on interleaving in timed automata
play

On Interleaving in Timed Automata Oded Maler, Marius Bozga, Ramzi - PowerPoint PPT Presentation

On Interleaving in Timed Automata Oded Maler, Marius Bozga, Ramzi Ben Salah VERIMAG 24th August 2006 Introduction Exploring the state space of Timed Automata is important (circuits timing analysis, scheduling, etc). However, its a very


  1. On Interleaving in Timed Automata Oded Maler, Marius Bozga, Ramzi Ben Salah VERIMAG 24th August 2006

  2. Introduction ◮ Exploring the state space of Timed Automata is important (circuits timing analysis, scheduling, etc). However, it’s a very difficult problem limited by the state-explosion problem . ◮ Part of the explosion is coming from the effect of interleaving on splitting of zones. We show how to get rid of this explosion. ◮ We prove a simple convexity result and use it to modify slightly the "classical" reachability algorithm for TA and avoid this explosion.

  3. Plan Quick Review On Timed Automata State Explosion Due to Interleaving Semantics Convexity Result Application to reachability computation Conclusion

  4. Timed Automata A Timed Automaton is A = ( Σ , Q , C , I , ∆ ) where: Example: ◮ Σ is a finite set of transition labels. a 0 x:=0 1 ◮ Q is a finite set of states. true x 2 c ◮ C is a finite set of clocks. x:=0 b d ◮ I is the invariant (staying condition), assigning to x 1 x > 4 x:=0 every q ∈ Q a conjunction of time constraints I q . 2 ◮ ∆ is the transition relations of the form ( q , g , a , r , q ′ ) x 5 where: ◮ q , q ′ ∈ Q are the source and target states of the transition. ◮ a ∈ Σ is the transition label. ◮ g is the transition guard (a conjunction of time constraints). ◮ r ⊆ C is a set of clocks to be reset by the transition.

  5. Runs of Timed Automata A configuration is a pair ( q , v ) consisting of a discrete state q and a clocks valuation v : C → R + ∪{ 0 } . A step of the automaton is one of the following: d ◮ A time step: ( q , v ) − → ( q , v + d ) , d ∈ R ≥ 0 such that v + d satisfies I q . → ( q ′ , v ′ ) for some transition ( q , g , a , r , q ′ ) ∈ ∆ such a ◮ A discrete step: ( q , v ) − that v satisfies g and v ′ = r ( v ) . A compound step is a time step followed by a discrete step: d , a d a → ( q ′ , v ′ ) ≡ ( q , v ) → ( q ′ , v ′ ) ( q , v ) − − → ( q , v + d ) − A run of the automaton starting from the configuration ( q 0 , v 0 ) is a finite sequence of compound steps ending in a time step: d 1 , a 1 d 2 , a 2 d k , a k d ∗ ξ : ( q 0 , v 0 ) − → ( q 1 , v 1 ) − → ... − → ( q k , v k ) − → ( q k , v k + d ∗ )

  6. Composition of Timed Automata A composition of timed automata is A = A 1 � A 2 � ... � A n where each automaton is of the form A i = ( Σ i , Q i , C i , I i , ∆ i ) . The action alphabets can overlap, but the set of clocks of the automata are mutually disjoint . The Global Automaton obtained from the composition is A = ( Σ , Q , C , I , ∆ ) where Σ = S n i = 1 Σ i , Q = ∏ n i = 1 Q i and C = S n i = 1 C i . We note a global state as q = ( q 1 , q 2 ,..., q n ) and a global clock valuation over C as v = ( v 1 , v 2 ,..., v n ) . The semantics of the composition is given in term of global steps as follows: d → ( q , v + d ) , d ∈ R ≥ 0 such that v + d satisfies V n - Time step: ( q , v ) − i = 1 I q i . a if a ∈ Σ i , ( q i , v i ) → ( q ′ i , v ′ i )( local step of A i ) � − a → ( q ′ , v ′ ) - Discrete step: ( q , v ) − ∈ Σ i , ( q i , v i ) = ( q ′ i , v ′ i ) if a / - Global compound steps and global runs are defined similarly to their local counterparts.

  7. The Symbolic Representation ◮ The semantics of a timed automaton yields an infinite transition system which is not an appropriate basis for verification algorithms ⇒ Symbolic representation. ◮ The standard reachability algorithm (Kronos and Uppaal,...) computes a reachability graph S = ( N , → ) , the nodes of which are symbolic states. ◮ A symbolic state is of the form ( q , Z ) , where q is a discrete state and Z is a zone, a convex set of clocks valuations satisfying clock constraints. ◮ NB : There is a path of S from ( q , Z ) to ( q ′ , Z ′ ) iff for every v ′ ∈ Z ′ there exists v ∈ Z and a run of A from ( q , v ) to ( q ′ , v ′ ) .

  8. The Standard Reachability Computation Standard algorithm: Starting by the initial symbolic state ( q 0 , true ) Succ δ is applied until termination Succ δ ( q , Z ) = Post t � Post δ ( q , Z ) � ◮ The δ -transition successor of ( q , Z ) is the set of configurations reachable from ( q , Z ) by taking the transition δ = ( q , g , a , r , q ′ ) ∈ ∆ : Post δ ( q , Z ) = ( q ′ , r ( z )) : z ∈ Z ∩ g � � ◮ The time successor of ( q , Z ) is the set of configurations reachable from ( q , Z ) by letting the time progress without violating the staying condition: Post t ( q , Z ) = { ( q , z + d ) : z ∈ Z , d ≥ 0 , and z + d ∈ I q }

  9. Plan Quick Review On Timed Automata State Explosion Due to Interleaving Semantics Convexity Result Application to reachability computation Conclusion

  10. Example: Interleaving in TA Splits Zones (A) (B) Timed Untimed 0,0 0,0 True y y a b a 0 0 b x:=0 y:=0 True True 3 1,0 1,0 a b x x 1,0 1,0 0 x < 5 y < 3 x:=0 y:=0 0 5 y y b a 1 1 b a x < 5 y < 3 y:=0 x:=0 3 1,1 1,1 3 1,1 x < 5 x < 5 x y < 3 y < 3 x y x y x 0 0 5 5 Untimed reachability will converge to single state, where Timed reachability using the standard algorithm will generate several symbolic states - two in the example: ◮ One with the zone Z ( a , b ) in which y ≤ x because in all runs along the first path x is reset before y . ◮ One with the zone Z ( b , a ) in which y ≥ x because in all runs along the second path x is reset after y .

  11. Example: Interleaving in TA Splits Zones 0,0 0,0 True True y y y y a b a b x:=0 y:=0 x:=0 y:=0 3 3 x 1,0 1,0 x x 1,0 1,0 x 0 0 x < 5 y < 3 x < 5 y < 3 0 0 5 5 b a y y b a y:=0 x:=0 y y:=0 x:=0 Z(a,b) Z(b,a) 3 Z(a,b) Z(b,a) 3 1,1 1,1 x < 5 1,1 3 x x < 5 x < 5 x y < 3 y < 3 y < 3 x 0 5 0 5 y x y x 0 5 ◮ Notice that Z ( a , b ) ∪ Z ( b , a ) is a convex set. ◮ Convexity ⇒ Exact reduction through states merging. ◮ General criterion for convexity : The union of all zones reached by different locally-equivalent runs is convex.

  12. Local Runs of the Global Automaton ◮ A local run ξ i is the projection of a global run ξ of the global automaton A = A 1 � A 2 � ... � A n on the automaton A i . ◮ The projection ξ i of ξ is obtained by “hiding” the transitions in which A i does not participate, projecting the run on the states and clocks of A i , and collapse the time passage. Example A possible global run ξ : ( ( q , v )= (( q A , q B ),( x , y )) ) 6 a 3 b 1 . 3 ((0,0),(0,0)) − → (0,0),(6,6)) − → ((1,0),(0,6)) − → ((1,0),(3,9)) − → ((1,1),(3,0)) − → ((1,1),(4.3,1.3)) a b x=6 y=6 , x=3 y=9 , 0 0 The projection of ξ on B : ( ( q , v )= ( q B , y ) ) True True ε 6 3 b 1 . 3 a b [ (0,0) − → (0,6) − → (0,6) − → (0,9) ] − → (1,0) − → (1,1.3) After projection x:=0 y:=0 1 . 3 9 b − → (0,9) ] − → (1,0) − → (1,1.3) 1 1 [ (0,0) After the time merging x 5 y 3 (A) (B)

  13. Qualitative & local equivalence between runs ◮ Two runs ξ and ξ ′ are qualitatively equivalent ( ξ ≈ ξ ′ ) if they go through the same sequence of discrete transitions and differ only in timing. The class of runs qualitatively equivalent to ξ is denoted [ ξ ] . ◮ Two runs ξ and ξ ′ are locally equivalent ( ξ ∼ ξ ′ ) if all their local projections are 1 ≤ i ≤ n ( ξ i ≈ ξ ′ i ) . The class of runs locally equivalent qualitatively equivalent: V to ξ will be denoted � ξ � . Projection on B Projection on A Example of valid global runs : b a t t ξ B a b ξ A ξ 1 : t 1 : 1 : x=6 y=6 , x=3 y=9 , x=6 y=6 , x=3 y=9 , a b a b t t ξ A ξ B ξ 2 : t 2 : 2 : x=4 y=4 , x=4 y=4 , x=1 y=5 , x=1 y=5 , b a a b ξ 3 : t t ξ A t ξ B 3 : 3 : x=2 y=2 , x=5 y=3 , x=5 y=3 , x=2 y=2 , 0 0 True True ξ A 1 ≈ ξ A 2 ≈ ξ A ξ B 1 ≈ ξ B 2 ≈ ξ B ⇒ ξ 1 ∼ ξ 2 ∼ ξ 3 � � � � ∧ a b 3 3 x:=0 y:=0 Notice: ξ 1 ≈ ξ 2 ⇒ ξ 1 ∼ ξ 2 1 1 x 5 y 3 (A) (B)

  14. Plan Quick Review On Timed Automata State Explosion Due to Interleaving Semantics Convexity Result Application to reachability computation Conclusion

  15. Convexity Result Let Z be a convex timed polyhedron and let q and q ′ be Theorem two global states of A . Let ξ be a run starting at q and ending at q ′ . Then the set � � ξ ′ v ′ : ∃ v ∈ Z , ( q , v ) → ( q ′ , v ′ ) [ R Z , � ξ � ≡ − is convex ξ ′ ∈� ξ �

  16. Proof We proved that the condition for a valid global run starting at Z 0 and locally equivalent to a given run ξ is expressed as a conjunctive formula: t 1 0 = t 2 0 = ... = t n ∧   0 v 0 ∈ Z 0 ∧   Φ ( t , v ) = i = 1 Φ i ( v i , t i ) V n ∧     a ∈ Σ Ψ a ( t ) V ∧   t 1 k + 1 = t 2 k + 1 = ... = t n k + 1 ∃ d , d = t i j − t i   ∧  j − 1  I i j − 1 ( v i  j − 1 + d ) ∧  Φ i ( t i , v i ) = V k    and  j = 1  g i j ( v i   j − 1 + d ) ∧     where: v i j = r i j ( v i j − 1 + d )      j = t i ′ Ψ a ( t ) = V � t i   � j ′  ( i , j ) , ( i ′ , j ′ ) ∈ ( i , j ) : a i j = a This set is a convex subset in the space consisting of all valuations and time stamps. R Z , � ξ � could be defined as the projection of this convex set ⇒ R Z , � ξ � is convex.

Recommend


More recommend