lecture 81 regional automaton cs 5270 lecture 8. lecture 82 what we need to do problem: –we need...
TRANSCRIPT
Lecture 8 1
Regional Automaton
CS 5270 Lecture 8
Lecture 8 2
What We Need to Do
• Problem: – We need to analyze the timed behavior of a TTS.– The timed behavior of TTS is given by TSTTS – But TSTTS is an infinite transition system!
• Solution:– Represent TSTTS as a finite transition system.– How?– By using the notion of regions, quotient TSTTS into a
finite transition system RTS.– Using regions we can compute RTS from TTS.– UPPAAL computes a refined version of RTS from
TTS.
Lecture 8 3
The Reductions.
TSTTS
TATTS
RTS
Both the set of states and actions are infinite.
Time abstraction
Finite set of actions but infinite set of states.
Quotient via bisimulation of finite index.
Both states and actions are finite sets.
TTSSemantics
Regions
Lecture 8 4
The Reductions.
TSTTS
TATTS
RTS
Both the set of states and actions are infinite.
Finite set of actions but infinite set of states.
Both states and actions are finite sets.
RTS is computed directly from TTS (a finite object)
s is reachable in TTS iff the corresponding state is reachable in RTS.
TTSSemantics
Regions
Lecture 8 5
The Reductions.
TSTTS
TATTS
RTS
Both the set of states and actions are infinite.
Finite set of actions but infinite set of states.
Both states and actions are finite sets.
TTSSemantics
Regions
Lecture 8 6
Behaviors
• TTS = (S, sin, Act, X, I, )
• We associate a “normal” transition system with TTS while taking time into account:– TSTTS = (S, sin, Act R, )
– R, non-negative reals S Act R S
• TSTTS is an infinite transition system!
Lecture 8 7
Behaviors
• TTS = (S, sin, Act, X, I, )
• TSTTS = (S, sin, Act R, )
• S = S V
• V --- Valuations– A valuation says what the current values of
each clock variable is. v : X R
Lecture 8 8
Behaviors
• TTS = (S, sin, Act, X, I, !)
• TSTTS = (S, sin, Act R, ) R, non-negative reals S Act R S
• S = S V
• sin = (sin, VZERO)
– VZERO (x) = 0 for every x in X.
Lecture 8 9
Behaviors
• There will be two types of transitions.
• Time pass move:– (s, v) (s, v’)
t units of time pass starting from V. V’ (x) = V(x) + t for every x. V’ = V + t
t
Lecture 8 10
Behaviors
• Instantaneous transition.– (s, v) (s’, v’)– In TTS there is a transition of the form
(s, a, X, g, s’) such that: V satisfies g. V’(x) = 0 if x is in X. V’(x) = V(x) if x is not in X.
a
Lecture 8 11
The Reductions.
TSTTS
TATTS
RTS
Both the set of states and actions are infinite.
Finite set of actions but infinite set of states.
Both states and actions are finite sets.
TTSSemantics
Regions
Lecture 8 12
Time Abstraction
• TTS = (S, S0, Act, X, I, !) s 2 S
• TSTTS = (SV, svin, Act [ R, ))
• TATTS = (SV, svin, Act, ) where :
– (s, V) (s’, V’) iff there exists such that
– (s, V) ) (s, V+) in TS and
– (s, V+) ) (s’, V’) in TS.
a
a
Lecture 8 13
Time Abstraction
• TTS = (S, S0, Act, X, I, !) s 2 S
• TSTTS = (SV, svin, Act [ R, ))
• TATTS = (SV, svin, Act, )
• FACT: s is reachable in TTS (TS) iff s is reachable in TA.
• Infinite number of states but only a finite number of actions.
Lecture 8 14
The Reductions.
TSTTS
TATTS
RTS
Both the set of states and actions are infinite.
Finite set of actions but infinite set of states.
Both states and actions are finite sets.
TTSSemantics
Regions
Lecture 8 15
Bisimulation
• Finite index bisimulation relation – Used to quotient a big transition system into
small one. big --- infinite small ---- finite.
Lecture 8 16
Bisimulation
• TS = (S, sin, Act, !)• t S S, an equivalence relation
– s s for every s in S (reflexive)– s s’ implies s’ s (symmetric)– s s’ and s’ s’’ implies s s’’ (transitive) – s t t and s s’ implies there exists t’
such that t t’ and s’ t t’.– s t t and t t’ implies there exists s’ such
that s s’ and s’ t t’.
a
a
a
a
Lecture 8 17
Stable Relation
s t t
a
s’
Lecture 8 18
Stable Relation
s’
s t t
a
t t’
a
Lecture 8 19
Finite Index Bisimulation
• TS = (S, sin, Act, !)
• t a bisimulation.
• s S
• [s]t – the equivalence class containing s.
– {s’ | s t s’}
• t is of finite index if {[s] | s S} is a finite set.
Lecture 8 20
An Example
1 2 3 4 5 6a b a b a b
i t j iff (i is odd and j is odd) OR (i is even and j is even).
t is a bisimulation of finite index.
{1, 3, 5,….} = [5] {2, 4, 6, ..} = [8]
Lecture 8 21
The Quotient Transition System
• TS = (S, sin, Act, )
• t a bisimulation.
• QTS = (QS, qsin, Act, )
– The t - quotient of TS.
– QS = { [s]t | s 2 S}
– qsin = [sin]t
– [s] [s’] iff there exists s1 [s] and s1’ [s’] such that s1 s1’ in TS.
a
a
22
An Example
1 2 3 4 5 6a b a b a b
i t j iff (i is odd and j is odd) OR (i is even and j is even).
t is a stable equivalence relation of finite index.
{1, 3, 5,….} = [5] {2, 4, 6, ..} = [8]
[5] [12]
a
b
Lecture 8 23
The Reductions.
TSTTS
TATTS
RTS
Both the set of states and actions are infinite.
Finite set of actions but infinite set of states.
Both states and actions are finite sets.
TTSSemantics
Regions
Lecture 8 24
The Equivalence based on Regions.
• TA = (SV, svin, Act, )
• t SV SV, a bisimulation of finite index.
• (s, V) t (s’, V’) iff– s = s’– V Reg V’
V and V’ belong to the same clock region.
Lecture 8 25
The Equivalence based on Regions.
• TTS = (S, S0, Act, X, I, !) • Let m1/ n1, m2 / n2,…, mk / nk be all the
(irreducible) rationals that appear in the transitions. Let K be the LCM of {n1, n2,.., nk}.
• Transform a constraint of the form x · m/n into x · (m/n) £ K etc.
• Let TTS’ be the resulting timed transitions system. Then s is reachable in TTS iff it is reachable in TTS’.– TTS’ has only integer-valued constants in the guards!
Lecture 8 26
An example
x < 2.1 y > 2x 1.2 ; y
ay < 2.3
b
21/10 12/10 2 = 20/10 23/10
Lecture 8 27
An example
x < 21 y > 20x 12 ; y
ay < 23
b
Reachability properties will be preserved,
Lecture 8 28
The Equivalence based on Regions.
• TA = (S, S0, Act, )
• t µ S £ S , a bisimulation of finite index.
• (s, V) t (s’, V’) iff– s = s’– V Reg V’ ( V and V’ belong to the same
region).
Lecture 8 29
Regional Equivalence
• X = {x1, x2, …, xn}, the set of clock variables.• V, V’ ---- Two clock valuations.
– V : X R– V’ : X R
• V Reg V’ ?• r 2 R.
– b r c , the largest integer less than or equal to r. (the integral part of r).
– b 2.8 c = 2– b c = 3
• r 2 R– fr( r ) , the fractional part of r.
• r = b r c + fr(r)
Lecture 8 30
Regional Equivalence
• X = {x1, x2, …, xn}, the set of clock variables.• V, V’ ---- Two clock valuations.
– V : X R– V’ : X R
• V Reg V’ ?• cx = MAX{ c | “x REL c” is a
clock constraint appearing in some guard or invariant} • x REL c ----- x ≤ c x ≥ c x < c x > c • We are assuming all constants mentioned in the guards
are integers.
Lecture 8 31
An example
x < 21 y > 20x 12 ; y
ay < 23
b
Cx = ? Cy = ?
Lecture 8 32
Regional Equivalence
• X = {x1, x2, …, xn}, the set of clock variables.• V, V’ ---- Two clock valuations.• V Reg V’ iff
(i) For every x, either b V(x) c > cx and b V’(x) c > cx
OR V(x) · cx and V’(x) cx. Further, V(x) = V’(x) and fr(V(x))
= 0 iff fr(V’(x)) = 0
(ii) Suppose V(x) · cx and V(y) · cy. Then fr(V(x)) · fr(V(y)) iff fr(V’(x)) · fr(V’(y)).
Lecture 8 33
An example
x < 21 y > 20x 12 ; y
ay < 23
b
V(x) = 22
V(y) = 21.6
V’(x) = 87
V’(y) = 21.8
Lecture 8 34
An example
x < 21 y > 20x 12 ; y
ay < 23
b
V(x) = 22
V(y) = 21.6
V’(x) = 24
V’(y) = 21.6
Lecture 8 35
An example
x < 21 y > 20x 12 ; y
ay < 23
b
V(x) = 20.4
V(y) = 21.6
V’(x) = 20.8
V’(y) = 21.9
Lecture 8 36
An example
x < 21 y > 20x 12 ; y
ay < 23
b
V(x) = 20.4
V(y) = 21.6
V’(x) = 20.8
V’(y) = 21.9
Lecture 8 37
An example
x < 21 y > 20x 12 ; y
ay < 23
b
V(x) = 20.4
V(y) = 21
V’(x) = 20.8
V’(y) = 21
Lecture 8 38
Example
X = {x, y} cx = 2 cy = 1
{(0, 1)} is a region.
{(x, y) | 0 < x = y < 1} is a region.
28 regions.
Lecture 8 39
Regional Equivalence
• Reg is an equivalence relation (of finite index!);
• Each equivalence class of Reg is called a region.
• There are only a finite number of regions.
Lecture 8 40
The Equivalence based on Regions.
• TA = (SV, svin, Act, )
• t µ SV SV a bisimulation of finite index.
• (s, V) t (s’, V’) iff– s = s’– V Reg V’ ( V and V’ belong to the same
region).
Lecture 8 41
The Quotienting
• One member of a clock region satisfies a clock constraint iff all members of the clock region satisfy the clock constraint.
• This can be used to compute the t -quotient of TA, called the regional transition system.
Lecture 8 42
The Reductions.
TSTTS
TATTS
RTS
Both the set of states and actions are infinite.
Finite set of actions but infinite set of states.
Both states and actions are finite sets.
TTSSemantics
Regions
Lecture 8 43
Time Abstraction
• TTS = (S, S0, Act, X, I, !) s 2 S
• TSTTS = (SV, svin, Act [ R, ))
• TATTS = (SV, svin, Act, ) where :
– (s, V) (s’, V’) iff there exists such that
– (s, V) ) (s, V+) in TS and
– (s, V+) ) (s’, V’) in TS.
a
a
Lecture 8 44
The Region Automaton
• TATTS = (SV, svin, Act, )• (s, V) (s’, V’) iff s = s’ and V and V’ belong to
the same clock region.• [(s, V)] --------- (s, [V]).• RTS = (SRV, srVin, Act, )
– SRV = {(s, [V]) | (s, V) in SV }– srVin = (sin, [Vzero]) = (sin, {Vzero}) – (s, [V]) (s’, [V’]) iff for some V1 in [V] and some
V1’ in [V’] it is the case that in TATTS, (s, V1) (s’, V1’)
a
a
Lecture 8 45
Example: TTS
Lecture 8 46
The Representation of Regions
• For each clock x specify one formula of the form:– c x < c + 1 where c is in {0, 1, …., cx -1} OR
c = cx OR x > cx
– For each clock pair specify a constraint of the form x – y = 0 or x – y < k or y –x < k for a suitable k in case x cx and y cy.
Example: The Regional Transition System.
Only the reachable states have been shown.
Lecture 8 48
The Regional Construction
• Given a timed transition system, its (finite!) regional transition system can be computed effectively.
• Hence one can effectively solve the reachability problem (and other verification problems) concerning timed transition systems.
• This is the mathematical basis for the verification tools for timed transition systems and timed automata.