How the Timed Automaton Lost its Tail (and Clocks) Oded Maler - PowerPoint PPT Presentation

How the Timed Automaton Lost its Tail (and Clocks) Oded Maler Joint work with Jean-Francois Kempf and Marius Bozga CNRS - VERIMAG Grenoble, France FORMATS Aalborg 2011

Returning to the Scene of the Crime ◮ I am happy to present this work in Aalborg where it started two years ago by discussions with Kim Larsen ◮ Initial goal was to do timing analysis by statistical methods on duration probabilistic automata ◮ But then we had some ideas to compute probabilities using density transformers , extensions of the zone transformers used in the verification of timed automata: ◮ OM, Kim Larsen and Bruce Krogh : On Zone-Based Analysis of Duration Probabilistic Automata , Infinity 2010 ◮ Similar to Vicario et al. and Alur and Bernadsky ◮ The present clock-free work is a byproduct of trying to implement the ideas ◮ Let us start with an intuitive introduction to the context

Processes that Take Time ◮ Processes that take some time to conclude after having started, for example: ◮ Propagation delay between send and receive ◮ Execution time of a program ◮ Duration of a step in a manufacturing process ◮ Mathematically they are simple timed automata: start φ ( x ) x := 0 end p p p ◮ A waiting state p ; a start transition which resets a clock x to measure time elapsed in active state p ◮ An end transition guarded by a temporal condition φ ( x ) ◮ Condition φ can be true (no constraint), x = d (deterministic), x ∈ [ a , b ] (non-deterministic) or probabilistic

Composition ◮ Such processes can be combined: ◮ Sequentially to represent precedence relations between tasks, for example p precedes q : start φ ( x ) x := 0 end p p p start φ ( x ) start φ ( x ) x := 0 end x := 0 end p p q q p start φ ( x ) x := 0 end q q q ◮ In parallel to express partially-independent processes, sometimes competing with each other [ c 1 , d 1 ] [ c 2 , d 2 ] [ c 3 , d 3 ] ¯ 1 2 2 3 E 1 [ a 1 , b 1 ] ¯ 2

Levels of Abstraction: Untimed ◮ Untimed (asynchronous) approach: ◮ Each process may take between zero and infinity time ◮ Consequently any interleaving in ( a · b ) || c is possible a b a b c c c c a b

Levels of Abstraction: Timed ◮ Timed automata and similar formalisms assume a lower and (finite) upper bound for the duration of each step x a ∈ [ 2 , 4 ] / a x b ∈ [ 6 , 20 ] / b x a ∈ [ 2 , 4 ] / a x b ∈ [ 6 , 20 ] / b x c ∈ [ 6 , 9 ] / c x c ∈ [ 6 , 9 ] / c x c ∈ [ 6 , 9 ] / c x c ∈ [ 6 , 9 ] / c x a ∈ [ 2 , 4 ] / a x b ∈ [ 6 , 20 ] / b ◮ The arithmetics of time eliminates some paths: ◮ Since 4 < 6, a must precede c and the set of possible paths is reduced to a · ( b || c ) = abc + acb ◮ But how likely is abc to occur?

Levels of Abstraction: Timed ◮ But how likely is abc to occur? x a ∈ [ 2 , 4 ] / a x b ∈ [ 6 , 20 ] / b x a ∈ [ 2 , 4 ] / a x b ∈ [ 6 , 20 ] / b x c ∈ [ 6 , 9 ] / c x c ∈ [ 6 , 9 ] / c x c ∈ [ 6 , 9 ] / c x c ∈ [ 6 , 9 ] / c x a ∈ [ 2 , 4 ] / a x b ∈ [ 6 , 20 ] / b ◮ The durations of the steps is a vector ( y a , y b , y c ) ∈ Y = [ 2 , 4 ] × [ 6 , 20 ] × [ 6 , 9 ] ◮ Event b precedes c only when y a + y b < y c ◮ Since y a + y b ranges in [ 8 , 24 ] and y c ∈ [ 6 , 9 ] , it is less likely than c preceding b

Probabilistic Interpretation of Timing Uncertainty ◮ Interpreting temporal guards probabilistically as uniform distribution over [ a , b ] gives precise quantitative meaning to this intuition ◮ Using this model we can compute probabilities of paths as volumes in the duration space ◮ We can discard low-probability paths, compute expected performance of schedulers, etc. ◮ This talk explains how to do it gradually 1. A single sequential process 2. Multiple independent processes 3. Processes executing under scheduler coordination

Sequential Stochastic Processes I ◮ S = P 1 || · · · || P n of n sequential stochastic processes ◮ A process is a sequence of steps with probabilistic duration ◮ A step cannot start before its predecessor terminates ◮ Two scenarios: ◮ Independent executions ◮ Coordinated execution: resource conflicts on some steps, resolved by a scheduler that guarantees mutual exclusion ◮ We want to compare the (expected) performance of scheduling policies for the second scenario ◮ We start with the first for didactic reasons

Bounded Uniform Distributions ◮ A uniform distribution inside an interval I = [ a , b ] is characterized by a density ψ defined as � 1 / ( b − a ) if a ≤ y < b ψ ( y ) = 0 otherwise b a a b ◮ Or in terms of distribution:  0 if y < a � y  F ( y ) = ψ ( τ ) d τ = ( y − a ) / ( b − a ) if a ≤ y ≤ b 0 1 if b ≤ y 

Sequential Stochastic Processes II ◮ A sequential stochastic process: P = ( I , Ψ) : ◮ I = { I j } j ∈ K where I j = [ a j , b j ] is the interval of possible durations of step P j ◮ Ψ = { ψ j } j ∈ K is a sequence of densities with each ψ j uniform over I j ◮ We consider finite acyclic processes with K = { 1 , . . . , k } ◮ Automaton view: e 1 e 2 e k · · · q 1 q 2 q k y j := ψ j e j − 1 x = y j q j x := 0 e j

Duration Space ◮ A finite sequence of independent uniform random variables { y j } j ∈ K ranging over a duration space D , consisting of vectors y = ( y 1 , . . . , y k ) ∈ D = I 1 × · · · × I k ⊆ R k with density ψ ( y 1 , . . . , y k ) = ψ 1 ( y 1 ) · · · ψ k ( y k ) ◮ A point y ∈ D induces a unique behavior of the system ξ y = y 1 e 1 y 2 e 2 · · · y k e k where y j ∈ I j is the duration of step P j and e j is the termination event

Volume and Probability ◮ The timed language of the process L = { ξ y : y ∈ D } ◮ The untimed (qualitative) language L = { e 1 e 2 · · · e k } ◮ The probability of any subset of L is the relative volume of the subset of D that generates it ◮ For example, the probability to terminate before deadline r : ◮ The volume of D ∧ ( y 1 + · · · + y k < r ) divided by the volume of D b 2 y 1 + y 2 < r a 2 a 1 b 1

From Durations to Time Stamps ◮ A timed word ξ y = y 1 e 1 y 2 e 2 · · · y k e k can be written as a sequence of time-stamped events ξ t = ( e 1 , t 1 ) , ( e 2 , t 2 ) , . . . , ( e k , t k ) t j = y 1 + · · · + y j is the absolute time of e j ◮ where y j = t j − t j − 1 ◮ A coordinate transformations t = Ty and y = T ′ t between the duration space D and the time-stamp space C     1 0 0 1 0 0 T ′ = T = 1 1 0 − 1 1 0     1 1 1 0 − 1 1 ◮ These transformations preserve volume. We do our calculations on the time-stamp space C which is a zone defined by � ϕ C : a j ≤ t j − t j − 1 ≤ b j j ∈ K

Processes in Parallel ◮ Consider n processes S = P 1 || · · · || P n = { ( I i , Ψ i ) } n i = 1 ◮ Notations: P i j (step j of process i ), I i j = [ a i j , b i j ] and ψ i j ◮ All processes have the same number k of steps ◮ Event alphabet Σ = { e 1 1 , e 1 2 , . . . , e n k − 1 , e n k } ◮ A global behavior corresponds to a point in the global duration space n k � � y = ( y 1 1 , y 1 2 , . . . , y n k − 1 , y n I i j ⊂ R nk k ) ∈ D = i = 1 j = 1 or equivalently to a point t in the time-stamp space t = ( t 1 1 , t 1 2 , . . . , t n k − 1 , t n k ) ∈ C = T D where T is a block diagonal matrix.

Global Behaviors ◮ Merging local behaviors L = L 1 || · · · || L n e 1 e 1 e 1 1 2 3 P 1 e 2 e 2 e 2 P 2 3 1 2 e 3 e 3 e 3 P 3 1 2 3 P e 1 e 2 e 2 e 3 e 3 e 1 e 1 e 2 e 3 1 1 2 1 2 2 3 3 3 w = e 1 1 e 2 1 e 2 2 e 3 1 e 2 3 e 1 2 e 1 3 e 3 2 e 3 3 ◮ Qualitative behavior: equivalence class of all timed behaviors with the same order of events ◮ All potentially possible behaviors are part of the shuffle (interleavings) of the local languages L = L 1 || · · · || L n

Automaton View ◮ A qualitative behavior is the set of all runs that go through the same path in the global (product) automaton e 2 e 2 e 2 q 2 q 2 1 q 2 2 3 1 3 2 q 1 1 e 1 e 1 1 1 e 2 e 2 q 1 1 2 2 e 1 e 1 2 2 e 2 q 1 3 3 e 1 e 1 3 3 w = e 1 1 e 2 1 e 2 2 e 3 1 e 2 3 e 1 2 e 1 3 e 3 2 e 3 3

Races e 2 e 2 e 2 q 2 q 2 q 2 1 2 3 1 3 2 q 1 1 e 1 e 1 1 1 q 1 e 2 e 2 1 2 2 e 1 e 1 2 2 x 2 = y 2 2 e 2 e 2 q 1 q 1 3 , q 2 2 3 3 2 x 1 = y 1 3 e 1 e 1 e 1 3 3 3 ◮ In state ( q 1 3 , q 2 2 ) there is a race between e 1 3 and e 2 2 ◮ The winner depends on which termination condition (transition guard) is satisfied first ◮ Which reduces to the relation between t 1 3 and t 2 2

Probability of Qualitative Behavior ◮ We formulate the following question: ◮ Compute the probability of a qualitative behavior w , ie the probability that events occur in a particular order ◮ Two-stage solution: characterize the subset Z w of the time-stamp space C that yields w ◮ Compute the volume of this subset divided by the volume of C ◮ This will be expressed by a constraint ϕ C ∧ ϕ w with � � a i j ≤ t i j − t i j − 1 ≤ b i ϕ C : j i ∈ N j ∈ K