# XCTL (Explicit Clock Temporal Logic) - PowerPoint PPT Presentation

XCTL (Explicit Clock Temporal Logic)

1 / 28
XCTL (Explicit Clock Temporal Logic)

## XCTL (Explicit Clock Temporal Logic)

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
##### Presentation Transcript

1. XCTL(Explicit Clock Temporal Logic) Real-Time Extension for LTL

2. Qualitative properties • responsiveness: “Every stimulus p must be eventually followed by a system response q” • invariance: “The system constantly emits signal q”

3. Quantitative properties • bounded responsiveness: “Every stimulus p must be followed by a system response q within t time units” • bounded invariant: “The system emits signal q for 2 seconds”

4. Approaches to Time Quantification First order monadic logic t. p(t) s. q(s)  st  s  t+3 Current time variable: x. □((pT=x  ◊(q  T x+3)) Bounded operators: □(p  ◊[0,3]q) Freeze quantification: □x.(p  ◊y.(q  y x+3))

5. XCTL: Syntax Vocabulary: • Propositions: p, q,… • Timing elements: • Time Constants: C = {a, b, c,…} • Timing variables: V = {x, y,…} • Clock variable: T Atomic formulae • Propositions • a + x  T, a + x  c where: aNat.,{, , } Formulae: • Atomic formulae • p, pq, Op, pUq

6. Examples • Atomic time expressions: xT, Ty5, x>3 • ((p(xT)) (q(Tx5)))

7. XCTL Model & Semantics Model for a formula [P,V]*: (0,t0), (1,t1), (2,t2)… where i2P, tiInt s.t. • For all i, titi+1 • nInt j s.t. tjn. Semantics: j |= a+x  T iff a+x  tj for every  : {x} Int. j |= a+x  c iff a+x  c for every  : {x} Int. A model  satisfies a formula [P,V] iff 0 |=  for every  : V Int. * P- set of propositions, V- set of time variables in 

8. Example A model for: ((p(xT)) (q(Tx5)))

9. Railroad Crossing in XCTL: Assertions • 40 seconds minimal delay between trains. Tin  O1,39Tin Tin (x=T) O(Tin  (x40T)) • It takes a train 6 seconds to arrive at the signal. Tin  O6(AtSignal) Tin(x=T) (AtSignal(x+6=T))

10. Railroad Crossing in XCTL: Assertions • Trains exit XR within 15 to 25 seconds after passing the signal. (AtSignalTwait)  (TwaitPass)O15,25Tout ((AtSignalTwait)  (TwaitPass)x=T) (Tout (x+15T)(x+25T))

11. Railroad Crossing in XCTL: Requirements • Every train that arrives at the signal is allowed to continue beyond the signal within 10 seconds. AtSignal  O0,10(Twait) AtSignal  (x=T) (Twait  (x+10T)) • The gate is open whenever the crossing is empty for more than 10 seconds. O0,10(Tcr0)  O10(Open) (x=T)  Tcr0U(x+10=T) (Open  (x+10=T))

12. XCTL Closure CL() - is the minimal set that satisfies: • CL(), tt, O(tt)CL() • CL() CL() • UCL() , , O(U)CL() • OCL() CL() • Timing formulae (next slide)

13. Closure Timing Formulae • Let {a+x}, {c,T}, {, , } •  CL() , , CL() •  T CL()  O( T), ( T)CL() Also, the “difference table”: |CL()| <3||2

14. Example: Cl((p  (T5))) 9.        (p(T=5), 10.        O(p(T=5), 11.        T5, 12.        T5, 13.        O(T5), 14.        (T5) 15.        (T5), (T5) 16. tt, ff, Ott   1.        (p  (T5)),   2.        (p  (T5)),   3.        O(p  (T5)), 4.        p,   5.        T=5,   6.        p, 7.        (T=5),   8.        (p(T=5)),

15. Atoms A set ACL() such that: • tt, O(tt) A (guarantees infinite models) • for every CL(), A  A • for every CL(), A A or A • for every UCL(), UA A or ,O(U)A • for every CL() precisely one of , , A • TA  O(T)A • TA (T)A • The difference table w.r.t. A • The set of constraints in A, C(A), is consistent (a solution to a linear system).

16. Example: Cl((p  (T5))) Atoms

17. Timed Next Relation OA B (A,B)X  c A c B =TA =TB or TB

18. Example: Cl((p  (T5))) Atoms Atom#1 (p  (T5)), O(p  (T5)), T5, (T5) Atom#2 (p  (T5)), (p  (T5)), p, T=5, (T5) Atom#3 T5, O(T5),

19. Atom#1 Atom#2 Atom#3 Graph Construction G()(At,X) where At is the set of all atoms that contain , or are accessed from an atom that contains  via the X relation

20. SCS Classification Let C be a strongly connected sub-graph of G() • C is terminal if it has no outgoing edges. • C is self-fulfilling if every atom has a successor within C, and for every pUqA (in C) there is an atom B (in C) such that qB. • C is useless if it is terminal and not self-fulfilling.

21. Timing Relations between Atoms (A,B)X, C(A)={T1,…,Tk, L1,…,Lm}  by definition C(B)={T'1,…,T'k, L1,…,Lm} such that: • if Tj is T then T'j is T • if Tj is T then T'j is T or T • if Tj is T then T'j is T Li are of theform a+x ~ c, and Ti are of the form a+x ~ T.

22. Lemmas BW-Lemma: If u1,…,un,t' Int satisfy C(B) then there exists tt' such that u1,…,un,t satisfy C(A). FW-Lemma: If A, B belong to a self-fulfilling s.c.s. then C(A)=C(B) and all time constraints in C(A) are of the form T.

23. BW-Lemma: If u1,…,un,t' Int satisfy C(B) then thereexists tt' such that u1,…,un,t satisfy C(A). Proof • u=u1,…,un |= L1,…,LmC(A), C(B) (t’) • iTC(A)iT | i<TC(B), def. t=i(u) t=i(u)t’. for <TC(A)i- >0C(A)t>(u), sim. for >TC(A). • iTC(A), def El= { i | i<T}, let l=max(l(u)) (l if El= ) Eg={ i | i >T}, let g=min(g(u)) (g if Eg=) g-l>1C(A) g>l+1, let t=l+1  l<t<g. l<TC(A)l<TC(B)l(u)=l<t’ t t'

24. FW-Lemma: If A, B belong to a self-fulfilling s.c.s. then C(A)=C(B) and all time constraints in C(A) are of the form T. Proof AB, BA  {Li} same in A,B & <TC(A)iff <TC(B). Assume =T |>T C(A)(<T)A DC, <TD, but DA  <TC(A) !!! • From FW-Lemma: If u1,…,un,t satisfy C(A) then it is a solution forevery atom in a self-fulfilling s.c.s. that contains A.Also, u1,…,un,t' is a solution for every t't.

25. Fulfilling Paths An infinite path A0,A1,… in G() is called a fulfilling path for  if: • For every i, (Ai,Ai+1)X, • For every i, and every pUqAi, there exists some ji such that qAj. • A0

26. Fulfilling Paths and Satisfiability Theorem:  is satisfiable iff there exists a fulfilling path for  in G(). Sketch of proof: • if  is satisfiable construct the sequence: A0,A1,.. where Ai={ CL() | i |=  } Show that  is fulfilling path. - Given A0,A1,.. is fulfilling path of . define 0,1,.. s.t.: i={ pAi }. Since  is infinite there exists k s.t. all the atoms from k head are contained in a self-fulfilling SCS. Let u1,...un,tk be a solution of Ak, then trace  backwards and assign values titk (possible by BW-Lemma). Also by FW-Lemma assign k+1,k+2,.. by tk+1, tk+2,...

27. Satisfiability Checking Algorithm • Let G0=G(). • repeat with the last defined graph Gi Let C be a useless maximal SCS in Githen define Gi+1=(Wi+1,Xi+1) by:  Wi+1=Wi-C Xi+1=Xi(Wi+1Wi+1) until Gi is empty or does not contain anyuseless maximal SCS. • If there is an atom AGi such that A • then report success • else report fail. Theorem: is satisfiable iff the algorithm reports success.

28. Remarks • The algorithm does not check for complete models(time increases with at most 1 t.u.).. Hence, the Formula (x=T)  O(x+2=T) is satisfiable though it does not have a complete model. • The definition of a model does not require time to be non- negative. Hence, the formula (x=T)  O(x=-1) is satisfiable but only by a model where t00. In order to restrict models to non-negative clocks we need to augment formulae with a proper constraint p  (0T)