Welcome to
Modeling time in computing
A PhD (not only) DEIB course
Teachers:
Carlo Furia
Dino Mandrioli
Angelo Morzenti
Matteo Rossi
Modeling time
1
Outline:
•
Introduction
•
•
•
•
The various “dimensions” of time modeling
Traditional approaches to time modeling (in
engineering) revised
Operational (abstract machine-based) time dependent
models
•
•
•
•
•
•
A few formal preliminaries
Synchronous
Asynchronous
Algebraic approaches
Logic-based approaches
Model-checking and other “dual-language” approaches
to model and analyze time dependent systems
Epilogue and conclusions
Modeling time
2
(Flexible) Schedule and organization (1)
Monday, 8th :
Wednesday, 10th:
Thursday, 11th:
Friday, 12th:
Monday, 15th :
Tuesday, 16th:
Thursday, 18th:
Thursday, 18th:
9.00 --- 11.30
9.00 --- 12.30
9.00 --- 13.00
9.00 --- 13.00
9.00 --- 12.30
14.00 – 16.30
9.00 --- 12.30
14.00 --- 15.30
(Mandrioli)
(Mandrioli)
(Rossi)
(Furia)
(Morzenti)
(Morzenti)
(Rossi-Mandrioli)
(Mandrioli)
Modeling time
3
(Flexible) Schedule and organization (2)
•
Time slots redundant (on purpose)
•
•
To allow for plenty of (informal and free) discussion
(For “official” PhD students):
•
•
•
Each teacher will propose a few exercises (rather heterogeneous in style!)
during his presentation
Students are invited to select a few of them (their choice) and to develop and
supply them to the corresponding proponent(s), within 15 days (flexible)
Their work will be evaluated
•
Further deepening of specific issues, possibly towards real research
welcome
References:
Furia C., Mandrioli D., Morzenti A., Rossi M., “Modeling Time in Computing: A
Taxonomy and a Comparative Survey”, ACM Computing Surveys (CSUR) Volume
42 , Issue 2 , February 2010, 59 pages.
Furia C., Mandrioli D., Morzenti A., Rossi M., Modeling Time in Computing.
Springer, EATCS monograph series, 2012
(go to http://link.springer.com/book/10.1007/978-3-642-32332-4/page/1 and
download it ASAP!)
Modeling time
4
(Flexible) Schedule and organization (3)
• Necessary background:
• A little bit of:
• Automata theory
• Mathematical logic
•
Propositional and predicate calculus
• (if not … let me know!)
Modeling time
5
Introduction
• What is time? t1
•
•
•
•
•
•
•
s( t )  s 0   v( t )dt
t0
If an alarm is raised at time t0, the system must be shut
down within time t1, with t1 ≤ t0 + k
Action B can occur only after action A
Switching a transistor’s state takes a few nanoseconds
Sorting an array of size n by means of a merge-sort
algorithm takes a time poportional to n times the
logarithm of n
The age of the universe is approximately 13.7 billion
years (what happened/existed before the birth of the
universe?)
…
Modeling time
6
• … but also
• “You are always late”
• Time flies
• In pleasant events time is faster, unpleasant
ones never end
• 1/10 sec is the time that elapses between …
• To achieve good coordination we must
synchronize our clocks (there is no time without
clock)
• Time can only advance, never go back
• Zeno’s paradox: Achille, though much faster
than the turtle will never reach it
Modeling time
7
• For a long “time”, time in engineering:
• A mathematical variable t
• But:
•
•
•
•
Always an independent variable? (state(t))
Continuous or discrete?
Time unit: nanoscond or century?
…
• Nowadays “traditional” ways of modeling time
are not always adequate: a more general
framework is needed: this is our goal here
Modeling time
8
• Next steps:
• Some basic mathematic terminology
• “Dimensions”to evaluate and compare timerelated models
Modeling time
9
Some basic terminology
(apologies to those who already know it)
• Language, in the most general meaning
of the term:
•
•
An expression/communication means
A collection of sentences (strings –not
necessarily linear) of characters in an
alphabet
•
•
•
•
•
•
Natural
Programming
Musical
Graphic
A (communication) protocol
…
Modeling time 10
Syntax and semantics (1)
(apologies to those who already know it)
• Syntax: how to build language sentences:
•
•
A sentence consists of a noun phrase followed by a verb
phrase. The noun phrase is a noun (possibly preceded by a
determiner such as an article) or a pronoun. …
<Conditional-statement> ---->
• If (<Cond> ) <Statement> [else <Statement>]
•
But also:
•
…
Modeling time 11
Syntax and semantics (2)
(apologies to those who already know it)
•
Semantics: assigning meaning to language sentences:
•
if (x > 3) { x = x + 1; } else { x = x – 1; }:
•
•
f(1) = 0; f(2) = 1; f(5) = 6; ….
Ambiguous semantics
•
(different meanings for the same sentence):
•
if (C1) if (C2) S2 else S3
•
•
10: ten, two or what?
…
• Conversely:
•
Multiple expressions for the same meaning:
•
•
for (i = 0, i < n, i++) do …
i = 0; while (i < n) ….
Modeling time 12
Language formality (1)
•
Formal languages:
•
A ---> a A | b ===> L = { a+b}
b
a
• Informal (natural) languages:
•
•
•
To be or not to be
Io credo ch’ei credette ch’io credessi
….
Modeling time 13
Language formality (2)
•
Partially formal (semiformal) languages:
•
•
Often:
Formal syntax an informal semantics
•
(a)
(b)
“three-way handshake”:
(a) the communication is successfully established
(b) a timeout occurs after the syn message.
what if the syn-ack message is received after the timeout is triggered?
Modeling time 14
(Languages for) system modeling
Modeling time 15
Operational vs. descriptive languages
Operational formulation:
“When the last digit of the correct security code is
entered, the safe opens;
then, if the safe remains open for three minutes, it
automatically closes.”
Descriptive formulation:
“The safe is open if and only if the correct security code
has been entered no more than three minutes ago.”
Modeling time 16
Operational vs. descriptive languages
Operational formulation:
correct digit
incorrect digit
1
correct
digit
2
correct
digits
correct digit
correct digit
incorrect digit
incorrect digit
open
closed
1 minute
1 minute
2
minutes
elapsed
1 minute
1
minute
elapsed
Modeling time 17
Operational vs. descriptive languages
Descriptive formulation:
( Open   Closed ) 
( Open  Correct_code_entered_within_three_minutes ) (*)
Open 
Correct_code_entered_within_three_minutes

(**)
(Safe_opened_in_the_past  Stay_open_issued_since_last_opening)
Mathematical logic(s): the principal descriptive formal language(s)
Modeling time 18
Operational vs. descriptive languages
Descriptive formulation (in predicate calculus):
t ( (Open (t)   Closed (t))

(*+)
(Open (t)  u ( (t − 3  u < t)  Correct_code_entered (u) ) )
(preliminary, self-testing) exercise:
Provide a predicate logic extension of the propositional formula (**)
Modeling time 19
Operational vs. descriptive languages:
not that sharp:
Operational (style) formulation (in predicate calculus): (*++)
t (
(Open (t)   Closed (t))

(Correct_code_entered (t)  u ( (t + 1  u  t + 3)  Open (u)))

(u ( (t  u  t + 2)  (Open (u)  Correct_code_entered (u)))  Closed (t + 3))

(Closed (t)   Correct_code_entered (t)  Closed (t + 1))
)
The flexibility and generality of mathematical logic(s) allows for adopting an operational as well as
a descriptive style.
Modeling time 20
The dimensions of time
•
•
Time is a physical quantity
Once we set the appropriate unit to measure we have
fully characterized it:
•
•
•
•
•
•
•
Seconds?
Too long or too short?
The real axis? The discrete axis? Semi-infinite or twosided?
…
Not everything so obvious
Modeling time must be evaluated from different
perspectives: “dimensions”.
They will be our reference to evaluate and compare
(time-dependent system models)
Modeling time 21
1.
Discrete vs. Dense Time Domains
• A well known distinction:
•
•
N (natural numbers), Z (integers), vs.
Q (rational numbers), R (reals), Q+, R+, …
• But also:
•
Continuous vs. Non-Continuous Time Models
•
•
•
Many “clocks” are uncomparable:
What’s the ratio between one year and one day, and one
second?
More technically:
•
We will see that some algorithms to decide system properties
work well with time domain Q but do not apply when time
domain is R
Modeling time 22
2.
Bounded, Finite, and Periodic Time Models
• In principle time is infinite … but:
•
Is it always necessary to “inspect” system
behavior in [- … + ]?
•
•
•
If system behavior is periodic …
Perhaps to understand whether the ABS of a car
behaves properly it is suffcient to observe its
behavior within a time window of a few seconds minutes at mostIf the (time) domain is bounded and discrete it is
finite … and originally undecidable problems become
decidable ===> we can “approximate” problems that
are undecidable in general cases into decidable ones
by suitably restricting the domain of interpretation
•
E.g., through discretization and sampling
Modeling time 23
3.
Hybrid systems and (time) models
• Traditionally discrete and continuous
(system) models were two well-separated
worlds:
•
(differential) equations, Laplace and Fourier
transforms, …
•
•
vs.
Difference equations, Z transforms, automata, …
• Nowadays, typically:
Continuous
process
Computer-based
controller
Modeling time 24
4.
0
1
a
•
•
•
•
2
3
4
b
Ordering vs. metric
5
6
a
7
8
9
10 11 12 13 14 15 16 17 18 19 20
b
a
b
a
Every a is followed by a b within 4 time units and every b is
followed by an a after exactly 2 time units.
Every a is followed by a b and every b is followed by an a.
If (after) an alarm is raised the system must be shut down,
then repaired and finally can be restarted
If an alarm is raised the system must be shut down within 10
seconds; it must be repaired within 3 minutes and must be
restarted within 10 minutes.
Modeling time 25
4.1 Total vs. partial ordering
• Time is totally ordered … isn’t it?
• Yes but …
•
•
•
•
•
•
•
In a car there is:
The anti-lock braking system
Another subsystem electronically controlled is responsible for moving the
car windows.
the braking system must release the brakes within, say, 1/10 second
whenever the wheels are blocked and the vehicle is moving,
the electric windows must shut completely within, say, 7 seconds
whenever a passenger clicks the button.
In an overall model of the car, the events “wheels become blocked” and
“brakes released” are strictly ordered, and so are the two other events
“button clicked” and “windows become closed”.
However, there is no reason to define an order between events of the
braking subsystem and of the window control: the events in the overall
system are only partially ordered, and so are the instants of time when
they may occur.
Modeling time 26
5.
Time granularity
• We are designing a car engine:
•
We “reason” in terms of (k)r.p.m.
• We are designing an electronic circuit:
•
We “reason” in terms of nanoseconds
• We are designing a university curriculum:
•
We “reason” in terms of (credits per) year
• … but, what if
• We are designing a hydroelectric, computer controlled, power
system:
•
•
•
•
•
Water dynamics evolves in the “scale” of minutes
Electricity generation and distribution too (approximately ….)
Control subsystem is responsible to take “decisions” (e.g. load shedding) in
real-time i.e., within seconds or less (and its internals have a dynamic
paced by micro or nanoseconds)
Water accumulation in the reservoirs takes weeks or months
…
• How should we model the global system?
Modeling time 27
5.
Time granularity
• How should we model the global system?
• From a mathematical point of view the answer could seem
obvious:
• Refer everything to the smallest time unit
• OK, but it is at least “uncomfortable” to say that a
reservoir of xxx m3 takes yyyy nanoseconds to fill up.
• But in other cases it is not just a matter of
“changing time unit”:
Modeling time 28
5.
Time granularity
• “every month, if an employee works, then she gets her salary”
• “whenever an employee is assigned a job, this job should be
completed within three days”
• We decide that the month is not the appropriate time unit to
describe the firm’s life and we move to the finer time unit “day”:
• “every day, if an employee works, then she gets her salary” ??
• “this job has to be finished within 3 days from now” at 4 PM on
16 June 2011.
• “This job has to be finished within 3.24.60.60 seconds counting from
now” ?
• “this job has to be finished by 6 PM on 19 June 2011”?
• “this job has to be finished by midnight on 19 June 2011”?
Modeling time 29
5.
Time granularity
• There is lot of implicit knowledge in the interpretation of
sentences that refer to a coarse time scale at the level of a finer
one.
• Exercise:
Consider the following sentences:
Tomorrow, I will eat
Tomorrow, I will work
Tomorrow, I will go to the bank to pay my monthly bills
Tomorrow, I will stay in the city.
• Based on your intuitive understanding thereof:
•
•
Build sample interpretations of the above sentences in a time axis with a finer time unit than
the day (say hours or -better-minutes)
By choosing the appropriate time unit (again, hours or minutes) build suitable first-order
formulas that formalize the semantics of the above sentences in agreement with their
common sense interpretation.
Modeling time 30
6.
Linear vs. Branching Time Models
•
(a)
(b)
• Time model (b) can be useful e.g., to interpret the behavior of parallel
systems
• Notice that in this figure time is still “metric”, but if we “erase” the metrics
therefrom we obtain a partial order.
Modeling time 31
7.
Deterministic, Nondeterministic, and
Probabilistic Models
• Deterministic evolution:
• x(t+1) = f(x(t), u(t))
• Nondeterministic evolution:
• x(t+1) = f(x(t), u(t)) OR g(x(t), u(t)) OR …
a
a
• Nondetermism useful in various contexts:
• (Advanced) programming languages
• Search algorithms
• Concurrent systems
Modeling time 32
7.
Deterministic, Nondeterministic, and
Probabilistic Models
• Probabilistic (stochastic) evolution:
a /30%
• A)
a /70%
• B)
Probability distribution
1
0
t
Modeling time 33
7.
Deterministic, Nondeterministic, and
Probabilistic Models
• Nondeterministic behavior could be naturally “paired with”
branching time, but the two concepts are different
• Nondeterministic modeling not to be confused with probabilistic
modeling:
• Nondeterminism ---> lack of knowledge: anyone of the possible behaviors
may occur, but no indication on preference: e.g., an implementer to which
a nondeterministic specification is given is totally free to choose any
implementation compatible with it.
• Probability distribution is knowledge about possible behaviors: for large
numbers of “experiments” 30% go according to (a) and 70% according to
(b). Conversely, in a nondetermistic specification all of them could be of
the same type.
• Mathematical models for specifying nondeterministic systems are of the
same type as deterministic ones (in general, roughly speaking, we need
quantification w.r.t. possible behaviors); stochastic modeling follows a
sharply different mathematical approach, rooted in probability calculus.
Modeling time 34
8.
Implicit vs. Explicit Time Reference
• Sometimes we refer explicitly to a time value in a given time axis:
•
During the year 1625, a dramatic famine struck Europe; the famine lasted until the
beginning of the year 1630.
• Other times we refer implicitly to the time occurrence of some events:
•
•
Engineering artifacts are often time-invariant systems, naturally described
with an implicit “now”:
•
•
•
Every lie is eventually uncovered
The speed of a braking car decreases proportionally to the relative time since when
braking starts.
The discharge time of a capacitor attached to a resistor only depends on the resistor’s
resistance, the capacitor’s capacity, and the initial charge accumulated, irrespective of
the absolute time when discharging starts.
Often there is a blend of implicit and explicit –possibly metric- time
reference:
•
If I push the button (implicit now) the window will be open within 3 seconds (explicit
time bound)
Modeling time 35
9.
•
•
The Time Advancement Problem
Starting from Zeno’s paradox (Achille and the turtle):
System’s behavior (model) can exhibit:
•
•
•
An infinite sequence of steps that “never passes a time threshold” (just called
“Zeno behavior”).
A continuous behavior with a frequency that goes to  (such as sin (1/x) )
An infinite sequence of steps that “does not converge” as it happens with Zeno’s
behaviors but whose relative distance gets smaller and smaller (e.g., as in the
1
series  (this behavior is labeled as “Berkeley behavior”).
n
• Are such behaviors realistic? Should they be ruled out a priori from the
models? Should their (non) existence be verified a posteriori?
• (We will see that) Some models allow for 0-time transitions, i.e.,
changes of system state during which time does not progress: is this a
reasonable time modeling approach? (remember that we pointed out
that time evolution often occurs at very different time granularities).
Modeling time 36
A couple of (real-time) exercises
• Consider a system whose state s evolves according to the function of
time s(t) = sin(t2). How would you classify such a behavior? A Zeno
behavior? A Berkeley behavior? None of them?
• An unbounded sequence of events occur each at time t1, t2, …, ti, ti+1, …,
where
t1 = 0
tk+1 = tk + dk
for k ≥ 1
1.
2.
3.
4.
5.
6.
7.
Define, if possible, a sequence of values d1, d2, d3, … such that the resulting
sequence of events is:
Zeno and all events but the first occur at irrational times
Zeno and all events occur at integer times
Non-Zeno and Berkeley
Zeno and Non-Berkeley
Non-Berkeley and all events but the first occur at irrational times
Non-Berkeley and all events occur at integer times
Modeling time 37
10. Concurrency and Composition
• Systems are composed of various modules
• When such modules “run” concurrently various aspects of their
composition impact on their time behavior
• Typical risks:
• Deadlock: the whole system is blocked
• Starvation: some system component never progresses (either because it
can’t –it is blocked or dead- or because it could run but never gets
permission to proceed)
• Two basic approaches to compose concurrent modules:
• Synchronous
• Asynchronous
• Two basic approaches to let concurrent modules communicate
between each other:
• Accessing shared resources
• Message passing
Modeling time 38
11. The analysis and verification issue
• In this course our attention is focused on modeling rather than on
(algorithms and methods to) analyze and verify model properties.
• However, analyzability (e.g., decidability) is an important property
on whose basis to evaluate and compare the overall quality of a
model.
• A few typical qualities on which to evaluate them:
• Expressiveness
•
•
Mathematically defined
Subjectively evaluated (better called “naturalness” to avoid misunderstandings)
• Decidability and complexity (nowadays much attention devoted to this
(these) aspect(s))
• Analysis and verification techniques
•
•
Static versus dynamic
Exhaustive/brute force (+ heuristic) vs. “clever”
Modeling time 39
What next?
1. Revisiting traditional time modeling and analysis techniques at
the light of the above dimensions (and not only)
2. To introduce more recent and sophisticated ones on the basis of
an already solid background
3. At the end: summing up
4. Throughout: discuss, clarify, comment!
Modeling time 40