Timed Unfoldings for Networks of Timed Automata

(1)

Generalities Discrete Structure of our Unfolding Adding Time Finite and complete prefix Conclusion

Timed Unfoldings For Networks

of Timed Automata

Patricia Bouyer1 _{Serge Haddad}2 _{Pierre-Alain Reynier}1

1_{LSV, CNRS & ENS Cachan, France} 2_{LAMSADE, CNRS & Univ. Paris Dauphine, France}

ULB, Bruxelles, 21 d´ecembre 2006 presented at ATVA’06

(2)

Motivations

The general framework is this of model-checking :

Does the system

Modelization verify

|=

Model-checking algorithm

ϕ

the property ?

(3)

Motivations

Our objective:

➜ Apply partial order techniques to timed systems. In this work:

Partial order techniques = unfoldings

Timed systems = Networks of timed automata (NTA)

Classical difficulties:

merge time and concurrency handle urgency (invariants in TA)

(4)

Related Work

Partial order methods for NTA:

I Local semantics of time [Yi et al 98, Minea 99]

I Mazurkiewicz traces [Niebert et al 04, 06]

Unfoldings for time Petri nets:

I Unfolding of the underlying Petri net [Lilius 98]

I Proved to be “locally infeasible” [Aura & Lilius 00]

I Unfolding with discrete time [Fleishback & Steino 02]

I General case, introducing read arcs [Chatain & Jard 06].

(5)

Generalities Discrete Structure of our Unfolding Adding Time Finite and complete prefix Conclusion 1 Generalities

Networks of timed automata Unfolding of discrete-event systems

2 Discrete Structure of our Unfolding

Clocks as shared variables Invariants

An example

3 Adding Time

Timed non-branching process A first timed unfolding Computation via local zones

4 Finite and complete prefix 5 Conclusion

(6)

Networks of timed automata Unfolding of discrete-event systems

2 Discrete Structure of our Unfolding Clocks as shared variables Invariants

An example 3 Adding Time

Timed non-branching process A first timed unfolding Computation via local zones 4 Finite and complete prefix 5 Conclusion

(7)

Network of Timed Automata (NTA)

A NTA is a finite set of processes, defined as TA, together with a synchronization function. We allow:

invariants, shared clocks,

n-ary synchronizations.

Configuration = a vector of discrete locations + a clock valuation

Example: x≤ 2 y≥ 2, y:= 0 a1 y= 0 b? a2 x≥ 3 a3 b! `0 `0 0 `00 0 `1 `0 1 `00 1 `2 `0 2 _f_:        (a1,⊥, ⊥) 7→ a1 (⊥, a2,⊥) 7→ a2 (⊥, ⊥, a3) 7→ a3 (b?, b!, ⊥) 7→ b

(8)

Network of Timed Automata (NTA)

x y 0 0 Example: x≤ 2 x≤ 2 y≥ 2, y:= 0 a1 y= 0 b? a2 x≥ 3 a3 b! `0 `0 0 `00 0 `1 `0 1 `00 1 `2 `0 2 _f_:        (a1,⊥, ⊥) 7→ a1 (⊥, a2,⊥) 7→ a2 (⊥, ⊥, a3) 7→ a3 (b?, b!, ⊥) 7→ b

(9)

Network of Timed Automata (NTA)

x y 0 0 (1) −−→ 1 1 Example: x≤ 2 x≤ 2 y≥ 2, y:= 0 a1 y= 0 b? a2 x≥ 3 a3 b! `0 `0 0 `00 0 `1 `0 1 `00 1 `2 `0 2 _f_:        (a1,⊥, ⊥) 7→ a1 (⊥, a2,⊥) 7→ a2 (⊥, ⊥, a3) 7→ a3 (b?, b!, ⊥) 7→ b

(10)

Network of Timed Automata (NTA)

x y 0 0 (1) −−→ 1 1 a₂ −→ 1 1 Example: x≤ 2 y≥ 2, y:= 0 a1 y= 0 b? a2 x≥ 3 a3 b! `0 `0 0 `00 0 `1 `0 1 `00 1 `2 `0 2 _f_:        (a1,⊥, ⊥) 7→ a1 (⊥, a2,⊥) 7→ a2 (⊥, ⊥, a3) 7→ a3 (b?, b!, ⊥) 7→ b

(11)

Network of Timed Automata (NTA)

x y 0 0 (1) −−→ 1 1 a₂ −→ 1 1 (1) −−→ 2 2 Example: x≤ 2 y≥ 2, y:= 0 a1 y= 0 b? a2 x≥ 3 a3 b! `0 `0 0 `00 0 `1 `0 1 `00 1 `2 `0 2 _f_:        (a1,⊥, ⊥) 7→ a1 (⊥, a2,⊥) 7→ a2 (⊥, ⊥, a3) 7→ a3 (b?, b!, ⊥) 7→ b

(12)

Network of Timed Automata (NTA)

x y 0 0 (1) −−→ 1 1 a₂ −→ 1 1 (1) −−→ 2 2 a₁ −→ 2 0 Example: x≤ 2 y≥ 2, y:= 0 a1 y= 0 b? a2 x≥ 3 a3 b! `0 `0 0 `00 0 `1 `0 1 `00 1 `2 `0 2 _f_:        (a1,⊥, ⊥) 7→ a1 (⊥, a2,⊥) 7→ a2 (⊥, ⊥, a3) 7→ a3 (b?, b!, ⊥) 7→ b

(13)

Network of Timed Automata (NTA)

x y 0 0 (1) −−→ 1 1 a₂ −→ 1 1 (1) −−→ 2 2 a₁ −→ 2 0 b −→ 2 0 Example: x≤ 2 y≥ 2, y:= 0 a1 y= 0 b? a2 x≥ 3 a3 b! `0 `0 0 `00 0 `1 `0 1 `00 1 `2 `0 2 _f_:        (a1,⊥, ⊥) 7→ a1 (⊥, a2,⊥) 7→ a2 (⊥, ⊥, a3) 7→ a3 (b?, b!, ⊥) 7→ b

(14)

Network of Timed Automata (NTA)

x y 0 0 (1) −−→ 1 1 a₂ −→ 1 1 (1) −−→ 2 2 a₁ −→ 2 0 b −→ 2 0 (1) −−→ 3 1 Example: x≤ 2 y≥ 2, y:= 0 a1 y= 0 b? a2 x≥ 3 a3 b! `0 `0 0 `00 0 `1 `0 1 `00 1 `2 `0 2 _f_:        (a1,⊥, ⊥) 7→ a1 (⊥, a2,⊥) 7→ a2 (⊥, ⊥, a3) 7→ a3 (b?, b!, ⊥) 7→ b

(15)

Network of Timed Automata (NTA)

x y 0 0 (1) −−→ 1 1 a₂ −→ 1 1 (1) −−→ 2 2 a₁ −→ 2 0 b −→ 2 0 (1) −−→ 3 1 a₃ −→ 3 1 Example: x≤ 2 y≥ 2, y:= 0 a1 y= 0 b? a2 x≥ 3 a3 b! `0 `0 0 `00 0 `1 `0 1 `00 1 `2 `0 2 _f_:        (a1,⊥, ⊥) 7→ a1 (⊥, a2,⊥) 7→ a2 (⊥, ⊥, a3) 7→ a3 (b?, b!, ⊥) 7→ b

(16)

Unfolding of discrete-event systems

Unfolding of a system= net describing its concurrent behaviors. Usuallyinfinite,

but: existence of a finiteand completeprefix.

➜ Well kwown for discrete-event systems such as Petri Nets, or networks of automata (McMillan, Esparza et al, ...)

➜ we can decide reachability, transition enabling, deadlocks...

Remark1: Very efficient for safe Petri Nets

Remark2: Networks of Automata give safe Petri Nets!

➜ it remains to handle time!

(17)

Example of the unfolding of a discrete system

`0 `1 `2 `3 `0 0 `01 `02 a1 a2 b? b? a3 b! f :        (a1,⊥) 7→ a1 (⊥, a2) 7→ a2 (⊥, a3) 7→ a3 (b?, b!) 7→ b `0 `00

(18)

Example of the unfolding of a discrete system

`0 `1 `2 `3 `0 0 `01 `02 a1 a2 b? b? a3 b! f :        (a1,⊥) 7→ a1 (⊥, a2) 7→ a2 (⊥, a3) 7→ a3 (b?, b!) 7→ b `0 `00

(19)

Example of the unfolding of a discrete system

`0 `1 `2 `3 `0 0 `01 `02 a1 a2 b? b? a3 b! f :        (a1,⊥) 7→ a1 (⊥, a2) 7→ a2 (⊥, a3) 7→ a3 (b?, b!) 7→ b `0 `00 `₁ a1

(20)

Example of the unfolding of a discrete system

`0 `1 `2 `3 `0 0 `01 `02 a1 a2 b? b? a3 b! f :        (a1,⊥) 7→ a1 (⊥, a2) 7→ a2 (⊥, a3) 7→ a3 (b?, b!) 7→ b `0 `00 `₁ a1

(21)

Example of the unfolding of a discrete system

`0 `1 `2 `3 `0 0 `01 `02 a1 a2 b? b? a3 b! f :        (a1,⊥) 7→ a1 (⊥, a2) 7→ a2 (⊥, a3) 7→ a3 (b?, b!) 7→ b `0 `00 `₁ a1 `₂ a2

(22)

Example of the unfolding of a discrete system

`0 `1 `2 `3 `0 0 `0 0 `01 `02 a1 a2 b? b? a3 b! f :        (a1,⊥) 7→ a1 (⊥, a2) 7→ a2 (⊥, a3) 7→ a3 (b?, b!) 7→ b `0 `00 `₁ a1 `₂ a2

(23)

Example of the unfolding of a discrete system

`0 `1 `2 `3 `0 0 `0 0 `01 `02 a1 a2 b? b? a3 b! f :        (a1,⊥) 7→ a1 (⊥, a2) 7→ a2 (⊥, a3) 7→ a3 (b?, b!) 7→ b `0 `00 `₁ a1 `₂ a2 `0 1 a3

(24)

Example of the unfolding of a discrete system

`0 `1 `2 `3 `0 0 ``0101 `02 a1 a2 b? b? a3 b! f :        (a1,⊥) 7→ a1 (⊥, a2) 7→ a2 (⊥, a3) 7→ a3 (b?, b!) 7→ b `0 `00 `₁ a1 `₂ a2 `0 1 a3

(25)

Example of the unfolding of a discrete system

`0 `1 `2 `3 `0 0 ``0101 `02 a1 a2 b? b? a3 b! f :        (a1,⊥) 7→ a1 (⊥, a2) 7→ a2 (⊥, a3) 7→ a3 (b?, b!) 7→ b `0 `00 `₁ a1 `₂ a2 `0 1 a3 `3 `02 b

(26)

Example of the unfolding of a discrete system

`0 `1 `2 `3 `0 0 ``0101 `02 a1 a2 b? b? a3 b! f :        (a1,⊥) 7→ a1 (⊥, a2) 7→ a2 (⊥, a3) 7→ a3 (b?, b!) 7→ b `0 `00 `₁ a1 `₂ a2 `0 1 a3 `3 `02 b

(27)

Example of the unfolding of a discrete system

`0 `1 `2 `3 `0 0 ``0101 `02 a1 a2 b? b? a3 b! f :        (a1,⊥) 7→ a1 (⊥, a2) 7→ a2 (⊥, a3) 7→ a3 (b?, b!) 7→ b `0 `00 `₁ a1 `₂ a2 `0 1 a3 `3 `02 b `3 `02 b

(28)

Example of the unfolding of a discrete system

`0 `1 `2 `3 `0 0 `01 `02 a1 a2 b? b? a3 b! f :        (a1,⊥) 7→ a1 (⊥, a2) 7→ a2 (⊥, a3) 7→ a3 (b?, b!) 7→ b `0 `00 `₁ a1 `₂ a2 `0 1 a3 `3 `02 b `3 `02 b

(29)

Example of the unfolding of a discrete system

Some definitions: Causal relation< if p ∈•_t, _{then p < t} if p ∈ t•_, then t < p `0 `00 `₁ a1 `₂ a2 `0 1 a3 `3 `02 b `3 `02 b placeorcondition transitionorevent

(30)

Example of the unfolding of a discrete system

Some definitions: Causal relation< if p ∈•_t, _{then p < t} if p ∈ t•_, then t < p Non-branching process subnet corresponding to an execution `0 `00 `₁ a1 `₂ a2 `0 1 a3 `3 `02 b `3 `02 b placeorcondition transitionorevent

(31)

Example of the unfolding of a discrete system

Some definitions: Causal relation< if p ∈•_t, _{then p < t} if p ∈ t•_, then t < p Non-branching process subnet corresponding to an execution

Nbp associated with an event

minimal causal past

`0 `00 `₁ a1 `₂ a2 `0 1 a3 `3 `02 b `3 `02 b placeorcondition transitionorevent

(32)

Example of the unfolding of a discrete system

Some definitions: Causal relation< if p ∈•_t, _{then p < t} if p ∈ t•_, then t < p Non-branching process subnet corresponding to an execution

Nbp associated with an event

minimal causal past

Cut of a nbpC (Min ∪ C• ) \•_C `0 `00 `₁ a1 `₂ a2 `0 1 a3 `3 `02 b `3 `02 b placeorcondition transitionorevent

(33)

Networks of timed automata Unfolding of discrete-event systems 2 Discrete Structure of our Unfolding

An example

3 Adding Time

(34)

Clocks as shared variables

I Clocks induce dependencies betw. a priori indep. transitions

I Examples : `0 `1 `0 0 `01 a x := 0 b x≥ 2

a and b aredependent

I Consider clocks as shared variables:

Test as reading Reset as writing

Remark: related to [ICALP’06], [Srba], [Lugiez et al]

(35)

Clocks as shared variables

I Clocks induce dependencies betw. a priori indep. transitions

I Examples : `0 `1 `0 0 `01 a x ≤ 3 b x≥ 2

a and b areindependent

I Consider clocks as shared variables:

Test as reading Reset as writing

Remark: related to [ICALP’06], [Srba], [Lugiez et al]

(36)

Test as reading

Read Arcs: p t1 t2 t3 p ∈ t1•∧ p ∈◦t2 ⇒ t1<t2 p ∈◦_t 2∧ p ∈•t3 ⇒ t2<t3

➜ Leads to another notion of unfolding: [Vogler et al, Winkovski]

I More difficult to define

I Increase significantly the concurrency relation

`₀ `₁ `0 0 `01 a x≤ 3 b x≥ 2 `0 x `₁ `0 0 `0 1 a b ➜

aand b areconcurrent

(37)

Reset as writing

`0 `1 `0 0 ` 0 1 a x:= 0 b x≥ 2 `₀ x x `1 `0 0 `0 1 `0 1 a b b ➜

I a and b aredependent,

I there are two occurrences of the transition b.

(38)

Invariants

I An invariant of any process may affect the behavior of other

processes: `0 `1 y ≤ 2 `0 0 a x≥ 3 `0 x `₁ y `0 0 a ➜

I For every clock x appearing in an invariant, and for every

event t, we require:

x∈◦

t∪•

t

I This may have bad consequences on the causal relation.

(39)

Invariants (2)

I What happens if a transition modifies an invariant?

`0 `1 x ≤ 2 `0 0 x≤ 4 `01 a x ≥ 3 b `0 x x `₁ `0 0 `0 1 `0 0 a b a ➜

I considered as a writing on clock x.

I To a condition encoding a clock x corresponds informally a

set of constraints satisfied by x.

(40)

Example

x≤ 2 y≥ 2, y:= 0 a1 y= 0 b? a2 x≥ 3 a3 b! `0 `0 0 `00 0 `1 `0 1 `00 1 `2 `0 2 f :        (a1,⊥, ⊥) 7→ a1 (⊥, a2,⊥) 7→ a2 (⊥, ⊥, a3) 7→ a3 (b?, b!, ⊥) 7→ b `0 `00 ` 00 0 y x

(41)

Example

x≤ 2 y≥ 2, y:= 0 a1 a1 y= 0 b? a2 x≥ 3 a3 b! `0 `0 0 `00 0 `1 `0 1 `00 1 `2 `0 2 f :        (a1,⊥, ⊥) 7→ a1 (⊥, a2,⊥) 7→ a2 (⊥, ⊥, a3) 7→ a3 (b?, b!, ⊥) 7→ b `0 `00 ` 00 0 y x

(42)

Example

x≤ 2 y≥ 2, y:= 0 a1 a1 y= 0 b? a2 x≥ 3 a3 b! `0 `0 0 `00 0 `1 `0 1 `00 1 `2 `0 2 f :        (a1,⊥, ⊥) 7→ a1 (⊥, a2,⊥) 7→ a2 (⊥, ⊥, a3) 7→ a3 (b?, b!, ⊥) 7→ b `0 `00 ` 00 0 y x y `1 a1

(43)

Example

x≤ 2 x≤ 2 y≥ 2, y:= 0 a1 y= 0 b? a2 a2 x≥ 3 a3 b! `0 `0 0 `00 0 `1 `0 1 `00 1 `2 `0 2 f :        (a1,⊥, ⊥) 7→ a1 (⊥, a2,⊥) 7→ a2 (⊥, ⊥, a3) 7→ a3 (b?, b!, ⊥) 7→ b `0 `00 ` 00 0 y x y `1 a1

(44)

Example

x≤ 2 x≤ 2 y≥ 2, y:= 0 a1 y= 0 b? a2 a2 x≥ 3 a3 b! `0 `0 0 `00 0 `1 `0 1 `00 1 `2 `0 2 f :        (a1,⊥, ⊥) 7→ a1 (⊥, a2,⊥) 7→ a2 (⊥, ⊥, a3) 7→ a3 (b?, b!, ⊥) 7→ b `0 `00 ` 00 0 y x y `1 a1 x `0 1 a2

(45)

Example

x≤ 2 y≥ 2, y:= 0 a1 y= 0 b? a2 x≥ 3 a3 a3 b! `0 `0 0 `00 0 `1 `0 1 `00 1 `2 `0 2 f :        (a1,⊥, ⊥) 7→ a1 (⊥, a2,⊥) 7→ a2 (⊥, ⊥, a3) 7→ a3 (b?, b!, ⊥) 7→ b `0 `00 ` 00 0 y x y `1 a1 x `0 1 a2

(46)

Example

x≤ 2 y≥ 2, y:= 0 a1 y= 0 b? a2 x≥ 3 a3 a3 b! `0 `0 0 `00 0 `1 `0 1 `00 1 `2 `0 2 f :        (a1,⊥, ⊥) 7→ a1 (⊥, a2,⊥) 7→ a2 (⊥, ⊥, a3) 7→ a3 (b?, b!, ⊥) 7→ b `0 `00 ` 00 0 y x y `1 a1 x `0 1 a2 `00 1 a3

(47)

Example

x≤ 2 y≥ 2, y:= 0 a1 y= 0 b? b? a2 x≥ 3 a3 b! b! `0 `0 0 `00 0 `1 `0 1 `00 1 `2 `0 2 f :        (a1,⊥, ⊥) 7→ a1 (⊥, a2,⊥) 7→ a2 (⊥, ⊥, a3) 7→ a3 (b?, b!, ⊥) 7→ b `0 `00 ` 00 0 y x y `1 a1 x `0 1 a2 `00 1 a3

(48)

Example

x≤ 2 y≥ 2, y:= 0 a1 y= 0 b? b? a2 x≥ 3 a3 b! b! `0 `0 0 `00 0 `1 `0 1 `00 1 `2 `0 2 f :        (a1,⊥, ⊥) 7→ a1 (⊥, a2,⊥) 7→ a2 (⊥, ⊥, a3) 7→ a3 (b?, b!, ⊥) 7→ b `0 `00 ` 00 0 y x y `1 a1 x `0 1 a2 `00 1 a3 `₂ `0 2 b

(49)

Example

x≤ 2 y≥ 2, y:= 0 a1 y= 0 b? a2 x≥ 3 a3 a3 b! `0 `0 0 `00 0 `1 `0 1 `00 1 `2 `0 2 f :        (a1,⊥, ⊥) 7→ a1 (⊥, a2,⊥) 7→ a2 (⊥, ⊥, a3) 7→ a3 (b?, b!, ⊥) 7→ b `0 `00 ` 00 0 y x y `1 a1 x `0 1 a2 `00 1 a3 `₂ `0 2 b

(50)

Example

x≤ 2 y≥ 2, y:= 0 a1 y= 0 b? a2 x≥ 3 a3 a3 b! `0 `0 0 `00 0 `1 `0 1 `00 1 `2 `0 2 f :        (a1,⊥, ⊥) 7→ a1 (⊥, a2,⊥) 7→ a2 (⊥, ⊥, a3) 7→ a3 (b?, b!, ⊥) 7→ b `0 `00 ` 00 0 y x y `1 a1 x `0 1 a2 `00 1 a3 `₂ `0 2 b `00 1 a3

(51)

Example

x≤ 2 y≥ 2, y:= 0 a1 y= 0 b? a2 x≥ 3 a3 b! `0 `0 0 `00 0 `1 `0 1 `00 1 `2 `0 2 f :        (a1,⊥, ⊥) 7→ a1 (⊥, a2,⊥) 7→ a2 (⊥, ⊥, a3) 7→ a3 (b?, b!, ⊥) 7→ b `0 `00 ` 00 0 y x y `1 a1 x `0 1 a2 `00 1 a3 `₂ `0 2 b `00 1 a3

(52)

Example

x≤ 2 y≥ 2, y:= 0 a1 y= 0 b? a2 x≥ 3 a3 b! `0 `0 0 `00 0 `1 `0 1 `00 1 `2 `0 2 f :        (a1,⊥, ⊥) 7→ a1 (⊥, a2,⊥) 7→ a2 (⊥, ⊥, a3) 7→ a3 (b?, b!, ⊥) 7→ b `0 `00 ` 00 0 y x y `1 a1 x `0 1 a2 `00 1 a3 `₂ `0 2 b `00 1 a3 `₁ y a1 b `2 `02

(53)

Timed non-branching process A first timed unfolding Computation via local zones

4 Finite and complete prefix 5 Conclusion

(54)

Timed Non-branching Process

We attach timing informations to nodes: For transitions:

I d : date of firing

For locations:

I d_b : date of birth (= production) I d_e : date of end (= consumption)

For clocks:

I d_b : date of birth (= production) I d_e : date of end (= consumption)

I d_r : date of last reset (to compute clock’s value)

➜ These are absolute dates

(55)

From timed sequences to timed nbp

A timed sequence ν = ν0 · (d, a) `0 `1 y := 0 x≥ 2, a `0 x `₁ y y a p1 p2 p3 p4 p5 t1 ➜

We define dates as follows: d(t1) = d

de(p1) = de(p3) = d

db(p4) = db(p5) = dr(p5) = d

(56)

Feasible Timed Non-branching Process

· · ·

· · · t

for any clock x, let us denote: v(x) = d(t) − dr(px−)

v0_{(x) = d(t) − d} r(px+)

Causal (in)equations: Timed (in)equations:

- ∀p ∈ t•_{, d} b(p) = d(t) - g (t)[{x ← v (x)}x ∈X] - ∀p ∈• t, de(p) = d(t) - V`∈L_(t)Inv(`)[{x ← v (x)}x ∈X] - ∀p ∈◦ t, db(p) ≤ d(t) ≤ de(p) - Vx ∈R_(t)v 0 (x) = 0 - ∀p ∈ Min, db(p) = dr(p) = 0 - Vx ∈Redefined_(t)v 0 (x) = v (x)

(57)

A first timed Unfolding

I A timed non-branching process is feasible iff it satisfies

previous equations.

Proposition

(i ) The timed nbp associated with a timed sequence is feasible, (ii ) If a timed nbp is feasible, then it admits a timed sequence.

I If we consider the previous equations as zones (symbolic

representation for valuations), then we get:

Theorem

The resulting timed unfolding contains exactly all the timed sequences of the NTA : it defines a symbolic unfolding for NTA.

(58)

Computation via local zones

I Drawback of the previous unfolding: the size of zones

increases while unfolding.

I Idea: keep only the part of the zone related to the cut

➜ zones of bounded size (2n + 3|X |).

I Interest: sufficient to extend a nbp.

I Drawback: not sufficient to “merge” two nbps.

. Details

(59)

Computation via local zones (2)

I Using a topological sort, we compute local zones “slice by

slice” (slice = set of concurrent events).

I We obtain a way to compute a timed unfolding of an NTA, in

which zones attached to events are of bounded size.

Theorem

We can compute the timed unfolding T (A) with local zones (Zt)t

verifying:

t appears inT (A) iff there exists a timed sequence whose nbp

is the one of t,

Zt characterizes the set of values reachable by timed

sequences along the nbp of t

(60)

(61)

Objective

I Limit the unfolding to a finite prefixwhich contains full

information about the reachable states.

I In the untimed framework:

e cut-off ⇐⇒ ∃e0 ≺ e s.t. ( λ(e) = λ(e0 ) λ(Cut(e)) = λ(Cut(e0₎₎

Then prune the subtree rooted in e.

I In the timed framework, we have to compare zones!

(inclusion)

(62)

How to compare zones

I Computerelativizationof zone Z_t w.r.t. date d(t) of t :

(operation : ∀d, d := d(t) − d)

I But these zones may be unbounded

➜ does not ensure termination!

I Favorable case: “bounded” TA = TA such that :

clock values are bounded,

time elapsed in any location is bounded. ➜ finitely many zones ⇒ Termination!

I General case: Enforce global synchronization to reinitialize the

unfolding, and use extrapolation on “clock zones”.

(63)

Synchronized events

Define the clock zones Testt obtained from Zt by performing:

Relativization w.r.t. variable d(t) Projection on variables dr(.)

Extrapolation

Synchronized events: (chosen among unavoidable edges) Perform global synchronization, and reinitialize the unfolding (consume all places of the cut, and produce them back)

Lemma (Forgettable Past)

Let t ∈ SE .

It is equivalent to extend the nbp of t and to build a nbp from Cut([t]) which initially satisfies Testt.

sync

(64)

Algorithm for finite prefix

I We consider an adequate order ≺ on SE (see [Esparza et al])

I Cut-off event : e ∈ SE cut-off ⇐⇒ ∃e0 ≺ e s.t.      λ(e) = λ(e0 ) λ(Cut(e)) = λ(Cut(e0₎₎ Teste ⊆ Teste0 Theorem

This algorithm terminates and produces a finite and complete prefix.

(65)

1 Generalities

(66)

Conclusion

I Definition of a timed unfolding for NTA

I Computation using “local zones”

I Construction of a finite and complete prefix

Further work:

I Reduce dependencies due to invariants

I Reduce the number of variables (d_b,d_e,d_r)

I Try to avoid synchronized edges

I Extend the set of properties we can verify

I Implementation

(67)

A last remark

There were two papers at ATVA’06:

“Timed Unfoldings For Networks of Timed Automata” (BHR) “Symbolic Unfoldings For Networks of Timed Automata” (Cassez, Chatain, Jard)

The two contributions are close but there are important differences:

they propose a way to define the unfolding, but do not consider its “efficient” construction,

this allows them to define a “smaller” object,

they make some stronger assumptions on the system (no deadlocks, no shared clocks).

➜ We are currently trying to bring closer the two approaches.

(68)

Thanks for your attention!

(69)

Appendix

Extend the unfolding

e₁ e₂

e0

Cut(e1) Cut(e2)

Firing e1 implies d(e0) < 1

Firing e2 implies d(e0) > 1

But e0 _{does not appear in Cut(e}

1) ∪ Cut(e2) !

➜ Taking Ze₁∧ Ze₂ is not enough precise...

(70)

Appendix

Computing by slices

e0 _{= e}

1 e2

Cut(e1) Cut(e2)

1 Compute the starting event e0

2 Sort by slices (sets of concurrent events) the elements of

([e1] ∪ [e2]) \ [e0]

3 Extend Z_e0, slice by slice.

. Back