O.Sankur,P.Bouyer,N.Markey53.2ShrinkingasaRemedytoUnrealisticBehaviour - PDF document

O.Sankur,P.Bouyer,N.Markey53.2ShrinkingasaRemedytoUnrealisticBehaviourShrinkabilityalsoexcludesunrealistictimingconstraints,suchasZenobehaviours.Infact,foranytimedautomatonA,considertheautomatonA0obtainedfromAbyaddinganewclocku,theconstraintu0andtheresetu:=0ateveryedge.Clearly,AandA0areisomorphic.IfautomatonA0isshrinkable,thenAdoesnotneedZenostrategiestosatisfythepropertiesprovenfortheexactsemanticsandpreservedbytime-abstractsimilarity(infact,eachu0isshrunktosomeuiwithi�0). `1 `2 y1�1^1+2xx:=0 y1�3;y:=0 Figure1Ashrunktimedautomatonthatisblockingwhenever2�0or3�0.ButunrealistictimingconstraintsarenotlimitedtoZenobehaviours.TheautomatoninFig.1providesanexampleofatimedautomatonwhichisnon-blockingfor1=2=3=0,andletsthetimedivergebutitbecomesblockingwhenever2�0or3�0,soitisnotshrinkable.Asimilarexamplewasprovidedin[11]butwithequalityconstraints,soitistriviallynotshrinkable.Insection5,wegiveanexampleofashrinkabletimedautomaton(Fig.3).3.3DecidabilityofShrinkabilityOurmainresultisthedecidabilityofshrinkability:ITheorem5.Shrinkabilityw.r.t.non-blockingnesscanbedecidedinPSPACE,andinNPifthenumberofoutgoingtransitionsfromeachlocationisbounded.Shrinkabilityw.r.t.simulationisdecidableinEXPTIME.Finally,shrinkabilityisdecidableinEXPTIME.Moreover,wewillshowthatwhenagiventimedautomatonisshrinkable,theleastshrinkingparameterscanbecomputed(seeSection5fordetails).Intherest,wepresenttheproofofthisresult.Webeginbydeningparametricdierence-boundmatrices(DBMs)andgivetoolsforsolvingxpointequationsonDBMsthroughmax-plusequations.Wethenexplainhowthiscanbeusedtodecideshrinkability.InSection6,wepresentaconcreteimplementationsemanticsandprovethatnon-blockingnessandsimulationarepreservedinthissemanticsforallshrinkabletimedautomata. 4Somealgebraictools4.1ParameterizedDierenceBoundMatricesDierenceboundmatricesaredatastructuresusedtorepresentsetsofclockvaluationsintimedautomataanalysis[17].WriteC=f1;:::;Cg,andaddanarticialclockofindex0,thathasconstantvalue0.WeletC0=C[f0g.Adierenceboundmatrix(DBM)overC0isanelementofMC+1(Q1)1.EachM2MC+1(Q1)denesazone,thatis,aconvexsubsetofRC0denedbyJMK=fv2RC0j8x;y2C0;�My;xv(x)�v(y)Mx;yg.Clearly,eachDBMcanbeequivalentlydescribedbyaguard,andconversely.ADBMMisnormalizedwhenforallx;y;z2C0,itholdsMx;yMx;z+Mz;y.Anynon-emptyDBMcanbemadenormalizedinpolynomialtime,byinterpretingitasanadjacencymatrixofaweightedgraphandcomputingallshortestpathsbetweenanytwoclocks. 1Mn(X)isthesetofnnmatriceswithcoecientsinX,wherealldiagonalcoecientsare0. O.Sankur,P.Bouyer,N.Markey7 =Pretime0BBBB@ \Unresety0BBBB@ 1CCCCA1CCCCA Figure2Consideranedge`g;;R���!`0inatimedautomatonwhereg=1y^0x�yandR=fyg.ForanypairofzonesX;Y,theequationY=Pretime(JgK\Unresety(X))expressesthefactthatXcanbereachedinonestepstartingfromY.ConsiderY=J0x;y3^0x�y2K,andX=J1x4^x�y3K.Inthegure,theunionofdarkgrayandlightgrayareasillustratethisequationwhilethedarkgrayareasillustratetheequationbetweenshrunkzones.Letusassumethatweshrinkgtog0=1+k1y^k2x�yandXtoX0=J1+k3x4�k4^x�y3�k5K,forpositiveintegerskiand�0smallenoughsothatthesesetsarenon-empty.Then,byLemma6,wecancomputetheshrinkingparametersforY,sothattheshrunkzoneY0satisesthenewequationY0=Pretime(Jg0K\Unresety(X0)).Weget:Unresety(X0)=J1+k3x3�k5K;Jg0K\Unresety(X0)=J1+max(k1+k2;k3)x3�k5^1+k1y3�(k2+k5)^k2x�y2�(k1+k5)K;Y0=Pretime(Jg0K\Unresety(X0))=Jk2x3�k5^0y3�(k2+k4)^k2x�y2�(k1+k5)K:Thisequalityholdsforall0min(1 k4�k5;2 max(k1+k2;k3)+k5;3 k2+k5;2 k1+k2+k5;2 k1�k2+k5),whereatermis+1ifthedenominatoriszero.ITheorem7.Foranyequationoftheform(E),theexistenceofasolutioninNisdecidableinpolynomialtimeinthesizeoftheequation.Moreover,assumethereisasolutioninNinwhichkn+1;:::;kn+n0takepositivevalues;thengivenanyxedpositivevaluesvn+1;:::;vn+n0,Equation(E)withtheadditionalconstraintskn+i=vn+iforall1in0hasaleastsolution,computableinpolynomialtime.ThesecondpointofTheorem7statesthattheexistenceofsolutionswithpositivevaluesfortheunconstrainedvariablesdoesnotdependontheirexactvalues.Theseresultsrelyonananalysisofmax-plusgraphs,thatweassociatetomax-plusequations.4.3EquationsonshrunkDBMsWenowapplythepreviousresultstosolvingequationsonshrunkDBMs.WeconsiderxpointequationsonDBMsoftheform:Mi=fi(M1;:::;Mn;Mn+1;:::;Mn+n0);81in;(1)whereM1;:::;Mn+n0areunknownnormalizedDBMs(Mn+1;:::;Mn+n0areunconstrained)andfi'sareelementaryfunctions.Weareinterestedinshrunksolutionsdenedasfollows.IDenition8.Fixasolution(Mi)iof(1).Ashrunksolutionof(1)w.r.t.(Mi)iisatriple�(Mi)i;(Qi)i;0
,where0�0andQi'sareshrinkingmatricessuchthatforall00,(Mi�Qi)iisasolutionof(1).Ashrunksolutioniscalledthegreatestshrunksolutionif(Qi)iaretheleastshrinkingmatriceswhichdeneashrunksolutionw.r.t.(Mi)i.Assumethat(1)hasasolutionandxone,say(Mi)i.FromLemma6,thereexistmatrices(i)1inofmax-pluspolynomialss.t.forallshrinkingmatrices(Qi)i,thereexists0�0suchthatMj�j((Qi)i)
=fj((Mi�Qi
)i)forall00andall1jn.ThissuggeststhatwestudythefollowingxpointequationonPSMsPi's,whereeachcoecient 10ShrinkingTimedAutomata `1 `2 `3 `4 1;y1^0u y;u:=0 2;y1^1x^0u x;u:=0 3;1y^0u y;u:=0 4;x;y;u:=0 Figure3Ashrinkabletimedautomaton.Onecaninfactshrinkguardsgiintog01=3x^y1�^y�x1�4^f(),g02=1+x^y1�2^3x�y^f()andg03=y1�^f(),wheref()=u^y�u1�2,Theresultingshrunkautomatoncanbeseentobenon-blockingandtime-abstractsimilartoAforany2[0;1 4].Noticehowadditionalconstraintsappearintheguards.Weacceptifallvericationssucceedandrejectotherwise.Ifaccepted,anysolutionprovidesashrunksolutionof(6),byLemma9.Conversely,ifthereisashrunksolutionof(6),then,0canbeconstructedfortheguessescorrespondingtothissolution,andbyLemma10,0hasasolution.Ifbisxed,thisprocedureisinNP.Otherwise,insteadofmakingguesses,wecandeterministicallytryallpossibleguesses(thenumberofpossibleguessesisO(2(jCj
jLj
b)2)andverifyinpolynomialspace,sotheprocedureistheninPSPACE.Finally,todecideshrinkability,onecanrstcomputeparameterskand0fornon-blockingness,thencheckshrinkabilityw.r.t.simulationsincethelatterdoesnotdependonkand0.Figure3showsanexampleofashrinkabletimedautomaton. 6ImplementationSemanticsInthissection,wepresentanimplementationsemantics,whichtakesintoaccountreactiontimesandclockimprecisions.Oursemanticscorrespondstotheexecutionoftimedautomatabyadigitalsystemthathasasingledigitalclockandnonzeroreactiontime.Oursemanticsiscloselyrelatedtotheonestudiedin[15]withminordierences,butweproveadditionalpropertiesbesidestheonegiventhere.Werstdeneoursemanticsandstateitsproperties,thencompareitwith[15],andwithotherrelatedwork.Wedescribeasystemwhichinteracts,viasendingandreceivingsignals,withaphysicalenvironment(e.g.viasensors).Wedistinguishinputandoutputactions,anddenethetransitionsofthesystemtakingintoaccounttheimprecisionsoftheclock,thetransmissiondelayofsignalsandthereactiontimeofthesystem.WhenaneventisgeneratedattimeTbytheenvironment,itistreatedbythesystemattimeT+,forsome�0whichwillbeboundedbutunpredictable.Similarly,whentheenvironmentreceivesasignalattimeT,itmusthavebeensentatsometimeT�.Weassumethatthesystemignoresanysignalthatisreceivedduringthetreatmentoftheprevioussignal;thisreactiontimewillbealsoboundedbutunpredictable.Wedenethetimestampsofbothinputandoutputactionsasthereactiontimesoftheenvironment,sinceweareinterestedinthebehaviouroftheenvironmentcontrolledbyadigitaltimedsystem.Theimplementationsemanticshasthreeparameters:a)
cistheclockperiod,b)
risthemaximumreactiontime,followingeachaction,c)
tisthemaximumtransmissiondelayofsignalsbetweenthesystemandtheenvironment(above).Wesupposethesystemhasa
c-periodicclock,whosevalue,atanyrealtimeT,isbTc
c=maxk0fk
cjk
cTg.IDenition11.LetA=(L;`0;C;;E)beaTAwith=in[out,and
r;
c;
t�0.TheimplementationsemanticsJAKImplistheTTS(SA;s0;;E)inwhichstatesaretuples(`;T;v;u0):`isalocation,T2R0thecurrentrealtime,v2RC0thetimestampofthelatestresetforeachclock,andu02[0;
r]thereactiontimefollowingthelatestlocation 12ShrinkingTimedAutomata References1T.Abdellatif,J.Combaz,andJ.Sifakis.Model-basedimplementationofreal-timeapplic-ations.InEMSOFT'10,p.229238,NewYork,NY,USA,2010.ACM.2K.AltisenandS.Tripakis.Implementationoftimedautomata:Anissueofsemanticsormodeling?InFORMATS'05,LNCS3829,p.273288.Springer,2005.3R.AlurandD.L.Dill.Atheoryoftimedautomata.TheoreticalComputerScience,126(2):183235,1994.4E.Asarin,O.Maler,andA.Pnueli.Ondiscretizationofdelaysintimedautomataanddigitalcircuits.InCONCUR'98,LNCS1466,p.470484.Springer,1998.5F.Baccellietal.SynchronizationandLinearityAnAlgebraForDiscreteEventSystems.JohnWiley&Sons,1992.6J.BengtssonandW.Yi.Timedautomata:Semantics,algorithmsandtools.InLecturesonConcurrencyandPetriNets,LNCS2098,p.87124.Springer,2004.7G.Berry.ThefoundationsofEsterel.InProof,Language,andInteractionEssaysinHonourofRobinMilner,p.425454.MITPress,2000.8P.Bouyeretal.Timedautomatacanalwaysbemadeimplementable.InCONCUR'11,LNCS6901,p.7691,Aachen,Germany,2011.Springer.9P.Bouyer,N.Markey,andP.-A.Reynier.Robustmodel-checkingoflinear-timepropertiesintimedautomata.InLATIN'06,LNCS3887,p.238249.Springer,2006.10P.Bouyer,N.Markey,andP.-A.Reynier.Robustanalysisoftimedautomataviachannelmachines.InFoSSaCS'08,LNCS4962,p.157171.Springer,2008.11F.Cassez,T.A.Henzinger,andJ.-F.Raskin.Acomparisonofcontrolproblemsfortimedandhybridsystems.InHSCC'02,LNCS2289,p.134148.Springer,2002.12P.Chamuczy«ski.Algorithmsanddatastructuresforparametricanalysisofrealtimesystems.PhDthesis,UniversityofGöttingen,Germany,2009.13A.Davidetal.ModelcheckingtimedautomatawithprioritiesusingDBMsubtraction.InFORMATS'06,LNCS4202,p.128142.Springer,2006.14M.DeWulfetal.Robustsafetyoftimedautomata.FormalMethodsinSystemDesign,33(1-3):4584,2008.15M.DeWulf,L.Doyen,andJ.-F.Raskin.AlmostASAPsemantics:Fromtimedmodelstotimedimplementations.FormalAspectsofComputing,17(3):319341,2005.16H.Dierks.PLC-automata:anewclassofimplementablereal-timeautomata.TheoreticalComputerScience,253:6193,2001.17D.L.Dill.Timingassumptionsandvericationofnite-stateconcurrentsystems.InAVMFSS'89,LNCS407,p.197212.Springer,1990.18M.R.Henzinger,T.A.Henzinger,andP.W.Kopke.Computingsimulationsonniteandinnitegraphs.InFOCS'95,p.453462,1995.19T.A.Henzinger,B.Horowitz,andC.M.Kirsch.Giotto:Atime-triggeredlanguageforembeddedprogramming.InEMSOFT'01,LNCS2211,p.166184.Springer,2001.20T.Huneetal.Linearparametricmodelcheckingoftimedautomata.InTACAS'01,LNCS2031,p.189203.Springer,2001.21R.JaubertandP.-A.Reynier.Quantitativerobustnessanalysisofattimedautomata.InFOSSACS'11,LNCS6604,p.229244.Springer,2011.22A.Puri.Dynamicalpropertiesoftimedautomata.DiscreteEventDynamicSystems,10(1-2):87113,2000.23O.Sankur.Untimedlanguagepreservationintimedsystems.InMFCS'11,LNCS6907,p.556567,Warsaw,Poland,2011.Springer.24A.Tarski.Alattice-theoreticalxpointtheoremanditsapplications.PacicJournalofMathematics,5(2):285309,1955.