Download
1 / 49
540 likes | 835 Views
Timed Automata. Timed Automata Intelligent Light Control. press?. Off. Light. Bright. press?. Press?. Press?. WANT: if press is issued twice quickly then the light will get brighter ; otherwise the light is turned off. Timed Automata Intelligent Light Control. press?. X<=3.
E N D
Timed AutomataIntelligent Light Control press? Off Light Bright press? Press? Press? WANT: if press is issued twice quickly then the light will get brighter; otherwise the light is turned off.
Timed AutomataIntelligent Light Control press? X<=3 Off Light Bright X:=0 press? Press? Press? X>3 Solution: Add real-valued clock x
Timed Automata (Alur & Dill 1990) Clocks:x, y Guard Boolean combination of comp with integer bounds n Reset Action perfumed on clocks Action used for synchronization x<=5 & y>3 State (location , x=v , y=u ) where v,u are in R a Transitions x := 0 a (n , x=2.4 , y=3.1415 ) (m , x=0 , y=3.1415 ) m e(1.1) (n , x=2.4 , y=3.1415 ) (n , x=3.5 , y=4.2415 )
Timed Safety Automata = Timed Automata + Invariants (Henzinger et al, 1992) n Clocks:x, y x<=5 Transitions x<=5 & y>3 e(3.2) Location Invariants (n , x=2.4 , y=3.1415 ) a e(1.1) (n , x=2.4 , y=3.1415 ) (n , x=3.5 , y=4.2415 ) x := 0 m y<=10 g4 g1 Invariants ensure progress!! g3 g2
Timed Automata: Example guard location reset
Timed Automata: Example guard location reset
Light Switch push push click
Switch may be turned on whenever at least 2 time units has elapsed since last “turn off” Light Switch push push click
Switch may be turned on whenever at least 2 time units has elapsed since last “turn off” Light automatically switches off after 9 time units. Light Switch push push click
Semantics • clock valuations: • state: • Semantics of timed automata is a labeledtransition systemwhere • action transition • delay Transition g a r l l’
Semantics: Example push push click
Networks of Timed Automata + Integer Variables + arrays …. m1 l1 x>=2 i==3 y<=4 …………. Two-way synchronization on complementary actions. Closed Systems! a! a? x := 0 i:=i+4 l2 m2 Example transitions (l1, m1,………, x=2, y=3.5, i=3,…..) (l2,m2,……..,x=0, y=3.5, i=7,…..) (l1,m1,………,x=2.2, y=3.7, I=3,…..) tau 0.2 IfaURGENT CHANNEL
Timed Systems up lower y <= 1 y := 0 y >= 1 raise approach y <= 2 y := 0 z <= 3 down z := 0 lower raise exit z <= 1 z := 0 Timed Automata approach far near x >= 1 x <= 5 x := 0 exit enter x := 0 x > 2 in Train Gate Controller
Timed Systems up lower y <= 1 y := 0 y >= 1 raise approach y <= 2 y := 0 z <= 3 down z := 0 lower raise exit z <= 1 z := 0 Timed Automata approach far near x >= 1 x <= 5 x := 0 exit enter x := 0 x > 2 in Train Gate Controller time
Timed Systems up lower y <= 1 y := 0 y >= 1 raise approach y <= 2 y := 0 z <= 3 down z := 0 lower raise exit z <= 1 z := 0 z <= 3 Timed Automata approach far near x >= 1 x <= 5 x := 0 exit enter x := 0 x > 2 in Train Gate Controller approach time
Timed Systems up lower y <= 1 y := 0 y >= 1 raise approach y <= 2 y := 0 z <= 3 down z := 0 lower raise exit z <= 1 z := 0 y <= 1 Timed Automata approach far near x >= 1 x <= 5 x := 0 exit enter x := 0 x > 2 in Train Gate Controller approach lower time z <= 3
Timed Systems up lower y <= 1 y := 0 y >= 1 raise approach y <= 2 y := 0 z <= 3 down z := 0 lower raise exit z <= 1 z := 0 x = 2.1 y = 0.9 z = 2.1 Timed Automata approach far near x >= 1 x <= 5 x := 0 exit enter x := 0 x > 2 in Train Gate Controller approach lower enter time x > 2 x <= 5
TCTL = CTL + Time constraints over formula clocks and automata clocks “freeze operator” introduces new formula clock z E[ f U f ], A[ f U f ] - like in CTL No EX f
Derived Operators = Along any path f holds continuously until within 7 time units y becomes valid. = The property f may becomes valid within 5 time units.
Light Switch (cont) push push click
Timeliness Properties receive(m) always occurs within 5 time units after send(m) receive(m) may occur exactly 11 time units after send(m) putbox occurs periodically (exactly) every 25 time units (note: other putbox’s may occur in between)
Fischer’s ProtocolA simple MUTEX Algorithm 2 • ´ V Criticial Section Init V=1 V:=1 V=1 A1 CS1 B1 V:=2 V=2 CS2 B2 A2
Fischer’s ProtocolA simple MUTEX Algorithm 2 • ´ V Criticial Section X<1 X:=0 X>1 Init V=1 V:=1 V=1 A1 CS1 B1 Y>1 Y<1 Y:=0 V:=2 V=2 CS2 B2 A2
Paths push Example: push click
Elapsed time in path Example: s= D(s,1)=3.5, D(s,6)=3.5+9=12.5
TCTL Semantics s - (location, clock valuation) w - formula clock valuation PM(s) - set of paths from s Pos(s) - positions in s D(s,i) - elapsed time ¥ (i,d) <<(i’,d’) iff (i<j) or ((i=j) and (d<d’))
RegionsFinite partitioning of state space ”Definition” y 2 1 1 2 3 x
RegionsFinite partitioning of state space ”Definition” y 2 1 1 2 3 x max determined by timed automata (and formula)
RegionsFinite partitioning of state space Alternative to JPK Definition y 2 1 1 2 3 x max determined by timed automata (and formula)
RegionsFinite partitioning of state space Definition y 2 1 1 2 3 x An equivalence class (i.e. a region) in fact there is only a finite number of regions!!
RegionsFinite partitioning of state space Definition y 2 1 r Successor regions, Succ(r) 1 2 3 x An equivalence class (i.e. a region)
RegionsFinite partitioning of state space Definition y 2 1 THEOREM r {x}r {y}r 1 2 3 x Reset regions An equivalence class (i.e. a region) r
X<1 X:=0 X>1 V:=1 V=1 A1 CS1 B1 Y>1 Y<1 Y:=0 V:=2 V=2 CS2 B2 A2 Fischers again Untimed case Timed case Partial Region Graph A1,A2,v=1 A1,A2,v=1 x=y=0 A1,A2,v=1 0 <x=y <1 A1,A2,v=1 x=y=1 A1,A2,v=1 1 <x,y A1,B2,v=2 A1,B2,v=2 0 <x<1 y=0 A1,B2,v=2 0 <y < x<1 A1,B2,v=2 0 <y < x=1 y=0 A1,B2,v=2 0 <y<1 1 <x A1,CS2,v=2 A1,B2,v=2 1 <x,y A1,B2,v=2 y=1 1 <x B1,CS2,v=1 A1,CS2,v=2 1 <x,y CS1,CS2,v=1 No further behaviour possible!!
Reachable part of region graph Properties
Roughly speaking.... Model checking a timed automata against a TCTL-formula amounts to model checking its region graph against a CTL-formula
Problem to be solved Model Checking TCTL is PSPACE-hard
