View
49
Download
1
Category
Preview:
DESCRIPTION
Timed Automata. Timed Automata Intelligent Light Control. press?. Off. Light. Bright. press?. Press?. Press?. WANT: if press is issued twice quickly then the light will get brighter ; otherwise the light is turned off. Timed Automata Intelligent Light Control. press?. X
Citation preview
Timed Automata
2
Off Light Brightpress? Press?
press?
Press?
WANT: if press is issued twice quickly then the light will get brighter; otherwise the light is turned off.
Timed AutomataIntelligent Light Control
3
Timed AutomataIntelligent Light Control
Off Light Bright
Solution: Add real-valued clock x
X:=0X<=3
X>3
press? Press?
press?
Press?
4
Timed Automata
n
m
a
(Alur & Dill 1990)
Clocks: x, y
x<=5 & y>3
x := 0
Guard Boolean combination of comp withinteger bounds
ResetAction perfumed on clocks
Transitions
( n , x=2.4 , y=3.1415 ) ( n , x=3.5 , y=4.2415 )
e(1.1)
( n , x=2.4 , y=3.1415 ) ( m , x=0 , y=3.1415 )
a
State ( location , x=v , y=u ) where v,u are in R
Actionused
for synchronization
5
n
m
a
Clocks: x, y
x<=5 & y>3
x := 0
Transitions
( n , x=2.4 , y=3.1415 ) ( n , x=3.5 , y=4.2415 )
e(1.1)
( n , x=2.4 , y=3.1415 )
e(3.2)
x<=5
y<=10
LocationInvariants
g1g2 g3
g4
Invariants ensure progress!!
Timed Safety Automata = Timed Automata + Invariants
(Henzinger et al, 1992)
6
Clock Constraints
7
Timed (Safety) Automata
8
Timed Automata: Exampleguard
reset
location
9
Timed Automata: Exampleguard
reset
location
10
Timed Automata: Example
3x
11
Timed Automata: Example
3x
12
Timed Automata: Example
13
Timed Automata: Example
14
Light Switch
push
pushclick
9y
15
Light Switch
Switch may be turned on whenever at least 2 time units has elapsed since last “turn off”
push
pushclick
9y
16
Light Switch
Switch may be turned on whenever at least 2 time units has elapsed since last “turn off”
Light automatically switches off after 9 time units.
push
pushclick
9y
17
Semantics
clock valuations:state:Semantics of timed automata is a labeled
transition systemwhere
action transition
delay Transition
)(),( CVvandLlwherevl
})(|),({ LlandCVvvlS
0:)( RCvCV
),( S
0')')((
),(),(
RddwheneverdvlInv
iffdvlvl d
g a rl l’
)')('(][')(
)','(),(
vlInvandrvvandvg
iffvlvl a
18
Semantics: Example
...)9,0,()9),3(9,(
)3,3,(),0,(
),()0,(
)5.3,()0,(
)3(93
5.3
yxoffyxon
yxonyxon
yxonyxon
yxoffyxoff
click
push
push
push
pushclick
9y
19
Networks of Timed Automata + Integer Variables + arrays ….
l1
l2
a!
x>=2i==3
x := 0i:=i+4
m1
m2
a?
y<=4
…………. Two-way synchronizationon complementary actions.
Closed Systems!
(l1, m1,………, x=2, y=3.5, i=3,…..) (l2,m2,……..,x=0, y=3.5, i=7,…..)
(l1,m1,………,x=2.2, y=3.7, I=3,…..)
0.2
tau
Example transitions
If a URGENT CHANNEL
20
Timed AutomataTimed AutomataTimed Systems
Gate
Controller
approach
exit
far near
in
enter
x := 0
Train
x := 0 x > 2
x <= 5
lower
down
up
raise
y := 0y <= 1
y <= 2
y >= 1
y := 0
lower
exit
approachz <= 3
z <= 1
raise
z := 0
z := 0
x >= 1
21
Timed AutomataTimed AutomataTimed Systems
Gate
Controller
exit
far near
in
enter
x := 0
Train
x := 0 x > 2
x <= 5
lower
down
up
raise
y := 0y <= 1
y <= 2
y >= 1
y := 0
lower
exit
approachz <= 3
z <= 1
raise
z := 0
z := 0
time
approachx >= 1
22
Timed AutomataTimed AutomataTimed Systems
Gate
Controller
exit
far near
in
enter
x := 0
Train
x := 0 x > 2
x <= 5
lower
down
up
raise
y := 0y <= 1
y <= 2
y >= 1
y := 0
lower
exit
approachz <= 3
z <= 1
raise
z := 0
z := 0
approach
timez <= 3
approachx >= 1
23
Timed AutomataTimed AutomataTimed Systems
Gate
Controller
exit
far near
in
enter
x := 0
Train
x := 0 x > 2
x <= 5
lower
down
up
raise
y := 0y <= 1
y <= 2
y >= 1
y := 0
lower
exit
approachz <= 3
z <= 1
raise
z := 0
z := 0
approach lower
timez <= 3 y <= 1
approachx >= 1
24
Timed AutomataTimed AutomataTimed Systems
Gate
Controller
exit
far near
in
enter
x := 0
Train
x := 0 x > 2
x <= 5
lower
down
up
raise
y := 0y <= 1
y <= 2
y >= 1
y := 0
lower
exit
approachz <= 3
z <= 1
raise
z := 0
z := 0
approach lower enter
timex > 2 x <= 5
x = 2.1y = 0.9z = 2.1
approachx >= 1
Timed CTL
26
TCTL = CTL + Time
inz
clocksformulaDz
nspropositioautomicAPp
,,
,,
constraints over formula clocks and automata clocks
“freeze operator” introduces new formula clock z
E[ U ], A[ U ] - like in CTL
No EX
27
Derived Operators
Along any path holds continuously until within 7 time units
becomes valid.
=
=
The property may becomes valid within 5 time units.
28
Light Switch (cont)
push
pushclick
9y
onx
onx
xoff
xoff
xoff
offon
offon
yx
U E
U A
U E
U A
U A
)AFAG(
)AFAG(
)AG(
2
2
3
3
2
9
29
Timeliness Properties
receive(m) always occurs within 5 time units after send(m)
receive(m) may occur exactly 11 time units after send(m)
putbox occurs periodically (exactly) every 25 time units
(note: other putbox’s may occur in between)
30
A1 B1 CS1V:=1 V=1
A2 B2 CS2V:=2 V=2
Init V=1
2´
VCriticial Section
Fischer’s ProtocolA simple MUTEX Algorithm
21 CSCS AG
31
A1 B1 CS1V:=1 V=1
A2 B2 CS2V:=2 V=2
Init V=1
2´
VCriticial Section
Fischer’s ProtocolA simple MUTEX Algorithm
Y<1
X:=0
Y:=0
X>1
Y>1
X<1
12
212
21
CS
CSCS
CSCS
EF
AF
AG
32
Paths
Example:
push
pushclick
9y
...)9,0,()9),3(9,(
)3,3,(),0,(
),()0,(
)5.3,()0,(
)3(93
5.3
yxoffyxon
yxonyxon
yxonyxon
yxoffyxoff
click
push
push
33
Elapsed time in path
...)9,0,()9),3(9,(
)3,3,(),0,(
),()0,(
)5.3,()0,(
)3(93
5.3
yxoffyxon
yxonyxon
yxonyxon
yxoffyxoff
click
push
push
Example:
34
TCTL Semanticss - (location, clock valuation)
w - formula clock valuation
PM(s) - set of paths from s
Pos() - positions in ,i) - elapsed time
(i,d) <<(i’,d’) iff (i<j) or ((i=j) and (d<d’))
Region AutomataModel Checking
36
Infinite State Space?
37
RegionsFinite partitioning of state space
x
y ”Definition”
.properties
samesatisfy and
or
automata. timed
any of locationany for
iff
(l,w')(l,w)
l
w'lBehwl Behww ),(),('
1 2 3
1
2
'ww
38
RegionsFinite partitioning of state space
x
y ”Definition”
.properties
samesatisfy and
or
automata. timed
any of locationany for
iff
(l,w')(l,w)
l
w'lBehwl Behww ),(),('
1 2 3
1
2
'ww
max determinedby timed automata(and formula)
39
RegionsFinite partitioning of state space
x
y Definition
max
'
n
nxxnx
w'www
jii
where
and
form the
of conditions same exact the
satisfy and iff
1 2 3
1
2
max determinedby timed automata(and formula)
'ww
Alternativeto JPK
40
RegionsFinite partitioning of state space
x
y Definition
max
'
n
nxxnx
w'www
jii
where
and
form the
of conditions same exact the
satisfy and iff
An equivalence class (i.e. a region)in fact there is only a finite number of regions!!
1 2 3
1
2
41
RegionsFinite partitioning of state space
x
y Definition
max
'
n
nxxnx
w'www
jii
where
and
form the
of conditions same exact the
satisfy and iff
An equivalence class (i.e. a region)
Successor regions, Succ(r)
r
1 2 3
1
2
42
RegionsFinite partitioning of state space
x
y
Definition
max
'
n
nxxnx
w'www
jii
where
and
form the
of conditions same exact the
satisfy and iff
An equivalence class (i.e. a region) r
{x}r
{y}r
r
Resetregions
sat
sat
then Whenever
','
,
''
vl,u
vl,u
vuuv
THEOREM
1 2 3
1
2
43
Region graph of a simple timed automata
44
Fischers again A1 B1 CS1V:=1 V=1
A2 B2 CS2V:=2 V=2Y<1
X:=0
Y:=0
X>1
Y>1
X<1
21 CSCS AG
A1,A2,v=1
A1,B2,v=2
A1,CS2,v=2
B1,CS2,v=1
CS1,CS2,v=1
Untimed case
A1,A2,v=1x=y=0
A1,A2,v=10 <x=y <1
A1,A2,v=1x=y=1
A1,A2,v=11 <x,y
A1,B2,v=20 <x<1
y=0
A1,B2,v=20 <y < x<1
A1,B2,v=20 <y < x=1
y=0
A1,B2,v=20 <y<1
1 <x
A1,B2,v=21 <x,y
A1,B2,v=2y=11 <x
A1,CS2,v=21 <x,y
No further behaviour possible!!
Timed case
PartialRegion Graph
45
Modified light switch
46
)AFAG(
)AFAG(
)AG(
offon
offon
yx
9
Reachable partof region graph
Properties
47
Roughly speaking....
Model checking a timed automata against a TCTL-formula amounts to
model checking its region graph against a CTL-formula
Model checking a timed automata against a TCTL-formula amounts to
model checking its region graph against a CTL-formula
48
Problem to be solved
Model Checking TCTL is PSPACE-hard
END
Recommended