Dr. Vered Gafni 1

Modeling Real-Time Systems

Semantic Model

SystemOntology

SystemDesign

Formal SystemSpecification(properties)

Formal verification

NL Specification

ConsistencyCheck

Dr. Vered Gafni 2

Behavioral Model

(Signature, Time)

• Signature: v1:D1, v2:D2,…,vn:Dn

S = (D1… Dn) (states’ space)

• Time: (T, , 0)

Behavior: : T S

Discrete, Continuous

Discrete, Continuous

Dr. Vered Gafni 3

Signature: E - a finite set of events (env. & reactions)

Time domain: T={ (R+) | (t0t1t2…):

(a) t0 =0, ti ti+1, i=0,1,…

(b) tR+. i. t ti }

Timed trace over (E,T) is an -sequence:

T = (0,t0) (1,t1) (2,t2) … where: i2E, (t0t1t2…)T

Controller Behavioral Model: Timed Traces

Controller – a set of timed traces over E and T.

finite variability, non-Zenon

t0 t1 t2

0 1 2 Event – Instantaneous occurrence

Dr. Vered Gafni 4

Environment events

• Model : {P1, P2,…PN} where Pi : {R+ Di}, i=1..N

• Event – Boolean relation on Pi becomes true/false.

E.g., =def tr( pjK) then occur() = {t | pj(t)K becomes true}.

Environment & Controller Events

non-Zenon

Controller events

• Model – a set of (parallel) tasks (transition systems) over a set of variables

• Event –Assignment of a certain variable (write memory location).

time

temp'

50

30

TempHigh

TempHigh =def tr( Temp30)

Process properties:• TrainLocation : {0..100}Km• GatePosition : (0-90)• SemaphoreState : {pass, stop}

Process events:

• Tin =def tr(TrainLocation=xI)

• Tout =def tr(TrainLocation=xO)

• Close! =def tr(GatePosition=0°)

• Open! =def tr(GatePosition=90°)

Example: Railroad Crossing

Controller actions:

•close =def GatePort:=1

•open =def GatePort:=0

• pass =def LightsPort:=1

• stop =def LightsPort:=0xI xO

5

E={ Tin, Tout, close, close!, open, open!, stop, pass }

( , 2.7) ( , 2.8) ( , 8.0) ( , 19.1)…Tinclosestop

close!pass

Toutopen

Dr. Vered Gafni 6

General reactive software:

• controller comprises a set of (concurrent) tasks.

• reactive behavior of a task concerns:

initiation, synchronization, termination.

About Controller Computations & Events

Computations:

• Asynchronous – take observable duration (initiation<termination)

• Synchronous – instantaneous (initiation=termination)

Simplified reactive model:

computation does not synchronize during execution

only initiation, termination are observable events

Dr. Vered Gafni 7

Synchronous/Asynchronous Computations

• Formally, synchronous computation = executed in zero time,

• In practice, it is sufficient that the computation terminates before next environment event.

• Sequence of sync. computations is a sync. In practice, only finite

sequences that respect “next event” rule.

Finally, only the synchronous trace is of interest.

Dr. Vered Gafni 8

• System behavior:

– Time step – time advances + an event set.

– Reaction step – time freezes but new event set. A trace always starts with: (, 0) A reaction step may follow only trace elements: (, t)

• Super step – a sequence of reaction-steps (triggered actions)

that follow a time step until stabilization (=).

Thus, a trace looks like:

… (,2.0) ({p,q},3.1) ({r},3.1) (,3.1) ({q,r},3.8) …

Synchronous trace

time step reaction step reaction step time step

super step

tk tk+1 tk+1 tk+2

E1 E2, E3 E4 actions

Dr. Vered Gafni 9

• Activation by occurrence of events (may occur simultaneously)

t`t t``

{E2}{E1} {E1, E2, E3}

In practice, observations are taken w.r.t. to a finite precision

clock, henceDiscrete time (modeled by N),Nearby events may get same time record, still order is

preserved.

… ({p,q},53) ({r},53) ({u,w},62) …

So far: Event Driven Traces

Dr. Vered Gafni 10

• Global clock activation signature includes periodic event ‘tick’.

• Events during (ti-1,ti] considered at ti (order/repetition are lost).

titi-1 ti+1 ti+2

E2 E3E1 {E1, E2, E3}

• Time model N, but time-tag coincidences with index, hence represented by un-timed traces:

0 1 2… where i2E + ‘tick’ duration,

• Note: k may consist of the event ‘tick’ solely.

Clock Driven Execution Model

Dr. Vered Gafni 11

execution of T

asynchronousdata-processing-tasks executive

activation request: (T,t)

return (T.done,t’)

(Tdone,t’)deadline inspectionsynchronous

control executive

e (external event)

Asynchronous Computation in Clock Driven Model

In practice ….

12

• Clock driven synchronous model,

hence traces are untimed (time given by index)

• Clock + Event driven synchronous model, but external

events are tagged with last RTC

Dr. Vered Gafni 13

Hybrid Systems: continuous properties

• If 'pass' is accepted within 1 sec. then the speed remains steady

till it exits the crossing.

• If 'pass' has not been accepted within 1 second then the train

starts slowing down at a rate of 5m/s until 'pass' signal is accepted

or otherwise until its speed zeroes.

• When the expected pass signal is accepted, the train accelerates

again to 20m/s.

Dr. Vered Gafni 14

Hybrid Systems: Time model & Variables

Time model: T=[0, ) - non-negative continuous (physical) time

Variables

• Piecewise continuous (pwc)

Continuous range

Discrete range

• Events

Non Zeno

Dr. Vered Gafni 15

Hybrid models• V = Vd Vc (disjoint sets), S=DV (states, D unified domain)

E – set of events, =2E

flow={ | : R DVc } s.t.:

= (t) is defined on interval [0,t] or [0,t), where t>0.

= (t,v) is differentiable on (0,t) and limtt(t,v)DVc

• trace: w1w2…

s.t.: k either: wk=((sk-1,t),,(sk,t)) -- , sk-1,skS, tR

or: wk=((sk-1,t),,(sk,t’)) -- sk-1,skS, t,t’R , flow

s.t.: sdk-1=sd

k, t’tt