Automata for Real-time Systems B. Srivathsan Chennai Mathematical - PowerPoint PPT Presentation

Automata for Real-time Systems B. Srivathsan Chennai Mathematical Institute 1/35

Overview 2/35

Automata ( Finite State Machines ) are good abstractions of many real systems hardware circuits, communication protocols, biological processes, . . . 3/35

Automata can model many properties of systems request response every request is followed by a response 4/35

System Property Automaton A Automaton B 5/35

System Property Automaton A Automaton B Does system satisfy property? 5/35

System Property Automaton A Automaton B L ( A ) ⊆ L ( B )? Does system satisfy property? 5/35

Model-checking System Property Automaton A Automaton B L ( A ) ⊆ L ( B )? Does system satisfy property? 5/35

In practice... Huge system Property 6/35

In practice... Huge system Property Higher-level description Higher-level description 6/35

In practice... Huge system Property Higher-level description Higher-level description translation translation Automaton A Automaton B Model-Checker L ( A ) ⊆ L ( B )? 6/35

In practice... Huge system Property Higher-level description Higher-level description translation translation Automaton A Automaton B Model-Checker L ( A ) ⊆ L ( B )? Some model-checkers: SMV, NuSMV, SPIN, . . . 6/35

In practice... Huge system Property Higher-level description Higher-level description translation translation Automaton A Automaton B Model-Checker L ( A ) ⊆ L ( B )? Some model-checkers: SMV, NuSMV, SPIN, . . . Turing Awards: Clarke, Emerson, Sifakis and Pnueli 6/35

Automata are good abstractions of many real systems 7/35

Automata are good abstractions of many real systems Our course: Automata for real-time systems Picture credits: F. Herbreteau pacemaker, vehicle control systems, air traffic controllers, . . . 7/35

Timed Automata R. Alur and D. Dill in early 90s 8/35

Timed Automata R. Alur and D. Dill in early 90s Some model-checkers: UPPAAL, KRONOS, RED, . . . 8/35

Goals of our course Study language theoretic and algorithmic properties of timed automata 9/35

Lecture 7: Timed languages and timed automata 10/35

: alphabet { a , b } Σ Σ ∗ : { ε, a , b , aa , ab , ba , bb , aab , . . . } words L ⊆ Σ ∗ : language property over words L 1 := {set of words starting with an “ a ”} { a , aa , ab , aaa , aab , . . . } L 2 := {set of words with a non-zero even length } { aa , bb , ab , ba , abab , aaaa , . . . } 11/35

: alphabet { a , b } Σ Σ ∗ : { ε, a , b , aa , ab , ba , bb , aab , . . . } words L ⊆ Σ ∗ : language property over words L 1 := {set of words starting with an “ a ”} { a , aa , ab , aaa , aab , . . . } L 2 := {set of words with a non-zero even length } { aa , bb , ab , ba , abab , aaaa , . . . } Finite automata, pushdown automata, Turing machines, . . . 11/35

Σ : alphabet { a , b } T Σ ∗ : timed words a a a b b π 0 0 . 8 2 . 5 0 203 312 . 3 ( aa ; 0 . 8 , 2 . 5 ) ( abb ; π, 203 , 312 . 3 ) 12/35

Σ : alphabet { a , b } T Σ ∗ : timed words a a a b b π 0 0 . 8 2 . 5 0 203 312 . 3 ( aa ; 0 . 8 , 2 . 5 ) ( abb ; π, 203 , 312 . 3 ) ( w , τ ) Time sequence Word w = a 1 . . . a n τ = τ 1 . . . τ n a i ∈ Σ τ i ∈ R ≥ 0 τ 1 ≤ · · · ≤ τ n 12/35

L ⊆ T Σ ∗ Timed language : property over timed words L 1 := { ( ab ( a + b ) ∗ , τ ) | τ 2 − τ 1 = 1 } a ab b a a b b b b 0 1 2 0 10 11 0 10 11 L 2 := { ( w , τ ) | τ i + 1 − τ i ≥ 2 for all i < | w |} a b a a b a 0 1 . 2 3 . 5 6 0 10 12 0 100 13/35

L ⊆ T Σ ∗ Timed language : property over timed words L 1 := { ( ab ( a + b ) ∗ , τ ) | τ 2 − τ 1 = 1 } a ab b a a b b b b 0 1 2 0 10 11 0 10 11 L 2 := { ( w , τ ) | τ i + 1 − τ i ≥ 2 for all i < | w |} a b a a b a 0 1 . 2 3 . 5 6 0 10 12 0 100 Timed automata 13/35

Timed automaton: Finite automaton + Finite no. of Clocks Clock time 0 14/35

Timed automaton: Finite automaton + Finite no. of Clocks Clock time 0 { ( ab ( a + b ) ∗ , τ ) | τ 2 ≤ 2 } a b q 0 q 1 q 2 a , b 14/35

Timed automaton: Finite automaton + Finite no. of Clocks Clock time 0 { ( ab ( a + b ) ∗ , τ ) | τ 2 ≤ 2 } a x ≤ 2, b q 0 q 1 q 2 a , b 14/35

Timed automaton: Finite automaton + Finite no. of Clocks Clock time 0 { ( ab ( a + b ) ∗ , τ ) | τ 2 ≤ 2 } a x ≤ 2, b q 0 q 1 q 2 a , b b b b b a a 0 1 2 0 1 2 × q 0 q 1 q 2 q 0 q 1 accept reject 14/35

Timed automaton: Finite automaton + Finite no. of Clocks Clock Guards φ := x ≤ c | x ≥ c | ¬ φ | φ ∧ φ x ∈ Clocks , c ∈ Q ≥ 0 time 0 { ( ab ( a + b ) ∗ , τ ) | τ 2 ≤ 2 } a x ≤ 2, b q 0 q 1 q 2 a , b b b b b a a 0 1 2 0 1 2 × q 0 q 1 q 2 q 0 q 1 accept reject 14/35

Timed automaton: Finite automaton + Finite no. of Clocks Clock Guards φ := x ≤ c | x ≥ c | ¬ φ | φ ∧ φ x ∈ Clocks , c ∈ Q ≥ 0 time 0 { ( ab ( a + b ) ∗ , τ ) | τ 2 − τ 1 ≤ 2 } a x ≤ 2, b q 0 q 1 q 2 a , b 14/35

Timed automaton: Finite automaton + Finite no. of Clocks Clock Guards φ := x ≤ c | x ≥ c | ¬ φ | φ ∧ φ x ∈ Clocks , c ∈ Q ≥ 0 Resets time 0 { ( ab ( a + b ) ∗ , τ ) | τ 2 − τ 1 ≤ 2 } a x ≤ 2, b q 0 q 1 q 2 a , b { x } 14/35

Timed automaton: Finite automaton + Finite no. of Clocks Clock Guards φ := x ≤ c | x ≥ c | ¬ φ | φ ∧ φ x ∈ Clocks , c ∈ Q ≥ 0 Resets time 0 { ( ab ( a + b ) ∗ , τ ) | τ 2 − τ 1 ≤ 2 } a x ≤ 2, b q 0 q 1 q 2 a , b { x } b b bb a a 0 1 2 0 . 5 1 2 2 . 5 × q 0 q 1 q 2 q 0 q 1 x ≤ 2 x : 0 x : 0 x > 2 accept reject 14/35

L 3 := { ( a k , τ ) | k > 0 , τ i = i for all i ≤ k } An “ a ” occurs in every integer from 1 , . . . , k a a a a a 0 1 2 3 4 5 15/35

L 3 := { ( a k , τ ) | k > 0 , τ i = i for all i ≤ k } An “ a ” occurs in every integer from 1 , . . . , k a a a a a 0 1 2 3 4 5 x = 1 , a x = 1 , a q 0 q 1 { x } { x } 15/35

L 4 := { ( a k , τ ) | exist i , j s.t. τ j − τ i = 1 } There are 2 “ a ”s which are at distance 1 apart a a a a a a a t t + 1 0 16/35

L 4 := { ( a k , τ ) | exist i , j s.t. τ j − τ i = 1 } There are 2 “ a ”s which are at distance 1 apart a a a a a a a t t + 1 0 a a a a x = 1 , a q 0 q 1 q 2 { x } 16/35

Three mechanisms to exploit: ◮ Reset: to start measuring time ◮ Guard: to impose time constraint on action ◮ Non-determinism: for existential time constraints 17/35

s 2 A = ( Q , Σ , X , T , Q 0 , F ) c , ( x < 1 ) T ⊆ Q × Σ × guard × reset × Q b , ( y = 1 ) c , ( x < 1 ) a , { y } s 0 s 1 s 3 d , ( x > 1 ) a , ( y < 1 ) , { y } 18/35

s 2 A = ( Q , Σ , X , T , Q 0 , F ) ( ac ; 0 . 4 , 0 . 9 ) c , ( x < 1 ) T ⊆ Q × Σ × guard × reset × Q b , ( y = 1 ) c , ( x < 1 ) a , { y } s 0 s 1 s 3 d , ( x > 1 ) a , ( y < 1 ) , { y } s 0 s 0 s 1 s 1 s 3 0 . 4 a 0 . 5 c x 0 0 . 4 0 . 4 0 . 9 0 . 9 y 0 0 . 4 0 0 . 5 0 . 5 18/35

s 2 A = ( Q , Σ , X , T , Q 0 , F ) ( ac ; 0 . 4 , 0 . 9 ) c , ( x < 1 ) T ⊆ Q × Σ × guard × reset × Q b , ( y = 1 ) c , ( x < 1 ) a , { y } s 0 s 1 s 3 d , ( x > 1 ) a , ( y < 1 ) , { y } s 0 s 0 s 1 s 1 s 3 0 . 4 a 0 . 5 c x 0 0 . 4 0 . 4 0 . 9 0 . 9 y 0 0 . 4 0 0 . 5 0 . 5 Run of A over ( a 1 a 2 . . . a k ; τ 1 τ 2 . . . τ k ) δ i := τ i − τ i − 1 ; τ 0 := 0 δ 1 a 1 δ 2 a k ( q 0 , v 0 ) → ( q 0 , v 0 + δ 1 ) → ( q 1 , v 1 ) → ( q 1 , v 1 + δ 2 ) · · · → ( q k , v k ) − − − − − − − − ( w , τ ) ∈ L ( A ) if A has an accepting run over ( w , τ ) 18/35

L 5 := { ( abcd . Σ ∗ , τ ) | τ 3 − τ 1 ≤ 2 and τ 4 − τ 2 ≥ 5 } Interleaving distances a b c d 0 1 2 3 4 5 6 7 19/35

L 5 := { ( abcd . Σ ∗ , τ ) | τ 3 − τ 1 ≤ 2 and τ 4 − τ 2 ≥ 5 } Interleaving distances a b c d 0 1 2 3 4 5 6 7 Σ a x ≤ 2 , c y ≥ 5 , d b q 0 q 1 q 2 q 3 q 4 { x } { y } 19/35

n interleavings ⇒ need n clocks n + 1 clocks more expressive than n clocks 20/35

Timed automata Runs 1 clock < 2 clocks < . . . 21/35

L 6 := { ( a k , τ ) | τ i is some integer for each i } a a a 0 1 2 3 4 5 6 7 22/35

L 6 := { ( a k , τ ) | τ i is some integer for each i } a a a 0 1 2 3 4 5 6 7 Claim: No timed automaton can accept L 6 22/35

Step 1: Suppose L 6 = L ( A ) Let c max be the maximum constant appearing in a guard of A 23/35

Step 1: Suppose L 6 = L ( A ) Let c max be the maximum constant appearing in a guard of A Step 2: For a clock x , x = ⌈ c max ⌉ + 1 and x = ⌈ c max ⌉ + 1 . 1 satisfy the same guards 23/35

Step 1: Suppose L 6 = L ( A ) Let c max be the maximum constant appearing in a guard of A Step 2: For a clock x , x = ⌈ c max ⌉ + 1 and x = ⌈ c max ⌉ + 1 . 1 satisfy the same guards Step 3: ( a ; ⌈ c max ⌉ + 1 ) ∈ L 6 and so A has an accepting run δ = ⌈ c max ⌉ + 1 a ( q 0 , v 0 ) − − − − − − − − − → ( q 0 , v 0 + δ ) − → ( q F , v F ) 23/35