1 / 20

Chapter 16 : KRONOS (Model Checking of Real-time Systems)

Chapter 16 : KRONOS (Model Checking of Real-time Systems). JIHO YANG. What is KRONOS?. KRONOS allows analyzing timed automata. KRONOS is a model checker for the TCTL(Timed CTL) logic. KRONOS checks whether a timed automaton satisfies a TCTL. KRONOS’ Essentials.

josew
Download Presentation

Chapter 16 : KRONOS (Model Checking of Real-time Systems)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter 16 : KRONOS (Model Checking of Real-time Systems) JIHO YANG

  2. What is KRONOS? • KRONOS allows analyzing timed automata. • KRONOS is a model checker for the TCTL(Timed CTL) logic. • KRONOS checks whether a timed automaton satisfies a TCTL.

  3. KRONOS’ Essentials • KRONOS is one of the tools, which implements a model checking algorithm for a timed temporal logic (TCTL). • KRONOS contains no graphical, no simulation modes. • KRONOS is a timed model checker. • http://www-verimag.imag.fr/TEMPORISE/kronos

  4. Railroad crossing example(Two train, a gate, a controller, a counter)

  5. Cont.

  6. Cont. KRONOS Code (Tr1.tg)  /* train1 */ #locs 3             /* number of states*/ #trans 3            /* number of transitions */ #clocks x1            /* clock */ #sync app1 exit1     /* synchronization labels */ loc: 0 prop: far inv: TRUE trans: TRUE => app1;  x1:=0  ; goto 1 loc: 1 prop: near inv: x1 < 30 trans: x1 > 20 and x1 < 30 => enter;   ; goto 2 loc: 2 prop: on inv: x1 < 50 trans: x1 > 20 and x1 < 50 => exit1;   ; goto 0 (trans: x1 > 30 and x1 < 50 => exit1;   ; goto 0)

  7. Synchronized Product • In order for several components of a system to communicate, KRONOS introduce a synchronization function. • KRONOS, a synchronization label is simply obtained by the union of the label sets of the components. • A set of transitions are synchronized if and only if each label occurring in one of the transition sets also belongs to one set of another transition.

  8. Cont. (example) • A1 containts the single transition {a,b} t1 : q1 ------- r1 • A2 contains the single transition {b,c} t2 : q2 ------- r2

  9. Cont. (example) • If b is a synchronization label, then the product of automata A1 and A2 contains transition of {a,b,c} q1,q2 ---------- r1,r2.

  10. Kronos code (Example) • Extension “.tg” : “timed graph” • Make the product of A1 and A2: A(12) Kronos -out A12.tg A1.tg A2.tg

  11. Cont.(Example) • Compose the result A(12) with A3: (we can express kronos code like) Kronos -out A12A3.tg A12.tg A3.tg

  12. Cont. • The automaton A(12)3 – the product of A1 and A2, and then compose the result A(12) with A3 • The automaton A1(23) – the product of A2 and A3, and then compose the result A(23) with A1 • It is not easy to use a modular approach.

  13. Cont. • There is two ways to overcome. • The first one consists in building in a single operation the product of all components of a given system. • Kronos code: Kronos –out S.tg Tr1.tg Tr2.tg Gate.tg Contr.tg Ct.tg

  14. Cont. • The second way: use a special option “-sd” • Kronos –sd –out A12.tg A1.tg A2.tg

  15. Model checking • The properties to be checked must be expressed by TCTL. • Each being in a separate file with extension “.tctl”

  16. Safety property • Safety property : Under certain conditions, an event never occur. ……??? • “when a train is inside the crossing, the gate is closed.” • Safe.tctl : Init impl AB(on impl closed) • AB correspond A and G of CTL • Impl : Boolean combinator

  17. Cont. • Verifying safety property KRONOS command: • Kronos –back S.tgsafe.tctl • (backward analysis) • Kronos –forw S.tgsafe.tctl • (forwards analysis) • Safe.eval contains the result

  18. Liveness property • Liveness property: under certain condition, some event will ultimately occur. • “from the moment where no train arrives anymore, the gate will be open after d time units.” • Express TCTL

  19. Cont. • Init => AG (┐near ^ ┐on => ┐E(┐near ^ ┐on ^ ┐open) U (>d) true)) • Write KRONOS when d = 20; Init impl AB((not near and not on) impl not((not near and not on and not open) EU{>20} TRUE))

  20. Questions…

More Related