119
On Time Petri Nets and Scheduling Didier Lime IRCCyN / ´ Ecole Centrale de Nantes 5 septembre 2007 Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 1 / 48

On Time Petri Nets and Scheduling - Conférences … · On Time Petri Nets and Scheduling Didier Lime IRCCyN / ´Ecole Centrale de Nantes 5 septembre 2007 Didier Lime (IRCCyN / ECN)

  • Upload
    letu

  • View
    221

  • Download
    0

Embed Size (px)

Citation preview

On Time Petri Nets and Scheduling

Didier Lime

IRCCyN / Ecole Centrale de Nantes

5 septembre 2007

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 1 / 48

Plan I

Introduction

Time Petri Nets with Stopwatches (and more)Petri Nets and ExtensionsTime Petri NetsScheduling Time Petri Nets

Abstractions for Scheduling-TPNsThe State Class GraphPolyhedra On Demand!

Verifying propertiesObserversModel-checking

Conclusion and Future Work

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 2 / 48

Introduction

Plan I

Introduction

Time Petri Nets with Stopwatches (and more)

Abstractions for Scheduling-TPNs

Verifying properties

Conclusion and Future Work

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 3 / 48

Introduction

Introduction

◮ Results in this talk owe credit to Olivier H. Roux, BernardBerthomieu, Morgan Magnin and Francois Vernadat;

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 4 / 48

Introduction

Introduction

◮ Results in this talk owe credit to Olivier H. Roux, BernardBerthomieu, Morgan Magnin and Francois Vernadat;

◮ Verification of real-time systems is a tough problem: time,uncertainty, complex synchronizations, preemptive scheduler,distribution. . .

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 4 / 48

Introduction

Introduction

◮ Results in this talk owe credit to Olivier H. Roux, BernardBerthomieu, Morgan Magnin and Francois Vernadat;

◮ Verification of real-time systems is a tough problem: time,uncertainty, complex synchronizations, preemptive scheduler,distribution. . .

◮ A lot of work has been devoted to analytical results ofschedulability, giving worst-case response-time for tasks;

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 4 / 48

Introduction

Introduction

◮ Results in this talk owe credit to Olivier H. Roux, BernardBerthomieu, Morgan Magnin and Francois Vernadat;

◮ Verification of real-time systems is a tough problem: time,uncertainty, complex synchronizations, preemptive scheduler,distribution. . .

◮ A lot of work has been devoted to analytical results ofschedulability, giving worst-case response-time for tasks;

◮ They are very good with simple settings;

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 4 / 48

Introduction

Introduction

◮ Results in this talk owe credit to Olivier H. Roux, BernardBerthomieu, Morgan Magnin and Francois Vernadat;

◮ Verification of real-time systems is a tough problem: time,uncertainty, complex synchronizations, preemptive scheduler,distribution. . .

◮ A lot of work has been devoted to analytical results ofschedulability, giving worst-case response-time for tasks;

◮ They are very good with simple settings;

◮ They are not so good with precedences, timing uncertainties,distribution, . . .

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 4 / 48

Introduction

A well-known paradox

τ1

0 5 10 15 20

τ4

0 5 10 15 20

τ3

0 5 10 15 20

τ2

0 5 10 15 20

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 5 / 48

Introduction

A well-known paradox

τ1

0 5 10 15 20

τ4

0 5 10 15 20

τ3

0 5 10 15 20

τ2

0 5 10 15 20

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 6 / 48

Time Petri Nets with Stopwatches (and more)

Plan I

Introduction

Time Petri Nets with Stopwatches (and more)Petri Nets and ExtensionsTime Petri NetsScheduling Time Petri Nets

Abstractions for Scheduling-TPNs

Verifying properties

Conclusion and Future Work

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 7 / 48

Time Petri Nets with Stopwatches (and more) Petri Nets and Extensions

Petri Nets

p1 p2

p3

p4

t1 t3

t2

• • •

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 8 / 48

Time Petri Nets with Stopwatches (and more) Petri Nets and Extensions

Petri Nets

p1 p2

p3

p4

t1 t3

t2

if M ≥ •t then M ′ = M − •t + t•

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 8 / 48

Time Petri Nets with Stopwatches (and more) Petri Nets and Extensions

Petri Net Example: Basic Semaphore Synchronization

P2 P4

P3P1

Psem

TsemV TsemP

T1 T2

• •

(τ1) (τ2)

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 9 / 48

Time Petri Nets with Stopwatches (and more) Petri Nets and Extensions

Petri Net Example: Mutual Exclusion

sc

P1

Psem

sc

P3

semV

semP

semV

semP

• •

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 10 / 48

Time Petri Nets with Stopwatches (and more) Petri Nets and Extensions

Petri Net Example: Peterson’s Algorithm

P:d ← false

loop

<non critical section>

d ← true

turn ← 1

wait(¬d ′∨ turn= 0)<critical section>

d ← false

end loop

P ′:

d ′ ← false

loop

<non critical section>

d ′ ← true

turn ← 0

wait(¬d∨ turn= 1)<critical section>

d ′ ← false

end loop

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 11 / 48

Time Petri Nets with Stopwatches (and more) Petri Nets and Extensions

Petri Net Example: Peterson’s Algorithm

P1

P2

sc

d0 d1

d ′

0 d ′

1

turn0 turn1

update

waitwait′

endsc

• •

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 12 / 48

Time Petri Nets with Stopwatches (and more) Petri Nets and Extensions

Petri Net Example: Peterson’s Algorithm

P1

P2

sc

d0 d1

d ′

0 d ′

1

turn0 turn1

update

waitwait′

endsc

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 12 / 48

Time Petri Nets with Stopwatches (and more) Petri Nets and Extensions

Petri Net Example: Peterson’s Algorithm

P1

P2

sc

d0 d1

d ′

0 d ′

1

turn0 turn1

update

waitwait′

endsc

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 12 / 48

Time Petri Nets with Stopwatches (and more) Petri Nets and Extensions

Petri Net Example: Peterson’s Algorithm

P1

P2

sc

d0 d1

d ′

0 d ′

1

turn0 turn1

update

waitwait′

endsc

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 12 / 48

Time Petri Nets with Stopwatches (and more) Petri Nets and Extensions

Read Arcs

P0 P0

T0 T0

• •

if M ≥ •t and M ≥ ⋄t then M ′ = M − •t + t•

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 13 / 48

Time Petri Nets with Stopwatches (and more) Petri Nets and Extensions

Inhibitor Arcs

P0 P1

T0

• •

if M ≥ •t and M < ◦t then M ′ = M − •t + t•

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 14 / 48

Time Petri Nets with Stopwatches (and more) Petri Nets and Extensions

Petri Net Example: Fixed Priority Scheduling

(non-preemptive)

P0 P1 P2

P ′

0 P ′

1 P ′

2

Pe

T0 T1 T2

Tin0 Tin1 Tin2

T ′

0 T ′

1 T ′

2

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 15 / 48

Time Petri Nets with Stopwatches (and more) Time Petri Nets

Time Petri Nets

p1 p2

p3

p4

t1 t3

t2

• • •

A Petri Net

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 16 / 48

Time Petri Nets with Stopwatches (and more) Time Petri Nets

Time Petri Nets

p1 p2

p3

p4

t1[0, 1] t3[2, 3]

t2[1, 3]

• • •

A Time Petri Net

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 16 / 48

Time Petri Nets with Stopwatches (and more) Time Petri Nets

Time Petri Nets

p1 p2

p3

p4

t1[0, 1] t3[2, 3]

t2[1, 3]

• • •

A Time Petri Net

(

M0,t1 = 0,t3 = 0

)

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 16 / 48

Time Petri Nets with Stopwatches (and more) Time Petri Nets

Time Petri Nets

p1 p2

p3

p4

t1[0, 1] t3[2, 3]

t2[1, 3]

• • •

A Time Petri Net

(

M0,t1 = 0,t3 = 0

)

0.62−−→

(

M0,t1 = 0.62,

t3 = 0.62

)

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 16 / 48

Time Petri Nets with Stopwatches (and more) Time Petri Nets

Time Petri Nets

p1 p2

p3

p4

t1[0, 1] t3[2, 3]

t2[1, 3]

A Time Petri Net

(

M0,t1 = 0,t3 = 0

)

0.62−−→

(

M0,t1 = 0.62,

t3 = 0.62

)

t1−→(

M1,t1 = 0.62,t2 = 0

)

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 16 / 48

Time Petri Nets with Stopwatches (and more) Time Petri Nets

About newly enabled transitions

P1

t1 [0, 6]

t2 [0, 3]

Fire t1

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 17 / 48

Time Petri Nets with Stopwatches (and more) Time Petri Nets

About newly enabled transitions

P1

t1 [0, 6]

t2 [0, 3]

Fire t1t1 and t2 are not enabled by M − •t1

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 17 / 48

Time Petri Nets with Stopwatches (and more) Time Petri Nets

About newly enabled transitions

P1

t1 [0, 6]

t2 [0, 3]

Fire t1t1 and t2 are not enabled by M − •t1t1 and t2 are newly enabled

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 17 / 48

Time Petri Nets with Stopwatches (and more) Time Petri Nets

About newly enabled transitions

P1

t1 [0, 6]

t2 [0, 3]

••

Fire t1

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 17 / 48

Time Petri Nets with Stopwatches (and more) Time Petri Nets

About newly enabled transitions

P1

t1 [0, 6]

t2 [0, 3]

Fire t1t1 and t2 are enabled by M − •t1 but t1 is the fired transition

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 17 / 48

Time Petri Nets with Stopwatches (and more) Time Petri Nets

About newly enabled transitions

P1

t1 [0, 6]

t2 [0, 3]

••

Fire t1t1 and t2 are enabled by M − •t1 but t1 is the fired transitiont2 remains enabled, t1 is newly enabled

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 17 / 48

Time Petri Nets with Stopwatches (and more) Time Petri Nets

Time Petri Net Example: Fixed Priority Scheduling

(non-preemptive)

P0 P1 P2

P ′

0 P ′

1 P ′

2

Pe

T0[0, 0] T1[0, 0] T2[0, 0]

Tin0[2, 5] Tin1[0, 4] Tin2[1, 4]

T ′

0[1, 2] T ′

1[3, 3] T ′

2[4, 6]

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 18 / 48

Time Petri Nets with Stopwatches (and more) Time Petri Nets

TPN Example: Task Activation

Px

P1

Po

P2

P1 P1

Px

Tx [3, 3]

T1 [1, 2]

To [1, 1]

Tx [3, 3]

T1 [1, 2] T1 [1, 2]

Tx [0, 0]

(a) (b) (c)

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 19 / 48

Time Petri Nets with Stopwatches (and more) Time Petri Nets

Read Arcs and Time

P0

T0[3, 4]

T1[1, 2]

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 20 / 48

Time Petri Nets with Stopwatches (and more) Time Petri Nets

Read Arcs and Time

P0

T0[3, 4]

T1[1, 2]

Read should not be destructive:

(

M0,T0 = 0,T1 = 0

)

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 20 / 48

Time Petri Nets with Stopwatches (and more) Time Petri Nets

Read Arcs and Time

P0

T0[3, 4]

T1[1, 2]

Read should not be destructive:

(

M0,T0 = 0,T1 = 0

)

1.62−−→

(

M0,T0 = 1.62,T1 = 1.62

)

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 20 / 48

Time Petri Nets with Stopwatches (and more) Time Petri Nets

Read Arcs and Time

P0

T0[3, 4]

T1[1, 2]

Read should not be destructive:

(

M0,T0 = 0,T1 = 0

)

1.62−−→

(

M0,T0 = 1.62,T1 = 1.62

)

T0−→(

M0,T0 = 0,T1 = 0

)

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 20 / 48

Time Petri Nets with Stopwatches (and more) Time Petri Nets

Read Arcs and Time

P0 P0

T0[3, 4]

T1[1, 2]

T0[3, 4]

T1[1, 2]

6=

• •

Read should not be destructive:

(

M0,T0 = 0,T1 = 0

)

1.62−−→

(

M0,T0 = 1.62,T1 = 1.62

)

T0−→(

M0,T0 = 0,T1 = 0

)

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 20 / 48

Time Petri Nets with Stopwatches (and more) Time Petri Nets

From Read Arcs To Activator Arcs

P0 P1

P2

T0[3, 4] T1[1, 2] T2[0, 1]

• •

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 21 / 48

Time Petri Nets with Stopwatches (and more) Time Petri Nets

From Read Arcs To Activator Arcs

P0 P1

P2

T0[3, 4] T1[1, 2] T2[0, 1]

• •

Memory / No Memory:

(

M0,T0 = 0,T1 = 0

)

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 21 / 48

Time Petri Nets with Stopwatches (and more) Time Petri Nets

From Read Arcs To Activator Arcs

P0 P1

P2

T0[3, 4] T1[1, 2] T2[0, 1]

• •

Memory / No Memory:

(

M0,T0 = 0,T1 = 0

)

1.62−−→

(

M0,T0 = 1.62,T1 = 1.62

)

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 21 / 48

Time Petri Nets with Stopwatches (and more) Time Petri Nets

From Read Arcs To Activator Arcs

P0 P1

P2

T0[3, 4] T1[1, 2] T2[0, 1]

Memory / No Memory:

(

M0,T0 = 0,T1 = 0

)

1.62−−→

(

M0,T0 = 1.62,T1 = 1.62

)

T1−→ (M1,T2 = 0)

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 21 / 48

Time Petri Nets with Stopwatches (and more) Time Petri Nets

From Read Arcs To Activator Arcs

P0 P1

P2

T0[3, 4] T1[1, 2] T2[0, 1]

Memory / No Memory:

(

M0,T0 = 0,T1 = 0

)

1.62−−→

(

M0,T0 = 1.62,T1 = 1.62

)

T1−→ (M1,T2 = 0)

0.2−−→ (M1,T2 = 0.2)

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 21 / 48

Time Petri Nets with Stopwatches (and more) Time Petri Nets

From Read Arcs To Activator Arcs

P0 P1

P2

T0[3, 4] T1[1, 2] T2[0, 1]

• •

Memory / No Memory:

(

M0,T0 = 0,T1 = 0

)

1.62−−→

(

M0,T0 = 1.62,T1 = 1.62

)

T1−→ (M1,T2 = 0)

0.2−−→ (M1,T2 = 0.2)

T2−→(

M0,T0 = 0,

T1 = 0

)

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 21 / 48

Time Petri Nets with Stopwatches (and more) Time Petri Nets

From Read Arcs To Activator Arcs

P0 P1

P2

T0[3, 4] T1[1, 2] T2[0, 1]

Memory / No Memory:

(

M0,T0 = 0,T1 = 0

)

1.62−−→

(

M0,T0 = 1.62,T1 = 1.62

)

T1−→(

M1,T0 = 1.62,

T2 = 0

)

0.2−−→ (M1,T2 = 0.2)

T2−→(

M0,T0 = 0,

T1 = 0

)

0.31−−→

(

M0,T0 = 0.31,T1 = 0.31

)

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 21 / 48

Time Petri Nets with Stopwatches (and more) Time Petri Nets

From Read Arcs To Activator Arcs

P0 P1

P2

T0[3, 4] T1[1, 2] T2[0, 1]

Memory / No Memory:

(

M0,T0 = 0,T1 = 0

)

1.62−−→

(

M0,T0 = 1.62,T1 = 1.62

)

T1−→(

M1,T0 = 1.62,

T2 = 0

)

0.2−−→

(

M1,T0 = 1.62,

T2 = 0.2

)

T2−→(

M0,T0 = 0,

T1 = 0

)

0.31−−→

(

M0,T0 = 0.31,T1 = 0.31

)

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 21 / 48

Time Petri Nets with Stopwatches (and more) Time Petri Nets

From Read Arcs To Activator Arcs

P0 P1

P2

T0[3, 4] T1[1, 2] T2[0, 1]

• •

Memory / No Memory:

(

M0,T0 = 0,T1 = 0

)

1.62−−→

(

M0,T0 = 1.62,T1 = 1.62

)

T1−→(

M1,T0 = 1.62,

T2 = 0

)

0.2−−→

(

M1,T0 = 1.62,

T2 = 0.2

)

T2−→(

M0,T0 = 1.62,

T1 = 0

)

0.31−−→

(

M0,T0 = 0.31,T1 = 0.31

)

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 21 / 48

Time Petri Nets with Stopwatches (and more) Time Petri Nets

From Read Arcs To Activator Arcs

P0 P1

P2

T0[3, 4] T1[1, 2] T2[0, 1]

• •

Memory / No Memory:

(

M0,T0 = 0,T1 = 0

)

1.62−−→

(

M0,T0 = 1.62,T1 = 1.62

)

T1−→(

M1,T0 = 1.62,

T2 = 0

)

0.2−−→

(

M1,T0 = 1.62,

T2 = 0.2

)

T2−→(

M0,T0 = 1.62,

T1 = 0

)

0.31−−→

(

M0,T0 = 1.93,

T1 = 0.31

)

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 21 / 48

Time Petri Nets with Stopwatches (and more) Time Petri Nets

TPN with Stopwatches Example: Round-Robin Scheduling

P0 P1P2 P2

T0[3, 4] T1[2, 3]

Ts1[1, 1]

Ts2[1, 1]

• ••

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 22 / 48

Time Petri Nets with Stopwatches (and more) Time Petri Nets

TPN with Stopwatches Example: Round-Robin Scheduling

P0 P1P2 P2

T0[3, 4] T1[2, 3]

Ts1[1, 1]

Ts2[1, 1]

• ••

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 22 / 48

Time Petri Nets with Stopwatches (and more) Time Petri Nets

TPN with Stopwatches Example: Round-Robin Scheduling

P0 P1P2 P2

T0[3, 4] T1[2, 3]

Ts1[1, 1]

Ts2[1, 1]

• ••

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 22 / 48

Time Petri Nets with Stopwatches (and more) Time Petri Nets

Time Inhibitor Arcs: Fixed Priority Scheduling

(Preemptive)

P0 P1 P2

T0[1, 3] T1[4, 10] T2[2, 3]

Tin0[1, 3] Tin1[0, 2] Tin2[0, 1]

T0 =? T1 = 0 T2 =?

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 23 / 48

Time Petri Nets with Stopwatches (and more) Time Petri Nets

Time Inhibitor Arcs: Fixed Priority Scheduling

(Preemptive)

P0 P1 P2

T0[1, 3] T1[4, 10] T2[2, 3]

Tin0[1, 3] Tin1[0, 2] Tin2[0, 1]

T0 =? T1 = 0.22 T2 =?

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 23 / 48

Time Petri Nets with Stopwatches (and more) Time Petri Nets

Time Inhibitor Arcs: Fixed Priority Scheduling

(Preemptive)

P0 P1 P2

T0[1, 3] T1[4, 10] T2[2, 3]

Tin0[1, 3] Tin1[0, 2] Tin2[0, 1]

• •

T0 =? T1 = 0.22 T2 = 0

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 23 / 48

Time Petri Nets with Stopwatches (and more) Time Petri Nets

Time Inhibitor Arcs: Fixed Priority Scheduling

(Preemptive)

P0 P1 P2

T0[1, 3] T1[4, 10] T2[2, 3]

Tin0[1, 3] Tin1[0, 2] Tin2[0, 1]

• •

T0 =? T1 = 1.6 T2 = 0

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 23 / 48

Time Petri Nets with Stopwatches (and more) Time Petri Nets

Time Inhibitor Arcs: Fixed Priority Scheduling

(Preemptive)

P0 P1 P2

T0[1, 3] T1[4, 10] T2[2, 3]

Tin0[1, 3] Tin1[0, 2] Tin2[0, 1]

• • •

T0 = 0 T1 = 1.6 T2 = 0

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 23 / 48

Time Petri Nets with Stopwatches (and more) Time Petri Nets

Time Inhibitor Arcs: Fixed Priority Scheduling

(Preemptive)

P0 P1 P2

T0[1, 3] T1[4, 10] T2[2, 3]

Tin0[1, 3] Tin1[0, 2] Tin2[0, 1]

• • •

T0 = 1.5 T1 = 1.6 T2 = 0

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 23 / 48

Time Petri Nets with Stopwatches (and more) Time Petri Nets

Time Inhibitor Arcs: Fixed Priority Scheduling

(Preemptive)

P0 P1 P2

T0[1, 3] T1[4, 10] T2[2, 3]

Tin0[1, 3] Tin1[0, 2] Tin2[0, 1]

• •

T0 =? T1 = 1.6 T2 = 0

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 23 / 48

Time Petri Nets with Stopwatches (and more) Time Petri Nets

Time Inhibitor Arcs: Fixed Priority Scheduling

(Preemptive)

P0 P1 P2

T0[1, 3] T1[4, 10] T2[2, 3]

Tin0[1, 3] Tin1[0, 2] Tin2[0, 1]

• •

T0 =? T1 = 1.8 T2 = 0

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 23 / 48

Time Petri Nets with Stopwatches (and more) Time Petri Nets

The price of expressiveness

The reachability problem:

General case Bounded

Petri Nets decidable decidable

Petri Nets w/ Inhibitor undecidable[8] decidable

Time Petri Nets undecidable [9] decidable [1]

Stopwatch Time Petri Nets undecidable [2] undecidable[2]

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 24 / 48

Time Petri Nets with Stopwatches (and more) Scheduling Time Petri Nets

Scheduling Time Petri Nets

◮ A model in the class of Time Petri Nets w/ Stopwatches;

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 25 / 48

Time Petri Nets with Stopwatches (and more) Scheduling Time Petri Nets

Scheduling Time Petri Nets

◮ A model in the class of Time Petri Nets w/ Stopwatches;

◮ Dedicated to the modelling of preemptive scheduling policies;

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 25 / 48

Time Petri Nets with Stopwatches (and more) Scheduling Time Petri Nets

Scheduling Time Petri Nets

◮ A model in the class of Time Petri Nets w/ Stopwatches;

◮ Dedicated to the modelling of preemptive scheduling policies;

◮ Places and transitions are associated with tasks;

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 25 / 48

Time Petri Nets with Stopwatches (and more) Scheduling Time Petri Nets

Scheduling Time Petri Nets

◮ A model in the class of Time Petri Nets w/ Stopwatches;

◮ Dedicated to the modelling of preemptive scheduling policies;

◮ Places and transitions are associated with tasks;

◮ Tasks are given a processor and priority (or deadline or . . . );

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 25 / 48

Time Petri Nets with Stopwatches (and more) Scheduling Time Petri Nets

Scheduling Time Petri Nets

◮ A model in the class of Time Petri Nets w/ Stopwatches;

◮ Dedicated to the modelling of preemptive scheduling policies;

◮ Places and transitions are associated with tasks;

◮ Tasks are given a processor and priority (or deadline or . . . );

◮ Processors are given a scheduling policy.

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 25 / 48

Time Petri Nets with Stopwatches (and more) Scheduling Time Petri Nets

Scheduling Time Petri Nets

◮ A model in the class of Time Petri Nets w/ Stopwatches;

◮ Dedicated to the modelling of preemptive scheduling policies;

◮ Places and transitions are associated with tasks;

◮ Tasks are given a processor and priority (or deadline or . . . );

◮ Processors are given a scheduling policy.

◮ With the state of the net of progress rate for each transition iscomputed at each change of marking.

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 25 / 48

Time Petri Nets with Stopwatches (and more) Scheduling Time Petri Nets

Example: Fixed Priority Scehduling (Preemptive)

P0, γ = τ1 P1, γ = τ2 P2, γ = τ3

T0[1, 3] T1[4, 10] T2[2, 3]

Tin0[1, 3] Tin1[0, 2] Tin2[0, 1]

• ••

Proc(τ1) = 1Prio(τ1) = 3

Proc(τ2) = 1Prio(τ2) = 2

Proc(τ3) = 1Prio(τ3) = 1

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 26 / 48

Time Petri Nets with Stopwatches (and more) Scheduling Time Petri Nets

Example: Fixed Priority Scehduling (Preemptive)

P0, γ = τ1 P1, γ = τ2 P2, γ = τ3

T0[1, 3] T1[4, 10] T2[2, 3]

Tin0[1, 3] Tin1[0, 2] Tin2[0, 1]

• ••

Proc(τ1) = 1Prio(τ1) = 3

Proc(τ2) = 1Prio(τ2) = 2

Proc(τ3) = 1Prio(τ3) = 1

Flow(T0) = 1,Flow(T1) = 0,Flow(T2) = 0

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 26 / 48

Time Petri Nets with Stopwatches (and more) Scheduling Time Petri Nets

Example: Fixed Priority Scehduling (Preemptive)

P0, γ = τ1 P1, γ = τ2 P2, γ = τ3

T0[1, 3] T1[4, 10] T2[2, 3]

Tin0[1, 3] Tin1[0, 2] Tin2[0, 1]

• •

Proc(τ1) = 1Prio(τ1) = 3

Proc(τ2) = 1Prio(τ2) = 2

Proc(τ3) = 1Prio(τ3) = 1

Flow(T0) =?,Flow(T1) = 1,Flow(T2) = 0

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 26 / 48

Time Petri Nets with Stopwatches (and more) Scheduling Time Petri Nets

Example: Fixed Priority Scehduling (Preemptive)

P0, γ = τ1 P1, γ = τ2 P2, γ = τ3

T0[1, 3] T1[4, 10] T2[2, 3]

Tin0[1, 3] Tin1[0, 2] Tin2[0, 1]

Proc(τ1) = 1Prio(τ1) = 3

Proc(τ2) = 1Prio(τ2) = 2

Proc(τ3) = 1Prio(τ3) = 1

Flow(T0) =?,Flow(T1) =?,Flow(T2) = 1

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 26 / 48

Time Petri Nets with Stopwatches (and more) Scheduling Time Petri Nets

Example: Round-Robin

P0, γ = τ1 P1, γ = τ2 P2, γ = τ3

T0[1, 3] T1[4, 10] T2[2, 3]

Tin0[1, 3] Tin1[0, 2] Tin2[0, 1]

• ••

Proc(τ1) = 1Prio(τ1) = 1

Proc(τ2) = 1Prio(τ2) = 1

Proc(τ3) = 1Prio(τ3) = 1

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 27 / 48

Time Petri Nets with Stopwatches (and more) Scheduling Time Petri Nets

Example: Round-Robin

P0, γ = τ1 P1, γ = τ2 P2, γ = τ3

T0[1, 3] T1[4, 10] T2[2, 3]

Tin0[1, 3] Tin1[0, 2] Tin2[0, 1]

• ••

Proc(τ1) = 1Prio(τ1) = 1

Proc(τ2) = 1Prio(τ2) = 1

Proc(τ3) = 1Prio(τ3) = 1

Flow(T0) = 13 ,Flow(T1) = 1

3 ,Flow(T2) = 13

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 27 / 48

Time Petri Nets with Stopwatches (and more) Scheduling Time Petri Nets

Example: Round-Robin

P0, γ = τ1 P1, γ = τ2 P2, γ = τ3

T0[1, 3] T1[4, 10] T2[2, 3]

Tin0[1, 3] Tin1[0, 2] Tin2[0, 1]

• •

Proc(τ1) = 1Prio(τ1) = 1

Proc(τ2) = 1Prio(τ2) = 1

Proc(τ3) = 1Prio(τ3) = 1

Flow(T0) =?,Flow(T1) = 12 ,Flow(T2) = 1

2

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 27 / 48

Time Petri Nets with Stopwatches (and more) Scheduling Time Petri Nets

Example: Round-Robin

P0, γ = τ1 P1, γ = τ2 P2, γ = τ3

T0[1, 3] T1[4, 10] T2[2, 3]

Tin0[1, 3] Tin1[0, 2] Tin2[0, 1]

Proc(τ1) = 1Prio(τ1) = 1

Proc(τ2) = 1Prio(τ2) = 1

Proc(τ3) = 1Prio(τ3) = 1

Flow(T0) =?,Flow(T1) =?,Flow(T2) = 1

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 27 / 48

Time Petri Nets with Stopwatches (and more) Scheduling Time Petri Nets

Example: Round-Robin

P0, γ = τ1 P1, γ = τ2 P2, γ = τ3

T0[1, 3] T1[4, 10] T2[2, 3]

Tin0[1, 3] Tin1[0, 2] Tin2[0, 1]

Proc(τ1) = 1Prio(τ1) = 1

Proc(τ2) = 1Prio(τ2) = 1

Proc(τ3) = 1Prio(τ3) = 1

A fluid approach: minimize the number of discrete changes.

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 27 / 48

Time Petri Nets with Stopwatches (and more) Scheduling Time Petri Nets

Example: Earliest Deadline First

p1 γ = φ

p2 γ = τ1

p3 γ = τ1

p4 γ = τ2

t1 [10, 10]

t2 [1, 3]

t3 [3, 3]

t4 [2, 2]

Proc(τ1) = 1Deadline(τ1) = 10B(τ1) = {t1},E (τ1) = {t3}

Proc(τ2) = 1Deadline(τ2) = 8B(τ2) = {t2}E (τ2) = {t4}

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 28 / 48

Time Petri Nets with Stopwatches (and more) Scheduling Time Petri Nets

Example: Earliest Deadline First

p1 γ = φ

p2 γ = τ1

p3 γ = τ1

p4 γ = τ2

t1 [10, 10]

t2 [1, 3]

t3 [3, 3]

t4 [2, 2]

Proc(τ1) = 1Deadline(τ1) = 10B(τ1) = {t1},E (τ1) = {t3}

Proc(τ2) = 1Deadline(τ2) = 8B(τ2) = {t2}E (τ2) = {t4}

Flow(t1) = 1 Flow(t2) = 1 Flow(t3) =? Flow(t4) =?

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 28 / 48

Time Petri Nets with Stopwatches (and more) Scheduling Time Petri Nets

Example: Earliest Deadline First

p1 γ = φ

p2 γ = τ1

p3 γ = τ1

p4 γ = τ2

t1 [10, 10]

t2 [1, 3]

t3 [3, 3]

t4 [2, 2]

Proc(τ1) = 1Deadline(τ1) = 10B(τ1) = {t1},E (τ1) = {t3}

Proc(τ2) = 1Deadline(τ2) = 8B(τ2) = {t2}E (τ2) = {t4}

if t2 was fired before 2Flow(t1) = 1 Flow(t2) =? Flow(t3) = 0 Flow(t4) = 1if t2 was fired after 2Flow(t1) = 1 Flow(t2) =? Flow(t3) = 1 Flow(t4) = 0

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 28 / 48

Time Petri Nets with Stopwatches (and more) Scheduling Time Petri Nets

Example: Earliest Deadline First

p1 γ = φ

p2 γ = τ1

p3 γ = τ1

p4 γ = τ2

xτ1

xτ2

t1 [10, 10]

t2 [1, 3]

t3 [3, 3]

t4 [2, 2]

Dτ1 [10, 10]

Dτ2[8, 8]

Proc(τ1) = 1Deadline(τ1) = 10B(τ1) = {t1},E (τ1) = {t3}

Proc(τ2) = 1Deadline(τ2) = 8B(τ2) = {t2}E (τ2) = {t4}

if t2 was fired before 2Flow(t1) = 1 Flow(t2) =? Flow(t3) = 0 Flow(t4) = 1if t2 was fired after 2Flow(t1) = 1 Flow(t2) =? Flow(t3) = 1 Flow(t4) = 0

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 28 / 48

Time Petri Nets with Stopwatches (and more) Scheduling Time Petri Nets

Example: Earliest Deadline First

p1 γ = φ

p2 γ = τ1

p3 γ = τ1

p4 γ = τ2

xτ1

xτ2

t1 [10, 10]

t2 [1, 3]

t3 [3, 3]

t4 [2, 2]

Dτ1 [10, 10]

Dτ2[8, 8]

Proc(τ1) = 1Deadline(τ1) = 10B(τ1) = {t1},E (τ1) = {t3}

Proc(τ2) = 1Deadline(τ2) = 8B(τ2) = {t2}E (τ2) = {t4}

if Dτ2≤ Dτ1

Flow(t1) = 1 Flow(t2) =? Flow(t3) = 0 Flow(t4) = 1if Dτ1

< Dτ2

Flow(t1) = 1 Flow(t2) =? Flow(t3) = 1 Flow(t4) = 0Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 28 / 48

Abstractions for Scheduling-TPNs

Plan I

Introduction

Time Petri Nets with Stopwatches (and more)

Abstractions for Scheduling-TPNsThe State Class GraphPolyhedra On Demand!

Verifying properties

Conclusion and Future Work

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 29 / 48

Abstractions for Scheduling-TPNs

Abstractions

◮ Infinite state-space ⇒ Abstractions

◮ TPNs: Zone-based simulation graph [5]

◮ TPNs: State class graph [1]

◮ TPNs w/ stopwatches (IHTPNs,. . . ): State class graph [10, 11, 3]

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 30 / 48

Abstractions for Scheduling-TPNs The State Class Graph

Basic Algorithm

beginPassed = ∅Waiting = {C0}while Waiting 6= ∅

C = pop(Waiting)Passed = Passed ∪ Cfor t firable from C

C ′ = AbstractSuccessor(C, t)if C ′ 6∈ PassedWaiting = Waiting ∪ C ′

end ifend for

end whileend

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 31 / 48

Abstractions for Scheduling-TPNs The State Class Graph

State Class

C =

01021

,

TPNs: Zone (encoded by a Difference Bound Matrix (DBM) [dij ]i ,j∈[0..n]):{

−d0i ≤ θi−0 ≤ di0,

θi − θj ≤ dij

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 32 / 48

Abstractions for Scheduling-TPNs The State Class Graph

State Class

C =

01021

,

SwTPNs: General polyhedron: AΘ ≤ B

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 32 / 48

Abstractions for Scheduling-TPNs The State Class Graph

Over-approximation

C =

01021

,

Over-approximation using the smallest englobing zone

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 33 / 48

Abstractions for Scheduling-TPNs The State Class Graph

Over-approximation

C =

01021

,

Over-approximation using the smallest englobing zone

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 33 / 48

Abstractions for Scheduling-TPNs The State Class Graph

Computing the state class graph (normal)

Let C = (M,D) and D = (A.Θ ≤ B). We fire tf .

◮ M ′ = M − •tf + tf•

◮ D ′ is computed by:◮ for all enabled transitions ti s.t. Flow(ti) 6= 0, constrain by θf ≤ θi

◮ for all enabled transitions ti s.t. Flow(ti) 6= 0, θ′i = θi − θf

◮ eliminate variables for disabled transitions (e.g. using Fourier-Motzkinmethod [4])

◮ add new variables for newly enabled transitions ti :

α(ti ) ≤ θi ≤ β(ti )

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 34 / 48

Abstractions for Scheduling-TPNs The State Class Graph

Computing the state class graph (round-robin)

Let C = (M,D) and D = (A.Θ ≤ B). We fire tf .

◮ M ′ = M − •tf + tf•

◮ D ′ is computed by:◮ for all enabled transitions ti s.t. Flow(ti) 6= 0, constrain by θf ≤ θi

◮ for all enabled transitions ti s.t. Flow(ti) 6= 0, θ′i = θi −Flow(tj)Flow(tf )

θf

◮ eliminate variables for disabled transitions (e.g. using Fourier-Motzkinmethod [4])

◮ add new variables for newly enabled transitions ti :

α(ti ) ≤ θi ≤ β(ti )

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 35 / 48

Abstractions for Scheduling-TPNs The State Class Graph

Computing the state class graph (earliest deadline first)

Let C = (M,D) and D = (A.Θ ≤ B). We fire tf .

◮ M ′ = M − •tf + tf•

◮ D ′ is computed by:◮ for all enabled transitions ti s.t. Flow(ti) 6= 0, constrain by θf ≤ θi

◮ for all enabled transitions ti s.t. Flow(ti) 6= 0, θ′i = θi − θf

◮ eliminate variables for disabled transitions (e.g. using Fourier-Motzkinmethod [4])

◮ add new variables for newly enabled transitions ti :

α(ti ) ≤ θi ≤ β(ti )

◮ partition D with Dτ ≤ Dτ′ and Dτ > Dτ

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 36 / 48

Abstractions for Scheduling-TPNs The State Class Graph

Example

P1 P2

P3P4

t1 [4, 5] t2 [1, 1]

t3 [1, 2]t4 [2, 4]

• •

C0

C1

C2 C3

C4 C5

C6

T2

T3 T4

T4 T3

T1

T1

4 ≤ θ1 ≤ 5θ2 = 12 ≤ θ4 ≤ 4

3 ≤ θ1 ≤ 41 ≤ θ3 ≤ 21 ≤ θ4 ≤ 3

. . .

3 ≤ θ1

0 ≤ θ3 ≤ 1θ1 + θ3 ≤ 5

. . . . . .

. . .

{P1, P2, P4}

{P2, P3, P4}

{P1, P4} {P1, P3}

{P1} {P1}

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 37 / 48

Abstractions for Scheduling-TPNs Polyhedra On Demand!

The Way of the Middle (1/2)

For IHTPNs:

◮ The polyhedron in the initial state class is always a zone.

◮ The successor of a non-zone polyhedron might be a zone

◮ The successor of a zone might not be a zone

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 38 / 48

Abstractions for Scheduling-TPNs Polyhedra On Demand!

The Way of the Middle (1/2)

For IHTPNs:

◮ The polyhedron in the initial state class is always a zone.

◮ The successor of a non-zone polyhedron might be a zone

◮ The successor of a zone might not be a zone

We want to start to compute with zones and fall back to generalpolyhedra when needed (and return to zones asap).

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 38 / 48

Abstractions for Scheduling-TPNs Polyhedra On Demand!

The Way of the Middle (1/2)

For IHTPNs:

◮ The polyhedron in the initial state class is always a zone.

◮ The successor of a non-zone polyhedron might be a zone(easy to check: O(n2))

◮ The successor of a zone might not be a zone(not so easy to check)

We want to start to compute with zones and fall back to generalpolyhedra when needed (and return to zones asap).

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 38 / 48

Abstractions for Scheduling-TPNs Polyhedra On Demand!

Abstractions: The Way of the Middle (2/2)

D = [dij ]i ,j∈[0..n] and (M ′,D ′) = AbstractSuccessor((M,D), tf ).

D ′ is not a zone iff there are at least three enabled transitions ti , tj , tk inD such that:

1. ti , tj , tk are not disabled when firing tf ;

2. Flow(ti ) 6= 0 and Flow(tk) 6= 0;

3. Flow(tj) = 0;

4. dj0 + dki > dk0 + dji or d0j − dik < d0k − dij

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 39 / 48

Abstractions for Scheduling-TPNs Polyhedra On Demand!

Abstractions: The Way of the Middle (2/2)

D = [dij ]i ,j∈[0..n] and (M ′,D ′) = AbstractSuccessor((M,D), tf ).

D ′ is not a zone iff there are at least three enabled transitions ti , tj , tk inD such that:

1. ti , tj , tk are not disabled when firing tf ;

2. Flow(ti ) 6= 0 and Flow(tk) 6= 0;

3. Flow(tj) = 0;

4. dj0 + dki > dk0 + dji or d0j − dik < d0k − dij

Complexity: O(n3)

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 39 / 48

Verifying properties

Plan I

Introduction

Time Petri Nets with Stopwatches (and more)

Abstractions for Scheduling-TPNs

Verifying propertiesObserversModel-checking

Conclusion and Future Work

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 40 / 48

Verifying properties Observers

Observing durations

p1 p3

p2 pobsp4

t1 [0, 4] t3 [5, 6]

t2 [3, 4] tobs [5, 5]t4 [0, 0]

• •

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 41 / 48

Verifying properties Observers

Observing durations

p1 p3

p2 pobsp4

t1 [0, 4] t3 [5, 6]

t2 [3, 4] tobs [5, 5]t4 [0, 0]

• •

There can be ≥ 5 t.u. between the firings of t1 and t2 iff tobs is fired.

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 41 / 48

Verifying properties Observers

Observing durations

p1 p3

p2 pobsp4

t1 [0, 4] t3 [5, 6]

t2 [3, 4] tobs [5, 5]t4 [0, 0]

• •

the max sojourn time of the token is max(M,D)∈Classes{5−min(D|tobs)}.

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 41 / 48

Verifying properties Model-checking

TCTL Model-checking

◮ Techniques for the verification of Timed Computation Tree Logic(TCTL) exist for TPNs ([6, 7]).

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 42 / 48

Verifying properties Model-checking

TCTL Model-checking

◮ Techniques for the verification of Timed Computation Tree Logic(TCTL) exist for TPNs ([6, 7]).

◮ They can be (easily) extended to work with SwTPNs.

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 42 / 48

Verifying properties Model-checking

TCTL Model-checking

◮ Techniques for the verification of Timed Computation Tree Logic(TCTL) exist for TPNs ([6, 7]).

◮ They can be (easily) extended to work with SwTPNs.

◮ One can check for instance AG (M(p2) ≥ 1)⇒ EF [0, 5](M(p2) = 0))(bounded response).

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 42 / 48

Verifying properties Model-checking

TCTL Model-checking

◮ Techniques for the verification of Timed Computation Tree Logic(TCTL) exist for TPNs ([6, 7]).

◮ They can be (easily) extended to work with SwTPNs.

◮ One can check for instance AG (M(p2) ≥ 1)⇒ EF [0, 5](M(p2) = 0))(bounded response).

◮ This is implemented ina Romeo!(http://romeo.rts-software.org)

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 42 / 48

Verifying properties Model-checking

TCTL Model-checking

◮ Techniques for the verification of Timed Computation Tree Logic(TCTL) exist for TPNs ([6, 7]).

◮ They can be (easily) extended to work with SwTPNs.

◮ One can check for instance AG (M(p2) ≥ 1)⇒ EF [0, 5](M(p2) = 0))(bounded response).

◮ This is implemented ina Romeo!(http://romeo.rts-software.org)

◮ Warning: It cannot express properties on stopwatches (responsetimes but not cumulated execution durations).

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 42 / 48

Conclusion and Future Work

Plan I

Introduction

Time Petri Nets with Stopwatches (and more)

Abstractions for Scheduling-TPNs

Verifying properties

Conclusion and Future Work

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 43 / 48

Conclusion and Future Work

Conclusion

◮ Time Petri Nets with Stopwatches (and more) are a very niceformalism for real-time systems modelling, including (preemptive)scheduling;

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 44 / 48

Conclusion and Future Work

Conclusion

◮ Time Petri Nets with Stopwatches (and more) are a very niceformalism for real-time systems modelling, including (preemptive)scheduling;

◮ Theoretical properties are not good but they are usable in practice!

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 44 / 48

Conclusion and Future Work

Conclusion

◮ Time Petri Nets with Stopwatches (and more) are a very niceformalism for real-time systems modelling, including (preemptive)scheduling;

◮ Theoretical properties are not good but they are usable in practice!

◮ Some tools exist including Romeo (IRCCyN, Nantes) and Tina

(LAAS, Toulouse).

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 44 / 48

Conclusion and Future Work

Future Work

Future work includes:

◮ Interaction with higher-level models and specifications languages;

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 45 / 48

Conclusion and Future Work

Future Work

Future work includes:

◮ Interaction with higher-level models and specifications languages;

◮ Discrete time semantics;

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 45 / 48

Conclusion and Future Work

Future Work

Future work includes:

◮ Interaction with higher-level models and specifications languages;

◮ Discrete time semantics;

◮ Parametric extensions;

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 45 / 48

Conclusion and Future Work

Future Work

Future work includes:

◮ Interaction with higher-level models and specifications languages;

◮ Discrete time semantics;

◮ Parametric extensions;

◮ Control problems.

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 45 / 48

Conclusion and Future Work

B. Berthomieu and M. Diaz.Modeling and verification of time dependent systems using time Petrinets.IEEE transactions on software engineering, 17(3):259–273, 1991.

B. Berthomieu, D. Lime, O.H. Roux, and F. Vernadat.Reachability problems and abstract state spaces for time petri netswith stopwatches.Journal of Discrete Event Dynamic Systems (jDEDS), 17(2):133–158,2007.

G. Bucci, A. Fedeli, L. Sassoli, and E. Vicario.Time state space analysis of real-time preemptive systems.IEEE transactions on software engineering, 30(2):97–111, February2004.

G.B. Dantzig.Linear programming and extensions.IEICE Transactions on Information and Systems, 1963.

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 46 / 48

Conclusion and Future Work

G. Gardey, O.H. Roux, and O.F. Roux.State space computation and analysis of time Petri nets.Theory and Practice of Logic Programming (TPLP). Special Issue onSpecification Analysis and Verification of Reactive Systems, 2005.to appear.

Guillaume Gardey.Rseaux de Petri temporels.PhD thesis, Universite de Nantes, Nantes, France, 2005.

Rachid Hadjidj and Hanifa Boucheneb.On-the-fly tctl model checking for time petri nets using state classgraphs.In Sixth International Conference on Application of Concurrency toSystem Design (ACSD’06), pages 111–122, 2006.

R. Janicki and M. Koutny.Semantics of inhibitor nets.Information and Computation, 123(1):1–15, 1995.

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 47 / 48

Conclusion and Future Work

N.D. Jones, L.H. Landweber, and Y.E. Lien.Complexity of some problems in Petri nets.Theoretical Computer Science 4, pages 277–299, 1977.

D. Lime and O.H. Roux.Expressiveness and analysis of scheduling extended time Petri nets.In 5th IFAC International Conference on Fieldbus Systems and theirApplications, (FET 2003), Aveiro, Portugal, July 2003. ElsevierScience.

O.H. Roux and D. Lime.Time Petri nets with inhibitor hyperarcs. Formal semantics and statespace computation.In Jordi Cortadella and Wolfgang Reisig, editors, The 25thInternational Conference on Application and Theory of Petri Nets,(ICATPN 2004), volume 3099 of Lecture Notes in Computer Science,pages 371–390, Bologna, Italy, June 2004. Springer-Verlag.

Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 48 / 48