1. An introduction to
Uppaal
Ulrik Hørlyk Hjort
BestPractice Consulting & Advising 2010
2. The Uppaal System
► UPPAAL is a tool for modeling, validation and
verification of real-time systems.
► It is appropriate for systems that can be modeled as
a collection of non-deterministic processes with finite
control structure and real-valued clocks (i.e. timed
automata), communicating through channels and (or)
shared data structures.
► Typical application areas include real-time
controllers, communication protocols, and other
systems in which timing aspects are critical.
4. The System Editor
► Thesystem editor is used to create and edit the
system model to be analysed
►A system model describe a network of a finite
number of non-deterministic finite state
automata
► Transitions between states may be labeled with:
■ Guards
■ Synchronizations
■ Assignment statements
10. The Model Checker (Verifier)
► Themodel checker verify the model with respect to a
requirement specification.
► Verifies
safety, bounded-liveness and other user
specified properties by reachability analysis.
► The model checker support three Path formulae:
■ Reachability
■ Safety
■ Liveness
11. E<>φ - “φ Reachable”
► E<>φ – It is possible to reach a state in which
φ is satisfied
► φ is true in – at least – one reachable state
12. The Simulator
► Lets
users simulate the models to visually
explore their dynamic behavior.
13. Simple Phone Case
► Model a phone that can:
■ Receive a call
■ Make a call
■ Receive an sms
► Requirement:
■ Ifa call come while user write an sms, the user
shall be able to answer or reject the call and then
return to the sms editor.
19. Simple Phone Requirement
Verification
► Requirement:
■ If a call come while user write an sms, the user shall be able to
answer or reject the call and then return to the sms editor.True
► Verify
that there is a path to the location “Call” in the
“ReceiveCall” automata and a path to the location
“ExitReceivedCall” in the “SendSms” automata
► Therequirement can be verified with the reachability
property as:
■ E<>SendSms.ExitReceivedCall and ReceiveCall.Call
► Which evealuate to true in the verifier
20. Simulate the simple phone
model
► Use the simulator to verify that it is possible
to cover all edges in the model and that the
model is deadlock free