Presentation is loading. Please wait.

Presentation is loading. Please wait.

CS5270 Lecture 41 Timed Automata I CS 5270 Lecture 4.

Published byJocelyn Norton Modified over 8 years ago

Similar presentations

Presentation on theme: "CS5270 Lecture 41 Timed Automata I CS 5270 Lecture 4."— Presentation transcript:

1 CS5270 Lecture 41 Timed Automata I CS 5270 Lecture 4

2 2 Overview The real time computing environment. –Basic concepts –Scheduling –Resource access protocols. Verification of real time systems. Time-triggered architectures, protocols.

3 CS5270 Lecture 43 Overview Verification of real time systems. –Timed automata. – Properties  Reachability properties will do! –Formal verification.  The method (regional construction)  An implementation : UPPAAL (Lab assignments)

4 CS5270 Lecture 44 Where We Were The real time computing environment –The external view –A closed loop consisting of a plant and a controller.

5 CS5270 Lecture 45 The External Closed System View Computing system Plant Sense Actuate Both the computing system and the plant have the same notion of time.

6 CS5270 Lecture 46 The External Closed System View Computing system Plant Sense Actuate Model this closed system as a timed automaton and verify it has the desired properties.

7 CS5270 Lecture 47 The Road Map Transition systems Behavior of a transition system Properties Verification setting Add time!

8 CS5270 Lecture 48 Transition Systems Vs Automata Automata = Transition system + accepting conditions. Transition systems ---- State spaces, dynamics Automata ----- Languages, Properties

9 CS5270 Lecture 49 Example Resource Manager Req Release Grant

10 CS5270 Lecture 410 Example FRW Bad Req Release BU Grant crash

11 Example Bad Req Release Grant crash Any sequence over {Req, Grant, Release} as allowed by the automaton. Rq G Rl Rq G allowed. Rq G Rl Cr not wanted!

12 CS5270 Lecture 412 Example Bad Req Release Grant crash Any sequence over {Req, Grant, Release} as allowed by the automaton ?

13 CS5270 Lecture 413 Example Bad Req Release Grant crash Any sequence that ends with Release (except for the null string)

14 CS5270 Lecture 414 Transition Systems A Simple model of dynamic systems. Discrete time States Transitions Initial state(s). No accepting states.

15 CS5270 Lecture 415 Example C H On-heat On-ac OK Off-acOff-heat

16 CS5270 Lecture 416 Signal Flow Temperature AC-motor Heater-motor

17 CS5270 Lecture 417 Example C H On-heat On-ac OK Off-heat Off-ac

18 CS5270 Lecture 418 Example C H On-heat On-ac OK Off-acOff-heat State

19 Example C H On-heat On-ac OK Off-acOff-heat State OK Transition

20 Example C H On-heat On-ac OK Off-ac Off-heat State a Transition Off-acAction

21 C H On-heat On-ac OK Off-ac Off-heat State OKTransition Off-acAction Initial State

22 CS5270 Lecture 422 S4S4 S5S5 S6S6 S1S1 S2S2 S3S3 C H On-heat On-ac OK Off-acOff-heat S0S0 PATH – S 4 on-heat S 5 OK S 6 off-heat S 0 ? S 1 …. Non- Paths: S 5 off-heat S 6 off-heat S 0 S 1 on-ac S 5 OK S 6 ….

23 CS5270 Lecture 423 S4S4 S5S5 S6S6 S1S1 S2S2 S3S3 C H On-heat On-ac OK Off-acOff-heat S0S0 PATH – S 4 S 5 S 6 S 0 S 1 …. Run ---- Path starting from an initial state ----- S 0 S 1 S 2 S 3 S 0 S 1 ….

24 CS5270 Lecture 424 Transition Systems TS = (S, Act, !, S in ) --- Transition System – S --- States –Act --- A set of actions – ! µ S £ Act £ S ---- Transition Relation – S in µ S ---- Initial states Often: –S and Act are finite sets. –S in has only one element. –The transition relation is deterministic.

25 CS5270 Lecture 425 Deterministic Transition Systems TS = (S, Act,, S in ) --- Transition System (s, a, s’)  – s s’ a

26 CS5270 Lecture 426 Transition Systems TS = (S, Act, !, S in ) --- Transition System S4S4 S5S5 S6S6 S1S1 S2S2 S3S3 C H On-heat On-ac OK Off-acOff-heat S0S0 S = ?

27 CS5270 Lecture 427 Transition Systems TS = (S, Act, !, S in ) --- Transition System S4S4 S5S5 S6S6 S1S1 S2S2 S3S3 C H On-heat On-ac OK Off-acOff-heat S0S0 S = { S0, S1, S2, …,S6}

28 CS5270 Lecture 428 Transition Systems TS = (S, Act, !, S in ) --- Transition System S4S4 S5S5 S6S6 S1S1 S2S2 S3S3 C H On-heat On-ac OK Off-acOff-heat S0S0 Act = ?

29 CS5270 Lecture 429 Transition Systems TS = (S, Act, !, S in ) --- Transition System S4S4 S5S5 S6S6 S1S1 S2S2 S3S3 C H On-heat On-ac OK Off-acOff-heat S0S0 Act = {C, On-heat, H, on-ac,..}

30 CS5270 Lecture 430 Transition Systems TS = (S, Act, !, S in ) --- Transition System S4S4 S5S5 S6S6 S1S1 S2S2 S3S3 C H On-heat On-ac OK Off-acOff-heat S0S0 = ?

31 CS5270 Lecture 431 Transition Systems TS = (S, Act, !, S in ) --- Transition System S4S4 S5S5 S6S6 S1S1 S2S2 S3S3 C H On-heat On-ac OK Off-acOff-heat S0S0 = { (S0, H, S1), (S0, C, S4),….}

32 CS5270 Lecture 432 Transition Systems TS = (S, Act, !, S in ) --- Transition System S4S4 S5S5 S6S6 S1S1 S2S2 S3S3 C H On-heat On-ac OK Off-acOff-heat S0S0 S in = ?

33 CS5270 Lecture 433 Transition Systems TS = (S, Act, !, S in ) --- Transition System S4S4 S5S5 S6S6 S1S1 S2S2 S3S3 C H On-heat On-ac OK Off-acOff-heat S0S0 S in = {S0}

34 CS5270 Lecture 434 Deterministic Transition Systems s s1 s2 aa s a s1 s a s2 AND IMPLIES s1 = s2 Non-determinism is useful for getting succinct specifications. Abstractions (hiding details) give rise to non-determinism.

35 CS5270 Lecture 435 Non-Determinism Arrive at Junction Toss Coin HT Turn-leftTurn-right

36 CS5270 Lecture 436 Non-Determinism Arrive at Junction Toss Coin HT Turn-leftTurn-right

37 CS5270 Lecture 437 Non-Determinism Arrive at Junction Toss Coin HT Turn-leftTurn-right Toss Coin

38 CS5270 Lecture 438 Non-Determinism Arrive at Junction Toss Coin Turn-leftTurn-right Toss Coin

39 CS5270 Lecture 439 S4S4 S5S5 S6S6 S1S1 S2S2 S3S3 C H On-heat On-ac OK Off-acOff-heat S0S0 PATH – S 4 S 5 S 6 S 0 S 1 …. Run ---- Path starting from an initial state ----- S 0 S 1 S 2 S 3 S 0 S 1 ….

40 CS5270 Lecture 440 Computations TS = (S, Act,, S in ) Behaviors can also be defined as action sequences: –Computations, traces,… s 0 s 1 s 2 ……. s n ---- run. s 0 a 1 s 1 a 2 s 2 ….s n-1 a n s n s i s i+1 a 1 a 2 a 3 ….a n is a computation. aiai

41 CS5270 Lecture 441 S4S4 S5S5 S6S6 S1S1 S2S2 S3S3 C H On-heat On-ac OK Off-acOff-heat S0S0 Run ----- S 0 S 1 S 2 S 3 Computation ----- ?

42 CS5270 Lecture 442 S4S4 S5S5 S6S6 S1S1 S2S2 S3S3 C H On-heat On-ac OK Off-acOff-heat S0S0 Run ----- S 0 S 1 S 2 S 3 S 0 Computation ----- H On-ac OK off-ac

43 CS5270 Lecture 443 Behaviors (Linear Time) The behavior of a transition system is: – Its set of runs. –Its set of computations. Does the behavior of TS have the desired property? –Does every computation (run) of the transition system have the desired property? –In no computation, C is immediately followed by On-Ac.

44 CS5270 Lecture 444 Behaviors Properties: – Is there a run leading to deadlock?  s 0 ---------------> s s 0 2 S in  No action is enabled at s –Is the state s reachable (via a run) ? –Is there a bad state which is reachable? Often TS is presented implicitly! –For example, as a network of smaller transition systems.

45 CS5270 Lecture 445 The Verification Setting TS Behavior of TS Check for property ! System Model extraction Semantics

46 The Verification Setting TS Behavior of TS System Property = Temporal logic formula   YES !NO ! Model- Checker Models of 

47 CS5270 Lecture 447 S4S4 S5S5 S6S6 S1S1 S2S2 S3S3 C H On- heat On-ac OK Off-acOff- heat S0S0 Temperature Controller

48 CS5270 Lecture 448 S4S4 S5S5 S6S6 S1S1 S2S2 S3S3 C H On- heat On-ac OK Off-acOff- heat S0S0 It is often convenient to consider both finite and infinite computations!

49 S4S4 S5S5 S6S6 S1S1 S2S2 S3S3 C H On- heat On-ac OK Off-acOff- heat S0S0 Property : every (finite) computation that ends with “on-heat” can be extended to a computation that ends with “off-heat”

50 CS5270 Lecture 450 Linear time Vs. Branching time Linear time –The (flat) set of computations. Branching time –The tree of computations –How computations branch off is kept track of.

51 CS5270 Lecture 451 Linear time Vs. Branching time LTL (Linear time temporal logic). CTL (Computation tree logic) These two logics are incomparable. LTL – SPIN (Bell Labs, G. Holtzmann) CTL – SMV (Clarke, McMillan, CMU- Cadence Lab)

52 CS5270 Lecture 452 Network of Transition Systems In general, the system will contain multiple components. The components will coordinate by communication. –Send/receive messages (asynchronous) –Perform common actions together (synchronous, hand-shake).  hand-shake is usually a convenient abstraction.

53 CS5270 Lecture 453 Our Old Example

54 CS5270 Lecture 454 The Signal Space Gate Controller open close Fin-close Fin-Close approach left open close proceed Train proceed break approach left

55 CS5270 Lecture 455 The Gate and Train Transition Systems Fin-Close Gate Train open close approach proceed left break

56 56 The Gate Controller Transition System left approach close Fin-Close proceed open

57 CS5270 Lecture 457 Parallel Composition The communication is synchronous/ hand- shake. Perform common actions together. TS = TrainTS || Gate-ControllerTS || GateTS

58 Parallel Composition open closeproceed left approach proceed break approach close Fin-Close proceed open Enabled actions ?

59 Parallel Composition open close left approach proceed break approach close Fin-Close proceed open Enabled actions ? proceed Fin-Close

60 Parallel Composition open close left approach proceed break approach close Fin-Close proceed open Enabled actions ? proceed Fin-Close

61 Parallel Composition open close left approach proceed break approach close Fin-Close proceed open Enabled actions ? proceed Fin-Close

62 Parallel Composition open close left approach proceed break approach close Fin-Close proceed open Enabled actions ? proceed Fin-Close left

63 Parallel Composition open close left approach proceed break approach close Fin-Close proceed open Enabled actions ? proceed Fin-Close left

64 Parallel Composition open close left approach proceed break approach close Fin-Close proceed open Enabled actions ? proceed Fin-Close left

65 Parallel Composition g0 open close left t0 t1 approach proceed break GC0 GC1 approach close Fin-Close proceed open proceed Fin-Close left

66 CS5270 Lecture 466 Parallel Composition TS = TrainTS || Gate-ControllerTS || GateTS s = (t, GC, g) A state of TS (g0, t0, GC0) ( g0, t1, GC1 ) approach t0 t1 (TRAIN) approach GC1 (Gate-Controller) approach GC0

67 CS5270 Lecture 467 State Space Explosion TS = TS 1 || TS 2 … || TS n TS is presented implicitly! –Fix a communication convention –Present TS 1, TS 2,…, TS n We wish to analyze TS and often implement TS. But constructing TS first explicitly is often hopeless. |TS i | = 10 n = 6 –|TS| = ? (worst case)

68 CS5270 Lecture 468 Timed Transition Systems Timed Transition Systems = Transition Systems + Clock Variables. Clock variables. – Used to record the passage of (real) time. –Act like Timers. –Can be read. – Transitions constrained (guarded) by current values of clock variables. –Can be reset to 0 during a transition.

69 CS5270 Lecture 469 Using Clock Variables HotOn-acOK Off-ac Spec. : Turn off ac if the temperature is OK or 5 units of time has elapsed since turning it on.

70 CS5270 Lecture 470 Using Clock Variables HotOn-ac; xOK Off-ac Spec. : Turn off ac if the temperature is OK or 5 units of time has elapsed since turning it on. x  5 Off-ac

71 CS5270 Lecture 471 Using Clock Variables HotOn-ac; xOK Off-ac x  5 Off-ac Clock variable x is set to 0. On-ac ; x is short form for: On-ac ; x := 0

72 CS5270 Lecture 472 Using Clock Variables HotOn-ac; xOK Off-ac x  5 Off-ac Clock variable x is used to form a guard: x  5

73 CS5270 Lecture 473 Using Clock Variables HotOn-acOK Off-ac Spec. : Turn off ac if the temperature is OK or 5 units of time has elapsed since turning it on. Turn on ac within 3 time units after receiving Hot signal.

74 CS5270 Lecture 474 Using Clock Variables Hot; y On-ac; xOK Off-ac x  5 Off-ac Spec. : Turn off ac if the temperature is OK or 5 units of time has elapsed since turning it on. Turn on ac within 3 time units after receiving Hot signal. y ≤ 3

75 CS5270 Lecture 475 Using Clock Variables Hot; y On-ac; xOK Off-ac x  5 Off-ac y ≤ 3 Three components: Action on-ac Reset x Guard y ≤ 3

76 CS5270 Lecture 476 Using Clock Variables Hot; y On-ac; xOK Off-ac x  5 Off-ac y ≤ 3 Do we need two clocks?

77 CS5270 Lecture 477 Using Clock Variables Hot; x On-ac; xOK Off-ac x  5 Off-ac x ≤ 3 Do we need two clocks? NO!

78 78 Timed Transitions a ; X g a, an action X, a set of clock variables; the clock variables set to 0. g, a guard; a predicate based on the values of the clock variables. g :: = x ≤ c | x  c | x  c | x  c | g1  g2 x  CL CL ---- The set of clock variables used by the model. c ----- A rational number (integer)

79 CS5270 Lecture 479 State Invariants A clock constraint is associated with each state: state invariant –The system can stay in the state only as long as the state’s invariant is not violated. For time points which violate the invariant one expects an output transition to be enabled. –Otherwise a time deadlock.  The progress of time is blocked (in the model!).

80 CS5270 Lecture 480 State Invariants x ≤ 2 a ; x b

81 CS5270 Lecture 481 State Invariants x ≤ 2 a ; x b b x > 2 SAME AS ?

82 CS5270 Lecture 482 State Invariants x ≤ 2 a ; x b x > 3 At (s1, x = 2.4) the behavior is undefined! s0 s1 s2

83 CS5270 Lecture 483 State Invariants g g1 g2g3 At all “times” g OR g1 OR g2 OR g3 is satisfied. If more than one output transition is enabled, the choice is made non-deterministically.

84 CS5270 Lecture 484 Timed Transition systems and automata How do we model real time systems? How do we specify (real time) behavioral properties? How do verify behavioral properties? What is the behavior of a timed transition system?

Download ppt "CS5270 Lecture 41 Timed Automata I CS 5270 Lecture 4."

Similar presentations

Model Checking Lecture 2. Three important decisions when choosing system properties: 1automata vs. logic 2branching vs. linear time 3safety vs. liveness.

Model Checking Lecture 2. Three important decisions when choosing system properties: 1automata vs. logic 2branching vs. linear time 3safety vs. liveness.
Automatic Verification Book: Chapter 6. How can we check the model? The model is a graph. The specification should refer the the graph representation.

Automatic Verification Book: Chapter 6. How can we check the model? The model is a graph. The specification should refer the the graph representation.
CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.

CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.
1 Model checking. 2 And now... the system How do we model a reactive system with an automaton ? It is convenient to model systems with Transition systems.

1 Model checking. 2 And now... the system How do we model a reactive system with an automaton ? It is convenient to model systems with Transition systems.
Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:

Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:
The cardiac pacemaker – SystemJ versus Safety Critical Java Heejong Park, Avinash Malik, Muhammad Nadeem, and Zoran Salcic. University of Auckland, NZ.

The cardiac pacemaker – SystemJ versus Safety Critical Java Heejong Park, Avinash Malik, Muhammad Nadeem, and Zoran Salcic. University of Auckland, NZ.
Temporal Logic and the NuSMV Model Checker CS 680 Formal Methods Jeremy Johnson.

Temporal Logic and the NuSMV Model Checker CS 680 Formal Methods Jeremy Johnson.
Model Checking I What are LTL and CTL?. and or dreq q0 dack q0bar.

Model Checking I What are LTL and CTL?. and or dreq q0 dack q0bar.
CS6133 Software Specification and Verification

CS6133 Software Specification and Verification
UPPAAL Introduction Chien-Liang Chen.

UPPAAL Introduction Chien-Liang Chen.
Hybrid Systems Presented by: Arnab De Anand S. An Intuitive Introduction to Hybrid Systems Discrete program with an analog environment. What does it mean?

Hybrid Systems Presented by: Arnab De Anand S. An Intuitive Introduction to Hybrid Systems Discrete program with an analog environment. What does it mean?
Timed Automata.

Timed Automata.
CSE 522 UPPAAL – A Model Checking Tool Computer Science & Engineering Department Arizona State University Tempe, AZ 85287 Dr. Yann-Hang Lee

CSE 522 UPPAAL – A Model Checking Tool Computer Science & Engineering Department Arizona State University Tempe, AZ Dr. Yann-Hang Lee
CIS 540 Principles of Embedded Computation Spring 2015 Instructor: Rajeev Alur

CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur
Succinct Approximations of Distributed Hybrid Behaviors P.S. Thiagarajan School of Computing, National University of Singapore Joint Work with: Yang Shaofa.

Succinct Approximations of Distributed Hybrid Behaviors P.S. Thiagarajan School of Computing, National University of Singapore Joint Work with: Yang Shaofa.
1 Formal Methods in SE Qaisar Javaid Assistant Professor Lecture # 11.

1 Formal Methods in SE Qaisar Javaid Assistant Professor Lecture # 11.
Discrete Abstractions of Hybrid Systems Rajeev Alur, Thomas A. Henzinger, Gerardo Lafferriere and George J. Pappas.

Discrete Abstractions of Hybrid Systems Rajeev Alur, Thomas A. Henzinger, Gerardo Lafferriere and George J. Pappas.
Model Checking. Used in studying behaviors of reactive systems Typically involves three steps: Create a finite state model (FSM) of the system design.

Model Checking. Used in studying behaviors of reactive systems Typically involves three steps: Create a finite state model (FSM) of the system design.
1 Carnegie Mellon UniversitySPINFlavio Lerda SPIN An explicit state model checker.

1 Carnegie Mellon UniversitySPINFlavio Lerda SPIN An explicit state model checker.
Lecture 4&5: Model Checking: A quick introduction Professor Aditya Ghose Director, Decision Systems Lab School of IT and Computer Science University of.

Lecture 4&5: Model Checking: A quick introduction Professor Aditya Ghose Director, Decision Systems Lab School of IT and Computer Science University of.

Similar presentations

Ads by Google