Modeling and Analysis of Real -Time Systems with Mutex Components - PowerPoint PPT Presentation

Modeling and Analysis of Real -Time Systems with Mutex Components APDCM’10 Guoqiang Li 1 , Xiaojuan Cai 1 ,Shoji Yuen 2 1 BASICS, Shanghai Jiao Tong University 2 Graduate School of Information Science, Nagoya University 19th, April. 2010 APDCM’10 1 / 19

Backgrounds and Aims Formal models for complex real-timed systems (e.g. timed automata). A real-time system consists of several functionally independent components that interact with each other, e.g. processors, controllers, various chips, etc. Synchronization is modeled by parallel composition of timed automata [RTSS’95] Mutex . . . In synthesis of a whole system, the “global” control of components is a key issue in design. Whether such a synthesis is decidable? APDCM’10 2 / 19

Timed Automata [Alur & Dill TCS 94] a , x := 0 , y := 0 y > 30 y > 25 b , x := 0 , y := 0 x ≤ 6 x ≤ 5 x ≥ 6 , y ≤ 30, x := 0 x ≥ 5 , y ≤ 25, x := 0 APDCM’10 3 / 19

� � � � Parallel Composition [Wang Yi et. al. RTSS’95] Actions are divided into two disjoint sets Σ = E ∪ H , for external and internal actions respectively. External actions E are partitioned to two disjoint sets E = E o ∪ E i , for triggering symbols, ranged over by a ! , b ! , . . . , and triggered symbols, ranged over by a ? , b ? , . . . . � � � � � � off � � � � � � x>10 press? press? � � � � � � press !, x := 0 x:=0 dim press? � � � � � � � � � � � � x<=10 press? � � � � �� � � � � � �� � x < 10 bright � � � � � � press !, x ≥ 10, x := 0 APDCM’10 4 / 19 � � � ℄ � � � � ℄ � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � �� � � � � � � � � � �℄ � � � � � � � � � � � � � � � � � � � � � �

Why Need Controller Automata? Usually, mutex can be implemented by synchronization. However, in real-time system, time in an awaited component will elapse when it hangs up. There are three relations for two mutex components: Competition e.g., Reading/Writing a shared buffer Preemption and Resumption e.g., Interrupt Controller automata provide global controls among a group of timed automata. APDCM’10 5 / 19

Controller Automata Controller automata provide transitions for timed automata that represents different components. There are three kinds of transitions, push, pop and internal actions. x 1 < 2 x 2 < 3 x 2 ≥ 3, x 2 := 0 x ≥ 2, x 1 := 0 W T P RD P release ! release ! 0 require ? require ? x 1 < 2 x 2 < 3 = ⇒∈ δ int W T P , x 1 ≥ 2 ∧ y 1 ≤ 25, x 1 := 0 RD P , x 2 ≥ 3 ∧ y 2 ≤ 30, x 2 := 0 APDCM’10 6 / 19

An Example: Reading/Writing with Priority x 1 < 2 x 2 < 3 y 2 ≥ 20 x 1 ≥ 2, x 1 := 0 x 2 ≥ 3, x 2 := 0 W T P RD P release W ! release R ! ERR I. 0 II. require W ? require R ? x 1 < 2 x 2 < 3 require W ? W T P , x 1 ≥ 2 ∧ y 1 ≤ 25, x 1 := 0 RD P , x 2 ≥ 3 ∧ y 2 ≤ 30, x 2 := 0 : δ push : δ pop APDCM’10 7 / 19

Time Lag in Timed Automata When a timed automaton is preempted by another one, the system will stop running current timed automaton, store the current status, and begin to run the latter timed automaton. A time lag adds a location and a fresh clock to wait a certain time when preempted by another timed automata. x := 0 , y := 0 y > 30 y > 25 x := 0 , y := 0 x ≤ 6 x ≥ 6 , y ≤ 30, x := 0 x ≥ 5 , y ≤ 25, x := 0 APDCM’10 8 / 19

Time Lag in Timed Automata When a timed automaton is preempted by another one, the system will stop running current timed automaton, store the current status, and begin to run the latter timed automaton. A time lag adds a location and a fresh clock to wait a certain time when preempted by another timed automata. x := 0 , y := 0 , x p := 0 y > 30 y > 25 x := 0 , y := 0 x p ≤ 0 ∨ x ≤ 6 x p ≤ t x p ≥ t x p ≥ t x ≥ 6 , y ≤ 30, x := 0 x ≥ 5 , y ≤ 25, x := 0 , x p := 0 APDCM’10 9 / 19

Running Controller Automata ∅ 1 0 ⊤ , b pop pat ?, x := 0 pat ?, x < 2 pat ?, x < 2 pat ? , ⊤ , ∅ turn ? , ⊤ , ∅ c pop , ⊤ , ∅ x > 25 0 2 x < trigger p !, x ≥ 2, x := 0 > x 3 , 0 ? t a p 5 0 turn ? , ⊤ , ∅ trigger q !, 2 ≤ x ≤ 30, x := 0 pat ?, x := 0 2 a pop ⊤ , ∅ pat ?, x := 0 1 x run ≤ 50 3 4 : δ push trigger q !, 2 ≤ x ≤ 25, x := 0 : δ pop x run ≤ 150 APDCM’10 10 / 19

Running Controller Automata ∅ 1 0 ⊤ , b pop pat ?, x := 0 pat ?, x < 2 pat ?, x < 2 pat ? , ⊤ , ∅ turn ? , ⊤ , ∅ c pop , ⊤ , ∅ x > 25 0 2 x < trigger p !, x ≥ 2, x := 0 > x 3 , 0 ? t a p 5 0 turn ? , ⊤ , ∅ trigger q !, 2 ≤ x ≤ 30, x := 0 pat ?, x := 0 2 a pop ⊤ , ∅ pat ?, x := 0 1 x run ≤ 50 ( S 0 , 0) 3 4 : δ push trigger q !, 2 ≤ x ≤ 25, x := 0 : δ pop x run ≤ 150 APDCM’10 11 / 19

Running Controller Automata ∅ 1 0 ⊤ , b pop pat ?, x := 0 pat ?, x < 2 pat ?, x < 2 pat ? , ⊤ , ∅ turn ? , ⊤ , ∅ c pop , ⊤ , ∅ x > 25 0 2 x < trigger p !, x ≥ 2, x := 0 > x 3 , 0 ? t a p 5 0 turn ? , ⊤ , ∅ trigger q !, 2 ≤ x ≤ 30, x := 0 pat ?, x := 0 2 a pop ⊤ , ∅ pat ?, x := 0 1 x run ≤ 50 ( S 0 , 0) 3 4 : δ push trigger q !, 2 ≤ x ≤ 25, x := 0 : δ pop x run ≤ 150 APDCM’10 12 / 19

Running Controller Automata ∅ 1 0 ⊤ , b pop pat ?, x := 0 pat ?, x < 2 pat ?, x < 2 pat ? , ⊤ , ∅ turn ? , ⊤ , ∅ c pop , ⊤ , ∅ x > 25 0 2 x < trigger p !, x ≥ 2, x := 0 > x 3 , 0 ? t a p 5 0 turn ? , ⊤ , ∅ trigger q !, 2 ≤ x ≤ 30, x := 0 pat ?, x := 0 2 a pop ⊤ , ∅ pat ?, x := 0 1 x run ≤ 50 ( S 0 , 0) 3 4 : δ push trigger q !, 2 ≤ x ≤ 25, x := 0 : δ pop x run ≤ 150 APDCM’10 13 / 19

Running Controller Automata ∅ 1 0 ⊤ , b pop pat ?, x := 0 pat ?, x < 2 pat ?, x < 2 pat ? , ⊤ , ∅ turn ? , ⊤ , ∅ c pop , ⊤ , ∅ x > 25 0 2 x < trigger p !, x ≥ 2, x := 0 > x 3 , 0 ? t a p 5 0 turn ? , ⊤ , ∅ trigger q !, 2 ≤ x ≤ 30, x := 0 pat ?, x := 0 2 a pop ⊤ , ∅ pat ?, x := 0 1 x run ≤ 50 ( S 0 , 0) 3 4 : δ push trigger q !, 2 ≤ x ≤ 25, x := 0 : δ pop x run ≤ 150 APDCM’10 14 / 19

Running Controller Automata ∅ 1 0 ⊤ , b pop pat ?, x := 0 pat ?, x < 2 pat ?, x < 2 pat ? , ⊤ , ∅ turn ? , ⊤ , ∅ c pop , ⊤ , ∅ x > 25 0 2 x < trigger p !, x ≥ 2, x := 0 > x 3 , 0 ? t a p 5 0 turn ? , ⊤ , ∅ trigger q !, 2 ≤ x ≤ 30, x := 0 pat ?, x := 0 2 a pop ⊤ , ∅ pat ?, x := 0 1 ( S 1 , 3) x run ≤ 50 ( S 0 , 0) 3 4 : δ push trigger q !, 2 ≤ x ≤ 25, x := 0 : δ pop x run ≤ 150 APDCM’10 15 / 19

Running Controller Automata ∅ 1 0 ⊤ , b pop pat ?, x := 0 pat ?, x < 2 pat ?, x < 2 pat ? , ⊤ , ∅ turn ? , ⊤ , ∅ c pop , ⊤ , ∅ x > 25 0 2 x < trigger p !, x ≥ 2, x := 0 > x 3 , 0 ? t a p 5 0 turn ? , ⊤ , ∅ trigger q !, 2 ≤ x ≤ 30, x := 0 pat ?, x := 0 2 a pop ⊤ , ∅ pat ?, x := 0 1 3 ′ x run ≤ 50 ( S 0 , 0) 3 4 : δ push trigger q !, 2 ≤ x ≤ 25, x := 0 : δ pop x run ≤ 150 APDCM’10 16 / 19

Decidability Problems of Controller Automata Some comments... controller automata are not beyond timed (pushdown) automata... controller automata are stopwatch pushdown automata... Controller automata are less expressive than stopwatch automata Fact. the frozen clocks are kept zero in CA. The decidability problems (e.g. reachability problem) of controller automata are in general undecidable. Infinite insertion of fresh clocks and control locations. With a strict partial order on the state, an ordered controller automaton can be translated to a timed automaton. APDCM’10 17 / 19

Conclusion Controller automata are introduced, to perform global control on complex real-time systems. Analysis techniques (e.g. reachability) of controller automata are investigated. Future work: Theoretical approaches: to investigate the languages category recognized by controller automata. Practical approaches: to verify properties for complex real-time systems, e.g. liveness Implementation work: translate an OCA to a timed automaton recognized by U PPAAL . APDCM’10 18 / 19

Thank You! li.g@sjtu.edu.cn APDCM’10 19 / 19