Symbolic Computation of Nonblocking Control Function for Timed Discrete Event Systems

In this paper, we symbolically compute a minimally restrictive nonblocking supervisor for timed discrete event systems, in the supervisory control theory context. The method is based on Timed Extended Finite Automata, which is an augmentation of extended finite automata (EFAs) by incorporating discrete time into the model. EFAs are ordinary automaton extended with discrete variables, guard expressions and action functions. To tackle large problems all computations are based on binary decision diagrams (BDDs). The main feature of this approach is that the BDD-based fixed-point computations is not based on “tick” models that have been commonly used in this area, leading to better performance in many cases. As a case study, we effectively computed the minimally restrictive nonblocking supervisor for a well-known production cell

Proceedings of SUMo and CompoNet 2011

International audienc

Symbolic Supervisory Control of Timed Discrete Event Systems

With the increasing complexity of computer systems, it is crucial to have efficient design of correct and well-functioning hardware and software systems. To this end, it is often desired to control the behavior of systems to possess some desired properties. A specific class of systems is called discrete event systems (DES). DES deal with `discrete' quantities, e.g., ``number of robots in a manufacturing cell'', and their processes are driven by instantaneous `events', e.g., ``start of a machine''. In this thesis, the focus is on DES and an extension of such systems, which also considers the time points at which the events may occur, called \emph{timed DES (TDES)}. Real-time applications such as communication networks, manufacturing facilities, or the execution of a computer program, can be considered into TDES. Having a DES or TDES, with some given specifications, by utilizing a well-known mathematical framework, called supervisory control theory (SCT), it is possible to automatically generate a supervisor that restricts the system's behavior towards the specifications, only when it is necessary. Applying the SCT to large and complex systems, typically follows with some issues, concerning computational complexity and modeling aspects, which is tackled in this thesis. We model DES by extended finite automata (EFAs), state transition models that contain discrete-valued variables. TDES are modeled by an augmentation of EFAs, called timed EFAs (TEFAs), which contain a set of discrete-valued clocks. Based on EFAs or TEFAs, the supervisor can be symbolically computed, using binary decision diagrams (BDDs), data structures that could, in many cases, lead to smaller representation of the state space. For complex systems, the computed supervisor may consist of many states, causing representation and implementation difficulties. To tackle this, based on the states of the supervisor, we symbolically compute logical constraints that will be attached to the original models to restrict the system's behavior. Consequently, we present a framework, where given a set of EFAs or TEFAs, the supervisor is computed using BDDs, and represented in a modular manner based on the computed logical constraints. The framework has been developed, implemented, and applied to industrial case studies

Zone-based verification of timed automata: extrapolations, simulations and what next?

Timed automata have been introduced by Rajeev Alur and David Dill in the early 90's. In the last decades, timed automata have become the de facto model for the verification of real-time systems. Algorithms for timed automata are based on the traversal of their state-space using zones as a symbolic representation. Since the state-space is infinite, termination relies on finite abstractions that yield a finite representation of the reachable states. The first solution to get finite abstractions was based on extrapolations of zones, and has been implemented in the industry-strength tool Uppaal. A different approach based on simulations between zones has emerged in the last ten years, and has been implemented in the fully open source tool TChecker. The simulation-based approach has led to new efficient algorithms for reachability and liveness in timed automata, and has also been extended to richer models like weighted timed automata, and timed automata with diagonal constraints and updates. In this article, we survey the extrapolation and simulation techniques, and discuss some open challenges for the future.Comment: Invited contribution at FORMATS'2

Towards faster numerical solution of Continuous Time Markov Chains stored by symbolic data structures

This work considers different aspects of model-based performance- and dependability analysis. This research area analyses systems (e.g. computer-, telecommunication- or production-systems) in order to quantify their performance and reliability. Such an analysis can be carried out already in the planning phase, without a physically existing system. All aspects treated in this work are based on finite state spaces (i.e. the models only have finitely many states) and a representation of the state graphs by Multi-Terminal Binary Decision Diagrams (MTBDDs). Currently, there are many tools that transform high-level model specifications (e.g. process algebra or Petri-Net) to low-level models (e.g. Markov chains). Markov chains can be represented by sparse matrices. For complex models very large state spaces may occur (this phenomenon is called state space explosion in the literature) and accordingly very large matrices representing the state graphs. The problem of building the model from the specification and storing the state graph can be regarded as solved: There are heuristics for compactly storing the state graph by MTBDD or Kronecker data structure and there are efficient algorithms for the model generation and functional analysis. For the quantitative analysis there are still problems due to the size of the underlying state space. This work provides some methods to alleviate the problems in case of MTBDD-based storage of the state graph. It is threefold: 1. For the generation of smaller state graphs in the model generation phase (which usually are easier to solve) a symbolic elimination algorithm is developed. 2. For the calculation of steady-state probabilities of Markov chains a multilevel algorithm is developed which allows for faster solutions. 3. For calculating the most probable paths in a state graph, the mean time to the first failure of a system and related measures, a path-based solver is developed

Verification of real-time systems : improving tool support

We address a number of limitations of Timed Automata and real-time model-checkers, which undermine the reliability of formal verification. In particular, we focus on the model-checker Uppaal as a representative of this technology. Timelocks and Zeno runs represent anomalous behaviours in a timed automaton, and may invalidate the verification of safety and liveness properties. Currently, model-checkers do not offer adequate support to prevent or detect such behaviours. In response, we develop new methods to guarantee timelock-freedom and absence of Zeno runs, which improve and complement the existent support. We implement these methods in a tool to check Uppaal specifications. The requirements language of model-checkers is not well suited to express sequence and iteration of events, or past computations. As a result, validation problems may arise during verification (i.e., the property that we verify may not accurately reflect the intended requirement). We study the logic PITL, a rich propositional subset of Interval Temporal Logic, where these requirements can be more intuitively expressed than in model-checkers. However, PITL has a decision procedure with a worst-case non-elementary complexity, which has hampered the development of efficient tool support. To address this problem, we propose (and implement) a translation from PITL to the second-order logic WS1S, for which an efficient decision procedure is provided by the tool MONA. Thanks to the many optimisations included in MONA, we obtain an efficient decision procedure for PITL, despite its non-elementary complexity. Data variables in model-checkers are restricted to bounded domains, in order to obtain fully automatic verification. However, this may be too restrictive for certain kinds of specifications (e.g., when we need to reason about unbounded buffers). In response, we develop the theory of Discrete Timed Automata as an alternative formalism for real-time systems. In Discrete Timed Automata, WS1S is used as the assertion language, which enables MONA to assist invariance proofs. Furthermore, the semantics of urgency and synchronisation adopted in Discrete Timed Automata guarantee, by construction, that specifications are free from a large class of timelocks. Thus, we argue that well-timed specifications are easier to obtain in Discrete Timed Automata than in Timed Automata and most other notations for real-time systems.EThOS - Electronic Theses Online ServiceGBUnited Kingdo

Verification of real-time systems: improving tool support

We address a number of limitations of Timed Automata and real-time model-checkers, which undermine the reliability of formal verification. In particular, we focus on the model-checker Uppaal as a representative of this technology. Timelocks and Zeno runs represent anomalous behaviours in a timed automaton, and may invalidate the verification of safety and liveness properties. Currently, model-checkers do not offer adequate support to prevent or detect such behaviours. In response, we develop new methods to guarantee timelock-freedom and absence of Zeno runs, which improve and complement the existent support. We implement these methods in a tool to check Uppaal specifications. The requirements language of model-checkers is not well suited to express sequence and iteration of events, or past computations. As a result, validation problems may arise during verification (i.e., the property that we verify may not accurately reflect the intended requirement). We study the logic PITL, a rich propositional subset of Interval Temporal Logic, where these requirements can be more intuitively expressed than in model-checkers. However, PITL has a decision procedure with a worst-case non-elementary complexity, which has hampered the development of efficient tool support. To address this problem, we propose (and implement) a translation from PITL to the second-order logic WS1S, for which an efficient decision procedure is provided by the tool MONA. Thanks to the many optimisations included in MONA, we obtain an efficient decision procedure for PITL, despite its non-elementary complexity. Data variables in model-checkers are restricted to bounded domains, in order to obtain fully automatic verification. However, this may be too restrictive for certain kinds of specifications (e.g., when we need to reason about unbounded buffers). In response, we develop the theory of Discrete Timed Automata as an alternative formalism for real-time systems. In Discrete Timed Automata, WS1S is used as the assertion language, which enables MONA to assist invariance proofs. Furthermore, the semantics of urgency and synchronisation adopted in Discrete Timed Automata guarantee, by construction, that specifications are free from a large class of timelocks. Thus, we argue that well-timed specifications are easier to obtain in Discrete Timed Automata than in Timed Automata and most other notations for real-time systems