Robust Controller Synthesis in Timed Automata

Similar documents
Robust Reachability in Timed Automata: A Game-based Approach

Timed Automata with Observers under Energy Constraints

Models for Efficient Timed Verification

Reachability-Time Games on Timed Automata (Extended Abstract)

A Survey of Partial-Observation Stochastic Parity Games

Theoretical Computer Science

Nash Equilibria in Concurrent Games with Büchi Objectives

Nash Equilibria for Reachability Objectives in Multi-player Timed Games

Laboratoire Spécification & Vérification. Language Preservation Problems in Parametric Timed Automata. Étienne André and Nicolas Markey

Synthesis of Designs from Property Specifications

Undecidability Results for Timed Automata with Silent Transitions

Liveness in L/U-Parametric Timed Automata

Antichain Algorithms for Finite Automata

Decision Problems for Additive Regular Functions

Verification of Polynomial Interrupt Timed Automata

Admissible Strategies for Synthesizing Systems

Controller Synthesis with UPPAAL-TIGA. Alexandre David Kim G. Larsen, Didier Lime, Franck Cassez, Jean-François Raskin

Games and Synthesis. Nir Piterman University of Leicester Telč, July-Autugst 2014

Lower-Bound Constrained Runs in Weighted Timed Automata

From Liveness to Promptness

Robot Games of Degree Two

models, languages, dynamics Eugene Asarin PIMS/EQINOCS Workshop on Automata Theory and Symbolic Dynamics LIAFA - University Paris Diderot and CNRS

Model Checking Real-Time Systems

Automata, Logic and Games: Theory and Application

Lecture 20: PSPACE. November 15, 2016 CS 1010 Theory of Computation

Sanjit A. Seshia EECS, UC Berkeley

Randomness for Free. 1 Introduction. Krishnendu Chatterjee 1, Laurent Doyen 2, Hugo Gimbert 3, and Thomas A. Henzinger 1

Optimal Bounds in Parametric LTL Games

Parameterized Regular Expressions and Their Languages

SOLUTION: SOLUTION: SOLUTION:

Symmetric Nash Equilibria

for System Modeling, Analysis, and Optimization

Complexity Issues in Automated Addition of Time-Bounded Liveness Properties 1

PURE NASH EQUILIBRIA IN CONCURRENT DETERMINISTIC GAMES

POLYNOMIAL SPACE QSAT. Games. Polynomial space cont d

Recent results on Timed Systems

Robust Safety of Timed Automata

When are Timed Automata Determinizable?

Time(d) Petri Net. Serge Haddad. Petri Nets 2016, June 20th LSV ENS Cachan, Université Paris-Saclay & CNRS & INRIA

Synthesis from Probabilistic Components

Measuring Permissivity in Finite Games

Contributions to timed systems and transducers

The Cost of Punctuality

Solving Partial-Information Stochastic Parity Games

Quantum Computing Lecture 8. Quantum Automata and Complexity

Synthesis weakness of standard approach. Rational Synthesis

Towards the Complexity of Controls for Timed Automata with a Small Number of Clocks

Robustness and Implementability of Timed Automata

The efficiency of identifying timed automata and the power of clocks

Advanced Automata Theory 7 Automatic Functions

Serge Haddad Mathieu Sassolas. Verification on Interrupt Timed Automata. Research Report LSV-09-16

1 Computational Problems

PS2 - Comments. University of Virginia - cs3102: Theory of Computation Spring 2010

On the determinization of timed systems

Note on winning positions on pushdown games with omega-regular winning conditions

Notes for Lecture Notes 2

Sri vidya college of engineering and technology

Context-Free Languages (Pre Lecture)

Revisiting Synthesis of GR(1) Specifications

Probabilistic Büchi Automata with non-extremal acceptance thresholds

State Explosion in Almost-Sure Probabilistic Reachability

Logic and Games SS 2009

Controller Synthesis for MTL Specifications

Alternating nonzero automata

Complexity Issues in Automated Addition of Time-Bounded Liveness Properties 1

Compilers. Lexical analysis. Yannis Smaragdakis, U. Athens (original slides by Sam

198:538 Complexity of Computation Lecture 16 Rutgers University, Spring March 2007

Efficient Model-Checking of Weighted CTL with Upper-Bound Constraints

Asynchronous Games over Tree Architectures

A Automatic Synthesis of Switching Controllers for Linear Hybrid Systems: Reachability Control

Computability and Complexity

Before we show how languages can be proven not regular, first, how would we show a language is regular?

15-251: Great Theoretical Ideas in Computer Science Lecture 7. Turing s Legacy Continues

Timed Petri Nets and Timed Automata: On the Discriminating Power of Zeno Sequences

1 More finite deterministic automata

Lecture 22: PSPACE

TCTL model-checking of Time Petri Nets

Games with Costs and Delays

CS 154, Lecture 2: Finite Automata, Closure Properties Nondeterminism,

Finite Automata. Dr. Neil T. Dantam. Fall CSCI-561, Colorado School of Mines. Dantam (Mines CSCI-561) Finite Automata Fall / 35

Finite Automata. BİL405 - Automata Theory and Formal Languages 1

SIMULATION PROBLEMS OVER ONE-COUNTER NETS

Rabin Theory and Game Automata An Introduction

The purpose here is to classify computational problems according to their complexity. For that purpose we need first to agree on a computational

Visibly Linear Dynamic Logic

Symbolic Quantitative Robustness Analysis of Timed Automata

Temporal logics and explicit-state model checking. Pierre Wolper Université de Liège

Semi-Automatic Distributed Synthesis

Strategy Logic. 1 Introduction. Krishnendu Chatterjee 1, Thomas A. Henzinger 1,2, and Nir Piterman 2

MTAT Complexity Theory October 20th-21st, Lecture 7

Real-time Synthesis is Hard!

DES. 4. Petri Nets. Introduction. Different Classes of Petri Net. Petri net properties. Analysis of Petri net models

Lecture 23 : Nondeterministic Finite Automata DRAFT Connection between Regular Expressions and Finite Automata

The Complexity of Computing the Behaviour of Lattice Automata on Infinite Trees

Trading Infinite Memory for Uniform Randomness in Timed Games

Controlling probabilistic systems under partial observation an automata and verification perspective

Finite Automata. Dr. Neil T. Dantam. Fall CSCI-561, Colorado School of Mines. Dantam (Mines CSCI-561) Finite Automata Fall / 43

Hourglass Automata. Yuki Osada, Tim French, Mark Reynolds, and Harry Smallbone

The space complexity of a standard Turing machine. The space complexity of a nondeterministic Turing machine

Transcription:

Robust Controller Synthesis in Timed Automata Ocan Sankur LSV, ENS Cachan & CNRS Joint with Patricia Bouyer, Nicolas Markey, Pierre-Alain Reynier. Ocan Sankur (ENS Cachan) Robust Control in Timed Automata February 18, 2013 1 / 22

Timed Automata and Non-determinism A timed automaton x 2, a, x := 0 x = 1, y := 0 l 0 l 1 l 2 y 2, b, y := 0 Runs y 2 1 0 0 1 2 x Ocan Sankur (ENS Cachan) Robust Control in Timed Automata February 18, 2013 2 / 22

Timed Automata and Non-determinism A timed automaton x 2, a, x := 0 x = 1, y := 0 l 0 l 1 l 2 y 2, b, y := 0 Runs y 2 1 0 0 1 2 x Ocan Sankur (ENS Cachan) Robust Control in Timed Automata February 18, 2013 2 / 22

Timed Automata and Non-determinism A timed automaton x 2, a, x := 0 x = 1, y := 0 l 0 l 1 l 2 y 2, b, y := 0 Runs y 2 1 0 0 1 2 x Ocan Sankur (ENS Cachan) Robust Control in Timed Automata February 18, 2013 2 / 22

Timed Automata and Non-determinism A timed automaton x 2, a, x := 0 x = 1, y := 0 l 0 l 1 l 2 y 2, b, y := 0 Runs y 2 1 0 0 1 2 x Ocan Sankur (ENS Cachan) Robust Control in Timed Automata February 18, 2013 2 / 22

Timed Automata and Non-determinism A timed automaton x 2, a, x := 0 x = 1, y := 0 l 0 l 1 l 2 y 2, b, y := 0 Runs y 2 1 0 0 1 2 x Ocan Sankur (ENS Cachan) Robust Control in Timed Automata February 18, 2013 2 / 22

Timed Automata and Non-determinism A timed automaton x 2, a, x := 0 x = 1, y := 0 l 0 l 1 l 2 y 2, b, y := 0 Runs y 2 1 0 0 1 2 x Ocan Sankur (ENS Cachan) Robust Control in Timed Automata February 18, 2013 2 / 22

Controller Synthesis Given a non-deterministic system, and a specification, compute a strategy to control the system. The system under the strategy is deterministic. an implementation. y 2 1 Example: at any state (l 1, x, y), delay 2 x 2 i.e. half way through the guard. 0 0 1 2 x Ocan Sankur (ENS Cachan) Robust Control in Timed Automata February 18, 2013 3 / 22

Controller Synthesis Given a non-deterministic system, and a specification, compute a strategy to control the system. The system under the strategy is deterministic. an implementation. y 2 1 Example: at any state (l 1, x, y), delay 2 x 2 i.e. half way through the guard. 0 0 1 2 x Ocan Sankur (ENS Cachan) Robust Control in Timed Automata February 18, 2013 3 / 22

Controller Synthesis Given a non-deterministic system, and a specification, compute a strategy to control the system. The system under the strategy is deterministic. an implementation. y 2 1 Example: at any state (l 1, x, y), delay 2 x 2 i.e. half way through the guard. 0 0 1 2 x Theorem [Alur & Dill 1994] Computing strategies for Büchi objectives in timed automata is PSPACE-complete. Ocan Sankur (ENS Cachan) Robust Control in Timed Automata February 18, 2013 3 / 22

Robustness in Strategies 1. However exact timings cannot be ensured in real-time systems. So the strategy ( x delay 2 x ) 2 cannot be implemented exactly. Is any strategy valid under an error interval? Ocan Sankur (ENS Cachan) Robust Control in Timed Automata February 18, 2013 4 / 22

Robustness in Strategies 1. However exact timings cannot be ensured in real-time systems. So the strategy ( x delay 2 x ) 2 cannot be implemented exactly. y In our example, one can show that x is increasing during consecutive visits to l 2, and the guard is x 2. 1 0 0 1 2 x Ocan Sankur (ENS Cachan) Robust Control in Timed Automata February 18, 2013 4 / 22

Robustness in Strategies 1. However exact timings cannot be ensured in real-time systems. So the strategy ( x delay 2 x ) 2 cannot be implemented exactly. y In our example, one can show that x is increasing during consecutive visits to l 2, and the guard is x 2. 1 0 0 1 2 x Ocan Sankur (ENS Cachan) Robust Control in Timed Automata February 18, 2013 4 / 22

Robustness in Strategies 1. However exact timings cannot be ensured in real-time systems. So the strategy ( x delay 2 x ) 2 cannot be implemented exactly. y In our example, one can show that x is increasing during consecutive visits to l 2, and the guard is x 2. 1 0 0 1 2 x Ocan Sankur (ENS Cachan) Robust Control in Timed Automata February 18, 2013 4 / 22

Robustness in Strategies 1. However exact timings cannot be ensured in real-time systems. So the strategy ( x delay 2 x ) 2 cannot be implemented exactly. y In our example, one can show that x is increasing during consecutive visits to l 2, and the guard is x 2. 1 0 0 1 2 x Ocan Sankur (ENS Cachan) Robust Control in Timed Automata February 18, 2013 4 / 22

Robustness in Strategies 1. However exact timings cannot be ensured in real-time systems. So the strategy ( x delay 2 x ) 2 cannot be implemented exactly. y In our example, one can show that x is increasing during consecutive visits to l 2, and the guard is x 2. 1 0 0 1 2 x 2. Strategies may require arbitrary precision. Required delays converge here. When x is closed to 2, no additional delay is supported. Run is theoretically infinite, but it is actually blocking. Ocan Sankur (ENS Cachan) Robust Control in Timed Automata February 18, 2013 4 / 22

Robustness in Strategies (2) Some strategies in timed automata are not realistic, and may require high precision, and can cause convergence. Goal: Develop a theory of robust strategies that tolerate error and avoid convergence. Ocan Sankur (ENS Cachan) Robust Control in Timed Automata February 18, 2013 5 / 22

Robustness in Strategies (2) (Conservative) Perturbation Game: Controller vs Environment. Given A and δ > 0, define G(A) as a game as follows. At any state (l, ν), 1 Controller chooses a delay d δ, and an edge l g,r l, such that ν + d + ɛ = g for all ɛ [ δ, δ]. Ocan Sankur (ENS Cachan) Robust Control in Timed Automata February 18, 2013 5 / 22

Robustness in Strategies (2) (Conservative) Perturbation Game: Controller vs Environment. Given A and δ > 0, define G(A) as a game as follows. At any state (l, ν), 1 Controller chooses a delay d δ, and an edge l g,r l, such that ν + d + ɛ = g for all ɛ [ δ, δ]. 2 Environment chooses ɛ [ δ, +δ], Ocan Sankur (ENS Cachan) Robust Control in Timed Automata February 18, 2013 5 / 22

Robustness in Strategies (2) (Conservative) Perturbation Game: Controller vs Environment. Given A and δ > 0, define G(A) as a game as follows. At any state (l, ν), 1 Controller chooses a delay d δ, and an edge l g,r l, such that ν + d + ɛ = g for all ɛ [ δ, δ]. 2 Environment chooses ɛ [ δ, +δ], 3 New state is (l, (ν + d + ɛ)[r 0]). Ocan Sankur (ENS Cachan) Robust Control in Timed Automata February 18, 2013 5 / 22

Robustness in Strategies (2) (Conservative) Perturbation Game: Controller vs Environment. Given A and δ > 0, define G(A) as a game as follows. At any state (l, ν), 1 Controller chooses a delay d δ, and an edge l g,r l, such that ν + d + ɛ = g for all ɛ [ δ, δ]. 2 Environment chooses ɛ [ δ, +δ], 3 New state is (l, (ν + d + ɛ)[r 0]). 1<x<2 y:=0 Ocan Sankur (ENS Cachan) Robust Control in Timed Automata February 18, 2013 5 / 22

Robustness in Strategies (2) (Conservative) Perturbation Game: Controller vs Environment. Given A and δ > 0, define G(A) as a game as follows. At any state (l, ν), 1 Controller chooses a delay d δ, and an edge l g,r l, such that ν + d + ɛ = g for all ɛ [ δ, δ]. 2 Environment chooses ɛ [ δ, +δ], 3 New state is (l, (ν + d + ɛ)[r 0]). 1<x<2 y:=0 Ocan Sankur (ENS Cachan) Robust Control in Timed Automata February 18, 2013 5 / 22

Robustness in Strategies (2) (Conservative) Perturbation Game: Controller vs Environment. Given A and δ > 0, define G(A) as a game as follows. At any state (l, ν), 1 Controller chooses a delay d δ, and an edge l g,r l, such that ν + d + ɛ = g for all ɛ [ δ, δ]. 2 Environment chooses ɛ [ δ, +δ], 3 New state is (l, (ν + d + ɛ)[r 0]). 1<x<2 y:=0 Ocan Sankur (ENS Cachan) Robust Control in Timed Automata February 18, 2013 5 / 22

Robustness in Strategies (2) (Conservative) Perturbation Game: Controller vs Environment. Given A and δ > 0, define G(A) as a game as follows. At any state (l, ν), 1 Controller chooses a delay d δ, and an edge l g,r l, such that ν + d + ɛ = g for all ɛ [ δ, δ]. 2 Environment chooses ɛ [ δ, +δ], 3 New state is (l, (ν + d + ɛ)[r 0]). 1<x<2 y:=0 Previous work: Chatterjee, Henzinger, Prabhu 2008: for fixed δ > 0. Ocan Sankur (ENS Cachan) Robust Control in Timed Automata February 18, 2013 5 / 22

Main Result: Parameterized Robust Control Parameterized robust control Given a timed automaton A, and a Büchi condition φ, decide whether for small enough δ > 0, G(A) satisfies φ. A strategy for δ is valid for all 0 < δ < δ. The problem consists in finding cycles that do not become blocked (converge). Ocan Sankur (ENS Cachan) Robust Control in Timed Automata February 18, 2013 6 / 22

Main Result: Parameterized Robust Control Parameterized robust control Given a timed automaton A, and a Büchi condition φ, decide whether for small enough δ > 0, G(A) satisfies φ. A strategy for δ is valid for all 0 < δ < δ. The problem consists in finding cycles that do not become blocked (converge). Convergence: Ocan Sankur (ENS Cachan) Robust Control in Timed Automata February 18, 2013 6 / 22

Main Result: Parameterized Robust Control Parameterized robust control Given a timed automaton A, and a Büchi condition φ, decide whether for small enough δ > 0, G(A) satisfies φ. A strategy for δ is valid for all 0 < δ < δ. The problem consists in finding cycles that do not become blocked (converge). Convergence: Environment can force the play inside a half-space. Ocan Sankur (ENS Cachan) Robust Control in Timed Automata February 18, 2013 6 / 22

Main Result: Parameterized Robust Control Parameterized robust control Given a timed automaton A, and a Büchi condition φ, decide whether for small enough δ > 0, G(A) satisfies φ. A strategy for δ is valid for all 0 < δ < δ. The problem consists in finding cycles that do not become blocked (converge). No Convergence: No such constraining half-spaces. Ocan Sankur (ENS Cachan) Robust Control in Timed Automata February 18, 2013 6 / 22

Main Result: Parameterized Robust Control Parameterized robust control Given a timed automaton A, and a Büchi condition φ, decide whether for small enough δ > 0, G(A) satisfies φ. A strategy for δ is valid for all 0 < δ < δ. The problem consists in finding cycles that do not become blocked (converge). Theorem Parameterized robust control is PSPACE-complete. Ocan Sankur (ENS Cachan) Robust Control in Timed Automata February 18, 2013 6 / 22

Main Result: Parameterized Robust Control Parameterized robust control Given a timed automaton A, and a Büchi condition φ, decide whether for small enough δ > 0, G(A) satisfies φ. A strategy for δ is valid for all 0 < δ < δ. The problem consists in finding cycles that do not become blocked (converge). Theorem Parameterized robust control is PSPACE-complete. Robustly controllable there exists a reachable forgetful cycle. If all states are accepting, then Thick timed automata are exactly those that are robustly controllable. Ocan Sankur (ENS Cachan) Robust Control in Timed Automata February 18, 2013 6 / 22

Reachability in Timed Automata Runs of timed automata can be characterized by runs visiting only the vertices of regions. given the topological closure of the guards. 2 y 1 0 1 2 x Orbit Graph The orbit graph of a cycle on regions is a graph where: - nodes are the vertices of the region. - there is an edge a b, if b is reachable from a along the path. Ocan Sankur (ENS Cachan) Robust Control in Timed Automata February 18, 2013 7 / 22

A cycle is called forgetful if it is strongly connected (Asarin & Basset 2011) Ocan Sankur (ENS Cachan) Robust Control in Timed Automata February 18, 2013 8 / 22 Orbit Graph Example x 2, a, x := 0 x = 1, y := 0 l 0 l 1 l 2 y 2, b, y := 0 2 1 y l 1 a 2 1 y l 2 2 1 y l 2 b y 2 1 l 1 2 1 y l 1 0 1 2 x 0 1 2 x 0 1 2 x 0 1 2 x 0 1 2 x

Reachability with Orbit Graphs λ 2 λ 1 ν λ 3 For any valuation ν, write ν = λ v, a convex combination of the vertices. Theorem [Puri 2000], [Asarin & Basset 2011] Given a path, and valuation λ v, λ v λ v λ is computed by distributing each λ v to its successors following a probability distribution. Ocan Sankur (ENS Cachan) Robust Control in Timed Automata February 18, 2013 9 / 22

Reachability with Orbit Graphs (1 p q)λ 1 λ 2 ν pλ 1 qλ 1 λ 3 For any valuation ν, write ν = λ v, a convex combination of the vertices. Theorem [Puri 2000], [Asarin & Basset 2011] Given a path, and valuation λ v, λ v λ v λ is computed by distributing each λ v to its successors following a probability distribution. Ocan Sankur (ENS Cachan) Robust Control in Timed Automata February 18, 2013 9 / 22

Reachability with Orbit Graphs λ 2 λ 1 ν λ 3 For any valuation ν, write ν = λ v, a convex combination of the vertices. Theorem [Puri 2000], [Asarin & Basset 2011] Given a path, and valuation λ v, λ v λ v λ is computed by distributing each λ v to its successors following a probability distribution. Ocan Sankur (ENS Cachan) Robust Control in Timed Automata February 18, 2013 9 / 22

Reachability with Orbit Graphs 2λ 2 /3 λ 1 /2 + λ 2 /3 ν λ 3 + λ 1 /2 For any valuation ν, write ν = λ v, a convex combination of the vertices. Theorem [Puri 2000], [Asarin & Basset 2011] Given a path, and valuation λ v, λ v λ v λ is computed by distributing each λ v to its successors following a probability distribution. Ocan Sankur (ENS Cachan) Robust Control in Timed Automata February 18, 2013 9 / 22

Proof 1: When There is an Accepting Forgetful Cycle Show that Controller can win. Claim: If π is a forgetful cycle, then the folded orbit graph of π n is a complete graph for some n 1. In the rest, the graph of π is complete. Ocan Sankur (ENS Cachan) Robust Control in Timed Automata February 18, 2013 10 / 22

Proof 1: When There is an Accepting Forgetful Cycle Show that Controller can win. Claim: If π is a forgetful cycle, then the folded orbit graph of π n is a complete graph for some n 1. In the rest, the graph of π is complete. Claim: If π is has a complete f.o.g., then (ν, ν ) r s, ν ν. Ocan Sankur (ENS Cachan) Robust Control in Timed Automata February 18, 2013 10 / 22

Proof 1: When There is an Accepting Forgetful Cycle Show that Controller can win. Claim: If π is a forgetful cycle, then the folded orbit graph of π n is a complete graph for some n 1. In the rest, the graph of π is complete. Claim: If π is has a complete f.o.g., then (ν, ν ) r s, ν ν. ν ν Ocan Sankur (ENS Cachan) Robust Control in Timed Automata February 18, 2013 10 / 22

Proof 1: There is an Accepting Forgetful Cycle Controller s strategy: try to come back at the middle of the region. Without perturbations, this is possible by hypothesis: Ocan Sankur (ENS Cachan) Robust Control in Timed Automata February 18, 2013 11 / 22

Proof 1: There is an Accepting Forgetful Cycle Controller s strategy: try to come back at the middle of the region. Without perturbations, this is possible by hypothesis: Ocan Sankur (ENS Cachan) Robust Control in Timed Automata February 18, 2013 11 / 22

Proof 1: There is an Accepting Forgetful Cycle Controller s strategy: try to come back at the middle of the region. Without perturbations, this is possible by hypothesis: Ocan Sankur (ENS Cachan) Robust Control in Timed Automata February 18, 2013 11 / 22

Proof 1: There is an Accepting Forgetful Cycle Controller s strategy: try to come back at the middle of the region. Without perturbations, this is possible by hypothesis: Ocan Sankur (ENS Cachan) Robust Control in Timed Automata February 18, 2013 11 / 22

Proof 1: There is an Accepting Forgetful Cycle Controller s strategy: try to come back at the middle of the region. Without perturbations, this is possible by hypothesis: Ocan Sankur (ENS Cachan) Robust Control in Timed Automata February 18, 2013 11 / 22

Proof 1: There is an Accepting Forgetful Cycle Controller s strategy: try to come back at the middle of the region. Without perturbations, this is possible by hypothesis: Ocan Sankur (ENS Cachan) Robust Control in Timed Automata February 18, 2013 11 / 22

Proof 1: There is an Accepting Forgetful Cycle Under perturbations, we need the controllable predecessors of a subset. δ Ocan Sankur (ENS Cachan) Robust Control in Timed Automata February 18, 2013 12 / 22

Proof 1: There is an Accepting Forgetful Cycle Under perturbations, we need the controllable predecessors of a subset. δ 2δ Ocan Sankur (ENS Cachan) Robust Control in Timed Automata February 18, 2013 12 / 22

Proof 1: There is an Accepting Forgetful Cycle Under perturbations, we need the controllable predecessors of a subset. 3δ δ 2δ Ocan Sankur (ENS Cachan) Robust Control in Timed Automata February 18, 2013 12 / 22

Proof 1: There is an Accepting Forgetful Cycle Under perturbations, we need the controllable predecessors of a subset. 3δ δ 2δ 2δ Ocan Sankur (ENS Cachan) Robust Control in Timed Automata February 18, 2013 12 / 22

Proof 1: There is an Accepting Forgetful Cycle Under perturbations, we need the controllable predecessors of a subset. 3δ δ 2δ 2δ Ocan Sankur (ENS Cachan) Robust Control in Timed Automata February 18, 2013 12 / 22

Proof 1: There is an Accepting Forgetful Cycle Under perturbations, we need the controllable predecessors of a subset. lδ 3δ δ kδ 2δ 2δ Each red-blue set is a shrinking of a gray zone. The shrunk DBM data structure can be used to compute / represent these sets, where computations hold for all small enough δ > 0. S., Bouyer, Markey. Shrinking Timed Automata. FSTTCS 11. Bouyer, Markey, S. Robust Reachability in Timed Automata: A Game-Based Approach. ICALP 12. Ocan Sankur (ENS Cachan) Robust Control in Timed Automata February 18, 2013 12 / 22

Case: There is an Accepting Forgetful Cycle A δ B δ Computations with shrunk DBMs hold for all δ [0, δ 0 ], for some δ 0 > 0. Here, for any δ > 0, from A δ, Controller can ensure reaching B δ. Ocan Sankur (ENS Cachan) Robust Control in Timed Automata February 18, 2013 13 / 22

Case: There is an Accepting Forgetful Cycle A δ B δ Computations with shrunk DBMs hold for all δ [0, δ 0 ], for some δ 0 > 0. Here, for any δ > 0, from A δ, Controller can ensure reaching B δ. Claim 1: For (computable) small enough δ > 0, A δ, B δ. Claim 2: For (computable) small enough δ > 0, B δ A δ. Ocan Sankur (ENS Cachan) Robust Control in Timed Automata February 18, 2013 13 / 22

Case: There is an Accepting Forgetful Cycle A δ B δ Computations with shrunk DBMs hold for all δ [0, δ 0 ], for some δ 0 > 0. Here, for any δ > 0, from A δ, Controller can ensure reaching B δ. Claim 1: For (computable) small enough δ > 0, A δ, B δ. Claim 2: For (computable) small enough δ > 0, B δ A δ. Controller ends in A δ at each iteration, so it can repeat its strategy. Controller wins! Ocan Sankur (ENS Cachan) Robust Control in Timed Automata February 18, 2013 13 / 22

Proof 2: Only Non-Forgetful Cycles Show that if all cycles are non-forgetful, Controller looses. If accepting for Büchi, then for some strategy, some cycle is repeated infinitely often. Assume there are only non-forgetful cycles. We will show a contradiction (proof idea). Ocan Sankur (ENS Cachan) Robust Control in Timed Automata February 18, 2013 14 / 22

Proof 2: Only Non-Forgetful Cycles A non-forgetful cycle always has an initial component I. Lemma [Asarin & Basset 2011] If λ v λ v, then v I λ v v I λ v. This quantitiy is nonincreasing along an infinite repetition of the cycle. Ocan Sankur (ENS Cachan) Robust Control in Timed Automata February 18, 2013 14 / 22

Proof 2: Only Non-Forgetful Cycles A non-forgetful cycle always has an initial component I. λ 2 v I λv = c λ 1 λ 3 Lemma [Asarin & Basset 2011] If λ v λ v, then v I λ v v I λ v. This quantitiy is nonincreasing along an infinite repetition of the cycle. Proof: Each λ v is the sum of the predecessors of v multiplied by a probability. Ocan Sankur (ENS Cachan) Robust Control in Timed Automata February 18, 2013 14 / 22

Proof 2: Only Non-Forgetful Cycles A non-forgetful cycle always has an initial component I. λ 2 /2 v I λv = c λ 1 /2 + λ 2 /2 λ 3 + λ 1 /2 Lemma [Asarin & Basset 2011] If λ v λ v, then v I λ v v I λ v. This quantitiy is nonincreasing along an infinite repetition of the cycle. Proof: Each λ v is the sum of the predecessors of v multiplied by a probability. Ocan Sankur (ENS Cachan) Robust Control in Timed Automata February 18, 2013 14 / 22

Case: Only Non-Forgetful Cycles Lemma Environment has a strategy to ensure, for any λ v λ v, v I λ v v I λ v ɛ. ɛ Ocan Sankur (ENS Cachan) Robust Control in Timed Automata February 18, 2013 15 / 22

Case: Only Non-Forgetful Cycles Lemma Environment has a strategy to ensure, for any λ v λ v, v I λ v v I λ v ɛ. λ 2 ɛ λ 1 ɛ λ 3 ɛ Claim 1: Environment can enforce λ v ɛ for all v. Ocan Sankur (ENS Cachan) Robust Control in Timed Automata February 18, 2013 15 / 22

Case: Only Non-Forgetful Cycles Lemma Environment has a strategy to ensure, for any λ v λ v, v I λ v v I λ v ɛ. λ 2 ɛ λ 1 ɛ λ 3 ɛ Claim 1: Environment can enforce λ v ɛ for all v. Claim 2: There exists some edge leaving I. Ocan Sankur (ENS Cachan) Robust Control in Timed Automata February 18, 2013 15 / 22

Case: Only Non-Forgetful Cycles Lemma Environment has a strategy to ensure, for any λ v λ v, v I λ v v I λ v ɛ. λ 2 ɛ λ 1 ɛ ɛ λ 3 ɛ Claim 1: Environment can enforce λ v ɛ for all v. Claim 2: There exists some edge leaving I. Claim 3: Environment can enforce edge probabilities ɛ. Ocan Sankur (ENS Cachan) Robust Control in Timed Automata February 18, 2013 15 / 22

Case: Only Non-Forgetful Cycles Lemma Environment has a strategy to ensure, for any λ v λ v, v I λ v v I λ v ɛ. λ 2 ɛ λ 1 ɛ ɛ λ 3 ɛ It follows: The sum v I is decreased by at least ɛ at each iteration. But 0 v I 1, contradiction (no infinite run along this region). Ocan Sankur (ENS Cachan) Robust Control in Timed Automata February 18, 2013 15 / 22

Algorithm Robust Controller Synthesis Algorithm Given a timed automaton A, - Guess a cycle of length at most exponential in the region automaton, - Compute the folded orbit graph (on-the-fly) and check whether it is forgetful. - Accept if it is, reject otherwise. (If there is a forgetful cycle, there is one of at most exponential length.) Once a forgetful lasso is found, one can compute the maximal δ and a winning strategy in time polynomial in the length of the lasso, using results from the shrinking papers. Ocan Sankur (ENS Cachan) Robust Control in Timed Automata February 18, 2013 16 / 22

Algorithm Robust Controller Synthesis Algorithm Given a timed automaton A, - Guess a cycle of length at most exponential in the region automaton, - Compute the folded orbit graph (on-the-fly) and check whether it is forgetful. - Accept if it is, reject otherwise. (If there is a forgetful cycle, there is one of at most exponential length.) Once a forgetful lasso is found, one can compute the maximal δ and a winning strategy in time polynomial in the length of the lasso, using results from the shrinking papers. The problem is PSPACE-complete. Same complexity as non-emptiness in the standard semantics. Ocan Sankur (ENS Cachan) Robust Control in Timed Automata February 18, 2013 16 / 22

Conclusion A Game semantics for modelling perturbations disables punctual moves, and too precise strategies. Thin timed automata do become blocking under some perturbation strategies. Robust control thickness (along accepting lassos). Winning strategies can be computed by δ-parameterized data structures. One can compute symbolically, and adjust δ later. Timed games Ocan Sankur (ENS Cachan) Robust Control in Timed Automata February 18, 2013 17 / 22

Excess-Perturbation Game Let A be a timed automaton and δ > 0. Excess Perturbation Game: Controller vs Environment. At any state (l, ν), Ocan Sankur (ENS Cachan) Robust Control in Timed Automata February 18, 2013 18 / 22

Excess-Perturbation Game Let A be a timed automaton and δ > 0. Excess Perturbation Game: Controller vs Environment. At any state (l, ν), 1 Controller chooses a delay d δ, and an edge l g,r l, such that ν + d = g, Ocan Sankur (ENS Cachan) Robust Control in Timed Automata February 18, 2013 18 / 22

Excess-Perturbation Game Let A be a timed automaton and δ > 0. Excess Perturbation Game: Controller vs Environment. At any state (l, ν), 1 Controller chooses a delay d δ, and an edge l g,r l, such that ν + d = g, 2 Environment chooses d [d δ, d + δ], (we can have d = g) Ocan Sankur (ENS Cachan) Robust Control in Timed Automata February 18, 2013 18 / 22

Excess-Perturbation Game Let A be a timed automaton and δ > 0. Excess Perturbation Game: Controller vs Environment. At any state (l, ν), 1 Controller chooses a delay d δ, and an edge l g,r l, such that ν + d = g, 2 Environment chooses d [d δ, d + δ], (we can have d = g) 3 New state is (l, (ν + d )[R 0]). Ocan Sankur (ENS Cachan) Robust Control in Timed Automata February 18, 2013 18 / 22

Excess-Perturbation Game Let A be a timed automaton and δ > 0. Excess Perturbation Game: Controller vs Environment. At any state (l, ν), 1 Controller chooses a delay d δ, and an edge l g,r l, such that ν + d = g, 2 Environment chooses d [d δ, d + δ], (we can have d = g) 3 New state is (l, (ν + d )[R 0]). For δ > 0, x=y=1 y:=0 ν 0 Ocan Sankur (ENS Cachan) Robust Control in Timed Automata February 18, 2013 18 / 22

Excess-Perturbation Game Let A be a timed automaton and δ > 0. Excess Perturbation Game: Controller vs Environment. At any state (l, ν), 1 Controller chooses a delay d δ, and an edge l g,r l, such that ν + d = g, 2 Environment chooses d [d δ, d + δ], (we can have d = g) 3 New state is (l, (ν + d )[R 0]). For δ > 0, x=y=1 y:=0 ν 0 ν 0 Ocan Sankur (ENS Cachan) Robust Control in Timed Automata February 18, 2013 18 / 22

Excess-Perturbation Game Let A be a timed automaton and δ > 0. Excess Perturbation Game: Controller vs Environment. At any state (l, ν), 1 Controller chooses a delay d δ, and an edge l g,r l, such that ν + d = g, 2 Environment chooses d [d δ, d + δ], (we can have d = g) 3 New state is (l, (ν + d )[R 0]). For δ > 0, x=y=1 y:=0 ν 0 ν 0 Ocan Sankur (ENS Cachan) Robust Control in Timed Automata February 18, 2013 18 / 22

Excess-Perturbation Game - 2 Excess Perturbation Semantics The model is often simpler: one can use equalities, not think about error intervals. A synthesized strategy takes into account additional behaviors. vs Conservative Perturbation Semantics The model already contains intervals for timing constraints. No additional behavior is expected. The problem is convergence: the synthesized strategy must ensure liveness. Pick one... Ocan Sankur (ENS Cachan) Robust Control in Timed Automata February 18, 2013 19 / 22

Reachability in Excess-Perturbation Game (Parameterized) Robust Reachability Given a timed automaton A and target location l, Does there exist δ 0 > 0, such that Controller has a strategy reaching l in the excess semantics for all δ [0, δ 0 )? Main result Robust reachability in excess semantics is EXPTIME-complete. Ocan Sankur (ENS Cachan) Robust Control in Timed Automata February 18, 2013 20 / 22

EXPTIME-hardness Usual semantics in TA can encode reachability in linearly bounded Turing machines (PSPACE-complete). Robust semantics in TA can encode reachability in alternating linearly bounded Turing machines (EXPTIME-complete). The encoding is similar as in the PSPACE-hardness proofs for TA. Alternation: simulated by the perturbating player x, y := 0 x = 1, y := 0 x = 2, y 1 x = 2, y < 1 Ocan Sankur (ENS Cachan) Robust Control in Timed Automata February 18, 2013 21 / 22

Conclusion The excess-perturbation game semantics is harder: reachability is EXPTIME-complete. NB: Convergence is not a problem for reachability (finite runs). General timed games in both semantics. Zone-based algorithms, efficient implementations. Ocan Sankur (ENS Cachan) Robust Control in Timed Automata February 18, 2013 22 / 22

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback