Download presentation

Presentation is loading. Please wait.

Published bySydney Williamson Modified about 1 year ago

1
Robustness and Implementability of Timed Automata Martin De Wulf Laurent Doyen Nicolas Markey Jean-François Raskin Centre Fédéré en Vérification FORMATS-FTRTFT 2004 – Sep 24 th - Grenoble

2
Motivation Embedded Controllers … are difficult to develop (concurrency, real- time, continuous environment,...). … are safety critical. Use formal models + Verification: Timed Automata and Reachability Analysis

3
Timed Automata closed guardresetLocation Transition Clocks: {a,b}

4
Objectives From a verified model, generate (automatically) a correct implementation Using classical formalism (e.g. timed automata) …but interpreting the model in a way that guarantees the transfer of the properties from model to implementation

5
Robustness and Implentation Model Perfect continuous clocks Instantaneous synchronisations Reaction time = 0 Digital clocks Delayed synchronisations Reaction time > 0 Implementation vs. Correct model Correct implementation?

6
Timed Automata: Semantics Classical Perfect clocks Rate: Guard: Imprecise clocks Rate: Guard: Enlargedvs. Shortcut:

7
From Model to Implementation >0 Reach([A´] ) Bad = Timed automaton A is implementable [DDR04] if Reach([A]) Bad = Timed automaton A is correct if which is equivalent to >0 Reach([A´] ) Bad =

8
Robustness No ! (see example) Is it always the case that ? >0 Reach([A] ) = Reach([A]) How to compute ? >0 Reach([A] ) [Pur98] gives an algorithm for >0 Reach([A] ) We show that >0 Reach([A] ) = >0 Reach([A] )

9
An example showing that Reach([A]) >0 Reach([A] )

10
Example

11
Classical Semantics Example

12
Example

13
Example

14
Example

15
Example

16
Example

17
Example

18
Enlarged Semantics Example

19
Example

20
Example

21
Example

22
Example

23
Example

24
Example

25
Example

26
Example

27
Example

28
Example

29
Example

30
Example

31
Example

32
Example

33
Example

34
Example

35
Example

36
Example

37
Example

38
Example Reach([A] )

39
Enlarged Semantics Example >0 Reach([A] ) When

40
Enlarged SemanticsClassical Semantics vs. Example >0 Reach([A] ) Reach([A])

41
Black cycles are reachable Blue cycles are not ! Classical semantics [A] Enlarged semantics One blue cycle is reachable By repeating this cycle with Δ>0, the entire regions are reachable ! Example [A]

42
Cycles in Timed Automata Algortihm [Pur98] is based on this observation: It just adds the cycles to reachable states Until no more cycle is accessible Hence, the implementability problem is decidable ! (and PSPACE-complete) Given a timed automaton A, determine whether there exists Δ>0 such that Reach([A] ) Bad =

43
Open questions Maximize Δ such that Decide whether there exists Δ such that Find a practical algorithm for And many others… Reach([A] ) Bad = >0 Reach([A] ) UntimedLang([A] ) = UntimedLang([A])

44
References [DDR04] M. De Wulf, L. Doyen, J.-F. Raskin. Almost ASAP Semantics: From Timed Model to Timed Implementation. LNCS 2993, HSCC 2004. [Pur98] A. Puri. Dynamical Properties of Timed Automata. FTRTFT 1998.

45
Model-based development Make a model of the environment: Env Make clear the control objective: Bad Make a model of the control strategy: ControllerModel Verify: Does Env || ControllerModel avoid Bad ? Good, but after ?

Similar presentations

© 2017 SlidePlayer.com Inc.

All rights reserved.

Ads by Google