design representations control oriented...
TRANSCRIPT
1
2012-03-30 1
Design representations
Control Oriented Models
Kris Kuchcinski [email protected]
2012-03-30 2
Models
“A theory has only the alternative of being right or wrong. A model has a third possibility: it may be right, but irrelevant.” Manfred Eigen (1927 - ) Jagdish Mehra (ed.) The Physicist's Conception of Nature, 1973.
2012-03-30 3
Control Flow Models
FSM (Mealy and Moore) FSM extensions Codesign FSM Communicating FSM
Petri nets
StateCharts
Discrete Event
CCS, CSP, …
...
2
2012-03-30 4
Application Areas
Reactive systems Control functions
Protocols (telecom, computers, ...)
...
2012-03-30 5
FSM basics
Different communication mechanisms: synchronous (classical FSM’s, Moore, Mealy) asynchronous (CCS, Milner ‘80; CSP, Hoare ‘85)
Mealy and Moore state machines FSM = <S, I, O, δ, λ> S is set of states I is set of inputs (conditions) δ is a next-state function, δ: S x I → S λ is an output function, λ: S x I → O for Mealy machine
λ: S → O for Moore machine
2012-03-30 6
FSM Model for Elevator Controller Mealy Machine
S1 S2
S3
r1/n r2/u1
r1/d1
r2/n
r3/n
r1/d2 r3/u2 r2
/d1
r3/u
1
start
3
2012-03-30 7
FSM Model for Elevator Controller Moore Machine
S12/d1
S13/n
S11/d2 S21/d1
S22/n
S23/u1
S31/n
S32/u1
S33/u2
r1 r1 r1
r3 r3 r3
r1 r1
r1 r1
r1
r1
r2 r2
r2
r2
r2 r2
r2 r3
r3
r3
r3
r2
2012-03-30 8
Moore vs. Mealy machines
Theoretically, same computational power (almost) In practice, different characteristics
Moore machines: non-reactive (response delayed by 1 cycle) easy to compose (always well-defined)
Mealy machines: reactive (0 response time) hard to compose (problem with combinational cycles)
2012-03-30 9
Problems with FSM’s
How to reduce the size of the representation? Solution — hierarchical concurrent finite state machines
Example — Harel’s StateCharts
3 orthogonal exponential reductions hierarchy, concurrency, non-determinism.
4
2012-03-30 10
Petri Nets
Model introduced by C.A. Petri in 1962 Ph.D. Thesis: “Communication with Automata”
Applications: distributed computing, manufacturing, control, communication networks, transportation…
Petri nets describe explicitly and graphically: sequencing/causality, conflict/non-deterministic choice, concurrency.
Asynchronous model (partial ordering)
Main drawback: no hierarchy
2012-03-30 11
Petri Net example
p1
p2
p3
t1
t2
t3
2012-03-30 12
Definition
A Petri net structure, C, is a four tuple
C = (P, T, I, O) P = {p1, p2, ..., pn} is a finite set of places, n ≥ 0;
T = {t1, t2, ..., tm} is a finite set of transitions, m ≥ 0;
P ∩ T = ∅;
I: T → P∞ is the input function, a mapping from transitions to bags of places;
0: T → P∞ is the output function, a mapping from transitions to bags of places;
5
2012-03-30 13
Petri Net Marking
A marking m of a Petri net C = (P, T, I, O) is a function from the set of places P to the non-negative integer
µ : P → N
A marking represents an assignment of tokens to the places.
A marking m can also be defined as an n-vector, µ = (µ1, µ2, ..., µn), where n= |P| and µi ∈ N, i = 1, 2, ..., n. The number of tokens in the place pi is denoted by µi.
A marked Petri net M = (C, µ) is a Petri net structure C = (P, T, I, O) and a marking µ.
2012-03-30 14
Summary
A (C,µ0) is a Petri Net Graph N places: represent distributed state by holding tokens marking (state) µ is an n-vector (µ1,µ2,µ3…), where µi
is the non-negative number of tokens in place pi. initial marking (µ0 ) is initial state
transitions: represent actions/events enabled transition: enough tokens in predecessors firing transition: modifies marking
…and an initial marking µ0.
Place/Transition <=> conditions/events
2012-03-30 15
Firing Rules
The execution of a Petri net is carried out by firing transitions, which moves tokens from places to places.
A transition tj ∈ T in a marked Petri net C = (P, T, I, O) with marking m is enabled if for all pi ∈ I(tj)
µ(pi) ≥ #(pi, I(tj))
A transition tj in a marked Petri net with marking µ may fire whenever it is enabled. Firing an enabled transition tj results in a new marking µ’ defined by
µ’(pi) = µ(pi) - #(pi, I(tj)) + #(pi, O(tj))
#(pi, I(tj)) (#(pi, O(tj))) – number of occurrences of pi in I(tj) (O(tj))
6
2012-03-30 16
An Example
2012-03-30 17
Sequencing
t1 t2
2012-03-30 18
Concurrency
t1 t2
t3
7
2012-03-30 19
Conflict
The firing order is not irrelevant.
2012-03-30 20
Communication Protocol
Send msg Receive msg
Send ack Receive ack
2012-03-30 21
Produces/Consumer
producer
consumer 1
buffer
consumer 2
8
2012-03-30 22
Properties of Petri Nets
Most important analysis problems for Petri nets: reachability and coverability
liveness
boundness
safeness
conservation
2012-03-30 23
Reachability
Marking µ is reachable from marking µ0 if there exists a sequence of firings s = µ0 t1 µ1 t2 µ2… µ that transforms µ0 to µ.
The reachability problem is decidable.
2012-03-30 24
Liveness
Liveness: from any marking any transition can become fireable
Liveness implies deadlock freedom, not viceversa
9
2012-03-30 25
Boundness
Boundedness: the number of tokens in any place cannot grow indefinitely (1-bounded also called safe)
Application: places represent buffers and registers (check there is no overflow)
2012-03-30 26
Conservation
Conservation: the total number of tokens in the net is constant
2012-03-30 27
Analysis Techniques
State Space Analysis techniques Reachability Tree or Coverability Graph
Structural analysis techniques Incidence matrix T- and S- Invariants
10
2012-03-30 28
The Reachanility Tree
p1
p2
p3 t2
t1 t3
(1,0,0)
(1,1,0) (0,1,1)
(1,2,0) (0,2,1) (0,0,1)
(1,3,0) (0,3,1) (0,1,1)
t1 t2
t3 t1
t1
t2
t2 t3
2012-03-30 29
Infinite Tree
p1
p2
t2 t1
(1,0)
(0,1)
(1,0)
(0,1)
(0,1)
t1
t2
t1
t2
2012-03-30 30
Reachability Tree
We will try to limit the tree to the finite size (notice, however, that it will usually result in the lost of information)
We introduce three types of nodes frontier
terminal
duplicate
11
2012-03-30 31
An extended marking
Let us assume that after sequence of transitions σ we will end up in marking µ’ from µ
and µ’ > µ µ’ = µ + (µ’-µ) and (µ’ - µ) > 0
since transition firing can be repeated it can lead to µ’’ µ’’ = µ’ + (µ’-µ) or µ’’ = µ’ + 2(µ’-µ) after n times we can produce a marking µ’ + n(µ’-µ) which, in fact, produces infinite marking.
2012-03-30 32
Infinite Marking
infinite number of markings is represented by ω symbol with following properties: ω + a = ω
ω - a = ω
α < ω
ω ≤ ω
2012-03-30 33
Finite Reachability Tree
p1
p2
p3 t2
t1 t3
(1,0,0)
(1,ω,0) (0,1,1)
(1,ω,0) (0,ω,1) (0,0,1)
(0,ω,1)
t1 t2
t3 t1 t2
t3
12
2012-03-30 34
Analysis Techniques Based on Reachabilty Tree
it can be used for analysing several properties such as safeness and boundness conservation coverability
it cannot be used, in general, to solve problems such as reachability liveness determine which firing sequences are possible
limitations => loss information by the use of ω symbol
2012-03-30 35
Matrix Equations
An alternative definition of Petri nets instead of defining (P, T, I, O), we define
(P, T, D-, D+), where two matrices D- and D+represent input and output function
we define D-[i, j] = #(pi, I(tj)) D+[i, j] = #(pi, O(tj))
the transition tj is represented by the unit m-vector e[j]
2012-03-30 36
Matrix Equations (cont’d)
transition tj is enabled in a marking µ if µ ≥ e[j]⋅D-
the result of firing transition tj in marking µ, if it is enabled, is
δ(µ, tj) = µ - e[j]⋅D- + e[j]⋅D+ = µ + e[j]⋅(- D- + D+) = µ + e[j]⋅D where D = D+ - D-
13
2012-03-30 37
Matrix Equations - Example
t1
t2
t3 p1
p2
p3
p4
!!!
"
#
$$$
%
&
=−
010
101
001
001
D
!!!
"
#
$$$
%
&
=+
100
010
020
001
D
!!!
"
#
$$$
%
&
−
−
−−
=
110
111
021
000
D
2012-03-30 38
Examples
[ ] [ ] [ ] [ ] [ ]100111000101110
111
021
000
1000101' =−+=
"""
#
$
%%%
&
'
−
−
−−
×+=µ
firing t3
firing t3 t2 t3 t2 t1
[ ] [ ] [ ] [ ] [ ]003101300101110
111
021
000
2210101' =−+=
"""
#
$
%%%
&
'
−
−
−−
×+=µ
2012-03-30 39
Examples (cont’d)
To determine if the marking (1, 8, 0, 1) is reachable from the marking (1, 0, 1, 0), we have the equation
[ ] [ ]!!!
"
#
$$$
%
&
−
−
−−
×+=
110
111
021
000
01011081 x
[ ]!!!
"
#
$$$
%
&
−
−
−−
×=−
110
111
021
000
1180 x
which has a solution x = (0, 4, 5) and sequence the s = t3t2t3t2t3t2t3t2t3.
14
2012-03-30 40
Matrix Equations - Problems
matrix D by itself does not properly reflect the structure of the Petri net - self loops disappear.
lack of sequencing information in the firing vector.
a solution of equation µ’ = µ + x ⋅ D is necessary for reachability but it is not sufficient
2012-03-30 41
Summary of Petri Nets
Graphical formalism Distributed state (including buffering)
Concurrency, sequencing and choice made explicit
Structural and behavioral properties
Analysis techniques available
2012-03-30 42
Petri Nets Extensions
Add interpretation to tokens and transitions Colored nets (tokens have value)
Add time time/timed Petri Nets (deterministic delay)
type (duration, delay) where (place, transition) control (weak, strong)
Stochastic PNs (probabilistic delay) Generalized Stochastic PNs (timed and immediate
transitions)
Add hierarchy Place Chart Nets
15
2012-03-30 43
Time Petri Nets (TPN’s)
ti (a, b)
a (0 ≤ a), is the minimal time that must elapse, starting from the time at which transition ti is enabled, until this transition can fire,
b (0 ≤ b ≤ ∞), denotes the maximal time during which transition ti can be enabled without being fired.
Reference: B. Berthomieu and M. Diaz, Modeling and Verification of Time Dependent Systems Using Time Petri Nets, IEEE Trans. on Software Engineering, vol. 17, no. 3, March 1991.
2012-03-30 44
TPN example
P1
t1 (1, 6)
P3
P5
t3(2, 3)
P6
t4(1, 4)
P4P2
t2 (1, 6)
(1, 4)t5P7
2012-03-30 45
Some Properties of TPN’s
The reachability and boundness problems for TPN’s are undecidable.
There exist subclasses of TPN’s which are bound.
16
2012-03-30 46
Literature
Tadao Murata, “Petri Nets: Properties, Analysis and Applications”, Proceedings of IEEE, vol. 77, no. 4, April 1989.
Bernard Berthomieu and Michel Diaz, “Modeling and Verification of Time Dependent Systems Using Time Petri Nets”, IEEE Trans. on Software Engineering, vol. 17, no. 3, March 1991.
D. Harel, et. al., “STATEMATE: A Working Environment for the Development of Complex Reactive Systems”, IEEE Trans. on Software Engineering, vol. 16, no. 4, April 1990.