Verification
Download
1 / 76

Verification of Parameterized Timed Systems - PowerPoint PPT Presentation


  • 130 Views
  • Uploaded on

Verification of Parameterized Timed Systems. Parosh Aziz Abdulla Uppsala University. Johann Deneux Pritha Mahata Aletta Nylen. Outline. Parameterized Timed Systems Syntactic and Semantic Variants. with one clock with several clocks discrete time domain. Safety Properties.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Verification of Parameterized Timed Systems' - drake-ayers


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

Verification

of

Parameterized Timed Systems

Parosh Aziz Abdulla

Uppsala University

Johann Deneux

Pritha Mahata

Aletta Nylen


Outline

  • Parameterized Timed Systems

  • Syntactic and Semantic Variants

  • with one clock

  • with several clocks

  • discrete time domain

Safety Properties


Parameterized System of Timed Processes –

(Timed Networks)

x:=0

Timed Process:

x<5

Parameterized System:


Single Clock Timed Networks - TN(1)

x:=0

Timed Process:

(single clock)

x<5

Parameterized System:


Fischer’s Protocol

critical section

x=0

x<1

x>1

Timed Process:

x:=0

Parameterized Network:

arbitrary size

Challenge: arbitrary rather than fixed size


Single Clock Timed Networks - TN(1)

x:=0

Timed Process:

(single clock)

x<5

Parameterized System:

State = Configuration

2.31.45.2 3.7 1.0 8.1


Single Clock Timed Networks - TN(1)

x:=0

Timed Process:

(single clock)

x<5

Parameterized System:

Initial Configurations

0

0 0

0 0 0

0 0 0 0


Timed Transitions

2.31.45.2 3.7 0.0 8.1

0.5

2.81.95.7 4.2 0.5 8.6


Discrete Transitions

x:=0

x<5

2.31.45.2 3.7 1.0 8.1

2.31.4 0.0 3.7 1.0 8.1


TN(1) :

  • Unbounded number of clocks

  • Cannot be modeled as timed automata


TN(1) :

  • Unbounded number of clocks

  • Cannot be modeled as timed automata

How to check Safety Properties ?


Equivalence on Configurations

configurations equivalent if they agree (up to cmax) on:

  • colours

  • integral parts of clock values

  • ordering on fractional parts

3.1 4.81.5 6.25.6

3.2 4.81.6 6.45.7


Equivalence on Configurations

configurations equivalent if they agree (up to cmax) on:

  • colours

  • integral parts of clock values

  • ordering on fractional parts

3.1 4.81.5 6.25.6

3.3 1.7 4.8

3.2 4.81.6 6.45.7


Equivalence on Configurations

configurations equivalent if they agree (up to cmax) on:

  • colours

  • integral parts of clock values

  • ordering on fractional parts

3.1 4.81.5 6.25.6

3.3 1.7 4.8

3.11.8 4.9

3.2 4.81.6 6.45.7


<

Ordering on Configurations

c1 c2 iff c3 :

  • c1 c3

  • c3 c2

4.96.45.7

3.1 4.81.5 6.25.6


<

Ordering on Configurations

c1 c2 iff c3 :

  • c1 c3

  • c3 c2

4.96.45.7

4.8 6.25.6

3.1 4.81.5 6.25.6


section critical

x=0

x<1

x>1

x:=0

Safety Properties

3.4 8.1

  • mutual exclusion:

  • Bad States : # processes in critical section > 1


critical section

x=0

x<1

x>1

x:=0

Safety Properties

3.4 8.1

3.3 8.22.31.45.2 3.7

  • mutual exclusion:

  • Bad States : # processes in critical section > 1

Ideal = Upward closed set of configurations


critical section

x=0

x<1

x>1

x:=0

Safety Properties

3.4 8.1

3.3 8.22.31.45.2 3.7

  • mutual exclusion:

  • Bad States : # processes in critical section > 1

Ideal = Upward closed set of configurations

Safety = reachability of ideals


Checking Safety Properties:

Backward Reachability Analysis

initial states

bad states


Checking Safety Properties:

Backward Reachability Analysis

Pre

initial states

bad states


Checking Safety Properties:

Backward Reachability Analysis

Pre

Pre

Pre

Pre

initial states

bad states







Monotonicity

ideals closed under computing Pre


Monotonicity

ideals closed under computing Pre

I


Monotonicity

ideals closed under computing Pre

I


Monotonicity

ideals closed under computing Pre

I


Monotonicity

ideals closed under computing Pre

Pre(I)

I


Checking Safety Properties:

Backward Reachability Analysis

Pre

Pre

Pre

Pre

initial states

bad states

Ideals


Existential Zones

x1

x2

x3

1 x2-x1

2 x2-x3


Existential Zones

x1

x2

x3

1 x2-x1

2 x2-x3

3.1 7.24.6


Existential Zones

3.1 3.5 7.2 0.54.6

x1

x2

x3

1 x2-x1

2 x2-x3

3.1 7.24.6

minimal requirement


Existential Zones

3.1 3.5 7.2 0.54.6

x1

x2

x3

1 x2-x1

2 x2-x3

3.1 7.24.6

minimal requirement

Existential Zone Ideal


Existential Zones – Computing Pre

x1

x2

x3

1 x2-x1

2 x2-x3


Existential Zones – Computing Pre

x1

x2

x3

1 x2-x1

4 x

2 x

2 x2-x3

x1

x2

x4

x5

1 x2-x1

4 x4

2 x5


Checking Safety Properties:

Backward Reachability Analysis

Pre

Pre

Pre

Pre

initial states

bad states

Existential Zones


Termination

Existential Zones BQO (and therefore WQO)


Termination

Existential Zones BQO (and therefore WQO)

Theorem:

Safety properties can be decided for TN(1)


Multi-Clock Timed Networks – TN(K)

x:=0

Timed Process:

y>3

(two clocks)

x<5

Parameterized Network:

Configuration

2.31.45.2 3.7 1.0 8.1

x

y

1.45.60.2 9.2 2.8 0.1


Timed Transitions

2.31.45.2 3.7 1.0 8.1

x

y

1.45.60.2 9.2 2.8 0.1

0.5

2.81.95.7 4.2 1.5 8.6

x

1.96.10.7 9.7 3.3 0.6

y


Discrete Transitions

y<5

x:=0

x>4

2.31.45.2 3.7 1.0 8.1

x

y

1.45.60.2 9.2 2.8 0.1

2.3 0.0 5.2 3.7 1.0 8.1

x

y

1.4 5.6 0.2 9.2 2.8 0.1


x1

y1

x2

y2

1 y2 - x1

2 x2 - y1

xi and yi

belong to the same process


Checking Safety Properties:

Backward Reachability Analysis

Pre

Pre

Pre

Pre

initial states

bad states

Existential Zones


Termination no

longer guaranteed !!

x1

y1

x2

y2

x3

y3

x4

y4

x1 < x2 < x3< x4

x3

x1

x2

x3

y1 = x2

y3

y1

y2

y3

y2 = x3

y3 = x4

y4 = x1


Termination no

longer guaranteed !!

x1

y1

x2

y2

x1 < x2

y1 = x2

x1

x2

y1

y2

y2 = x1


Termination no

longer guaranteed !!

x1

y1

x2

y2

x1 < x2

y1 = x2

x1

x2

y1

y2

y2 = x1

x1

y1

x2

y2

x3

y3

x1 < x2 < x3

x1

x2

x3

y1 = x2

y1

y2

y3

y2 = x3

y3 = x1


x1

y1

x2

y2

x3

y3

Termination no

longer guaranteed !!

x1 < x2 < x3

y1 = x2

x1

x2

x3

y2 = x3

y1

y2

y3

y3 = x1

x1

y1

x2

y2

x3

y3

x4

y4

x1 < x2 < x3< x4

x3

x1

x2

x3

y1 = x2

y3

y1

y2

y3

y2 = x3

y3 = x4

y4 = x1


Termination no

longer guaranteed !!


Simulation of 2-counter machine by TN(2)

c1++

M:

c2--

c2=0?

Encoding of configurations in M:

  • Timed processes:

  • One models control state

  • Some model c1

  • Some model c2

  • The rest are idle


Simulation of 2-counter machine

c1++

M:

c2--

c2=0?

Encoding of c1 :

0.1

0.7

0.9

0.3

0.5

0.9

0.1

0.3

0.5

0.7

left end

# c1=3

right end


c1--

Simulating a Decrement

q2

q1

q1

0<x

y=1

x=1

x:=0

y:=0

q2

idle

0.1

0.7

0.9

0.3

0.5

0.9

0.1

0.3

0.5

0.7


c1--

Simulating a Decrement

q2

q1

q1

0<x

y=1

x=1

x:=0

y:=0

q2

idle

0.1

0.7

0.9

0.3

0.5

0.9

0.1

0.3

0.5

0.7

0.1

0.2

0.8

1.0

0.4

0.6

1.0

0.2

0.4

0.6

0.8


c1--

Simulating a Decrement

q2

q1

q1

0<x

y=1

x=1

x:=0

y:=0

q2

idle

0.2

0.8

1.0

0.4

0.6

1.0

0.2

0.4

0.6

0.8

0.2

0.8

0.4

0.6

1.0

0.4

0.6

0.8


c1--

Simulating a Decrement

q2

q1

q1

0<x

y=1

x=1

x:=0

y:=0

q2

idle

0.2

0.8

0.4

0.6

1.0

0.4

0.6

0.8

0

0.8

0.4

0.6

1.0

0.4

0.6

0.8


c1--

Simulating a Decrement

q2

q1

q1

0<x

y=1

x=1

x:=0

y:=0

q2

idle

0

0.8

0.4

0.6

1.0

0.4

0.6

0.8

0

0.8

0.4

0.6

0

0.4

0.6

0.8


Simulating Zero Testing

c1=0?

q1

q2

q1

x>0

y=1

x=1

y:=0

x:=0

q2

0.2

0.7

0.7

0.2

0.3

0.5

1.0

1.0

0.5

0.5

0

0

0.5


Theorem:

Checking Safety properties undecidable for TN(2)


Discrete Timed Networks - DTN(K)

Clocks interpreted over the discrete time domain

State = Configuration

215 3 1 8

Timed Transitions

215 3 1 8

2

437 5 3 10


Exact Abstraction

cmax = 1

0

4

# processes having:

1

2

  • same state

  • clock value (up to cmax)

2*

3

0

3

1

0

2*

6

0

5

1

0

2*

8


Discrete Transitions

x=1

x=0

x:=0

0

4

0

5

1

2

1

1

2*

3

2*

3

0

3

0

4

1

0

1

0

2*

6

2*

6

0

5

0

4

1

0

1

0

2*

8

2*

8


Timed Transitions

0

4

0

0

1

2

1

4

2*

3

2*

5

1

0

3

0

0

1

0

1

3

2*

6

2*

6

0

5

0

0

1

0

1

5

2*

8

2*

8


Symbolic Representation

0

4

1

2

2*

3

minimal element

0

3

1

0

2*

6

0

5

1

0

2*

8


Checking Safety Properties:

Backward Reachability Analysis

Pre

Pre

Pre

Pre

initial states

bad states

Minimal elements


Theorem:

Checking Safety properties decidable for DTN(K)





Lynch-Shavit’s Protocol

Parameterized Network:

arbitrary size



Syntactic Variants

  • Open timed networks: strict clock constraints

  • Closed timed networks: non-strict clock

    constraints

undecidable

decidable

Semantic Variants

  • Robust timed networks: semantically strict clock

    constraints

undecidable


Summary

  • TN(1) : decidable

  • TN(2) : undecidable

  • DTN(K) : decidable

  • TN(2) open : undecidable

  • TN(K) closed : decidable

  • TN(2) robust : undecidable


Future work

  • Acceleration and Widening

  • Forward Analysis

  • Price Timed Networks

  • Stochastic Variants


ad