Qualitative Verification of Finite and Real-Time ... - Semantic Scholar

Qualitative Verification of Finite and Real-Time DEVS Networks Moon Ho Hwang Arizona Center for Integrative Modeling & Simulation [email protected], http://sites.google.com/site/moonhohwang/

March 26, 2012

Contents 1

Introduction

2

Dynamic Systems

3

Finite & Real-Time DEVS

4

Reachability Graph of FRTDEVS

5

Verification Examples

6

Conclusion

Introduction 1

Introduction

2

Dynamic Systems

3

Finite & Real-Time DEVS

4

Reachability Graph of FRTDEVS

5

Verification Demo

6

Conclusion

Introduction

Dynamic Systems

FRTDEVS

Reachability Graph

Verification Demo

Conclusion

References

References

1.1 [Q] No collision?

Figure 1: Each station has non-deterministic time for loading passengers. Check if there is no vehicle collision.

Introduction

Dynamic Systems

FRTDEVS

Reachability Graph

Verification Demo

Conclusion

References

1.2 [Q] Keep working?

Figure 2: Check if all station work (transfer vehicles) forever.

References

Introduction

Dynamic Systems

FRTDEVS

Reachability Graph

Verification Demo

Conclusion

References

References

1.3 Challenge [Q] How can we get the entire set of all possible behaviors of systems whose internal lifespan is a non-deterministic value in an interval? Table 1: Previous Works for Finiteness-based DEVS Verification[7]

ProblemsClasses Reachability Graph Safety and Liveness Time Bounds of Trajectories State Minimization †

Dynamic System FRTDEVS FDDEVS SPDEVS † NPR General [3] [4] [12], [10] [6] [4] [11] [6][9] [5] [2]

This This

NPR: The class of Non-Partial Rescheduling networks of FDDEVS in which every input event x ∈ X reschedules all subcomponents or no subcomponent.

Introduction

Dynamic Systems

FRTDEVS

Reachability Graph

Verification Demo

Conclusion

References

References

1.4 Approach

Figure 3: Class Relations: A → B denotes that A is a supper class of B.

Dynamic Systems 1

Introduction

2

Dynamic Systems

3

Finite & Real-Time DEVS

4

Reachability Graph of FRTDEVS

5

Verification Demo

6

Conclusion

Introduction

Dynamic Systems

FRTDEVS

Reachability Graph

Verification Demo

Conclusion

References

References

2.1 Segment, Trajectory, Unisveral Set of Trajectories Suppose that [tl , tu ] ⊆ T = [0, ∞) is a time interval, and Z is a set. • A segment (or piece): ω : [tl , tu ] → Z . • A trajectory: ω : [tl , tu ] → Z ∗ (where Z ∗ denotes Kleene closure of Z [1] ). • The universal set of trajectories over [tl , tu ] and Z is denoted by Ω[tl ,tu ],Z , that is the set of all trajectories over [tl , tu ] and Z Ω[tl ,tu ],Z = {ω : [tl , tu ] → Z ∗ }.

Figure 4: Trajectories

Introduction

Dynamic Systems

FRTDEVS

Reachability Graph

Verification Demo

Conclusion

References

References

2.2 Dynamic Systems A dynamic system (DS) is a structure G = (Z , Q, Q0 , QA , ∆) where • Z is a set of interface values; • Q is a set of states; • Q0 ⊆ Q is a set of initial states; • QA ⊆ Q is a set of accepting states; • ∆ ⊆ Q × Ω[tl ,tu ],Z × Q is a set of state transition trajectories that are transitive: (q, ω1 , p) ∈ ∆ and (p, ω2 , q 0 ) ∈ ∆ ⇒ (q, ω1 ω2 , q 0 ) ∈ ∆

(1)

where (q, ω, q 0 ) ∈ ∆ means that the state q can reach to the state q 0 along with ω. 

Introduction

Dynamic Systems

FRTDEVS

Reachability Graph

Verification Demo

Conclusion

References

References

2.3 Languages of Dynamic Systems Suppose G = (Z , Q, Q0 , QA , ∆) is a DS. Then t-length observation language of G is denoted by L(G , t), and defined L(G , t) = {ω ∈ Ω[0,t],Z : ∃(q0 , ω, q) ∈ ∆, q0 ∈ Q0 , q ∈ QA }. (2) The infinite length observation language of G is denoted by L(G , ∞), and defined L(G , ∞) = {ω ∈ lim Ω[0,t],Z : {q : (q0 , ω, q) ∈ ∆, q0 ∈ Q0 } ⊆ QA }} t→∞

(3)

Figure 5: (a) L(G , t), (b) L(G , ∞)

Finite & Real-Time DEVS 1

Introduction

2

Dynamic Systems

3

Finite & Real-Time DEVS

4

Reachability Graph of FRTDEVS

5

Verification Demo

6

Conclusion

Introduction

Dynamic Systems

FRTDEVS

Reachability Graph

Verification Demo

Conclusion

References

References

3.1 Structure of Finite & Real-Time DEVS An atomic FRTDEVS model is given by the 7-tuple M = (X , Y , S, s0 , τ, δx , δy ) where • X and Y are the set of finite input events and the set of finite output events, respectively;• S is the set of finite states with which a state variable s ∈ S is piecewise constant; • s0 ∈ S is the initial state variable; • τ : S → Q∞ × Q∞ is the time advance function; • δx : S × X → B × S is the external transition function where B = {0, 1}. • δy : S → Y φ × S is the output and internal transition function where Y φ = Y ∪ {φ} and φ 6∈ Y is a silent event or an unobservable event. 

Introduction

Dynamic Systems

FRTDEVS

Reachability Graph

Verification Demo

Conclusion

References

References

3.2 Behavior of atomic FRTDEVS model An atomic FRTDEVS model M = (X , Y , S, s0 , τ, δx , δy ) is a DS G (M) = (Z , Q, Q0 , QA , ∆) such that Z = X ∪ Z φ . The set of states Q = QA ∪ QN where QA = {(s, σ, e) : s ∈ S, σ ∈ T∞ , e ∈ [0, σ] ∩ T} is the set of accepting states, σ is the life span (piecewise constant), e is the elapsed time (piecewise linear); and QN = {¯s 6∈ QA } is the set of non-accepting states where ¯s is piecewise constant. The set of initial states Q0 = {(s0 , σ, 0) : σ ∈ τ (s0 )}. The set of state trajectory ∆ ⊆ Q × ΩT,Z × Q is defined in two cases of q ∈ QN and q ∈ QA . If q = ¯s ∈ QN , for any event segment ω ∈ ΩT,Z , (q, ω, q) ∈ ∆, i.e. nothing changes for q ∈ QN .

Introduction

Dynamic Systems

FRTDEVS

Reachability Graph

Verification Demo

Conclusion

References

References

3.2 Behavior of atomic FRTDEVS model For the case of q = (s, σ, e) ∈ QA at time t ∈ T, ∆ is defined by three event segments as follows. (1) If the unit segment ω = [t,t+dt] is a null segment, the time passage trajectory is (q, ω, (s, σ, e + dt)) ∈ ∆. (2) If the unit segment ω = (t, x) is a timed input event. Then the state transition is (q, ω, (s 0 , σ 0 , 0)) ∈ ∆ if δx (s, x) = (1, s 0 ), σ 0 ∈ τ (s 0 ) (q, ω, (s 0 , σ, e)) ∈ ∆ if δx (s, x) = (0, s 0 )

(4)

(q, ω, (¯s , σ, e)) ∈ ∆ otherwise (3) If the unit segment ω = (t, y ) is a timed output event y ∈ Y φ , the state transition is (q, ω, (s 0 , σ 0 , 0)) ∈ ∆ if e = σ, δy (s) = (y , s 0 ), σ 0 ∈ τ (s 0 ) (q, ω, ¯s ) ∈ ∆ otherwise.

(5)

Introduction

Dynamic Systems

FRTDEVS

Reachability Graph

Verification Demo

Conclusion

References

References

3.3 FRTDEVS Network A coupled FRTDEVS mode or FRTDEVS network is N = (X , Y , D, {Mi }, Cxx , Cyx , Cyy ) where • X , Y , D are the finite sets of input events, output events, and subcomponent name set. S • Mi is an atomic model S FRTDEVS S for each i ∈ D. • Cxx ⊆ X × Xi , Cyx ⊆ Yi × Xi , i∈D i∈D i∈D S Cyy ⊆ Yi → Y are the input coupling set, the internal coupling i∈D

set, and the output coupling function, respectively  The FRTDEVS network is a subclass of DS. For more details, refer to [8].

Reachability Graph of FRTDEVS 1

Introduction

2

Dynamic Systems

3

Finite & Real-Time DEVS

4

Reachability Graph of FRTDEVS

5

Verification Demo

6

Conclusion

Introduction

Dynamic Systems

FRTDEVS

Reachability Graph

Verification Demo

Conclusion

References

References

4.1 Reachability Graph of FRTDEVS Network The reachability graph R(N) of a FRTDEVS network, N, is given by a labeled graph R(N) = (Z , V , V0 , E ) where •Z = X ∪ Y φ is a set of triggering events; •V is a finite set of vertices such that for a vertex v ∈ V , disc(v ) = (. . . , si , tsi , . . .) is a composite variable of state si and lifespan interval tsi for V d(i, j); •V0 ⊆ V is a i ∈ D, and the time zone tzone(v ) = i,j∈D 0 2D × V

set of initial vertices; •E ⊆ V × Z × is a set of transition relations where (v , z, DR , v 0 ) ∈ E denotes that the discrete state disc(v ) changes to disc(v 0 ) by an event z ∈ Z together with resetting ei for i ∈ DR ⊆ D. 

Introduction

Dynamic Systems

FRTDEVS

Reachability Graph

Verification Demo

Conclusion

References

References

4.2 Reachability Example

Figure 6:

(a) A Coupled FRTDEVS N, (b) The reachability graph R(N), (c) & (d) time zone computations

Introduction

Dynamic Systems

FRTDEVS

Reachability Graph

Verification Demo

Conclusion

References

References

4.3 Generating Algorithm of Reachability Graph

ReachabilityGraph(N, ↑ G )

1: 2:

WhenReceive-z(N, v , z, DR , vn , ↑ VT , ↑ G )

(s,t) := (. . . , (s0i , τi (s0i )), . . .); V v0 := ((s,t), ϕ0 ) where ϕ0 := S(

[0, 0], t);

i,j∈D 0

3: VT := ∅; Add v0 to G .V and VT ; 4: while VT 6= ∅ do 5: v := ((. . . , (si , tsi ), . . .), ϕ) := pop front(VT ); 6: for all x ∈ X do 7: vn := copy(v ); 8: WhenReceive-z(N, vn , x, ∅, vn , VT , G ); 9: end for 10: for all i ∈ D do 11: if tzone(v )[i] ∩ tsi 6= ∅ then 12: vn := copy(v ); 13: Enabler(i, tsi , tzone(vn )); 14: δyi (si ) := (y , si0 ); 15: disc(vn )[i] := (si0 , τi (si0 )); 16: DR := ∅; Add i to DR ; 17: WhenReceive-z(N, v , y , DR , vn , VT , G ); 18: end if 19: end for 20: end while

1: for all (z, xi ) ∈ Cyx or (z, xi ) ∈ Cxx do 2: δx,i (si , xi ) := (ρ, si0 ); 3: if ρ = 1 then 4: disc(vn )[i] := (si0 , τi (si0 )); 5: Add i to DR ; 6: else 7: disc(vn )[i] := (si0 , tsi ); 8: end if 9: end for 10: if DR 6= ∅ or disc(v ) 6= disc(vn ) then 11: For each i ∈ D if tsi = ∞ then add i to DR ; 12: Successor(tzone(vn ), DR , schedule(vn )); 13: if @v 0 ∈ G .V s.t. vn = v 0 then 14: Add vn to G .V and VT ; 15: if x ∈ X then 16: Add (v , z, DR , vn ) to G .E ; 17: else 18: Add (v , Cyy (z), DR , vn ) to G .E ; 19: end if 20: end if

Introduction

Dynamic Systems

FRTDEVS

Reachability Graph

Verification Demo

Conclusion

References

4.4 Significance of Reachability Graph Theorem 1 (Behavioral Isomorphism) The behaviors of an FRTDEVS network N and its reachability graph R(N) are identical, i.e. L(N) = L(R(N)). Proof: there exists an isomorphism from N to R(N). [8].

Figure 7: Isomorphism f from G to G 0 .

References

Verification 1

Introduction

2

Dynamic Systems

3

Finite & Real-Time DEVS

4

Reachability Graph of FRTDEVS

5

Verification Demo

6

Conclusion

Introduction

Dynamic Systems

FRTDEVS

Reachability Graph

Verification Demo

Conclusion

References

References

5.1 X SY • X SY is an Python open source for Modeling, Simulation and

Verification. • developers group:

http://groups.google.com/group/xsy-developers • users groups:

http://groups.google.com/group/xsy-users • source repository: https://gitorious.org/xsy

Introduction

Dynamic Systems

FRTDEVS

Reachability Graph

Verification Demo

Conclusion

References

References

5.2 Safety and Liveness of Dynamic Systems [7] Suppose G = (Z , Q, Q0 , QA , ∆) is a DS, and QB ⊆ Q is the set of bad states. Then the bad behaviors of G in terms of QB is L(G , QB ) = {ω ∈ L(G , t) : ∃(q0 , ω, q) ∈ ∆, q0 ∈ Q0 , q ∈ QB }. The DS G is said to be safe if L(G , QB ) = ∅. Let QG be the set of good states. Then the live behavior of G in terms of QG is

L∞ (G , QG ) = {ω ∈ L(G , ∞) : QG ⊆ {q ∈ QA : (q0 , ω, q) ∈ ∆, q0 ∈ Q0 }} The DS G is said to be alive if L∞ (G , QG ) 6= ∅.

Figure 8: (a) G is safe if L(G , QB ) = ∅, (b) G is alive if L∞ (G , QG ) 6= ∅

Introduction

Dynamic Systems

FRTDEVS

Reachability Graph

Verification Demo

Conclusion

References

References

5.3 Liveness of Ping Pong

Figure 9:

(a) A Coupled FRTDEVS N, (b) The reachability graph R(N).

If the set of good states is QG = {v ∈ SC (QA ) : ∃ : q, q 0 ∈ v : disc(q)[i] = W, disc(q)[i] = S, ∀i ∈ {A, B}}, then the Ping-Pong model is a live because L∞ (PingPong,QG ) 6= ∅.

Introduction

Dynamic Systems

FRTDEVS

Reachability Graph

Verification Demo

Conclusion

References

References

5.4 Safety of Monorail System The each station is a FRTDEVS because he loading time lt = [20, 22] for odd numbered stations, lt = [40, 42] for even numbered stations.

Figure 10: The system is unsafe if there is a station that reaches the state ’C’.

Introduction

Dynamic Systems

FRTDEVS

Reachability Graph

Verification Demo

Conclusion

References

References

5.5 Liveness of Monorail System

Figure 11:

The system is alive if every station can works forever, in other words, moves around states ’E’ and ’S’. Formally, QG = {v ∈ SC (QA ) : ∃ : q, q 0 ∈ v : disc(q)[i] = E, disc(q)[i] = S, ∀i ∈ {ST1 , . . . , STn }}, L∞ (N, QG ) 6= ∅.

Conclusion 1

Introduction

2

Dynamic Systems

3

Finite & Real-Time DEVS

4

Reachability Graph of FRTDEVS

5

Verification Demo

6

Conclusion

Introduction

Dynamic Systems

FRTDEVS

Reachability Graph

Verification Demo

Conclusion

References

References

6.1 Summary • There is an algorithm to generate a finite reachability graph

R(N) from a give FRTDEVS network N. • The behaviors of N and R(N) are identical, i.e.

L(N) = L(R(N)). • Since the number of vertices of the reachability graph R(N) is

finite, we can check safety and liveness of an FRTDEVS network N. • The worst case complexity of the proposed algorithm to

generating reachability graph R(N) is O(R(N)) ≥ mn where (max|Si |2 ) = m and |D| = n, which is exponential to m i∈D

and n.

Introduction

Dynamic Systems

FRTDEVS

Reachability Graph

Verification Demo

Conclusion

6.2 Future Work • Computation of time bounds for reaching states. • Reduction of reachability complexity • Reachability of Finite & Stochastic DEVS.

Figure 12:

Thanks! Questions?

What is the possibility to be alive for each fighter?

References

References

Introduction

Dynamic Systems

FRTDEVS

Reachability Graph

Verification Demo

Conclusion

References

References

References I [1] J. E. Hopcroft, R. Motwani, and J. D. Ullman. Introduction to Automata Theory, Languages, and Computation. Addison Wesley, second edition, 2000. [2] Moon H. Hwang and F. Lin. State Minimization of SP-DEVS. In Tag Gon Kim, editor, AIS: Artificial Intelligence and Simulation, 13th International Conference on AI, Simulation, and Planning in High Autonomy Systems, AIS 2004, Jeju Island, Korea, October 4-6, 2004, Revised Selected Papers, volume 3397 of Lecture Notes in Computer Science. Springer, 2005. [3] Moon Ho Hwang. Generating Behavior Model of Coupled SP-DEVS. In Proceedings of 2005 DEVS Symposium, pages 90–97, San Diego, CA, April 2005. SCS. [4] Moon Ho Hwang. Generating Finite-State Behavior of Reconfigurable Automation Systems: DEVS Approach. In Proceed. of 2005 IEEE-CASE, Edmonton,Canada, 2005. IEEE.

Introduction

Dynamic Systems

FRTDEVS

Reachability Graph

Verification Demo

Conclusion

References

References

References II [5] Moon Ho Hwang. Qunatitative Verification of Reconfigurable Automation Systems:DEVS Approach. In Technical Report:2005-01, http://sites.google.com/site/moonhohwang/publications, May 2005. ECE Dept., Wayne State University. [6] Moon Ho Hwang. Tutorial: Verification of Real-time System Based on Schedule-Preserved DEVS. In Proceedings of 2005 Spring Simulation Multi-Conference: Proceedings of 2005 DEVS Symposium, San Diego, CA, Apr. 2005. SCS. [7] Moon Ho Hwang. DEVS Theory of System Verification. Technical Report 2012-1, ACIMS, 2012. [8] Moon Ho Hwang. Qualitative Verification of Finite Real-Time DEVS Networks. In Proceedings of the 2012 Symposium on Theory of Modeling & Simulation: DEVS Integrative M&S Symposium, submitted, available at https://sites.google.com/site/moonhohwang/publications, 2012.

Introduction

Dynamic Systems

FRTDEVS

Reachability Graph

Verification Demo

Conclusion

References

References

References III [9] Moon Ho Hwang, Su Kyeong Cho, Bernard P. Zeigler, and Feng Lin. Processing Time Bounds of Schedule-Preserving DEVS. ACIM Thechnical Report 2007-H1, 2007. http://sites.google.com/site/moonhohwang/publications. [10] Moon Ho Hwang and Bearnard P. Zeigler. Reachability Graph of Finite & Deterministic DEVS Networks. IEEE Trans. on Automation Science and Engineering, 6(3):454–476, 2009. [11] Moon Ho Hwang and Bernard P. Zeigler. A Modular Verification Framework using Finite & Deterministic DEVS. In Proceedings of 2006 Spring Simulation Multi-Conference: Proceedings of 2006 DEVS Symposium, pages 57–65, Huntsville, AL, Apr. 2-8 2006. SCS. [12] Moon Ho Hwang and Bernard P. Zeigler. A Reachable Graph of Finite and Deterministic DEVS Networks. In Proceedings of 2006 Spring Simulation Multi-Conference: Proceedings of 2006 DEVS Symposium, pages 48–56, Huntsville, AL, Apr. 2-8 2006. SCS.