Input/Output Stochastic Automata with Urgency Confluence and - - PowerPoint PPT Presentation
Input/Output Stochastic Automata with Urgency Confluence and Determinism Pedro R. DArgenio 1 , 2 , Ra ul E. Monti 1 1 Universidad Nacional de C ordoba - CONICET - Argentina 2 Saarland University, Saarbr ucken, Germany ICTAC 2018 -
Input/Output Stochastic Automata with Urgency
Confluence and Determinism Pedro R. D’Argenio1,2, Ra´ ul E. Monti1
1Universidad Nacional de C´
2Saarland University, Saarbr¨
ucken, Germany
ICTAC 2018 - Stellenbosch
Table of Contents
Introduction Motivation Introducing urgent actions Weak determinism Conclusion
Table of Contents
Introduction Motivation Introducing urgent actions Weak determinism Conclusion
Introduction
Introduction
Table of Contents
Introduction Motivation Introducing urgent actions Weak determinism Conclusion
Former Input/Output Stochastic Automata
▸ S = states ▸ A = actions (AI ⊍AO) ▸ C = clocks
▸ x ∈ C ↦ µx
▸
→ ⊆ S × C × A × C × S
▸ + some rules ▸ Compositional ▸ Deterministic
s1 s2 {x},a,{y,z}
Parallel Composition I1∣∣I2 = (S1 × S2,A,C, →,C0,s1
0∣∣s2 0)
▸ AO = AO 1 ∪ AO 2 ▸ AI = (AI 1 ∪ AI 2) ∖ AO ▸ C = C1 ∪ C2 and C0 = C1 0 ∪ C2
s1
C,a,C ′
1
s1∣∣s2
C,a,C ′
1∣∣s2
a ∈ A1∖A2 s2
C,a,C ′
2
s1∣∣s2
C,a,C ′
2
a ∈ A2∖A1 s1
C1,a,C ′
1
1
s2
C2,a,C ′
2
2
s1∣∣s2
C1∪C2,a,C ′
1∪C ′ 2
1∣∣s′ 2
a ∈ A1∩A2
A Fault Tree modeling example
s4 s3 s2 s1 s6 s5 s8 s7 AND {},f 1?,{} {},f 2?,{} {},f 2?,{} {},f 1?,{} {x},f 1!,{} {y},f 2!,{}
A Fault Tree modeling example
s4 s3 s2 s1 s6 s5 s8 s7 AND {},f 1?,{} {},f 2?,{} {},f 2?,{} {},f 1?,{} {x},f 1!,{} {y},f 2!,{} s1∣∣s5∣∣s7 s3∣∣s5∣∣s8 s2∣∣s6∣∣s7 s1∣∣s5∣∣s7 ∣∣ {x},f 1!,{} {y},f 2!,{} {y},f 2!,{} {x},f 1!,{}
Deterministic closed IOSA
Composition problem
s4 s3 s2 s1 s6 s5 s8 s7 s10 s9 s11 s12 AND OR {},f 1?,{} {},f 2?,{} {},f 2?,{} {},f 1?,{} {x},f 1!,{} {y},f 2!,{} {z},f 3!,{} {},f 3?,{} {},?,{}
Composition problem
Synchronization ⇒ delay
s4 s3 s2 s1 s6 s5 s8 s7 s10 s9 s11 s12 AND OR {},f 1?,{} {},f 2?,{} {},f 2?,{} {},f 1?,{} {x},f 1!,{} {y},f 2!,{} {z},f 3!,{} {},f 3?,{} {},f ?,{} {w},f!,{}
Composition problem
Poor use of composition
s4 s3 s2 s1 s6 s5 s8 s7 s10 s9 Monolithic AND/OR {},f 1?,{} {},f 2?,{} {},f 2?,{} {},f 1?,{} {x},f 1!,{} {y},f 2!,{} {z},f 3!,{} {},f 3?,{}
Table of Contents
Introduction Motivation Introducing urgent actions Weak determinism Conclusion
Input/Output Stochastic Automata
with urgent actions
▸ S = states ▸ A = actions (AI ⊍AO)
and Au ⊆ A are urgent.
▸ C = clocks
▸ x ∈ C ↦ µx
▸
→ ⊆ S × C × A × C × S
▸ Compositional
s1 s2 {},a!!,{y,z}
Urgent IOSA are non-det. even for closed models Former IOSA
s1 s2 s3 {x},a!,{} {y},b!,{}
Urgent IOSA
s1 s2 s3 {},a!!,{} {},b!!,{}
Spurious non-determinism?
s0 s1 s2 s3 s4 s5 ∅,a!!,{x} ∅,b!!,{y} ∅,b!!,{y} ∅,a!!,{x} {x},c!,∅ {y},d!,∅ I confluent ⇒ I weak deterministic.
Confluence (from Milner)
a and b urgent actions:
s s1 s2 s3 ∅,a,C1 ∅,b,C2 ∅,b,C2 ∅,a,C1
Proposition If I1 and I2 are confluent, I1∣∣I2 is also confluent.
Weak determinism
Definition
We say that a closed IOSA is weakly deterministic if (i) almost surely at most one discrete non-urgent transition is enabled at every time point, (ii) the election over enabled urgent transitions does not affect the non urgent-behavior of the model, and (iii) no non-urgent output and urgent output are enabled simultaneously.
Weak transition
s0 s1 s2 s3 s4 s5 ∅,a!!,{x} ∅,b!!,{y} ∅,b!!,{y} ∅,a!!,{x} {x},c!,∅ {y},d!,∅ s0 {},τ,{x,y} s3 s4 s5 {x},c!,∅ {y},d!,∅
IOSA semantics
Given an IOSA I = (S,A,C, →,C0,s0) with C = {x1,...,xN}, its semantics is defined by the NLMP P(I) = (S,B(S),{Ta ∣ a ∈ L}) where
▸ S = (S ∪ {init}) × RN, L = A ∪ R>0 ∪ {init}, with
init ∉ S ∪ A ∪ R>0
▸ Tinit(init, ⃗
v) = {δs0 × ∏N
i=1 µxi}, ▸ Ta(s, ⃗
v) = {µ⃗
v C ′,s′ ∣ s C,a,C ′
v(i) ≤ 0}, for all a ∈ A, where µ⃗
v C ′,s′ = δs′ × ∏N i=1 µxi with µxi = µxi if xi ∈ C ′ and
µxi = δ⃗
v(i) otherwise, and ▸ Td(s, ⃗
v) = {δs × ∏N
i=1 δ⃗ v(i)−d} if there is no urgent b ∈ Ao ∩ Au
for which s
,b,
and 0 < d ≤ min{⃗ v(i) ∣ ∃a∈Ao,C ′⊆C,s′∈S ∶ s
{xi},a,C ′
Td(s, ⃗ v) = ∅ otherwise, for all d ∈ R≥0.
Discrete vs Continuous Confluence
s0 s1 s2 s3 τ τ τ τ
Discrete vs Continuous Confluence
s0 s1 s2 s3 τ τ τ τ
Discrete vs Continuous Confluence
s0 s1 s2 s3 τ τ τ τ
Table of Contents
Introduction Motivation Introducing urgent actions Weak determinism Conclusion
Weak Transition
Definition
We define (s, ⃗ v)
C
(T1) s
∅,τ,C
st (s′) (s, ⃗ v)
C
v C,s′
(T2) s
∅,τ,C ′
∀⃗ v′ ∈ RN ∶ ∃C ′′,µ′ ∶ (s′, ⃗ v′)
C ′′
(s, ⃗ v)
C ′∪C ′′
µ Where µ⃗
v C,s is defined as in IOSA semantics and
ˆ µ = ∫S×RN f C ′′
n
dµ⃗
v C ′,s′, with f C ′′ n
(t, ⃗ w) = ν, if (t, ⃗ w)
C ′′
f C ′′
n
(t, ⃗ w) = 0 otherwise. We define the weak transition (s, ⃗ v) ⇒ µ if (s, ⃗ v)
C
Weak determinism
Definition
A closed IOSA I is weakly deterministic if ⇒ is well defined in I and, in P(I), any state (s,v) ∈ S that satisfies one of the following conditions is almost never reached from any (init,v0) ∈ S: (a) s is stable and ∪a∈A∪{init}Ta(s,v) contains at least two different probability measures, (b) s is not stable, (s,v) ⇒ µ, (s,v) ⇒ µ′ and µ ≠ µ′, or (c) s is not stable and (s,v)
a
Theorem
Every closed confluent IOSA is weakly deterministic.
Table of Contents
Introduction Motivation Introducing urgent actions Weak determinism Conclusion
Conclusion and Bonus
▸ IOSA allows to compositionally model general distributed
stochastic systems. It behaves deterministically under confluence conditions, hence it is amenable to discrete event simulation.
▸ Non confluent components may yield a confluent closed IOSA.
Sufficient conditions for weak determinism.
▸ We achieved a deterministic general distributed model of
Repairable Fault Trees. We do rare event simulation with the FIG tool.
Conclusion and Bonus
▸ We achieved a deterministic general distributed model of
Repairable Fault Trees. We do rare event simulation with the FIG tool.