Timed Automata
Timed Automata
Intelligent Light Control
press?
Off
press?
Light
Press?
Bright
Press?
WANT: if press is issued twice quickly
then the light will get brighter; otherwise the light is
turned off.
2
Timed Automata
Intelligent Light Control
Off
press?
X:=0
Light
X<=3
Press?
press?
Bright
Press?
X>3
Solution: Add real-valued clock x
3
Timed Automata
(Alur & Dill 1990)
Clocks: x, y
Guard
n
Action
used
for synchronization
Boolean combination of comp with
integer bounds
x<=5 & y>3
Reset
Action perfumed on clocks
a
State
( location , x=v , y=u )
x := 0
Transitions
m
where v,u are in R
a
( n , x=2.4 , y=3.1415 )
( m , x=0 , y=3.1415 )
e(1.1)
( n , x=2.4 , y=3.1415 )
( n , x=3.5 , y=4.2415 )
4
Timed Safety Automata =
(Henzinger et al, 1992)
Timed Automata + Invariants
n
Clocks: x, y
x<=5
x<=5 & y>3
Location
Invariants
Transitions
( n , x=2.4 , y=3.1415 )
a
e(3.2)
e(1.1)
x := 0
( n , x=2.4 , y=3.1415 )
( n , x=3.5 , y=4.2415 )
m
y<=10
g1
g2 g3
g4
Invariants ensure progress!!
5
Clock Constraints
6
Timed (Safety) Automata
7
Timed Automata: Example
guard
location
reset
8
Timed Automata: Example
guard
location
reset
9
Timed Automata: Example
x3
10
Timed Automata: Example
x3
11
Timed Automata: Example
12
Timed Automata: Example
13
Light Switch
push
y9
click
push
14
Light Switch
push
y9
click
push
 Switch may be turned on
whenever at least 2 time
units has elapsed since
last “turn off”
15
Light Switch
Switch may be turned
on whenever at least
2 time units has
elapsed since last
“turn off”
push
y9
click
push
Light automatically
switches off after 9
time units.
16
Semantics
 clock valuations: V (C ) v : C  R  0
 state:
(l , v) where l  L and v V (C )
Semantics of timed automata is a labeled
transition system ( S , )
where
S  { (l , v) | v V (C ) and l  L }
 action transition
(l , v) 
(l ' , v' ) iff
a
l g a r
l’
g (v) and v'  v[r ] and Inv (l ' )(v' )
(l , v) 
(l , v  d ) iff
d
 delay Transition
Inv (l )(v  d ' ) whenever d '  d  R  0
17
Semantics: Example
push
y9
click
push
3.5
push
(off , x  y  0) 
(off , x  y  3.5) 


push
(on, x  y  0) 

(on, x  y   ) 

3
 (  3)
(on, x  0, y   ) 

(on, x  3, y    3) 9


(on, x  9  (  3), y  9) click

(off , x  0, y  9) ...
18
Networks of Timed Automata
+ Integer Variables + arrays ….
m1
l1
x>=2
i==3
y<=4
a!
a?
………….
x := 0
i:=i+4
l2
Two-way synchronization
on complementary actions.
Closed Systems!
m2
Example transitions
(l1, m1,………, x=2, y=3.5, i=3,…..)
0.2
tau
(l2,m2,……..,x=0, y=3.5, i=7,…..)
(l1,m1,………,x=2.2, y=3.7, I=3,…..)
If a URGENT CHANNEL
19
Timed Systems
Timed Automata
far
approach
x >= 1
x := 0
exit
x := 0
up
near
x <= 5
enter
x>2
in
Train
raise
y := 0
y <= 2
down
Gate
z <= 3
lower
raise
z <= 1
y <= 1
y >= 1
approach
z := 0
Controller
lower
y := 0
exit
z := 0
20
Timed Systems
Timed Automata
far
approach
x >= 1
x := 0
exit
x := 0
up
near
x <= 5
enter
x>2
in
Train
raise
y := 0
y <= 2
down
Gate
z <= 3
lower
raise
z <= 1
y <= 1
y >= 1
approach
z := 0
Controller
lower
y := 0
exit
z := 0
time
21
Timed Systems
Timed Automata
far
approach
x >= 1
x := 0
exit
x := 0
up
near
x <= 5
enter
x>2
in
Train
raise
y := 0
y <= 2
down
Gate
z <= 3
lower
raise
z <= 1
y <= 1
y >= 1
approach
z := 0
Controller
lower
y := 0
exit
z := 0
approach
z <= 3
time
22
Timed Systems
Timed Automata
far
approach
x >= 1
x := 0
exit
x := 0
up
near
x <= 5
enter
x>2
in
Train
approach
z <= 3
raise
y := 0
y <= 2
down
Gate
z <= 3
lower
raise
z <= 1
y <= 1
y >= 1
approach
z := 0
Controller
lower
y := 0
exit
z := 0
lower
y <= 1
time
23
Timed Systems
Timed Automata
far
approach
x >= 1
x := 0
exit
x := 0
up
near
x <= 5
enter
x>2
in
Train
approach
raise
y := 0
y <= 2
down
Gate
z <= 3
lower
raise
exit
z := 0
z <= 1
y <= 1
y >= 1
approach
z := 0
Controller
lower
y := 0
lower
x > 2  x <= 5
enter
x = 2.1
y = 0.9
z = 2.1
time
24
Timed CTL
TCTL = CTL + Time
p  AP, autom ic propositions,
z  D, form ula clocks,
  constraints over formula clocks and automata clocks
z in   “freeze operator” introduces new
formula clock z
E[  U  ], A[  U  ] - like in CTL
No EX 
26
Derived Operators
=
Along any path  holds continuously until within 7 time units
y becomes valid.
=
The property  may becomes valid within 5 time units.
27
Light Switch (cont)
AG( x  y )
AG( on  AF off )
AG( on  AF9off )
push
Aoff U x  2
y9
click
push
Aoff U x  3
Eoff U x  3
Ax  2 U on
Ex  2 U on
28
Timeliness Properties
receive(m) always occurs within 5 time units after send(m)
receive(m) may occur exactly 11 time units after send(m)
putbox occurs periodically (exactly) every 25 time units
(note: other putbox’s may occur in between)
29
Fischer’s Protocol
A simple MUTEX Algorithm
2
´
V
Criticial Section
Init
V=1
A1
V:=1
B1
V=1
CS1
AGCS1  CS2 
A2
V:=2
B2
V=2
CS2
30
Fischer’s Protocol
A simple MUTEX Algorithm
2
´
V
Init
V=1
A1
A2
X<1
Y<1
V:=1
V:=2
X:=0
X>1
B1
Y:=0
B2
Y>1
Criticial Section
V=1
V=2
CS1
AGCS1  CS 2 
AF 2 CS1  CS 2 
CS2
EF2 CS1
31
Paths
push
Example:
y9
click
push
3.5
push
(off , x  y  0) 
(off , x  y  3.5) 


push
(on, x  y  0) 

(on, x  y   ) 

3
 (  3)
(on, x  0, y   ) 

(on, x  3, y    3) 9


(on, x  9  (  3), y  9) click

(off , x  0, y  9) ...
32
Elapsed time in path
Example:
3.5
push
s (off , x  y  0) 
(off , x  y  3.5) 


push
(on, x  y  0) 

(on, x  y   ) 

3
 (  3)
(on, x  0, y   ) 

(on, x  3, y    3) 9


(on, x  9  (  3), y  9) click

(off , x  0, y  9) ...
Ds,13.5, Ds,63.5912.5
33
TCTL Semantics
s - (location, clock valuation)
w - formula clock valuation
PM(s) - set of paths from s
Pos(s) - positions in s
Ds,i) - elapsed time
(i,d) <<(i’,d’) iff (i<j) or ((i=j) and (d<d’))
34
Region Automata
Model Checking
Infinite State Space?
36
Regions
Finite partitioning of state space
”Definition”
y
w  w' iff Beh (l , w)  Beh(l , w' )
for any location l of any
timed automata.
2
w'
1
or
(l,w) and (l,w') satisfy same
w
properties .
1
2
3
x
37
Regions
Finite partitioning of state space
”Definition”
y
w  w' iff Beh (l , w)  Beh(l , w' )
for any location l of any
timed automata.
2
w'
1
or
(l,w) and (l,w') satisfy same
w
properties .
1
2
3
x
max determined
by timed automata
(and formula)
38
Regions
Finite partitioning of state space
Definition
y
w  w' iff w and w' satisfy
the exact same conditions of
the form
xi  n and xi  x j  n
2
w'
1
w
1
where n  max
2
3
x
max determined
by timed automata
(and formula)
39
Regions
Finite partitioning of state space
Definition
y
w  w' iff w and w' satisfy
the exact same conditions of
the form
xi  n and xi  x j  n
2
1
where n  max
1
2
3
x
An equivalence class (i.e. a region)
in fact there is only a finite number of regions!!
40
Regions
Finite partitioning of state space
Definition
y
w  w' iff w and w' satisfy
the exact same conditions of
the form
xi  n and xi  x j  n
2
1
where n  max
r
1
2
3
x
Successor regions, Succ(r)
An equivalence class (i.e. a region)
41
Regions
Finite partitioning of state space
Definition
w  w' iff w and w' satisfy
the exact same conditions of
the form
xi  n and xi  x j  n
y
2
1
{x}r
where n  max
r
{y}r 1
Reset
regions
THEOREM
2
3
x
An equivalence class (i.e. a region) r
Whenever uv  u ' v' then
l,u , v sat 

l,u ', v' sat 
42
Region graph of
a simple timed automata
43
AGCS1  CS2 
Fischers again
A1
Untimed case
A2
Timed case
A1,A2,v=1
A1,A2,v=1
x=y=0
A1,A2,v=1
0 <x=y <1
X<1
Y<1
X:=0
V:=1
B1
Y:=0
V:=2
A1,A2,v=1
x=y=1
X>1
B2
Y>1
V=1
CS1
V=2
CS2
A1,A2,v=1
1 <x,y
Partial
Region Graph
A1,B2,v=2
A1,CS2,v=2
A1,B2,v=2
0 <x<1
y=0
B1,CS2,v=1
A1,CS2,v=2
1 <x,y
CS1,CS2,v=1
A1,B2,v=2
0 <y < x<1
A1,B2,v=2
0 <y < x=1
y=0
A1,B2,v=2
0 <y<1
1 <x
A1,B2,v=2
1 <x,y
A1,B2,v=2
y=1
1 <x
No further behaviour possible!!
44
Modified light switch
45
Reachable part
of region graph
Properties
AG( x  y )
AG( on  AF off )
AG( on  AF9off )
46
Roughly speaking....
Model checking a timed automata
against a TCTL-formula amounts to
model checking its region graph
against a CTL-formula
47
Problem to be solved



Model Checking TCTL is PSPACE-hard
48
END