Timed Automata Formal Systems Pallab Dasgupta Professor, Dept. of Computer Sc & Engg INDIAN INSTITUTE OF TECHNOLOGY KHARAGPUR

Simple Light Control Press Off Light Bright Press Press Press WANT: if press is issued twice quickly then the light will get brighter; otherwise the light is turned off. The source of some of these slides are from Prof. Rajeev Alur’s presentations

Simple Light Control Solution: Add a real-valued clock x Press Off x:=0 Light Bright Press Press x<=3 x>3 Press Solution: Add a real-valued clock x Adding continuous variables to state machines

Timed Automata Clocks: x, y State Guard Boolean combination of comparisons with Integer/rational bounds n Reset Action performed on clocks Action used for synchronization x<=5 & y>3 State ( location , x=v , y=u ) where v,u are in R a x := 0 Transitions ( n , x=2.4 , y=3.1415 ) ( m , x=0 , y=3.1415 ) a m ( n , x=2.4 , y=3.1415 ) ( n , x=3.5 , y=4.2415 ) wait(1.1)

Adding Invariants Clocks: x, y Transitions ( n , x=2.4 , y=3.1415 ) wait(3.2) Location Invariants ( n , x=2.4 , y=3.1415 ) a wait(1.1) ( n , x=2.4 , y=3.1415 ) ( n , x=3.5 , y=4.2415 ) x := 0 m y<=10 g4 g1 g3 Invariants ensure progress!! g2

Timed Automata: Syntax A finite set V of locations A subset V0 of initial locations A finite set S of labels (alphabet) A finite set X of clocks Invariant Inv(l) for each location: (clock constraint over X) A finite set E of edges. Each edge has source location l, target location l’ label a in S (e labels also allowed) guard g (a clock constraint over X) a subset I of clocks to be reset

Timed Automata: Semantics For a timed automaton A, define an infinite-state transition system S(A) States Q: a state q is a pair (l,v), where l is a location, and η is a clock vector, mapping clocks in X to R, satisfying Inv(l) (l,v) is initial state if l is in V0 and η(x)=0 Elapse of time transitions: for each nonnegative real number d, (l, η) →(l, η+d) if both η and η+d satisfy Inv(l) Location switch transitions: (l, η) → (l’, η’) if there is an edge (l,a,g,l,l’) such that η satisfies g and η’= η[l:=0] d a

Product Construction C D y<4 A B x<4 AC BC x<4 AD y<4 e f g g C D y<4 y:=0 y>3 f f| f,y:=0 A B x<4 x:=0 x>3 e f e | e,x:=0 AC BC x<4 x:=0 x>3 e f, y:=0 e| e,x:=0 AD y<4 y>3 g BD x>3, f| x>3, f,y:=0 e, x:=0

Timed Automata Model of a small Jobshop Must rest for at least 5 mins Cant work for more than 60 minutes x  10 x  60 y  4 Rest Work hit start done x  5 x  40 y  1 x := 0 y := 0 Cant rest for more than 10 mins At least one nail every 4 minutes At most one nail every minute Must work for at least 40 minutes

Verification System modeled as a product of timed automata Verification problem reduced to reachability or to temporal logic model checking Applications Real-time controllers Asynchronous timed circuits Scheduling Distributed timing-based algorithms