IIST and UNU - UNU-IIST - United Nations University

More documents

Recommendations

Info

Linking Duration Calculus and TLA 10 where Leak is a predicate denoting whether there is leaking in a state. For simplicity, we rewrite the specification using standard abbreviations: D (l 30 ⇒ ∫ Leak 4) where l ̂= |i| and ∫ Leak ̂= ∫ i Leak(x(t)) dt . The following two concrete DC specifications form a common design implementing the above abstract specification: (4) D (⌈Leak⌉⇒ |i| 4) and D (⌈Leak⌉ ⌈¬Leak⌉ ⌈Leak⌉ ⇒ |i| 26) where the real-time function x(t) records the state at the time point t , the specification ⌈Leak⌉ ̂= ( ∫ Leak = l) describes a period with gas leak (at “most” time points of in the period [17]), and ⌈¬Leak⌉ ̂= ( ∫ Leak = l) describes a period almost without leak. The first specification requires any leaking period to be bounded by 4 seconds; the second specification states that, during any interval, the period of non-leak between two periods of leak should be no less than 26 seconds. The sequential composition (also known as the chop operation) is the pointwise concatenation of the intervals of specifications: P Q ̂= ∃i 1 i 2 · (P [i 1 /i] ∧ Q[i 2 /i] ∧ i = i ⌢ 1 i 2) . The similarity between the TLA specification (1) and the DC design (4) is obvious. They essentially describe the same controlling strategy. Their link will be captured by a transformer between the two logics. 4 Linking Duration Calculus and TLA The transformer from TLA to DC We now study a technique to link DC specifications with TLA designs. Indeed each timed trace of 0s and 1s determines some real-time Boolean function in [0, ∞] → {0, 1} . For example, the timed trace 〈(1.0, 0), (2.0, 1), (4.0, 0)〉 corresponds to a Boolean real-time function whose value is 0 from time 1.0 to time 2.0 when the value becomes 1 until time 4.0 . The state between any two consecutive time points is constant. For example, the DC abstract specification (3) can be implemented with a TLA specification of timed traces (1). The TLA design is arguably more intuitive than (3) in DC alone. Such interpretation of a timed trace also directly corresponds to a timed automaton. Report No. 301, UNU-IIST, P.O. Box 3058, Macau
Linking Duration Calculus and TLA 11 The link between timed-trace TLA and durational calculus can be characterised as a predicate of weak inverse on timed trace tr , interval i and real-time function x(l) : T (tr, i, x) ̂= ∧ k (l= ∫ (x= s k ) / i (i ⊆ [t k , t k+1 ] ∩ i)). Each timed trace determines a real-time function whose value may only change at the time points of the trace. The value between two consecutive time points is “stable” in the sense that the values at “most” time point (except for isolated ones not affecting the integral) during the period are the same. The transformer requires that in any sub-interval segment of the timed trace, the real-time function x matches the stable states generated by the timed trace. A timed trace may contain arbitrarily-many consecutive state transitions at a single time point. Since the above transformer allows nondeterminism at isolated time points, such zero-time transitions cause no difficulty. Def 6 ♦ K→D P ̂= P : tr T and D→K P ̂= P / tr T . It is easy to show that any DC specification transformed from a TLA specification is always sub-interval closed. Law 4 D ♦ K→D P = ♦ K→D P . An automaton can be easily specified using a TLA formula (2). We introduce a notation for DC-specified automata in which U, V ⊆ [0, ∞] are two closed non-empty sets of time points such that the lub and glb of any of their non-empty subsets are contained in them. For example, they can be closed intervals like [0, 1] . Def 7 〈 U ↑ p ↓ V 〉 ̂= ♦ K→D Automaton(p, U, V ). An automaton is symmetric and monotonic in the sense that reducing the range of timing restrictions leads to the reduction of nondeterminism. Law 5 (1) 〈 U ↑ p ↓ V 〉 = 〈 V ↑ ¬p ↓ U 〉 (2) 〈 U ↑ p ↓ V 〉 ⊇ 〈 U ′ ↑ p ↓ V ′ 〉 (U ⊇ U ′ , V ⊇ V ′ ). We use ∞ to denote the singleton range [∞, ∞] . Lift and chop operators can then be expressed with special automata. Note that the chop operation implies a certain synchronisation between the system and the observer: the chopping point must always fall in the interval of observation. This is achieved by eliminating the possibility that the chopping point falls out of the observation interval. Report No. 301, UNU-IIST, P.O. Box 3058, Macau
Page 1 and 2: UNU/IIST International Institute fo
Page 3 and 4: UNU/IIST International Institute fo
Page 5: Contents i Contents 1 Introduction
Page 8 and 9: Predicative semantics of modal logi
Page 10 and 11: Predicative semantics of modal logi
Page 12 and 13: Temporal logic of resource cumulati
Page 14 and 15: Temporal logic of resource cumulati
Page 18 and 19: Linking Duration Calculus and TLA 1
Page 20 and 21: Linking Duration Calculus and TLA 1
Page 22 and 23: Case study: the Gas Burner 16 Figur
Page 24 and 25: Conclusions 18 There are many possi
Page 26: References 20 [17] C. Zhou, C. A. R

IIST and UNU - UNU-IIST - United Nations University

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?