Analyzing a χ model of a turntable system using Spin, CADP and Uppaal (original) (raw)

2005, The Journal of Logic and Algebraic Programming

https://doi.org/10.1016/J.JLAP.2005.05.001

Sign up for access to the world's latest research

checkGet notified about relevant papers

checkSave papers to use in your research

checkJoin the discussion with peers

checkTrack your impact

Abstract

sparkles

AI

The paper investigates the χ model of a turntable system, utilizing the Spin, CADP, and Uppaal tools for formal verification and analysis. It highlights the interactions within the turntable system, emphasizes the role of these computational tools in verifying system properties, and discusses the results derived from the analysis and their implications for future research in system modeling.

Figures (13)

Fig. 1. The turntable system

Fig. 1. The turntable system

5) No drilling (testing or removing) takes place if there is no prod- uct in the slot and no adding can be performed if there is a

  1. No drilling (testing or removing) takes place if there is no prod- uct in the slot and no adding can be performed if there is a

After the signal cRotate the process must delay. In UPPAAL, a delay can be performed only in a location. To translate the delay we have to declare the clock (locally). Before the delay the clock must be reset to 0 in the assignment part of the ingoing edge (clTurning := 0). Then, the process is allowed to delay in the location. During the delay the value of the clock is increased and the invariant on the location makes sure that the value of the clock will not exceed the value of the timeout (clTurning < 4). The guard (clTurning == 4) on the outgoing edge ensures that the process delays in the location for the exact number of time units and will not leave the location earlier (Figure 3, a). In order to translate the sequential composition (cRotate ? bS2; AZ), the end location of the timed automaton that corresponds to cRotate ? bS2 should be merged with the input location of the timed automaton that corresponds to the delay. The resulting timed automaton is depicted in Figure 3, b (note, that the initial location is marked with double circle). As one can see, the merged location is defined as a committed one, this is done to make sure that the process will not delay in this location. In UPPAAL several assignments can

After the signal cRotate the process must delay. In UPPAAL, a delay can be performed only in a location. To translate the delay we have to declare the clock (locally). Before the delay the clock must be reset to 0 in the assignment part of the ingoing edge (clTurning := 0). Then, the process is allowed to delay in the location. During the delay the value of the clock is increased and the invariant on the location makes sure that the value of the clock will not exceed the value of the timeout (clTurning < 4). The guard (clTurning == 4) on the outgoing edge ensures that the process delays in the location for the exact number of time units and will not leave the location earlier (Figure 3, a). In order to translate the sequential composition (cRotate ? bS2; AZ), the end location of the timed automaton that corresponds to cRotate ? bS2 should be merged with the input location of the timed automaton that corresponds to the delay. The resulting timed automaton is depicted in Figure 3, b (note, that the initial location is marked with double circle). As one can see, the merged location is defined as a committed one, this is done to make sure that the process will not delay in this location. In UPPAAL several assignments can

In order to translate the alternative composition of the created timed au- tomata we merged their input locations into the one and did the same with their end locations (Figure 4). From the united input location the process can synchronize with other processes. If there is no synchronization available the process delays in the input location. If several of them are available the choice is made in a non-deterministic way. This behavior corresponds to the alternative composition in x.

In order to translate the alternative composition of the created timed au- tomata we merged their input locations into the one and did the same with their end locations (Figure 4). From the united input location the process can synchronize with other processes. If there is no synchronization available the process delays in the input location. If several of them are available the choice is made in a non-deterministic way. This behavior corresponds to the alternative composition in x.

Fig. 5. The translated part of the turn_table process To translate the repetition operator, we need to add an edge from the enc location of the process to its input location. The edge is marked with (*) it Figure 4. Again, in order not to allow the process to delay in its former enc location this location is labeled as a committed one. Knowing that the proces must leave this location immediately we can get rid of it. The translation of th: part of the turn_table process into the UPPAAL timed automaton is depictec in Figure 5.

Fig. 5. The translated part of the turn_table process To translate the repetition operator, we need to add an edge from the enc location of the process to its input location. The edge is marked with (*) it Figure 4. Again, in order not to allow the process to delay in its former enc location this location is labeled as a committed one. Knowing that the proces must leave this location immediately we can get rid of it. The translation of th: part of the turn_table process into the UPPAAL timed automaton is depictec in Figure 5.

After finishing the additional processes set the flags to false and main_control can continue the execution of the sequential part. Note, that after starting up the nested processes the main process delays in the location till their comple- tion. For this reason this location cannot be marked as urgent. To implement maximal progress we add synchronization over the urgent channel cDummy to the outgoing edge and a” dummy” process that can perform only synchroniza- tion on the channel cDummy. Note, that in general case the nested processes can be synchronized with the main process by means of additional channels instead of flags.

After finishing the additional processes set the flags to false and main_control can continue the execution of the sequential part. Note, that after starting up the nested processes the main process delays in the location till their comple- tion. For this reason this location cannot be marked as urgent. To implement maximal progress we add synchronization over the urgent channel cDummy to the outgoing edge and a” dummy” process that can perform only synchroniza- tion on the channel cDummy. Note, that in general case the nested processes can be synchronized with the main process by means of additional channels instead of flags.

Cited by

Component-Based Design and Analysis of Embedded Systems with UPPAAL PORT

2008

UPPAAL PORT is a new tool for component-based design and analysis of embedded systems. It operates on the hierarchically structured continuous time component modeling language SaveCCM and provides efficient model-checking by using partial-order reduction techniques that exploits the structure and the component behavior of the model. UPPAAL PORT is implemented as an extension of the verification engine in the UPPAAL tool. The tool can be used as back-end in to the Eclipse based SaveCCM integrated development environment, which supports user friendly editing, simulation, and verification of models.

Loading...

Loading Preview

Sorry, preview is currently unavailable. You can download the paper by clicking the button above.