[/] [trunk/] [README] - Blame information for rev 70

Line No. Rev Author Line
1 70 tbourke 
Urpal
2 
-----
3 
Urpal is your pal for Uppaal.
4 5 tbourke 
 
5 70 tbourke 
Urpal takes an Uppaal model as input, performs manipulations as described by
6 
a simple command language, and writes the resulting model back to a file.
7 
Its prime feature is the ability to construct a testing automaton for
8 
determining trace inclusion for a restricted class of timed automata. Uppaal
9 
can also: duplicate automata; create automata ready to accept all
10 
synchronisations on a set of channels; prune transitions based on their
11 
action label; conflate, drop and rename locations; and scale the graphical
12 
layout of a model. More details are in the manual_page.
13 60 tbourke 
 
14 70 tbourke 
Descriptions of the testing construction can be found in:
15 60 tbourke 
 
16 70 tbourke 
  * The thesis of Mariëlle Stoelinga, specifically Chapter 7 and Appendix
17 
    A. Development on Urpal began from her descriptions at the suggestion
18 
    of Frits Vaandrager.
19 60 tbourke 
 
20 70 tbourke 
  * The Scaling_up_Uppaal paper of Henrik Ejersbo Jensen, Kim Guldstrand
21 
    Larsen, and Arne Skou. Urpal incorporates their construction for
22 
    handling urgent locations and shared variables.
23 60 tbourke 
 
24 70 tbourke 
  * The paper by Arcot Sowmya and me, to be presented at EMSOFT 2008. This
25 
    paper presents several improvements to the original CSE technical
26 
    report (UNSE-CSE-TR-0723).
27 60 tbourke 
 
28 70 tbourke 
The testing construction cannot be performed on all timed automata,
29 
specifically several modelling features are not supported:
30 
  * non-deterministic automata (this assumption is not checked),
31 
  * non-synchronizing (τ) transitions,
32 
  * committed locations,
33 
  * process priorities,
34 
  * channel priorities,
35 
  * inputs on broadcast channels,
36 
  * some combinations for forall and select bindings (see this paper).
37 60 tbourke 
 
38 70 tbourke 
The software was developed at the The University of NSW and NICTA. It is
39 
released under a BSD License. Urpal uses technology developed with the
40 
imagination and ideas from NICTA, Australia's ICT Centre of Excellence. The
41 
source repository can be browsed online.
42 60 tbourke 
 
43 70 tbourke 
This software is provided as a prototype only: use at your own risk! It surely
44 
contains faults, please report them.
45 60 tbourke 
 
46 70 tbourke 
Graphviz is required to run Urpal. The source code has additional
47 
compilation dependencies.
48 62 tbourke 
 
49 70 tbourke 
Step-by-step Example
50 
--------------------
51 
1. Download and extract Urpal.
52 60 tbourke 
 
53 70 tbourke 
2. Download the Uppaal DTD, flat-1_1.dtd.
54 60 tbourke 
 
55 70 tbourke 
3. Install Graphviz if necessary.
56 60 tbourke 
 
57 70 tbourke 
4. Edit urpalrc, setting the paths to flat-1_1.dtd and Graphviz:
58 60 tbourke 
 
59 70 tbourke 
   dtd_path="flat-1_1.dtd"
60 
   graphviz {
61 
       path = "/usr/local"
62 
       engine = neato
63 
   }
64 60 tbourke 
 
65 70 tbourke 
 Urpal will look for the Graphviz executables, like fdp and neato, in a
66 
 bin subdirectory of the path given.
67 
 
68 
5. Download the simple example model:
69 
    http://www.cse.unsw.edu.au/~tbourke/software/urpal-example.xml.
70 
 
71 
6. Start a terminal, and run urpal:
72 
   ./urpal -i urpal-example.xml -o urpal-example-after.xml - e "Test=maketest(Template)"
73 
 
74 
 In the Windows command interpreter (cmd.exe), type rather:
75 
   urpal -i urpal-example.xml -o urpal-example-after.xml -e "Test=maketest(Template)"
76 
 
77 
7. The program should produce a model urpal-example-after.xml that can be
78 
   opened in Uppaal. The new model should contain the original Template
79 
   automaton and a new Test automaton.
80 
 
81 
One good way to verify the result is to model check the original automaton
82 
against the generated test automaton, which also exposes models that are not
83 
deterministic. This would be done for the above example by first changing
84 
the system declaration to: system Template, Test;, then verifying the
85 
formula: A[] (not Test.Err). Such tests have previously revealed faults in
86 
Urpal. Another test is to verify that no new deadlocks are introduced, as
87 
Test automata are always ready to synchronize. Since there are already two
88 
possibilities for deadlock in the example, the formula is:
89 
  A[] (deadlock imply ((Template.s2 and Template.x >=3 and Template.x < 4)
90 
                        or Template.s3))
91 
 
92 
The source repository includes a number of small test models, and a larger
93 
railway crossing controller example.
94 
 
95 
Improving the appearance of results
96 
-----------------------------------
97 
The layout routines rarely give perfect results, but they usually make the
98 
basic structure clear enough so that sense can be made of counter-example
99 
traces, and they are a reasonable starting point for manual rearrangement of
100 
label positions (the transition nails make other changes painful). If the
101 
results are very poor, try:
102 
 
103 
  * Scaling the source model before generating the test automaton. For
104 
    example, Test=maketest(scale(Template, 2.0)).
105 
 
106 
  * Tabulating the labels on transitions to the error state. For example,
107 
    Test=tabulate(maketest(Template), {Err}).
108 
 
109 
  * Trying different Graphviz layout routines. For example, either fdp --
110 
    set=graphviz{engine=fdp} or the other spring-based approach neato --
111 
    set=graphviz{engine=neato}. Usually one will give better results than
112 
    the other for a particular model.
113 
 
114 
  * Various combinations of the above.
115 
 
116 
  * Ultimately, manual rearranging the original automaton or the resulting
117 
    test automaton is sometimes the only satisfactory approach. Scaling the
118 
    model and using the tabulate feature can make it easier.
119 
 
120 
Author: Timothy Bourke
121 
LastChangedDate: 2008-08-28 11:58:27 +1000 (Thu, 28 Aug 2008)
122