Download presentation

1
Timed Automata

2
**Final Exam Time: June 25th, 2pm-4pm**

Location: TBD

3
**Aim of the Lecture knowledge of a basic formalism for modeling timed**

systems basic understanding of verification algorithms for timed systems (useful for practical modeling and verification).

4
**Example: Peterson's Algorithm**

flag[0], flag[1] (initialed to false) — meaning I want to access CS turn (initialized to 0) — used to resolve conflicts Process 0: while (true) { <noncritical section>; flag[0] := true; turn := 1; while flag[1] and turn = 1 do { }; <critical section>; flag[0] := false; } Process 1: while (true) { <noncritical section>; flag[1] := true; turn := 0; while flag[0] and turn = 0 do { }; <critical section>; flag[1] := false; }

5
**Example: Peterson's Algorithm**

6
**Example: Peterson's Algorithm**

7
**Fischer's Protocol id — shared variable**

each process has it's own timer (for delaying) for correctness it is necessary that K2 > K1 Process i: while (true) { <noncritical section>; while id != 0 do {} delay K1; id := i; delay K2; if (id = i) { <critical section>; id := 0; }

8
**Modeling Real Time Systems**

Two models of time: discrete time domain continuous time domain

9
**Discrete Time Domain clock ticks at regular interval**

at each tick something may happen between ticks — the system only waits

10
**Discrete Time Domain choose a fixed sample period ε**

all events happen at multiples of ε simple extension of classical models main disadvantage — how to choose ε ? big ε too coarse model low ε time fragmentation, too big state space usage: particularly synchronous systems (hardware circuits)

11
**Continuous Time Domain**

time is modeled as real numbers delays may be arbitrarily small more faithful model, suited for asynchronous systems uncountable state space cannot be directly handled automatically by “brute force”

12
**Timed Automata extension of finite state machines with clocks**

continuous real semantics limited list of operations over clocks automatic verification is feasible allowed operations: comparison of a clock with a constant reset of a clock uniform flow of time (all clocks have the same rate)

13
**What is a Timed Automaton?**

an automaton with locations (states) and edges the automaton spends time only in locations, not in edges

14
**What is a Timed Automaton? (2)**

real valued clocks (x, y, z) all clocks run at the same speed clock constraints can be guards on edges

15
**What is a Timed Automaton? (3)**

clocks can be reset when taken an edge only a reset to value 0 is allowed

16
**What is a Timed Automaton? (4)**

location invariants forbid to stay in a state too long invariants force taking an edge

17
Clock Constraints

18
Timed Automata Syntax

19
Semantics: Main Idea semantics is a state space (reminder: guarded command language, extended finite state machines) states given by: location (local state of the automaton) clock valuation transitions: waiting — only clock valuation changes action — change of location

20
Clock Valuations

21
**Evaluation of Clock Constraints**

22
Examples

23
**Timed Automata Semantics**

24
**Example What is a clock valuation? What is a state?**

Find a run = sequence of states

25
Example

26
Example 2 What does the automaton do? Write an example of a run...

27
**Examples construct a simple timed automata model of:**

a digital wristwatch with 4 modes: cycle through modes “intelligent” return to basic mode (after used, timeout, ...) daily (morning) schedule: breakfast, transport, lecture, ... (include minimal times necessary, deadlines, ...)

28
**Semantics: Notes the semantics is infinite state (even uncountable)**

the semantics is even infinitely branching

29
**Reachability Problem Reachability Problem**

Input: a timed automaton A, a location l of the automaton Question: does there exists a run of A which ends in l This problem formalises the verification of safety problems — is an erroneous state reachable?

30
Example How to do it algorithmically?

31
**Reachability Problem Theorem： Notes**

The reachability problem is PSPACE-complete. Notes note that even decidability of the problem is not straightforward — remind that the semantics is infinite state decidability proved by region construction (to be discussed) completeness proved by general reduction from linearly bounded Turing machine (not discussed)

32
**Region Construction Main idea: some clock valuations are equivalent**

work with regions of valuations instead of valuations finite number of regions

33
Preliminaries

34
**Equivalence on Clock Valuation**

35
**Equivalence on Clock Valuation**

36
Equivalence: Example 1

37
Equivalence: Example 2

38
Regions

39
Regions: Example

40
Regions: Example

41
Region Graph

42
Operations on Regions To construct the region graph, we need the following operations: let time pass — go to adjacent region at top right intersect with a clock constraint (note that clock constraints define supersets of regions) if region is in the constraint: no change otherwise: empty reset a clock — go to a corresponding region

44
Example: Automaton

45
Example: Region Graph

46
**Other Problems verification of temporal (timed) logic**

universality, language inclusion (undecidable!) (timed) bisimulation of timed automata

47
Zones

48
**Difference Bound Matrix**

49
Zone Graph: Example

50
Approximations

51
**Extensions For practical modeling we use several extensions:**

location invariants parallel composition of automata channel communication, synchronization integer variables These issues are solved in the ‘usual way’. Here we focused on the basic model, basic aspects dealing with time.

52
**Example: Parallel Composition**

53
**Fischer's Protocol id — shared variable**

each process has it's own timer (for delaying) for correctness it is necessary that K2 > K1 Process i: while (true) { <noncritical section>; while id != 0 do {} delay K1; id := i; delay K2; if (id = i) { <critical section>; id := 0; }

54
**Fischer's Protocol: Mode**

55
**Summary timed automata: formal syntax and semantics**

reachability problem: the basic verification problem, decidable (PSPACE-complete) practical verification: zones, approximation techniques, ...

56
Hybrid System Systems containing both discrete and continuous components Practical Examples: Embedded System Controller VLSI circuits System Biology Safety Critical Area Formal Verification Formal Model : Hybrid Automata

57
**Hybrid Automata Widely studied formal models for hybrid systems**

They consist of A finite state transition system Differential equations in each location Example

58
**Linear Hybrid Automata**

Approximate

59
**Safety Verification Reachability**

Find a sequence of states which can reach the target The continuous states between states and Flow function and first derivative and for all reals satisfies invariant in

60
**Reachability Analysis**

Approach Over-approximation Geometric Computation Tools HyTech PHAVer Performance Undecidable Imprecise Low dimension

61
**Reachability Analysis**

Bounded Model Checking Search for a potential behavior within k step Usually solved by SMT techniques Need to encode all the potential bounded behavior firstly Medium bound －> Large SMT problem Control The Complexity!

62
Thank You

Similar presentations

© 2020 SlidePlayer.com Inc.

All rights reserved.

To make this website work, we log user data and share it with processors. To use this website, you must agree to our Privacy Policy, including cookie policy.

Ads by Google