liveness of parameterized timed networks · liveness of parameterized timed networks florian...
TRANSCRIPT
![Page 1: Liveness of Parameterized Timed Networks · Liveness of Parameterized Timed Networks Florian Zuleger Technische Universität Wien Joint work with Benjamin Aminof, Sasha Rubin, Francesco](https://reader034.vdocuments.site/reader034/viewer/2022052017/602fab90492bc832757ceeae/html5/thumbnails/1.jpg)
Liveness of Parameterized Timed Networks
Florian ZulegerTechnische Universität Wien
Joint work with Benjamin Aminof, Sasha Rubin, Francesco Spegni
![Page 2: Liveness of Parameterized Timed Networks · Liveness of Parameterized Timed Networks Florian Zuleger Technische Universität Wien Joint work with Benjamin Aminof, Sasha Rubin, Francesco](https://reader034.vdocuments.site/reader034/viewer/2022052017/602fab90492bc832757ceeae/html5/thumbnails/2.jpg)
Timed Automata - Syntax
Florian Zuleger 2TU Wien
this talk
Time is eithercontinuous or discrete.
Labeled transition system:
• finite set of states
(one initial state)
• finite set of clocks
• transitions labeled byguards and resets
• guard = comparison of aclock to a constant
p q
x = 0
y ≥ 1x := 0; y := 0
![Page 3: Liveness of Parameterized Timed Networks · Liveness of Parameterized Timed Networks Florian Zuleger Technische Universität Wien Joint work with Benjamin Aminof, Sasha Rubin, Francesco](https://reader034.vdocuments.site/reader034/viewer/2022052017/602fab90492bc832757ceeae/html5/thumbnails/3.jpg)
Timed Automata - Semantics
Florian Zuleger 3TU Wien
p q
x = 0
y ≥ 1x := 0; y := 0
px = 0y = 0
px ≥ 1y ≥ 1
qx ≥ 1y ≥ 1
qx = 0y = 0
□□
□
□
□ transitions= time passes
Alternative Representation:
• Explicit passage of time
• Clock values in states
• Finite number of clock valuesare sufficient
![Page 4: Liveness of Parameterized Timed Networks · Liveness of Parameterized Timed Networks Florian Zuleger Technische Universität Wien Joint work with Benjamin Aminof, Sasha Rubin, Francesco](https://reader034.vdocuments.site/reader034/viewer/2022052017/602fab90492bc832757ceeae/html5/thumbnails/4.jpg)
Timed Automata –Alternative Representation
Florian Zuleger 4TU Wien
s1
s2
s3
s4
□□
□
□
□ transitions= time passes
For the rest of the talk, we use thisrepresentation.
Forget aboutclocks!
![Page 5: Liveness of Parameterized Timed Networks · Liveness of Parameterized Timed Networks Florian Zuleger Technische Universität Wien Joint work with Benjamin Aminof, Sasha Rubin, Francesco](https://reader034.vdocuments.site/reader034/viewer/2022052017/602fab90492bc832757ceeae/html5/thumbnails/5.jpg)
Timed Networks
Florian Zuleger 5TU Wien
p q
□□
Timed Network = finite number of copies of thesame timed automaton+ communication via rendezvous transitions
a?
a!
p q
□□
a?a!
p q
□□
a?a!
p q
□□
a?a!
![Page 6: Liveness of Parameterized Timed Networks · Liveness of Parameterized Timed Networks Florian Zuleger Technische Universität Wien Joint work with Benjamin Aminof, Sasha Rubin, Francesco](https://reader034.vdocuments.site/reader034/viewer/2022052017/602fab90492bc832757ceeae/html5/thumbnails/6.jpg)
Timed Networks
Florian Zuleger 6TU Wien
p q
□□
a?a!
p q
□□
a?a!
p q
□□
a?a!
Communication alphabet Σ = {a!,a?} ∪ {□}
Example run:
① p
② p
③ p
① ② ③
![Page 7: Liveness of Parameterized Timed Networks · Liveness of Parameterized Timed Networks Florian Zuleger Technische Universität Wien Joint work with Benjamin Aminof, Sasha Rubin, Francesco](https://reader034.vdocuments.site/reader034/viewer/2022052017/602fab90492bc832757ceeae/html5/thumbnails/7.jpg)
Timed Networks
Florian Zuleger 7TU Wien
p q
□□
a?a!
p q
□□
a?a!
p q
□□
a?a!
Communication alphabet Σ = {a!,a?} ∪ {□}
Example run:
① p a! p
② p a? q
③ p p
① ② ③
Rendezvous transition
![Page 8: Liveness of Parameterized Timed Networks · Liveness of Parameterized Timed Networks Florian Zuleger Technische Universität Wien Joint work with Benjamin Aminof, Sasha Rubin, Francesco](https://reader034.vdocuments.site/reader034/viewer/2022052017/602fab90492bc832757ceeae/html5/thumbnails/8.jpg)
Timed Networks
Florian Zuleger 8TU Wien
p q
□□
a?a!
p q
□□
a?a!
p q
□□
a?a!
Communication alphabet Σ = {a!,a?} ∪ {□}
Example run:
① p a! p a! p
② p a? q q
③ p p a? q
① ② ③
![Page 9: Liveness of Parameterized Timed Networks · Liveness of Parameterized Timed Networks Florian Zuleger Technische Universität Wien Joint work with Benjamin Aminof, Sasha Rubin, Francesco](https://reader034.vdocuments.site/reader034/viewer/2022052017/602fab90492bc832757ceeae/html5/thumbnails/9.jpg)
Timed Networks
Florian Zuleger 9TU Wien
p q
□□
a?a!
p q
□□
a?a!
p q
□□
a?a!
Communication alphabet Σ = {a!,a?} ∪ {□}
Example run:
① p a! p a! p □ p
② p a? q q □ p
③ p p a? q □ p
① ② ③
Time passing transition
![Page 10: Liveness of Parameterized Timed Networks · Liveness of Parameterized Timed Networks Florian Zuleger Technische Universität Wien Joint work with Benjamin Aminof, Sasha Rubin, Francesco](https://reader034.vdocuments.site/reader034/viewer/2022052017/602fab90492bc832757ceeae/html5/thumbnails/10.jpg)
Timed Networks
Florian Zuleger 10TU Wien
p q
□□
a?a!
p q
□□
a?a!
p q
□□
a?a!
Communication alphabet Σ = {a!,a?} ∪ {□}
Example run:
① p a! p a! p □ p a? q
② p a? q q □ p p
③ p p a? q □ p a! p
① ② ③
![Page 11: Liveness of Parameterized Timed Networks · Liveness of Parameterized Timed Networks Florian Zuleger Technische Universität Wien Joint work with Benjamin Aminof, Sasha Rubin, Francesco](https://reader034.vdocuments.site/reader034/viewer/2022052017/602fab90492bc832757ceeae/html5/thumbnails/11.jpg)
Timed Networks
Florian Zuleger 11TU Wien
p q
□□
a?a!
p q
□□
a?a!
p q
□□
a?a!
Communication alphabet Σ = {a!,a?} ∪ {□}
Example run:
① p a! p a! p □ p a? q …
② p a? q q □ p p …
③ p p a? q □ p a! p …
① ② ③
![Page 12: Liveness of Parameterized Timed Networks · Liveness of Parameterized Timed Networks Florian Zuleger Technische Universität Wien Joint work with Benjamin Aminof, Sasha Rubin, Francesco](https://reader034.vdocuments.site/reader034/viewer/2022052017/602fab90492bc832757ceeae/html5/thumbnails/12.jpg)
Timed Networks
Florian Zuleger 12TU Wien
Communication alphabet Σ = {a!,a?} ∪ {□}
Example run:
① p a! p a! p □ p a? q …
② p a? q q □ p p …
③ p p a? q □ p a! p …
Execution of ③ in the run:
a? □ a! …execution =a sequence in Σω
![Page 13: Liveness of Parameterized Timed Networks · Liveness of Parameterized Timed Networks Florian Zuleger Technische Universität Wien Joint work with Benjamin Aminof, Sasha Rubin, Francesco](https://reader034.vdocuments.site/reader034/viewer/2022052017/602fab90492bc832757ceeae/html5/thumbnails/13.jpg)
Parameterized Model Checking
Timedautomaton A
TU Wien Florian Zuleger 13
p q
□□
a?
a! Communication alphabet Σ
Exec(An) = all executions of a timednetwork with n copies of automaton A
Exec(A) = n ≥ 0 Exec(An)
Parameterized Model Checking Problem (PMCP):Given a language L ⊆ Σω,decide Exec(A) ⊆ L?
Liveness Property
![Page 14: Liveness of Parameterized Timed Networks · Liveness of Parameterized Timed Networks Florian Zuleger Technische Universität Wien Joint work with Benjamin Aminof, Sasha Rubin, Francesco](https://reader034.vdocuments.site/reader034/viewer/2022052017/602fab90492bc832757ceeae/html5/thumbnails/14.jpg)
Timed Networkds = RB-Systems
Florian Zuleger 14TU Wien
p q
□□
a?a!
p q
□□
a?a!
p q
□□
a?a!
① p a! p a! p □ p a? q …
② p a? q q □ p p …
③ p p a? q □ p a! p …
① ② ③
RB Systems = finite automata communicating via- rendezvous transitions- symmetric broadcast transitions
![Page 15: Liveness of Parameterized Timed Networks · Liveness of Parameterized Timed Networks Florian Zuleger Technische Universität Wien Joint work with Benjamin Aminof, Sasha Rubin, Francesco](https://reader034.vdocuments.site/reader034/viewer/2022052017/602fab90492bc832757ceeae/html5/thumbnails/15.jpg)
(I) Why RB-Systems?
PMCP of liveness properties for finite automatacommunicating via (asymmetric) broadcast isundecidable (Esparza, Finkel, Mayr, LICS 1999)
Asymmetric broadcast is very powerful:
- allows to establish a controller process
- allows to simulate rendezvous transitions
Florian Zuleger 15TU Wien
p
a!!
a?? h
c
![Page 16: Liveness of Parameterized Timed Networks · Liveness of Parameterized Timed Networks Florian Zuleger Technische Universität Wien Joint work with Benjamin Aminof, Sasha Rubin, Francesco](https://reader034.vdocuments.site/reader034/viewer/2022052017/602fab90492bc832757ceeae/html5/thumbnails/16.jpg)
(II) Why RB-Systems?
PMCP of liveness properties is undecidable (Abdulla, Jonsson, TCS 2003) for timed networks with - continuous-time - a distinguished controller process - rendezvous transitions
Proof heavily relies on - time being dense - controller for coordination
Florian Zuleger 16TU Wien
![Page 17: Liveness of Parameterized Timed Networks · Liveness of Parameterized Timed Networks Florian Zuleger Technische Universität Wien Joint work with Benjamin Aminof, Sasha Rubin, Francesco](https://reader034.vdocuments.site/reader034/viewer/2022052017/602fab90492bc832757ceeae/html5/thumbnails/17.jpg)
Main Result
Theorem
Given a timed automaton A, we can compute a B-automaton B such that Exec(A) = L(B).
Florian Zuleger 17TU Wien
Corollary
PMCP is decdiable for specifications given by a BS-automaton*.
![Page 18: Liveness of Parameterized Timed Networks · Liveness of Parameterized Timed Networks Florian Zuleger Technische Universität Wien Joint work with Benjamin Aminof, Sasha Rubin, Francesco](https://reader034.vdocuments.site/reader034/viewer/2022052017/602fab90492bc832757ceeae/html5/thumbnails/18.jpg)
Main Result
Theorem
Given a timed automaton A, we can compute a B-automaton B such that Exec(A) = L(B).
Florian Zuleger 18TU Wien
Corollary
PMCP is decdiable for specifications given by a BS-automaton*.
BS-automata (Bojanczyk, Colcombet LICS 2006):- decidable emptiness
- closed under union, intersection- not closed under complement
- subclasses B- and S-automata thatare closed under complement
- strictly generalize ω-regular languages
![Page 19: Liveness of Parameterized Timed Networks · Liveness of Parameterized Timed Networks Florian Zuleger Technische Universität Wien Joint work with Benjamin Aminof, Sasha Rubin, Francesco](https://reader034.vdocuments.site/reader034/viewer/2022052017/602fab90492bc832757ceeae/html5/thumbnails/19.jpg)
Why BS-automata?
Florian Zuleger 19TU Wien
p q
□
a?
a!
□
① p a! p a! p □ p a? q …
② p a? q q □ p p …
③ p p a? q □ p a! p …
a!,a? may onlyboundedly often betaken between two □!
![Page 20: Liveness of Parameterized Timed Networks · Liveness of Parameterized Timed Networks Florian Zuleger Technische Universität Wien Joint work with Benjamin Aminof, Sasha Rubin, Francesco](https://reader034.vdocuments.site/reader034/viewer/2022052017/602fab90492bc832757ceeae/html5/thumbnails/20.jpg)
Why BS-automata?
Florian Zuleger 20TU Wien
p q
□
a?
a!
□
a!,a? may onlyboundedly often betaken between two □!
„boundedly often“ = a? □ a! a? □ a! a? □ …
there is a k ∈ N with ≤ k ≤ k ≤ k
![Page 21: Liveness of Parameterized Timed Networks · Liveness of Parameterized Timed Networks Florian Zuleger Technische Universität Wien Joint work with Benjamin Aminof, Sasha Rubin, Francesco](https://reader034.vdocuments.site/reader034/viewer/2022052017/602fab90492bc832757ceeae/html5/thumbnails/21.jpg)
Why BS-automata?
Florian Zuleger 21TU Wien
p q
□
a?
a!
□
a!,a? may onlyboundedly often betaken between two □!
„boundedly often“ = a? □ a! a? □ a! a? □ …
there is a k ∈ N with ≤ k ≤ k ≤ k
![Page 22: Liveness of Parameterized Timed Networks · Liveness of Parameterized Timed Networks Florian Zuleger Technische Universität Wien Joint work with Benjamin Aminof, Sasha Rubin, Francesco](https://reader034.vdocuments.site/reader034/viewer/2022052017/602fab90492bc832757ceeae/html5/thumbnails/22.jpg)
BS-automata
BS-automata havefinite number ofcounters
Counters can be
1) reset,
2) incremented,
3) assigned toother counters
TU Wien Florian Zuleger 22
Acceptance condition =positive boolean combination ofBüchi condition + „counter isbounded“ + „counter goes to ∞“
p q
□
a?
a!
□
c := c + 1 c := c + 1
c := 0 c := 0
„counter c isbounded“
![Page 23: Liveness of Parameterized Timed Networks · Liveness of Parameterized Timed Networks Florian Zuleger Technische Universität Wien Joint work with Benjamin Aminof, Sasha Rubin, Francesco](https://reader034.vdocuments.site/reader034/viewer/2022052017/602fab90492bc832757ceeae/html5/thumbnails/23.jpg)
4 Types of Automata Edges
Red: appears at most finitely often on anyexecution
Blue: appears infinitely times on some execution,but only finitely often on every execution with infinitely many broadcasts
Orange: appears infinitely times on some executionwith infinitely many broadcasts, but only boundedlymany times between two broadcasts
Green: otherwise
TU Wien Florian Zuleger 23
![Page 24: Liveness of Parameterized Timed Networks · Liveness of Parameterized Timed Networks Florian Zuleger Technische Universität Wien Joint work with Benjamin Aminof, Sasha Rubin, Francesco](https://reader034.vdocuments.site/reader034/viewer/2022052017/602fab90492bc832757ceeae/html5/thumbnails/24.jpg)
4 Types of Automata Edges
Red: appears at most finitely often on anyexecution
Blue: appears infinitely times on some execution,but only finitely often on every execution with infinitely many broadcasts
Orange: appears infinitely times on some executionwith infinitely many broadcasts, but only boundedlymany times between two broadcasts
Green: otherwise
TU Wien Florian Zuleger 24
![Page 25: Liveness of Parameterized Timed Networks · Liveness of Parameterized Timed Networks Florian Zuleger Technische Universität Wien Joint work with Benjamin Aminof, Sasha Rubin, Francesco](https://reader034.vdocuments.site/reader034/viewer/2022052017/602fab90492bc832757ceeae/html5/thumbnails/25.jpg)
Lasso ShapedReachability Graph
TU Wien Florian Zuleger 25
I1
P1
a?
a!
In-1
Pn-1
a?
a!□
□
□
In
Pn
a?
a!
Im
Pm
a?
a!
… …
□
□
□
□
□
□
□
□
□
initial states
states after a broadcast
states reachablevia rendezvous
![Page 26: Liveness of Parameterized Timed Networks · Liveness of Parameterized Timed Networks Florian Zuleger Technische Universität Wien Joint work with Benjamin Aminof, Sasha Rubin, Francesco](https://reader034.vdocuments.site/reader034/viewer/2022052017/602fab90492bc832757ceeae/html5/thumbnails/26.jpg)
Deciding Edge Types
TU Wien Florian Zuleger 26
I1
P1
a?
a!
In-1
Pn-1
a?
a!□
□
□
In
Pn
a?
a!
Im
Pm
a?
a!
… …
□
□
□
□
□
□
□
□
□
Essential question:Is there a cyclic run of the lasso that uses edge ?
![Page 27: Liveness of Parameterized Timed Networks · Liveness of Parameterized Timed Networks Florian Zuleger Technische Universität Wien Joint work with Benjamin Aminof, Sasha Rubin, Francesco](https://reader034.vdocuments.site/reader034/viewer/2022052017/602fab90492bc832757ceeae/html5/thumbnails/27.jpg)
Linear Program by Example
TU Wien Florian Zuleger 27
p q
□
a?
a!
□
I1 = I2 = {p}
P1 = P2 = {p,q}
variables x1,x2,y1,y2 ∈ Q forthe number of automata in state p resp. q at I1 resp. P1
x1,x2,y1,y2 ≥ 0
c ≥ 1
y1 = x1 – cy2 = x2 + c
executing rendezvoustransitions (with c ∈ Q):
executing broadcast:x1 = y1 + y2
x2 = 0
rendezvous transition istaken at least once:
![Page 28: Liveness of Parameterized Timed Networks · Liveness of Parameterized Timed Networks Florian Zuleger Technische Universität Wien Joint work with Benjamin Aminof, Sasha Rubin, Francesco](https://reader034.vdocuments.site/reader034/viewer/2022052017/602fab90492bc832757ceeae/html5/thumbnails/28.jpg)
Linear Program by Example
TU Wien Florian Zuleger 28
p q
□
a?
a!
□
I1 = I2 = {p}
P1 = P2 = {p,q}
variables x1,x2,y1,y2 ∈ Q forthe number of automata in state p resp. q at I1 resp. P1
x1,x2,y1,y2 ≥ 0
c ≥ 1
y1 = x1 – cy2 = x2 + c
executing rendezvoustransitions (with c ∈ Q):
executing broadcast:x1 = y1 + y2
x2 = 0
rendezvous transition istaken at least once:
![Page 29: Liveness of Parameterized Timed Networks · Liveness of Parameterized Timed Networks Florian Zuleger Technische Universität Wien Joint work with Benjamin Aminof, Sasha Rubin, Francesco](https://reader034.vdocuments.site/reader034/viewer/2022052017/602fab90492bc832757ceeae/html5/thumbnails/29.jpg)
Linear Programs: A ComplicationAn assignment
y = x + c1 ∙ t1 + … + cn ∙ tn
does not guarantee that there is a path from x to y, e.g.,
because coordinates can become negative.
TU Wien Florian Zuleger 29
300
=100
+ +1-11
11-1
Key Lemma:If there is a path from x ∈ Qd to y ∈ Qd, then there also is a path
such that on q the vectorcomponents with a 0 do not change
and p1, p2 are of form t1* … td* for some transitions t1, … , td.
x u v yp1 q p2
,
![Page 30: Liveness of Parameterized Timed Networks · Liveness of Parameterized Timed Networks Florian Zuleger Technische Universität Wien Joint work with Benjamin Aminof, Sasha Rubin, Francesco](https://reader034.vdocuments.site/reader034/viewer/2022052017/602fab90492bc832757ceeae/html5/thumbnails/30.jpg)
Linear Programs: A ComplicationAn assignment
y = x + c1 ∙ t1 + … + cn ∙ tn
does not guarantee that there is a path from x to y, e.g.,
because coordinates can become negative.
TU Wien Florian Zuleger 30
300
=100
+ +1-11
11-1
Key Lemma:If there is a path from x ∈ Qd to y ∈ Qd, then there also is a path
such that on q the vectorcomponents with a 0 do not change
and p1, p2 are of form t1* … td* for some transitions t1, … , td.
x u v yp1 q p2
,
![Page 31: Liveness of Parameterized Timed Networks · Liveness of Parameterized Timed Networks Florian Zuleger Technische Universität Wien Joint work with Benjamin Aminof, Sasha Rubin, Francesco](https://reader034.vdocuments.site/reader034/viewer/2022052017/602fab90492bc832757ceeae/html5/thumbnails/31.jpg)
Summary
• Decidability for liveness properties of timednetworks
• New communication primitive „symmetric broadcast“
• New proof techniques: hopefully are useful in similar settings
TU Wien Florian Zuleger 31