0

I'm using UPPAAL for an academic project and I have some questions. I have to design a timed automata so my model has invariants on locations and clock guards on the edges. The problem is I must also verify my model. When I have cheked for deadlock states, before including guards, UPPAAL told me the property was satified. Now that I have add guards (with <=) it tells me the property is not satified so there are states that are not deadlock free. Using diagnostic trace I discovered the problem are the guards with the <= but I can't understand why. Can someone please help me figure it out? ps Sorry for my bad english

Scarlett
  • 1
  • 1
  • 1
    Is there any reason for not showing your model? Please visit the [help center](https://stackoverflow.com/help) and especially [How to create a Minimal, Reproducible Example](https://stackoverflow.com/help/minimal-reproducible-example). – Renaud Pacalet Apr 26 '22 at 04:58

1 Answers1

1

With x <= C guard where x is a clock and C is a constant, the system runs into situation where the time has progressed beyond and x is now above C, but the guard is disabling the edge, thus the system does not have any edge to execute -- deadlock. To see this, inspect the clock constraints when "deadlock" transition is selected in the symbolic simulator.

Here is an example: enter image description here

This means that the process has no enabled edge and thus deadlock when x>5 (which makes the guard false and disable that edge).

The edge transition is still available when x<=5 and the simulator shows that constraint when that transition is selected:

enter image description here

mariusm
  • 1,483
  • 1
  • 11
  • 26
  • Thank you very much! So how can I avoid deadlock? I have to put contraints that are going to be always true? I can't understand if deadlocks are a tolerated thing or If the model must be design without them as a rule of good design. – Scarlett Apr 26 '22 at 06:53
  • 1
    Normally we want systems without deadlocks, but sometimes we introduce potential error states (including deadlocks) and then prove that they can never happen, or they are intricate part of the system (e.g. a puzzle with deadends and we want a trace/solution avoiding the deadends). So it all depends on your goal/purpose. For such simple scenario as above you need to learn about invariants (I do not want to spoil your exercise by giving out the concrete answer). – mariusm Apr 27 '22 at 05:28
  • Based on your answer I guess there is a solution that allows me to use guard <= without incurring deadlocks. Ok, I'll try to figure it out :) thanks. – Scarlett Apr 27 '22 at 16:11
  • I think I have found the solution. I am writing it here to help someone else. Reading a paper I found that a well-formed model must have an incoming edge with a clock reset to 0, an invariant with < and an outcome edge with >. I did so and now the system has no more deadlocks. It was hard to find anyway... – Scarlett Apr 27 '22 at 21:18