November 20, 2003Pisa1 Time in computational models: comparisons, problems, proposals Dino Mandrioli...

November 20, 2003 Pisa 1

Time in computational models:comparisons, problems, proposals

Dino MandrioliDipartimento di Elettronica e Informazione,

Politecnico di Milano


Outline (not sequential)• Modeling time:

– Time in traditional system models– Time in traditional HW– Time in traditional SW – Time in “more general” system models

• Comparisons and evaluations– Discrete vs. continuous time

• The case of zero-time events• A little proposal


Modeling time

• The “old-fashioned” way of modeling time and time-varying systems:– System state x, x = x(t)– System evolution:

• Continuous time:

• Discrete time: )),(),(()(

.

ttitxftx )),(),(()1( ttitxftx


• Within the “old-fashioned” way of modeling time and time-varying systems:– Side remarks and problems when:– We cannot consider anymore time as “unique”:

• Relativity aspects

• Distributed high speed systems


• The HW double way of modeling time:– The “micro” (asynchronous) view:

I1, I2, …

I1

I2

O1

I3

I1 I2


• The HW double way of modeling time:– The “macro” (synchronous) view (1):

I1

I2

O1

O2

S2

S1

clock Memory

Combinatoric

network





Acc

ALU

RAM

LOAD

STORE

…


• The HW double way of modeling time:• When moving from the micro to the “macro” view:

– Time somewhat implicitly moved from continuous to discrete– An abstraction operation has been introduced– HW people apply some consistency verification technique

(all switches must occur within a machine cycle)

• Side remark: in the HW world there is also an asynchronous view of Finite State Machines (we come back to this later on)


• The traditional SW way(s) of modeling time:

• Time “does not exists”:– A program –or a whole application- is an I/O function

• If one really wants to take time into account:– Complexity theory– Time analysis well-separated from functional analysis– Different analysis techniques– Time is discrete (“inherited” from HW):– Time unit is the abstract machine transition


• The traditional (narrow and simple) way of modeling time in computing systems is not anymore adequate when we combine, in the same system view, – HW components and aspects– SW components and aspects– Plant and/or environment components and aspects– Perhaps with different “time granularity”: from

nanoseconds to months, years, etc


• Not only:• We often need different time domains

– Perhaps some are discrete and some are continuous

• But often:• We want to analyze different properties by applying

different techniques:– Scheduling policies w.r.t. complexity analysis (within SW)

– Managing asynchronous interrupts from the environment by the synchronous computing machinery

– …


1. Keep the (HW-SW) traditional view to the extreme:

• Discrete time• Synchronous abstract machines• Time unit = machine transition• Examples:

• Esterel• Temporal logic with the “next” operator (but …):

• A “Computer-centric” vision

How did people (researchers/engineers) deal with the new needs?


Problems with this approach:• Discrete time + synchronous view always the

“natural” modeling?• What if some “transition” takes a few nanoseconds

and another one, possibly concurrently running, takes minutes or more?

• How do we compose modules in such cases?• Two synchronous machines with different, possibly

distributed, clocks (T1 = 1, T2 = ) generate an asynchronous system


2. Add time to existing machines with no (??) time:• Timed Statecharts

• Timed Petri Nets

How did people (researchers/engineers) deal with the new needs?

t, [tmin, tmax]

i, [tmin, tmax]

P1 P2


Problems with this approach:• The “syntactic surface” seems natural and easy, but

…• … giving a precise semantics is not as easy• A few examples in the context of Timed Petri Nets

(but similar problems occur in other models as well)


0 2

[3,7]tr

If 0 and 2 are the times when tokens in P1 and P2 are produced, respectively, the tr fires nondeterministically in a time between 5 and 9

P1 P2

P3

Tokens carry time stamps …


1. Strong time semantics (STS) vs. weak time semantics (WTS)

v

rs

p q

u[4, 7]

•Normally STS adopted in practice

•However, in STS v’s firing depends on u’s firing


2. Simultaneous firings

2.1 Simultaneous and concurrent firings.

r

s v

p q

Assume that both s and v have mv = Mv = 3. Then, whenever r fires, s and v will both fire exactly 3 time units later.

In general, they could fire contemporarily if and only if the intersection between their associated time intervals is not empty.


2. Simultaneous firings

2.2 Simultaneous but logically ordered firings (zero-time transitions)

Whenever r fires, s fires immediately too;

clearly distinguish between logical ordering and temporal ordering;

it is obvious that an event s that is the logical consequence of an event r cannot precede r, but it is not implied that s strictly follows r in time.v

s

p

q

r

[0,0]


v

s

p

v

s

p q

3. Meaning of the lowerboundAssume that in the net (a) mv = Mv = 3. s fires at 6 and at 7v fires at 9 and 10 (sem A) or at 9 and 12 (recharge time) (sem B) ?

Sem A can simulate sem B by

(a)

… Other intricacies omitted


Formalizing (PN) time semantics

• A natural and traditional approach:– Tokens carry time stamps– Transitions assign new time stamps to new

tokens

• This is a (PN) particular case of a fairly widely adopted approach (within theoretical computer science):


• Abstract machines state is augmented by “yet another variable” t

• t may be either discrete or continuous• t is updated by machine transitions as well (??) as

any other state variable (at least, t non-decreasing …

• … but this, perhaps, is the tip of the iceberg)

x := f(x, y); t := t + …


A critical and personal analysis of the “t: yet another variable” approach

• Does t capture the intuitive notion of time (flow)?

• There are “two different times”:• The ‘t’ variable (maybe either discrete of

continuous)• The ”hidden time”: transition sequence

x = 1

t = 0

x = 6

t = 1

x = 3

t = 1

x = 3

t = 2

x = 4

t = 5

x = 8

t = 5

x = 1

t = 5

x = 1

t = 10


The tricky situation is even more striking in PNs (and, in general, in distributed abstract machines, possibly with different “clocks”)

r

s v

p q

[1,2] [3,4]

Transition sequences:

r(0), s(1), v(4)

r(0), v(3), s(2)

???

(There are theorems about STS w.r.t. WTS …)

But: can we still claim that “t is just yet another variable”??


• (Personally) like better:

• Go back to the “traditional system engineering view of time”:

• System state as a function of –independent- variable t: s = s(t)

• But: …

• … what about 0-time transitions?


r fires at t

p marked at t

s fires at t

q marked at t

Which is system state (marking) at t?

p and q marked??v

s

p

q

r

[0,0]


• A simple (simplistic?) solution:• Just forbid 0-time transitions

– Any action takes time

– The effect always follows the cause

– …

• But:• What about abstractions such as:

– Esterel ….

• 0-time transitions are often a useful abstraction

i/o


• A “conventional” solution:• forbid 0-time transition cycles

– Zeno behaviors avoided a priori– Rather acceptable from an intuition point of

view– … by convention:

[0, 0]

[0, 0]


r fires at t

p (not) marked at t

s fires at t

Only q marked at t

v

s

p

q

r

[0,0]

[5,6]


Not so easy to formally analyze complex behaviors:

tokenF(r, i, p, v, j, d) states that the token produced at the current instant by the i‑th firing of transition r enters place p and will be consumed by the j‑th firing of transition s after d time units.

iand j are necessary to take into account possible simultaneous firingss

p

r


Just to give an idea …

s [0,0]v [x,y]

r

Proof of

Alw (ifireth(v,i))

by contradiction.

x > 0


1. fireth(v,i) Hyp

2. d(d x j tokenP(r, j, v, i, d) ) 1, LB(v): Lower Bound axiom for v

3. D x tokenP(r, J, v, i, D) 2, EI: Existential Instantiation: D for d, J for j

4. D x Past(tokenF(r, J, v, i, D), D) 3, def: tokenP(...,d) = Past(tokenF(.., d), d)

5. D x Past(fireth(r, J), D) 4, def: tokenF(r, J, v, i, D) fireth(r, J)

6. D x Past(e(e k(tokenF(r, J, s, k, e)

tokenF(r, J, v, k, e) ), D)

5, UB(s): Upper Bound axiom for s

7. e(D x e k Past(tokenF(r, J, s, k, e)

tokenF(r, J, v, k, e), D)

6, th: Past(x A(x),d ) = x Past(A(x),d)

8. e(D x e

k Past((tokenF(r,J,s,k,e) tokenF(r,J, v,k,e))

tokenF(r,J, v,i,d), D) )

7,4 AI And Introduction

9. (tokenF(r, J, s, k, e) tokenF(r, J, v, k, e))

tokenF(r, J, v, i, d ) d=e k=i

OU(r): Output Unicity for r

10. e (D x Past((e k=i D=e)), D) 8, 9, MP

11. e (D x Past(e D=e), D) ) 10, AE: And Elimination

12. e (D x e D=e) 11, th: Past(A,x) A, if A time independent

13. e ( x e ) 11, prop

14. fireth(v,i) 12, by contradiction, since 13 is false


An alternative approach

• Go back to the essence of the abstraction:

• 0-time transition =– Duration that can be neglected w.r.t. “normal

system dynamics”– … infinitesimal duration– Think back to the HW abstraction

s

p

r

[0,0]

Abstraction (abbreviation) for:

s

p

r

[, ]


A few “pleasant” consequences

• Time is again “unified:• Transition ordering mirrors time sequencing

– No more simultaneous events, but

– … almost simultaneous events

– We can now talk about system state s(t) again

• Well suited both for discrete and continuous time


An intriguing mathematical framework for the formalization of the very idea:

non-standard analysis

• Standard numbers: “normal numbers”: 1, 2, , …• Non-standard numbers (infinitesimal/unlimited)

stx A(x) is an abbreviation for x ( st(x) A(x)):

infinitesimal() is defined as st x (x > 0 x)

nsinfinitesimal() is defined as st x (x > 0 x) st()

infinitesimal+() is defined as st x (x > 0 0 < x) st()


Formal analysis can be simplified

• Example: (TRIO)/TPN axiomatization:

tokenF(r, p, v, d) states that the token produced at the current instant by the firing of transition r enters place p and will be consumed by the firing of transition s after d time units.

d can be either standard or infinitesimal


The “same” proof as above …

s [0,0]v [x,y]

r

Proof of

Alw (fireth(v))

by contradiction.


1. fire(v) Hyp

2. d(d x tokenP(r, v, d)) 1, LB(v): Lower Bound axiom of v

3. D x tokenP(r, v, D) 2, EI: Existential Instantiation: D for d

4. D x Past(tokenF(r, v, D), D) 3, def: tokenP(x,y,d) =Past(tokenF(x,y,d),d)

5. D x Past(fire(r), D) 4, def: tokenF(r,v,d) fire(r)

6. D x Past(e(e

(tokenF(r, s, e) tokenF(r, v, e)))), D)

5, UB(s) Upper Bound axiom for s

7. D x e(e Past(tokenF(r, s, e)

tokenF(r, v, e), D) )

6, th: Past(x A(x),d ) = x Past(A(x),d)

8. e( D x e Past( (tokenF(r, s, e)

tokenF(r, v, e) ) tokenF(r, v, D), D) )

7,4 AI And Introduction

9. (tokenF(r, s, e) tokenF(r, v, e))

tokenF(r, v, D) D=e

OU(r) Output Unicity for r

10. e(D > x e Past(D = e ,D)) 8,9, MP

11 e(D > x e D = e ) 10, th: Past(A,x) A, if A is time independent

12. e( x< e ) 11, AE And Elimination

12 is false, since x is a positive standard real number, while is less than any positive standard.


A few concluding remarks

• Applying non-standard analysis does not necessarily mean assuming the “system theory” approach s = s(t):– Rust applies non-standard analysis to ASMs by

assuming “t as yet another variable”– His purpose: treating continuous time as the

discrete one “à la SW eng.”: quite unlike mine:– “t as yet another variable” good for building

simulators, not for “natural modeling”


• An intriguing possible further investigation:– x infinitesimal– y unlimited– x*y ?

• Standard (non Zeno)

• Infinitesimal (Zeno)

• Unlimited (non Zeno)

• Same as:

0))(( with ,?)( lim

xfdxxfa x


• A little detail to complete:– True concurrency vs.– Interleaving– In the context of non-standard semantics:

• Do they exist “truly contemporary events”?

• Or are they just “almost simultaneous” (i.e. contemporary up to an infinitesimal)?

• Is the question relevant?


Some references

•Ghezzi C., Mandrioli D., Morasca S., Pezzè M., “A Unified High-level Petri Net Model for Time Critical Systems”, IEEE Trans. on Software Engineering, February 1991

•Felder M., Mandrioli D., Morzenti A., “Proving Properties of Real-Time Systems through Logical Specifications and Petri Net Models”, IEEE Trans. on Software Engineering, vol.20, no.2, Feb.1994, pp.127-141.

•Coen-Porisini, A., Kemmerer R., Mandrioli D., “A Formal Framework for ASTRAL Intra-level Proof Obligations”, IEEE Trans. on Software Engineering, vol.20, no.8, August.1994, pp.548-561.

•Gargantini A., Mandrioli D., Morzenti A., "Dealing with Zero-time Transitions in Axiom Systems", Information and Computation, Vol. 150 N. 2, May 1999, pp. 119-131.

•Heitmeyer C., Mandrioli D. (editors), Formal Methods for Real-Time Computing, John Wiley & Sons, 1996.

•Rust H. A Non-standard approach to operational semantics for timed systems, Thesis

Date post:	15-Dec-2015
Category:	Documents
Upload:	rosemary-plum
View:	215 times
Download:	2 times

November 20, 2003Pisa1 Time in computational models: comparisons, problems, proposals Dino Mandrioli...

Documents