efficient parameter synthesis for time bounded liveness

1

Beyond Liveness

Efficient Parameter Synthesis for Time Bounded Liveness

Gerd BehrmannKim Guldstrand LarsenJacob Illum Rasmussen

BRICS/CISS, Aalborg University, DENMARK

2

Safety & Liveness

WANG YI: Safety properties

= those that can be checked with reachability analysis

Liveness: properties = those that can not be checked without loop detection

It seems that liveness is very much related to QoS properties e.g. "Over time, every 100 events that occur, there must be at least 10 good ones".

LESLIE LAMPORT: Knowing that something will eventually happen isn't

particularly useful; we'd like to know that it happens before the sun explodes in a few billion years.

Liveness Manifesto“Beyond Safety”, workshopSchloss Ringberg, Germany 2004.

3

Safety & Liveness

PAROSH ABDULLA: The traditional definition of liveness "something good will

eventually occur" is not very useful for an engineer. It is not satisfactory to know that your program will terminate within one year. Bounded liveness is practically more relevant, but it is a safety property.

HARDI HUNGAR: Liveness is what remains if one abstracts away the time

bounds which usually come with every response property.

1. A liveness property is useless in practice if it is not accompanied by bound2. A liveness property accompanied by a bound is a safety property 3. Consequence of the above: There is no liveness property which is useful in practice

4

Bounded Liveness

P2 P1

P6 P3 P4

P7 P5

[10,16][2,3]

[6,6] [10,16]

[2,2] [2,8]

M = {M1,M2}

- Task P={P1,.., Pm} - Machines M={M1,..,Mn}

- Duration ∆ : P ! N1xN1

- < : p.o. on P (pred.)

Task Graph Scheduling w Uncertainty,

FixedPrioritySch.

[2,3]

5

Bounded Liveness

P2 P1

P6 P3 P4

P7 P5

[10,16][2,3]

[6,6] [10,16]

[2,2] [2,8]

M = {M1,M2}

- Task P={P1,.., Pm} - Machines M={M1,..,Mn}

- Duration ∆ : P ! N1xN1

- < : p.o. on P (pred.)

Task Graph Scheduling w Uncertainty,

FixedPrioritySch.

[2,3] A}∙ 35 ( Task1.End Æ … Æ Task7.End )

???

6

Bounded Liveness

4Beyond SafetyApril 2004 Kim G. LarsenU C b  

Train Crossing

River

Crossing

Gate

StopableArea

[10,20]

[7,15]

Queue

[3,5]

7

Bounded Liveness

4Beyond SafetyApril 2004 Kim G. LarsenU C b  

Train Crossing

River

Crossing

Gate

StopableArea

[10,20]

[7,15]

Queue

[3,5]

Að ( Train1.Appr ) A}∙ 98 Train1.Cross ) ???

8

Beyond Liveness = ?rameter Synthesis

9

Beyond Liveness = Parameter Synthesis

How to synthesize the minimum value p for which a time-bounded liveness property is valid ?

Farn Wang, 2000: Parameterized RegionsBruyere, Dall’Olio, Raskin, 2003:

Parameterized TCTL using Presburger ArithmeticMetzner, 2004: Binary Search

Efficiency

10

Outline of Talk

Simulation Graph for Timed Automata

Reduction to Reachability Analysis Parameterized Liveness Analysis Experimental Results

Extensions Priced Timed Automata

(Worst Cost Execution) Timed Games

(Time-optimal Winning Strategies) Conclusions

11

Outline of Talk

Simulation Graph for Timed Automata

Reduction to Reachability Analysis Parameterized Liveness Analysis Experimental Results

Extensions Priced Timed Automata

(Worst Cost Execution) Timed Games

(Time-optimal Winning Strategies) Conclusions

12

Symbolic States & Transitions

n

m

x>3

y:=0

delays to

conjuncts to

projects to

x

y

1<=x<=41<=y<=3

x

y1<=x, 1<=y-2<=x-y<=3

x

y 3<x, 1<=y-2<=x-y<=3

3<x, y=0

x

y

Thus (n,1<=x<=4,1<=y<=3) =a => (m,3<x, y=0)

a

using Zones

13

Reduction to Reachability

φ φ φφ φφ

φ

p

S0

14

Reduction to Reachability

φ φ φφ φφ

φ

p

Assumption: A}φ holds !!Add clock c to modelAdd global variable p

S0

15

Reduction to Reachability

φ φ φφ φφ

φ

Passed Wait

: φ

p

16

Reduction to Reachability

φ φ φφ φφ

φ

Passed Wait

p

: φ

17

Reduction to Reachability

φ φ φφ φφ

φ

Passed Wait

p:=max(p,maxc(S))

: φ

18

Reduction to Reachability

φ φ φφ φφ

φ

Passed Wait

: φ

p

19

Reduction to Reachability

φ φ φφ φφ

φ

Passed Wait

p

: φ

20

Reduction to Reachability

φ φ φφ φφ

φ

Passed Wait

: φ

p

21

Reduction to Reachability

φ φ φφ φφ

φ

Passed Wait

: φ

p

22

Reduction to Reachability

φ φ φφ φφ

φ

Passed Wait

: φ

p

23

Outline of Talk

Simulation Graph for Timed Automata

Reduction to Reachability Analysis Parameterized Liveness Analysis Experimental Results

Extensions Priced Timed Automata

(Worst Cost Execution) Timed Games

(Time-optimal Winning Strategies) Conclusions

24

Liveness Algorithm

PassedST Unexplored

A} φ

: φ

S

Bouajjani, Tripakis, Yovine, 97

25

Liveness Algorithm

PassedST Unexplored

A} φ

: φ

= ?

26

Liveness Algorithm

PassedST Unexplored

A} φ

: φ

27

Liveness Algorithm

PassedST Unexplored

A} φ

: φ

??

28

Liveness Algorithm

PassedST Unexplored

A} φ

: φ

µ

??

29

Liveness Algorithm

PassedST Unexplored

A} φ

: φ

30

Liveness Algorithm

PassedST Unexplored

A} φ

: φ

31

Liveness Algorithm

PassedST Unexplored

A} φ

: φ

32

Outline of Talk

Simulation Graph for Timed Automata

Reduction to Reachability Analysis Parameterized Liveness Analysis Experimental Results

Extensions Priced Timed Automata

(Worst Cost Execution) Timed Games

(Time-optimal Winning Strategies) Conclusions

33

Parameterized Liveness Algorithm

PassedST Unexplored

A} φ

: φ

p

S

34

Parameterized Liveness Algorithm

PassedST Unexplored

A} φ

: φ

p

Add clock c to modelAdd global variable p

S

35

Parameterized Liveness Algorithm

PassedST Unexplored

A} φ

: φ

=π(X) ? p

36

Parameterized Liveness Algorithm

PassedST Unexplored

A} φ

: φ

p:=max(p,maxc(S))

37

Experimental Results

11 random problems. (100 Tasks, 2 Processes)

Task Graph Scheduling Train Gate

38

Outline of Talk

Simulation Graph for Timed Automata

Reduction to Reachability Analysis Parameterized Liveness Analysis Experimental Results

Extensions Priced Timed Automata

(Worst Cost Execution) Timed Games

(Time-optimal Winning Strategies) Conclusions

39

Cost-Bounded Liveness

P2 P1

P6 P3 P4

P7 P5

[10,16][2,3]

[6,6] [10,16]

[2,2] [2,8]

M = {M1,M2}

- Energy-rates C:M ! NxN

Task Graph Scheduling w Uncertainty,

FixedPrioritySch.

[2,3]cost’==1

cost’==5

40

Cost-Bounded Liveness

P2 P1

P6 P3 P4

P7 P5

[10,16][2,3]

[6,6] [10,16]

[2,2] [2,8]

M = {M1,M2}

- Energy-rates C:M ! NxN

Task Graph Scheduling w Uncertainty,

FixedPrioritySch.

[2,3]

A}cost∙ 60 ( Task1.End Æ … Æ Task7.End ) ???

cost’==1

cost’==5

41

Priced Zone

x

y

Δ4

2-1

Z

Cost x , y =2 y−x2

CAV’01

42

Reset

x

y

Δ4

21 -

Z

y:=0

2

43

Reset

x

y

Δ4

2-1

Z

y:=0

2

44

Reset

x

y

Δ4

2-1

Z

y:=0

2

45

Reset

x

y

Δ4

2-1

Z

y:=0

2

1 -1

TACAS’2005: For dual-priced TA we use dual-priced zones:

( Z, {( c1 , d1 ), … ,( ck , dk )} )characterizing ALL cost-pair by which states may be reached !

46

Controller Synthesis and Timed GamesProduction Cell

GIVEN System moves S, Controller moves C, and property φ FIND strategy sC such that sC||S ² φ

A Two-Player Game

GIVEN System moves S, Controller moves C, and property φ FIND strategy sC such that sC||S ² φ

A Two-Player Game

CONCUR 2005

47

Time Optimality Winning Strategy

1

2

3

4

x>1

x∙1

x<1

x:=0

x<1

x∙1

x¸2

Assumption:Known upper bound B-- here 5 (say)

Technique:Add new clock tAdd invariant

t∙B to all locationst unconstrained in initial state(s)

Result:

x

t

Minimum timerequired = 2

48

Experimental Results

49

Conclusion & Future Work

Improvements of algorithms: Pruning: give upper bounds on the remaining time for

reaching goal condition. Guiding: towards most expensive goal state.

Alternative algorithms for parameterized liveness: Breadth-first algorithm Forward on-the-fly algorithm

Extensions to Priced Timed Automata

Implementation in UPPAAL & UPPAAL Cora

50

END