1 / 19

XCTL (Explicit Clock Temporal Logic)

XCTL (Explicit Clock Temporal Logic). Real-Time Extension for LTL. Motivation w.r.t. “periodic clock” Complexity: Shorter formulae ( EnterGR  O 15 , 25 Tout consists of 223 symbols, recall complexity is 2 O(| |) . Allows reference to event driven execution model with zero

cairo-walker
Download Presentation

XCTL (Explicit Clock Temporal Logic)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. XCTL(Explicit Clock Temporal Logic) Real-Time Extension for LTL • Motivation w.r.t. “periodic clock” • Complexity: Shorter formulae (EnterGR  O15,25Tout • consists of 223 symbols, recall complexity is2O(||). • Allows reference to event driven execution model with zero • steps.

  2. Approaches to Time Quantification • Every stimulus p must be followed by a system response q within 3 time units: • First order monadic logic • t. p(t) s. q(s)  st  s  t+3 • Current time variable: • x. □((pT=x  ◊(q  T x+3)) • Bounded operators: • □(p  ◊[0,3]q) • Freeze quantification: • □x.(p  ◊y.(q  y x+3))

  3. XCTL: Syntax Vocabulary: • Propositions: p, q,… • Timing elements: • Time Constants: C = {a, b, c,…} • Timing variables: V = {x, y,…} • Clock variable: T Atomic formulae • Propositions • a + x  T, a + x  c where: {, , } Formulae: • Atomic formulae (e.g., xT, Ty5, x>3) • p, pq, Op, pUq (e.g., ((p(xT)) (q(Tx3))) )

  4. XCTL Semantics Behavior (trace) for a formula [P,C,V]*: , Ic  • (0,t0), (1,t1), (2,t2)… where i2P, tiInt+ s.t. : - For all i, titi+1 - nInt+j s.t. tjn, • Ic: C  Int (fixed for all states). -- for aC, ta denotes Ic(a) Semantics: • j |= a+x  T iff ta+x  tj for every {x} Int. • j |= a+x  c iff ta+x  tc for every {x} Int. A behavior , Ic is a model (satisfies) of (P,C,V) iff 0 |=  for every {V Int}. * P- thepropositions in , V- thetime variables in , C- thetime constants in 

  5. Example A model for: ((p(xT)) (q(Tx5)))

  6. Railroad Crossing in XCTL: Assertions • 40 seconds minimal delay between trains. Tin  O1,39Tin Tin(x=T) O(Tinx40T) • It takes a train 6 seconds to arrive at the signal. Tin  O6(AtSignal) Tin(x=T) (AtSignal(x+6=T)) • Trains exit XR within 15 to 25 seconds after passing the signal. (AtSignal Twait)  (Twait Twait) O15,25Tout ((AtSignal Twait)  (Twait Twait )  x=T) (Tout (x+15T)(x+25T))

  7. Railroad Crossing in XCTL: Requirements • Every train that arrives at the signal is allowed to continue beyond the signal within 10 seconds. AtSignal  O0,10(Twait) AtSignal  (x=T) (Twait  (x+10T)) • The gate is open whenever the crossing is empty for more than 10 seconds. O0,10(Tcr0)  O10(Open) (x=T)  Tcr0U(x+10=T) (Open  (x+10=T))

  8. XCTL Closure CL(f) - is the minimal set that satisfies: • fCL(f), tt, O(tt) CL(f) • gCL(f) gCL(f) • gUhCL(f)  h, g, O(gUh)CL(f) • OgCL(f)  gCL(f) • Timing formulae (next slide)

  9. Closure Timing Formulae • Let {a+x}, v{c, T}, {, , } •   v CL(f) v, v, v CL(f) •  T CL(f)  O( T), ( T)CL(f) Also, the “difference table”: |CL(f)| <3|f|2

  10. Example: Cl((p  (T5))) 9.        (p(T=5), 10.        O(p(T=5), 11.        T5, 12.        T5, 13.        O(T5), 14.        (T5) 15.        tt, ff, Ott   1.        (p  (T5)),   2.        (p  (T5)),   3.        O(p  (T5)), 4.        p,   5.        T=5,   6.        p, 7.        (T=5),   8.        (p(T=5),

  11. Atoms A set ACL(f) such that: • tt, O(tt) A (guarantees infinite models) • for every g CL(f), g A g  A • for every gh CL(f), ghA  gA or hA • for every gUhCL(f), gUhA  hA or g,O(gUh)A • for every v CL(f) precisely one of v, v, v A • TA  O(T)A • =TA or TA (T)A • The difference table w.r.t. A • The set of time constraints in A, C(A), is consistent (a solution to a linear system).

  12. Example: Atoms derived from Cl((p  (T5)))

  13. Timed Next Relation LTL: OpA  pB, …. (A,B)X   c A  c B =TA =TB or TB Graph Construction:G()(At,X) where At is the set of all atoms that contain , or are accessed from an atom that contains  via the X relation Example: Cl((p(T5))) Atoms Atom#2 (p  (T5)), (p  (T5)), p, T=5, (T5) Atom#1 (p  (T5)), O(p  (T5)), T5, (T5) Atom#3 T5, O(T5)

  14. Timing Relations between Atoms C is self-fulfilling if it is s.c. and for every pUqA (in C) there is an atom B (in C) such that qB. (A,B)X, C(A)={T1,…,Tk, L1,…,Lm}  by definition C(B)={T'1,…,T'k, L1,…,Lm} such that: • if Tj is T then T'j is T • if Tj is T then T'j is T or T • if Tj is T then T'j is T BW-Lemma: If u1,…,un,t'Int satisfy C(B) then there exists tt' such that u1,…,un,tsatisfy C(A). FW-Lemma: If A, B belong to a self-fulfilling s.c.s.then C(A)=C(B) and all time constraintsin C(A) are of the form T.

  15. BW-Lemma: If u1,…,un,t' Int satisfy C(B) then thereexists tt' such that u1,…,un,t satisfy C(A). Proof • u1,…,un |= L1,…,LmC(A), C(B) (t’) • iTC(A)iT | i<TC(B), let t=i(u) tt’. for <TC(A)i- >0C(A)t>(u) (sim. for >TC(A)). • iTC(A), def El= { i | i<T}, let l=max(l(u)) (l if El= ) Eg={ i | i >T}, let g=min(g(u)) (g if Eg=) g-l>1C(A) g>l+1, let t=l+1  l<t<g. l<TC(A)l<TC(B)l(u)=l<t’ t t'

  16. FW-Lemma: If A, B belong to a self-fulfilling s.c.s. then C(A)=C(B) and all time constraints in C(A) are of the form T. Proof AB, BA  {Li} same in A,B & <TC(A)iff <TC(B). Assume =T |>T C(A)(<T)A DC, <TD, but DA  <TC(A) !!! • From FW-Lemma: If u1,…,un,t satisfy C(A) then it is a solution forevery atom in a self-fulfilling s.c.s. that contains A.Also, u1,…,un,t' is a solution for every t't.

  17. fulfilling path A0,A1,… in G(): •  i, (Ai,Ai+1)X, •  i, pUqAiji s.t. qAj. • A0 Fulfilling Paths and Satisfiability Theorem:  is satisfiable iff there exists a fulfilling path for  in G(). Sketch of proof: • if  is satisfiable construct the sequence: A0,A1,.. where Ai={ pCL() | si |= p } Show that  is fulfilling path. - Given A0,A1,.. is fulfilling path of . define s0,s1,.. such that: si={ pAi }. Since  is infinite there exists k s.t. all the atoms from k head are contained in a self-fulfilling SCS. Let u1,...un,tk be a solution of Ak, then trace  backwards and assign values titk (possible by BW-Lemma). Also by FW-Lemma assign sk+1,sk+2,.. by tk+1, tk+2,...

  18. Satisfiability Checking Algorithm • Let G0=G(). • repeat with the last defined graph Gi Let C be a useless maximal SCS in Githen define Gi+1=(Wi+1,Xi+1) by:  Wi+1=Wi-C Xi+1=Xi(Wi+1Wi+1) until Gi is empty or does not contain anyuseless maximal SCS. • If there is an atom AGi such that A • then report success • else report fail. Theorem: is satisfiable iff the algorithm reports success.

  19. Remarks • The algorithm does not check for complete models(time increases with at most 1 t.u.).. Hence, the Formula (x=T)  O(x+2=T) is satisfiable though it does not have a complete model. • The definition of a model does not require time to be non- negative. Hence, the formula (x=T)  O(x=-1) is satisfiable but only by a model where t00. In order to restrict models to non-negative clocks we need to augment formulae with a proper constraint p  (0T)

More Related