Reachability, Schedulability and Optimality Ansgar Fehnker June 3

Outline Timed automata a la Uppaal From Reachability to Schedulability LPTAs Priced regions and operations Algorithm Termination Priced Zones Verification vs. Optimization Guiding and Bounding examples

Timed Automata Network of Automata Synchronization (CCS-like) a! a? (UPPAAL) Network of Automata Synchronization (CCS-like) a! a?

Timed Automata Network of Automata Clocks in description (UPPAAL) Network of Automata Synchronization (CCS-like) Clocks in description Time passes uniformly Guard/reset on action Invariants on location x  7 3  x  7 y > 4 a! a? y:=0 Uppaal is a modelchecker forTimed Automata with emphasis on reachability properties

Motivation Observation Unsafe Safe Many scheduling problems can be phrased in a natural way as reachability problems for timed automata! Unsafe Safe 25min 20min 10min 5min Can they make it within 60 minutes ?

Motivation Unsafe Safe What schedule minimizes crossings? take! y:=0 y>=20 release! L==1 y>=25 safe y>=5 y>=10 take? release? L:=1-L unsafe L==0 take! y:=0 y>=25 release! L==1 safe 25min 20min 10min 5min What schedule minimizes crossings? What schedule mini-mizes unsafe time? Can they make it within 60 minutes ? What is the fastest schedule? Unsafe Safe

Linearly Priced Timed Automata 4 2.5 x 2 cost’=1 cost+=4 cost’=0 cost’=2 b x<5 y>2 x<3 y:=0 a c Timed Automata + Costs on transitions and locations. Cost of performing transition: Transition cost. Cost of performing delay d: ( d x location cost ). (a,x=y=0) (b,x=y=0) (b,x=y=2) (2.5) (a,x=0,y=2) Cost of Execution Trace: Sum of costs: 4 + 5 + 0 = 9

Example: Aircraft Landing cost t E L T E earliest landing time T target time L latest time e cost rate for being early l cost rate for being late d fixed cost for being late e*(T-t) d+l*(t-T) Planes have to keep separation distance to avoid turbulences caused by preceding planes Runway

Example: Aircraft Landing 4 earliest landing time 5 target time 9 latest time 3 cost rate for being early 1 cost rate for being late 2 fixed cost for being late land! cost+=2 x <= 5 x <= 9 cost’=3 cost’=1 x=5 land! Planes have to keep separation distance to avoid turbulences caused by preceding planes Runway

Symbolic semantics of Linearly Priced Timed Automata

Zones c a b Basic idea: Define a delay and reset over zones y delay x -2  x-y 0 delay 1  y  4 0  x  3 -2  x-y 0 y x x<3 x<3 y>2 a c b y:=0

Zones c a b Basic idea: Define a delay and reset over zones y reset y 0  x  3 -2  x-y 0 y 0  y  0 0  x  3 reset y x x<3 x<3 y>2 a c b y:=0

Priced Zones c a b Basic idea: Define a linear cost function on zones cost=c - 1 x + 2 y cost=c’’ -1 x + 3 y cost=c’+ 0 x + 2 y delay -1 3 cost = c - 1 x + 2 y y 2 2 -1 x cost’=1 cost+=4 cost’=0 cost’=2 x<3 x<5 y>2 a c b y:=0

Priced Zones c a b Basic idea: Define a delay and reset over zones y cost = c - 1 x + 2 y y reset y -1 1 cost = c’+ 1 x cost = c - 1 x 2 -1 x x<3 x<3 y>2 a c b y:=0

State-Space Exploration Algorithm

An Algorithm State-Space Exploration + Use of global variable Cost. Updated Cost whenever goal state with min( C ) <Cost is found: Cost= Cost=80 Cost=60 80 60

An Algorithm Cost:=, Pass := {}, Wait := {(l0,C0)}, Goal= while Wait  {} do select (l,C) from Wait if (l,C)= and mincost(C)<Cost then Cost:=mincost(C) if forall (l’,C’) in Pass: C’ C then add (l,C) to Pass forall (m,D) such that (l,C) (m,D): add (m,D) to Wait Return Cost

An Algorithm Cost:=, Pass := {}, Wait := {(l0,C0)}, Goal= while Wait  {} do select (l,C) from Wait if (l,C)= and mincost(C)<Cost then Cost:=mincost(C) if forall (l’,C’) in Pass: C’ C then add (l,C) to Pass forall (m,D) such that (l,C) (m,D): add (m,D) to Wait Return Cost Performs: symbolic operations Delay, Conjun-ction, and Reset of clocks.

An Algorithm C C’ Cost:=, Pass := {}, Wait := {(l0,C0)}, Goal= C’ is bigger & cheaper than C Cost:=, Pass := {}, Wait := {(l0,C0)}, Goal= while Wait  {} do select (l,C) from Wait if (l,C)= and mincost(C)<Cost then Cost:=mincost(C) if forall (l’,C’) in Pass: C’ C then add (l,C) to Pass forall (m,D) such that (l,C) (m,D): add (m,D) to Wait Return Cost . is a well-quasi ordering which guarantees termination!

When the algorithm terminates, the value of COST equals mincost(). An Algorithm Cost:=, Pass := {}, Wait := {(l0,C0)}, Goal= while Wait  {} do select (l,C) from Wait if (l,C)= and mincost(C)<Cost then Cost:=mincost(C) if forall (l’,C’) in Pass: C’ C then add (l,C) to Pass forall (m,D) such that (l,C) (m,D): add (m,D) to Wait Return Cost Theorem When the algorithm terminates, the value of COST equals mincost().

Efficient Reachability of LPTAs

Verification vs. Optimization Verification Algorithms: Checks a logical property for the entire state-space Efficient blind search. Optimization Algorithms: Finds (near) optimal solutions. Uses techniques to avoid non-optimal parts of the state-space (e.g. Branch and Bound). Objective: Bridge the gap between these two. New techniques and applications in UPPAAL. Safe side reachable? 80 Min time of reaching safe side? 60

Minimum-Cost Order The basic algorithm finds the minimum cost trace. Breadth or Depth-first search-order. Problem: Searches the entire state-space. Minimum-Cost Search Order: Always explore state with smallest minimum cost first.

Fact: First found goal state is optimal. Minimum-Cost Order Fact: First found goal state is optimal. Cost grows along all paths. The search can terminate when first goal state found. Like Dijkstra’s shortest path algorithm. Simpler algorithm: variable Cost no longer needed.

Estimates of Remaining Cost Often a conservative estimate of the remaining cost can be found. REM( l, C ) = conservative estimate of remaining cost. Bridge example: REM( l, C ) = time of slowest person on Unsafe side. At least 25 mins needed to complete schedule.

Estimates of Remaining Cost Basic Algorithm + Estimate of remaining cost: Only states with (min(C) + REM(l, C)) < Cost are further explored. Cost=80 min( C ) + REM( l, C )  80

Estimates of Remaining Cost Basic Algorithm + Estimate of remaining cost: Only states with (min(C) + REM(l, C)) < Cost are further explored. Cost=80 min( C ) + REM( l, C )  80 Minimum Cost + Estimate of remaining cost: Explore states with smallest ( min(C) + REM( l, C ) ) first.

Basic Algorithm + Heuristics: State with highest h is explored first. Using Heuristics Allows the users to control the search order according to heuristics. Symbolic states extended to (l, C, h), where h is the priority of a state. Transitions are annotated with assignments to h. Flexible! Basic Algorithm + Heuristics: State with highest h is explored first.

Examples

Try to schedule planes in the order of their preferred landing times Using Heuristics Try to schedule planes in the order of their preferred landing times

Aircraft Landing Problem runways Benchmark by Beasley et al 2000

Example: Bridge Problem What is the fastest schedule? BF = Breadth-First, DF = Depth-First, MC = Minimum Cost Order, MC+ = MC + REM Number of symbolic states generated with cost-extended version of UPPAAL. Minimum Cost Order + Estimate of Remaining cost <10% of Breadth-First Search.

SIDMAR Steel Production Plant Crane A Machine 1 Machine 2 Machine 3 A. Fehnker [RTCSA99], T. Hune, K. G. Larsen, P. Pettersson [DSV00] Case study of Esprit-LTR project 26270 VHS Physical plant of SIDMAR located in Gent, Belgium. Part between blast furnace and hot rolling mill. Objective: model the plant, obtain schedule and control program for plant. Lane 1 Machine 4 Machine 5 Lane 2 Buffer Crane B Storage Place Continuos Casting Machine

SIDMAR Steel Production Plant Crane A Input: sequence of steel loads (“pigs”). Machine 1 Machine 2 Machine 3 @10 @20 2 @10 2 2 Lane 1 Machine 4 Machine 5 15 @10 Load follows Recipe to obtain certain quality, e.g: start; T1@10; T2@20; T3@10; T2@10; end within 120. Lane 2 16 Buffer Crane B =127 Storage Place Good schedules for ten batches within seconds, rather than bad schedules for five batches within almost an hour. @40 Continuos Casting Machine Output: sequence of higher quality steel.

SIDMAR Steel Production Plant LEGO RCX Mindstorms. Local controllers with control programs. IR protocol for remote invocation of programs. Central controller. crane a m1 m2 m3 m4 m5 crane b buffer storage central controller casting Synthesis

Heuristics: BPM protocol Heuristic: search first for constant input 1  Up to 50% reduction for erroneous instances of a simple communcation protocol.

Conclusion Advantages Disadvantages Our goal Future work Easy and flexible modeling of systems Whole range of verification techniques becomes available Controller/Program synthesis Disadvantages Existing scheduling approaches perform somewhat better Our goal See how far we get; Integrate model checking and scheduling theory. Future work Tailoring Linear Programming to Priced Zones Translation trace to schedule, re-use of schedules, ...

Related Work Alur, Courcourbetis, Henzinger (1993) Accumulated delays in Realtime Systems Alur, Torre, Pappas (HSCC’01) Optimal Paths in Weighted Timed Automata Behrmann, Fehnker, et all (HSCC’01) Minimum-Cost Reachability for Priced Timed Automata

Related Work (cont) Asarin & Maler (1999) Time optimal control using backwards fixed point computation Niebert, Tripakis & Yovine (2000) Minimum-time reachability using forward reachability Behrmann, Fehnker et all (TACAS’2001, CAV’01) Minimum-time reachability using Branch-and-Bound Brinksma, Maler, Fehnker(STTT02) Using UPPAAL en SPIN to compute optimal schedules. Abdeddaim, Maler (CAV’01) Job-Shop Scheduling using Timed Automata General Trend (AAAI’01): Integrating Scheduling/Planning and Model Checking

End of slide show

Linearly Priced Timed Automata x<3 y>2 {x:=0} a c cost’=1 cost+=4 cost’=0 cost’=2 b Timed Automata + Costs on transitions and locations. Cost of performing transition: Transition cost. Cost of performing delay d: ( d x location cost ). (a,x=y=0) (b,x=y=0) (b,x=y=2) (2.5) (a,x=0,y=2) 4 2.5 x 2 Cost of Execution Trace: Sum of costs: 4 + 5 + 0 = 9

Regions x y 1 2 3 4 5 x<3 x<3 y>2 a c {x:=0} b

Regions x y 1 2 3 4 5 x<3 x<3 y>2 a c {x:=0} b

Regions c a b x<3 x<3 y>2 {x:=0} y y y x 3 1 2 x 3 1 2 x 3 1 Alur & Dill Regions x<3 x<3 y>2 a c {x:=0} b y y y x 3 1 2 x 3 1 2 x 3 1 2 1 2 3 1 2 3 1 2 3 Transitions with and w/o reset and delay can be considered as transitions on regions!