modelling and verification 2006
play

Modelling and Verification 2006 Lecture 13 Untimed bisimilarity - PowerPoint PPT Presentation

Equivalence Checking Problems Regions Region Graph Networks of Timed Automata Modelling and Verification 2006 Lecture 13 Untimed bisimilarity Region graph and the reachability problem Networks of timed automata Model checking of timed


  1. Equivalence Checking Problems Regions Region Graph Networks of Timed Automata Modelling and Verification 2006 Lecture 13 Untimed bisimilarity Region graph and the reachability problem Networks of timed automata Model checking of timed automata Lecture 13 Modelling and Verification 2006

  2. � � � � Equivalence Checking Problems Regions Untimed Bisimilarity Region Graph Networks of Timed Automata Example of Timed Non-Bisimilar Automata ���� ���� ���� ���� ���� ���� ���� ���� A A’ x ≤ 1 x ≤ 2 a a ���� ���� ���� ���� x :=0 x :=0 B B’ x ≤ 3 x ≤ 3 a a ���� ���� ���� ���� C C’ Lecture 13 Modelling and Verification 2006

  3. Equivalence Checking Problems Regions Untimed Bisimilarity Region Graph Networks of Timed Automata Untimed Bisimilarity Let A 1 and A 2 be timed automata. Let ǫ be a new (fresh) action. Untimed Bisimilarity We say that A 1 and A 2 are untimed bisimilar iff the transition systems T ( A 1 ) and T ( A 2 ) generated by A 1 and A 2 where every → for d ∈ R ≥ 0 is replaced with d ǫ transition of the form − − → are strongly bisimilar. Remark: a − → for a ∈ N is treated as a visible transition, while d → for d ∈ R ≥ 0 are all labelled by a single visible action ǫ − − → . Corollary Any two timed bisimilar automata are also untimed bisimilar. Lecture 13 Modelling and Verification 2006

  4. Equivalence Checking Problems Regions Untimed Bisimilarity Region Graph Networks of Timed Automata Untimed Bisimilarity Let A 1 and A 2 be timed automata. Let ǫ be a new (fresh) action. Untimed Bisimilarity We say that A 1 and A 2 are untimed bisimilar iff the transition systems T ( A 1 ) and T ( A 2 ) generated by A 1 and A 2 where every → for d ∈ R ≥ 0 is replaced with d ǫ transition of the form − − → are strongly bisimilar. Remark: a − → for a ∈ N is treated as a visible transition, while d → for d ∈ R ≥ 0 are all labelled by a single visible action ǫ − − → . Corollary Any two timed bisimilar automata are also untimed bisimilar. Lecture 13 Modelling and Verification 2006

  5. � � � � Equivalence Checking Problems Regions Untimed Bisimilarity Region Graph Networks of Timed Automata Timed Non-Bisimilar but Untimed Bisimilar Automata ���� ���� ���� ���� ���� ���� ���� ���� A A’ x ≤ 1 x ≤ 2 a a ���� ���� ���� ���� x :=0 x :=0 B B’ x ≤ 3 x ≤ 3 a a ���� ���� ���� ���� C C’ Lecture 13 Modelling and Verification 2006

  6. Equivalence Checking Problems Motivation Regions Intuition Region Graph Clock Equivalence Networks of Timed Automata Automatic Verification of Timed Automata Fact Even very simple timed automata generate timed transition systems with infinitely (even uncountably) many reachable states. Question Is any automatic verification approach (like bisimilarity checking, model checking or reachability analysis) possible at all? Answer Yes, using region graph techniques. Key idea: infinitely many clock valuations can be categorized into finitely many equivalence classes. Lecture 13 Modelling and Verification 2006

  7. Equivalence Checking Problems Motivation Regions Intuition Region Graph Clock Equivalence Networks of Timed Automata Automatic Verification of Timed Automata Fact Even very simple timed automata generate timed transition systems with infinitely (even uncountably) many reachable states. Question Is any automatic verification approach (like bisimilarity checking, model checking or reachability analysis) possible at all? Answer Yes, using region graph techniques. Key idea: infinitely many clock valuations can be categorized into finitely many equivalence classes. Lecture 13 Modelling and Verification 2006

  8. Equivalence Checking Problems Motivation Regions Intuition Region Graph Clock Equivalence Networks of Timed Automata Automatic Verification of Timed Automata Fact Even very simple timed automata generate timed transition systems with infinitely (even uncountably) many reachable states. Question Is any automatic verification approach (like bisimilarity checking, model checking or reachability analysis) possible at all? Answer Yes, using region graph techniques. Key idea: infinitely many clock valuations can be categorized into finitely many equivalence classes. Lecture 13 Modelling and Verification 2006

  9. Equivalence Checking Problems Motivation Regions Intuition Region Graph Clock Equivalence Networks of Timed Automata Preliminaries Let d ∈ R ≥ 0 . Then let ⌊ d ⌋ be the integer part of d , and let frac ( d ) be the fractional part of d . Any d ∈ R ≥ 0 can be now written as d = ⌊ d ⌋ + frac ( d ) . Example: ⌊ 2 . 345 ⌋ = 2 and frac (2 . 345) = 0 . 345. Let A be a timed automaton and x ∈ C be a clock. We define c x ∈ N as the largest constant with which the clock x is ever compared either in the guards or in the invariants present in A . Lecture 13 Modelling and Verification 2006

  10. Equivalence Checking Problems Motivation Regions Intuition Region Graph Clock Equivalence Networks of Timed Automata Preliminaries Let d ∈ R ≥ 0 . Then let ⌊ d ⌋ be the integer part of d , and let frac ( d ) be the fractional part of d . Any d ∈ R ≥ 0 can be now written as d = ⌊ d ⌋ + frac ( d ) . Example: ⌊ 2 . 345 ⌋ = 2 and frac (2 . 345) = 0 . 345. Let A be a timed automaton and x ∈ C be a clock. We define c x ∈ N as the largest constant with which the clock x is ever compared either in the guards or in the invariants present in A . Lecture 13 Modelling and Verification 2006

  11. Equivalence Checking Problems Motivation Regions Intuition Region Graph Clock Equivalence Networks of Timed Automata Intuition Let v , v ′ : C → R ≥ 0 be clock valuations. Let ∼ denote untimed bisimilarity of timed transition systems. Our Aim Define an equivalence relation ≡ over clock valuations such that 1 v ≡ v ′ implies ( ℓ, v ) ∼ ( ℓ, v ′ ) for any location ℓ 2 ≡ has only finitely many equivalence classes. Lecture 13 Modelling and Verification 2006

  12. Equivalence Checking Problems Motivation Regions Intuition Region Graph Clock Equivalence Networks of Timed Automata Clock (Region) Equivalence Equivalence Relation on Clock Valuations Clock valuations v and v ′ are equivalent ( v ≡ v ′ ) iff Lecture 13 Modelling and Verification 2006

  13. Equivalence Checking Problems Motivation Regions Intuition Region Graph Clock Equivalence Networks of Timed Automata Clock (Region) Equivalence Equivalence Relation on Clock Valuations Clock valuations v and v ′ are equivalent ( v ≡ v ′ ) iff 1 for all x ∈ C such that v ( x ) ≤ c x or v ′ ( x ) ≤ c x we have ⌊ v ( x ) ⌋ = ⌊ v ′ ( x ) ⌋ Lecture 13 Modelling and Verification 2006

  14. Equivalence Checking Problems Motivation Regions Intuition Region Graph Clock Equivalence Networks of Timed Automata Clock (Region) Equivalence Equivalence Relation on Clock Valuations Clock valuations v and v ′ are equivalent ( v ≡ v ′ ) iff 1 for all x ∈ C such that v ( x ) ≤ c x or v ′ ( x ) ≤ c x we have ⌊ v ( x ) ⌋ = ⌊ v ′ ( x ) ⌋ 2 for all x ∈ C such that v ( x ) ≤ c x we have frac ( v ′ ( x )) = 0 frac ( v ( x )) = 0 iff Lecture 13 Modelling and Verification 2006

  15. Equivalence Checking Problems Motivation Regions Intuition Region Graph Clock Equivalence Networks of Timed Automata Clock (Region) Equivalence Equivalence Relation on Clock Valuations Clock valuations v and v ′ are equivalent ( v ≡ v ′ ) iff 1 for all x ∈ C such that v ( x ) ≤ c x or v ′ ( x ) ≤ c x we have ⌊ v ( x ) ⌋ = ⌊ v ′ ( x ) ⌋ 2 for all x ∈ C such that v ( x ) ≤ c x we have frac ( v ′ ( x )) = 0 frac ( v ( x )) = 0 iff 3 for all x , y ∈ C such that v ( x ) ≤ c x and v ( y ) ≤ c y we have frac ( v ′ ( x )) ≤ frac ( v ′ ( y )) frac ( v ( x )) ≤ frac ( v ( y )) iff Lecture 13 Modelling and Verification 2006

  16. Equivalence Checking Problems Motivation Regions Intuition Region Graph Clock Equivalence Networks of Timed Automata Regions Let v be a clock valuation. The ≡ -equivalence class represented by v is denoted by [ v ] and defined by [ v ] = { v ′ | v ′ ≡ v } . Definition of a Region An ≡ -equivalence class [ v ] represented by some clock valuation v is called a region. Theorem For every location ℓ and any two valuations v and v ′ from the same region ( v ≡ v ′ ) it holds that ( ℓ, v ) ∼ ( ℓ, v ′ ) where ∼ stands for untimed bisimilarity. Lecture 13 Modelling and Verification 2006

  17. Equivalence Checking Problems Motivation Regions Intuition Region Graph Clock Equivalence Networks of Timed Automata Regions Let v be a clock valuation. The ≡ -equivalence class represented by v is denoted by [ v ] and defined by [ v ] = { v ′ | v ′ ≡ v } . Definition of a Region An ≡ -equivalence class [ v ] represented by some clock valuation v is called a region. Theorem For every location ℓ and any two valuations v and v ′ from the same region ( v ≡ v ′ ) it holds that ( ℓ, v ) ∼ ( ℓ, v ′ ) where ∼ stands for untimed bisimilarity. Lecture 13 Modelling and Verification 2006

Recommend


More recommend