Liveness in Timed and Untimed Systems

AbstractWhen proving the correctness of algorithms in distributed systems, one generally considerssafetyconditions andlivenessconditions. The Input/Output (I/O) automaton model and its timed version have been used successfully, but have focused on safety conditions and on a restricted form of liveness called fairness. In this paper we develop a new I/O automaton model, and a new timed I/O automaton model, that permit the verification of general liveness properties on the basis of existing verification techniques. Our models include a notion ofreceptivenesswhich extends the idea ofreceptivenessof other existing formalisms, and enables the use of compositional verification techniques. The presentation includes anembeddingof the untimed model into the timed model which preserves all the interesting attributes of the untimed model. Thus, our models constitute acoordinated frameworkfor the description of concurrent and distributed systems satisfying general liveness properties

Schedulability analysis of timed CSP models using the PAT model checker

Timed CSP can be used to model and analyse real-time and concurrent behaviour of embedded control systems. Practical CSP implementations combine the CSP model of a real-time control system with prioritized scheduling to achieve efficient and orderly use of limited resources. Schedulability analysis of a timed CSP model of a system with respect to a scheduling scheme and a particular execution platform is important to ensure that the system design satisfies its timing requirements. In this paper, we propose a framework to analyse schedulability of CSP-based designs for non-preemptive fixed-priority multiprocessor scheduling. The framework is based on the PAT model checker and the analysis is done with dense-time model checking on timed CSP models. We also provide a schedulability analysis workflow to construct and analyse, using the proposed framework, a timed CSP model with scheduling from an initial untimed CSP model without scheduling. We demonstrate our schedulability analysis workflow on a case study of control software design for a mobile robot. The proposed approach provides non-pessimistic schedulability results

The Power of Proofs: New Algorithms for Timed Automata Model Checking (with Appendix)

This paper presents the first model-checking algorithm for an expressive modal mu-calculus over timed automata, $L^{\mathit{rel}, \mathit{af}}_{\nu,\mu}$, and reports performance results for an implementation. This mu-calculus contains extended time-modality operators and can express all of TCTL. Our algorithmic approach uses an "on-the-fly" strategy based on proof search as a means of ensuring high performance for both positive and negative answers to model-checking questions. In particular, a set of proof rules for solving model-checking problems are given and proved sound and complete; we encode our algorithm in these proof rules and model-check a property by constructing a proof (or showing none exists) using these rules. One noteworthy aspect of our technique is that we show that verification performance can be improved with \emph{derived rules}, whose correctness can be inferred from the more primitive rules on which they are based. In this paper, we give the basic proof rules underlying our method, describe derived proof rules to improve performance, and compare our implementation of this model checker to the UPPAAL tool.Comment: This is the preprint of the FORMATS 2014 paper, but this is the full version, containing the Appendix. The final publication is published from Springer, and is available at http://link.springer.com/chapter/10.1007%2F978-3-319-10512-3_9 on the Springer webpag

Dense-Timed Petri Nets: Checking Zenoness, Token liveness and Boundedness

We consider Dense-Timed Petri Nets (TPN), an extension of Petri nets in which each token is equipped with a real-valued clock and where the semantics is lazy (i.e., enabled transitions need not fire; time can pass and disable transitions). We consider the following verification problems for TPNs. (i) Zenoness: whether there exists a zeno-computation from a given marking, i.e., an infinite computation which takes only a finite amount of time. We show decidability of zenoness for TPNs, thus solving an open problem from [Escrig et al.]. Furthermore, the related question if there exist arbitrarily fast computations from a given marking is also decidable. On the other hand, universal zenoness, i.e., the question if all infinite computations from a given marking are zeno, is undecidable. (ii) Token liveness: whether a token is alive in a marking, i.e., whether there is a computation from the marking which eventually consumes the token. We show decidability of the problem by reducing it to the coverability problem, which is decidable for TPNs. (iii) Boundedness: whether the size of the reachable markings is bounded. We consider two versions of the problem; namely semantic boundedness where only live tokens are taken into consideration in the markings, and syntactic boundedness where also dead tokens are considered. We show undecidability of semantic boundedness, while we prove that syntactic boundedness is decidable through an extension of the Karp-Miller algorithm.Comment: 61 pages, 18 figure

Timed Multiparty Session Types

We propose a typing theory, based on multiparty session types, for modular verification of real-time choreographic interactions. To model real-time implementations, we introduce a simple calculus with delays and a decidable static proof system. The proof system ensures type safety and time-error freedom, namely processes respect the prescribed timing and causalities between interactions. A decidable condition on timed global types guarantees time-progress for validated processes with delays, and gives a sound and complete characterisation of a new class of CTAs with general topologies that enjoys progress and liveness

Fluidization of Petri nets to improve the analysis of Discrete Event Systems

Las Redes de Petri (RdP) son un formalismo ampliamente aceptado para el modelado y análisis de Sistemas de Eventos Discretos (SED). Por ejemplo sistemas de manufactura, de logística, de tráfico, redes informáticas, servicios web, redes de comunicación, procesos bioquímicos, etc. Como otros formalismos, las redes de Petri sufren del problema de la ¿explosión de estados¿, en el cual el número de estados crece explosivamente respecto de la carga del sistema, haciendo intratables algunas técnicas de análisis basadas en la enumeración de estados. La fluidificación de las redes de Petri trata de superar este problema, pasando de las RdP discretas (en las que los disparos de las transiciones y los marcados de los lugares son cantidades enteras no negativas) a las RdP continuas (en las que los disparos de las transiciones, y por lo tanto los marcados se definen en los reales). Las RdP continuas disponen de técnicas de análisis más eficientes que las discretas. Sin embargo, como toda relajación, la fluidificación supone el detrimento de la fidelidad, dando lugar a la pérdida de propiedades cualitativas o cuantitativas de la red de Petri original. El objetivo principal de esta tesis es mejorar el proceso de fluidificación de las RdP, obteniendo un formalismo continuo (o al menos parcialmente) que evite el problema de la explosión de estados, mientras aproxime adecuadamente la RdP discreta. Además, esta tesis considera no solo el proceso de fluidificación sino también el formalismo de las RdP continuas en sí mismo, estudiando la complejidad computacional de comprobar algunas propiedades. En primer lugar, se establecen las diferencias que aparecen entre las RdP discretas y continuas, y se proponen algunas transformaciones sobre la red discreta que mejorarán la red continua resultante. En segundo lugar, se examina el proceso de fluidificación de las RdP autónomas (i.e., sin ninguna interpretación temporal), y se establecen ciertas condiciones bajo las cuales la RdP continua preserva determinadas propiedades cualitativas de la RdP discreta: limitación, ausencia de bloqueos, vivacidad, etc. En tercer lugar, se contribuye al estudio de la decidibilidad y la complejidad computacional de algunas propiedades comunes de la RdP continua autónoma. En cuarto lugar, se considera el proceso de fluidificación de las RdP temporizadas. Se proponen algunas técnicas para preservar ciertas propiedades cuantitativas de las RdP discretas estocásticas por las RdP continuas temporizadas. Por último, se propone un nuevo formalismo, en el cual el disparo de las transiciones se adapta a la carga del sistema, combinando disparos discretos y continuos, dando lugar a las Redes de Petri híbridas adaptativas. Las RdP híbridas adaptativas suponen un marco conceptual para la fluidificación parcial o total de las Redes de Petri, que engloba a las redes de Petri discretas, continuas e híbridas. En general, permite preservar propiedades de la RdP original, evitando el problema de la explosión de estados

Forward and backward simulations II. Timing-based systems

AbstractA general automaton model for timing-based systems is presented and is used as the context for developing a variety of simulation proof techniques for such systems. These techniques include (1) refinements, (2) forward and backward simulations, (3) hybrid forward–backward and backward–forward simulations, and (4) history and prophecy relations. Relationships between the different types of simulations, as well as soundness and completeness results, are stated and proved. These results are (with one exception) analogous to the results for untimed systems in Part I of this paper. In fact, many of the results for the timed case are obtained as consequences of the analogous results for the untimed case