November 20, 2003Pisa1 Time in computational models: comparisons, problems, proposals Dino Mandrioli...
-
Upload
rosemary-plum -
Category
Documents
-
view
215 -
download
2
Transcript of November 20, 2003Pisa1 Time in computational models: comparisons, problems, proposals Dino Mandrioli...
November 20, 2003 Pisa 1
Time in computational models:comparisons, problems, proposals
Dino MandrioliDipartimento di Elettronica e Informazione,
Politecnico di Milano
November 20, 2003 Pisa 2
Outline (not sequential)• Modeling time:
– Time in traditional system models– Time in traditional HW– Time in traditional SW – Time in “more general” system models
• Comparisons and evaluations– Discrete vs. continuous time
• The case of zero-time events• A little proposal
November 20, 2003 Pisa 3
Modeling time
• The “old-fashioned” way of modeling time and time-varying systems:– System state x, x = x(t)– System evolution:
• Continuous time:
• Discrete time: )),(),(()(
.
ttitxftx )),(),(()1( ttitxftx
November 20, 2003 Pisa 4
• Within the “old-fashioned” way of modeling time and time-varying systems:– Side remarks and problems when:– We cannot consider anymore time as “unique”:
• Relativity aspects
• Distributed high speed systems
November 20, 2003 Pisa 5
• The HW double way of modeling time:– The “micro” (asynchronous) view:
I1, I2, …
I1
I2
O1
I3
I1 I2
November 20, 2003 Pisa 6
• The HW double way of modeling time:– The “macro” (synchronous) view (1):
I1
I2
O1
O2
S2
S1
clock Memory
Combinatoric
network
November 20, 2003 Pisa 8
• The HW double way of modeling time:– The “macro” (synchronous) view (3):
Acc
ALU
RAM
LOAD
STORE
…
November 20, 2003 Pisa 9
• The HW double way of modeling time:• When moving from the micro to the “macro” view:
– Time somewhat implicitly moved from continuous to discrete– An abstraction operation has been introduced– HW people apply some consistency verification technique
(all switches must occur within a machine cycle)
• Side remark: in the HW world there is also an asynchronous view of Finite State Machines (we come back to this later on)
November 20, 2003 Pisa 10
• The traditional SW way(s) of modeling time:
• Time “does not exists”:– A program –or a whole application- is an I/O function
• If one really wants to take time into account:– Complexity theory– Time analysis well-separated from functional analysis– Different analysis techniques– Time is discrete (“inherited” from HW):– Time unit is the abstract machine transition
November 20, 2003 Pisa 11
• The traditional (narrow and simple) way of modeling time in computing systems is not anymore adequate when we combine, in the same system view, – HW components and aspects– SW components and aspects– Plant and/or environment components and aspects– Perhaps with different “time granularity”: from
nanoseconds to months, years, etc
November 20, 2003 Pisa 12
• Not only:• We often need different time domains
– Perhaps some are discrete and some are continuous
• But often:• We want to analyze different properties by applying
different techniques:– Scheduling policies w.r.t. complexity analysis (within SW)
– Managing asynchronous interrupts from the environment by the synchronous computing machinery
– …
November 20, 2003 Pisa 13
1. Keep the (HW-SW) traditional view to the extreme:
• Discrete time• Synchronous abstract machines• Time unit = machine transition• Examples:
• Esterel• Temporal logic with the “next” operator (but …):
• A “Computer-centric” vision
How did people (researchers/engineers) deal with the new needs?
November 20, 2003 Pisa 14
Problems with this approach:• Discrete time + synchronous view always the
“natural” modeling?• What if some “transition” takes a few nanoseconds
and another one, possibly concurrently running, takes minutes or more?
• How do we compose modules in such cases?• Two synchronous machines with different, possibly
distributed, clocks (T1 = 1, T2 = ) generate an asynchronous system
November 20, 2003 Pisa 15
2. Add time to existing machines with no (??) time:• Timed Statecharts
• Timed Petri Nets
How did people (researchers/engineers) deal with the new needs?
t, [tmin, tmax]
i, [tmin, tmax]
P1 P2
November 20, 2003 Pisa 16
Problems with this approach:• The “syntactic surface” seems natural and easy, but
…• … giving a precise semantics is not as easy• A few examples in the context of Timed Petri Nets
(but similar problems occur in other models as well)
November 20, 2003 Pisa 17
0 2
[3,7]tr
If 0 and 2 are the times when tokens in P1 and P2 are produced, respectively, the tr fires nondeterministically in a time between 5 and 9
P1 P2
P3
Tokens carry time stamps …
November 20, 2003 Pisa 18
1. Strong time semantics (STS) vs. weak time semantics (WTS)
v
rs
p q
u[4, 7]
•Normally STS adopted in practice
•However, in STS v’s firing depends on u’s firing
November 20, 2003 Pisa 19
2. Simultaneous firings
2.1 Simultaneous and concurrent firings.
r
s v
p q
Assume that both s and v have mv = Mv = 3. Then, whenever r fires, s and v will both fire exactly 3 time units later.
In general, they could fire contemporarily if and only if the intersection between their associated time intervals is not empty.
November 20, 2003 Pisa 20
2. Simultaneous firings
2.2 Simultaneous but logically ordered firings (zero-time transitions)
Whenever r fires, s fires immediately too;
clearly distinguish between logical ordering and temporal ordering;
it is obvious that an event s that is the logical consequence of an event r cannot precede r, but it is not implied that s strictly follows r in time.v
s
p
q
r
[0,0]
November 20, 2003 Pisa 21
v
s
p
v
s
p q
3. Meaning of the lowerboundAssume that in the net (a) mv = Mv = 3. s fires at 6 and at 7v fires at 9 and 10 (sem A) or at 9 and 12 (recharge time) (sem B) ?
Sem A can simulate sem B by
(a)
… Other intricacies omitted
November 20, 2003 Pisa 22
Formalizing (PN) time semantics
• A natural and traditional approach:– Tokens carry time stamps– Transitions assign new time stamps to new
tokens
• This is a (PN) particular case of a fairly widely adopted approach (within theoretical computer science):
November 20, 2003 Pisa 23
• Abstract machines state is augmented by “yet another variable” t
• t may be either discrete or continuous• t is updated by machine transitions as well (??) as
any other state variable (at least, t non-decreasing …
• … but this, perhaps, is the tip of the iceberg)
x := f(x, y); t := t + …
November 20, 2003 Pisa 24
A critical and personal analysis of the “t: yet another variable” approach
• Does t capture the intuitive notion of time (flow)?
• There are “two different times”:• The ‘t’ variable (maybe either discrete of
continuous)• The ”hidden time”: transition sequence
x = 1
t = 0
x = 6
t = 1
x = 3
t = 1
x = 3
t = 2
x = 4
t = 5
x = 8
t = 5
x = 1
t = 5
x = 1
t = 10
November 20, 2003 Pisa 25
The tricky situation is even more striking in PNs (and, in general, in distributed abstract machines, possibly with different “clocks”)
r
s v
p q
[1,2] [3,4]
Transition sequences:
r(0), s(1), v(4)
r(0), v(3), s(2)
???
(There are theorems about STS w.r.t. WTS …)
But: can we still claim that “t is just yet another variable”??
November 20, 2003 Pisa 26
• (Personally) like better:
• Go back to the “traditional system engineering view of time”:
• System state as a function of –independent- variable t: s = s(t)
• But: …
• … what about 0-time transitions?
November 20, 2003 Pisa 27
r fires at t
p marked at t
s fires at t
q marked at t
Which is system state (marking) at t?
p and q marked??v
s
p
q
r
[0,0]
November 20, 2003 Pisa 28
• A simple (simplistic?) solution:• Just forbid 0-time transitions
– Any action takes time
– The effect always follows the cause
– …
• But:• What about abstractions such as:
– Esterel ….
• 0-time transitions are often a useful abstraction
i/o
November 20, 2003 Pisa 29
• A “conventional” solution:• forbid 0-time transition cycles
– Zeno behaviors avoided a priori– Rather acceptable from an intuition point of
view– … by convention:
[0, 0]
[0, 0]
November 20, 2003 Pisa 30
r fires at t
p (not) marked at t
s fires at t
Only q marked at t
v
s
p
q
r
[0,0]
[5,6]
November 20, 2003 Pisa 31
Not so easy to formally analyze complex behaviors:
tokenF(r, i, p, v, j, d) states that the token produced at the current instant by the i‑th firing of transition r enters place p and will be consumed by the j‑th firing of transition s after d time units.
iand j are necessary to take into account possible simultaneous firingss
p
r
November 20, 2003 Pisa 32
Just to give an idea …
s [0,0]v [x,y]
r
Proof of
Alw (ifireth(v,i))
by contradiction.
x > 0
November 20, 2003 Pisa 33
1. fireth(v,i) Hyp
2. d(d x j tokenP(r, j, v, i, d) ) 1, LB(v): Lower Bound axiom for v
3. D x tokenP(r, J, v, i, D) 2, EI: Existential Instantiation: D for d, J for j
4. D x Past(tokenF(r, J, v, i, D), D) 3, def: tokenP(...,d) = Past(tokenF(.., d), d)
5. D x Past(fireth(r, J), D) 4, def: tokenF(r, J, v, i, D) fireth(r, J)
6. D x Past(e(e k(tokenF(r, J, s, k, e)
tokenF(r, J, v, k, e) ), D)
5, UB(s): Upper Bound axiom for s
7. e(D x e k Past(tokenF(r, J, s, k, e)
tokenF(r, J, v, k, e), D)
6, th: Past(x A(x),d ) = x Past(A(x),d)
8. e(D x e
k Past((tokenF(r,J,s,k,e) tokenF(r,J, v,k,e))
tokenF(r,J, v,i,d), D) )
7,4 AI And Introduction
9. (tokenF(r, J, s, k, e) tokenF(r, J, v, k, e))
tokenF(r, J, v, i, d ) d=e k=i
OU(r): Output Unicity for r
10. e (D x Past((e k=i D=e)), D) 8, 9, MP
11. e (D x Past(e D=e), D) ) 10, AE: And Elimination
12. e (D x e D=e) 11, th: Past(A,x) A, if A time independent
13. e ( x e ) 11, prop
14. fireth(v,i) 12, by contradiction, since 13 is false
November 20, 2003 Pisa 34
An alternative approach
• Go back to the essence of the abstraction:
• 0-time transition =– Duration that can be neglected w.r.t. “normal
system dynamics”– … infinitesimal duration– Think back to the HW abstraction
s
p
r
[0,0]
Abstraction (abbreviation) for:
s
p
r
[, ]
November 20, 2003 Pisa 35
A few “pleasant” consequences
• Time is again “unified:• Transition ordering mirrors time sequencing
– No more simultaneous events, but
– … almost simultaneous events
– We can now talk about system state s(t) again
• Well suited both for discrete and continuous time
November 20, 2003 Pisa 36
An intriguing mathematical framework for the formalization of the very idea:
non-standard analysis
• Standard numbers: “normal numbers”: 1, 2, , …• Non-standard numbers (infinitesimal/unlimited)
stx A(x) is an abbreviation for x ( st(x) A(x)):
infinitesimal() is defined as st x (x > 0 x)
nsinfinitesimal() is defined as st x (x > 0 x) st()
infinitesimal+() is defined as st x (x > 0 0 < x) st()
November 20, 2003 Pisa 37
Formal analysis can be simplified
• Example: (TRIO)/TPN axiomatization:
tokenF(r, p, v, d) states that the token produced at the current instant by the firing of transition r enters place p and will be consumed by the firing of transition s after d time units.
d can be either standard or infinitesimal
November 20, 2003 Pisa 38
The “same” proof as above …
s [0,0]v [x,y]
r
Proof of
Alw (fireth(v))
by contradiction.
November 20, 2003 Pisa 39
1. fire(v) Hyp
2. d(d x tokenP(r, v, d)) 1, LB(v): Lower Bound axiom of v
3. D x tokenP(r, v, D) 2, EI: Existential Instantiation: D for d
4. D x Past(tokenF(r, v, D), D) 3, def: tokenP(x,y,d) =Past(tokenF(x,y,d),d)
5. D x Past(fire(r), D) 4, def: tokenF(r,v,d) fire(r)
6. D x Past(e(e
(tokenF(r, s, e) tokenF(r, v, e)))), D)
5, UB(s) Upper Bound axiom for s
7. D x e(e Past(tokenF(r, s, e)
tokenF(r, v, e), D) )
6, th: Past(x A(x),d ) = x Past(A(x),d)
8. e( D x e Past( (tokenF(r, s, e)
tokenF(r, v, e) ) tokenF(r, v, D), D) )
7,4 AI And Introduction
9. (tokenF(r, s, e) tokenF(r, v, e))
tokenF(r, v, D) D=e
OU(r) Output Unicity for r
10. e(D > x e Past(D = e ,D)) 8,9, MP
11 e(D > x e D = e ) 10, th: Past(A,x) A, if A is time independent
12. e( x< e ) 11, AE And Elimination
12 is false, since x is a positive standard real number, while is less than any positive standard.
November 20, 2003 Pisa 40
A few concluding remarks
• Applying non-standard analysis does not necessarily mean assuming the “system theory” approach s = s(t):– Rust applies non-standard analysis to ASMs by
assuming “t as yet another variable”– His purpose: treating continuous time as the
discrete one “à la SW eng.”: quite unlike mine:– “t as yet another variable” good for building
simulators, not for “natural modeling”
November 20, 2003 Pisa 41
• An intriguing possible further investigation:– x infinitesimal– y unlimited– x*y ?
• Standard (non Zeno)
• Infinitesimal (Zeno)
• Unlimited (non Zeno)
• Same as:
0))(( with ,?)( lim
xfdxxfa x
November 20, 2003 Pisa 42
• A little detail to complete:– True concurrency vs.– Interleaving– In the context of non-standard semantics:
• Do they exist “truly contemporary events”?
• Or are they just “almost simultaneous” (i.e. contemporary up to an infinitesimal)?
• Is the question relevant?
November 20, 2003 Pisa 43
Some references
•Ghezzi C., Mandrioli D., Morasca S., Pezzè M., “A Unified High-level Petri Net Model for Time Critical Systems”, IEEE Trans. on Software Engineering, February 1991
•Felder M., Mandrioli D., Morzenti A., “Proving Properties of Real-Time Systems through Logical Specifications and Petri Net Models”, IEEE Trans. on Software Engineering, vol.20, no.2, Feb.1994, pp.127-141.
•Coen-Porisini, A., Kemmerer R., Mandrioli D., “A Formal Framework for ASTRAL Intra-level Proof Obligations”, IEEE Trans. on Software Engineering, vol.20, no.8, August.1994, pp.548-561.
•Gargantini A., Mandrioli D., Morzenti A., "Dealing with Zero-time Transitions in Axiom Systems", Information and Computation, Vol. 150 N. 2, May 1999, pp. 119-131.
•Heitmeyer C., Mandrioli D. (editors), Formal Methods for Real-Time Computing, John Wiley & Sons, 1996.
•Rust H. A Non-standard approach to operational semantics for timed systems, Thesis