safety contracts for timed reactive components
play

Safety Contracts for Timed Reactive Components Iulia Dragomir , - PowerPoint PPT Presentation

Dec 14, 2022 •193 likes •1.61k views

Safety Contracts for Timed Reactive Components Iulia Dragomir , Iulian Ober and Christian Percebois IRIT - University of Toulouse March 21, 2013 Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 1 / 38

  1. Contract-based Reasoning � � � � � � � � � � � � � � � � � � �������������������� � � �� �� �� ����� � ������������� � � ������������� ������� � � � � ������������ Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 9 / 38

  2. Contract-based Reasoning �� � � � � � � � � � � � � � � � � � � � � � � � � �������������������� � � �� �� �� ����� � ������������� � � ������������� ������� � � � � ������������ Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 9 / 38

  3. Contract-based Reasoning � � � �� � � � � � � � � � � � � � � � � � � � � � � � � �������������������� � � �� �� �� ����� � ������������� � � ������������� ������� � � � � ������������ Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 9 / 38

  4. Contract-based Reasoning � � � ����������������� �� � �������� � �������������� �� � � � � � � � � � � � � � � � � � � � � � � � � �������������������� � � �� �� �� ����� � ������������� � � ������������� ������� � � � � ������������ Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 9 / 38

  5. Contract-based Reasoning ������������������� ������� �� ��� � � � ����������������� �� � �������� � �������������� �� � � � � � � � � � � � � � � � � � � � � � � � � �������������������� � � �� �� �� ����� � ������������� � � ������������� ������� � � � � ������������ Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 9 / 38

  6. Contract-based approach for component-based systems Formalization of component framework Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 10 / 38

  7. Contract-based approach for component-based systems Formalization of component framework Verification relations Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 10 / 38

  8. Contract-based approach for component-based systems Formalization of component framework Verification relations Contract satisfaction 1 Dominance between contracts 2 Conformance 3 Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 10 / 38

  9. Outline 3 Component framework: Timed Input/Output Automata Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 11 / 38

  10. Component: Timed Input/Output Automaton Definition Timed input/output automaton A Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 12 / 38

  11. Component: Timed Input/Output Automaton Definition Timed input/output automaton A = ( X , ������ ���� � � ������������� ��� ������ ����� ���� �� � ��� ����������� � ������ Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 12 / 38

  12. Component: Timed Input/Output Automaton Definition Timed input/output automaton A = ( X , Clk , ������ ���� � � ������������� ��� ������ ������ ����� ���� �� � ��� ����������� � ������ Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 12 / 38

  13. Component: Timed Input/Output Automaton Definition Timed input/output automaton A = ( X , Clk , Q , ������ ���� � � ������������� ��� ������ ������ ����� ���� �� � ��� ����������� � ������ Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 12 / 38

  14. Component: Timed Input/Output Automaton Definition Timed input/output automaton A = ( X , Clk , Q , θ, ������ ���� � � ������������� ��� ������ ������ ����� ���� �� � ��� ����������� � ������ Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 12 / 38

  15. Component: Timed Input/Output Automaton Definition Timed input/output automaton A = ( X , Clk , Q , θ, I , ������ ���� � � ������������� ��� ������ ������ � ����� ���� �� � ��� ����������� � ������ Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 12 / 38

  16. Component: Timed Input/Output Automaton Definition Timed input/output automaton A = ( X , Clk , Q , θ, I , O , ������ ���� � � ������������� ��� ������ ������ � � ����� ���� �� � ��� ����������� � ������ Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 12 / 38

  17. Component: Timed Input/Output Automaton Definition Timed input/output automaton A = ( X , Clk , Q , θ, I , O , V , ������ ���� � � ������������� ��� ������ ������ � � ����� ���� �� � ��� ����������� � ������ Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 12 / 38

  18. Component: Timed Input/Output Automaton Definition Timed input/output automaton A = ( X , Clk , Q , θ, I , O , V , H , ������ ���� � � ������������� ��� ������ ������ � � ����� ���� �� � ��� ����������� � ������ Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 12 / 38

  19. Component: Timed Input/Output Automaton Definition Timed input/output automaton A = ( X , Clk , Q , θ, I , O , V , H , D , ������ �������� ���� � � ������������� ��� ��������� ������ ������ � � ����� ���� �� �������� � �������� ��� ����������� ������ ������ �������� Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 12 / 38

  20. Component: Timed Input/Output Automaton Definition Timed input/output automaton A = ( X , Clk , Q , θ, I , O , V , H , D , T ) ������ �������� ���� ����� ����� � � ������������� ��� ���� ��������� ������ ������ � � ����� ����� ���� �� �������� � �������� ����� ���� ����� ��� ����������� ������ ������ �������� ����� Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 12 / 38

  21. Properties of a timed input/output automaton 1 Existence of point trajectories : ∀ x ∈ Q , γ ( x ) : [0 , 0] → x ∈ T Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 13 / 38

  22. Properties of a timed input/output automaton 1 Existence of point trajectories : ∀ x ∈ Q , γ ( x ) : [0 , 0] → x ∈ T 2 Prefix, suffix and concatenation closure of T Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 13 / 38

  23. Properties of a timed input/output automaton 1 Existence of point trajectories : ∀ x ∈ Q , γ ( x ) : [0 , 0] → x ∈ T 2 Prefix, suffix and concatenation closure of T 3 Input actions enabling: ∀ x ∈ Q , ∀ a ∈ I , ∃ x ′ ∈ Q such that x ? a → x ′ Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 13 / 38

  24. Properties of a timed input/output automaton 1 Existence of point trajectories : ∀ x ∈ Q , γ ( x ) : [0 , 0] → x ∈ T 2 Prefix, suffix and concatenation closure of T 3 Input actions enabling: ∀ x ∈ Q , ∀ a ∈ I , ∃ x ′ ∈ Q such that x ? a → x ′ 4 Time-passage enabling: ∀ x ∈ Q , ∃ τ ∈ T such that τ (0) = x and either τ. limit time = ∞ or τ is closed and some l ∈ O ∪ V ∪ H is enabled is τ ( τ. limit time ) Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 13 / 38

  25. TIOA behaviour ������ �������� ���� ����� ����� � � ������������� ��� ���� ��������� ������ ������ � � ����� ����� ���� �� �������� � �������� ����� ���� ����� ��� ����������� ������ ������ �������� ����� Execution fragment : sequence of trajectories and actions Example: α = [0 , 0] • Trace : sequence of time-passage lengths and external actions Example: trace ( α ) = [0 , 0]! a [0 , 2 ∗ δ ]? b [0 , 0] c [0 , 0] Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 14 / 38

  26. TIOA behaviour ������ �������� ���� ����� ����� � � ������������� ��� ���� ��������� ������ ������ � � ����� ����� ���� �� �������� � �������� ����� ���� ����� ��� ����������� ������ ������ �������� ����� Execution fragment : sequence of trajectories and actions Example: α = [0 , 0] • Trace : sequence of time-passage lengths and external actions Example: trace ( α ) = [0 , 0]! a [0 , 2 ∗ δ ]? b [0 , 0] c [0 , 0] Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 14 / 38

  27. TIOA behaviour ������ �������� ���� ����� ����� � � ������������� ��� ���� ��������� ������ ������ � � ����� ����� ���� �� �������� � �������� ����� ���� ����� ��� ����������� ������ ������ �������� ����� Execution fragment : sequence of trajectories and actions Example: α = [0 , 0]! a • Trace : sequence of time-passage lengths and external actions Example: trace ( α ) = [0 , 0]! a [0 , 2 ∗ δ ]? b [0 , 0] c [0 , 0] Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 14 / 38

  28. TIOA behaviour ������ �������� ���� ����� ����� � � ������������� ��� ���� ��������� ������ ������ � � ����� ����� ���� �� �������� � �������� ����� ���� ����� ��� ����������� ������ ������ �������� ����� Execution fragment : sequence of trajectories and actions Example: α = [0 , 0]! a [0 , δ ] • Trace : sequence of time-passage lengths and external actions Example: trace ( α ) = [0 , 0]! a [0 , 2 ∗ δ ]? b [0 , 0] c [0 , 0] Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 14 / 38

  29. TIOA behaviour ������ �������� ���� ����� ����� � � ������������� ��� ���� ��������� ������ ������ � � ����� ����� ���� �� �������� � �������� ����� ���� ����� ��� ����������� ������ ������ �������� ����� Execution fragment : sequence of trajectories and actions Example: α = [0 , 0]! a [0 , δ ] ǫ • Trace : sequence of time-passage lengths and external actions Example: trace ( α ) = [0 , 0]! a [0 , 2 ∗ δ ]? b [0 , 0] c [0 , 0] Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 14 / 38

  30. TIOA behaviour ������ �������� ���� ����� ����� � � ������������� ��� ���� ��������� ������ ������ � � ����� ����� ���� �� �������� � �������� ����� ���� ����� ��� ����������� ������ ������ �������� ����� Execution fragment : sequence of trajectories and actions Example: α = [0 , 0]! a [0 , δ ] ǫ [0 , δ ] • Trace : sequence of time-passage lengths and external actions Example: trace ( α ) = [0 , 0]! a [0 , 2 ∗ δ ]? b [0 , 0] c [0 , 0] Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 14 / 38

  31. TIOA behaviour ������ �������� ���� ����� ����� � � ������������� ��� ���� ��������� ������ ������ � � ����� ����� ���� �� �������� � �������� ����� ���� ����� ��� ����������� ������ ������ �������� ����� Execution fragment : sequence of trajectories and actions Example: α = [0 , 0]! a [0 , δ ] ǫ [0 , δ ]? b • Trace : sequence of time-passage lengths and external actions Example: trace ( α ) = [0 , 0]! a [0 , 2 ∗ δ ]? b [0 , 0] c [0 , 0] Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 14 / 38

  32. TIOA behaviour ������ �������� ���� ����� ����� � � ������������� ��� ���� ��������� ������ ������ � � ����� ����� ���� �� �������� � �������� ����� ���� ����� ��� ����������� ������ ������ �������� ����� Execution fragment : sequence of trajectories and actions Example: α = [0 , 0]! a [0 , δ ] ǫ [0 , δ ]? b [0 , 0] • Trace : sequence of time-passage lengths and external actions Example: trace ( α ) = [0 , 0]! a [0 , 2 ∗ δ ]? b [0 , 0] c [0 , 0] Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 14 / 38

  33. TIOA behaviour ������ �������� ���� ����� ����� � � ������������� ��� ���� ��������� ������ ������ � � ����� ����� ���� �� �������� � �������� ����� ���� ����� ��� ����������� ������ ������ �������� ����� Execution fragment : sequence of trajectories and actions Example: α = [0 , 0]! a [0 , δ ] ǫ [0 , δ ]? b [0 , 0] c • Trace : sequence of time-passage lengths and external actions Example: trace ( α ) = [0 , 0]! a [0 , 2 ∗ δ ]? b [0 , 0] c [0 , 0] Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 14 / 38

  34. TIOA behaviour ������ �������� ���� ����� ����� � � ������������� ��� ���� ��������� ������ ������ � � ����� ����� ���� �� �������� � �������� ����� ���� ����� ��� ����������� ������ ������ �������� ����� Execution fragment : sequence of trajectories and actions Example: α = [0 , 0]! a [0 , δ ] ǫ [0 , δ ]? b [0 , 0] c [0 , 0] • Trace : sequence of time-passage lengths and external actions Example: trace ( α ) = [0 , 0]! a [0 , 2 ∗ δ ]? b [0 , 0] c [0 , 0] Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 14 / 38

  35. TIOA behaviour ������ �������� ���� ����� ����� � � ������������� ��� ���� ��������� ������ ������ � � ����� ����� ���� �� �������� � �������� ����� ���� ����� ��� ����������� ������ ������ �������� ����� Execution fragment : sequence of trajectories and actions Example: α = [0 , 0]! a [0 , δ ] ǫ [0 , δ ]? b [0 , 0] c [0 , 0] ↓ b • Trace : sequence of time-passage lengths and external actions Example: trace ( α ) = [0 , 0]! a [0 , 2 ∗ δ ]? b [0 , 0] c [0 , 0] Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 14 / 38

  36. TIOA behaviour ������ �������� ���� ����� ����� � � ������������� ��� ���� ��������� ������ ������ � � ����� ����� ���� �� �������� � �������� ����� ���� ����� ��� ����������� ������ ������ �������� ����� Execution fragment : sequence of trajectories and actions Example: α = [0 , 0]! a [0 , δ ] ǫ [0 , δ ]? b [0 , 0] c [0 , 0] ↓ b [0 , 0] • Trace : sequence of time-passage lengths and external actions Example: trace ( α ) = [0 , 0]! a [0 , 2 ∗ δ ]? b [0 , 0] c [0 , 0] Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 14 / 38

  37. TIOA behaviour ������ �������� ���� ����� ����� � � ������������� ��� ���� ��������� ������ ������ � � ����� ����� ���� �� �������� � �������� ����� ���� ����� ��� ����������� ������ ������ �������� ����� Execution fragment : sequence of trajectories and actions Example: α = [0 , 0]! a [0 , δ ] ǫ [0 , δ ]? b [0 , 0] c [0 , 0] ↓ b [0 , 0] Trace : sequence of time-passage lengths and external actions Example: trace ( α ) = [0 , 0] Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 14 / 38

  38. TIOA behaviour ������ �������� ���� ����� ����� � � ������������� ��� ���� ��������� ������ ������ � � ����� ����� ���� �� �������� � �������� ����� ���� ����� ��� ����������� ������ ������ �������� ����� Execution fragment : sequence of trajectories and actions Example: α = [0 , 0]! a [0 , δ ] ǫ [0 , δ ]? b [0 , 0] c [0 , 0] ↓ b [0 , 0] Trace : sequence of time-passage lengths and external actions Example: trace ( α ) = [0 , 0] Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 14 / 38

  39. TIOA behaviour ������ �������� ���� ����� ����� � � ������������� ��� ���� ��������� ������ ������ � � ����� ����� ���� �� �������� � �������� ����� ���� ����� ��� ����������� ������ ������ �������� ����� Execution fragment : sequence of trajectories and actions Example: α = [0 , 0]! a [0 , δ ] ǫ [0 , δ ]? b [0 , 0] c [0 , 0] ↓ b [0 , 0] Trace : sequence of time-passage lengths and external actions Example: trace ( α ) = [0 , 0]! a Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 14 / 38

  40. TIOA behaviour ������ �������� ���� ����� ����� � � ������������� ��� ���� ��������� ������ ������ � � ����� ����� ���� �� �������� � �������� ����� ���� ����� ��� ����������� ������ ������ �������� ����� Execution fragment : sequence of trajectories and actions Example: α = [0 , 0]! a [0 , δ ] ǫ [0 , δ ]? b [0 , 0] c [0 , 0] ↓ b [0 , 0] Trace : sequence of time-passage lengths and external actions Example: trace ( α ) = [0 , 0]! a [0 , δ ] Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 14 / 38

  41. TIOA behaviour ������ �������� ���� ����� ����� � � ������������� ��� ���� ��������� ������ ������ � � ����� ����� ���� �� �������� � �������� ����� ���� ����� ��� ����������� ������ ������ �������� ����� Execution fragment : sequence of trajectories and actions Example: α = [0 , 0]! a [0 , δ ] ǫ [0 , δ ]? b [0 , 0] c [0 , 0] ↓ b [0 , 0] Trace : sequence of time-passage lengths and external actions Example: trace ( α ) = [0 , 0]! a [0 , δ ] Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 14 / 38

  42. TIOA behaviour ������ �������� ���� ����� ����� � � ������������� ��� ���� ��������� ������ ������ � � ����� ����� ���� �� �������� � �������� ����� ���� ����� ��� ����������� ������ ������ �������� ����� Execution fragment : sequence of trajectories and actions Example: α = [0 , 0]! a [0 , δ ] ǫ [0 , δ ]? b [0 , 0] c [0 , 0] ↓ b [0 , 0] Trace : sequence of time-passage lengths and external actions Example: trace ( α ) = [0 , 0]! a [0 , δ ][0 , δ ] Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 14 / 38

  43. TIOA behaviour ������ �������� ���� ����� ����� � � ������������� ��� ���� ��������� ������ ������ � � ����� ����� ���� �� �������� � �������� ����� ���� ����� ��� ����������� ������ ������ �������� ����� Execution fragment : sequence of trajectories and actions Example: α = [0 , 0]! a [0 , δ ] ǫ [0 , δ ]? b [0 , 0] c [0 , 0] ↓ b [0 , 0] Trace : sequence of time-passage lengths and external actions Example: trace ( α ) = [0 , 0]! a [0 , δ ][0 , δ ] Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 14 / 38

  44. TIOA behaviour ������ �������� ���� ����� ����� � � ������������� ��� ���� ��������� ������ ������ � � ����� ����� ���� �� �������� � �������� ����� ���� ����� ��� ����������� ������ ������ �������� ����� Execution fragment : sequence of trajectories and actions Example: α = [0 , 0]! a [0 , δ ] ǫ [0 , δ ]? b [0 , 0] c [0 , 0] ↓ b [0 , 0] Trace : sequence of time-passage lengths and external actions Example: trace ( α ) = [0 , 0]! a [0 , 2 ∗ δ ] Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 14 / 38

  45. TIOA behaviour ������ �������� ���� ����� ����� � � ������������� ��� ���� ��������� ������ ������ � � ����� ����� ���� �� �������� � �������� ����� ���� ����� ��� ����������� ������ ������ �������� ����� Execution fragment : sequence of trajectories and actions Example: α = [0 , 0]! a [0 , δ ] ǫ [0 , δ ]? b [0 , 0] c [0 , 0] ↓ b [0 , 0] Trace : sequence of time-passage lengths and external actions Example: trace ( α ) = [0 , 0]! a [0 , 2 ∗ δ ]? b Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 14 / 38

  46. TIOA behaviour ������ �������� ���� ����� ����� � � ������������� ��� ���� ��������� ������ ������ � � ����� ����� ���� �� �������� � �������� ����� ���� ����� ��� ����������� ������ ������ �������� ����� Execution fragment : sequence of trajectories and actions Example: α = [0 , 0]! a [0 , δ ] ǫ [0 , δ ]? b [0 , 0] c [0 , 0] ↓ b [0 , 0] Trace : sequence of time-passage lengths and external actions Example: trace ( α ) = [0 , 0]! a [0 , 2 ∗ δ ]? b [0 , 0] Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 14 / 38

  47. TIOA behaviour ������ �������� ���� ����� ����� � � ������������� ��� ���� ��������� ������ ������ � � ����� ����� ���� �� �������� � �������� ����� ���� ����� ��� ����������� ������ ������ �������� ����� Execution fragment : sequence of trajectories and actions Example: α = [0 , 0]! a [0 , δ ] ǫ [0 , δ ]? b [0 , 0] c [0 , 0] ↓ b [0 , 0] Trace : sequence of time-passage lengths and external actions Example: trace ( α ) = [0 , 0]! a [0 , 2 ∗ δ ]? b [0 , 0] c Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 14 / 38

  48. TIOA behaviour ������ �������� ���� ����� ����� � � ������������� ��� ���� ��������� ������ ������ � � ����� ����� ���� �� �������� � �������� ����� ���� ����� ��� ����������� ������ ������ �������� ����� Execution fragment : sequence of trajectories and actions Example: α = [0 , 0]! a [0 , δ ] ǫ [0 , δ ]? b [0 , 0] c [0 , 0] ↓ b [0 , 0] Trace : sequence of time-passage lengths and external actions Example: trace ( α ) = [0 , 0]! a [0 , 2 ∗ δ ]? b [0 , 0] c [0 , 0] Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 14 / 38

  49. TIOA behaviour ������ �������� ���� ����� ����� � � ������������� ��� ���� ��������� ������ ������ � � ����� ����� ���� �� �������� � �������� ����� ���� ����� ��� ����������� ������ ������ �������� ����� Execution fragment : sequence of trajectories and actions Example: α = [0 , 0]! a [0 , δ ] ǫ [0 , δ ]? b [0 , 0] c [0 , 0] ↓ b [0 , 0] Trace : sequence of time-passage lengths and external actions Example: trace ( α ) = [0 , 0]! a [0 , 2 ∗ δ ]? b [0 , 0] c [0 , 0] Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 14 / 38

  50. TIOA behaviour ������ �������� ���� ����� ����� � � ������������� ��� ���� ��������� ������ ������ � � ����� ����� ���� �� �������� � �������� ����� ���� ����� ��� ����������� ������ ������ �������� ����� Execution fragment : sequence of trajectories and actions Example: α = [0 , 0]! a [0 , δ ] ǫ [0 , δ ]? b [0 , 0] c [0 , 0] ↓ b [0 , 0] Trace : sequence of time-passage lengths and external actions Example: trace ( α ) = [0 , 0]! a [0 , 2 ∗ δ ]? b [0 , 0] c [0 , 0][0 , 0] Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 14 / 38

  51. TIOA behaviour ������ �������� ���� ����� ����� � � ������������� ��� ���� ��������� ������ ������ � � ����� ����� ���� �� �������� � �������� ����� ���� ����� ��� ����������� ������ ������ �������� ����� Execution fragment : sequence of trajectories and actions Example: α = [0 , 0]! a [0 , δ ] ǫ [0 , δ ]? b [0 , 0] c [0 , 0] ↓ b [0 , 0] Trace : sequence of time-passage lengths and external actions Example: trace ( α ) = [0 , 0]! a [0 , 2 ∗ δ ]? b [0 , 0] c [0 , 0][0 , 0] Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 14 / 38

  52. TIOA behaviour ������ �������� ���� ����� ����� � � ������������� ��� ���� ��������� ������ ������ � � ����� ����� ���� �� �������� � �������� ����� ���� ����� ��� ����������� ������ ������ �������� ����� Execution fragment : sequence of trajectories and actions Example: α = [0 , 0]! a [0 , δ ] ǫ [0 , δ ]? b [0 , 0] c [0 , 0] ↓ b [0 , 0] Trace : sequence of time-passage lengths and external actions Example: trace ( α ) = [0 , 0]! a [0 , 2 ∗ δ ]? b [0 , 0] c [0 , 0] Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 14 / 38

  53. TIOA composition Composition compatibility: Y i ∩ Y j = H i ∩ A j = V i ∩ A j = O i ∩ O j = I i ∩ I j = ∅ , for i � = j Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 15 / 38

  54. TIOA composition Composition compatibility: Y i ∩ Y j = H i ∩ A j = V i ∩ A j = O i ∩ O j = I i ∩ I j = ∅ , for i � = j Parallel composition: a → x ′ x 1 1 ( a ∈ A 1 \ A 2 ) a → ( x ′ ( x 1 ∪ x 2 ) 1 ∪ x 2 ) a → x ′ x 2 2 ( a ∈ A 2 \ A 1 ) a → ( x 1 ∪ x ′ ( x 1 ∪ x 2 ) 2 ) Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 15 / 38

  55. TIOA composition Composition compatibility: Y i ∩ Y j = H i ∩ A j = V i ∩ A j = O i ∩ O j = I i ∩ I j = ∅ , for i � = j Parallel composition: a → x ′ x 1 1 ( a ∈ A 1 \ A 2 ) a → ( x ′ ( x 1 ∪ x 2 ) 1 ∪ x 2 ) a → x ′ x 2 2 ( a ∈ A 2 \ A 1 ) a → ( x 1 ∪ x ′ ( x 1 ∪ x 2 ) 2 ) a a → x ′ → x ′ 1 ∧ x 2 x 1 2 ( a ∈ ( A 1 ∩ A 2 ) ∪ ( T 1 ∧ T 2 )) a → ( x ′ 1 ∪ x ′ ( x 1 ∪ x 2 ) 2 ) Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 15 / 38

  56. TIOA composition Composition compatibility: Y i ∩ Y j = H i ∩ A j = V i ∩ A j = O i ∩ O j = I i ∩ I j = ∅ , for i � = j Parallel composition: a → x ′ x 1 1 ( a ∈ A 1 \ A 2 ) a → ( x ′ ( x 1 ∪ x 2 ) 1 ∪ x 2 ) a → x ′ x 2 2 ( a ∈ A 2 \ A 1 ) a → ( x 1 ∪ x ′ ( x 1 ∪ x 2 ) 2 ) a a → x ′ → x ′ 1 ∧ x 2 x 1 2 ( a ∈ ( A 1 ∩ A 2 ) ∪ ( T 1 ∧ T 2 )) a → ( x ′ 1 ∪ x ′ ( x 1 ∪ x 2 ) 2 ) Theorem The parallel composition operator is commutative and associative. Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 15 / 38

  57. Outline 4 A toy example Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 16 / 38

  58. Running example �� ���� ��� ���� � ���� � �� ���� � � � � � ����� ����� �� �� ����� ���� ����� ���� ����� ����� ����� ����������� �� �� �� ����� ����� � �� �� �� ����� �� ����� ����� ����� ����� � ����� ����� ����� ����� ����� ����� ����� ����� ����� ����� ����� ����� ������ � � ������ � � ����������������� ��������� ����� � ����� ����� ����������� ����� ����� � �� ��������������� ����� ����� �� ����� �� �� ����� ����� � � � � � � �� �� �� ����� ����� ���� �� ���� Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 17 / 38

  59. Property ϕ to be checked Property Given δ 1 < δ 2 , the subsystem doesn’t emit consecutive a ’s or b ’s. � ���� ��� ���� � ���� � � ���� � � � � � ����� ����� �� �� ����� ���� ����� ���� ����� ����� Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 18 / 38 ����� ����������� �� �� �� ����� ����� � �� �� �� �� ����� ����� ����� ����� ����� � ����� ����� ����� ����� ����� ����� ����� ����� ����� ����� ����� ����� ������ � � ������ � � ����������������� ��������� ����� ����� � ����� ����������� ����� ����� � �� ����� ����� ��������������� ����� �� �� �� ����� ����� � � � � � � �� �� �� ����� ����� ���� �� ����

  60. Outline 5 Contract framework for Timed Input/Output Automata Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 19 / 38

  61. Formal contract Component K : a timed input/output automaton Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 20 / 38

  62. Formal contract Component K : a timed input/output automaton Closed component: I = O = ∅ Open component: it is not closed Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 20 / 38

  63. Formal contract Component K : a timed input/output automaton Closed component: I = O = ∅ Open component: it is not closed Environment E for K : a timed input/output automaton compatible with K such that I E ⊆ O K and O E ⊆ I K Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 20 / 38

  64. Formal contract Component K : a timed input/output automaton Closed component: I = O = ∅ Open component: it is not closed Environment E for K : a timed input/output automaton compatible with K such that I E ⊆ O K and O E ⊆ I K Definition A contract for a component K is a pair ( A , G ) of TIOA such that I A = O G and O A = I G (i.e. the composition is a closed system) and I G ⊆ I K and O G ⊆ O K (i.e. the interface of K is a refinement of that of G ). Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 20 / 38

  65. Contracts for the running example � � ����� � ��� � ���������������� � � � ����� �� � ����� �� �� � ������ ���� � �� ����� �� ����� ������ � ������ ����� ������� � � � ����� ���� � �� ��� � ���� ��� �� � ��� � ������������� ��������� � � ������������������������� Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 21 / 38 � � �� ����� ���� ������ � � �� ����� � � �� ����� ���� ���������

  66. Contracts for the running example � � ����� � ��� � ���������������� � � � ����� � ��� � ���������������� � � � � � ����� �� ����� �� � � ����� �� �� � � ����� ���� ������ ���� ��� ��� � � �� ����� �� ����� ������ � ������ ����� �� ������� ����� � � � � � � ����� �� �� ����� ���� � � ���� �� ��� � � ���� ���� ������ � � �������������� ��� ����� �� � ��� � ������������� ��������� � � ������������������������� Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 21 / 38 � � �� ����� ���� ������ � � �� ����� � � �� ����� ���� ���������

  67. Contracts for the running example � � ����� � ��� � ���������������� � � � ����� � ��� � ���������������� � � � ����� � ��� � ���������������� � � � � � � � ����� �� ����� �� � � ����� �� �� � � ����� ���� ������ ���� ��� ��� � � �� ����� �� ����� ������ � ������ ����� �� ������� ����� � � � � � � � � ����� �� �� ����� ���� � � ���� �� ��� � � ���� ���� ������ � � �������������� ��� ����� �� � ��� � ������������� ��������� � � ������������������������� Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 21 / 38 � � �� ����� ���� ������ � � �� ����� � � �� ����� ���� ���������

  68. Conformance relation Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 22 / 38

  69. Conformance relation Definition Let K 1 and K 2 be two comparable components (i.e. having the same external interface). K 1 � K 2 if traces K 1 ⊆ traces K 2 . Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 22 / 38

  70. Conformance relation Definition Let K 1 and K 2 be two comparable components (i.e. having the same external interface). K 1 � K 2 if traces K 1 ⊆ traces K 2 . Theorem Conformance is a preorder relation. Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 22 / 38

  71. Conformance relation Definition Let K 1 and K 2 be two comparable components (i.e. having the same external interface). K 1 � K 2 if traces K 1 ⊆ traces K 2 . Theorem Conformance is a preorder relation. Theorem Let K 1 and K 2 be two comparable components with K 1 � K 2 and E a component compatible with both K 1 and K 2 . Then K 1 � E � K 2 � E . Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 22 / 38

  72. Refinement under context relation Definition Let K 1 and K 2 be two components such that I K 2 ⊆ I K 1 ∪ V K 1 , O K 2 ⊆ O K 1 ∪ V K 1 and V K 2 ⊆ V K 1 . Let E be an environment for K 1 compatible with both K 1 and K 2 . We say that K 1 refines K 2 in the context of E , denoted K 1 ⊑ E K 2 , if K 1 � E � E ′ � K 2 � E � K ′ � E ′ where K ′ and E ′ are defined such that both members of the conformance relation are comparable and closed. Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 23 / 38

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Know the basic components of a commercial contracts Identify these components in

Know the basic components of a commercial contracts Identify these components in

Goals for Class 6 Know the basic components of a commercial contracts Identify these components in commercial contracts Class 6 Basics of Commercial Contract Title Preamble Parties Effective Date(s) Recitals

371 views • 4 slides
News on Safety Properties for Timed Petri Nets Patrick Totzke Edinburgh 2018-09-24 1 / 15 2 /

News on Safety Properties for Timed Petri Nets Patrick Totzke Edinburgh 2018-09-24 1 / 15 2 /

News on Safety Properties for Timed Petri Nets Patrick Totzke Edinburgh 2018-09-24 1 / 15 2 / 15 Networks of Timed Automata - a (finite-state) control program ( S ) - K indistinguishable d -clock Timed Automata ( C ) 2 / 15 Networks of Timed

1.58k views • 121 slides
Specification and Analysis of Contracts Lecture 2 Components, Services and Contracts Gerardo

Specification and Analysis of Contracts Lecture 2 Components, Services and Contracts Gerardo

Specification and Analysis of Contracts Lecture 2 Components, Services and Contracts Gerardo Schneider gerardo@ifi.uio.no http://folk.uio.no/gerardo/ Department of Informatics, University of Oslo SEFM School, Oct. 27 - Nov. 7, 2008 Cape

632 views • 45 slides
Trusted Components Reuse, Contracts and Patterns Prof. Dr. Bertrand Meyer Dr. Karine Arnout

Trusted Components Reuse, Contracts and Patterns Prof. Dr. Bertrand Meyer Dr. Karine Arnout

1 Last update: 2 November 2004 Trusted Components Reuse, Contracts and Patterns Prof. Dr. Bertrand Meyer Dr. Karine Arnout Trusted Components: Reuse, Contracts and Patterns - Lecture 14 Chair of Softw are Engineering 2 Lecture 14: Observer,

661 views • 53 slides
Trusted Components Reuse, Contracts and Patterns Prof. Dr. Bertrand Meyer Dr. Karine Arnout

Trusted Components Reuse, Contracts and Patterns Prof. Dr. Bertrand Meyer Dr. Karine Arnout

1 Last update: 2 November 2004 Trusted Components Reuse, Contracts and Patterns Prof. Dr. Bertrand Meyer Dr. Karine Arnout Chair of Softw are Engineering Trusted Components: Reuse, Contracts and Patterns - Lecture 7 2 Lecture 7: Pattern

398 views • 25 slides
Trusted Components Reuse, Contracts and Patterns Prof. Dr. Bertrand Meyer Dr. Karine Arnout

Trusted Components Reuse, Contracts and Patterns Prof. Dr. Bertrand Meyer Dr. Karine Arnout

1 Last update: 21 October 2004 Trusted Components Reuse, Contracts and Patterns Prof. Dr. Bertrand Meyer Dr. Karine Arnout Trusted Components: Reuse, Contracts and Patterns - Lecture 18 Chair of Softw are Engineering 2 Lecture 18: Builder,

882 views • 57 slides
PowerUp Team Palindrome Key Challenges Reactive, rather than proactive, safety management

PowerUp Team Palindrome Key Challenges Reactive, rather than proactive, safety management

PowerUp Team Palindrome Key Challenges Reactive, rather than proactive, safety management Underreporting of near-misses due to fear of punitive response Current behavior-based safety programs focus primarily on frontline workers

452 views • 15 slides
Trusted Components Reuse, Contracts and Patterns Prof. Dr. Bertrand Meyer Dr. Karine Arnout

Trusted Components Reuse, Contracts and Patterns Prof. Dr. Bertrand Meyer Dr. Karine Arnout

1 Last update: 2 November 2004 Trusted Components Reuse, Contracts and Patterns Prof. Dr. Bertrand Meyer Dr. Karine Arnout Chair of Softw are Engineering Trusted Components: Reuse, Contracts and Patterns - Lecture 26 2 Lecture 26:

826 views • 66 slides
Trusted Components Reuse, Contracts and Patterns Prof. Dr. Bertrand Meyer Dr. Karine Arnout

Trusted Components Reuse, Contracts and Patterns Prof. Dr. Bertrand Meyer Dr. Karine Arnout

1 Last update: 19 October 2004 Trusted Components Reuse, Contracts and Patterns Prof. Dr. Bertrand Meyer Dr. Karine Arnout Trusted Components: Reuse, Contracts and Patterns - Lecture 17 Chair of Softw are Engineering 2 Lecture 17:

430 views • 39 slides
Contracts 7 January 2019 OSU CSE 1 Contract Details Contracts in the APIs for OSU CSE

Contracts 7 January 2019 OSU CSE 1 Contract Details Contracts in the APIs for OSU CSE

Contracts 7 January 2019 OSU CSE 1 Contract Details Contracts in the APIs for OSU CSE components include these important features: Parameter modes Two stipulations: Parameter names in requires and ensures clauses always

408 views • 25 slides
Analysis of Inconsistent Routing Components in Reactive Routing Protocols Habib-ur Rehman, Lars

Analysis of Inconsistent Routing Components in Reactive Routing Protocols Habib-ur Rehman, Lars

Analysis of Inconsistent Routing Components in Reactive Routing Protocols Habib-ur Rehman, Lars Wolf Institut fr Betriebssysteme und Rechnerverbund Technische Universitt Braunschweig WMAN 2009, 5 th March, Kassel Introduction Analysis

738 views • 28 slides
Real-Time Modeling and Test Case Generation Konrad Krentz A Convincing Safety Case [1] 2 A

Real-Time Modeling and Test Case Generation Konrad Krentz A Convincing Safety Case [1] 2 A

Real-Time Modeling and Test Case Generation Konrad Krentz A Convincing Safety Case [1] 2 A Convincing Safety Case Fault Formal () Architecture Tree Testing Methods Analysis UPPAAL Agenda 3 Timed Timed UPPAAL Model- Overview

369 views • 36 slides
Time-critical reactive systems (modelling) Jos Proena HASLab - INESC TEC Universidade do

Time-critical reactive systems (modelling) Jos Proena HASLab - INESC TEC Universidade do

Time-critical reactive systems (modelling) Jos Proena HASLab - INESC TEC Universidade do Minho Braga, Portugal April, 2016 Motivation Timed Automata Semantics Modelling in Uppaal Motivation Specifying an airbag saying that in a car

519 views • 48 slides
Simulating Timed UML2 Sequence Diagrams with Timed CSP M Roggenbach (Swansea, Wales, UK)

Simulating Timed UML2 Sequence Diagrams with Timed CSP M Roggenbach (Swansea, Wales, UK)

Simulating Timed UML2 Sequence Diagrams with Timed CSP M Roggenbach (Swansea, Wales, UK) Alexander Knapp, Liam OReilly, and Holger Schlingloff September 2013 What is the added value? 2 What is the added value? Timed UML2 Sequence Diagram

145 views • 11 slides
Runtime Enforcement of Timed Properties Srinivas Pinisetty 1 ,Yli` es Falcone 2 , Thierry J eron

Runtime Enforcement of Timed Properties Srinivas Pinisetty 1 ,Yli` es Falcone 2 , Thierry J eron

Introduction Enforcement of timed properties Enforcement of safety properties Conclusion Runtime Enforcement of Timed Properties Srinivas Pinisetty 1 ,Yli` es Falcone 2 , Thierry J eron 1 , Herv e Marchand 1 , Antoine Rollet 3 and Omer

1.34k views • 39 slides
OUTLINE Model Checking in a Nutshell Timed automata and TCTL Timed Automata, TCTL A

OUTLINE Model Checking in a Nutshell Timed automata and TCTL Timed Automata, TCTL A

OUTLINE Model Checking in a Nutshell Timed automata and TCTL Timed Automata, TCTL A UPPAAL Tutorial &amp; Verification Problems Data stuctures &amp; central algorithms UPPAAL input languages 1 2 Timed Automata: Syntax

408 views • 11 slides
QlikView User Forum 8 th October 2014 Agenda Welcome Tony Bell, Sales Director

QlikView User Forum 8 th October 2014 Agenda Welcome Tony Bell, Sales Director

QlikView User Forum 8 th October 2014 Agenda Welcome Tony Bell, Sales Director Introduction Nick Bell, CEO Guest Speaker Reshigan Govender, CIO, Simba Tips &amp; Tricks Shashin Modi, QlikView Technical Manager

810 views • 60 slides
Know Your Engines How to Make Your JavaScript Fast Dave Mandelin 8 November 2011 OReilly

Know Your Engines How to Make Your JavaScript Fast Dave Mandelin 8 November 2011 OReilly

Know Your Engines How to Make Your JavaScript Fast Dave Mandelin 8 November 2011 OReilly Velocity Europe Tuesday, November 8, 2011 JavaScript is getting really fast and programs are getting crazy Bullet physics engine (ammo.js) H.264

2.15k views • 184 slides
BERRIMA CEMENT &gt; Whole of Community Meeting 2 August 2018 E2 Events Berrima Agenda

BERRIMA CEMENT &gt; Whole of Community Meeting 2 August 2018 E2 Events Berrima Agenda

Build something great BORAL BERRIMA CEMENT &gt; Whole of Community Meeting 2 August 2018 E2 Events Berrima Agenda Welcome, introductions, safety moment, administration Year in Review: Production and Safety Solid Waste

487 views • 24 slides
The SG@home SG@home Project: Project: The Experience Sharing Experience Sharing Hing-Yan LEE,

The SG@home SG@home Project: Project: The Experience Sharing Experience Sharing Hing-Yan LEE,

The SG@home SG@home Project: Project: The Experience Sharing Experience Sharing Hing-Yan LEE, Jon LAU Khee-Erng and Nigel TEOW National Grid Office Singapore International Symposium on Grid Computing 2007 PC Grid Computing PC Grid

782 views • 34 slides
Welcome to our 6th grade Kodiak Team! Welcome to our 7th grade Grizzly Team! Fair doesnt mean

Welcome to our 6th grade Kodiak Team! Welcome to our 7th grade Grizzly Team! Fair doesnt mean

Welcome to our 6th grade Kodiak Team! Welcome to our 7th grade Grizzly Team! Fair doesnt mean giving every child the same thing, it means giving every child what they need. - Rick Lavoie If a child cant learn the way we teach, maybe we

236 views • 21 slides
for Active Learning Guided Inquiry Learning The POGIL Project Process Oriented, Guided

for Active Learning Guided Inquiry Learning The POGIL Project Process Oriented, Guided

Innovative Teaching Methods for Active Learning Guided Inquiry Learning The POGIL Project Process Oriented, Guided Inquiry Learning Developed in college Chemistry classrooms (1994), has since expanded to other fields and into high

489 views • 10 slides
CONCEPT PRESENTATION January 8, 2016 St. Louis MASA Region

CONCEPT PRESENTATION January 8, 2016 St. Louis MASA Region

CONCEPT PRESENTATION January 8, 2016 St. Louis MASA Region 1 Agenda I. Welcome II. FoundaAon III. Assessment for Learning Study - MASA

586 views • 35 slides
POSTAL PO Box 11250, Manners St Central Wellington 6142, New Zealand PH +64 4 550 2030 FAX

POSTAL PO Box 11250, Manners St Central Wellington 6142, New Zealand PH +64 4 550 2030 FAX

31 May 2012 Ms Stephenie Fox The Technical Director International Public Sector Accounting Standards Board International Federation of Accountants 277 Wellington Street West Toronto Ontario M5V 3H2 CANADA Submitted to: www.ifac.org Dear

569 views • 7 slides

More recommend