Control from Computer Science Oded Maler CNRS-VERIMA G - PDF document

Control from Computer Science Oded Maler CNRS-VERIMA G Grenoble, F rance

Control from Computer Science Oded Maler Mo del-based System Design Experiments World Formal Model Thinking I O Analysis Design Implementation Controller Abstract Controller 1

Control from Computer Science Oded Maler The Co�ee Machine Coins Drinks Physics-Info rmation Info rmation Pro cessing Coins Buttons st-coffee coin-out st-tea done 3 6 9 reset drink-ready cancel M M 1 2 2 5 8 ok coin-in 1 4 7 req-coffee req-tea P o rt F rom ! T o Event t yp es Meaning 1 E M a coin w as inserted coin-in ! 1 2 E M cancel button p ressed cancel ! 1 3 M E release the coin ! coin-out 1 4 M M su�cient money inserted ! ok 1 2 5 M M money returned to user ! reset 1 2 6 M M drink distribution ended ! done 2 1 7 co�ee button p ressed E M ! req-coffee 2 tea button p ressed req-tea 8 drink p repa ration ended E M ! drink-ready 2 9 sta rt p repa ring co�ee M E st-coffee ! 2 sta rt p repa ring tea st-tea 2

Control from Computer Science Oded Maler The Tw o Sub-Machines M 1 coin-in / ok 0 1 done / cancel / coin-out , reset M 2 drink-ready / done C req-coffee / st-coffee ok / A B reset / req-tea / st-tea D drink-ready / done 3

Control from Computer Science Oded Maler The Global Mo del drink-ready / req-coffee / st-coffee 1 C 0 C coin-in / cancel / coin-out 0 A 1 B cancel / coin-out cancel / coin-out 1 D 0 D req-tea / st-tea drink-ready / No rmal b ehavio rs: 0 A 1 B 0 A coin-in cancel coin-out 0 A 1 B coin-in req-coffee st-coffee 1 C 0 A drink-ready 4

Control from Computer Science Oded Maler An Unexp ected Behavio r drink-ready / req-coffee / st-coffee 1 C 0 C coin-in / cancel / coin-out 0 A 1 B cancel / coin-out cancel / coin-out 1 D 0 D req-tea / st-tea drink-ready / 0 A 1 B 1 C coin-in req-coffee st-coffee cancel 0 C 0 A coin-out drink-ready 5

Control from Computer Science Oded Maler Fixing the Bug M 1 coin-in / lock / ok 0 1 2 cancel / coin-out , reset done / M 2 drink-ready / done C ok / req-coffee / st-coffee , lock A B reset / req-tea / st-tea , lock D drink-ready / done 6

Control from Computer Science Oded Maler Fixing the Bug { the Global Mo del drink-ready / 2 C req-coffee / st-coffee coin-in / 0 A 1 B cancel / coin-out req-tea / st-tea 2 D drink-ready / 7

Control from Computer Science Oded Maler The Mo ral of the Sto ry 1) Many systems can b e mo deled as a comp osition of interacting automata (transition systems, discrete event systems). 2) P otential b ehavio rs of the system co rresp ond to paths in the global transition graph of the system. 3) These paths a re lab eled b y input events . Each input sequence might generate a di�erent b ehavio r . 4) W e w ant to mak e sure that a system resp onds co rrectly to all conceivable inputs. 5) F o r every individual input sequence w e can simulate the reaction of the system. But w e cannot do it exhaustively due to the huge numb er of input sequences. 6) V eri�cation is a collection of automatic and semi- automatic metho ds to analyze all the paths in the graph. 7) This is ha rd fo r humans to do and even fo r computers. 8

Control from Computer Science Oded Maler Mo del I: Closed Systems A transition system is = ( X ) where is �nite S ; � X ! and : is the transition function. � X X The state-space has no numerical meaning and X no interesting structure. k � X is the set of all sequences of length k ; X the set of all sequences. Behavio r: The b ehavio r of sta rting from an initial S 2 state , is x X 0 2 � = [0] ; [1] ; � � � : : : X s.t. [0] = and fo r every i , � x 0 � [ i + 1] = � ( � [ i ]) Basic Reachabilit y Problem: Given and a set x 0 � , do es the b ehavio r of sta rting at reach P X S x 0 ? P 9

Control from Computer Science Oded Maler Solution b y F o rw a rd Simulation [0] := x � 0 0 f x g F := 0 rep eat [ k + 1] := � ( � [ k ]) � +1 k k := [ f � [ i + 1] g F F +1 k k until = F F k := F F � x x 2 4 x 1 x x 3 5 f x g ; f x g ; f x g ; f x g ; x ; x ; x ; x ; x ; x 1 1 2 1 2 3 1 2 3 5 Ho w to do it fo r continuous system de�ned b y _ = x f ( x ) ? 10

Control from Computer Science Oded Maler Mo del I I: Systems with One Input A one-input transition system is = ( X ) where S ; V ; � � ! X and V a re �nite � : X V X is the transition function. Behavio r Induced b y Input: Given an input sequence 2 � , the b ehavio r of sta rting from 2 in V S x X 0 the p resence of is a sequence � ( ) = [0] ; [1] ; 2 suc h that � � � : : : X � [ i + 1] = � ( � [ i ] ; [ i ]) : v v 1 1 x x 2 4 v ; v v 1 2 v 1 x 2 1 v 1 x x v 3 5 2 v v 2 2 v v v v v 1 2 2 1 1 � ! � ! � ! � ! � ! x x x x x x 1 2 3 5 2 4 11

Control from Computer Science Oded Maler Reachabilit y fo r Op en Systems The reachabilit y p roblem: Is there some input 2 � sequence V such that � ( ) reaches P ? F o r every given w e can use the p revious algo rithm, simulate and obtain ( ) . F � F o r an automaton with n states all states a re reachable b y sequences of length < n . [ = ( ) F F � � n � 2 V x 1 v v 1 2 x x 2 3 v v v v 1 2 1 2 x x x x 4 3 1 5 v v v v v v v v 1 2 1 2 1 2 1 2 x x x x x x x x 5 5 4 5 2 3 2 5 12

Control from Computer Science Oded Maler A Mo re E�cient W a y Many di�erent inputs lead to the same state. Immediate successo rs: ( x ) = f x 0 : 9 u ( x; u ) = 0 g � � x Successo rs of a set : ( F ) = f � ( x ) : 2 g F � x F F o rw a rd reachabilit y algo rithm (b readth-�rst): 0 := f x g F 0 rep eat +1 k k k := [ ( F ) F F � +1 k k until = F F k := F F � x 1 v v 1 2 x x 2 3 v v v v 1 2 1 2 x x x x 4 3 1 5 v v v v 1 2 1 2 x x x x 5 5 2 5 � � j V j ) Complexit y: only O ( n log n 13

Control from Computer Science Oded Maler V a riations: Depth-First and Backw a rds Depth-�rst: x 1 v v 1 2 x x 2 3 v 1 x x 4 3 v v v v 1 2 1 2 x x x x x 5 5 5 4 5 v v 1 2 x x 2 5 Backw a rds: �nd all states from which there is an input leading to . P Immediate p redecesso rs: � 1 ( x ) = f x 0 : 9 u ( x 0 u ) = x g � � ; 0 F := P rep eat k +1 k � 1 k [ F := F � ( F ) k +1 k until F = F k := F F � 14

Control from Computer Science Oded Maler Admissible Inputs So fa r w e have assumed that the external environment can generate all sequences in � . V Sometimes w e have a mo re restricted environment, e.g. it will never p ro duce v v . W e can build 1 1 an automaton which mo dels the environment and comp ose it with the mo del of the system. v v 1 1 x x 2 4 v ; v v v 1 2 1 x 2 1 v 1 x x v 3 5 2 v v 2 2 v 2 v 1 v 2 v 1 x 2 v v 1 x 2 1 v 1 x x v 3 5 2 v v 2 2 15

Control from Computer Science Oded Maler V eri�cation: The State-of-the-Art There a re algo rithms that tak e a description of any op en system and verify whether any of the admissible inputs drives the system into a set . Such P algo rithms alw a ys terminate after a �nite numb er of steps. This is essentially what veri�cation is all ab out. The result is general: it is valid fo r every discrete �nite-state system. Of course, �nite systems can b e very la rge and sp ecial tricks a re needed to verify them. The analogue fo r continuous systems: do the same fo r a system de�ned b y _ = ( x; u ) . x f 16

Control from Computer Science Oded Maler Systems with t w o Inputs A t w o-input transition system is = ( X ) S ; U ; V ; � where , and a re �nite sets and : � � ! X U V � X U V is the transition function. X v v 1 2 u 2 v 1 v v 2 1 v x x x 2 1 2 4 u u u 1 1 1 u u 2 2 v ; v 1 2 v v 1 v 1 2 u 1 v 2 x x 3 5 v v 2 1 u 2 v v 1 2 ( x ) = ( x ) = � ; u ; v x � ; u ; v x 1 1 1 1 1 1 2 2 ( x ) = ( x ) = � ; u ; v x � ; u ; v x 1 2 1 2 1 2 2 4 The b ehavio r in the p resence of t w o inputs, 2 � � U 2 and � : a sequence ( � ) s.t. V � ; [ i + 1] = ( � [ i ] ; [ i ] ; [ i ]) � � � 17