Chapter 16 : KRONOS (Model Checking of Real-time Systems)

1
Chapter 16 KRONOS (Model Checking of Real-time
Systems)

• JIHO YANG

2
What is KRONOS?

• KRONOS allows analyzing timed automata.
• KRONOS is a model checker for the TCTL(Timed CTL)
  logic.
• KRONOS checks whether a timed automaton satisfies
  a TCTL.

3
KRONOS Essentials

• KRONOS is one of the tools, which implements a
  model checking algorithm for a timed temporal
  logic (TCTL).
• KRONOS contains no graphical, no simulation
  modes.
• KRONOS is a timed model checker.
• http//www-verimag.imag.fr/TEMPORISE/kronos

4
Railroad crossing example(Two train, a gate, a
controller, a counter)
5
Cont.
6
Cont.

• KRONOS Code (Tr1.tg)
•  / train1 /
• locs 3             / number of states/
• trans 3            / number of transitions /
• clocks x1            / clock /
• sync app1 exit1     / synchronization labels /
•  
• loc 0
• prop far
• inv TRUE
• trans TRUE gt app1  x10  goto 1
•  
• loc 1
• prop near
• inv x1 lt 30
• trans x1 gt 20 and x1 lt 30 gt enter   goto 2
•  
• loc 2
• prop on

7
Synchronized Product

• In order for several components of a system to
  communicate, KRONOS introduce a synchronization
  function.
• KRONOS, a synchronization label is simply
  obtained by the union of the label sets of the
  components.
• A set of transitions are synchronized if and only
  if each label occurring in one of the transition
  sets also belongs to one set of another
  transition.

8
Cont. (example)

• A1 containts the single transition
• a,b
• t1 q1 -------? r1
• A2 contains the single transition
• b,c
• t2 q2 -------? r2

9
Cont. (example)

• If b is a synchronization label, then the product
  of automata A1 and A2 contains transition of
• a,b,c
• q1,q2 ----------? r1,r2.

10
Kronos code (Example)

• Extension .tg
• timed graph
• Make the product of A1 and A2 A(12)
• Kronos -out A12.tg A1.tg A2.tg

11
Cont.(Example)

• Compose the result A(12) with A3
• (we can express kronos code like)
• Kronos -out A12A3.tg A12.tg A3.tg

12
Cont.

• The automaton A(12)3 the product of A1 and A2,
  and then compose the result A(12) with A3
• The automaton A1(23) the product of A2 and A3,
  and then compose the result A(23) with A1
• It is not easy to use a modular approach.

13
Cont.

• There is two ways to overcome.
• The first one consists in building in a single
  operation the product of all components of a
  given system.
• Kronos code
• Kronos out S.tg Tr1.tg Tr2.tg Gate.tg
  Contr.tg Ct.tg

14
Cont.

• The second way
• use a special option -sd
• Kronos sd out A12.tg A1.tg A2.tg

15
Model checking

• The properties to be checked must be expressed by
  TCTL.
• Each being in a separate file with extension
  .tctl

16
Safety property

• Safety property Under certain conditions, an
  event never occur. ???
• when a train is inside the crossing, the gate is
  closed.
• Safe.tctl
• Init impl AB(on impl closed)
• AB correspond A and G of CTL
• Impl Boolean combinator

17
Cont.

• Verifying safety property
• KRONOS command
• Kronos back S.tg safe.tctl
• (backward analysis)
• Kronos forw S.tg safe.tctl
• (forwards analysis)
• Safe.eval contains the result

18
Liveness property

• Liveness property under certain condition, some
  event will ultimately occur.
• from the moment where no train arrives anymore,
  the gate will be open after d time units.
• Express TCTL

19
Cont.

• Init gt AG (near on gt E(near on
  open) U (gtd) true))
• Write KRONOS when d 20
• Init impl
• AB((not near and not on) impl
• not((not near and not on and not open)
  EUgt20 TRUE))

20
Questions