Presentation is loading. Please wait.

Presentation is loading. Please wait.

Timed Automata. Final Exam Time: June 25 th, 2pm-4pm Location: TBD.

Similar presentations


Presentation on theme: "Timed Automata. Final Exam Time: June 25 th, 2pm-4pm Location: TBD."— Presentation transcript:

1 Timed Automata

2 Final Exam Time: June 25 th, 2pm-4pm Location: TBD

3 Aim of the Lecture knowledge of a basic formalism for modeling timed systems basic understanding of verification algorithms for timed systems (useful for practical modeling and verification).

4 Example: Peterson's Algorithm flag[0], flag[1] (initialed to false) — meaning I want to access CS turn (initialized to 0) — used to resolve conflicts Process 0: while (true) { ; flag[0] := true; turn := 1; while flag[1] and turn = 1 do { }; ; flag[0] := false; } Process 1: while (true) { ; flag[1] := true; turn := 0; while flag[0] and turn = 0 do { }; ; flag[1] := false; }

5 Example: Peterson's Algorithm

6

7 Fischer's Protocol id — shared variable each process has it's own timer (for delaying) for correctness it is necessary that K2 > K1 Process i: while (true) { ; while id != 0 do {} delay K1; id := i; delay K2; if (id = i) { ; id := 0; }

8 Modeling Real Time Systems Two models of time:  discrete time domain  continuous time domain

9 Discrete Time Domain clock ticks at regular interval at each tick something may happen between ticks — the system only waits

10 Discrete Time Domain choose a fixed sample period ε all events happen at multiples of ε simple extension of classical models main disadvantage — how to choose ε ?  big ε  too coarse model  low ε  time fragmentation, too big state space usage: particularly synchronous systems (hardware circuits)

11 Continuous Time Domain time is modeled as real numbers delays may be arbitrarily small more faithful model, suited for asynchronous systems uncountable state space  cannot be directly handled automatically by “brute force”

12 Timed Automata extension of finite state machines with clocks continuous real semantics limited list of operations over clocks  automatic verification is feasible allowed operations:  comparison of a clock with a constant  reset of a clock  uniform flow of time (all clocks have the same rate)

13 What is a Timed Automaton? an automaton with locations (states) and edges the automaton spends time only in locations, not in edges

14 What is a Timed Automaton? (2) real valued clocks (x, y, z) all clocks run at the same speed clock constraints can be guards on edges

15 What is a Timed Automaton? (3) clocks can be reset when taken an edge only a reset to value 0 is allowed

16 What is a Timed Automaton? (4) location invariants forbid to stay in a state too long invariants force taking an edge

17 Clock Constraints

18 Timed Automata Syntax

19 Semantics: Main Idea semantics is a state space (reminder: guarded command language, extended finite state machines) states given by:  location (local state of the automaton)  clock valuation transitions:  waiting — only clock valuation changes  action — change of location

20 Clock Valuations

21 Evaluation of Clock Constraints

22 Examples

23 Timed Automata Semantics

24 Example What is a clock valuation? What is a state? Find a run = sequence of states

25 Example

26 Example 2 What does the automaton do? Write an example of a run...

27 Examples construct a simple timed automata model of:  a digital wristwatch with 4 modes: cycle through modes “intelligent” return to basic mode (after used, timeout,...) daily (morning) schedule: breakfast, transport, lecture,... (include minimal times necessary, deadlines,...)

28 Semantics: Notes the semantics is infinite state (even uncountable) the semantics is even infinitely branching

29 Reachability Problem  Input: a timed automaton A, a location l of the automaton  Question: does there exists a run of A which ends in l This problem formalises the verification of safety problems — is an erroneous state reachable?

30 Example How to do it algorithmically?

31 Reachability Problem Theorem :  The reachability problem is PSPACE-complete. Notes  note that even decidability of the problem is not straightforward — remind that the semantics is infinite state  decidability proved by region construction (to be discussed)  completeness proved by general reduction from linearly bounded Turing machine (not discussed)

32 Region Construction Main idea:  some clock valuations are equivalent  work with regions of valuations instead of valuations  finite number of regions

33 Preliminaries

34 Equivalence on Clock Valuation

35 Equivalence on Clock Valuation

36 Equivalence: Example 1

37 Equivalence: Example 2

38 Regions

39 Regions: Example

40 Regions: Example

41 Region Graph

42 Operations on Regions To construct the region graph, we need the following operations:  let time pass — go to adjacent region at top right  intersect with a clock constraint (note that clock constraints define supersets of regions) if region is in the constraint: no change otherwise: empty  reset a clock — go to a corresponding region

43

44 Example: Automaton

45 Example: Region Graph

46 Other Problems verification of temporal (timed) logic universality, language inclusion (undecidable!) (timed) bisimulation of timed automata

47 Zones

48 Difference Bound Matrix

49 Zone Graph: Example

50 Approximations

51 Extensions For practical modeling we use several extensions:  location invariants  parallel composition of automata  channel communication, synchronization  integer variables These issues are solved in the ‘usual way’. Here we focused on the basic model, basic aspects dealing with time.

52 Example: Parallel Composition

53 Fischer's Protocol id — shared variable each process has it's own timer (for delaying) for correctness it is necessary that K2 > K1 Process i: while (true) { ; while id != 0 do {} delay K1; id := i; delay K2; if (id = i) { ; id := 0; }

54 Fischer's Protocol: Mode

55 Summary timed automata: formal syntax and semantics reachability problem: the basic verification problem, decidable (PSPACE-complete) practical verification: zones, approximation techniques,...

56 Hybrid System Systems containing both discrete and continuous components Practical Examples:  Embedded System Controller  VLSI circuits  System Biology Safety Critical Area Formal Verification  Formal Model : Hybrid Automata

57 Hybrid Automata Widely studied formal models for hybrid systems They consist of  A finite state transition system  Differential equations in each location Example

58 Linear Hybrid Automata Approximate

59 Safety Verification Reachability Find a sequence of states which can reach the target The continuous states between states and  Flow function and first derivative  and  for all reals satisfies invariant in

60 Reachability Analysis Approach  Over-approximation  Geometric Computation Tools  HyTech  PHAVer Performance  Undecidable  Imprecise  Low dimension

61 Reachability Analysis Bounded Model Checking  Search for a potential behavior within k step  Usually solved by SMT techniques  Need to encode all the potential bounded behavior firstly  Medium bound - > Large SMT problem Control The Complexity!

62


Download ppt "Timed Automata. Final Exam Time: June 25 th, 2pm-4pm Location: TBD."

Similar presentations


Ads by Google