SPECIFICATION MODELS. Chapter 3. Overview. Introducing Hierarchy. StateCharts

Similar documents
DES. 4. Petri Nets. Introduction. Different Classes of Petri Net. Petri net properties. Analysis of Petri net models

7. Queueing Systems. 8. Petri nets vs. State Automata

Embedded Systems 2. REVIEW: Actor models. A system is a function that accepts an input signal and yields an output signal.

Specification models and their analysis Petri Nets

Analysis and Optimization of Discrete Event Systems using Petri Nets

Embedded systems specification and design

Discrete Event Systems Exam

Business Processes Modelling MPB (6 cfu, 295AA)

Methods for the specification and verification of business processes MPB (6 cfu, 295AA)

Methods for the specification and verification of business processes MPB (6 cfu, 295AA)

Simulation of Spiking Neural P Systems using Pnet Lab

Time and Timed Petri Nets

Industrial Automation (Automação de Processos Industriais)

c 2011 Nisha Somnath

Embedded Systems 6 REVIEW. Place/transition nets. defaults: K = ω W = 1

The State Explosion Problem

Time(d) Petri Net. Serge Haddad. Petri Nets 2016, June 20th LSV ENS Cachan, Université Paris-Saclay & CNRS & INRIA

State modeling. Marlon Dumas. Institute of Computer Science

Finite-State Model Checking

2. Elements of the Theory of Computation, Lewis and Papadimitrou,

MPRI 1-22 Introduction to Verification January 4, TD 6: Petri Nets

A Review of Petri Net Modeling of Dynamical Systems

Decision Problems with TM s. Lecture 31: Halting Problem. Universe of discourse. Semi-decidable. Look at following sets: CSCI 81 Spring, 2012

Alan Bundy. Automated Reasoning LTL Model Checking

Petri Nets (for Planners)

Timed Automata VINO 2011

Automatic Synthesis of Distributed Protocols

Elementary Siphons of Petri Nets and Deadlock Control in FMS

Methods for the specification and verification of business processes MPB (6 cfu, 295AA)

Design and Analysis of Distributed Interacting Systems

Automata-based Verification - III

Overview. Discrete Event Systems Verification of Finite Automata. What can finite automata be used for? What can finite automata be used for?

Time Petri Nets. Miriam Zia School of Computer Science McGill University

Automata-based Verification - III

Let us first give some intuitive idea about a state of a system and state transitions before describing finite automata.

Property Checking of Safety- Critical Systems Mathematical Foundations and Concrete Algorithms

Logic Model Checking

Discrete Dynamics Finite State Machines גרא וייס המחלקה למדעי המחשב אוניברסיטת בן-גוריון

Automata Theory (2A) Young Won Lim 5/31/18

Uses of finite automata

Computer-Aided Program Design

Sleptsov Net Computing


Introduction to Temporal Logic. The purpose of temporal logics is to specify properties of dynamic systems. These can be either

Classes and conversions

Complexity. Complexity Theory Lecture 3. Decidability and Complexity. Complexity Classes

Models of Concurrency

Artificial Intelligence Chapter 7: Logical Agents

fakultät für informatik informatik 12 technische universität dortmund Petri nets Peter Marwedel Informatik 12 TU Dortmund Germany

TESTING is one of the most important parts of the

Linear Temporal Logic and Büchi Automata

Communication in Petri nets

Further discussion of Turing machines

Automata, Logic and Games: Theory and Application

Decidability and Undecidability

Timo Latvala. March 7, 2004

From Liveness to Promptness

Working with combinational logic

Computation Tree Logic (CTL) & Basic Model Checking Algorithms

Petri nets. s 1 s 2. s 3 s 4. directed arcs.

Embedded Systems 5. Synchronous Composition. Lee/Seshia Section 6.2

UNIT-I. Strings, Alphabets, Language and Operations

CS256/Spring 2008 Lecture #11 Zohar Manna. Beyond Temporal Logics

Abstractions and Decision Procedures for Effective Software Model Checking

Johns Hopkins Math Tournament Proof Round: Automata

Introduction to Computers & Programming

Embedded Systems Development

Reduction Rules for Reset/Inhibitor Nets

Parsing. Context-Free Grammars (CFG) Laura Kallmeyer. Winter 2017/18. Heinrich-Heine-Universität Düsseldorf 1 / 26

Theoretical Computer Science

Introduction to Turing Machines

3 Net Models of Distributed Systems and Workflows

Semantic Equivalences and the. Verification of Infinite-State Systems 1 c 2004 Richard Mayr

Equivalence of Regular Expressions and FSMs

NONBLOCKING CONTROL OF PETRI NETS USING UNFOLDING. Alessandro Giua Xiaolan Xie

Recap DFA,NFA, DTM. Slides by Prof. Debasis Mitra, FIT.

EECS 144/244: Fundamental Algorithms for System Modeling, Analysis, and Optimization

Model checking the basic modalities of CTL with Description Logic

Control Synthesis of Discrete Manufacturing Systems using Timed Finite Automata

Automata-Theoretic Model Checking of Reactive Systems

The STATEMATE Semantics of Statecharts. Presentation by: John Finn October 5, by David Harel

MA/CSSE 474 Theory of Computation

Georg Frey ANALYSIS OF PETRI NET BASED CONTROL ALGORITHMS

Chapter 4: Computation tree logic

Algorithmic verification

Logical agents. Chapter 7. Chapter 7 1

POLYNOMIAL SPACE QSAT. Games. Polynomial space cont d

Computability and Complexity

Automata Theory, Computability and Complexity

Timed Automata. Semantics, Algorithms and Tools. Zhou Huaiyang

CS 373: Theory of Computation. Fall 2010

Section 6 Fault-Tolerant Consensus

Sanjit A. Seshia EECS, UC Berkeley

Intelligent Agents. Pınar Yolum Utrecht University

Logical Agent & Propositional Logic

CSE 311 Lecture 23: Finite State Machines. Emina Torlak and Kevin Zatloukal

Chapter Two: Finite Automata

Model Checking for Propositions CS477 Formal Software Dev Methods

Chapter 3: Linear temporal logic

Automata & languages. A primer on the Theory of Computation. Laurent Vanbever. ETH Zürich (D-ITET) October,

Transcription:

hapter SPEIFITION MOELS Overview Stateharts Hierarchy oncurrency Events and ctions Simulation Semantics Non-eterminism and onflicts Petri Nets Notation oncurrency Petri Net Languages ehavioral Properties nalysis Roger Wattenhofer ETH Zurich istributed omputing www.disco.ethz.ch / Stateharts Introducing Hierarchy eficits of finite automata for modeling: Only one sequential process, no concurrency No hierarchical structuring capabilities Extension Statecharts: Model of avid Harel [987] Stateharts introduces hierarchy, concurrency and computation Model is used in many tools for the specification, analysis and simulation of discrete event systems, e.g. Matlab-Stateflow, UML, Rhapsody, Magnum omplicated semantics: We will only cover some basic mechanisms. f g h i j E m F S f g h i j E FSM is in exactly one of the sub states of S if S is active (either in xor xor ) super-state sub states m F / /

ey-off ey-on efinitions Introducing oncurrency super-state S is called OR-super-state, if exactly one of its sub states is active when S is active. S f g h i j E m F equivalent S f g h i j E urrent states of FSMs are called active states States which are not composed of other states are called basic States containing other states are called super states For each basic state s, the super-states containing s are called ancestor states m F super-state S is called N-super-state, if all (immediate) sub-states are active when S is active. answering machine ON Line monitoring Line wait ring hang-up (caller) Line Process ey-off OFF Key monitoring (excl. ON / OFF) Key wait ey-on ey pressed done Key Process /5 /6 Entering and leaving N-Super-States Representation of omputations New: on / off events handled by ey process. answering machine ON Line monitoring Line wait ring hang-up (caller) Line Process Key monitoring (incl. ON / OFF) Key wait ey pressed done Key Process esides states, arbitrary many other variables can be defined. This way, not all states of the system are modeled explicitly. The variables can be changed as a result of a state transaction ( action ). State transitions can be dependent on these variables ( conditions ). action condition variables OFF /7 /8

General form of edge labels Events and ctions event [condition] / reaction event [condition] / reaction Event ondition an be either internally or externally generated. Refer to values of variables that eep their value until they are reassigned. State transition Transition is enabled if event exists and condition holds Reaction / ction an be assignment to variables and/or creation of events n event can be composed of several events: (e and e) event that corresponds to the simultaneous occurrence of e and e. (e or e) event that corresponds to the occurrence of either e or e or both. (not e) event that corresponds to the absence of event e. Similarly for conditions reaction can also be composed: (a; a) actions a und a are executed sequentially. ll events, states and actions are globally visible. /9 /0 Example The Stateharts Simulation Phases e / a [c] / a event [condition] / reaction The transitions are evaluated in simulation steps. e: a: Each step is divided in three phases: a: c: true false time. Effect of changes on events and conditions is evaluated.. The set of transitions to be made in the current step and e: right hand sides of assignments are computed. a: a: c: true false. Transitions become effective, variables obtain new values. / /

Example Swap More on semantics of Stateharts swap e / a:=b e / b:=a / a:=; b:=0 Unfortunately, there are several time-semantics of Stateharts in use. This is one possibility: step is executed in arbitrarily small time. Internal (generated) events exist only within the next step. External events can only be detected after a stable state has been reached. In phase, variables a and b are assigned to temporary variables In phase, these are assigned to b and a, respectively s a result, variables a and b are swapped state transitions external events stable state stable state t transport of internal events step / / Example, Stable State and State iagram Example Non-eterminism a/a c/c a b/a a e E G a e F H orresponding state diagrams: ac/a, ac/c, ac/a c, c/c a/a,, b/a ab, ab/a, unstable state ba/a, a State iagram Which one is chosen? /5 /6

onflicts OR or XOR? Real Time Exercise Reservoir bc bc XOR b b c bc XOR (with priority to b if simultaneous events) What if the events b and c occur simultaneously? bc bc OR bc Initial ondition Empty pools, faucets closed Sensors & regulators F i, G i = 0 if closed H i, L i = if water is above sensor Operation fter pressing button m, the pools are filled up to level H i. When pool i has reached H i, close F i and open G i until the water level reaches L i. Restarting is only possible after both pools have been emptied. Q: raw a Statehart that models this system. H reservoir F F H Pool Pool L L G G m /7 /8 Real Time Solution Reservoir Usability reservoir F F H L H Pool Pool L G G m ε [ && ] m \ F =;F = H \ F =0;G = H \ F =0;G = Intuitive language to describe event driven automata New: oncurrency incl. synchronization Used in different flavors in industry and even for ids: L \ G =0 L \ G =0 /9 /0

Summary Where are we? dvantages of hierarchical state machines: Simple transformation into efficient hardware and software implementations Efficient simulation asis for formal verification (usually via symbolic model checing), if in reactions only events are generated isadvantages: Intricate for large systems, limited re-usability of models No formal representation of operations on data Large part of the system state is hidden in variables. This limits possibilities for efficient implementation and formal verification. Stateharts Hierarchy oncurrency Events and ctions Simulation Semantics Non-eterminism and onflicts Petri Nets Notation oncurrency Petri Net Languages ehavioral Properties nalysis / / Petri nets Motivation Petri net efinition In contrast to hierarchical state machines, state transitions in Petri nets are asynchronous. The ordering of transitions is partly uncoordinated; it is specified by a partial order. Petri net is a bipartite, directed graph defined by a -tuple (S, T, F, M 0 ), where Therefore, Petri nets can be used to model concurrent distributed systems. Many flavors of Petri nets are in use, e.g. ctivity charts (UML) ata flow graphs and mared graphs GRFET (programming language for prog. logic controllers) S is a set of places p i T is a set of transitions t i F is a set of edges (flow relations) f i M 0 : S N; the initial maring p p p t Invented by arl dam Petri in 96 in his thesis Kommuniation mit utomaten p5 p / /

Toen maring Toen game of Petri nets Each place p i is mared with a certain number of toens The initial distribution of the toens is given by M 0 M(s) denotes the maring of a place s The distribution of toens on places defines the state of a Petri net The dynamics of a Petri net is defined by a toen game maring M activates a transition t T if each place p i connected through an edge f i towards t contains at least one toen. If a transition t is activated by M, a state transition to M fires (happens) eventually. Only one transition is fired at any time. When a transition fires, it onsumes a toen from each of its input places dds a toen to each of its output places fires /5 /6 Non-eterministic Evolution Syntax Exercise The evolution of Petri nets is not deterministic. Q: Is it a valid Petri Net? Which transitions are activated? Maring after firing? ny of the activated transactions might fire t t E t t F G H I /7 /8

Syntax Exercise () Weighted Edges Q: Is it a valid Petri Net? Which transitions are activated? Maring after firing? t ssociating weights to edges: Each edge f i has an associated weight W(f i ) (defaults to ) transition t is active if each place p i connected through an edge f i to t contains at least W(f) toens. J K H O H O Reaction H + O H O L H O H O /9 /0 Finite apacity Petri Net Removing apacity onstraints Each place p i can hold maximally K(p i ) toens transition t is only active if all output places p i of t cannot exceed K(p i ) after firing t. For each place p with K(p) >, add a complementary placep with initial maring M 0 (p ) = K(p) M 0 (p). For each outgoing edge e = (p, t), add an edge e from t to p with weight W(e). For each incoming edge e = (t, p), add an edge e from p to t with weight W(e). K()= t K()= t t K()= t remove capacity constraint Note: Only wors for pure Petri nets, i.e. without self loops. Pure finite capacity Petri Nets can be transformed into equivalent infinite capacity Petri Nets (without capacity restrictions). Equivalence: oth nets have the same set of all possible firing sequences K()= t t K(p)=5 / /

Resolving Self-Loops Your turn! The algorithm to remove capacity constraints wors if the Petri net has no self loops (is pure). No Problem! Rewrite the Petri net without self loops: dummy transition Remove the capacity constraint from place t5 t t5 t t K()= t t dummy place / / Modeling FSM oncurrent ctivities FSM can be represented by a subclass of Petri nets, where each transition has exactly one incoming edge and one outgoing edge. Such Petri nets are called state machines oe vending machine revisited Q 0 5 Q 5 Q Q 0 5 Q 5 Q Q 0 6 0 State machines allow representation of decision, but no synchronization. General Petri nets support concurrency with intuitive notation: decision / conflict for join / synchronization Soda /5 /6

Petri Net Languages ehavioral Properties Transitions labeled with (not necessarily distinct) symbols ny sequence of firing the transitions generates a string of symbols (word) Final place Reachability maring M n is reachable iff there exists a sequence of firings {t, t, t n } s.t. M n = M 0 t t t n Reachability is decidable, but taes exponential space (and time) for the general case L(M 0 ) = {a n b m c m n m 0 }??? a b c Every finite-state machine can be modeled by a Petri net Every regular language is a Petri net language K-oundedness Petri net is K-bounded if the number of toens in every place never exceeds K. The number of states is finite. Safety -oundedness: Every node holds at most toen at any time /7 /8 ehavioral Properties () Liveness Example Liveness Having reached M n from M 0, can we eventually fire any transition? losely related to the complete absence of dead locs. transition t in a Petri net is dead iff t cannot be fired in any firing sequence of L(M 0 ) L -live iff t can be fired at least once in some sequence of L(M 0 ) L -live iff, N +, t can be fired at least times in some sequence of L(M 0 ) L -live iff t appears infinitely often in some infinite sequence of L(M 0 ) L -live (live) iff t is L -live for every maring reachable from M 0 t t Note: L -liveness ) L -liveness )L -liveness )L -liveness /9 /0

nalysis Methods overability Tree overability tree Enumeration of all reachable marings, limited to small nets Incidence Matrix escribes the toen-flow llows a necessary but not sufficient condition for reachability Reduction Rules Simplification rules to rewrite a Petri net, conserving liveness, safeness and boundedness properties. Question: What toen distributions are reachable? Problem: There might be infinitely many ) must avoid infinite tree Solution: etect & handle infinite cycles t Special symbol to denote an arbitrary number of toens t0 M = [0 0 ] deadend M 0 = [ 0 0] M = [0 ] t M = [ 0] M 6 = [ 0] old M 5 = [0 ] old / / overability Tree the lgorithm Special symbol, similar to : nn: > n; = ± n; Label initial maring M 0 as root and tag it as new while new marings exist, pic one, say M If M is identical to a maring on the way from the root to M, mar it as old; continue; If no transitions are enabled at M, tag it as deadend; For each enabled transition t at M do Obtain maring M' = M t If there exists a maring M'' on the way from the root to M s.t. M'(p) M''(p) for each place p and M' M'', replace M'(p) with for p where M'(p) > M''(p). Introduce M' as a node, draw an arc with label t from M to M' and tag M' new. Results from the overability Tree T The net is bounded iffdoes not appear in any node label of T The net is safe iff only 0 and appear in the node labels of T transition t is dead iff it does not appear as an arc in T If M is reachable from M 0, then there exists a node M' s.t. M M'. (This is a necessary, but not sufficient condition for reachability.) For bounded Petri nets, this tree does not contain and is also called reachability tree, as all reachable marings are contained in it. / /

Incidence Matrix State Equation Goal: escribe a Petri net through equations The incidence matrix (m n) describes the toen-flow according for the n different transitions ij = gain of toens at node i m when transition j n fires maring M is written as a m column vector The firing vector u i describes the firing of transition t i. It consists of all 0, except for the i-th row, where it has a. E.g. t t transition t i from M to M + is written as M + = M + u i M is obtained from M 0 by firing /5 /6 State Equation: Reachability Reduction Rules maring M is reachable from M 0 if there is a sequence σ of transitions {t σ[], t σ[],, t σ[] } such that M = M 0 t σ[] t σ[] t σ[]. Expressed with the incidence matrix: M M 0 i () () If M is reachable from M 0, equation () must have a solution where all components of are positive integers. (This is a necessary, but not sufficient condition for reachability.) u [ i] which can be rewritten as M ΔMx M 0 t nalysis of Petri nets is tedious, especially for large, complex nets Often, the complexity for analysis increases exponentially with the size of the Petri net Solution: Simplify the net while retaining the properties to analyze. In our case, the properties in question are Liveness Safeness oundedness 6 of the simplest reduction rules are shown in the sequel /7 /8

Reduction Rules () Reduction Rules () Fusion of Series Places (FSP) Fusion of Series Transitions (FST) Elimination of Self Loop Places (ESP) Elimination of Self Loop Transitions (EST) Fusion of Parallel Places (FPP) Fusion of Parallel Transitions (FPT) /9 /50 Reduction Example ommon Extensions t olored Petri nets: Toens carry values (colors) ny Petri net with finite number of colors can be transformed into a regular Petri net. ontinuous Petri nets: The number of toens can be real. annot be transformed to a regular Petri net Inhibitor rcs: Enable a transition if a place contains no toens annot be transformed to a regular Petri net t Final place a b c /5 /5

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback