Timed Automata VINO 2011

Size: px

Start display at page:

Download "Timed Automata VINO 2011"

Griffin Caldwell
5 years ago
Views:

1 Timed Automata VINO 2011 VeriDis Group - LORIA July 18, 2011

2 Content 1 Introduction 2 Timed Automata 3 Networks of timed automata

3 Motivation Formalism for modeling and verification of real-time systems. Introduced by Alur and Dill (1990,1994). Developed in parallel (and independently) of timed extension of process algebras. Nondeterministic finite automata + real-valued clocks.

4 Motivation Example Formalism for modeling and verification of real-time systems. Introduced by Alur and Dill (1990,1994). Developed in parallel (and independently) of timed extension of process algebras. Nondeterministic finite automata + real-valued clocks. x > 14, press Off Light Bright press, x := 0 x 14, press press

5 Clock constraints Let fix a finite set C = {x, y,... } whose elements represent the clock names. Definition (Clock constraints) The set B(C) of clock constraints over the set of clocks C is defined by the abstract syntax g, g 1, g 2 ::= x n g 1 g 2 where x C is a clock, n N and {, <, =, >, }.

6 Clock constraints Let fix a finite set C = {x, y,... } whose elements represent the clock names. Definition (Clock constraints) The set B(C) of clock constraints over the set of clocks C is defined by the abstract syntax g, g 1, g 2 ::= x n g 1 g 2 where x C is a clock, n N and {, <, =, >, }. Example x 5 0 x < 5 x > 3 y = 2

7 Clock operations Valuation v : C R 0 is a valuation function and v(x) stores the amount of time elapsed from the last time x was reset. Delay for each d R 0, the valuation v + d is called delay and defined by Reset (v + d)(x) = v(x) + d for each x C. for each r C, the valuation v[r] is called reset and defined by { 0 if x r, v[r](x) = v(x) otherwise.

8 Evaluation Definition Let g B(C) be a clock constraint for a given set of clocks C and let v : C R 0 be a clock valuation. The evaluation of clock constraints (v = g) is defined inductively on the structure of g by v = x n iff v(x) n, v = g 1 g 2 iff v = g 1 v = g 2, where x C is a clock, n N, g 1, g 2 B(C) and {, <, =, >, }.

9 Evaluation Definition Let g B(C) be a clock constraint for a given set of clocks C and let v : C R 0 be a clock valuation. The evaluation of clock constraints (v = g) is defined inductively on the structure of g by v = x n iff v(x) n, v = g 1 g 2 iff v = g 1 v = g 2, where x C is a clock, n N, g 1, g 2 B(C) and {, <, =, >, }. Example Let C = {x, y}, and v = [x = 1.2; y = 3.01] a valuation, then v = x > 1 x 2

10 Evaluation Definition Let g B(C) be a clock constraint for a given set of clocks C and let v : C R 0 be a clock valuation. The evaluation of clock constraints (v = g) is defined inductively on the structure of g by v = x n iff v(x) n, v = g 1 g 2 iff v = g 1 v = g 2, where x C is a clock, n N, g 1, g 2 B(C) and {, <, =, >, }. Example Let C = {x, y}, and v = [x = 1.2; y = 3.01] a valuation, then v = x > 0 y 3

11 Evaluation Definition Let g B(C) be a clock constraint for a given set of clocks C and let v : C R 0 be a clock valuation. The evaluation of clock constraints (v = g) is defined inductively on the structure of g by v = x n iff v(x) n, v = g 1 g 2 iff v = g 1 v = g 2, where x C is a clock, n N, g 1, g 2 B(C) and {, <, =, >, }. Example Let C = {x, y}, and v = [x = 1.2; y = 3.01] a valuation, then v = y 3 x 1

12 Clocks equivalence Definition (Clocks equivalence) Two clock constraints g 1 and g 2 are equivalent iff they are satisfied by the same valuations, that is, for each valuation v, v = g 1 v = g 2.

13 Clocks equivalence Definition (Clocks equivalence) Two clock constraints g 1 and g 2 are equivalent iff they are satisfied by the same valuations, that is, for each valuation v, v = g 1 v = g 2. Example The clock constraints x 5 x 5 and x = 5 are equivalent and the same for y 5 y 0 and y 5.

14 Interval closed constraints Definition (Interval closed constraints) A constraint g is called interval closed if, for each valuation v and non-negative real number d, it holds that v = g and v + d = g imply v + d = g for each 0 d d.

15 Interval closed constraints Definition (Interval closed constraints) A constraint g is called interval closed if, for each valuation v and non-negative real number d, it holds that v = g and v + d = g imply v + d = g for each 0 d d. Lemma Every constraint in B(C) is interval closed.

16 Content 1 Introduction 2 Timed Automata 3 Networks of timed automata

17 Timed Automata Definition (Timed Automata) A timed automaton over a finite set of clocks C and a finite set of actions Act is a quadruple where L is a finite set of locations, l 0 L is the initial location, (L, l 0, E, I), E L B(C) Act 2 C L is a finite set of edges, and I : L B(C) assigns invariants to locations.

18 Timed Automata Definition (Timed Automata) A timed automaton over a finite set of clocks C and a finite set of actions Act is a quadruple where L is a finite set of locations, l 0 L is the initial location, (L, l 0, E, I), E L B(C) Act 2 C L is a finite set of edges, and I : L B(C) assigns invariants to locations. The edge (l, g, a, r, l ) is usually written as l g,a,r l.

19 Notion of state Knowing the present location is not enough to determine which of the outgoing edges can be taken next. A pair (l, v) in a timed automaton is a valid state if v satisfies the invariant of l. Initially, the control location is l 0 and the value of each clock is 0. Transitions: We can follow an edge if it guard is satisfied by the current location, or We can delay in the current location (only if the invariant is satisfied by v + d, and as B(C) is interval closed, in all the intermediate valuations).

20 Semantics - TLTS Definition (TLTS) Let A = (L, l 0, E, I) be a timed automaton over a set of clocks C and a set of actions Act. We define the timed transition system T (A) generated by A as T (A) = (Proc, Lab, { α α Lab}), where: Proc = {(l, v) (l, v) L (C R 0 ) and v = I(l)};

21 Semantics - TLTS Definition (TLTS) Let A = (L, l 0, E, I) be a timed automaton over a set of clocks C and a set of actions Act. We define the timed transition system T (A) generated by A as T (A) = (Proc, Lab, { α α Lab}), where: Proc = {(l, v) (l, v) L (C R 0 ) and v = I(l)}; Lab = Act R 0 is the set of labels; and

22 Semantics - TLTS Definition (TLTS) Let A = (L, l 0, E, I) be a timed automaton over a set of clocks C and a set of actions Act. We define the timed transition system T (A) generated by A as T (A) = (Proc, Lab, { α α Lab}), where: Proc = {(l, v) (l, v) L (C R 0 ) and v = I(l)}; Lab = Act R 0 is the set of labels; and the transition relation is defined by a (l, v) (l, v ) if there is an edge l g,a,r l E such that v = g, v = v[r] and v = I(l ),

23 Semantics - TLTS Definition (TLTS) Let A = (L, l 0, E, I) be a timed automaton over a set of clocks C and a set of actions Act. We define the timed transition system T (A) generated by A as T (A) = (Proc, Lab, { α α Lab}), where: Proc = {(l, v) (l, v) L (C R 0 ) and v = I(l)}; Lab = Act R 0 is the set of labels; and the transition relation is defined by a (l, v) (l, v ) if there is an edge l g,a,r l E such that v = g, v = v[r] and v = I(l ), d (l, v) (l, v + d) forall d R 0 such that v = I(l) and v + d = I(l).

24 Semantics - TLTS - Example Example x 2 l 0 x 1, a, x := 0 a a 0 (l 0, [x = 0]) 0.6 (l 0, [x = 0.6]) 0.4 (l 0, [x = 1]) 0.3 (l 0, [x = 1.3]) 0.7 (l 0, [x = 2]) a Figure: A timed automaton and one timed transition system of it.

25 Constraints in guards vs. invariant Example l 0 x 1, a, x := 0 Value clock x Time elapsed

26 Constraints in guards vs. invariant Example x 1 l 0 a, x := 0 Value clock x Time elapsed

27 Timed automaton - Example Example x 5, start, {x, y} := 0 x 10 Rest x 60 y 4 Work y 1, hit, y := 0 x 40, done, x := 0

28 Timed automaton - Example Example x 5, start, {x, y} := 0 x 10 Rest x 60 y 4 Work y 1, hit, y := 0 x 40, done, x := 0 Working periods of at least 40 min and at most 60 min.

29 Timed automaton - Example Example x 5, start, {x, y} := 0 x 10 Rest x 60 y 4 Work y 1, hit, y := 0 x 40, done, x := 0 Working periods of at least 40 min and at most 60 min. Resting periods of at least 5 min and at most 10 min.

30 Timed automaton - Example Example x 5, start, {x, y} := 0 x 10 Rest x 60 y 4 Work y 1, hit, y := 0 x 40, done, x := 0 Working periods of at least 40 min and at most 60 min. Resting periods of at least 5 min and at most 10 min. During working, hit-actions are in a range of 1 to 4 min.

31 Content 1 Introduction 2 Timed Automata 3 Networks of timed automata

32 Motivation Independent components running in parallel and communication. Such systems depend also on timing features. Process algebras such as CCS and TCCS provides this. Communication with synchronization (instantaneous).

33 Motivation Example Independent components running in parallel and communication. Such systems depend also on timing features. Process algebras such as CCS and TCCS provides this. Communication with synchronization (instantaneous). x > 14, press? Off Light Bright press?, x := 0 x 14, press? press? y = 3, press!, y := 0 press!, y := 0 U U y 3

34 Formally... Let Chan be the set of channel names, N the set of ordinary action names and Act = {c! c Chan} {c? c Chan} N. Definition (Network of timed automata) Let n be a positive integer and, for each i {1,..., n}, let A i = (L i, l i 0, E i, I i ) be a timed automaton over a set of clocks C and the set of actions Act. We call the composition A = A 1 A 2 A n a network of timed automata with n parallel components.

35 Semantics - TLTS Definition (TLTS) Let A = A 1 A 2 A n, where A i = (L i, l i 0, E i, I i ) for each i {1,..., n}, be a network of timed automata over a set of clocks C and actions Act. We define the TLTS T (A) generated by the network A as T (A) = (Proc, Lab, { α α Lab}).

36 Semantics -TLTS (2) Here: Proc = {(l 1, l 2,..., l n, v) (l 1, l 2,..., l n, v) L 1 L 2 L n (C R 0 ) and v = i {1,...,n} I i(l i ), Lab = N {τ} R 0 is the set of labels, and the transition relation is defined as (l 1,..., l i,..., l n, v) a (l 1,..., l i,..., l n, v ) if a N and g,a,r there is an edge (l i l i ) E i in the ith component automaton such that v = g, v = v[r] and v = I i (l i ) k i I k (l k );

37 Semantics -TLTS (2) Here: Proc = {(l 1, l 2,..., l n, v) (l 1, l 2,..., l n, v) L 1 L 2 L n (C R 0 ) and v = i {1,...,n} I i(l i ), Lab = N {τ} R 0 is the set of labels, and the transition relation is defined as (l 1,..., l i,..., l j,..., l n, v) τ (l 1,..., l i,..., l j,..., l n, v ) if g i,α,r i i j and there are edges (l i l i ) E i and g j,β,r j (l j l j ) E j such that α and β are complementary, v = g i g j, v = v[r i r j ] and v = I i (l i) I j (l j) I k (l k ); k i,j

38 Semantics -TLTS (2) Here: Proc = {(l 1, l 2,..., l n, v) (l 1, l 2,..., l n, v) L 1 L 2 L n (C R 0 ) and v = i {1,...,n} I i(l i ), Lab = N {τ} R 0 is the set of labels, and the transition relation is defined as (l 1,..., l n, v) d (l 1,..., l n, v + d) for all d R 0 such that v + d = i {1,...,n} I i (l i ) for each real number d in the interval [0, d].

39 Semantics - TLTS - Example Example x > 14, press? Off Light Bright press?, x := 0 x 14, press? y = 3, press!, y := 0 press? press!, y := 0 U U y 3 τ (Off, U, [0; 0]) (Light, U 3, [0; 0]) (Light, U τ, [3; 3]) (Bright, U, [3; 0]) τ 3 (Off, U, [9; 3]) (Off, U, [6; 0]) (Bright, U, [6; 3]) 3 τ

40 Limitations and extensions Anomalies Time deadlock: not discrete transition is enabled and time cannot proceed. Infinitely many discrete transitions performed in a finite amount of time. Extensions Urgency: a discrete action is taken before some deadline. Invariants - may result in unnecessary deadlock. Additional predicates decorating translations. Reset to values 0, reset to the value of another clock - reachability still decidable. Allow clocks to grow at different rates - Undecidable. Weighted timed automata. 1-safe timed Petri nets.

Lecture 11: Timed Automata

Real-Time Systems Lecture 11: Timed Automata 2014-07-01 11 2014-07-01 main Dr. Bernd Westphal Albert-Ludwigs-Universität Freiburg, Germany Contents & Goals Last Lecture: DC (un)decidability This Lecture: