Timed games Patricia Bouyer-Decitre LSV, CNRS & ENS Cachan, - - PowerPoint PPT Presentation

Timed games

Patricia Bouyer-Decitre

LSV, CNRS & ENS Cachan, France

1/14

Why (timed) games?

to model uncertainty

Example of a processor in the taskgraph example

idle +

(x≤2)

×

(x≤3) x:=0

add

x:=0

mult

x=2

done

x=3

done

2/14

Why (timed) games?

to model uncertainty

Example of a processor in the taskgraph example

idle +

(x≤2)

×

(x≤3) x:=0

add

x:=0

mult

x≥1

done

x≥1

done

2/14

Why (timed) games?

to model uncertainty

Example of a processor in the taskgraph example

idle +

(x≤2)

×

(x≤3) x:=0

add

x:=0

mult

x≥1

done

x≥1

done

to model an interaction with an environment

Example of the gate in the train/gate example

2/14

Why (timed) games?

to model uncertainty

Example of a processor in the taskgraph example

idle +

(x≤2)

×

(x≤3) x:=0

add

x:=0

mult

x≥1

done

x≥1

done

to model an interaction with an environment

Example of the gate in the train/gate example

?

2/14

Why (timed) games?

to model uncertainty

Example of a processor in the taskgraph example

idle +

(x≤2)

×

(x≤3) x:=0

add

x:=0

mult

x≥1

done

x≥1

done

to model an interaction with an environment

Example of the gate in the train/gate example

2/14

An example of a timed game

ℓ0 (x≤2) ℓ1 ℓ2 ℓ3

• x≤1,c1

x<1,u1 c2 x<1,u2,x:=0 x≤1,c3 x≥2,c4 x≥1,u3

Rule of the game

Aim: avoid and reach

3/14

An example of a timed game

ℓ0 (x≤2) ℓ1 ℓ2 ℓ3

• x≤1,c1

x<1,u1 c2 x<1,u2,x:=0 x≤1,c3 x≥2,c4 x≥1,u3

Rule of the game

Aim: avoid and reach How do we play? According to a strategy:

3/14

An example of a timed game

ℓ0 (x≤2) ℓ1 ℓ2 ℓ3

• x≤1,c1

x<1,u1 c2 x<1,u2,x:=0 x≤1,c3 x≥2,c4 x≥1,u3

Rule of the game

Aim: avoid and reach How do we play? According to a strategy: f : history → (delay, cont. transition)

3/14

An example of a timed game

ℓ0 (x≤2) ℓ1 ℓ2 ℓ3

• x≤1,c1

x<1,u1 c2 x<1,u2,x:=0 x≤1,c3 x≥2,c4 x≥1,u3

Rule of the game

Aim: avoid and reach How do we play? According to a strategy: f : history → (delay, cont. transition)

A (memoryless) winning strategy

from (ℓ0, 0), play (0.5, c1)

3/14

An example of a timed game

ℓ0 (x≤2) ℓ1 ℓ2 ℓ3

• x≤1,c1

x<1,u1 c2 x<1,u2,x:=0 x≤1,c3 x≥2,c4 x≥1,u3

Rule of the game

Aim: avoid and reach How do we play? According to a strategy: f : history → (delay, cont. transition)

A (memoryless) winning strategy

from (ℓ0, 0), play (0.5, c1) can be preempted by u2

3/14

An example of a timed game

ℓ0 (x≤2) ℓ1 ℓ2 ℓ3

• x≤1,c1

x<1,u1 c2 x<1,u2,x:=0 x≤1,c3 x≥2,c4 x≥1,u3

Rule of the game

Aim: avoid and reach How do we play? According to a strategy: f : history → (delay, cont. transition)

A (memoryless) winning strategy

from (ℓ0, 0), play (0.5, c1) can be preempted by u2 from (ℓ2, ★), play (1 − ★, c2)

3/14

An example of a timed game

ℓ0 (x≤2) ℓ1 ℓ2 ℓ3

• x≤1,c1

x<1,u1 c2 x<1,u2,x:=0 x≤1,c3 x≥2,c4 x≥1,u3

Rule of the game

Aim: avoid and reach How do we play? According to a strategy: f : history → (delay, cont. transition)

A (memoryless) winning strategy

from (ℓ0, 0), play (0.5, c1) can be preempted by u2 from (ℓ2, ★), play (1 − ★, c2) from (ℓ3, 1), play (0, c3)

3/14

An example of a timed game

ℓ0 (x≤2) ℓ1 ℓ2 ℓ3

• x≤1,c1

x<1,u1 c2 x<1,u2,x:=0 x≤1,c3 x≥2,c4 x≥1,u3

Rule of the game

Aim: avoid and reach How do we play? According to a strategy: f : history → (delay, cont. transition)

A (memoryless) winning strategy

from (ℓ0, 0), play (0.5, c1) can be preempted by u2 from (ℓ2, ★), play (1 − ★, c2) from (ℓ3, 1), play (0, c3) from (ℓ1, 1), play (1, c4)

3/14

An example of a timed game

ℓ0 (x≤2) ℓ1 ℓ2 ℓ3

• x≤1,c1

x<1,u1 c2 x<1,u2,x:=0 x≤1,c3 x≥2,c4 x≥1,u3

Rule of the game

Aim: avoid and reach How do we play? According to a strategy: f : history → (delay, cont. transition)

Problems to be considered

3/14

An example of a timed game

ℓ0 (x≤2) ℓ1 ℓ2 ℓ3

• x≤1,c1

x<1,u1 c2 x<1,u2,x:=0 x≤1,c3 x≥2,c4 x≥1,u3

Rule of the game

Aim: avoid and reach How do we play? According to a strategy: f : history → (delay, cont. transition)

Problems to be considered

Does there exist a winning strategy?

3/14

An example of a timed game

ℓ0 (x≤2) ℓ1 ℓ2 ℓ3

• x≤1,c1

x<1,u1 c2 x<1,u2,x:=0 x≤1,c3 x≥2,c4 x≥1,u3

Rule of the game

Aim: avoid and reach How do we play? According to a strategy: f : history → (delay, cont. transition)

Problems to be considered

Does there exist a winning strategy? If yes, compute one (as simple as possible).

3/14

Decidability of timed games

[AMPS98] Asarin, Maler, Pnueli, Sifakis. Controller synthesis for timed automata (SSC’98). [HK99] Henzinger, Kopke. Discrete-time control for rectangular hybrid automata (Theoretical Computer Science).

Theorem [AMPS98,HK99]

Reachability and safety timed games are decidable and EXPTIME-complete. Furthermore memoryless and “region-based” strategies are sufficient.

4/14

Decidability of timed games

[AMPS98] Asarin, Maler, Pnueli, Sifakis. Controller synthesis for timed automata (SSC’98). [HK99] Henzinger, Kopke. Discrete-time control for rectangular hybrid automata (Theoretical Computer Science).

Theorem [AMPS98,HK99]

Reachability and safety timed games are decidable and EXPTIME-complete. Furthermore memoryless and “region-based” strategies are sufficient. classical regions are sufficient for solving such problems

4/14

Decidability of timed games

[AM99] Asarin, Maler. As soon as possible: time optimal control for timed automata (HSCC’99). [BHPR07] Brihaye, Henzinger, Prabhu, Raskin. Minimum-time reachability in timed games (ICALP’07). [JT07] Jurdzi´ nski, Trivedi. Reachability-time games on timed automata (ICALP’07).

Theorem [AMPS98,HK99]

Reachability and safety timed games are decidable and EXPTIME-complete. Furthermore memoryless and “region-based” strategies are sufficient. classical regions are sufficient for solving such problems

Theorem [AM99,BHPR07,JT07]

Optimal-time reachability timed games are decidable and EXPTIME-complete.

4/14

Back to the example: computing winning states

ℓ0 (x≤2) ℓ1 ℓ2 ℓ3

• x≤1,c1

x<1,u1 c2 x<1,u2,x:=0 x≤1,c3 x≥2,c4 x≥1,u3

5/14

Back to the example: computing winning states

ℓ0 (x≤2) ℓ1 ℓ2 ℓ3

• x≤1,c1

x<1,u1 c2 x<1,u2,x:=0 x≤1,c3 x≥2,c4 x≥1,u3 ℓ0 1 2 3 ℓ1 1 2 3 ℓ2 1 2 3 ℓ3 1 2 3

5/14

Back to the example: computing winning states

ℓ0 (x≤2) ℓ1 ℓ2 ℓ3

• x≤1,c1

x<1,u1 c2 x<1,u2,x:=0 x≤1,c3 x≥2,c4 x≥1,u3 Attrac1 ℓ0 1 2 3 ℓ1 1 2 3 ℓ2 1 2 3 ℓ3 1 2 3

5/14

Back to the example: computing winning states

ℓ0 (x≤2) ℓ1 ℓ2 ℓ3

• x≤1,c1

x<1,u1 c2 x<1,u2,x:=0 x≤1,c3 x≥2,c4 x≥1,u3 ℓ0 1 2 3 ℓ1 1 2 3 ℓ2 1 2 3 ℓ3 1 2 3

5/14

Back to the example: computing winning states

ℓ0 (x≤2) ℓ1 ℓ2 ℓ3

• x≤1,c1

x<1,u1 c2 x<1,u2,x:=0 x≤1,c3 x≥2,c4 x≥1,u3 ℓ0 1 2 3 ℓ1 1 2 3 ℓ2 1 2 3 ℓ3 1 2 3

5/14

Back to the example: computing winning states

ℓ0 (x≤2) ℓ1 ℓ2 ℓ3

• x≤1,c1

x<1,u1 c2 x<1,u2,x:=0 x≤1,c3 x≥2,c4 x≥1,u3 ℓ0 1 2 3 ℓ1 1 2 3 ℓ2 1 2 3 ℓ3 1 2 3

5/14

Back to the example: computing winning states

ℓ0 (x≤2) ℓ1 ℓ2 ℓ3

• x≤1,c1

x<1,u1 c2 x<1,u2,x:=0 x≤1,c3 x≥2,c4 x≥1,u3 ℓ0 1 2 3 ℓ1 1 2 3 ℓ2 1 2 3 ℓ3 1 2 3

5/14

Back to the example: computing winning states

ℓ0 (x≤2) ℓ1 ℓ2 ℓ3

• x≤1,c1

x<1,u1 c2 x<1,u2,x:=0 x≤1,c3 x≥2,c4 x≥1,u3 ℓ0 1 2 3 ℓ1 1 2 3 ℓ2 1 2 3 ℓ3 1 2 3

Winning states Losing states

5/14

Decidability via attractors

❙ ❙

6/14

Decidability via attractors

Preda(X) = {∙ ∣ ∙

a

− → ∙ ∈ X} ❙ ❙

6/14

Decidability via attractors

Preda(X) = {∙ ∣ ∙

a

− → ∙ ∈ X} controllable and uncontrollable discrete predecessors: cPred(X) = ❙

a cont.

Preda(X) uPred(X) = ❙

a uncont.

Preda(X)

6/14

Decidability via attractors

Preda(X) = {∙ ∣ ∙

a

− → ∙ ∈ X} controllable and uncontrollable discrete predecessors: cPred(X) = ❙

a cont.

Preda(X) uPred(X) = ❙

a uncont.

Preda(X) time controllable predecessors: ∙ ∙ delay t t.u. ∙ should be safe

6/14

Decidability via attractors

Preda(X) = {∙ ∣ ∙

a

− → ∙ ∈ X} controllable and uncontrollable discrete predecessors: cPred(X) = ❙

a cont.

Preda(X) uPred(X) = ❙

a uncont.

Preda(X) time controllable predecessors: ∙ ∙ delay t t.u. ∙ should be safe Pred훿(X, Safe) = {∙ ∣ ∃t ≥ 0, ∙

훿(t)

− − → ∙ and ∀0 ≤ t′ ≤ t, ∙

훿(t′)

− − − → ∙ ∈ Safe}

6/14

Timed games with a reachability objective

We write: 휋(X) = X ∪ Pred훿(cPred(X), ¬uPred(¬X))

7/14

Timed games with a reachability objective

We write: 휋(X) = X ∪ Pred훿(cPred(X), ¬uPred(¬X)) The states from which one can ensure in no more than 1 step is: Attr1() = 휋()

7/14

Timed games with a reachability objective

We write: 휋(X) = X ∪ Pred훿(cPred(X), ¬uPred(¬X)) The states from which one can ensure in no more than 1 step is: Attr1() = 휋() The states from which one can ensure in no more than 2 steps is: Attr2() = 휋(Attr1())

7/14

Timed games with a reachability objective

We write: 휋(X) = X ∪ Pred훿(cPred(X), ¬uPred(¬X)) The states from which one can ensure in no more than 1 step is: Attr1() = 휋() The states from which one can ensure in no more than 2 steps is: Attr2() = 휋(Attr1()) . . .

7/14

Timed games with a reachability objective

We write: 휋(X) = X ∪ Pred훿(cPred(X), ¬uPred(¬X)) The states from which one can ensure in no more than 1 step is: Attr1() = 휋() The states from which one can ensure in no more than 2 steps is: Attr2() = 휋(Attr1()) . . . The states from which one can ensure in no more than n steps is: Attrn() = 휋(Attrn−1())

7/14

Timed games with a reachability objective

We write: 휋(X) = X ∪ Pred훿(cPred(X), ¬uPred(¬X)) The states from which one can ensure in no more than 1 step is: Attr1() = 휋() The states from which one can ensure in no more than 2 steps is: Attr2() = 휋(Attr1()) . . . The states from which one can ensure in no more than n steps is: Attrn() = 휋(Attrn−1()) = 휋n()

7/14

Stability w.r.t. regions

if X is a union of regions, then:

Preda(X) is a union of regions, and so are cPred(X) and uPred(X).

8/14

Stability w.r.t. regions

if X is a union of regions, then:

Preda(X) is a union of regions, and so are cPred(X) and uPred(X).

Does 휋 also preserve unions of regions?

8/14

Stability w.r.t. regions

if X is a union of regions, then:

Preda(X) is a union of regions, and so are cPred(X) and uPred(X).

Does 휋 also preserve unions of regions? cPred(X)

8/14

Stability w.r.t. regions

if X is a union of regions, then:

Preda(X) is a union of regions, and so are cPred(X) and uPred(X).

Does 휋 also preserve unions of regions? cPred(X) uPred(¬X)

8/14

Stability w.r.t. regions

if X is a union of regions, then:

Preda(X) is a union of regions, and so are cPred(X) and uPred(X).

Does 휋 also preserve unions of regions? cPred(X) uPred(¬X) Pred훿(cPred(X), ¬uPred(¬X))

8/14

Stability w.r.t. regions

if X is a union of regions, then:

Preda(X) is a union of regions, and so are cPred(X) and uPred(X).

Does 휋 also preserve unions of regions? Yes! cPred(X) uPred(¬X) Pred훿(cPred(X), ¬uPred(¬X))

8/14

Stability w.r.t. regions

if X is a union of regions, then:

Preda(X) is a union of regions, and so are cPred(X) and uPred(X).

Does 휋 also preserve unions of regions? Yes! cPred(X) uPred(¬X) Pred훿(cPred(X), ¬uPred(¬X)) (but it does not preserve zones...)

8/14

Stability w.r.t. regions

if X is a union of regions, then:

Preda(X) is a union of regions, and so are cPred(X) and uPred(X).

Does 휋 also preserve unions of regions? Yes! cPred(X) uPred(¬X) Pred훿(cPred(X), ¬uPred(¬X)) (but it does not preserve zones...) the computation of 휋∗() terminates!

8/14

Stability w.r.t. regions

if X is a union of regions, then:

Preda(X) is a union of regions, and so are cPred(X) and uPred(X).

Does 휋 also preserve unions of regions? Yes! cPred(X) uPred(¬X) Pred훿(cPred(X), ¬uPred(¬X)) (but it does not preserve zones...) the computation of 휋∗() terminates! ... and is correct

8/14

Timed games with a safety objective

We can use operator ❡ 휋 defined by ❡ 휋(X) = Pred훿(X ∩ cPred(X), ¬uPred(¬X)) instead of 휋, and compute ❡ 휋∗(¬)

9/14

Timed games with a safety objective

We can use operator ❡ 휋 defined by ❡ 휋(X) = Pred훿(X ∩ cPred(X), ¬uPred(¬X)) instead of 휋, and compute ❡ 휋∗(¬) It is also stable w.r.t. regions.

9/14

Some remarks

Control games

Our games are control games,

10/14

Some remarks

Control games

Our games are control games, and in particular they: are asymmetric

the environment can preempt any decision of the controller we take the point-of-view of the controller

10/14

Some remarks

Control games

Our games are control games, and in particular they: are asymmetric

the environment can preempt any decision of the controller we take the point-of-view of the controller

are neither concurrent nor turn-based

10/14

Some remarks

Control games

Our games are control games, and in particular they: are asymmetric

the environment can preempt any decision of the controller we take the point-of-view of the controller

are neither concurrent nor turn-based do not take into account Zenoness considerations

10/14

Some remarks

Control games

Our games are control games, and in particular they: are asymmetric

the environment can preempt any decision of the controller we take the point-of-view of the controller

are neither concurrent nor turn-based do not take into account Zenoness considerations can be done adding a B¨ uchi winning condition

10/14

Some remarks

[AFH+03] de Alfaro, Faella, Henzinger, Majumdar, Stoelinga. [BLMO07] Brihaye, Laroussinie, Markey, Oreiby. Timed Concurrent Game Structures (CONCUR’07).

Control games

Our games are control games, and in particular they: are asymmetric

the environment can preempt any decision of the controller we take the point-of-view of the controller

are neither concurrent nor turn-based do not take into account Zenoness considerations can be done adding a B¨ uchi winning condition

Alternative models [AFH+03,BLMO07]

concurrent and symmetric games some incorporate non-Zenoness in the winning condition

10/14

Some remarks

[AFH+03] de Alfaro, Faella, Henzinger, Majumdar, Stoelinga. [BLMO07] Brihaye, Laroussinie, Markey, Oreiby. Timed Concurrent Game Structures (CONCUR’07).

Control games

Our games are control games, and in particular they: are asymmetric

the environment can preempt any decision of the controller we take the point-of-view of the controller

are neither concurrent nor turn-based do not take into account Zenoness considerations can be done adding a B¨ uchi winning condition

Alternative models [AFH+03,BLMO07]

concurrent and symmetric games some incorporate non-Zenoness in the winning condition those games are not determined

10/14

Some remarks

[AFH+03] de Alfaro, Faella, Henzinger, Majumdar, Stoelinga. [BLMO07] Brihaye, Laroussinie, Markey, Oreiby. Timed Concurrent Game Structures (CONCUR’07).

Control games

Our games are control games, and in particular they: are asymmetric

the environment can preempt any decision of the controller we take the point-of-view of the controller

are neither concurrent nor turn-based do not take into account Zenoness considerations can be done adding a B¨ uchi winning condition

Alternative models [AFH+03,BLMO07]

concurrent and symmetric games some incorporate non-Zenoness in the winning condition those games are not determined

... and they may not represent a proper interaction with an environment

10/14

Application of timed games to strong timed bisimulation

This is a relation between ∙ and ∙ such that:

11/14

Application of timed games to strong timed bisimulation

This is a relation between ∙ and ∙ such that: a ∀

11/14

Application of timed games to strong timed bisimulation

This is a relation between ∙ and ∙ such that: a ∀ ∃ a

11/14

Application of timed games to strong timed bisimulation

This is a relation between ∙ and ∙ such that: a ∀ ∃ a 훿(d) ∀d > 0

11/14

Application of timed games to strong timed bisimulation

This is a relation between ∙ and ∙ such that: a ∀ ∃ a 훿(d) ∀d > 0 ∃ 훿(d)

11/14

Application of timed games to strong timed bisimulation

This is a relation between ∙ and ∙ such that: a ∀ ∃ a 훿(d) ∀d > 0 ∃ 훿(d) ... and vice-versa (swap ∙ and ∙) for the bisimulation relation.

11/14

Application of timed games to strong timed bisimulation

This is a relation between ∙ and ∙ such that: a ∀ ∃ a 훿(d) ∀d > 0 ∃ 훿(d) ... and vice-versa (swap ∙ and ∙) for the bisimulation relation.

Theorem

Strong timed (bi)simulation between timed automata is decidable and EXPTIME-complete.

11/14

p p′

1

p′

2

g1,a,Y1:=0 g2,a,Y2:=0

timed automaton 풜

... q q′ g,a,Y :=0

timed automaton ℬ

...

12/14

p p′

1

p′

2

g1,a,Y1:=0 g2,a,Y2:=0

timed automaton 풜

... q q′ g,a,Y :=0

timed automaton ℬ

... p,q

tester

12/14

p p′

1

p′

2

g1,a,Y1:=0 g2,a,Y2:=0

timed automaton 풜

... q q′ g,a,Y :=0

timed automaton ℬ

... p,q

tester

(z=0) (z=0) (z=0)

prover

g1,a,Y1:=0,z:=0 g2,a,Y2:=0,z:=0 g,a,Y :=0,z:=0

12/14

p p′

1

p′

2

g1,a,Y1:=0 g2,a,Y2:=0

timed automaton 풜

... q q′ g,a,Y :=0

timed automaton ℬ

... p,q

tester

(z=0) (z=0) (z=0)

prover

g1,a,Y1:=0,z:=0 g2,a,Y2:=0,z:=0 g,a,Y :=0,z:=0 p′

1,q′

p′

2,q′

g∧(z=0),a,Y g1∧(z=0),a,Y1 g∧(z=0),a,Y g2∧(z=0),a,Y2 ...

12/14

p p′

1

p′

2

g1,a,Y1:=0 g2,a,Y2:=0

timed automaton 풜

... q q′ g,a,Y :=0

timed automaton ℬ

... p,q

tester

(z=0) (z=0) (z=0)

prover

• g1,a,Y1:=0,z:=0

g2,a,Y2:=0,z:=0 g,a,Y :=0,z:=0 p′

1,q′

p′

2,q′

g∧(z=0),a,Y g1∧(z=0),a,Y1 g∧(z=0),a,Y g2∧(z=0),a,Y2 ... (z=0)∧¬g,a

12/14

timed automaton 풜

...

timed automaton ℬ

...

• ...

풜 and ℬ are strongly timed bisimilar iff the prover has a winning strategy to avoid

13/14

What else?

[CDF+05] Cassez, David, Fleury, Larsen, Lime. Efficient on-the-fly algorithms for the analysis of timed games (CONCUR’05). [BCD+07] Berhmann, Cougnard, David, Fleury, Larsen, Lime. Uppaal-Tiga: Time for playing games! (CAV’07).

Implementation: Uppaal-Tiga implements a forward algorithm to compute winning states and winning strategies [CDF+05,BCD+07]

14/14

What else?

[CDF+05] Cassez, David, Fleury, Larsen, Lime. Efficient on-the-fly algorithms for the analysis of timed games (CONCUR’05). [BCD+07] Berhmann, Cougnard, David, Fleury, Larsen, Lime. Uppaal-Tiga: Time for playing games! (CAV’07). [JRLD07] Jessen, Rasmussen, Larsen, David. Guided Controller Synthesis for Climate Controller Using Uppaal Tiga (FORMATS’07).

Implementation: Uppaal-Tiga implements a forward algorithm to compute winning states and winning strategies [CDF+05,BCD+07]

A climate controller in a pig stable (Skov A/S) [JRLD07]

14/14

What else?

[CDF+05] Cassez, David, Fleury, Larsen, Lime. Efficient on-the-fly algorithms for the analysis of timed games (CONCUR’05). [BCD+07] Berhmann, Cougnard, David, Fleury, Larsen, Lime. Uppaal-Tiga: Time for playing games! (CAV’07). [JRLD07] Jessen, Rasmussen, Larsen, David. Guided Controller Synthesis for Climate Controller Using Uppaal Tiga (FORMATS’07). [CJL+09] Cassez, Jessen, Larsen, Raskin, Reynier.Automatic Synthesis of Robust and Optimal Controllers – An Industrial Case Study (HSCC’09).

Implementation: Uppaal-Tiga implements a forward algorithm to compute winning states and winning strategies [CDF+05,BCD+07]

A climate controller in a pig stable (Skov A/S) [JRLD07] A pump controller (Hydac Gmbh) [CJL+09]

14/14

What else?

[CDF+05] Cassez, David, Fleury, Larsen, Lime. Efficient on-the-fly algorithms for the analysis of timed games (CONCUR’05). [BCD+07] Berhmann, Cougnard, David, Fleury, Larsen, Lime. Uppaal-Tiga: Time for playing games! (CAV’07). [JRLD07] Jessen, Rasmussen, Larsen, David. Guided Controller Synthesis for Climate Controller Using Uppaal Tiga (FORMATS’07). [CJL+09] Cassez, Jessen, Larsen, Raskin, Reynier.Automatic Synthesis of Robust and Optimal Controllers – An Industrial Case Study (HSCC’09). [BDMP03] Bouyer, D’Souza, Madhusudan, Petit. Timed control with partial observability (CAV’03). [CDL+07] Cassez, David, Larsen, Lime, Raskin. Timed control with observation based and stuttering invariant strategies (ATVA’07).

Implementation: Uppaal-Tiga implements a forward algorithm to compute winning states and winning strategies [CDF+05,BCD+07]

A climate controller in a pig stable (Skov A/S) [JRLD07] A pump controller (Hydac Gmbh) [CJL+09]

Partial observation/Incomplete information:

action-based observation: undecidable [BDMP03] finite-observation of states: decidable [CDL+07]

14/14

What else?

[CDF+05] Cassez, David, Fleury, Larsen, Lime. Efficient on-the-fly algorithms for the analysis of timed games (CONCUR’05). [BCD+07] Berhmann, Cougnard, David, Fleury, Larsen, Lime. Uppaal-Tiga: Time for playing games! (CAV’07). [JRLD07] Jessen, Rasmussen, Larsen, David. Guided Controller Synthesis for Climate Controller Using Uppaal Tiga (FORMATS’07). [CJL+09] Cassez, Jessen, Larsen, Raskin, Reynier.Automatic Synthesis of Robust and Optimal Controllers – An Industrial Case Study (HSCC’09). [BDMP03] Bouyer, D’Souza, Madhusudan, Petit. Timed control with partial observability (CAV’03). [CDL+07] Cassez, David, Larsen, Lime, Raskin. Timed control with observation based and stuttering invariant strategies (ATVA’07).

Implementation: Uppaal-Tiga implements a forward algorithm to compute winning states and winning strategies [CDF+05,BCD+07]

A climate controller in a pig stable (Skov A/S) [JRLD07] A pump controller (Hydac Gmbh) [CJL+09]

Partial observation/Incomplete information:

action-based observation: undecidable [BDMP03] finite-observation of states: decidable [CDL+07]

Quantitative constraints, see the next lecture!

14/14