chapter 3 specification models - eth z · chapter 3 specification models lothar thiele discrete...
TRANSCRIPT
![Page 1: Chapter 3 Specification Models - ETH Z · Chapter 3 Specification Models Lothar Thiele Discrete Event Systems Winter 2004/2005. 2 Swiss Federal ... • Token game •Examples •](https://reader035.vdocuments.us/reader035/viewer/2022062607/604c86aafe989256b61d6422/html5/thumbnails/1.jpg)
1Swiss FederalInstitute of Technology
Computer Engineeringand Networks Laboratory
Chapter 3Specification
ModelsLothar ThieleDiscrete Event SystemsWinter 2004/2005
![Page 2: Chapter 3 Specification Models - ETH Z · Chapter 3 Specification Models Lothar Thiele Discrete Event Systems Winter 2004/2005. 2 Swiss Federal ... • Token game •Examples •](https://reader035.vdocuments.us/reader035/viewer/2022062607/604c86aafe989256b61d6422/html5/thumbnails/2.jpg)
2Swiss FederalInstitute of Technology
Computer Engineeringand Networks Laboratory
Overview
some of the transparencies are based onlectures by Peter Marwedel, Dortmund.
• StateCharts• Motivation• State hierarchy• Representing computations• Semantics• Tools
• Petri nets• Definition• Token game• Examples• Extensions
![Page 3: Chapter 3 Specification Models - ETH Z · Chapter 3 Specification Models Lothar Thiele Discrete Event Systems Winter 2004/2005. 2 Swiss Federal ... • Token game •Examples •](https://reader035.vdocuments.us/reader035/viewer/2022062607/604c86aafe989256b61d6422/html5/thumbnails/3.jpg)
3Swiss FederalInstitute of Technology
Computer Engineeringand Networks Laboratory
Motivation
• Deficits of finite automata for modeling:• only one sequential process, no concurrency• no hierarchical structuring capabilities
• Extension: • StateCharts-Model von D. Harel [1987].• StateCharts introduces hierarchy, concurrency and
computation.• Model is used in many tools for the specification, analysis and
simulation of discrete event systems, e.g. Matlab-Stateflow, UML, Rhapsody, Magnum.
• Complicated semantics: We will only cover some basic mechanisms.
![Page 4: Chapter 3 Specification Models - ETH Z · Chapter 3 Specification Models Lothar Thiele Discrete Event Systems Winter 2004/2005. 2 Swiss Federal ... • Token game •Examples •](https://reader035.vdocuments.us/reader035/viewer/2022062607/604c86aafe989256b61d6422/html5/thumbnails/4.jpg)
4Swiss FederalInstitute of Technology
Computer Engineeringand Networks Laboratory
Introducing hierarchy
superstate
substates
FSM will be in exactly one of the substates of S if S is active(either in A or in B or ..)
![Page 5: Chapter 3 Specification Models - ETH Z · Chapter 3 Specification Models Lothar Thiele Discrete Event Systems Winter 2004/2005. 2 Swiss Federal ... • Token game •Examples •](https://reader035.vdocuments.us/reader035/viewer/2022062607/604c86aafe989256b61d6422/html5/thumbnails/5.jpg)
5Swiss FederalInstitute of Technology
Computer Engineeringand Networks Laboratory
Definitions• Current states of FSMs are also called active states.• States which are not composed of other states are called basic
states.• States containing other states are called super-states.• For each basic state s, the super-states containing s are called
ancestor states.• Super-states S are called OR-super-states, if exactly one of the
sub-states of S is active whenever S is active.
ancestor state of E
![Page 6: Chapter 3 Specification Models - ETH Z · Chapter 3 Specification Models Lothar Thiele Discrete Event Systems Winter 2004/2005. 2 Swiss Federal ... • Token game •Examples •](https://reader035.vdocuments.us/reader035/viewer/2022062607/604c86aafe989256b61d6422/html5/thumbnails/6.jpg)
6Swiss FederalInstitute of Technology
Computer Engineeringand Networks Laboratory
ConcurrencyConvenient ways of describing concurrency are required.AND-super-states: FSM is in all (immediate) sub-states of a super-state.
![Page 7: Chapter 3 Specification Models - ETH Z · Chapter 3 Specification Models Lothar Thiele Discrete Event Systems Winter 2004/2005. 2 Swiss Federal ... • Token game •Examples •](https://reader035.vdocuments.us/reader035/viewer/2022062607/604c86aafe989256b61d6422/html5/thumbnails/7.jpg)
7Swiss FederalInstitute of Technology
Computer Engineeringand Networks Laboratory
Entering and leaving AND-super-states
incl.
![Page 8: Chapter 3 Specification Models - ETH Z · Chapter 3 Specification Models Lothar Thiele Discrete Event Systems Winter 2004/2005. 2 Swiss Federal ... • Token game •Examples •](https://reader035.vdocuments.us/reader035/viewer/2022062607/604c86aafe989256b61d6422/html5/thumbnails/8.jpg)
8Swiss FederalInstitute of Technology
Computer Engineeringand Networks Laboratory
Tree representation of state setsbasicstate
OR-super-state AND-super-state
Y Z
XA
A
C
D
B E F
I K L
M
G H
AB E
C D F M
G H
I K L
A
X Y
B CX
![Page 9: Chapter 3 Specification Models - ETH Z · Chapter 3 Specification Models Lothar Thiele Discrete Event Systems Winter 2004/2005. 2 Swiss Federal ... • Token game •Examples •](https://reader035.vdocuments.us/reader035/viewer/2022062607/604c86aafe989256b61d6422/html5/thumbnails/9.jpg)
9Swiss FederalInstitute of Technology
Computer Engineeringand Networks Laboratory
Computation of state sets
• Computation of state sets by traversing the tree from leaves to root:• basic states: state set = state• OR-super-states: state set = Cartesian product of children• AND-super-states: state set = union of children
AB E
C D F M
G H
I K L
![Page 10: Chapter 3 Specification Models - ETH Z · Chapter 3 Specification Models Lothar Thiele Discrete Event Systems Winter 2004/2005. 2 Swiss Federal ... • Token game •Examples •](https://reader035.vdocuments.us/reader035/viewer/2022062607/604c86aafe989256b61d6422/html5/thumbnails/10.jpg)
10Swiss FederalInstitute of Technology
Computer Engineeringand Networks Laboratory
Representation of computations
• Besides states, arbitrary many other variables can be defined. This way, not all states of the system are modeled explicitly.
• These variables can be changed as a result of a state transition (“action”). State transitions can be dependent on these variables (“condition” ).
condition
action unstructuredstate space
variables
![Page 11: Chapter 3 Specification Models - ETH Z · Chapter 3 Specification Models Lothar Thiele Discrete Event Systems Winter 2004/2005. 2 Swiss Federal ... • Token game •Examples •](https://reader035.vdocuments.us/reader035/viewer/2022062607/604c86aafe989256b61d6422/html5/thumbnails/11.jpg)
11Swiss FederalInstitute of Technology
Computer Engineeringand Networks Laboratory
General form of edge labels
Event:Events exist only until the next evaluation step of the modelCan be either internally or externally generated
Condition:Refer to values of variables that keep their value until they are reassigned.
State transition:Transition is enabled if event exists and condition evaluates to
trueReaction:
Can be assignments for variables (“action”) and/or creation of events
event [condition] / reaction
![Page 12: Chapter 3 Specification Models - ETH Z · Chapter 3 Specification Models Lothar Thiele Discrete Event Systems Winter 2004/2005. 2 Swiss Federal ... • Token game •Examples •](https://reader035.vdocuments.us/reader035/viewer/2022062607/604c86aafe989256b61d6422/html5/thumbnails/12.jpg)
12Swiss FederalInstitute of Technology
Computer Engineeringand Networks Laboratory
Events and actions• “event” can be composed of several events:
• (e1 and e2) : event that corresponds to the simultaneous occurrence of e1 and e2.
• (e1 or e2) : event that corresponds to the occurrence of either e1 or e2 or both.
• (not e) : event that corresponds to the absence of event e.
• „action“ can also be composed:• (a1; a2) : actions a1 und a2 are executed sequentially.
• All events, states and actions are globally visible.
![Page 13: Chapter 3 Specification Models - ETH Z · Chapter 3 Specification Models Lothar Thiele Discrete Event Systems Winter 2004/2005. 2 Swiss Federal ... • Token game •Examples •](https://reader035.vdocuments.us/reader035/viewer/2022062607/604c86aafe989256b61d6422/html5/thumbnails/13.jpg)
13Swiss FederalInstitute of Technology
Computer Engineeringand Networks Laboratory
Example
e:a1:a2:
c:
x y ze/a1 [c]/a2
e:a1:a2:
c:
truefalse
truefalse
![Page 14: Chapter 3 Specification Models - ETH Z · Chapter 3 Specification Models Lothar Thiele Discrete Event Systems Winter 2004/2005. 2 Swiss Federal ... • Token game •Examples •](https://reader035.vdocuments.us/reader035/viewer/2022062607/604c86aafe989256b61d6422/html5/thumbnails/14.jpg)
14Swiss FederalInstitute of Technology
Computer Engineeringand Networks Laboratory
The StateCharts simulation phases
How are edge labels evaluated in one ‘simulation’ step?
Three phases:
1. Effect of changes on events and conditions is evaluated,
2. The set of transitions to be made in the current step and right hand sides of assignments are computed,
3. Transitions become effective, variables obtain new values.
![Page 15: Chapter 3 Specification Models - ETH Z · Chapter 3 Specification Models Lothar Thiele Discrete Event Systems Winter 2004/2005. 2 Swiss Federal ... • Token game •Examples •](https://reader035.vdocuments.us/reader035/viewer/2022062607/604c86aafe989256b61d6422/html5/thumbnails/15.jpg)
15Swiss FederalInstitute of Technology
Computer Engineeringand Networks Laboratory
Example
In phase 2, variables a and b are assigned to temporary variables. In phase 3, these are assigned to a and b. As a result, variables a and b are swapped.
![Page 16: Chapter 3 Specification Models - ETH Z · Chapter 3 Specification Models Lothar Thiele Discrete Event Systems Winter 2004/2005. 2 Swiss Federal ... • Token game •Examples •](https://reader035.vdocuments.us/reader035/viewer/2022062607/604c86aafe989256b61d6422/html5/thumbnails/16.jpg)
16Swiss FederalInstitute of Technology
Computer Engineeringand Networks Laboratory
StepsExecution of a model consists of a sequence of (status, step) pairs.
Status= values of all variables + set of events + current timeStep = execution of the three phases
Status phase 2
phase 3
phase 1
![Page 17: Chapter 3 Specification Models - ETH Z · Chapter 3 Specification Models Lothar Thiele Discrete Event Systems Winter 2004/2005. 2 Swiss Federal ... • Token game •Examples •](https://reader035.vdocuments.us/reader035/viewer/2022062607/604c86aafe989256b61d6422/html5/thumbnails/17.jpg)
17Swiss FederalInstitute of Technology
Computer Engineeringand Networks Laboratory
More on semantics of StateCharts• Unfortunately, there are several time-semantics of
StateCharts in use. This is one possibility:• A step is executed in arbitrarily small time.• Internal (generated) events exist only within the next step.• External events can only be detected after a stable state
has been reached.
external events
steptransport of internal events
stablestate
stablestate
tstate transitions
![Page 18: Chapter 3 Specification Models - ETH Z · Chapter 3 Specification Models Lothar Thiele Discrete Event Systems Winter 2004/2005. 2 Swiss Federal ... • Token game •Examples •](https://reader035.vdocuments.us/reader035/viewer/2022062607/604c86aafe989256b61d6422/html5/thumbnails/18.jpg)
18Swiss FederalInstitute of Technology
Computer Engineeringand Networks Laboratory
Examples
state diagram:stable state
![Page 19: Chapter 3 Specification Models - ETH Z · Chapter 3 Specification Models Lothar Thiele Discrete Event Systems Winter 2004/2005. 2 Swiss Federal ... • Token game •Examples •](https://reader035.vdocuments.us/reader035/viewer/2022062607/604c86aafe989256b61d6422/html5/thumbnails/19.jpg)
19Swiss FederalInstitute of Technology
Computer Engineeringand Networks Laboratory
Example• Non-determinism
A C
B D
E G
F H
a
a a
a
A,B C,DE,H
F,G
a
a
astate diagram:
![Page 20: Chapter 3 Specification Models - ETH Z · Chapter 3 Specification Models Lothar Thiele Discrete Event Systems Winter 2004/2005. 2 Swiss Federal ... • Token game •Examples •](https://reader035.vdocuments.us/reader035/viewer/2022062607/604c86aafe989256b61d6422/html5/thumbnails/20.jpg)
20Swiss FederalInstitute of Technology
Computer Engineeringand Networks Laboratory
Example
F H
G I
d c/da d
CA
B
D E
a/c
bb
a
state diagram (only stable states are represented):
B
G,H
F,H a or b
b
a and b_
a or b
![Page 21: Chapter 3 Specification Models - ETH Z · Chapter 3 Specification Models Lothar Thiele Discrete Event Systems Winter 2004/2005. 2 Swiss Federal ... • Token game •Examples •](https://reader035.vdocuments.us/reader035/viewer/2022062607/604c86aafe989256b61d6422/html5/thumbnails/21.jpg)
21Swiss FederalInstitute of Technology
Computer Engineeringand Networks Laboratory
Summary• Advantages of hierarchical state machines:
• Simple transformation into efficient hardware and software implementations.
• Efficient simulation.• Basis for formal verification (usually via symbolic model
checking), if in reactions only events are generated. • Disadvantages:
• Intricate for large systems, limited re-usability of models.• No formal representation of operations on data.• Large part of the system state is hidden in variables. This
limits possibilities for efficient implementation and formal verification.
![Page 22: Chapter 3 Specification Models - ETH Z · Chapter 3 Specification Models Lothar Thiele Discrete Event Systems Winter 2004/2005. 2 Swiss Federal ... • Token game •Examples •](https://reader035.vdocuments.us/reader035/viewer/2022062607/604c86aafe989256b61d6422/html5/thumbnails/22.jpg)
22Swiss FederalInstitute of Technology
Computer Engineeringand Networks Laboratory
Example UML• UML (unified modeling language) is used for the
specification of large software systems and embedded (real-time) systems. The dynamics of a system are modeled using StateCharts and ActivityCharts (similar to Petri Nets).
![Page 23: Chapter 3 Specification Models - ETH Z · Chapter 3 Specification Models Lothar Thiele Discrete Event Systems Winter 2004/2005. 2 Swiss Federal ... • Token game •Examples •](https://reader035.vdocuments.us/reader035/viewer/2022062607/604c86aafe989256b61d6422/html5/thumbnails/23.jpg)
23Swiss FederalInstitute of Technology
Computer Engineeringand Networks Laboratory
StateFlow
• Part ofMatlab-Simulink
• Combinesdiscreteevent andcontinuousmodels
![Page 24: Chapter 3 Specification Models - ETH Z · Chapter 3 Specification Models Lothar Thiele Discrete Event Systems Winter 2004/2005. 2 Swiss Federal ... • Token game •Examples •](https://reader035.vdocuments.us/reader035/viewer/2022062607/604c86aafe989256b61d6422/html5/thumbnails/24.jpg)
24Swiss FederalInstitute of Technology
Computer Engineeringand Networks Laboratory
Petri nets - Motivation
• In contrary to hierarchical state machines, state transitions in Petri nets are asynchronous. The ordering of transitions is partly uncoordinated; it is specified by a partial order.
• Therefore, Petri nets can be used to model concurrent distributed systems.
• There are many models of computation in use that are variants or specializations of Petri nets, e.g.• activity charts (UML)• data flow graphs and marked graphs
• Finite state machines can be modeled in Petri nets.
![Page 25: Chapter 3 Specification Models - ETH Z · Chapter 3 Specification Models Lothar Thiele Discrete Event Systems Winter 2004/2005. 2 Swiss Federal ... • Token game •Examples •](https://reader035.vdocuments.us/reader035/viewer/2022062607/604c86aafe989256b61d6422/html5/thumbnails/25.jpg)
25Swiss FederalInstitute of Technology
Computer Engineeringand Networks Laboratory
Net graph
![Page 26: Chapter 3 Specification Models - ETH Z · Chapter 3 Specification Models Lothar Thiele Discrete Event Systems Winter 2004/2005. 2 Swiss Federal ... • Token game •Examples •](https://reader035.vdocuments.us/reader035/viewer/2022062607/604c86aafe989256b61d6422/html5/thumbnails/26.jpg)
26Swiss FederalInstitute of Technology
Computer Engineeringand Networks Laboratory
Net graph - example
• The net-graph is a bipartite graph.
![Page 27: Chapter 3 Specification Models - ETH Z · Chapter 3 Specification Models Lothar Thiele Discrete Event Systems Winter 2004/2005. 2 Swiss Federal ... • Token game •Examples •](https://reader035.vdocuments.us/reader035/viewer/2022062607/604c86aafe989256b61d6422/html5/thumbnails/27.jpg)
27Swiss FederalInstitute of Technology
Computer Engineeringand Networks Laboratory
Petri net - definition
• The state of a Petri net is its marking M. • M(s) denotes the marking of a place s. Usually, we say
that place S contains M(s) token. In other words, the distribution of tokens on places defines the state of a Petri net.
• The dynamics of a Petri net is defined by a ‘token game’.
![Page 28: Chapter 3 Specification Models - ETH Z · Chapter 3 Specification Models Lothar Thiele Discrete Event Systems Winter 2004/2005. 2 Swiss Federal ... • Token game •Examples •](https://reader035.vdocuments.us/reader035/viewer/2022062607/604c86aafe989256b61d6422/html5/thumbnails/28.jpg)
28Swiss FederalInstitute of Technology
Computer Engineeringand Networks Laboratory
Token game of Petri nets
![Page 29: Chapter 3 Specification Models - ETH Z · Chapter 3 Specification Models Lothar Thiele Discrete Event Systems Winter 2004/2005. 2 Swiss Federal ... • Token game •Examples •](https://reader035.vdocuments.us/reader035/viewer/2022062607/604c86aafe989256b61d6422/html5/thumbnails/29.jpg)
29Swiss FederalInstitute of Technology
Computer Engineeringand Networks Laboratory
Example
initial token
producer consumerfinite length buffer
s1
s2
s3
s4
s5t1
t2 t3
• Initial state represented as state vector: M0 = (1,0,0,2,1)• Activated transitions: t2• After firing t2: M = (0,1,1,1,1) .
![Page 30: Chapter 3 Specification Models - ETH Z · Chapter 3 Specification Models Lothar Thiele Discrete Event Systems Winter 2004/2005. 2 Swiss Federal ... • Token game •Examples •](https://reader035.vdocuments.us/reader035/viewer/2022062607/604c86aafe989256b61d6422/html5/thumbnails/30.jpg)
30Swiss FederalInstitute of Technology
Computer Engineeringand Networks Laboratory
Example continueds1
s2
s3
s4
s5t1
t2 t3
• Activated transitions: t1, t3 . • Non-deterministically, one of them is chosen for firing,
e.g. t3. Then we obtain as new state M = (0,1,0,2,1).• We can see the ‘properties’ of Petri nets: Asynchronous
firing of activated transitions, possibility to model distributed systems.
![Page 31: Chapter 3 Specification Models - ETH Z · Chapter 3 Specification Models Lothar Thiele Discrete Event Systems Winter 2004/2005. 2 Swiss Federal ... • Token game •Examples •](https://reader035.vdocuments.us/reader035/viewer/2022062607/604c86aafe989256b61d6422/html5/thumbnails/31.jpg)
31Swiss FederalInstitute of Technology
Computer Engineeringand Networks Laboratory
Example continued
• If the number of token in the network is bounded, we can determine a finite state transition graph.
(1,0,0,2,1)
(0,1,0,2,1)
t1
t2
(1,0,1,1,1)
(0,1,2,0,1)
t2t3
(1,0,2,0,1)t1 t3
t1
(0,1,1,1,1)
t3
![Page 32: Chapter 3 Specification Models - ETH Z · Chapter 3 Specification Models Lothar Thiele Discrete Event Systems Winter 2004/2005. 2 Swiss Federal ... • Token game •Examples •](https://reader035.vdocuments.us/reader035/viewer/2022062607/604c86aafe989256b61d6422/html5/thumbnails/32.jpg)
32Swiss FederalInstitute of Technology
Computer Engineeringand Networks Laboratory
Modeling capabilities• But we can also systems with unbounded state set!
producer consumerbuffer
s1
s2
s3s5t1
t2 t3
• And we can model basic scenarios such as
conflict fork join/synchronization
![Page 33: Chapter 3 Specification Models - ETH Z · Chapter 3 Specification Models Lothar Thiele Discrete Event Systems Winter 2004/2005. 2 Swiss Federal ... • Token game •Examples •](https://reader035.vdocuments.us/reader035/viewer/2022062607/604c86aafe989256b61d6422/html5/thumbnails/33.jpg)
33Swiss FederalInstitute of Technology
Computer Engineeringand Networks Laboratory
Common model extensions• Associating weights W to edges:
• Transition t is enabled if there are at least W(s1,t) token in s1.
• If transition t fires, then W(t,s2) token are added to place s2and W(s1,t) token are removed from s1.
s1 s2t s1 s2
t2 3 32
• Adding time to transitions:• Specification of discrete event systems with time!• One possibility: A transition fires iff it was continuously
activated for a certain time period.
![Page 34: Chapter 3 Specification Models - ETH Z · Chapter 3 Specification Models Lothar Thiele Discrete Event Systems Winter 2004/2005. 2 Swiss Federal ... • Token game •Examples •](https://reader035.vdocuments.us/reader035/viewer/2022062607/604c86aafe989256b61d6422/html5/thumbnails/34.jpg)
34Swiss FederalInstitute of Technology
Computer Engineeringand Networks Laboratory
Common model extensions
• Individual tokens:• Tokens can ‘carry’ data.• Transitions operate on data of input tokens and associate
data to output token.• The activation of a transition can be dependent on data of
token in places of its pre-set.a b
c error
6 2
[b≠0] / c := a:b [b=0] / error := ‘div0’
c error
a b
3
![Page 35: Chapter 3 Specification Models - ETH Z · Chapter 3 Specification Models Lothar Thiele Discrete Event Systems Winter 2004/2005. 2 Swiss Federal ... • Token game •Examples •](https://reader035.vdocuments.us/reader035/viewer/2022062607/604c86aafe989256b61d6422/html5/thumbnails/35.jpg)
35Swiss FederalInstitute of Technology
Computer Engineeringand Networks Laboratory
What can we do with Petri nets?• We can model (timed, distributed) discrete event systems.• We can simulate them using tools, e.g. MOSES.• We can analyze their timing properties. Methods exist, if
the delays of token are constant or even determined by stochastic processes.
• We can answer questions like:• What is the maximum number of tokens in a specific place?• Is the Petri net bounded (bounded number of tokens under
any firing sequence)?• Does the Petri net eventually enter a state where no transition
is activated (deadlock) ?• Several methods are available to answer these questions (not
part of this lecture).
![Page 36: Chapter 3 Specification Models - ETH Z · Chapter 3 Specification Models Lothar Thiele Discrete Event Systems Winter 2004/2005. 2 Swiss Federal ... • Token game •Examples •](https://reader035.vdocuments.us/reader035/viewer/2022062607/604c86aafe989256b61d6422/html5/thumbnails/36.jpg)
36Swiss FederalInstitute of Technology
Computer Engineeringand Networks Laboratory
Example MOSES
Componenthierarchy
Componenthierarchy
Petri netPetri net
Petri netcomponent
Petri netcomponent