1 / 76

# Verification of Parameterized Timed Systems - PowerPoint PPT Presentation

Verification of Parameterized Timed Systems. Parosh Aziz Abdulla Uppsala University. Johann Deneux Pritha Mahata Aletta Nylen. Outline. Parameterized Timed Systems Syntactic and Semantic Variants. with one clock with several clocks discrete time domain. Safety Properties.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.

## PowerPoint Slideshow about ' Verification of Parameterized Timed Systems' - drake-ayers

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

of

Parameterized Timed Systems

Parosh Aziz Abdulla

Uppsala University

Johann Deneux

Pritha Mahata

Aletta Nylen

• Parameterized Timed Systems

• Syntactic and Semantic Variants

• with one clock

• with several clocks

• discrete time domain

Safety Properties

(Timed Networks)

x:=0

Timed Process:

x<5

Parameterized System:

Single Clock Timed Networks - TN(1)

x:=0

Timed Process:

(single clock)

x<5

Parameterized System:

critical section

x=0

x<1

x>1

Timed Process:

x:=0

Parameterized Network:

arbitrary size

Challenge: arbitrary rather than fixed size

Single Clock Timed Networks - TN(1)

x:=0

Timed Process:

(single clock)

x<5

Parameterized System:

State = Configuration

2.31.45.2 3.7 1.0 8.1

Single Clock Timed Networks - TN(1)

x:=0

Timed Process:

(single clock)

x<5

Parameterized System:

Initial Configurations

0

0 0

0 0 0

0 0 0 0

2.31.45.2 3.7 0.0 8.1

0.5

2.81.95.7 4.2 0.5 8.6

x:=0

x<5

2.31.45.2 3.7 1.0 8.1

2.31.4 0.0 3.7 1.0 8.1

• Unbounded number of clocks

• Cannot be modeled as timed automata

• Unbounded number of clocks

• Cannot be modeled as timed automata

How to check Safety Properties ?

Equivalence on Configurations

configurations equivalent if they agree (up to cmax) on:

• colours

• integral parts of clock values

• ordering on fractional parts

3.1 4.81.5 6.25.6

3.2 4.81.6 6.45.7

Equivalence on Configurations

configurations equivalent if they agree (up to cmax) on:

• colours

• integral parts of clock values

• ordering on fractional parts

3.1 4.81.5 6.25.6

3.3 1.7 4.8

3.2 4.81.6 6.45.7

Equivalence on Configurations

configurations equivalent if they agree (up to cmax) on:

• colours

• integral parts of clock values

• ordering on fractional parts

3.1 4.81.5 6.25.6

3.3 1.7 4.8

3.11.8 4.9

3.2 4.81.6 6.45.7

Ordering on Configurations

c1 c2 iff c3 :

• c1 c3

• c3 c2

4.96.45.7

3.1 4.81.5 6.25.6

Ordering on Configurations

c1 c2 iff c3 :

• c1 c3

• c3 c2

4.96.45.7

4.8 6.25.6

3.1 4.81.5 6.25.6

x=0

x<1

x>1

x:=0

Safety Properties

3.4 8.1

• mutual exclusion:

• Bad States : # processes in critical section > 1

x=0

x<1

x>1

x:=0

Safety Properties

3.4 8.1

3.3 8.22.31.45.2 3.7

• mutual exclusion:

• Bad States : # processes in critical section > 1

Ideal = Upward closed set of configurations

x=0

x<1

x>1

x:=0

Safety Properties

3.4 8.1

3.3 8.22.31.45.2 3.7

• mutual exclusion:

• Bad States : # processes in critical section > 1

Ideal = Upward closed set of configurations

Safety = reachability of ideals

Backward Reachability Analysis

initial states

Backward Reachability Analysis

Pre

initial states

Backward Reachability Analysis

Pre

Pre

Pre

Pre

initial states

c3

c1

c4

c2

c3

c1

c5

c4

c2

c3

c1

c5

c4

c2

c6

c3

c1

c5

c4

c2

c6

ideals closed under computing Pre

ideals closed under computing Pre

I

ideals closed under computing Pre

I

ideals closed under computing Pre

I

ideals closed under computing Pre

Pre(I)

I

Backward Reachability Analysis

Pre

Pre

Pre

Pre

initial states

Ideals

x1

x2

x3

1 x2-x1

2 x2-x3

x1

x2

x3

1 x2-x1

2 x2-x3

3.1 7.24.6

3.1 3.5 7.2 0.54.6

x1

x2

x3

1 x2-x1

2 x2-x3

3.1 7.24.6

minimal requirement

3.1 3.5 7.2 0.54.6

x1

x2

x3

1 x2-x1

2 x2-x3

3.1 7.24.6

minimal requirement

Existential Zone Ideal

x1

x2

x3

1 x2-x1

2 x2-x3

x1

x2

x3

1 x2-x1

4 x

2 x

2 x2-x3

x1

x2

x4

x5

1 x2-x1

4 x4

2 x5

Backward Reachability Analysis

Pre

Pre

Pre

Pre

initial states

Existential Zones

Existential Zones BQO (and therefore WQO)

Existential Zones BQO (and therefore WQO)

Theorem:

Safety properties can be decided for TN(1)

x:=0

Timed Process:

y>3

(two clocks)

x<5

Parameterized Network:

Configuration

2.31.45.2 3.7 1.0 8.1

x

y

1.45.60.2 9.2 2.8 0.1

2.31.45.2 3.7 1.0 8.1

x

y

1.45.60.2 9.2 2.8 0.1

0.5

2.81.95.7 4.2 1.5 8.6

x

1.96.10.7 9.7 3.3 0.6

y

y<5

x:=0

x>4

2.31.45.2 3.7 1.0 8.1

x

y

1.45.60.2 9.2 2.8 0.1

2.3 0.0 5.2 3.7 1.0 8.1

x

y

1.4 5.6 0.2 9.2 2.8 0.1

x1

y1

x2

y2

1 y2 - x1

2 x2 - y1

xi and yi

belong to the same process

Backward Reachability Analysis

Pre

Pre

Pre

Pre

initial states

Existential Zones

longer guaranteed !!

x1

y1

x2

y2

x3

y3

x4

y4

x1 < x2 < x3< x4

x3

x1

x2

x3

y1 = x2

y3

y1

y2

y3

y2 = x3

y3 = x4

y4 = x1

longer guaranteed !!

x1

y1

x2

y2

x1 < x2

y1 = x2

x1

x2

y1

y2

y2 = x1

longer guaranteed !!

x1

y1

x2

y2

x1 < x2

y1 = x2

x1

x2

y1

y2

y2 = x1

x1

y1

x2

y2

x3

y3

x1 < x2 < x3

x1

x2

x3

y1 = x2

y1

y2

y3

y2 = x3

y3 = x1

x1

y1

x2

y2

x3

y3

Termination no

longer guaranteed !!

x1 < x2 < x3

y1 = x2

x1

x2

x3

y2 = x3

y1

y2

y3

y3 = x1

x1

y1

x2

y2

x3

y3

x4

y4

x1 < x2 < x3< x4

x3

x1

x2

x3

y1 = x2

y3

y1

y2

y3

y2 = x3

y3 = x4

y4 = x1

longer guaranteed !!

Simulation of 2-counter machine by TN(2)

c1++

M:

c2--

c2=0?

Encoding of configurations in M:

• Timed processes:

• One models control state

• Some model c1

• Some model c2

• The rest are idle

c1++

M:

c2--

c2=0?

Encoding of c1 :

0.1

0.7

0.9

0.3

0.5

0.9

0.1

0.3

0.5

0.7

left end

# c1=3

right end

c1--

Simulating a Decrement

q2

q1

q1

0<x

y=1

x=1

x:=0

y:=0

q2

idle

0.1

0.7

0.9

0.3

0.5

0.9

0.1

0.3

0.5

0.7

c1--

Simulating a Decrement

q2

q1

q1

0<x

y=1

x=1

x:=0

y:=0

q2

idle

0.1

0.7

0.9

0.3

0.5

0.9

0.1

0.3

0.5

0.7

0.1

0.2

0.8

1.0

0.4

0.6

1.0

0.2

0.4

0.6

0.8

c1--

Simulating a Decrement

q2

q1

q1

0<x

y=1

x=1

x:=0

y:=0

q2

idle

0.2

0.8

1.0

0.4

0.6

1.0

0.2

0.4

0.6

0.8

0.2

0.8

0.4

0.6

1.0

0.4

0.6

0.8

c1--

Simulating a Decrement

q2

q1

q1

0<x

y=1

x=1

x:=0

y:=0

q2

idle

0.2

0.8

0.4

0.6

1.0

0.4

0.6

0.8

0

0.8

0.4

0.6

1.0

0.4

0.6

0.8

c1--

Simulating a Decrement

q2

q1

q1

0<x

y=1

x=1

x:=0

y:=0

q2

idle

0

0.8

0.4

0.6

1.0

0.4

0.6

0.8

0

0.8

0.4

0.6

0

0.4

0.6

0.8

c1=0?

q1

q2

q1

x>0

y=1

x=1

y:=0

x:=0

q2

0.2

0.7

0.7

0.2

0.3

0.5

1.0

1.0

0.5

0.5

0

0

0.5

Checking Safety properties undecidable for TN(2)

Clocks interpreted over the discrete time domain

State = Configuration

215 3 1 8

Timed Transitions

215 3 1 8

2

437 5 3 10

cmax = 1

0

4

# processes having:

1

2

• same state

• clock value (up to cmax)

2*

3

0

3

1

0

2*

6

0

5

1

0

2*

8

x=1

x=0

x:=0

0

4

0

5

1

2

1

1

2*

3

2*

3

0

3

0

4

1

0

1

0

2*

6

2*

6

0

5

0

4

1

0

1

0

2*

8

2*

8

0

4

0

0

1

2

1

4

2*

3

2*

5

1

0

3

0

0

1

0

1

3

2*

6

2*

6

0

5

0

0

1

0

1

5

2*

8

2*

8

0

4

1

2

2*

3

minimal element

0

3

1

0

2*

6

0

5

1

0

2*

8

Backward Reachability Analysis

Pre

Pre

Pre

Pre

initial states

Minimal elements

Checking Safety properties decidable for DTN(K)

2 seconds

Parameterized Network:

arbitrary size

25 minutes

• Open timed networks: strict clock constraints

• Closed timed networks: non-strict clock

constraints

undecidable

decidable

Semantic Variants

• Robust timed networks: semantically strict clock

constraints

undecidable

• TN(1) : decidable

• TN(2) : undecidable

• DTN(K) : decidable

• TN(2) open : undecidable

• TN(K) closed : decidable

• TN(2) robust : undecidable

• Acceleration and Widening

• Forward Analysis

• Price Timed Networks

• Stochastic Variants