Presentation is loading. Please wait.

Presentation is loading. Please wait.

Verification of Parameterized Timed Systems Parosh Aziz Abdulla Uppsala University Johann Deneux Pritha Mahata Aletta Nylen.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Verification of Parameterized Timed Systems Parosh Aziz Abdulla Uppsala University Johann Deneux Pritha Mahata Aletta Nylen."— Presentation transcript:

1 Verification of Parameterized Timed Systems Parosh Aziz Abdulla Uppsala University Johann Deneux Pritha Mahata Aletta Nylen

2 Outline Parameterized Timed Systems Syntactic and Semantic Variants with one clock with several clocks discrete time domain Safety Properties

3 Parameterized System of Timed Processes – (Timed Networks) Timed Process: x:=0 x<5 Parameterized System:

4 Single Clock Timed Networks - TN(1) Timed Process: x:=0 x<5 (single clock) Parameterized System:

5 Challenge: arbitrary rather than fixed size x=0x<1x>1 x:=0 Fischer’s Protocol Timed Process: critical section Parameterized Network: arbitrary size

6 Single Clock Timed Networks - TN(1) State = Configuration 2.3 1.4 5.2 3.7 1.0 8.1 Timed Process: x:=0 x<5 (single clock) Parameterized System:

7 Initial Configurations 00 0 0 00 0 Single Clock Timed Networks - TN(1) Timed Process: x:=0 x<5 (single clock) Parameterized System:

8 2.8 1.9 5.7 4.2 0.5 8.6 2.3 1.4 5.2 3.7 0.0 8.1 Timed Transitions 0.5

9 x<5 x:=0 2.3 1.4 0.0 3.7 1.0 8.1 Discrete Transitions 2.3 1.4 5.2 3.7 1.0 8.1

10 Unbounded number of clocks Cannot be modeled as timed automata TN(1) :

11 Unbounded number of clocks Cannot be modeled as timed automata TN(1) : How to check Safety Properties ?

12 configurations equivalent if they agree (up to cmax) on:  colours  integral parts of clock values  ordering on fractional parts 3.1 4.8 1.5 6.2 5.6 3.2 4.8 1.6 6.4 5.7 Equivalence on Configurations

13 configurations equivalent if they agree (up to cmax) on:  colours  integral parts of clock values  ordering on fractional parts 3.1 4.8 1.5 6.2 5.6 3.2 4.8 1.6 6.4 5.7 Equivalence on Configurations 3.3 1.7 4.8

14 configurations equivalent if they agree (up to cmax) on:  colours  integral parts of clock values  ordering on fractional parts 3.1 4.8 1.5 6.2 5.6 3.2 4.8 1.6 6.4 5.7 3.3 1.7 4.8 3.1 1.8 4.9 Equivalence on Configurations

15 Ordering on Configurations c 1 c 2 iff c 3 :  c 1 c 3  c 3 c 2 < 3.1 4.8 1.5 6.2 5.6 4.9 6.4 5.7

16 Ordering on Configurations 3.1 4.8 1.5 6.2 5.6 4.9 6.4 5.7 4.8 6.2 5.6 c 1 c 2 iff c 3 :  c 1 c 3  c 3 c 2 <

17 mutual exclusion: Bad States : # processes in critical section > 1 Safety Properties x=0x<1x>1 x:=0 section critical 3.4 8.1

18 mutual exclusion: Bad States : # processes in critical section > 1 Ideal = Upward closed set of configurations Safety Properties x=0x<1x>1 x:=0 critical section 3.3 8.2 2.3 1.4 5.2 3.73.4 8.1

19 Ideal = Upward closed set of configurations Safety = reachability of ideals mutual exclusion: Bad States : # processes in critical section > 1 Safety Properties x=0x<1x>1 x:=0 critical section 3.3 8.2 2.3 1.4 5.2 3.73.4 8.1

20 Checking Safety Properties: Backward Reachability Analysis bad statesinitial states

21 Checking Safety Properties: Backward Reachability Analysis bad statesinitial states Pre

22 Checking Safety Properties: Backward Reachability Analysis bad statesinitial states Pre

23 Properties of -- Monotonicity c1c1 c3c3 c2c2

24 c1c1 c3c3 c2c2 c4c4

25 c1c1 c3c3 c2c2 c4c4 c5c5

26 c1c1 c3c3 c2c2 c4c4 c5c5 c6c6

27 c1c1 c3c3 c2c2 c4c4 c5c5 c6c6

28 Monotonicity ideals closed under computing Pre

29 I Monotonicity ideals closed under computing Pre

30 I Monotonicity ideals closed under computing Pre

31 I Monotonicity ideals closed under computing Pre

32 IPre(I) Monotonicity ideals closed under computing Pre

33 Checking Safety Properties: Backward Reachability Analysis bad statesinitial states Pre Ideals

34 Existential Zones x1x1 x2x2 x3x3 1 x 2 - x 1 2 x 2 - x 3

35 Existential Zones x1x1 x2x2 x3x3 1 x 2 - x 1 2 x 2 - x 3 3.1 7.2 4.6

36 Existential Zones minimal requirement x1x1 x2x2 x3x3 1 x 2 - x 1 2 x 2 - x 3 3.1 3.5 7.2 0.5 4.6 3.1 7.2 4.6

37 Existential Zones Existential Zone Ideal minimal requirement x1x1 x2x2 x3x3 1 x 2 - x 1 2 x 2 - x 3 3.1 3.5 7.2 0.5 4.6 3.1 7.2 4.6

38 Existential Zones – Computing Pre x1x1 x2x2 x3x3 1 x 2 - x 1 2 x 2 - x 3

39 Existential Zones – Computing Pre x1x1 x2x2 x4x4 1 x 2 - x 1 x5x5 2 x 5 4 x 4 x1x1 x2x2 x3x3 1 x 2 - x 1 2 x 2 - x 3 4 x 2 x

40 Checking Safety Properties: Backward Reachability Analysis bad statesinitial states Pre Existential Zones

41 Termination Existential Zones BQO (and therefore WQO)

42 Termination Existential Zones BQO (and therefore WQO) Theorem: Safety properties can be decided for TN(1)

43 Multi-Clock Timed Networks – TN(K) Timed Process: x:=0 x<5 Parameterized Network: Configuration 2.3 1.4 5.2 3.7 1.0 8.1 (two clocks) y>3 1.4 5.6 0.2 9.2 2.8 0.1 x y

44 Timed Transitions 0.5 2.3 1.4 5.2 3.7 1.0 8.1 1.4 5.6 0.2 9.2 2.8 0.1 x y x y 2.8 1.9 5.7 4.2 1.5 8.6 1.9 6.1 0.7 9.7 3.3 0.6

45 y<5x>4 x:=0 Discrete Transitions 2.3 1.4 5.2 3.7 1.0 8.1 1.4 5.6 0.2 9.2 2.8 0.1 x y 2.3 0.0 5.2 3.7 1.0 8.1 1.4 5.6 0.2 9.2 2.8 0.1 x y

46 x1x1 y1y1 1 y 2 - x 1 2 x 2 - y 1 x2x2 y2y2 x i and y i belong to the same process

47 Checking Safety Properties: Backward Reachability Analysis bad statesinitial states Pre Existential Zones

48 x 1 < x 2 < x 3 < x 4 y 1 = x 2 y 2 = x 3 y 3 = x 4 x1x1 y1y1 x2x2 y2y2 x3x3 y3y3 y 4 = x 1 y1y1 x1x1 y2y2 x2x2 x3x3 y3y3 x3x3 y3y3 x4x4 y4y4 Termination no longer guaranteed !!

49 x1x1 y1y1 y 1 = x 2 x2x2 y2y2 y 2 = x 1 x 1 < x 2 x1x1 x2x2 y1y1 y2y2 Termination no longer guaranteed !!

50 x1x1 y1y1 y 1 = x 2 x2x2 y2y2 y 2 = x 1 x 1 < x 2 x 1 < x 2 < x 3 y 1 = x 2 y 2 = x 3 y 3 = x 1 x1x1 y1y1 x2x2 y2y2 x3x3 y3y3 x1x1 x2x2 y1y1 y2y2 y1y1 x1x1 y2y2 x2x2 x3x3 y3y3 Termination no longer guaranteed !!

51 x 1 < x 2 < x 3 y 1 = x 2 y 2 = x 3 y 3 = x 1 x1x1 y1y1 x2x2 y2y2 x3x3 y3y3 x 1 < x 2 < x 3 < x 4 y 1 = x 2 y 2 = x 3 y 3 = x 4 x1x1 y1y1 x2x2 y2y2 x3x3 y3y3 y 4 = x 1 y1y1 x1x1 y2y2 x2x2 x3x3 y3y3 x3x3 y3y3 x4x4 y4y4 Termination no longer guaranteed !! y1y1 x1x1 y2y2 x2x2 x3x3 y3y3

52 Termination no longer guaranteed !!

53 Simulation of 2-counter machine by TN(2) Timed processes: One models control state Some model c 1 Some model c 2 The rest are idle c 1 ++ c 2 =0?c 2 -- M: Encoding of configurations in M:

54 Simulation of 2-counter machine c 1 ++ c 2 =0?c 2 -- M: Encoding of c 1 : # c 1 =3 left end 0.1 0.30.5 0.1 0.30.50.7 0.9 0.7 right end

55 Simulating a Decrement c 1 -- q1q1 q2q2 x=1 y=1 x:=0 q1q1 q2q2 idle 0<x y:=0 0.1 0.30.5 0.1 0.30.50.7 0.9 0.7

56 Simulating a Decrement c 1 -- q1q1 q2q2 x=1 y=1 x:=0 q1q1 q2q2 idle 0<x y:=0 0.1 0.2 0.40.6 0.2 0.40.60.8 1.0 0.8 0.1 0.30.5 0.1 0.30.50.7 0.9 0.7

57 Simulating a Decrement c 1 -- q1q1 q2q2 x=1 y=1 x:=0 q1q1 q2q2 idle 0<x y:=0 0.2 0.40.6 0.2 0.40.60.8 1.0 0.8 0.2 0.40.6 0.40.60.8 1.0 0.8

58 Simulating a Decrement c 1 -- q1q1 q2q2 x=1 y=1 x:=0 q1q1 q2q2 idle 0<x y:=0 0.2 0.40.6 0.40.60.8 1.0 0.8 0 0.40.6 0.40.60.8 1.0 0.8

59 Simulating a Decrement c 1 -- q1q1 q2q2 x=1 y=1 x:=0 q1q1 q2q2 idle 0<x y:=0 0 0.40.6 0.40.60.8 1.0 0.8 0 0.40.6 0.40.60.8 0

60 Simulating Zero Testing c 1 =0? q1q1 q2q2 x>0 y=1 x:=0 q1q1 q2q2 x=1 y:=0 0.2 0.7 0.5 0 0 1.0 0.3

61 Theorem: Checking Safety properties undecidable for TN(2)

62 Discrete Timed Networks - DTN(K) State = Configuration 2 1 5 3 1 8 Clocks interpreted over the discrete time domain 2 1 5 3 1 8 Timed Transitions 4 3 7 5 3 10 2

63 cmax = 1 0 1 2* 0 1 0 1 4 2 3 3 0 6 5 0 8 # processes having:  same state  clock value (up to cmax) Exact Abstraction

64 x=0 x:=0 x=1 0 1 2* 0 1 0 1 4 2 3 3 0 6 5 0 8 0 1 0 1 0 1 5 1 3 4 0 6 4 0 8 Discrete Transitions

65 0 1 2* 0 1 0 1 4 2 3 3 0 6 5 0 8 1 0 1 0 1 0 1 0 4 5 0 3 6 0 5 8 Timed Transitions

66 0 1 2* 0 1 0 1 4 2 3 3 0 6 5 0 8 Symbolic Representation minimal element

67 Checking Safety Properties: Backward Reachability Analysis bad statesinitial states Pre Minimal elements

68 Theorem: Checking Safety properties decidable for DTN(K)

69 Implementation

70 TPN - Parameterized Fischer 2 seconds

71 Lynch-Shavit’s Protocol

72 Parameterized Network: arbitrary size

73 TPN- Parameterized Lynch-Shavit 25 minutes

74 Syntactic Variants  Open timed networks: strict clock constraints  Closed timed networks: non-strict clock constraints undecidable decidable Semantic Variants  Robust timed networks: semantically strict clock constraints undecidable

75 Summary TN(1) : decidable TN(2) : undecidable DTN(K) : decidable TN(2) open : undecidable TN(K) closed : decidable TN(2) robust : undecidable

76 Future work  Acceleration and Widening  Forward Analysis  Price Timed Networks  Stochastic Variants

Download ppt "Verification of Parameterized Timed Systems Parosh Aziz Abdulla Uppsala University Johann Deneux Pritha Mahata Aletta Nylen."

Similar presentations

Siddharth Srivastava, Shlomo Zilberstein, Neil Immerman University of Massachusetts Amherst Hector Geffner Universitat Pompeu Fabra.

Siddharth Srivastava, Shlomo Zilberstein, Neil Immerman University of Massachusetts Amherst Hector Geffner Universitat Pompeu Fabra.
Tree Regular Model Checking P. Abdulla, B. Jonsson, P. Mahata and J. d’Orso Uppsala University.

Tree Regular Model Checking P. Abdulla, B. Jonsson, P. Mahata and J. d’Orso Uppsala University.
CSE 486/586, Spring 2012 CSE 486/586 Distributed Systems Consensus --- 2 Steve Ko Computer Sciences and Engineering University at Buffalo.

CSE 486/586, Spring 2012 CSE 486/586 Distributed Systems Consensus Steve Ko Computer Sciences and Engineering University at Buffalo.
Equivalence of Extended Symbolic Finite Transducers Presented By: Loris D’Antoni Joint work with: Margus Veanes.

Equivalence of Extended Symbolic Finite Transducers Presented By: Loris D’Antoni Joint work with: Margus Veanes.
Temporal Logic and the NuSMV Model Checker CS 680 Formal Methods Jeremy Johnson.

Temporal Logic and the NuSMV Model Checker CS 680 Formal Methods Jeremy Johnson.
1 Regression-Verification Benny Godlin Ofer Strichman Technion.

1 Regression-Verification Benny Godlin Ofer Strichman Technion.
UPPAAL Introduction Chien-Liang Chen.

UPPAAL Introduction Chien-Liang Chen.
Hybrid System Verification Synchronous Workshop 2003 A New Verification Algorithm for Planar Differential Inclusions Gordon Pace University of Malta December.

Hybrid System Verification Synchronous Workshop 2003 A New Verification Algorithm for Planar Differential Inclusions Gordon Pace University of Malta December.
Hybrid Systems Presented by: Arnab De Anand S. An Intuitive Introduction to Hybrid Systems Discrete program with an analog environment. What does it mean?

Hybrid Systems Presented by: Arnab De Anand S. An Intuitive Introduction to Hybrid Systems Discrete program with an analog environment. What does it mean?
Timed Automata.

Timed Automata.
Keeping a Crowd Safe On the Complexity of Parameterized Verification Javier Esparza Technical University of Munich.

Keeping a Crowd Safe On the Complexity of Parameterized Verification Javier Esparza Technical University of Munich.
Parosh Aziz Abdulla Pritha Mahata Aletta Nyl é n Uppsala University Downward Closed Language Generators.

Parosh Aziz Abdulla Pritha Mahata Aletta Nyl é n Uppsala University Downward Closed Language Generators.
From Monotonic Transition Systems to Monotonic Games Parosh Aziz Abdulla Uppsala University.

From Monotonic Transition Systems to Monotonic Games Parosh Aziz Abdulla Uppsala University.
Forward Analysis of Depth-Bounded Processes Thomas Wies Damien Zufferey Tom Henzinger In FoSSaCS’10.

Forward Analysis of Depth-Bounded Processes Thomas Wies Damien Zufferey Tom Henzinger In FoSSaCS’10.
Robustness and Implementability of Timed Automata Martin De Wulf Laurent Doyen Nicolas Markey Jean-François Raskin Centre Fédéré en Vérification FORMATS-FTRTFT.

Robustness and Implementability of Timed Automata Martin De Wulf Laurent Doyen Nicolas Markey Jean-François Raskin Centre Fédéré en Vérification FORMATS-FTRTFT.
On the Dynamics of PB Systems with Volatile Membranes Giorgio Delzanno* and Laurent Van Begin** * Università di Genova, Italy ** Universitè Libre de Bruxelles,

On the Dynamics of PB Systems with Volatile Membranes Giorgio Delzanno* and Laurent Van Begin** * Università di Genova, Italy ** Universitè Libre de Bruxelles,
PARTIAL-COHERENCE ABSTRACTIONS FOR RELAXED MEMORY MODELS Presented by Michael Kuperstein, Technion Joint work with Martin Vechev, IBM Research and Eran.

PARTIAL-COHERENCE ABSTRACTIONS FOR RELAXED MEMORY MODELS Presented by Michael Kuperstein, Technion Joint work with Martin Vechev, IBM Research and Eran.
Hybrid Approach to Model-Checking of Timed Automata DAT4 Project Proposal Supervisor: Alexandre David.

Hybrid Approach to Model-Checking of Timed Automata DAT4 Project Proposal Supervisor: Alexandre David.
August 27-29 2007Moscow meeting1August 27-29 2007Moscow meeting1August 27-29 2007Moscow meeting11 Deductive tools in insertion modeling verification A.Letichevsky.

August Moscow meeting1August Moscow meeting1August Moscow meeting11 Deductive tools in insertion modeling verification A.Letichevsky.
Regular Model Checking Parosh Aziz Abdulla Uppsala University Cooperation with B. Jonsson, M. Nilsson, J. d’Orso.

Regular Model Checking Parosh Aziz Abdulla Uppsala University Cooperation with B. Jonsson, M. Nilsson, J. d’Orso.

Similar presentations

Ads by Google