efficient parameter synthesis for time bounded liveness
TRANSCRIPT
1
Beyond Liveness
Efficient Parameter Synthesis for Time Bounded Liveness
Gerd BehrmannKim Guldstrand LarsenJacob Illum Rasmussen
BRICS/CISS, Aalborg University, DENMARK
2
Safety & Liveness
WANG YI: Safety properties
= those that can be checked with reachability analysis
Liveness: properties = those that can not be checked without loop detection
It seems that liveness is very much related to QoS properties e.g. "Over time, every 100 events that occur, there must be at least 10 good ones".
LESLIE LAMPORT: Knowing that something will eventually happen isn't
particularly useful; we'd like to know that it happens before the sun explodes in a few billion years.
Liveness Manifesto“Beyond Safety”, workshopSchloss Ringberg, Germany 2004.
3
Safety & Liveness
PAROSH ABDULLA: The traditional definition of liveness "something good will
eventually occur" is not very useful for an engineer. It is not satisfactory to know that your program will terminate within one year. Bounded liveness is practically more relevant, but it is a safety property.
HARDI HUNGAR: Liveness is what remains if one abstracts away the time
bounds which usually come with every response property.
1. A liveness property is useless in practice if it is not accompanied by bound2. A liveness property accompanied by a bound is a safety property 3. Consequence of the above: There is no liveness property which is useful in practice
4
Bounded Liveness
P2 P1
P6 P3 P4
P7 P5
[10,16][2,3]
[6,6] [10,16]
[2,2] [2,8]
M = {M1,M2}
- Task P={P1,.., Pm} - Machines M={M1,..,Mn}
- Duration ∆ : P ! N1xN1
- < : p.o. on P (pred.)
Task Graph Scheduling w Uncertainty,
FixedPrioritySch.
[2,3]
5
Bounded Liveness
P2 P1
P6 P3 P4
P7 P5
[10,16][2,3]
[6,6] [10,16]
[2,2] [2,8]
M = {M1,M2}
- Task P={P1,.., Pm} - Machines M={M1,..,Mn}
- Duration ∆ : P ! N1xN1
- < : p.o. on P (pred.)
Task Graph Scheduling w Uncertainty,
FixedPrioritySch.
[2,3] A}∙ 35 ( Task1.End Æ … Æ Task7.End )
???
6
Bounded Liveness
4Beyond SafetyApril 2004 Kim G. LarsenU C b
Train Crossing
River
Crossing
Gate
StopableArea
[10,20]
[7,15]
Queue
[3,5]
7
Bounded Liveness
4Beyond SafetyApril 2004 Kim G. LarsenU C b
Train Crossing
River
Crossing
Gate
StopableArea
[10,20]
[7,15]
Queue
[3,5]
Að ( Train1.Appr ) A}∙ 98 Train1.Cross ) ???
8
Beyond Liveness = ?rameter Synthesis
9
Beyond Liveness = Parameter Synthesis
How to synthesize the minimum value p for which a time-bounded liveness property is valid ?
Farn Wang, 2000: Parameterized RegionsBruyere, Dall’Olio, Raskin, 2003:
Parameterized TCTL using Presburger ArithmeticMetzner, 2004: Binary Search
Efficiency
10
Outline of Talk
Simulation Graph for Timed Automata
Reduction to Reachability Analysis Parameterized Liveness Analysis Experimental Results
Extensions Priced Timed Automata
(Worst Cost Execution) Timed Games
(Time-optimal Winning Strategies) Conclusions
11
Outline of Talk
Simulation Graph for Timed Automata
Reduction to Reachability Analysis Parameterized Liveness Analysis Experimental Results
Extensions Priced Timed Automata
(Worst Cost Execution) Timed Games
(Time-optimal Winning Strategies) Conclusions
12
Symbolic States & Transitions
n
m
x>3
y:=0
delays to
conjuncts to
projects to
x
y
1<=x<=41<=y<=3
x
y1<=x, 1<=y-2<=x-y<=3
x
y 3<x, 1<=y-2<=x-y<=3
3<x, y=0
x
y
Thus (n,1<=x<=4,1<=y<=3) =a => (m,3<x, y=0)
a
using Zones
13
Reduction to Reachability
φ φ φφ φφ
φ
p
S0
14
Reduction to Reachability
φ φ φφ φφ
φ
p
Assumption: A}φ holds !!Add clock c to modelAdd global variable p
S0
15
Reduction to Reachability
φ φ φφ φφ
φ
Passed Wait
: φ
p
16
Reduction to Reachability
φ φ φφ φφ
φ
Passed Wait
p
: φ
17
Reduction to Reachability
φ φ φφ φφ
φ
Passed Wait
p:=max(p,maxc(S))
: φ
18
Reduction to Reachability
φ φ φφ φφ
φ
Passed Wait
: φ
p
19
Reduction to Reachability
φ φ φφ φφ
φ
Passed Wait
p
: φ
20
Reduction to Reachability
φ φ φφ φφ
φ
Passed Wait
: φ
p
21
Reduction to Reachability
φ φ φφ φφ
φ
Passed Wait
: φ
p
22
Reduction to Reachability
φ φ φφ φφ
φ
Passed Wait
: φ
p
23
Outline of Talk
Simulation Graph for Timed Automata
Reduction to Reachability Analysis Parameterized Liveness Analysis Experimental Results
Extensions Priced Timed Automata
(Worst Cost Execution) Timed Games
(Time-optimal Winning Strategies) Conclusions
24
Liveness Algorithm
PassedST Unexplored
A} φ
: φ
S
Bouajjani, Tripakis, Yovine, 97
25
Liveness Algorithm
PassedST Unexplored
A} φ
: φ
= ?
26
Liveness Algorithm
PassedST Unexplored
A} φ
: φ
27
Liveness Algorithm
PassedST Unexplored
A} φ
: φ
??
28
Liveness Algorithm
PassedST Unexplored
A} φ
: φ
µ
??
29
Liveness Algorithm
PassedST Unexplored
A} φ
: φ
30
Liveness Algorithm
PassedST Unexplored
A} φ
: φ
31
Liveness Algorithm
PassedST Unexplored
A} φ
: φ
32
Outline of Talk
Simulation Graph for Timed Automata
Reduction to Reachability Analysis Parameterized Liveness Analysis Experimental Results
Extensions Priced Timed Automata
(Worst Cost Execution) Timed Games
(Time-optimal Winning Strategies) Conclusions
33
Parameterized Liveness Algorithm
PassedST Unexplored
A} φ
: φ
p
S
34
Parameterized Liveness Algorithm
PassedST Unexplored
A} φ
: φ
p
Add clock c to modelAdd global variable p
S
35
Parameterized Liveness Algorithm
PassedST Unexplored
A} φ
: φ
=π(X) ? p
36
Parameterized Liveness Algorithm
PassedST Unexplored
A} φ
: φ
p:=max(p,maxc(S))
37
Experimental Results
11 random problems. (100 Tasks, 2 Processes)
Task Graph Scheduling Train Gate
38
Outline of Talk
Simulation Graph for Timed Automata
Reduction to Reachability Analysis Parameterized Liveness Analysis Experimental Results
Extensions Priced Timed Automata
(Worst Cost Execution) Timed Games
(Time-optimal Winning Strategies) Conclusions
39
Cost-Bounded Liveness
P2 P1
P6 P3 P4
P7 P5
[10,16][2,3]
[6,6] [10,16]
[2,2] [2,8]
M = {M1,M2}
- Energy-rates C:M ! NxN
Task Graph Scheduling w Uncertainty,
FixedPrioritySch.
[2,3]cost’==1
cost’==5
40
Cost-Bounded Liveness
P2 P1
P6 P3 P4
P7 P5
[10,16][2,3]
[6,6] [10,16]
[2,2] [2,8]
M = {M1,M2}
- Energy-rates C:M ! NxN
Task Graph Scheduling w Uncertainty,
FixedPrioritySch.
[2,3]
A}cost∙ 60 ( Task1.End Æ … Æ Task7.End ) ???
cost’==1
cost’==5
41
Priced Zone
x
y
Δ4
2-1
Z
Cost x , y =2 y−x2
CAV’01
42
Reset
x
y
Δ4
21 -
Z
y:=0
2
43
Reset
x
y
Δ4
2-1
Z
y:=0
2
44
Reset
x
y
Δ4
2-1
Z
y:=0
2
45
Reset
x
y
Δ4
2-1
Z
y:=0
2
1 -1
TACAS’2005: For dual-priced TA we use dual-priced zones:
( Z, {( c1 , d1 ), … ,( ck , dk )} )characterizing ALL cost-pair by which states may be reached !
46
Controller Synthesis and Timed GamesProduction Cell
GIVEN System moves S, Controller moves C, and property φ FIND strategy sC such that sC||S ² φ
A Two-Player Game
GIVEN System moves S, Controller moves C, and property φ FIND strategy sC such that sC||S ² φ
A Two-Player Game
CONCUR 2005
47
Time Optimality Winning Strategy
1
2
3
4
x>1
x∙1
x<1
x:=0
x<1
x∙1
x¸2
Assumption:Known upper bound B-- here 5 (say)
Technique:Add new clock tAdd invariant
t∙B to all locationst unconstrained in initial state(s)
Result:
x
t
Minimum timerequired = 2
48
Experimental Results
49
Conclusion & Future Work
Improvements of algorithms: Pruning: give upper bounds on the remaining time for
reaching goal condition. Guiding: towards most expensive goal state.
Alternative algorithms for parameterized liveness: Breadth-first algorithm Forward on-the-fly algorithm
Extensions to Priced Timed Automata
Implementation in UPPAAL & UPPAAL Cora
50
END