- 130 Views
- Uploaded on

Download Presentation
## PowerPoint Slideshow about ' Verification of Parameterized Timed Systems' - drake-ayers

**An Image/Link below is provided (as is) to download presentation**

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript

Verification

of

Parameterized Timed Systems

Parosh Aziz Abdulla

Uppsala University

Johann Deneux

Pritha Mahata

Aletta Nylen

Outline

- Parameterized Timed Systems
- Syntactic and Semantic Variants

- with one clock
- with several clocks
- discrete time domain

Safety Properties

Fischer’s Protocol

critical section

x=0

x<1

x>1

Timed Process:

x:=0

Parameterized Network:

arbitrary size

Challenge: arbitrary rather than fixed size

Single Clock Timed Networks - TN(1)

x:=0

Timed Process:

(single clock)

x<5

Parameterized System:

State = Configuration

2.31.45.2 3.7 1.0 8.1

Single Clock Timed Networks - TN(1)

x:=0

Timed Process:

(single clock)

x<5

Parameterized System:

Initial Configurations

0

0 0

0 0 0

0 0 0 0

TN(1) :

- Unbounded number of clocks
- Cannot be modeled as timed automata

TN(1) :

- Unbounded number of clocks
- Cannot be modeled as timed automata

How to check Safety Properties ?

Equivalence on Configurations

configurations equivalent if they agree (up to cmax) on:

- colours
- integral parts of clock values
- ordering on fractional parts

3.1 4.81.5 6.25.6

3.2 4.81.6 6.45.7

Equivalence on Configurations

configurations equivalent if they agree (up to cmax) on:

- colours
- integral parts of clock values
- ordering on fractional parts

3.1 4.81.5 6.25.6

3.3 1.7 4.8

3.2 4.81.6 6.45.7

Equivalence on Configurations

configurations equivalent if they agree (up to cmax) on:

- colours
- integral parts of clock values
- ordering on fractional parts

3.1 4.81.5 6.25.6

3.3 1.7 4.8

3.11.8 4.9

3.2 4.81.6 6.45.7

section critical

x=0

x<1

x>1

x:=0

Safety Properties

3.4 8.1

- mutual exclusion:
- Bad States : # processes in critical section > 1

critical section

x=0

x<1

x>1

x:=0

Safety Properties

3.4 8.1

3.3 8.22.31.45.2 3.7

- mutual exclusion:
- Bad States : # processes in critical section > 1

Ideal = Upward closed set of configurations

critical section

x=0

x<1

x>1

x:=0

Safety Properties

3.4 8.1

3.3 8.22.31.45.2 3.7

- mutual exclusion:
- Bad States : # processes in critical section > 1

Ideal = Upward closed set of configurations

Safety = reachability of ideals

Monotonicity

ideals closed under computing Pre

Existential Zones

3.1 3.5 7.2 0.54.6

x1

x2

x3

1 x2-x1

2 x2-x3

3.1 7.24.6

minimal requirement

Existential Zone Ideal

Checking Safety Properties:

Backward Reachability Analysis

Pre

Pre

Pre

Pre

initial states

bad states

Existential Zones

Termination

Existential Zones BQO (and therefore WQO)

Termination

Existential Zones BQO (and therefore WQO)

Theorem:

Safety properties can be decided for TN(1)

Multi-Clock Timed Networks – TN(K)

x:=0

Timed Process:

y>3

(two clocks)

x<5

Parameterized Network:

Configuration

2.31.45.2 3.7 1.0 8.1

x

y

1.45.60.2 9.2 2.8 0.1

Timed Transitions

2.31.45.2 3.7 1.0 8.1

x

y

1.45.60.2 9.2 2.8 0.1

0.5

2.81.95.7 4.2 1.5 8.6

x

1.96.10.7 9.7 3.3 0.6

y

Discrete Transitions

y<5

x:=0

x>4

2.31.45.2 3.7 1.0 8.1

x

y

1.45.60.2 9.2 2.8 0.1

2.3 0.0 5.2 3.7 1.0 8.1

x

y

1.4 5.6 0.2 9.2 2.8 0.1

Checking Safety Properties:

Backward Reachability Analysis

Pre

Pre

Pre

Pre

initial states

bad states

Existential Zones

Termination no

longer guaranteed !!

x1

y1

x2

y2

x3

y3

x4

y4

x1 < x2 < x3< x4

x3

x1

x2

x3

y1 = x2

y3

y1

y2

y3

y2 = x3

y3 = x4

y4 = x1

Termination no

longer guaranteed !!

x1

y1

x2

y2

x1 < x2

y1 = x2

x1

x2

y1

y2

y2 = x1

x1

y1

x2

y2

x3

y3

x1 < x2 < x3

x1

x2

x3

y1 = x2

y1

y2

y3

y2 = x3

y3 = x1

x1

y1

x2

y2

x3

y3

Termination no

longer guaranteed !!

x1 < x2 < x3

y1 = x2

x1

x2

x3

y2 = x3

y1

y2

y3

y3 = x1

x1

y1

x2

y2

x3

y3

x4

y4

x1 < x2 < x3< x4

x3

x1

x2

x3

y1 = x2

y3

y1

y2

y3

y2 = x3

y3 = x4

y4 = x1

Termination no

longer guaranteed !!

Simulation of 2-counter machine by TN(2)

c1++

M:

c2--

c2=0?

Encoding of configurations in M:

- Timed processes:
- One models control state
- Some model c1
- Some model c2
- The rest are idle

Simulation of 2-counter machine

c1++

M:

c2--

c2=0?

Encoding of c1 :

0.1

0.7

0.9

0.3

0.5

0.9

0.1

0.3

0.5

0.7

left end

# c1=3

right end

c1--

Simulating a Decrement

q2

q1

q1

0

y=1

x=1

x:=0

y:=0

q2

idle

0.1

0.7

0.9

0.3

0.5

0.9

0.1

0.3

0.5

0.7

0.1

0.2

0.8

1.0

0.4

0.6

1.0

0.2

0.4

0.6

0.8

c1--

Simulating a Decrement

q2

q1

q1

0

y=1

x=1

x:=0

y:=0

q2

idle

0.2

0.8

1.0

0.4

0.6

1.0

0.2

0.4

0.6

0.8

0.2

0.8

0.4

0.6

1.0

0.4

0.6

0.8

c1--

Simulating a Decrement

q2

q1

q1

0

y=1

x=1

x:=0

y:=0

q2

idle

0.2

0.8

0.4

0.6

1.0

0.4

0.6

0.8

0

0.8

0.4

0.6

1.0

0.4

0.6

0.8

c1--

Simulating a Decrement

q2

q1

q1

0

y=1

x=1

x:=0

y:=0

q2

idle

0

0.8

0.4

0.6

1.0

0.4

0.6

0.8

0

0.8

0.4

0.6

0

0.4

0.6

0.8

Theorem:

Checking Safety properties undecidable for TN(2)

Discrete Timed Networks - DTN(K)

Clocks interpreted over the discrete time domain

State = Configuration

215 3 1 8

Timed Transitions

215 3 1 8

2

437 5 3 10

Exact Abstraction

cmax = 1

0

4

# processes having:

1

2

- same state
- clock value (up to cmax)

2*

3

0

3

1

0

2*

6

0

5

1

0

2*

8

Checking Safety Properties:

Backward Reachability Analysis

Pre

Pre

Pre

Pre

initial states

bad states

Minimal elements

Theorem:

Checking Safety properties decidable for DTN(K)

TPN - Parameterized Fischer

2 seconds

TPN- Parameterized Lynch-Shavit

25 minutes

Syntactic Variants

- Open timed networks: strict clock constraints
- Closed timed networks: non-strict clock

constraints

undecidable

decidable

Semantic Variants

- Robust timed networks: semantically strict clock

constraints

undecidable

Summary

- TN(1) : decidable
- TN(2) : undecidable
- DTN(K) : decidable
- TN(2) open : undecidable
- TN(K) closed : decidable
- TN(2) robust : undecidable

Future work

- Acceleration and Widening
- Forward Analysis
- Price Timed Networks
- Stochastic Variants

Download Presentation

Connecting to Server..