Download presentation

Presentation is loading. Please wait.

Published byAlize Grymes Modified about 1 year ago

1
Chapter 16 : KRONOS (Model Checking of Real-time Systems) JIHO YANG

2
What is KRONOS? KRONOS allows analyzing timed automata. KRONOS is a model checker for the TCTL(Timed CTL) logic. KRONOS checks whether a timed automaton satisfies a TCTL.

3
KRONOS’ Essentials KRONOS is one of the tools, which implements a model checking algorithm for a timed temporal logic (TCTL). KRONOS contains no graphical, no simulation modes. KRONOS is a timed model checker. http://www-verimag.imag.fr/TEMPORISE/kronos

4
Railroad crossing example ( Two train, a gate, a controller, a counter)

5
Cont.

6
KRONOS Code (Tr1.tg) /* train1 */ #locs 3 /* number of states*/ #trans 3 /* number of transitions */ #clocks x1 /* clock */ #sync app1 exit1 /* synchronization labels */ loc: 0 prop: far inv: TRUE trans: TRUE => app1; x1:=0 ; goto 1 loc: 1 prop: near inv: x1 < 30 trans: x1 > 20 and x1 enter; ; goto 2 loc: 2 prop: on inv: x1 < 50 trans: x1 > 20 and x1 exit1; ; goto 0 (trans: x1 > 30 and x1 exit1; ; goto 0)

7
Synchronized Product In order for several components of a system to communicate, KRONOS introduce a synchronization function. KRONOS, a synchronization label is simply obtained by the union of the label sets of the components. A set of transitions are synchronized if and only if each label occurring in one of the transition sets also belongs to one set of another transition.

8
Cont. (example) A1 containts the single transition {a,b} t1 : q1 ------- r1 A2 contains the single transition {b,c} t2 : q2 ------- r2

9
Cont. (example) If b is a synchronization label, then the product of automata A1 and A2 contains transition of {a,b,c} q1,q2 ---------- r1,r2.

10
Kronos code (Example) Extension “.tg” : “timed graph” Make the product of A1 and A2: A(12) Kronos -out A12.tg A1.tg A2.tg

11
Cont.(Example) Compose the result A(12) with A3: (we can express kronos code like) Kronos -out A12A3.tg A12.tg A3.tg

12
Cont. The automaton A(12)3 – the product of A1 and A2, and then compose the result A(12) with A3 The automaton A1(23) – the product of A2 and A3, and then compose the result A(23) with A1 It is not easy to use a modular approach.

13
Cont. There is two ways to overcome. The first one consists in building in a single operation the product of all components of a given system. Kronos code: Kronos –out S.tg Tr1.tg Tr2.tg Gate.tg Contr.tg Ct.tg

14
Cont. The second way: use a special option “-sd” Kronos –sd –out A12.tg A1.tg A2.tg

15
Model checking The properties to be checked must be expressed by TCTL. Each being in a separate file with extension “.tctl”

16
Safety property Safety property : Under certain conditions, an event never occur. ……??? “when a train is inside the crossing, the gate is closed.” Safe.tctl : Init impl AB(on impl closed) AB correspond A and G of CTL Impl : Boolean combinator

17
Cont. Verifying safety property KRONOS command: Kronos –back S.tg safe.tctl (backward analysis) Kronos –forw S.tg safe.tctl (forwards analysis) Safe.eval contains the result

18
Liveness property Liveness property: under certain condition, some event will ultimately occur. “from the moment where no train arrives anymore, the gate will be open after d time units.” Express TCTL

19
Cont. Init => AG ( ┐ near ^ ┐ on => ┐ E( ┐ near ^ ┐ on ^ ┐ open) U (>d) true)) Write KRONOS when d = 20; Init impl AB((not near and not on) impl not((not near and not on and not open) EU{>20} TRUE))

20
Questions…

Similar presentations

© 2017 SlidePlayer.com Inc.

All rights reserved.

Ads by Google