synchronizaton; e.g., from ((A

Input: file = p1, …, pn

Output: p1, …, pn

Sender

Receiver

OK, NOK, DK

IND, OK, NOK

S

R

BRP

(pi,INDicator,abit)

K

lossy

L

lossy

ack


The lossy media
The Lossy Media different components are enabled in a state, then they can synchronize; also, if a component has an enabled internal edge, the edge can be taken without any synchronizaton; e.g., from ((A

one-place

capacity

delay

value-passing

lossy = may drop

messages


Bounded retransmission
Bounded Retransmission different components are enabled in a state, then they can synchronize; also, if a component has an enabled internal edge, the edge can be taken without any synchronizaton; e.g., from ((A

  • BRP Sender S sends a chunk pi and waits for ack from BRP Receiver R.

  • If timeout occurs, the chunk is retransmitted.

  • If too many timeouts occur, the transmission fails (NOK is sent to the Sender).

  • If the whole file is successfully transmitted, then OK is sent to the Sender.

  • BRP Receiver is similar.


Process s brp sender
Process S – BRP Sender different components are enabled in a state, then they can synchronize; also, if a component has an enabled internal edge, the edge can be taken without any synchronizaton; e.g., from ((A


Process r brp receiver
Process R – BRP Receiver different components are enabled in a state, then they can synchronize; also, if a component has an enabled internal edge, the edge can be taken without any synchronizaton; e.g., from ((A


Sender and receiver applications
Sender and Receiver - Applications different components are enabled in a state, then they can synchronize; also, if a component has an enabled internal edge, the edge can be taken without any synchronizaton; e.g., from ((A