Lecture 11: Timed Automata 2014-07-01 Dr. Bernd Westphal 11 - PowerPoint PPT Presentation

Real-Time Systems Lecture 11: Timed Automata 2014-07-01 Dr. Bernd Westphal – 11 – 2014-07-01 – main – Albert-Ludwigs-Universit¨ at Freiburg, Germany

Contents & Goals Last Lecture: • DC (un)decidability This Lecture: • Educational Objectives: Capabilities for following tasks/questions. • what’s notable about TA syntax? What’s simple clock constraint? • what’s a configuration of a TA? When are two in transition relation? • what’s the difference between guard and invariant? Why have both? • what’s a computation path? A run? Zeno behaviour? • Content: – 11 – 2014-07-01 – Sprelim – • Timed automata syntax • TA operational semantics 2 /32

Content Introduction • First-order Logic • Timed Automata (TA), Uppaal • Networks of Timed Automata • Duration Calculus (DC) • Region/Zone-Abstraction • Semantical Correctness • Extended Timed Automata Proofs with DC • Undecidability Results • DC Decidability • DC Implementables • PLC-Automata λ 0 obs : Time → D ( obs ) – 11 – 2014-07-01 – Sprelim – � obs 0 , ν 0 � , t 0 − → � obs 1 , ν 1 � , t 1 . . . • Automatic Verification ... • ...whether TA satisfies DC formula, observer-based 3 /32

Example: Off/Light/Bright – 11 – 2014-07-01 – main – 5 /32

Example press ? press ? press ? off light bright press ? – 11 – 2014-07-01 – Sexa – 6 /32

Example press ? press ? press ? off light bright x := 0 x ≤ 3 press ? x > 3 – 11 – 2014-07-01 – Sexa – 6 /32

Example press ? press ? press ? off light bright x := 0 x ≤ 3 press ? x > 3 User: press ! press ! press ! ℓ 0 ℓ 1 ℓ 2 ℓ 3 – 11 – 2014-07-01 – Sexa – y := 0 y := 0 y < 2 press ! ℓ 4 press ! y > 3 6 /32

Example Cont’d Problems: press ? • Deadlock freedom [Behrmann et al., 2004] press ? press ? off light bright • Location Reachability x := 0 x ≤ 3 (“Is this user able to reach press ? ‘bright’?”) x > 3 • Constraint Reachability � (“Can the controller’s clock go past 5 ?”) press ! press ! press ! ℓ 0 ℓ 1 ℓ 2 ℓ 3 y := 0 y := 0 y < 2 – 11 – 2014-07-01 – Sexa – press ! ℓ 4 press ! y > 3 7 /32

Plan press ? • Pure TA syntax press ? press ? off light bright x := 0 x ≤ 3 • channels, actions press ? x > 3 • (simple) clock constraints • Def. TA • Pure TA operational semantics • clock valuation, time shift, modification • operational semantics • discussion • Transition sequence, computation path, run press ? • Network of TA press ? press ? off light bright • parallel composition (syntactical) x := 0 x ≤ 3 press ? • restriction x > 3 – 11 – 2014-07-01 – Sexa – � • network of TA semantics press ! press ! press ! ℓ 0 ℓ 1 ℓ 2 ℓ 3 y := 0 y := 0 y < 2 • Uppaal Demo press ! • Region abstraction; zones ℓ 4 press ! y > 3 • Extended TA ; Logic of Uppaal 8 /32

– 11 – 2014-07-01 – main – Pure TA Syntax 9 /32

Channel Names and Actions To define timed automata formally, we need the following sets of symbols: • A set ( a, b ∈ ) Chan of channel names or channels . • For each channel a ∈ Chan, two visible actions : a ? and a ! denote input and output on the channel ( a ? , a ! / ∈ Chan). • τ / ∈ Chan represents an internal action , not visible from outside. • ( α, β ∈ ) Act := { a ? | a ∈ Chan } ∪ { a ! | a ∈ Chan } ∪ { τ } is the set of actions . • An alphabet B is a set of channels , i.e. B ⊆ Chan. • For each alphabet B , we define the corresponding action set – 11 – 2014-07-01 – Stasyn – B ?! := { a ? | a ∈ B } ∪ { a ! | a ∈ B } ∪ { τ } . • Note: Chan ?! = Act . 10 /32

Example press ? press ? press ? off light bright x := 0 x ≤ 3 press ? x > 3 press ! press ! press ! ℓ 0 ℓ 1 ℓ 2 ℓ 3 – 11 – 2014-07-01 – Stasyn – y := 0 y := 0 y < 2 press ! ℓ 4 press ! y > 3 11 /32

Simple Clock Constraints • Let ( x, y ∈ ) X be a set of clock variables (or clocks ). • The set ( ϕ ∈ ) Φ( X ) of ( simple ) clock constraints (over X ) is defined by the following grammar: ϕ ::= x ∼ c | x − y ∼ c | ϕ 1 ∧ ϕ 2 where • x, y ∈ X , • c ∈ Q + 0 , and • ∼∈ { <, >, ≤ , ≥} . – 11 – 2014-07-01 – Stasyn – • Clock constraints of the form x − y ∼ c are called difference constraints . 12 /32

Example press ? press ? press ? off light bright x := 0 x ≤ 3 press ? x > 3 press ! press ! press ! ℓ 0 ℓ 1 ℓ 2 ℓ 3 – 11 – 2014-07-01 – Stasyn – y := 0 y := 0 y < 2 press ! ℓ 4 press ! y > 3 13 /32

Timed Automaton Definition 4.3. [ Timed automaton ] A (pure) timed automaton A is a structure A = ( L, B, X, I, E, ℓ ini ) where • ( ℓ ∈ ) L is a finite set of locations (or control states ), • B ⊆ Chan, • X is a finite set of clocks, • I : L → Φ( X ) assigns to each location a clock constraint, its invariant , • E ⊆ L × B ?! × Φ( X ) × 2 X × L a finite set of directed edges . – 11 – 2014-07-01 – Stasyn – Edges ( ℓ, α, ϕ, Y, ℓ ′ ) from location ℓ to ℓ ′ are labelled with an action α , a guard ϕ , and a set Y of clocks that will be reset . • ℓ ini is the initial location . 14 /32

Graphical Representation of Timed Automata A = ( L, B, X, I, E, ℓ ini ) • Locations ( control states ) and their invariants: ℓ ℓ ini I ( ℓ ) I ( ℓ ini ) or ℓ ℓ ini I ( ℓ ) I ( ℓ ini ) • Edges : ( ℓ, α, ϕ, Y, ℓ ′ ) ∈ L × B ?! × Φ( X ) × 2 X × L – 11 – 2014-07-01 – Stasyn – a ! ℓ ′ ℓ y < 10 x < 3 x ≤ 3 ∧ y > 2 x := 0 15 /32

Pure TA Operational Semantics – 11 – 2014-07-01 – main – 16 /32

Clock Valuations • Let X be a set of clocks. A valuation ν of clocks in X is a mapping ν : X → Time assigning each clock x ∈ X the current time ν ( x ) . • Let ϕ be a clock constraint. The satisfaction relation between clock valuations ν and clock constraints ϕ , denoted by ν | = ϕ , is defined inductively: • ν | = x ∼ c iff ν ( x ) ∼ c • ν | = x − y ∼ c iff ν ( x ) − ν ( y ) ∼ c • ν | = ϕ 1 ∧ ϕ 2 iff ν | = ϕ 1 and ν | = ϕ 2 – 11 – 2014-07-01 – Stasem – 17 /32

Clock Valuations • Let X be a set of clocks. A valuation ν of clocks in X is a mapping ν : X → Time assigning each clock x ∈ X the current time ν ( x ) . • Let ϕ be a clock constraint. The satisfaction relation between clock valuations ν and clock constraints ϕ , denoted by ν | = ϕ , is defined inductively: • ν | = x ∼ c iff ν ( x ) ∼ c • ν | = x − y ∼ c iff ν ( x ) − ν ( y ) ∼ c • ν | = ϕ 1 ∧ ϕ 2 iff ν | = ϕ 1 and ν | = ϕ 2 – 11 – 2014-07-01 – Stasem – • Two clock constraints ϕ 1 and ϕ 2 are called ( logically ) equivalent if and only if for all clock valuations ν , we have ν | = ϕ 1 if and only if ν | = ϕ 2 . In that case we write | = ϕ 1 ⇐ ⇒ ϕ 2 . 17 /32

Operations on Clock Valuations Let ν be a valuation of clocks in X and t ∈ Time. • Time Shift We write ν + t to denote the clock valuation (for X ) with ( ν + t )( x ) = ν ( x ) + t. for all x ∈ X , • Modification Let Y ⊆ X be a set of clocks. We write ν [ Y := t ] to denote the clock valuation with – 11 – 2014-07-01 – Stasem – � t , if x ∈ Y ( ν [ Y := t ])( x ) = ν ( x ) , otherwise Special case reset : t = 0 . 18 /32

Operational Semantics of TA Definition 4.4. The operational semantics of a timed automaton A = ( L, B, X, I, E, ℓ ini ) is defined by the (labelled) transition system T ( A ) = ( Conf ( A ) , Time ∪ B ?! , { λ − →| λ ∈ Time ∪ B ?! } , C ini ) where • Conf ( A ) = {� ℓ, ν � | ℓ ∈ L, ν : X → Time , ν | = I ( ℓ ) } • Time ∪ B ?! are the transition labels, • there are delay transition relations � ℓ, ν � λ – 11 – 2014-07-01 – Stasem – → � ℓ ′ , ν ′ � , λ ∈ Time − and action transition relations � ℓ, ν � λ − → � ℓ ′ , ν ′ � , λ ∈ B ?! . ( → later slides ) • C ini = {� ℓ ini , ν 0 �} ∩ Conf ( A ) with ν 0 ( x ) = 0 for all x ∈ X is the set of initial configurations . 19 /32

Operational Semantics of TA Cont’d A = ( L, B, X, I, E, ℓ ini ) T ( A ) = ( Conf ( A ) , Time ∪ B ?! , { λ − →| λ ∈ Time ∪ B ?! } , C ini ) • Time or delay transition : � ℓ, ν � t − → � ℓ, ν + t � if and only if ∀ t ′ ∈ [0 , t ] : ν + t ′ | = I ( ℓ ) . “Some time t ∈ Time elapses respecting invariants, location unchanged.” • Action or discrete transition : � ℓ, ν � α → � ℓ ′ , ν ′ � − – 11 – 2014-07-01 – Stasem – if and only if there is ( ℓ, α, ϕ, Y, ℓ ′ ) ∈ E such that ν ′ = ν [ Y := 0] , and ν ′ | = I ( ℓ ′ ) . ν | = ϕ, “An action occurs, location may change, some clocks may be reset, time does not advance .” 20 /32