But Were Afraid to Ask - LSV
Contents
1. xk kK K K K K K K K 2K K KK K K K K K K K K K K K K K K K K OK K K K K K K K CE K K K K K K K K K kK KKK AUTOMATON 7K K k kK K K K K K K K K KK K CE K K K K K K K K CE CE K K K K K K K K K K K K K K K K K K K K K K kK KKK K k k kK kK K K K K K K K 2K K KK K K K K K K CE K K K K K E K K K K K K K K K CE K K K K K K K K K OK KKK K k k 2K kK kK kK kK kK K K K K CE K K CE CE K CE K CE CE CE CE CE K K CE K CE CE K K CE K CE CE K K CE K K CE K K K K K OK K k automaton toy K k k kK K k kK kK K K K K K CE K K CE K K CE K K CE CE CE K K K K K K CE K CE CE K K CE K K CE K K CE K K OK K K OK k k synclabs a b initially QO loc Q0 while x1 lt pl wait when x2 gt p2 sync a do xl 0 goto Ql when xl gt p3 sync b do goto Q2 loc Ql while x1 gt 0 wait when True do goto Ql loc Q2 while xl gt 0 wait when True do goto Q2 end toy 7K k 2K ok K K K K OK K ck KK CE CE K CE K CE CE OK CE HE CE CE PE CE HE K OK K K CE CE K K K CE K K K OK K K K K K K KKK xk oko ok K K oko OK K ck 2K 2K CE 2K K K K CE K K CE K CE CE K K 2K CE CE K K K K K K K 2K K OK K K K K K K K kK KKK ANALYSIS 10 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 ANDR2. of parameters the algorithm outputs a constraint Ko on the parameters such that i vo Ko ii Afr 2 rA Alro for any 7 E Ko The algorithm InverseMethod on which IMITATOR relies can be summarized as follows Starting with K True we iteratively compute a growing set of reachable symbolic states A symbolic state of the system is a couple q C where q is a location of the PTA and C a constraint on the parameters When a mo incompatible state q C is encountered i e when 79 2 C K is refined as follows a 79 incompatible inequality J i e such that mo j J is selected within C and J 2 http www lsv ens cachan fr andre IMITATOR 3 Strictly speaking C is a constraint on the clock variables and the parameters but the clock variables are omitted here for the sake of simplicity See 5 for more details 2 E ANDRE ALGORITHM InverseMethod A 70 Input A PTA To Reference valuation of P Output Ko Constraint on the parameters Variables i Current iteration S Current set of reachable states 8 U 0 Post x 80 K Current constraint on the parameters 1 20 K True S so DO DO UNTIL S is 79 compatible Select a 79 incompatible state q C of S Select an inequality J of AX C such that ro J KA SiS s Post cy so OD S xo compatible THEN RETURN Ko q cyes 4X C FI i i 1 S SU Post a g S S Uo Post ey 50 OD
3. way post_reg reach forward from init_reg endreach Finally the following code must be inserted at the end of the input file prints START LOG print hide non parameters in post reg endhide prints END L0G The two prints commands allow IMITATOR to parse the HyTECH log file in order to find the resulting set of computed states You can customize the non parameters command but be aware that every variable which is not given a value in the reference valuation definition in the init_reg region must be hidden at that point including all clocks In particular if for any reason you use other parameters than those defined in 79 they should be hidden here Provided the requirements described in this section are fullfiled the input file can contain anything else than what is described here However you are strongly adviced to remove any other analysis command since everything which is defined in the input file will be executed at every Post computation and can thus make this computation very slow or even not terminate 8 2 5 Summary of requirements A quick reminder of the requirements for the input file i Definition of mo between two tags in the input reg region ii Definition of the computation region post_reg iii Sequence of commands to print the result in between two tags 4 It is actually possible to leave some values uncommented but those parameters will be considered by IMITATOR not as para
4. 7K K OK ok oko 2K K OK K ck KK CE 2K K K K CE K K K K CE CE DE CE 2K K 2K K K K CE K K K CE K CE K K K K K K K kK KKK var init reg post reg region init reg Initial locations loc toy Q0 Clocks START PIO amp pl amp p2 amp p3 6 II Bo oe END PI0 post reg reach forward from init reg endreach prints START LOG print hide non_parameters in post_reg endhide prints END LOG 11
5. Etienne Andr Everything You Always Wanted to Know About IMITATOR But Were Afraid to Ask Research Report LSV 09 20 July 2009 This is a research report published by Laboratoire Sp cification et V rification Everything You Always Wanted to Know About Imitator But Were Afraid to Ask Etienne Andr LSV ENS de Cachan amp CNRS France Abstract We present here the user manual of IMITATOR a tool for synthesizing constraints on timing bounds seen as parameters in the framework of timed automata Unlike classical synthesis methods the tool IMITATOR takes advantage of a given reference valuation of the parameters for which the system is known to behave properly The goal of IMITATOR is to generate a constraint such that under any valuation satisfying this constraint the system is guaranteed to behave in terms of alternating sequences of locations and actions as under the reference valuation We give here the installation requirements and the launching commands of IMITATOR as well as the source code of a toy example 1 Introduction This document is the user manual of the tool IMITATOR 4 Inverse Method for Inferring Time AbstracT behaviOR an implementation of the inverse method de scribed in 5 This tool is being developed at LSV ENS Cachan France 2 Imitator in a Nutshell 2 1 Context Timed automata 1 are finite control automata equipped with clocks which are real valued variables which increas
6. Fig 1 Algorithm InverseMethod is added to K The procedure is then started again with this new K and so on until the whole set of reachable states Post is computed The algorithm InverseMethod is given in Fig 1 where the clock variables have been disregarded for the sake of simplicity We denote by Posti x 5 the set of symbolic states reachable from S in exactly i steps of A K and 3X C denotes the elimination of clock variables in constraint C Note that there are two possible sources of nondeterminism in the algorithm e when one selects a 79 incompatible state q C i e mo A 3X C and e when one selects an inequality J among the conjunction of inequalities 3X C that is responsible for this 79 incompatibility i e such that mo A J hence To E gt J 2 4 General Structure As described on Fig 2 IMITATOR 4 takes as an input a PTA described in HyTECH syntax The tool drives indeed the model checker HyTECH 8 in a basic manner IMITATOR also takes as an input the reference valuation mo The program outputs a constraint Ko on the parameters such that i mo Ko ii Afr 2 rA no for any m E Ko IMITATOR is a program written in Python that uses Hv T ECH for the computa tion of the Post operation The Python program contains about 1500 lines of code and it took about 4 man months of work 3 E ANDRE PTAA HvTEcH file Reference instantiation mo Fig 2 IMITATOR
7. H Krogh A counterexample guided approach to parameter synthesis for linear hybrid automata In HSCC 08 volume 4981 of LNCS pages 187 200 Springer 2008 8 T A Henzinger P Ho and H Wong Toi A user guide to HvTEcH In TACAS pages 41 71 1995 9 T S Hune J M T Romijn M I A Stoelinga and F W Vaandrager Linear parametric model checking of timed automata Journal of Logic and Algebraic Programming 2002 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 ANDR A HyTech Source Code of the Example xk oko ok K K ok K OK K K KK CE CE K K K CE K K CE HE CE CE K CE K KE K K K CE K K K K K K K K K K K K OK KKK K k K kK K K K K K K K K 2K K KK K K K K K K CE K CE K K K CE K K K K K K K K K CE K K K K K K K K K K KKK Toy Example for IMITATOR Modeling by Etienne ANDRE LSV IMITATOR http www Isv ens cachan fr andre IMITATOR Created 29 11 2008 Last modified 29 11 2008 COIR III k k k K k k kK ok K K ok K K K ck KK K 2K K CE K K K K CE K CE CE OK CE CE K K K K K CE K K K CE K K K K K K K K K kK KKK var xl x2 clock pl p2 p3 parameter K k k kK K K K K K K K K 2K K K K K K K K K K K K K K 0E K CE K K K K K K K K K CE K K K K K K K K K OK KKK
8. R im plements the algorithm InverseMethod described in 5 We assume given a system modeled by a PTA A We are not given a set of bad states but an initial tuple 7o of values for the parameters under which the system is known to behave properly When the parameters are instantiated with mo the system is denoted by A mo The algorithm InverseMethod generalizes this good behavior by computing a con straint Ko guaranteeing that under any parameter valuation 7 satisfying Ko the system behaves in the same manner the behaviors of the timed automata Afr and A no are time abstract equivalent i e the traces of execution viewed as alternat ing sequences of locations and actions are identical This is written A z r4 Afro As an immediate practical application one can optimize the value of some pa rameters of the system provided this value still satisfies the constraint generated by IMITATOR This is of particular interest in the framework of asynchronous circuits where it is useful to safely minimize some timing bounds of the system without changing the behavior of the system For example one can minimize some local stabilization timings without changing the global delay for writing an input signal in a memory circuit The tool IMITATOR is available on its Web page 2 8 The Algorithm Let us briefly recall here the main idea of the algorithm InverseMethod 5 Given a parametric timed automaton A and a reference instantiation 79
9. e uniformly This model is useful for reasoning about real time systems because one can specify quantitatively the interval of time during which the transitions can occur using timing bounds However the behavior of a system is very sensitive to the values of these bounds and it is rather difficult to find their correct values It is therefore interesting to reason parametrically by considering that these bounds are unknown constants or parameters and try to synthesize a constraint i e a conjunction of linear inequalities on these parameters This work is partially supported by the Agence Nationale de la Recherche grant ANR 06 ARFU 005 and by Institut Farman ENS Cachan 1 Email andre lsv ens cachan fr 2009 Laboratoire Sp cification et V rification E ANDRE which will guarantee a correct behavior of the system Such automata are called parametric timed automata PTA 2 9 Those PTAs allow to model various kinds of timed systems e g communication protocols or asynchronous circuits The synthesis of constraints for PTAs has been mainly done by supposing given a set of bad states see e g 6 7 The goal is to find a set of parameters for which the considered timed automaton does not reach any of these bad states We call such a method a bad state oriented method By contrast IMITATOR is based on a good state oriented method 2 2 Principle The tool IMITATOR Inverse Method for Inferring Time AbstracT behaviO
10. ed Hv TECH performs a costly static composition of the different timed automata of the system which can be very time consuming in the case of several medium sized automata Acknowledgments Laurent Fribourg and Emmanuelle Encrenaz have been great contributors of IMITATOR on a theoretical point of view and to find applications both from the literature and real case studies Jeremy Sproston and Farn Wang provided examples to be compared with other tools ANDR References 1 R Alur and D L Dill A theory of timed automata TCS 126 2 183 235 1994 2 R Alur T A Henzinger and M Y Vardi Parametric real time reasoning In STOC 93 pages 592 601 New York USA 1993 ACM 3 Andr E Encrenaz and L Fribourg Synthesizing parametric constraints on various case studies using IMITATOR Research report Laboratoire Sp cification et V rification ENS Cachan France June 2009 4 tienne Andr IMITATOR A tool for synthesizing constraints on timing bounds of timed automata In ICTAC 09 LNCS Springer August 2009 To appear 5 Etienne Andr Thomas Chatain Emmanuelle Encrenaz and Laurent Fribourg An inverse method for parametric timed automata International Journal of Foundations of Computer Science 2009 To appear 6 E M Clarke O Grumberg S Jha Y Lu and H Veith Counterexample guided abstraction refinement In CAV 00 pages 154 169 Springer Verlag 2000 7 G Frehse S K Jha and B
11. end of the computation The original Hv TEchH file to which IMITATOR is applied remains of course unmodified See also the 1og dir option below log dir dir name default log dir hytech file This option allows to customize the directory where the temporary files will be created This is of interest when launching two different processes of IMITATOR applied to the same input file which will create a conflict if both processes work on the same directory The directory dir name may exist if not it will be created 6 E ANDRE norandom Choose deterministically the 79 incompatible inequality In other words at a given step under this option IMITATOR will negate the first 79 incompatible in equality which is encountered By default the tool computes the set of all 7o incompatible inequalities and chooses one randomly which is a very little more time consuming timed Print the current computation time on screen for every action which is performed new step selection of a o incompatible inequality etc By default only the global computation time is given at the end of computation except under the option debug result only v Or version Print version information 3 9 2 Examples of calls python IMITATOR py flipflop Call IMITATOR with the default options The original Hv TECH file full name is flipflop hy and IMITATOR will create a temporary directory flipflop in which several temporary files wil
12. inputs and output 3 How to Use Imitator IMITATOR Constraint Ko on the parameters 3 1 Installation IMITATOR is a program written in Python and thus needs Python to be installed on the machine the tool will be launched on IMITATOR is guaranteed to work properly with Python 2 4 4 However as the program uses only very standard features it should also work with most older and newer versions IMITATOR calls the Hv TECH model checker and thus needs Hy TECH 1 04f to be installed This version is the most recent one and is available on the Hv TECH Web page 3 2 The Hv TECH Input File Beside the classical syntax of Hv TECH the input file must follow a certain number of requirements which are given below 3 2 1 Variables Any kind of variables clocks parameters discrete etc can be used As ina standard Hv TECH file they must be declared in the header of the file 3 2 2 Parametric Timed Automata A network of at least one PTA must be declared Although Hy TECH allows other structures than PTAs be aware that the behavior of IMITATOR for another kind of systems as PTAs is unspecified 8 2 8 Initial region and Tto An initial region named init reg must be defined As in a standard Hy TECH file it must contain all the useful information concerning the initial state of the system initial location values of clocks and other variables etc In the case where the initial location should have another name it is possib
13. l be created At the end of the computation this directory will be removed python IMITATOR py BRP norandom debug result only The original Hv TECH file is BRP hy Only the final constraint will be printed on screen python IMITATOR py spsmall log dir experiments keeplog The original Hv TECH file is spsmall hy and IMITATOR will create a directory experiments in which several temporary files will be created At the end of the computation both this directory and all the temporary files will be kept 3 4 The Resulting Constraint The resulting constraint Ko is printed on the standard output To keep a trace of it use option keeplog In that case you can find it in a text file in the temporary directory see option 1log dir 4 A Toy Example Let us consider the parametric timed automaton PTA given in Fig 3 This PTA contains two clocks x and r9 three parameters pi po and pa and three locations qo q and q2 The initial location qo has invariant x lt p The transition from qo to q labelled a has guard z2 gt p2 and resets x The transition from qo to qo labelled b has guard x gt p3 and does not reset any clock 7 eu Fig 3 A toy parametric timed automaton Let us assume that qo corresponds to a bad location Classical methods using this information will generate the constraint Z p lt p3 which guarantees that the location is not reachable Suppose now that we are given the fol
14. le to change it in the top of the source code of IMITATOR where it is defined in the global constant INIT_REG The reference valuation 79 definition must be given somewhere in this region init_reg with the following requirements This reference valuation must start with the tag START PIO One definition of parameter must be given per line e The definition must be given using the standard HyTECH syntax for affectations in a region definition amp param value 4 ANDR e All those definitions must be commented i e preceded by the Hv TECH com ment mark so that IMITATOR uses those values but not HyTECH which is used by IMITATOR in a fully parametric way The reference valuation definition must end with the tag END PIO IMITATOR allows a little freedom within this syntax but you are strongly adviced to strictly respect the given syntax An example of input file for IMITATOR corresponding to the example of Section 4 is given in Appendix A 3 2 4 Analysis commands An region named post_reg must be defined for the computation of the Post op eration In the case where this region should have another name it is possible to change it in the top of the source code of IMITATOR where it is defined in the global constant POST_REG This region can be defined in any way since it will be modified by IMITATOR and can thus contain any definition For example it can be defined in the following standard
15. lowing good instantiation of the parameters 79 p 4 po 2 ps 6 under which the PTA is assumed to have a good behavior Then our tool IMITATOR will generate the constraint Ko po gt 0 pi lt p3 pa p For all instantiation m of the parameters satisfying Ko our method guarantees that the PTA behaves in the same manner as under 79 We are thus ensured that the behavior of the PTA is correct Note that Ko is strictly smaller than Z On the one hand this may be viewed as a limitation of our method On the other hand this may indicate that there are incorrect behaviors other than those corresponding to the reachability of q2 For example there are some parameter instantiations satisfying Z under which a deadlock of the PTA occurs at the initial location qo In contrast our inverse method guarantees that such a deadlock is impossible under any instance satisfying Ko because the deadlock does not occur under 779 The Hv TECH input file of this example is given in Appendix A Further Examples The description of a range of case studies from the literature studied with IMI TATOR as well as real case studies is available in 3 Both the source code and the result of those examples are available on IMITATOR Web page 5 Imitator Strikes Back A more sophisticated version of IMITATOR is under project It will make use of a library for computing operations on polyhedra allowing us to get better computa tion times Inde
16. meters but as valued constants and will thus not appear in the final constraint Ko 5 E ANDRE An example of input file for IMITATOR corresponding to the example of Section 4 is given in Appendix A 8 8 Calling IMITATOR Given an input HyTEcH file named hytech file hy the following command calls IMITATOR python IMITATOR py hytech file The Hv TECH file name must be given with no extension hy Note that in the current version of IMITATOR the Python program IMITATOR py should be in the same directory as the HyTECH file IMITATOR is applied to 3 9 1 Options The options available for IMITATOR are explained in the following debug debug mode default debug no Give some debugging information that may also be useful to have more details on the way IMITATOR works The available values for debug mode are given in the following result only Give only the resulting constraint no Give little information number of steps computation time low Give little additional debugging information medium Give quite a lot of debugging information high Give much debugging information total Give really too much information h or help Display the launch syntax described above and the options detailed in this section keeplog Keep the directory containing the temporary files copy of the original Hv TECH file Hv TECH log files and a text file containing the resulting constraints By default all those files are removed at the
Download Pdf Manuals
Related Search