Lecture 16: The Universality Problem for TBA 2014-07-29 Dr. Bernd - PowerPoint PPT Presentation

Real-Time Systems Lecture 16: The Universality Problem for TBA 2014-07-29 Dr. Bernd Westphal – 16 – 2014-07-29 – main – Albert-Ludwigs-Universit¨ at Freiburg, Germany

Contents & Goals Last Lecture: • Extended Timed Automata Cont’d • A Fragment of TCTL • Testable DC Formulae This Lecture: • Educational Objectives: Capabilities for following tasks/questions. • Are all DC formulae testable? • What’s a TBA and what’s the difference to (extended) TA? • What’s undecidable for timed (B¨ uchi) automata? Idea of the proof? • Content: – 16 – 2014-07-29 – Sprelim – • An untestable DC formula. • Timed B¨ uchi Automata and timed regular languages [Alur and Dill, 1994]. • The Universality Problem is undecidable for TBA [Alur and Dill, 1994] • Why this is unfortunate. • Timed regular languages are not everything. 2 /37

Untestable DC Formulae – 16 – 2014-07-29 – main – 3 /37

Recall: Testability Definition 6.1. A DC formula F is called testable if an observer (or test automaton (or monitor)) A F exists such that for all net- works N = C ( A 1 , . . . , A n ) it holds that C ( A ′ 1 , . . . , A ′ N | n , A F ) | = ∀ � ¬ ( A F .q bad ) = F iff Otherwise it’s called untestable . Proposition 6.3. There exist untestable DC formulae. – 16 – 2014-07-29 – Sdctest – Theorem 6.4. DC implementables are testable. 4 /37

Untestable DC Formulae A ¬ A A [0 , 1] ¬ B B B 1 ¬ C C C “Whenever we observe a change from A to ¬ A at time t A , the system has to produce a change from B to ¬ B at some time t B ∈ [ t A , t A + 1] and a change from C to ¬ C at time t B + 1 . Sketch of Proof : Assume there is A F such that, for all networks N , we have – 16 – 2014-07-29 – Sdctest – C ( A ′ 1 , . . . , A ′ N | n , A F ) | = ∀ � ¬ ( A F .q bad ) = F iff Assume the number of clocks in A F is n ∈ N 0 . 5 /37

Untestable DC Formulae Cont’d Consider the following time points: • t A := 1 2 i − 1 • t i B := t A + 2( n +1) for i = 1 , . . . , n + 1 � � 1 1 • t i t i 4( n +1) , t i C ∈ B + 1 − B + 1 + for i = 1 , . . . , n + 1 4( n +1) with t i C − t i B � = 1 for 1 ≤ i ≤ n + 1 . Example : n = 3 1 A I 0 – 16 – 2014-07-29 – Sdctest – 1 B I 0 1 C I 0 Time t 1 t 2 t 3 t 4 t 1 t 2 t 3 t 4 0 1 2 3 B B B B C C C C 6 /37

A ¬ A Untestable DC Formulae Cont’d A [0 , 1] B ¬ B B 1 ¬ C C Example : n = 3 C 1 A I 0 1 B I 0 1 C I 0 Time t 1 t 2 t 3 t 4 t 1 t 2 t 3 t 4 0 1 2 3 B B B B C C C C • The shown interpretation I satisfies assumption of property. • It has n + 1 candidates to satisfy commitment . – 16 – 2014-07-29 – Sdctest – • By choice of t i C , the commitment is not satisfied; so F not satisfied. • Because A F is a test automaton for F , is has a computation path to q bad . • Because n = 3 , A F can not save all n + 1 time points t i B . • Thus there is 1 ≤ i 0 ≤ n such that all clocks of A F have a valuation which is not in 2 − t i 0 1 1 B + ( − 4( n +1) , 4( n +1) ) 7 /37

A ¬ A Untestable DC Formulae Cont’d A [0 , 1] B ¬ B B 1 ¬ C C Example : n = 3 C 1 A I 0 1 B I 0 1 C I 0 Time t 1 t 2 t 3 t 4 t 1 t 2 t 3 t 4 0 1 2 3 B B B B C C C C • Because A F is a test automaton for F , is has a computation path to q bad . • Thus there is 1 ≤ i 0 ≤ n such that all clocks of A F have a valuation which is not – 16 – 2014-07-29 – Sdctest – in 2 − t i 0 1 1 B + ( − 4( n +1) , 4( n +1) ) • Modify the computation to I ′ such that t i 0 C := t i 0 B + 1 . • Then I ′ | = F , but A F reaches q bad via the same path. • That is: A F claims I ′ �| = F . • Thus A F is not a test automaton. Contradiction . 8 /37

Timed Büchi Automata [Alur and Dill, 1994] – 16 – 2014-07-29 – main – 9 /37

. . . vs. Timed Automata press ? a s 0 s 2 x := 0 a a , x := 0 b, x < 2 b press ? press ? off light bright x ≤ 3 x := 0 s 1 s 3 press ? x > 3 New: Given a timed word ( a, 1) , ( b, 2) , ( a, 3) , ( b, 4) , ( a, 5) , ( b, 6) , . . ., 1 ξ = � off , 0 � , 0 − → � off , 1 � , 1 press ? 3 does A accept it? − − − − → � light , 0 � , 1 → � light , 3 � , 4 − press ? .. − − − − → � bright , 3 � , 4 − → . . . New: acceptance criterion is visiting accepting state infinitely often . ξ is a computation path and run of A . – 16 – 2014-07-29 – Stba – 10 /37

Timed Languages Definition. A time sequence τ = τ 1 , τ 2 , . . . is an infinite sequence of time values τ i ∈ R + 0 , satisfying the following constraints: (i) Monotonicity : τ increases strictly monotonically, i.e. τ i < τ i +1 for all i ≥ 1 . (ii) Progress : For every t ∈ R + 0 , there is some i ≥ 1 such that τ i > t . Definition. A timed word over an alphabet Σ is a pair ( σ, τ ) where • σ = σ 1 , σ 2 , · · · ∈ Σ ω is an infinite word over Σ , and • τ is a time sequence. – 16 – 2014-07-29 – Stba – Definition. A timed language over an alphabet Σ is a set of timed words over Σ . 11 /37

Example: Timed Language Timed word over alphabet Σ : a pair ( σ, τ ) where • σ = σ 1 , σ 2 , . . . is an infinite word over Σ , and • τ is a time sequence (strictly (!) monotonic, non-Zeno). L crt = { (( ab ) ω , τ ) | ∃ i ∀ j ≥ i : ( τ 2 j < τ 2 j − 1 + 2) } – 16 – 2014-07-29 – Stba – 12 /37

Timed Büchi Automata Definition. The set Φ( X ) of clock constraints over X is defined inductively by δ ::= x ≤ c | c ≤ x | ¬ δ | δ 1 ∧ δ 2 where x ∈ X and c ∈ Q is a rational constant. Definition. uchi automaton (TBA) A is a tuple A timed B¨ (Σ , S, S 0 , X, E, F ) , where • Σ is an alphabet, • S is a finite set of states, S 0 ⊆ S is a set of start states, • X is a finite set of clocks, and • E ⊆ S × S × Σ × 2 X × Φ( X ) gives the set of transitions. – 16 – 2014-07-29 – Stba – An edge ( s, s ′ , a, λ, δ ) represents a transition from state s to state s ′ on input symbol a . The set λ ⊆ X gives the clocks to be reset with this transition, and δ is a clock constraint over X . • F ⊆ S is a set of accepting states . 13 /37

Example: TBA A = (Σ , S, S 0 , X, E, F ) ( s, s ′ , a, λ, δ ) ∈ E b, x < 2 b a s 1 s 0 s 2 s 3 x := 0 a a , x := 0 – 16 – 2014-07-29 – Stba – 14 /37

(Accepting) TBA Runs Definition. A run r , denoted by (¯ s, ¯ ν ) , of a TBA (Σ , S, S 0 , X, E, F ) over a timed word ( σ, τ ) is an infinite sequence of the form σ 1 σ 2 σ 3 r : � s 0 , ν 0 � − τ 1 � s 1 , ν 1 � → − τ 2 � s 2 , ν 2 � → − → τ 3 . . . with s i ∈ S and ν i : X → R + 0 , satisfying the following requirements: • Initiation : s 0 ∈ S 0 and ν ( x ) = 0 for all x ∈ X . • Consecution : for all i ≥ 1 , there is an edge in E of the form ( s i − 1 , s i , σ i , λ i , δ i ) such that • ( ν i − 1 + ( τ i − τ i − 1 )) satisfies δ i and • ν i = ( ν i − 1 + ( τ i − τ i − 1 ))[ λ i := 0] . The set inf ( r ) ⊆ S consists of those states s ∈ S such that s = s i for – 16 – 2014-07-29 – Stba – infinitely many i ≥ 0 . Definition. A run r = (¯ s, ¯ ν ) of a TBA over timed word ( σ, τ ) is called (an) accepting (run) if and only if inf ( r ) ∩ F � = ∅ . 15 /37

Example: (Accepting) Runs σ 1 σ 2 σ 3 r : � s 0 , ν 0 � − τ 1 � s 1 , ν 1 � → − τ 2 � s 2 , ν 2 � → − τ 3 . . . initial and ( s i − 1 , s i , σ i , λ i , δ i ) ∈ E , s.t. → ( ν i − 1 +( τ i − τ i − 1 )) | = δ i , ν i = ( ν i − 1 +( τ i − τ i − 1 ))[ λ i := 0] . Accepting iff inf ( r ) ∩ F � = ∅ . b, x < 2 b a s 1 s 0 s 2 s 3 x := 0 a a , x := 0 Timed word : ( a, 1) , ( b, 2) , ( a, 3) , ( b, 4) , ( a, 5) , ( b, 6) , . . . • Can we construct any run ? Is it accepting? • Can we construct a non-run ? – 16 – 2014-07-29 – Stba – • Can we construct a (non-)accepting run ? 16 /37

The Language of a TBA Definition. For a TBA A , the language L ( A ) of timed words it accepts is defined to be the set { ( σ, τ ) | A has an accepting run over ( σ, τ ) } . For short: L ( A ) is the language of A . Definition. A timed language L is a timed regular language if and only if L = L ( A ) for some TBA A . – 16 – 2014-07-29 – Stba – 17 /37

Example: Language of a TBA L ( A ) = { ( σ, τ ) | A has an accepting run over ( σ, τ ) } . b, x < 2 b a s 1 s 0 s 2 s 3 x := 0 a a , x := 0 Claim : L ( A ) = L crt (= { (( ab ) ω , τ ) | ∃ i ∀ j ≥ i : ( τ 2 j < τ 2 j − 1 + 2) } ) – 16 – 2014-07-29 – Stba – Question : Is L crt timed regular or not? 18 /37

The Universality Problem is Undecidable for TBA [Alur and Dill, 1994] – 16 – 2014-07-29 – main – 19 /37

The Universality Problem • Given: A TBA A over alphabet Σ . • Question: Does A accept all timed words over Σ ? In other words: Is L ( A ) = { ( σ, τ ) | σ ∈ Σ ω , τ time sequence } . – 16 – 2014-07-29 – Suniv – 20 /37