IIST and UNU - UNU-IIST - United Nations University

More documents

Recommendations

Info

Temporal logic of resource cumulation 8 Examples of temporal logics The amount of time that a computation consumes corresponds to the cumulator RTime. A real-time specification is a predicate on a typed modal variable t ∈ [0, ∞] that denotes time and an untyped auxiliary variable s that denotes the system’s state at the time. We let T denote the space of such specifications. Since addition is commutative i.e. a + b = b + a, it makes no difference whether time is extended from the left-hand side or the right-hand side. For example, e t = x described a system’s temporature growing exponentially over time. Intervals within a time domain form the cumulator Interval . A specification on intervals is a predicate on a variable i ∈ I that denotes the interval and an auxiliary variable x that denotes some system feature related to the interval. We let I denote the space of all temporal specifications on intervals. An interval can be extended from either left-hand side or right-hand side. Traces of elements of X form a cumulator Trace(X) . A trace specification is a predicate on a single variable tr ∈ X † . We let S denote the space of trace specifications. For example, the specification |S|
Temporal logic of resource cumulation 9 another state satisfying ¬p in some time t ∈ U and then moves back to a state satisfying p in some time t ∈ V where U, V ⊆ [0, ∞] . The two-state automaton can be formalised as follows: (2) Automaton(p, U, V ) ̂= K [(p(s) ∧ ¬p(s ′ ) ∧ t ′ −t ∈ U) ∨ (¬p(s) ∧ p(s ′ ) ∧ t ′ −t ∈ V )] (s,t) . Figure 2: Automaton with two states Duration calculus (DC) is a special interval logic. A durational specification is a predicate on a variable i ∈ I that denotes the interval and an auxiliary variable x : [0, ∞] → S that denotes a real-time Boolean function. We use a boolean function p : S → {0, 1} to denote whether a state x(t) at the time t satisfies the predicate p(·) . The space of durational specifications is denoted by D. Again, we may introduce some dependent variables. For example, instead of specifying the relation (i.e. a predicate) between the interval and the real-time function, we may specify the relation between the length of the interval and the integral of the real function in the interval. Although not all computation can be specified in such a restricted way, it has been expressive enough for most applications and covers most common design patterns [13]. The following table lists the primitives of DC: P (l, ∫ p) general pattern ⌈p⌉ lift D P modality of sub-interval closure P Q chop operation P ∨ Q logical disjunction ¬P negation For example, the Gas Burner problem [13] includes a requirement that gas leak is bounded by 4 for any interval no longer than 30. This can be formalised as a specification in DC: (3) D (|i| 30 ⇒ ∫ i Leak(x(t)) dt 4) Report No. 301, UNU-IIST, P.O. Box 3058, Macau
Page 1 and 2: UNU/IIST International Institute fo
Page 3 and 4: UNU/IIST International Institute fo
Page 5: Contents i Contents 1 Introduction
Page 8 and 9: Predicative semantics of modal logi
Page 10 and 11: Predicative semantics of modal logi
Page 12 and 13: Temporal logic of resource cumulati
Page 16 and 17: Linking Duration Calculus and TLA 1
Page 22 and 23: Case study: the Gas Burner 16 Figur
Page 24 and 25: Conclusions 18 There are many possi
Page 26: References 20 [17] C. Zhou, C. A. R

IIST and UNU - UNU-IIST - United Nations University

Create successful ePaper yourself

Delete template?

Save as template?