tctl model checking lower upper bound
play

TCTL model checking lower/upper-bound Introduction parametric timed - PowerPoint PPT Presentation

TCTL model checking lower/upper-bound parametric timed automata without invariants TCTL model checking lower/upper-bound Introduction parametric timed automata without Parametric timed automata invariants Model checking with unknown


  1. TCTL model checking lower/upper-bound parametric timed automata without invariants TCTL model checking lower/upper-bound Introduction parametric timed automata without Parametric timed automata invariants Model checking with unknown constants Decision problems for parametric timed automata Contributions U-PTA L/U-PTA FORMATS 2018 Conclusion ´ Etienne Andr´ e ∗ , Didier Lime ∗∗ & Mathias Ramparison ∗ References *LIPN, Universit´ e Paris 13 **LS2N, ´ Ecole Centrale de Nantes September 5th, 2018 1/18

  2. TCTL model Outline checking lower/upper-bound parametric timed automata without invariants Introduction Introduction Parametric timed automata Parametric timed automata Model checking with unknown constants Model checking with unknown constants Decision problems for parametric timed automata Decision problems for parametric timed automata Contributions U-PTA Contributions L/U-PTA U-PTA Conclusion L/U-PTA References Conclusion References 2/18

  3. TCTL model Introduction checking lower/upper-bound parametric timed automata without invariants Introduction Parametric timed ◮ Discovering a bug during a test of a system can be very automata Model checking with unknown constants expensive Decision problems for parametric timed automata ◮ Can have dramatical consequences in critical Contributions embedded system: autonomous car, in aeronautics... U-PTA L/U-PTA Conclusion References 3/18

  4. TCTL model Introduction checking lower/upper-bound parametric timed automata without invariants Introduction Parametric timed ◮ Discovering a bug during a test of a system can be very automata Model checking with unknown constants expensive Decision problems for parametric timed automata ◮ Can have dramatical consequences in critical Contributions embedded system: autonomous car, in aeronautics... U-PTA L/U-PTA ◮ Need for formal verification to ensure ahead the good Conclusion behavior of a system References 3/18

  5. TCTL model Model checking checking lower/upper-bound parametric timed automata without invariants ◮ Model of a system: Introduction l 1 l 2 Parametric timed automata Model checking with unknown constants Decision problems for parametric timed automata Contributions l 3 U-PTA L/U-PTA Conclusion l 3 References ◮ A property of the system: is reachable ◮ Check whether the system satisfies the property ◮ Timed Automata [AD94] is a powerful formalism when all timing constants are known 4/18

  6. TCTL model Model checking with unknown constants checking lower/upper-bound parametric timed automata without invariants ◮ What if all constants are not specified ahead? ◮ Model of a system with parameters: Introduction Parametric timed l 1 l 2 automata Model checking with unknown constants Decision problems for p 1 � clock parametric timed automata Contributions p 2 = clock U-PTA L/U-PTA l 3 Conclusion References l 3 ◮ A property of the system: is reachable ◮ Compute the values of p 1 , p 2 such that the system satisfies the property 5/18

  7. TCTL model Example of parametric timed automaton checking lower/upper-bound A parametric timed automaton [AHV93] which models a parametric timed parametric coffee machine automata without invariants serve: y = p 2 Introduction Parametric timed automata Model checking with unknown constants l 1 l 2 l 3 Decision problems for press: prepare: parametric timed automata x := 0 y = p 1 Contributions y := 0 U-PTA press again: L/U-PTA y � 5 , x > 1 Conclusion x := 0 References ◮ Locations : { l 1 , l 2 , l 3 } , clocks : { x , y } , action : { press, press again, prepare, serve } ◮ Guard ( press again ) = { y � 5 ∧ x � 0 } , Guard ( prepare ) = { y = p 1 } , Guard ( serve ) = { y = p 2 } ◮ Reset ( press ) = { x , y := 0 } , Reset ( press again ) = { x := 0 } 6/18

  8. TCTL model Example of parametric timed automaton checking lower/upper-bound parametric timed automata without A parametric timed automaton [AHV93] which models a invariants parametric coffee machine serve: Introduction y = p 2 Parametric timed automata Model checking with unknown constants Decision problems for parametric timed automata l 1 l 2 l 3 press: prepare: Contributions U-PTA x := 0 y = p 1 L/U-PTA y := 0 press again: Conclusion y � 5 , x > 1 References x := 0 � press � press again ◮ A possible run if p 1 = 2 , p 2 = 3: � � l 1 , ( 0 , 0 ) l 2 , ( 0 , 0 ) − → − → 2 1 . 1 � prepare � serve � � � � l 2 , ( 0 , 1 . 1 ) l 3 , ( . 9 , 2 ) l 1 , ( 1 . 9 , 3 ) − → − → . 9 1 ◮ The same run is impossible if p 1 = 5 , p 2 = 2. 6/18

  9. TCTL model Flat (no nesting) TCTL decision problems for checking lower/upper-bound PTAs parametric timed automata without invariants ◮ EF-emptiness : is the set of parameter valuations s.t. Introduction there exists a run reaching l in the instantiated TA Parametric timed empty ? automata Model checking with ◮ EF-universality : are all parameter valuations s.t. there unknown constants Decision problems for exists a run reaching l in the instantiated TA parametric timed automata Contributions ◮ EG-emptiness : is the set of valuations for which one U-PTA L/U-PTA infinite or finite maximal runs always remains in a given Conclusion set of locations empty? References ◮ AF-emptiness : is the set of valuations for which all runs eventually reach a given location empty? (equivalent to EG -universality) ◮ AG-emptiness : is the set of valuations for which all infinite or finite maximal run always remain in a given set of locations empty? 7/18

  10. TCTL model Challenges for parametric timed automata checking lower/upper-bound parametric timed automata without invariants Introduction Parametric timed automata ◮ EF -emptiness problem: proved undecidable in general Model checking with unknown constants case [AHV93], unbounded integer-valued parameters, Decision problems for parametric timed automata (un)bounded rational valued parameters and even with Contributions only one bounded parameter [Mil00] U-PTA L/U-PTA ◮ To recover decidability, we need to add restrictions on Conclusion parameters, or restrain the PTA syntax References 8/18

  11. TCTL model L/U-PTA checking lower/upper-bound parametric timed automata without Lower/upper bound PTAs (L/U-PTAs) introduced in invariants [HRSV02]. Here is an L/U-PTA without invariant. Introduction Parametric timed serve: automata y = 8 Model checking with unknown constants Decision problems for parametric timed automata Contributions l 1 l 2 l 3 U-PTA L/U-PTA press: prepare: Conclusion x := 0 y = 5 y := 0 References press again: y � p 1 , x > p 2 x := 0 Comparison with: ◮ Upper-bound parameter p 1 . ◮ Lower-bound parameter p 2 . 9/18

  12. TCTL model U-PTA checking lower/upper-bound U-PTAs [BL09]: no undecidability result, and almost all parametric timed automata without decidability results are from L/U-PTAs invariants ◮ Decidability of EF-emptiness and universality for Introduction integer-valued U-PTAs [BL09] Parametric timed ◮ Decidability language preservation synthesis for one automata parameter and a deterministic automaton [AM15] Model checking with unknown constants Decision problems for Here is a U-PTA without invariant. parametric timed automata Contributions serve: U-PTA L/U-PTA y = 8 Conclusion References l 1 l 2 l 3 press: prepare: x := 0 y = 5 y := 0 press again: y � p , x > 1 x := 0 Upper-bound parametric guard: y � p . 10/18

  13. TCTL model Current results and contributions checking lower/upper-bound parametric timed integer-valued automata without Class U-PTAs L/U-PTAs L/U-PTAs PTAs invariants without invariant EF [HRSV02] [HRSV02] [HRSV02] [AHV93, Mil00] AF open open [JLR15] [JLR15] Introduction EG open open [AL17] [AL17] AG [HRSV02] [HRSV02] [HRSV02] [ALR16a] Parametric timed flat TCTL open open [JLR15] [AHV93] automata TCTL open open [JLR15] [AHV93] Model checking with unknown constants Decision problems for Table: Decidability of the emptiness problems for PTAs and parametric timed automata subclasses Contributions U-PTA L/U-PTA Conclusion Contributions: References ◮ Undecidability of non-flat TCTL (with nesting) for unbounded U-PTA without invariant ◮ Undecidability of non-flat TCTL for bounded U-PTAs without invariant ◮ Decidability of EG-emptiness/universality (in PSPACE) for integer-valued L/U-PTAs without invariant 11/18

  14. TCTL model U-PTA checking lower/upper-bound parametric timed automata without U-PTAs without invariant with rational-valued parameters invariants over dense time. Introduction Parametric timed automata Model checking with unknown constants Decision problems for parametric timed automata Contributions U-PTA L/U-PTA Conclusion References 12/18

Recommend


More recommend