Post on 03-Oct-2020
Continuous Action Systems
Ralph-Johan Back,Luigia Petre
Ivan Porres-Paltor
Åbo Akademi University and TUCS
Discrete action systems
• Define state of system (program variables)– local variables and global variables
• Initialization statement (for local variables)
• Defines possible actions of the system (guardedcommands)
• Iterate actions until no action is enabled anymore (->termination)
• Execution proceeds in discrete steps
Example: simple sorting
A= |[ do x1 > x2 -> x1,x2:= x2,x1 -- EX1 [] x2 > x3 -> x2,x3:= x3,x2 -- EX2 [] x3 > x4 -> x3,x4 := x4,x3 -- EX3
od ]|: x1, x2, x3, x4
• iterate until variables are sorted
Actions and variables
x1 x2 x3 x4
EX1 EX2 EX3
General syntax
A= |[ var x+, -- public variable y; -- local variable S0; -- initialization do g1 -> S1 -- action 1 [] g1 -> S2 -- action 2 … [] gm -> Sm -- action m od
]|: z -- imported variables
Actions and variables
A0 A1 A2 A3 A4 A6
public local imported
x1 x2 y1 y2 y3 z1 z2
Continuous action systems
• all program variables are functions on time (Real+ ):
• discrete variables– x: Real+ -> Int,
– y: Real+ -> Bool
– z: Real+ -> {red, green, yellow}
• continuous variables– u: Real+ -> Real
Continuous action systems (cont.)• Initialization assigns intial values (time functions) to to
program variables– x:= (λ t. 1)
– u := (λ t. sin t)
• System evolves by moving time forward continuously,starting from 0
• Current time is given by "now
• Guards may refer to variable values at now, as well asto values that variables had in the past and will have inthe future (unless the future is changed by anassignment)
System behavior
now
x
1
2
3
0
u
(discrete)
(continuous)
Continuous action systems (cont.)
• As soon as now reaches a time when some action guard isenabled:– one of the enabled actions is selected (nondeterministically)
– the action is executed
• An action can change the future behavior of some programvariables
• Time then proceeds to next time instance when an action isenabled
• Next time instance can be same as previous time instance
Actions
• Example action:x.now = u.now -> u:- (λ t. u.t + 1)
• when now reaches a time where x.now = u.now:– change the future behavior of u (from now onwards) to be
(λ t. u.t + 1)
– u is not changed for time values before now
– behavior of other program variables are unchanged
• If no action is enabled, then last values assigned tovariables determine future behaviour
Changing system behavior
now
x
1
2
3
0
u
now'
Semantics
• A continuous action system defines a collection offunctions on time
• Functions are defined in a piecewise fashion (thesystem goes through phases)
• The interval between changes depends on the systemstate
• Because of nondeterminism, actually a family offunction sets is defined
Example: triangular waveform
|( var x+, clock: Real+ ->Real;
up: Real+ -> Bool;
x:- (λ t. 0); up:- (λ t. false);
do x.now = 0 & – up.now ->
clock:- (λ t. t-now);
x:- clock;
up:- (λ t. true)
[] x.now = 1 & up.now ->
clock:- (λ t. t-now);
x:- (λ t. 1 - clock.t);
up:- (λ t. false)
od )
up
x
now
clock
now
now
false
true
0
1
0
1
Defined functions
clock
up
x
t
t
t
Translate continuous system todiscrete system
C =
|( var x;
S0;
do g1->S1
[] g2 -> S2
…
[] gm->Sm
od )|
C' =
|[ var x, now;
now:= 0; S0'; now:= next.gg.now;
do g1 -> S1'; now:= next.gg.now
[] g2 -> S2'; now:= next.gg.now
…
[] g1 -> S1'; now:= next.gg.now
od ]|
Next time function
• We define
next.gg.now = min{t'≥now | gg.t'}, when defined
next.gg.now = now, if {t'≥now | gg.t'} is empty
• System not well-defined if {t'≥now | gg.t'} is non-empty but does not have a minimum
• Actionnow >0 -> x:- (λ t. 0)
would e.g. not be allowed.
History preserving assignments
• The statement Si' is Si, except that each assignmentx:- e
is changed tox := x /now/ e
where we definex /now/e =(λ t. if t < now then x.t else e.t fi)
• Only future behavior of x is thus changed.
Discrete computation
• The continuous system has phases where timeadvances and phases where time does not advance
• A discrete computation is a computation where thetime does not advance– Time (now) does not advance if a guard is enabled at the
same time point after the previous action terminates
• Possible that a discrete computation gets stuck in aninfinite loop– This is not a well-defined continuous system
Covering time• The system as executed might not cover the whole
time axis (Zeno behavior)
• Example: now converges to some fixed time pointnow = 0, 1, 1.5, 1.75, 1.87, …. -> 2
• Can either forbid Zeno behavior, or restart system atlimit
• Latter requires changing the semantics of the do-loop,to allow for iterating system past ω (transfiniteexecution)
Reasoning about continuoussystems
• Prove properties about a continuous system C byproving corresponding property about discrete systemC'
• Example: prove that I is true in each reachable state byproving that it is an invariant of the loop:
true {now:= 0; S0; now:= next.gg.now} I -- initialization
I & g1 {S1'; now:= next.gg.now} I -- action 1
…
I & gm {Sm'; now:= next.gg.now} I -- action m
Typical form of invariant
start
x
1
2
3
0
u
now
• I(x,u,start, now) holds in range [0,now) -- the history• J(x,u, now) holds in range (now, ∞) -- the default future
Parallel composition fordiscrete action systems
A = |[ var x+,a; A0; do A1[] … [] Am od ]|:z
B = |[ var y+,b; B0; do B1 [] … [] Bm od ]|:u
A || B =
|[ var x+,y+,a,b;
A0; B0; do A1[] … [] Am [] B1 [] … [] Bm od
]|:z,u
Actions and variables
x1 x2 x3 x4 x5 x6 x7 x8 x9
A1 A2 A3 A4 A5 B1 B2 B3
A B
Parallel composition forcontinuous systems
• Parallel composition of continuous systems defined inthe same way as for discrete systems
• Parallel composition of two systems means that pointsof changes occur more frequently
• Systems interact by reading and setting global (shared)variables.
• This provides a simple mechanism for composing largecontinuous systems from smaller systems.
Alternative formalizations
• Hybrid automata traditional way to describe thebehavior of continuous systems
• Somewhat more restricted, can be modelled by ourcontinuous systems
• Model checking rather than verification can be veryefficient, in particular for linear systems (Hytec)
Case studies• Carried out a few case studies
– Elevator
– Press
– Train movement
– Temperature control in atomic reactor
• Need to introduce states similar to those in hybridautomata
• Verification can be complex, invariant can be difficultto find
• Allows to prove properties of non-linear systems
Conclusions• Have a simple generalization of discrete action systems
to continuous action systems
• Can prove general properties about system behavior(safety, liveness etc.)
• No new proof theory needs to be developed, can usestandard proof theory for action systems
• Can define large continuous systems by parallelcomposition in terms of smaller systems
• Hybrid action systems can be expressed as continuoussystems (special case)
Conclusions (cont.)• Model very general, allows also non-standard
behavior, like Zeno-behavior (time does not progressbesides a certain point)
• Discrete and continuous program variables are treatedin a uniform way
• Can describe continuous systems withnondeterministic choice
• Program-like description of continuous/hybrid systems
• Model seems to model examples nicely, butverification can be labourous (reasoning aboutfunctions)
Reference
• Ralph-Johan Back, Luigia Petre and Ivan PorresPaltor: Generalizing Action Systems to HybridSystems. TUCS Technical Report no 307, October1999
Continuous action system asdiscrete action system
• Consider continuous action system
C = |( var x; S0; do g1->S1[] g2 -> S2 … [] gm->Sm od )|
• This can be translated into discrete action system
C' = |[ var x, now;
now:= 0; S0; now:= next.gg.now;
do g1 -> S1'; now:= next.gg.now
[] g2 -> S2'; now:= next.gg.now
…
[] g1 -> S1'; now:= next.gg.now
od ]|