schedulability analysis under uncertainty using formal
play

Schedulability Analysis under Uncertainty using Formal Methods (part - PowerPoint PPT Presentation

Aug 15, 2023 •363 likes •1.87k views

ESWEEK Tutorial Sunday, 30th of September Schedulability Analysis under Uncertainty using Formal Methods (part 2) tienne Andr and Giusppe Lipari LIPN, Universit Paris 13, CNRS, France tienne Andr (Universit Paris 13) Tutorial @

  1. Example of concrete runs y = 8 coffee! y ≤ 5 y ≤ 8 press? y = 5 cup! x := 0 x ≥ 1 y := 0 press? x := 0 Possible concrete runs for the coffee machine Coffee with no sugar press? x = 0 0 y = 0 0 Étienne André (Université Paris 13) Tutorial @ ESWEEK 2018 8 / 42

  2. Example of concrete runs y = 8 coffee! y ≤ 5 y ≤ 8 press? y = 5 cup! x := 0 x ≥ 1 y := 0 press? x := 0 Possible concrete runs for the coffee machine Coffee with no sugar press? 5 x = 0 0 5 y = 0 0 5 Étienne André (Université Paris 13) Tutorial @ ESWEEK 2018 8 / 42

  3. Example of concrete runs y = 8 coffee! y ≤ 5 y ≤ 8 press? y = 5 cup! x := 0 x ≥ 1 y := 0 press? x := 0 Possible concrete runs for the coffee machine Coffee with no sugar press? cup! 5 x = 0 0 5 5 y = 0 0 5 5 Étienne André (Université Paris 13) Tutorial @ ESWEEK 2018 8 / 42

  4. Example of concrete runs y = 8 coffee! y ≤ 5 y ≤ 8 press? y = 5 cup! x := 0 x ≥ 1 y := 0 press? x := 0 Possible concrete runs for the coffee machine Coffee with no sugar press? cup! 5 3 x = 0 0 5 5 8 y = 0 0 5 5 8 Étienne André (Université Paris 13) Tutorial @ ESWEEK 2018 8 / 42

  5. Example of concrete runs y = 8 coffee! y ≤ 5 y ≤ 8 press? y = 5 cup! x := 0 x ≥ 1 y := 0 press? x := 0 Possible concrete runs for the coffee machine Coffee with no sugar press? cup! coffee! 5 3 x = 0 0 5 5 8 8 y = 0 0 5 5 8 8 Étienne André (Université Paris 13) Tutorial @ ESWEEK 2018 8 / 42

  6. Example of concrete runs y = 8 coffee! y ≤ 5 y ≤ 8 press? y = 5 cup! x := 0 x ≥ 1 y := 0 press? x := 0 Possible concrete runs for the coffee machine Coffee with no sugar press? cup! coffee! 5 3 x = 0 0 5 5 8 8 y = 0 0 5 5 8 8 Coffee with 2 doses of sugar x = 0 y = 0 Étienne André (Université Paris 13) Tutorial @ ESWEEK 2018 8 / 42

  7. Example of concrete runs y = 8 coffee! y ≤ 5 y ≤ 8 press? y = 5 cup! x := 0 x ≥ 1 y := 0 press? x := 0 Possible concrete runs for the coffee machine Coffee with no sugar press? cup! coffee! 5 3 x = 0 0 5 5 8 8 y = 0 0 5 5 8 8 Coffee with 2 doses of sugar press? x = 0 0 y = 0 0 Étienne André (Université Paris 13) Tutorial @ ESWEEK 2018 8 / 42

  8. Example of concrete runs y = 8 coffee! y ≤ 5 y ≤ 8 press? y = 5 cup! x := 0 x ≥ 1 y := 0 press? x := 0 Possible concrete runs for the coffee machine Coffee with no sugar press? cup! coffee! 5 3 x = 0 0 5 5 8 8 y = 0 0 5 5 8 8 Coffee with 2 doses of sugar press? 1 . 5 x = 0 0 1 . 5 y = 0 0 1 . 5 Étienne André (Université Paris 13) Tutorial @ ESWEEK 2018 8 / 42

  9. Example of concrete runs y = 8 coffee! y ≤ 5 y ≤ 8 press? y = 5 cup! x := 0 x ≥ 1 y := 0 press? x := 0 Possible concrete runs for the coffee machine Coffee with no sugar press? cup! coffee! 5 3 x = 0 0 5 5 8 8 y = 0 0 5 5 8 8 Coffee with 2 doses of sugar press? press? 1 . 5 x = 0 0 1 . 5 0 y = 0 0 1 . 5 1 . 5 Étienne André (Université Paris 13) Tutorial @ ESWEEK 2018 8 / 42

  10. Example of concrete runs y = 8 coffee! y ≤ 5 y ≤ 8 press? y = 5 cup! x := 0 x ≥ 1 y := 0 press? x := 0 Possible concrete runs for the coffee machine Coffee with no sugar press? cup! coffee! 5 3 x = 0 0 5 5 8 8 y = 0 0 5 5 8 8 Coffee with 2 doses of sugar press? press? 1 . 5 2 . 7 x = 0 0 1 . 5 0 2 . 7 y = 0 0 1 . 5 1 . 5 4 . 2 Étienne André (Université Paris 13) Tutorial @ ESWEEK 2018 8 / 42

  11. Example of concrete runs y = 8 coffee! y ≤ 5 y ≤ 8 press? y = 5 cup! x := 0 x ≥ 1 y := 0 press? x := 0 Possible concrete runs for the coffee machine Coffee with no sugar press? cup! coffee! 5 3 x = 0 0 5 5 8 8 y = 0 0 5 5 8 8 Coffee with 2 doses of sugar press? press? press? 1 . 5 2 . 7 x = 0 0 1 . 5 0 2 . 7 0 y = 0 0 1 . 5 1 . 5 4 . 2 4 . 2 Étienne André (Université Paris 13) Tutorial @ ESWEEK 2018 8 / 42

  12. Example of concrete runs y = 8 coffee! y ≤ 5 y ≤ 8 press? y = 5 cup! x := 0 x ≥ 1 y := 0 press? x := 0 Possible concrete runs for the coffee machine Coffee with no sugar press? cup! coffee! 5 3 x = 0 0 5 5 8 8 y = 0 0 5 5 8 8 Coffee with 2 doses of sugar press? press? press? 1 . 5 2 . 7 0 . 8 x = 0 0 1 . 5 0 2 . 7 0 0 . 8 y = 0 0 1 . 5 1 . 5 4 . 2 4 . 2 5 Étienne André (Université Paris 13) Tutorial @ ESWEEK 2018 8 / 42

  13. Example of concrete runs y = 8 coffee! y ≤ 5 y ≤ 8 press? y = 5 cup! x := 0 x ≥ 1 y := 0 press? x := 0 Possible concrete runs for the coffee machine Coffee with no sugar press? cup! coffee! 5 3 x = 0 0 5 5 8 8 y = 0 0 5 5 8 8 Coffee with 2 doses of sugar press? press? press? cup! 1 . 5 2 . 7 0 . 8 x = 0 0 1 . 5 0 2 . 7 0 0 . 8 0 . 8 y = 0 0 1 . 5 1 . 5 4 . 2 4 . 2 5 5 Étienne André (Université Paris 13) Tutorial @ ESWEEK 2018 8 / 42

  14. Example of concrete runs y = 8 coffee! y ≤ 5 y ≤ 8 press? y = 5 cup! x := 0 x ≥ 1 y := 0 press? x := 0 Possible concrete runs for the coffee machine Coffee with no sugar press? cup! coffee! 5 3 x = 0 0 5 5 8 8 y = 0 0 5 5 8 8 Coffee with 2 doses of sugar press? press? press? cup! 1 . 5 2 . 7 0 . 8 3 x = 0 0 1 . 5 0 2 . 7 0 0 . 8 0 . 8 3 . 8 y = 0 0 1 . 5 1 . 5 4 . 2 4 . 2 5 5 8 Étienne André (Université Paris 13) Tutorial @ ESWEEK 2018 8 / 42

  15. Example of concrete runs y = 8 coffee! y ≤ 5 y ≤ 8 press? y = 5 cup! x := 0 x ≥ 1 y := 0 press? x := 0 Possible concrete runs for the coffee machine Coffee with no sugar press? cup! coffee! 5 3 x = 0 0 5 5 8 8 y = 0 0 5 5 8 8 Coffee with 2 doses of sugar press? press? press? cup! coffee! 1 . 5 2 . 7 0 . 8 3 x = 0 0 1 . 5 0 2 . 7 0 0 . 8 0 . 8 3 . 8 3 . 8 y = 0 0 1 . 5 1 . 5 4 . 2 4 . 2 5 5 8 8 Étienne André (Université Paris 13) Tutorial @ ESWEEK 2018 8 / 42

  16. Timed automata: A success story An expressive formalism Dense time Concurrency A tractable verification in theory Reachability is PSPACE-complete [Alur and Dill, 1994] A very efficient verification in practice Symbolic verification: relatively insensitive to constants Several model checkers, notably Uppaal [Larsen et al., 1997] Long list of successful case studies Étienne André (Université Paris 13) Tutorial @ ESWEEK 2018 9 / 42

  17. Outline Parametric timed automata 1 Timed automata Parametric timed automata IMITATOR in a nutshell 2 Modeling real-time systems with parametric timed automata 3 A case study: Verifying a real-time system under uncertainty 4 Étienne André (Université Paris 13) Tutorial @ ESWEEK 2018 10 / 42

  18. Beyond timed model checking: parameter synthesis Verification for one set of constants does not usually guarantee the correctness for other values Challenges Numerous verifications: is the system correct for any value within [40; 60] ? Optimization: until what value can we increase 10 ? Robustness [Markey, 2011] : What happens if 50 is implemented with 49 . 99 ? System incompletely specified: Can I verify my system even if I don’t know the period value with full certainty? Étienne André (Université Paris 13) Tutorial @ ESWEEK 2018 11 / 42

  19. Beyond timed model checking: parameter synthesis Verification for one set of constants does not usually guarantee the correctness for other values Challenges Numerous verifications: is the system correct for any value within [40; 60] ? Optimization: until what value can we increase 10 ? Robustness [Markey, 2011] : What happens if 50 is implemented with 49 . 99 ? System incompletely specified: Can I verify my system even if I don’t know the period value with full certainty? Parameter synthesis Consider that timing constants are unknown constants (parameters) Étienne André (Université Paris 13) Tutorial @ ESWEEK 2018 11 / 42

  20. timed model checking ? y = delay x := 0 | x < period = is unreachable A property to be satisfied A model of the system Question: does the model of the system satisfy the property? Yes No Counterexample Étienne André (Université Paris 13) Tutorial @ ESWEEK 2018 12 / 42

  21. Parametric timed model checking ? y = delay x := 0 | x < period = is unreachable A property to be satisfied A model of the system Question: for what values of the parameters does the model of the system satisfy the property? Yes if... 2 delay > period ∧ period < 20 . 46 Étienne André (Université Paris 13) Tutorial @ ESWEEK 2018 12 / 42

  22. Parametric Timed Automaton (PTA) Timed automaton (sets of locations, actions and clocks) y =8 coffee! y ≤ 5 y ≤ 8 press? y =5 cup! x := 0 x ≥ 1 y := 0 press? x :=0 Étienne André (Université Paris 13) Tutorial @ ESWEEK 2018 13 / 42

  23. Parametric Timed Automaton (PTA) Timed automaton (sets of locations, actions and clocks) augmented with a set P of parameters [Alur et al., 1993] Unknown constants compared to a clock in guards and invariants y = p 3 coffee! y ≤ p 2 y ≤ 8 press? y = p 2 cup! x := 0 x ≥ p 1 y := 0 press? x :=0 Étienne André (Université Paris 13) Tutorial @ ESWEEK 2018 13 / 42

  24. Notation: Valuation of a PTA Given a PTA A and a parameter valuation v , we denote by v ( A ) the (non-parametric) timed automaton where each parameter p is valuated by v ( p ) Étienne André (Université Paris 13) Tutorial @ ESWEEK 2018 14 / 42

  25. Notation: Valuation of a PTA Given a PTA A and a parameter valuation v , we denote by v ( A ) the (non-parametric) timed automaton where each parameter p is valuated by v ( p )   y = p 3 y = 8 coffee! coffee!     y ≤ p 2 y ≤ 5 v y ≤ 8 = y ≤ 8   press? press? y = p 2 y = 5   cup! cup! x := 0 x := 0 x ≥ p 1 x ≥ 1   y := 0 y := 0 press? press? x :=0 x := 0  p 1 → 1  with v : → 5 p 2 p 3 → 8  Étienne André (Université Paris 13) Tutorial @ ESWEEK 2018 14 / 42

  26. Symbolic semantics of parametric timed automata Symbolic state of a PTA: pair ( l, C ) , where l is a location, C is a convex polyhedron over X and P with a special form, called parametric zone [Hune et al., 2002] Étienne André (Université Paris 13) Tutorial @ ESWEEK 2018 15 / 42

  27. Symbolic semantics of parametric timed automata Symbolic state of a PTA: pair ( l, C ) , where l is a location, C is a convex polyhedron over X and P with a special form, called parametric zone [Hune et al., 2002] Symbolic run: alternating sequence of symbolic states and actions Étienne André (Université Paris 13) Tutorial @ ESWEEK 2018 15 / 42

  28. Symbolic semantics of parametric timed automata Symbolic state of a PTA: pair ( l, C ) , where l is a location, C is a convex polyhedron over X and P with a special form, called parametric zone [Hune et al., 2002] Symbolic run: alternating sequence of symbolic states and actions Example x ≥ p 2 b a x :=0 x ≤ p 1 x ≤ p 3 y :=0 y ≥ p 4 c Possible symbolic run for this PTA x = y x ≤ p 1 Étienne André (Université Paris 13) Tutorial @ ESWEEK 2018 15 / 42

  29. Symbolic semantics of parametric timed automata Symbolic state of a PTA: pair ( l, C ) , where l is a location, C is a convex polyhedron over X and P with a special form, called parametric zone [Hune et al., 2002] Symbolic run: alternating sequence of symbolic states and actions Example x ≥ p 2 b a x :=0 x ≤ p 1 x ≤ p 3 y :=0 y ≥ p 4 c Possible symbolic run for this PTA a x = y x − y ≤ p 1 x ≤ p 1 x − y ≥ p 2 x ≤ p 3 Étienne André (Université Paris 13) Tutorial @ ESWEEK 2018 15 / 42

  30. Symbolic semantics of parametric timed automata Symbolic state of a PTA: pair ( l, C ) , where l is a location, C is a convex polyhedron over X and P with a special form, called parametric zone [Hune et al., 2002] Symbolic run: alternating sequence of symbolic states and actions Example x ≥ p 2 b a x :=0 x ≤ p 1 x ≤ p 3 y :=0 y ≥ p 4 c Possible symbolic run for this PTA a b x = y x − y ≤ p 1 p 1 ≥ p 2 x ≤ p 1 x − y ≥ p 2 y ≥ x x ≤ p 3 y − x ≤ p 3 Étienne André (Université Paris 13) Tutorial @ ESWEEK 2018 15 / 42

  31. Symbolic semantics of PTA: Illustration C ′ = [( C ∩ g )] R ∩ I ( l ′ )) ր ∩ I ( l ′ )) C Étienne André (Université Paris 13) Tutorial @ ESWEEK 2018 16 / 42

  32. Symbolic semantics of PTA: Illustration C ′ = [( C ∩ g )] R ∩ I ( l ′ )) ր ∩ I ( l ′ )) g C Étienne André (Université Paris 13) Tutorial @ ESWEEK 2018 16 / 42

  33. Symbolic semantics of PTA: Illustration C ′ = [( C ∩ g )] R ∩ I ( l ′ )) ր ∩ I ( l ′ )) g C R Étienne André (Université Paris 13) Tutorial @ ESWEEK 2018 16 / 42

  34. Symbolic semantics of PTA: Illustration C ′ = [( C ∩ g )] R ∩ I ( l ′ )) ր ∩ I ( l ′ )) g C I ( l ′ ) R Étienne André (Université Paris 13) Tutorial @ ESWEEK 2018 16 / 42

  35. Symbolic semantics of PTA: Illustration C ′ = [( C ∩ g )] R ∩ I ( l ′ )) ր ∩ I ( l ′ )) g C I ( l ′ ) R Étienne André (Université Paris 13) Tutorial @ ESWEEK 2018 16 / 42

  36. Symbolic semantics of PTA: Illustration C ′ = [( C ∩ g )] R ∩ I ( l ′ )) ր ∩ I ( l ′ )) g C C ′ I ( l ′ ) R Étienne André (Université Paris 13) Tutorial @ ESWEEK 2018 16 / 42

  37. Symbolic exploration: Coffee machine y = p 3 coffee! y ≤ p 2 y ≤ 8 press? y = p 2 cup! x := 0 x ≥ p 1 y := 0 press? x :=0 x = y Étienne André (Université Paris 13) Tutorial @ ESWEEK 2018 17 / 42

  38. Symbolic exploration: Coffee machine y = p 3 coffee! y ≤ p 2 y ≤ 8 press? y = p 2 cup! x := 0 x ≥ p 1 y := 0 press? x :=0 x = y x = y 0 ≤ y ≤ p 2 press? Étienne André (Université Paris 13) Tutorial @ ESWEEK 2018 17 / 42

  39. Symbolic exploration: Coffee machine y = p 3 coffee! y ≤ p 2 y ≤ 8 press? y = p 2 cup! x := 0 x ≥ p 1 y := 0 press? x :=0 x = y x = y x = y 0 ≤ y ≤ p 2 p 2 ≤ y ≤ 8 press? cup! Étienne André (Université Paris 13) Tutorial @ ESWEEK 2018 17 / 42

  40. Symbolic exploration: Coffee machine y = p 3 coffee! y ≤ p 2 y ≤ 8 press? y = p 2 cup! x := 0 x ≥ p 1 y := 0 press? x :=0 p 2 ≤ p 3 ≤ 8 x = y x = y x = y 0 ≤ y ≤ p 2 p 2 ≤ y ≤ 8 y = x + p 3 press? cup! coffee! Étienne André (Université Paris 13) Tutorial @ ESWEEK 2018 17 / 42

  41. Symbolic exploration: Coffee machine y = p 3 coffee! y ≤ p 2 y ≤ 8 press? y = p 2 cup! x := 0 x ≥ p 1 y := 0 press? x :=0 p 2 ≤ p 3 ≤ 8 x = y x = y x = y press? 0 ≤ y ≤ p 2 p 2 ≤ y ≤ 8 y = x + p 3 press? cup! coffee! Étienne André (Université Paris 13) Tutorial @ ESWEEK 2018 17 / 42

  42. Symbolic exploration: Coffee machine y = p 3 coffee! y ≤ p 2 y ≤ 8 press? y = p 2 cup! x := 0 x ≥ p 1 y := 0 press? x :=0 p 2 ≤ p 3 ≤ 8 x = y x = y x = y press? 0 ≤ y ≤ p 2 p 2 ≤ y ≤ 8 y = x + p 3 press? cup! coffee! press? cup! y − x ≥ p 1 · · · 0 ≤ y ≤ p 2 Étienne André (Université Paris 13) Tutorial @ ESWEEK 2018 17 / 42

  43. Symbolic exploration: Coffee machine y = p 3 coffee! y ≤ p 2 y ≤ 8 press? y = p 2 cup! x := 0 x ≥ p 1 y := 0 press? x :=0 p 2 ≤ p 3 ≤ 8 x = y x = y x = y press? 0 ≤ y ≤ p 2 p 2 ≤ y ≤ 8 y = x + p 3 press? cup! coffee! press? cup! y − x ≥ p 1 · · · 0 ≤ y ≤ p 2 press? cup! y − x ≥ 2 p 1 · · · 0 ≤ y ≤ p 2 Étienne André (Université Paris 13) Tutorial @ ESWEEK 2018 17 / 42

  44. Symbolic exploration: Coffee machine y = p 3 coffee! y ≤ p 2 y ≤ 8 press? y = p 2 cup! x := 0 x ≥ p 1 y := 0 press? x :=0 p 2 ≤ p 3 ≤ 8 x = y x = y x = y press? 0 ≤ y ≤ p 2 p 2 ≤ y ≤ 8 y = x + p 3 press? cup! coffee! press? cup! y − x ≥ p 1 · · · 0 ≤ y ≤ p 2 press? cup! y − x ≥ 2 p 1 · · · 0 ≤ y ≤ p 2 · · · Étienne André (Université Paris 13) Tutorial @ ESWEEK 2018 17 / 42

  45. Why studying decidability? If a decision problem is undecidable, it is hopeless to look for algorithms yielding exact solutions (because that is impossible) Étienne André (Université Paris 13) Tutorial @ ESWEEK 2018 18 / 42

  46. Why studying decidability? If a decision problem is undecidable, it is hopeless to look for algorithms yielding exact solutions (because that is impossible) However, one can: design semi-algorithms: if the algorithm halts, then its result is correct design algorithms yielding over- or under-approximations Étienne André (Université Paris 13) Tutorial @ ESWEEK 2018 18 / 42

  47. Decision and computation problems for PTA EF-Emptiness “Is the set of parameter valuations for which a given location l is reachable empty?” Example: “Does there exist at least one parameter valuation for which I can get a coffee with 2 sugars?” EF-Universality “Do all parameter valuations allow to reach a given location l ?” Example: “Are all parameter valuations such that I may eventually get a coffee?” AF-Emptiness “Is the set of parameter valuations for which a given location l is always eventually reachable empty?” Example: “Does there exist at least one parameter valuation for which I can always eventually get a coffee?” Étienne André (Université Paris 13) Tutorial @ ESWEEK 2018 19 / 42

  48. Decision and computation problems for PTA EF-Emptiness “Is the set of parameter valuations for which a given location l is reachable empty?” Example: “Does there exist at least one parameter valuation for which I can get a coffee with √ 2 sugars?” , e. g., p 1 = 1 , p 2 = 5 , p 3 = 8 EF-Universality “Do all parameter valuations allow to reach a given location l ?” Example: “Are all parameter valuations such that I may eventually get a coffee?” AF-Emptiness “Is the set of parameter valuations for which a given location l is always eventually reachable empty?” Example: “Does there exist at least one parameter valuation for which I can always eventually get a coffee?” Étienne André (Université Paris 13) Tutorial @ ESWEEK 2018 19 / 42

  49. Decision and computation problems for PTA EF-Emptiness “Is the set of parameter valuations for which a given location l is reachable empty?” Example: “Does there exist at least one parameter valuation for which I can get a coffee with √ 2 sugars?” , e. g., p 1 = 1 , p 2 = 5 , p 3 = 8 EF-Universality “Do all parameter valuations allow to reach a given location l ?” Example: “Are all parameter valuations such that I may eventually get a coffee?” × , e. g., p 1 = 1 , p 2 = 5 , p 3 = 2 AF-Emptiness “Is the set of parameter valuations for which a given location l is always eventually reachable empty?” Example: “Does there exist at least one parameter valuation for which I can always eventually get a coffee?” Étienne André (Université Paris 13) Tutorial @ ESWEEK 2018 19 / 42

  50. Decision and computation problems for PTA EF-Emptiness “Is the set of parameter valuations for which a given location l is reachable empty?” Example: “Does there exist at least one parameter valuation for which I can get a coffee with √ 2 sugars?” , e. g., p 1 = 1 , p 2 = 5 , p 3 = 8 EF-Universality “Do all parameter valuations allow to reach a given location l ?” Example: “Are all parameter valuations such that I may eventually get a coffee?” × , e. g., p 1 = 1 , p 2 = 5 , p 3 = 2 AF-Emptiness “Is the set of parameter valuations for which a given location l is always eventually reachable empty?” Example: “Does there exist at least one parameter valuation for which I can always √ eventually get a coffee?” , e. g., p 1 = 1 , p 2 = 5 , p 3 = 8 Étienne André (Université Paris 13) Tutorial @ ESWEEK 2018 19 / 42

  51. Undecidability The symbolic state space is infinite in general No finite abstraction exists (unlike timed automata) Étienne André (Université Paris 13) Tutorial @ ESWEEK 2018 20 / 42

  52. Undecidability The symbolic state space is infinite in general No finite abstraction exists (unlike timed automata) Bad news All interesting problems are undecidable for (general) parametric timed automata. [ÉA, STTT 2017] Étienne André (Université Paris 13) Tutorial @ ESWEEK 2018 20 / 42

  53. Undecidability in a nutshell EF-emptiness problem “Is the set of parameter valuations for which a given location l is reachable empty?” [Alur et al., 1993, Miller, 2000, Doyen, 2007, Beneš et al., 2015] Étienne André (Université Paris 13) Tutorial @ ESWEEK 2018 21 / 42

  54. Undecidability in a nutshell EF-emptiness problem “Is the set of parameter valuations for which a given location l is reachable empty?” [Alur et al., 1993, Miller, 2000, Doyen, 2007, Beneš et al., 2015] EF-universality problem “Do all parameter valuations allow to reach a given location l ?” [ÉA, Lime, Roux @ ICFEM’16] Étienne André (Université Paris 13) Tutorial @ ESWEEK 2018 21 / 42

  55. Undecidability in a nutshell EF-emptiness problem “Is the set of parameter valuations for which a given location l is reachable empty?” [Alur et al., 1993, Miller, 2000, Doyen, 2007, Beneš et al., 2015] EF-universality problem “Do all parameter valuations allow to reach a given location l ?” [ÉA, Lime, Roux @ ICFEM’16] AF-emptiness and AF-universality problem “Is the set of parameter valuations for which all runs eventually reach a given location l empty/universal?” [Jovanović et al., 2015, André et al., 2016] Étienne André (Université Paris 13) Tutorial @ ESWEEK 2018 21 / 42

  56. Undecidability in a nutshell EF-emptiness problem “Is the set of parameter valuations for which a given location l is reachable empty?” [Alur et al., 1993, Miller, 2000, Doyen, 2007, Beneš et al., 2015] EF-universality problem “Do all parameter valuations allow to reach a given location l ?” [ÉA, Lime, Roux @ ICFEM’16] AF-emptiness and AF-universality problem “Is the set of parameter valuations for which all runs eventually reach a given location l empty/universal?” [Jovanović et al., 2015, André et al., 2016] Preservation of the untimed language “Given a parameter valuation, does there exist another valuations with the same untimed language?” [André and Markey, 2015] Étienne André (Université Paris 13) Tutorial @ ESWEEK 2018 21 / 42

  57. Decidability in a nutshell Reducing the number of clocks yields decidability of the EF-emptiness problem: Étienne André (Université Paris 13) Tutorial @ ESWEEK 2018 22 / 42

  58. Decidability in a nutshell Reducing the number of clocks yields decidability of the EF-emptiness problem: √ 1 parametric clock and arbitrarily many non-parametric clocks and integer-valued parameters [Beneš et al., 2015] √ 1 parametric clock and arbitrarily many rational-valued parameters [Miller, 2000] √ 2 parametric clocks and 1 integer-valued parameter [Bundala and Ouaknine, 2014] Étienne André (Université Paris 13) Tutorial @ ESWEEK 2018 22 / 42

  59. Decidability in a nutshell Reducing the number of clocks yields decidability of the EF-emptiness problem: √ 1 parametric clock and arbitrarily many non-parametric clocks and integer-valued parameters [Beneš et al., 2015] √ 1 parametric clock and arbitrarily many rational-valued parameters [Miller, 2000] √ 2 parametric clocks and 1 integer-valued parameter [Bundala and Ouaknine, 2014] Restraining the syntax brings decidability of some problems: L/U-PTAs [Hune et al., 2002, Bozzelli and La Torre, 2009, André and Markey, 2015, André and Lime, 2017, André et al., 2018b] PTAs with bounded integer-valued parameters [Jovanović et al., 2015] reset-PTAs [André et al., 2016, André et al., 2018c] Étienne André (Université Paris 13) Tutorial @ ESWEEK 2018 22 / 42

  60. Outline Parametric timed automata 1 IMITATOR in a nutshell 2 Modeling real-time systems with parametric timed automata 3 A case study: Verifying a real-time system under uncertainty 4 Étienne André (Université Paris 13) Tutorial @ ESWEEK 2018 23 / 42

  61. IMITATOR A tool for modeling and verifying timed concurrent systems with unknown constants modeled with parametric timed automata Communication through (strong) broadcast synchronization Rational-valued shared discrete variables Stopwatches, to model schedulability problems with preemption Synthesis algorithms (non-Zeno) parametric model checking (using a subset of TCTL) Language and trace preservation, and robustness analysis Parametric deadlock-freeness checking Étienne André (Université Paris 13) Tutorial @ ESWEEK 2018 24 / 42

  62. ✇✇✇✳✐♠✐t❛t♦r✳❢r IMITATOR Under continuous development since 2008 [André et al., FM’12] A library of benchmarks Communication protocols Schedulability problems Asynchronous circuits ...and more Free and open source software: Available under the GNU-GPL license Étienne André (Université Paris 13) Tutorial @ ESWEEK 2018 25 / 42

  63. IMITATOR Under continuous development since 2008 [André et al., FM’12] A library of benchmarks Communication protocols Schedulability problems Asynchronous circuits ...and more Free and open source software: Available under the GNU-GPL license Try it! ✇✇✇✳✐♠✐t❛t♦r✳❢r Étienne André (Université Paris 13) Tutorial @ ESWEEK 2018 25 / 42

  64. Some success stories Modeled and verified an asynchronous memory circuit by ST-Microelectronics Parametric schedulability analysis of a prospective architecture for the flight control system of the next generation of spacecrafts designed at ASTRIUM Space Transportation [Fribourg et al., 2012] Verification of software product lines [Luthmann et al., 2017] Offline monitoring [ÉA, Hasuo, Waga @ ICECCS’18] Formal timing analysis of music scores [Fanchon and Jacquemard, 2013] Solution to a challenge related to a distributed video processing system by Thales Étienne André (Université Paris 13) Tutorial @ ESWEEK 2018 26 / 42

  65. Outline Parametric timed automata 1 IMITATOR in a nutshell 2 Modeling real-time systems with parametric timed automata 3 A case study: Verifying a real-time system under uncertainty 4 Étienne André (Université Paris 13) Tutorial @ ESWEEK 2018 27 / 42

  66. Modeling real-time systems with timed automata Using timed automata [Abdeddaïm and Maler, 2001] Using stopwatch automata [Adbeddaïm and Maler, 2002] Using parametric timed automata [Cimatti et al., 2008] Using parametric stopwatch automata [Fribourg et al., 2012, Sun et al., 2013, Lipari et al., 2014] Using task automata [Norström et al., 1999, Fersman et al., 2007, André, 2017] Étienne André (Université Paris 13) Tutorial @ ESWEEK 2018 28 / 42

  67. Modeling a periodic task T (exercise) Periodic task T with period periodT : Étienne André (Université Paris 13) Tutorial @ ESWEEK 2018 29 / 42

  68. Modeling a periodic task T (exercise) Periodic task T with period periodT : xactT = periodT actT xactT := 0 init actT periodic urgent xactT ≤ periodT Étienne André (Université Paris 13) Tutorial @ ESWEEK 2018 29 / 42

  69. Modeling a periodic task T (exercise) Periodic task T with period periodT : xactT = periodT actT xactT := 0 init actT periodic urgent xactT ≤ periodT Periodic task T with period periodT and offsetT : Étienne André (Université Paris 13) Tutorial @ ESWEEK 2018 29 / 42

  70. Modeling a periodic task T (exercise) Periodic task T with period periodT : xactT = periodT actT xactT := 0 init actT periodic urgent xactT ≤ periodT Periodic task T with period periodT and offsetT : xactT = periodT actT xactT = offsetT xactT := 0 actT init periodic xactT := 0 xactT ≤ offsetT xactT ≤ periodT Étienne André (Université Paris 13) Tutorial @ ESWEEK 2018 29 / 42

  71. Modeling a sporadic task T (exercise) Sporadic task T with minimum interarrival time miatT and offsetT : Étienne André (Université Paris 13) Tutorial @ ESWEEK 2018 30 / 42

  72. Modeling a sporadic task T (exercise) Sporadic task T with minimum interarrival time miatT and offsetT : xactT ≥ miatT actT xactT ≥ offsetT xactT := 0 actT xactT := 0 sporadic init Étienne André (Université Paris 13) Tutorial @ ESWEEK 2018 30 / 42

  73. Modeling a sporadic task T (exercise) Sporadic task T with minimum interarrival time miatT and offsetT : xactT ≥ miatT actT xactT ≥ offsetT xactT := 0 actT xactT := 0 sporadic init A more efficient modeling to avoid clock divergence in IMITATOR and hence optimize the computation Étienne André (Université Paris 13) Tutorial @ ESWEEK 2018 30 / 42

  74. Modeling a sporadic task T (exercise) Sporadic task T with minimum interarrival time miatT and offsetT : xactT ≥ miatT actT xactT ≥ offsetT xactT := 0 actT xactT := 0 sporadic init A more efficient modeling to avoid clock divergence in IMITATOR and hence optimize the computation xactT = miatT xactT = offsetT actT init ready waiting xactT := 0 stop { xactT } xactT ≤ offsetT xactT ≤ miatT actT xactT := 0 Trick: stop the computation of xactT to avoid diverging Étienne André (Université Paris 13) Tutorial @ ESWEEK 2018 30 / 42

Recommend

Schedulability analysis Schedulability analysis : The process of determining whether a task set

Schedulability analysis Schedulability analysis : The process of determining whether a task set

EDA421/DIT171 - Parallel and Distributed Real-Time Systems, Chalmers/GU, 2011/2012 Lecture #5 Updated March 21, 2012 Schedulability analysis Schedulability analysis : The process of determining whether a task set can be scheduled

306 views • 14 slides
Schedulability Analysis as Evidence? Bjrn Brandenburg Max Planck Institute for Software Systems

Schedulability Analysis as Evidence? Bjrn Brandenburg Max Planck Institute for Software Systems

Schedulability Analysis as Evidence? Bjrn Brandenburg Max Planck Institute for Software Systems (MPI-SWS) 1 Schedulability Analysis as Evidence? Can safety case rely on schedulability analysis? Safety Case Argument Evidence

839 views • 53 slides
Formal Handling of the Level 2 Uncertainty Sources and Their Combination with the Level 1 PSA

Formal Handling of the Level 2 Uncertainty Sources and Their Combination with the Level 1 PSA

OECD/NEA/CSNI Workshop on Evaluation of Uncertainties in Relation to Severe Accidents and Level 2 Probabilistic Safety Analysis 7-9 November 2005, Aix-en-Provence, France Formal Handling of the Level 2 Uncertainty Sources and Their Combination

705 views • 36 slides
On the Meaning of pWCET Distributions and their use in Schedulability Analysis Robert I. Davis

On the Meaning of pWCET Distributions and their use in Schedulability Analysis Robert I. Davis

On the Meaning of pWCET Distributions and their use in Schedulability Analysis Robert I. Davis How do we verifying the timing correctness of a real-time system? Typically a two step process Timing Analysis Used to characterise the

629 views • 39 slides
Schedulability Analysis of Timed CSP Models Using the PAT Model Checker O uzcan O UZ Jan

Schedulability Analysis of Timed CSP Models Using the PAT Model Checker O uzcan O UZ Jan

Schedulability Analysis of Timed CSP Models Using the PAT Model Checker O uzcan O UZ Jan F. BROENINK Angelika MADER Robotics and Mechatronics, University of Twente, The Netherlands Contents Problem Statement &amp; Approach

516 views • 24 slides
Principled Schedulability Analysis for Distributed Storage Systems Using Thread Architecture

Principled Schedulability Analysis for Distributed Storage Systems Using Thread Architecture

Principled Schedulability Analysis for Distributed Storage Systems Using Thread Architecture Models Suli Yang*, Jing Liu, Andrea C. Arpaci-Dusseau, Remzi H. Arpaci-Dusseau * work done while at UW-Madison Scheduling: A Fundamental Primitive

614 views • 34 slides
Schedulability Analysis and Software Synthesis for Graph-based Task Models with Resource Sharing

Schedulability Analysis and Software Synthesis for Graph-based Task Models with Resource Sharing

Schedulability Analysis and Software Synthesis for Graph-based Task Models with Resource Sharing Jakaria Abdullah , Gaoyang Dai, Morteza Mohaqeqi, Wang Yi Uppsala University April 13, 2018 Outline Problem Problem 1 Algorithm Evaluation

1.08k views • 48 slides
Schedulability Analysis for Fixed Priority Real-Time Systems with Energy- Harvesting m 1 Younes

Schedulability Analysis for Fixed Priority Real-Time Systems with Energy- Harvesting m 1 Younes

Schedulability Analysis for Fixed Priority Real-Time Systems with Energy- Harvesting m 1 Younes Chandarli 1 , 2 Rob Davis 3 Damien Masson 1 Yasmina Abdedda ( 1 ) Universit e Paris-Est, LIGM UMR CNRS 8049, ESIEE Paris, France ( 2 )

633 views • 51 slides
Schedulability Analysis of Synchronous Digraph Real-Time Tasks Morteza Mohaqeqi, Jakaria

Schedulability Analysis of Synchronous Digraph Real-Time Tasks Morteza Mohaqeqi, Jakaria

Schedulability Analysis of Synchronous Digraph Real-Time Tasks Morteza Mohaqeqi, Jakaria Abdullah, Nan Guan, Wang Yi Uppsala University ECRTS 2016 Introduction Real-Time Task Models: Digraph (DRT) recurring branching (RB) non-cyclic GMF

1.11k views • 49 slides
Sequence Estimation and Schedulability Aim Analysis for Partially Observable Petri Nets

Sequence Estimation and Schedulability Aim Analysis for Partially Observable Petri Nets

Sequence Estimation and Schedulability Analysis for Partially Observable Petri Nets (Part I) Ph. Declerck Sequence Estimation and Schedulability Aim Analysis for Partially Observable Petri Nets Preliminaries (Part I) Estimation in

448 views • 41 slides
Parallel &amp; Distributed Real-Time Systems Lecture #5 Risat Pathan Department of Computer

Parallel &amp; Distributed Real-Time Systems Lecture #5 Risat Pathan Department of Computer

Parallel &amp; Distributed Real-Time Systems Lecture #5 Risat Pathan Department of Computer Science and Engineering Chalmers University of Technology Schedulability analysis Schedulability analysis : The process of determining whether a task

461 views • 30 slides
Controller Area Network (CAN) Schedulability Analysis with FIFO queues Robert Davis 1 , Steffen

Controller Area Network (CAN) Schedulability Analysis with FIFO queues Robert Davis 1 , Steffen

Controller Area Network (CAN) Schedulability Analysis with FIFO queues Robert Davis 1 , Steffen Kollmann 2 , Victor Pollex 2 , Frank Slomka 2 1 Real-Time Systems Research Group, University of York 2 Institute of Embedded Systems / Real-Time

483 views • 31 slides
Introduction to Formal Analysis Mark Greenstreet CpSc 513 Term 1, 2015/16 Formal

Introduction to Formal Analysis Mark Greenstreet CpSc 513 Term 1, 2015/16 Formal

Introduction to Formal Analysis Mark Greenstreet CpSc 513 Term 1, 2015/16 Formal verification uses algorithms to rigorously prove properties of hardware or software design. 20 years ago, we had the FDIV bug: 42.0 / 7.0 = 8.0 Formal

576 views • 6 slides
Testing/Simulation Formal Analysis Real System Formal Model Partial coverage Complete coverage

Testing/Simulation Formal Analysis Real System Formal Model Partial coverage Complete coverage

Formal Methods Assurance for TTP John Rushby Computer Science Laboratory SRI International Menlo Park CA USA John Rushby, SR I Formal Methods Assurance for TTP: 1 Formal Methods for Analysis and Assurance: The Idea Testing/Simulation Formal

200 views • 6 slides
Economic and technology uncertainty and implications for policy advise Fr ed eric Babonneau

Economic and technology uncertainty and implications for policy advise Fr ed eric Babonneau

Methods and models Uncertainty and role of CCS in abatement strategies Uncertainty on other drivers New methods to tackle uncertainty analysis for energy/climate policy Publications Economic and technology uncertainty and implications for

849 views • 27 slides
Tutorial Intro. to Modern Formal Methods: Mechanized Formal Analysis Using Model Checking,

Tutorial Intro. to Modern Formal Methods: Mechanized Formal Analysis Using Model Checking,

Tutorial Intro. to Modern Formal Methods: Mechanized Formal Analysis Using Model Checking, Theorem Proving SMT Solving, Abstraction, and Static Analysis With SAL, PVS, and Yices, and more John Rushby Computer Science Laboratory SRI

1.89k views • 161 slides
Formal Analysis of Correctness of a Strategy for the KRK Chess Endgame Fifth Workshop on Formal

Formal Analysis of Correctness of a Strategy for the KRK Chess Endgame Fifth Workshop on Formal

Formal Analysis of Correctness of a Strategy for the KRK Chess Endgame Fifth Workshop on Formal and Automated Theorem Proving and Applications. Belgrade, February 3-4, 2012. Marko Malikovi Mirko ubrilo Predrag Janii Faculty of Humanities

406 views • 27 slides
Uncertainty Analyses Using the MELCOR Uncertainty Analyses Using the MELCOR Severe Accident

Uncertainty Analyses Using the MELCOR Uncertainty Analyses Using the MELCOR Severe Accident

Uncertainty Analyses Using the MELCOR Uncertainty Analyses Using the MELCOR Severe Accident Analysis Code Severe Accident Analysis Code Randall O. Gauntt Analysis and Modeling Department, Sandia National Laboratories, Albuquerque NM, 87112,

755 views • 30 slides
1) R=I+C1=0+1=1,I= R/P3 *C3= 1/6 *2=2. Since R &lt;=

1) R=I+C1=0+1=1,I= R/P3 *C3= 1/6 *2=2. Since R &lt;=

Examples of Schedulability Analysis 1. a) Is the following set of periodic tasks schedulable under Rate Monotonic (RM)? b) How about under Deadline

57 views • 3 slides
Modelling, Specification and Formal Analysis of Complex Software Systems Precise Static Analysis

Modelling, Specification and Formal Analysis of Complex Software Systems Precise Static Analysis

Modelling, Specification and Formal Analysis of Complex Software Systems Precise Static Analysis of Programs with Dynamic Memory Mihaela Sighireanu IRIF, University Paris Diderot &amp; CNRS VTSA 2015 1 / 149 Outline Introduction 1 Formal

861 views • 68 slides
Uncertainty AIMA Chapter 13 Outline Uncertainty Uncertainty Probability Syntax and

Uncertainty AIMA Chapter 13 Outline Uncertainty Uncertainty Probability Syntax and

Uncertainty Uncertainty AIMA Chapter 13 Outline Uncertainty Uncertainty Probability Syntax and Semantics Inference Independence and Bayes Rule Uncertainty Uncertainty Let action A t = leave for airport t minutes before

999 views • 46 slides
E mission E stimation of Solid Waste Disposal Sites According to the Uncertainty Analysis

E mission E stimation of Solid Waste Disposal Sites According to the Uncertainty Analysis

2nd International Workshop on Uncertainty in GHG Inventories, IIASA, Laxenburg, Austria, 27 - 28 September 2007 E mission E stimation of Solid Waste Disposal Sites According to the Uncertainty Analysis Methodology Janka Szemesov Slovak

756 views • 37 slides
Quantifying Uncertainty in Engineering Analysis Mike Giles and Devendra Ghate

Quantifying Uncertainty in Engineering Analysis Mike Giles and Devendra Ghate

Quantifying Uncertainty in Engineering Analysis Mike Giles and Devendra Ghate giles@comlab.ox.ac.uk Oxford University Computing Laboratory Quantifying Uncertainty p. 1/18 Motivation Engineering analysis assumes perfect knowledge of the

501 views • 18 slides
Formal Models and Analysis for Self-Adaptive Cyber- Physical Systems International Conference on

Formal Models and Analysis for Self-Adaptive Cyber- Physical Systems International Conference on

Formal Models and Analysis for Self-Adaptive Cyber- Physical Systems International Conference on Formal Aspects of Component Software, Besanon, France, 19 th October 2016. Prof. Dr. Holger Giese Head of the System Analysis &amp; Modeling

704 views • 47 slides

More recommend