Timed UML State Machines

1
Timed UML State Machines

• Ognyana Hristova
• Tutor Priv.-Doz. Dr. Thomas Noll
• June, 2007

2
Contents

• Introduction
• UML model
• Generalised Railroad Crossing problem
• Class diagrams
• State machines
• Collaborations
• Timed automata
• UML Collaboration in UPPAAL
• Verification
• Summary

3
Introduction

• Present the UML model using Generalised Railroad
  Crossing case study
• Class diagrams
• State machines and their verification
• Collaborations
• We show what is a tamed automaton and its
  representation in UPPAAL
• We show how represent the UML collaborations in
  UPPAAL

4
Contents

• Introduction
• UML model
• Generalised Railroad Crossing problem
• Class diagrams
• State machines
• Collaborations
• Timed automata
• UML Collaboration in UPPAAL
• Verification
• Summary

5
UML model

• Unified Modeling Language (UML) is a modeling
  language
• for specifying, visualizing, constructing, and
  documenting
• models of discrete event systems and models of
  software
• systems.
• defines several different structural and
  behavioral diagram types.
• For modeling real-time systems especially the
  behavioral
• diagrams are important
• include the dynamic system properties and timing
  information

6
Contents

• Introduction
• UML model
• Generalised Railroad Crossing problem
• Class diagrams
• State machines
• Collaborations
• Timed automata
• UML Collaboration in UPPAAL
• Verification
• Summary

7
UML model Generalised Railroad Crossing problem
GRS is a railway control system which controls
access to a gate, which is for several railroad
tracks lies, in a critical section of the tracks.

• the critical section is guarded by two sensors
  for each track (entry and exit sensors)
• for every track at most one train passes the
  critical section
• whenever the gate is occupied, the gate must be
  closed (safety property)
• when the gate initiates opening, it must become
  fully open and must stay open for a certain
  period (utility property)

8
UML model Generalised Railroad Crossing problem
GRS with timing annotation (part 1)
entry sensor
exit sensor

• Where
• ta ( Ta ) - minimal (maximal) time a train may
  take to pass the distance between A and D
• tg ( Tg ) minimal (maximal) time a train may
  take to pass the gate
• gu ( gd ) -a time for that the gate bars go up
  (down) from fully closed (open) to fully open
  (closed)

9
UML model Generalised Railroad Crossing problem
GRS with timing annotation (part 2)
entry sensor
exit sensor

• Where
• go - the minimal period the gate has to stay open
• gd ? ( gu go ?) - the time
  before that gate must initiate closing (open)
• ? lt ta - -

10
Contents

• Introduction
• UML model
• Generalised Railroad Crossing problem
• Class diagrams
• State machines
• Collaborations
• Timed automata
• UML Collaboration in UPPAAL
• Verification
• Summary

11
UML model Class diagrams
The class diagram shows the static structures of
the system

• define interfaces of participating objects
• specify attributes, methods, and associations
  (communication links)
• behavior will be defined by associated state
  machines

-id int
12
Contents

• Introduction
• UML model
• Generalised Railroad Crossing problem
• Class diagrams
• State machines
• Collaborations
• Timed automata
• UML Collaboration in UPPAAL
• Verification
• Summary

13
UML model State machines

• The state machine diagrams are used to detail the
  transitions or changes of state an object can go
  through in the system.
• In general they describe the dynamics.

Gate behavior
14
UML model State machines
Track behavior

• Where notation is
• guard/action
• means output

15
UML model State machines
Control state machine
16
Contents

• Introduction
• UML model
• Generalised Railroad Crossing problem
• Class diagrams
• State machines
• Collaborations
• Timed automata
• UML Collaboration in UPPAAL
• Verification
• Summary

17
UML model Collaborations

• Collaborations emphasize the structure of
  relationships between entities.
• They describe the flow of messages (calls)
  between objects .

Safe behavior
18
UML model Collaborations
Erroneous behavior utility property

• It is impossible that after the gate received an
  open signal, a close signal arrives before at
  least time gu go has elapsed

Timed state machines are compiled into timed
automata that exchange signals and operations.
19
Contents

• Introduction
• UML model
• Generalised Railroad Crossing problem
• Class diagrams
• State machines
• Collaborations
• Timed automata
• UML Collaboration in UPPAAL
• Verification
• Summary

20
Timed automata

• A timed automaton is a non-deterministic
  finite-state machine extended with clock
  variables.
• Definition Timed Automaton. A timed automaton is
  a tuple (L, l0, C, A, E, I), where
• L is a set of locations
• l0 is the initial location
• C is the set of clocks
• A is a set of actions, call actions and the
  internal action
• E is a set of edges between locations with an
  action, a guard and a set of clocks to be reset
• I assigns invariants to locations

21
Timed automata

• Restriction of general concept of timed automata
  in UPPAAL
• Expressions in UPPAAL modelling language range
  over clocks and integer variables.
• States may be associated with invariants of the
  form x c where x is a clock, c is an integer
  constant, and lt,.

22
Timed automata

• Transitions between states are labelled with
  triples (gd, sy, ac) where
• gd represents the guard of the transition,
  expressed as a conjunction of timing constraints
  x c or x y c and
  lt,,,,gt is a binary relation.
• sy is a (possibly void) synchronization
  annotation of the form a! or a? that denotes an
  offer or an acceptance to synchronize over the
  channel a, and
• ac is a set of reset operations x c on clocks.

23
Timed automata

• The UPPAAL modeling language uses timed automata
  with the following features
• the state of a system of timed automata consists
  of the control state, a valuation of the clocks
  and variables for each automaton.
• runs of timed automata are infinite sequences of
  system states that satisfy the invariants,
  separated by actions that represent either the
  passage of time or the execution of transitions.
  
• a transition can be fired only if its guard
  evaluates to true in the current system state.

24
Timed automata

• if the transition carries a synchronization
  annotation of the form a? or a! then some
  corresponding transition (labelled by a! or a?)
  of some other timed automaton has to be fired at
  the same time.
• resulting system state is obtained by updating
  the control states of the timed automata involved
  in the transition, and by updating the valuation
  by resetting clocks and assigning values to
  variables.

25
Timed automata
A simple lamp example
26
Contents

• Introduction
• UML model
• Generalised Railroad Crossing problem
• Class diagrams
• State machines
• Collaborations
• Timed automata
• UML Collaboration in UPPAAL
• Verification
• Summary

27
UML Collaboration in UPPAAL

• Collaborations are compiled into observer
  automata that may synchronize on the messages
  exchanged between the interacting instances.
• Collaborations are incomplete specifications of
  possible system runs where arbitrary message
  exchange may occur between the explicitly
  specified messages.
• Each message m is represented by an UPPAAL
  channel mRcvd.
• A constraint of the form v u c is associated
  with a clock xvu

28
UML Collaboration in UPPAAL

• Each state of the observer UPPAAL timed automaton
  checks either the occurrence of a reception of a
  stimulus according to the order of the
  collaboration or the violation of a timing
  constraint
• If the reception of message m is annotated by u
  for a timing constraint v u c the clock xvu
  is initialised when a stimulus for m is
  successfully registered
• If the reception of message m is annotated by v
  for a timing constraint v u c, there are two
  transitions
• (xvu c) leads to an error state

29
UML Collaboration in UPPAAL

• (xvu c) enables the remaining messages

Observer UPPAAL timed automata for utility
property
30
Contents

• Introduction
• UML model
• Generalised Railroad Crossing problem
• Class diagrams
• State machines
• Collaborations
• Timed automata
• UML Collaboration in UPPAAL
• Verification
• Summary

31
Verification
Safety property for the GRS case study
fails due to race condition between messages
32
Contents

• Introduction
• UML model
• Generalised Railroad Crossing problem
• Class diagrams
• State machines
• Collaborations
• Timed automata
• UML Collaboration in UPPAAL
• Verification
• Summary

33
Summary

• The essential role in the process of building
  software system belongs to the design process.
  The designers use Unified Modeling Language
• The state machine diagrams are special type of
  diagram in UML. They are used to detail the
  transitions or changes of state an object can go
  through in the system. In general they describe
  the dynamics.

34

• Thanks!