MUNTA -- Fully Verified Model Checker for Timed Automata
- a model checker for the popular realtime systems modeling formalism of Timed Automata
- formally verified with Isabelle/HOL: there is a machine-checked proof that it only computes correct results!
MUNTA is at an early stage of development. Nevertheless, you can:
- run the model checker on a number of benchmarks
- browse the Isabelle/HOL proof
- try its graphical user interface here
Graphical User Interface
MUNTA now features a graphical user interface:
The following instructions should work on all Unix systems.
To build the checker:
Install the MLton compiler. Then run:
cd ML make
To build the checker with OCaml:
cd ML ocamlfind ocamlopt -package zarith -package angstrom -linkpkg nums.cmxa -linkpkg UPPAAL_Model_Checker.ml -linkpkg Checker.ml
To browse the sources interactively in Isabelle:
isabelle jedit -l Refine_Imperative_HOL
and open one of the
To build the Isabelle sources and extract the checker source code:
isabelle build -d . TA_Code
and build the checker as described above.
After building, you can run the verification server via:
cd ML python server.py
The server will run under port 3069 and communicates with the GUI.
Pick one of the files from
benchmarks and run:
ML/munta < benchmarks/<the_benchmark>.munta
MUNTA is aimed at understanding bytecode produced by UPPAAL.
However, for the time being, this bytecode needs to be pre-processed slightly.
You can find some pre-processed benchmarks in
The input format is documented in
isabelle build -d . TA isabelle build -d . TA_All
and you will get the following:
output/abstract_reachability.pdf: the abstract formalization of reachability checking for Timed Automata
output/model_checking.pdf: the formalization of MUNTA and the route from the abstract formalization to the correctness proof for MUNTA
output/model_checking_proofs.pdf: variants of the above documents with proofs