Presentation on theme: "November 20, 2003Pisa1 Time in computational models: comparisons, problems, proposals Dino Mandrioli Dipartimento di Elettronica e Informazione, Politecnico."— Presentation transcript:
November 20, 2003Pisa1 Time in computational models: comparisons, problems, proposals Dino Mandrioli Dipartimento di Elettronica e Informazione, Politecnico di Milano
November 20, 2003Pisa2 Outline (not sequential) Modeling time: –Time in traditional system models –Time in traditional HW –Time in traditional SW –Time in “more general” system models Comparisons and evaluations –Discrete vs. continuous time The case of zero-time events A little proposal
November 20, 2003Pisa3 Modeling time The “old-fashioned” way of modeling time and time-varying systems: –System state x, x = x(t) –System evolution: Continuous time: Discrete time:
November 20, 2003Pisa4 Within the “old-fashioned” way of modeling time and time-varying systems: –Side remarks and problems when: –We cannot consider anymore time as “unique”: Relativity aspects Distributed high speed systems
November 20, 2003Pisa5 The HW double way of modeling time: –The “micro” (asynchronous) view: I 1, I 2, … I1I1 I2I2 O1O1 I3I3 I1I1 I2I2
November 20, 2003Pisa6 The HW double way of modeling time: –The “macro” (synchronous) view (1): I1I1 I2I2 O1O1 O2O2 S2S2 S1S1 clock Memory Combinatoric network
November 20, 2003Pisa7 The HW double way of modeling time: –The “macro” (synchronous) view (2):
November 20, 2003Pisa8 The HW double way of modeling time: –The “macro” (synchronous) view (3): Acc ALU RAM LOAD STORE …
November 20, 2003Pisa9 The HW double way of modeling time: When moving from the micro to the “macro” view: –Time somewhat implicitly moved from continuous to discrete –An abstraction operation has been introduced –HW people apply some consistency verification technique (all switches must occur within a machine cycle) Side remark: in the HW world there is also an asynchronous view of Finite State Machines (we come back to this later on)
November 20, 2003Pisa10 The traditional SW way(s) of modeling time: Time “does not exists”: –A program –or a whole application- is an I/O function If one really wants to take time into account: –Complexity theory –Time analysis well-separated from functional analysis –Different analysis techniques –Time is discrete (“inherited” from HW): –Time unit is the abstract machine transition
November 20, 2003Pisa11 The traditional (narrow and simple) way of modeling time in computing systems is not anymore adequate when we combine, in the same system view, –HW components and aspects –SW components and aspects –Plant and/or environment components and aspects –Perhaps with different “time granularity”: from nanoseconds to months, years, etc
November 20, 2003Pisa12 Not only: We often need different time domains –Perhaps some are discrete and some are continuous But often: We want to analyze different properties by applying different techniques: –Scheduling policies w.r.t. complexity analysis (within SW) –Managing asynchronous interrupts from the environment by the synchronous computing machinery –…
November 20, 2003Pisa13 1.Keep the (HW-SW) traditional view to the extreme: Discrete time Synchronous abstract machines Time unit = machine transition Examples: Esterel Temporal logic with the “next” operator (but …): A “Computer-centric” vision How did people (researchers/engineers) deal with the new needs?
November 20, 2003Pisa14 Problems with this approach: Discrete time + synchronous view always the “natural” modeling? What if some “transition” takes a few nanoseconds and another one, possibly concurrently running, takes minutes or more? How do we compose modules in such cases? Two synchronous machines with different, possibly distributed, clocks (T 1 = 1, T 2 = ) generate an asynchronous system
November 20, 2003Pisa15 2.Add time to existing machines with no (??) time: Timed Statecharts Timed Petri Nets How did people (researchers/engineers) deal with the new needs? t, [t min, t max ] i, [t min, t max ] P1P1 P2P2
November 20, 2003Pisa16 Problems with this approach: The “syntactic surface” seems natural and easy, but … … giving a precise semantics is not as easy A few examples in the context of Timed Petri Nets (but similar problems occur in other models as well)
November 20, 2003Pisa17 0 2 [3,7] tr If 0 and 2 are the times when tokens in P1 and P2 are produced, respectively, the tr fires nondeterministically in a time between 5 and 9 P1 P2 P3 Tokens carry time stamps …
November 20, 2003Pisa18 1. Strong time semantics (STS) vs. weak time semantics (WTS) Normally STS adopted in practice However, in STS v’s firing depends on u’s firing
November 20, 2003Pisa19 2. Simultaneous firings 2.1 Simultaneous and concurrent firings. r s v p q Assume that both s and v have m v = M v = 3. Then, whenever r fires, s and v will both fire exactly 3 time units later. In general, they could fire contemporarily if and only if the intersection between their associated time intervals is not empty.
November 20, 2003Pisa20 2. Simultaneous firings 2.2 Simultaneous but logically ordered firings (zero-time transitions) Whenever r fires, s fires immediately too; clearly distinguish between logical ordering and temporal ordering; it is obvious that an event s that is the logical consequence of an event r cannot precede r, but it is not implied that s strictly follows r in time. v s p q r [0,0]
November 20, 2003Pisa21 v s p v s pq 3. Meaning of the lowerbound Assume that in the net (a) m v = M v = 3. s fires at 6 and at 7 v fires at 9 and 10 (sem A) or at 9 and 12 (recharge time) (sem B) ? Sem A can simulate sem B by (a) … Other intricacies omitted
November 20, 2003Pisa22 Formalizing (PN) time semantics A natural and traditional approach: –Tokens carry time stamps –Transitions assign new time stamps to new tokens This is a (PN) particular case of a fairly widely adopted approach (within theoretical computer science):
November 20, 2003Pisa23 Abstract machines state is augmented by “yet another variable” t t may be either discrete or continuous t is updated by machine transitions as well (??) as any other state variable (at least, t non-decreasing … … but this, perhaps, is the tip of the iceberg) x := f(x, y); t := t + …
November 20, 2003Pisa24 A critical and personal analysis of the “t: yet another variable” approach Does t capture the intuitive notion of time (flow)? There are “two different times”: The ‘t’ variable (maybe either discrete of continuous) The ”hidden time”: transition sequence x = 1 t = 0 x = 6 t = 1 x = 3 t = 1 x = 3 t = 2 x = 4 t = 5 x = 8 t = 5 x = 1 t = 5 x = 1 t = 10
November 20, 2003Pisa25 The tricky situation is even more striking in PNs (and, in general, in distributed abstract machines, possibly with different “clocks”) r s v p q [1,2] [3,4] Transition sequences: r(0), s(1), v(4) r(0), v(3), s(2) ??? (There are theorems about STS w.r.t. WTS …) But: can we still claim that “t is just yet another variable”??
November 20, 2003Pisa26 (Personally) like better: Go back to the “traditional system engineering view of time”: System state as a function of –independent- variable t: s = s(t) But: … … what about 0-time transitions?
November 20, 2003Pisa27 r fires at t p marked at t s fires at t q marked at t Which is system state (marking) at t? p and q marked?? v s p q r [0,0]
November 20, 2003Pisa28 A simple (simplistic?) solution: Just forbid 0-time transitions –Any action takes time –The effect always follows the cause –… But: What about abstractions such as: –Esterel …. 0-time transitions are often a useful abstraction i/o
November 20, 2003Pisa29 A “conventional” solution: forbid 0-time transition cycles –Zeno behaviors avoided a priori –Rather acceptable from an intuition point of view –… by convention: [0, 0]
November 20, 2003Pisa30 r fires at t p (not) marked at t s fires at t Only q marked at t v s p q r [0,0] [5,6][5,6]
November 20, 2003Pisa31 Not so easy to formally analyze complex behaviors: tokenF(r, i, p, v, j, d) states that the token produced at the current instant by the i ‑ th firing of transition r enters place p and will be consumed by the j ‑ th firing of transition s after d time units. iand j are necessary to take into account possible simultaneous firings s p r
November 20, 2003Pisa32 Just to give an idea … Proof of Alw ( i fireth(v,i)) by contradiction. x > 0
November 20, 2003Pisa34 An alternative approach Go back to the essence of the abstraction: 0-time transition = –Duration that can be neglected w.r.t. “normal system dynamics” –… infinitesimal duration –Think back to the HW abstraction s p r [0,0] Abstraction (abbreviation) for: s p r [ , ]
November 20, 2003Pisa35 A few “pleasant” consequences Time is again “unified: Transition ordering mirrors time sequencing –No more simultaneous events, but –… almost simultaneous events –We can now talk about system state s(t) again Well suited both for discrete and continuous time
November 20, 2003Pisa36 An intriguing mathematical framework for the formalization of the very idea: non-standard analysis Standard numbers: “normal numbers”: 1, 2, , … Non-standard numbers (infinitesimal/unlimited)
November 20, 2003Pisa37 Formal analysis can be simplified Example: (TRIO)/TPN axiomatization: tokenF(r, p, v, d) states that the token produced at the current instant by the firing of transition r enters place p and will be consumed by the firing of transition s after d time units. d can be either standard or infinitesimal
November 20, 2003Pisa38 The “same” proof as above … Proof of Alw ( fireth(v)) by contradiction.
November 20, 2003Pisa40 A few concluding remarks Applying non-standard analysis does not necessarily mean assuming the “system theory” approach s = s(t): –Rust applies non-standard analysis to ASMs by assuming “t as yet another variable” –His purpose: treating continuous time as the discrete one “à la SW eng.”: quite unlike mine: –“t as yet another variable” good for building simulators, not for “natural modeling”
November 20, 2003Pisa41 An intriguing possible further investigation: –x infinitesimal –y unlimited –x*y ? Standard (non Zeno) Infinitesimal (Zeno) Unlimited (non Zeno) Same as:
November 20, 2003Pisa42 A little detail to complete: –True concurrency vs. –Interleaving –In the context of non-standard semantics: Do they exist “truly contemporary events”? Or are they just “almost simultaneous” (i.e. contemporary up to an infinitesimal)? Is the question relevant?
November 20, 2003Pisa43 Some references Ghezzi C., Mandrioli D., Morasca S., Pezzè M., “A Unified High-level Petri Net Model for Time Critical Systems”, IEEE Trans. on Software Engineering, February 1991 Felder M., Mandrioli D., Morzenti A., “Proving Properties of Real-Time Systems through Logical Specifications and Petri Net Models”, IEEE Trans. on Software Engineering, vol.20, no.2, Feb.1994, pp.127-141. Coen-Porisini, A., Kemmerer R., Mandrioli D., “A Formal Framework for ASTRAL Intra-level Proof Obligations”, IEEE Trans. on Software Engineering, vol.20, no.8, August.1994, pp.548-561. Gargantini A., Mandrioli D., Morzenti A., "Dealing with Zero-time Transitions in Axiom Systems", Information and Computation, Vol. 150 N. 2, May 1999, pp. 119-131. Heitmeyer C., Mandrioli D. (editors), Formal Methods for Real-Time Computing, John Wiley & Sons, 1996. Rust H. A Non-standard approach to operational semantics for timed systems, Thesis