design representations control oriented...

16
1 2012-03-30 1 Design representations Control Oriented Models Kris Kuchcinski [email protected] 2012-03-30 2 Models A theory has only the alternative of being right or wrong. A model has a third possibility: it may be right, but irrelevant.Manfred Eigen (1927 - ) Jagdish Mehra (ed.) The Physicist's Conception of Nature, 1973. 2012-03-30 3 Control Flow Models FSM (Mealy and Moore) FSM extensions Codesign FSM Communicating FSM Petri nets StateCharts Discrete Event CCS, CSP, … ...

Upload: others

Post on 16-Jul-2020

46 views

Category:

Documents


0 download

TRANSCRIPT

Page 1: Design representations Control Oriented Modelsfileadmin.cs.lth.se/cs/Education/EDAN15/Lectures/Lecture6.pdf33/u2 r1 r1 r1 r3 r3 r3 r1 r1 r1 r1 r1 r1 r2 r2 r2 r2 r2 r2 r3 r3 r3 r3 2012-03-30

1

2012-03-30 1

Design representations

Control Oriented Models

Kris Kuchcinski [email protected]

2012-03-30 2

Models

“A theory has only the alternative of being right or wrong. A model has a third possibility: it may be right, but irrelevant.” Manfred Eigen (1927 - ) Jagdish Mehra (ed.) The Physicist's Conception of Nature, 1973.

2012-03-30 3

Control Flow Models

  FSM (Mealy and Moore)   FSM extensions   Codesign FSM   Communicating FSM

  Petri nets

  StateCharts

  Discrete Event

  CCS, CSP, …

  ...

Page 2: Design representations Control Oriented Modelsfileadmin.cs.lth.se/cs/Education/EDAN15/Lectures/Lecture6.pdf33/u2 r1 r1 r1 r3 r3 r3 r1 r1 r1 r1 r1 r1 r2 r2 r2 r2 r2 r2 r3 r3 r3 r3 2012-03-30

2

2012-03-30 4

Application Areas

  Reactive systems   Control functions

  Protocols (telecom, computers, ...)

  ...

2012-03-30 5

FSM basics

  Different communication mechanisms:   synchronous (classical FSM’s, Moore, Mealy)   asynchronous (CCS, Milner ‘80; CSP, Hoare ‘85)

  Mealy and Moore state machines FSM = <S, I, O, δ, λ> S is set of states I is set of inputs (conditions) δ is a next-state function, δ: S x I → S λ is an output function, λ: S x I → O for Mealy machine

λ: S → O for Moore machine

2012-03-30 6

FSM Model for Elevator Controller Mealy Machine

S1 S2

S3

r1/n r2/u1

r1/d1

r2/n

r3/n

r1/d2 r3/u2 r2

/d1

r3/u

1

start

Page 3: Design representations Control Oriented Modelsfileadmin.cs.lth.se/cs/Education/EDAN15/Lectures/Lecture6.pdf33/u2 r1 r1 r1 r3 r3 r3 r1 r1 r1 r1 r1 r1 r2 r2 r2 r2 r2 r2 r3 r3 r3 r3 2012-03-30

3

2012-03-30 7

FSM Model for Elevator Controller Moore Machine

S12/d1

S13/n

S11/d2 S21/d1

S22/n

S23/u1

S31/n

S32/u1

S33/u2

r1 r1 r1

r3 r3 r3

r1 r1

r1 r1

r1

r1

r2 r2

r2

r2

r2 r2

r2 r3

r3

r3

r3

r2

2012-03-30 8

Moore vs. Mealy machines

  Theoretically, same computational power (almost)   In practice, different characteristics

  Moore machines:   non-reactive (response delayed by 1 cycle)   easy to compose (always well-defined)

  Mealy machines:   reactive (0 response time)   hard to compose (problem with combinational cycles)

2012-03-30 9

Problems with FSM’s

  How to reduce the size of the representation?   Solution — hierarchical concurrent finite state machines

  Example — Harel’s StateCharts

  3 orthogonal exponential reductions   hierarchy,   concurrency,   non-determinism.

Page 4: Design representations Control Oriented Modelsfileadmin.cs.lth.se/cs/Education/EDAN15/Lectures/Lecture6.pdf33/u2 r1 r1 r1 r3 r3 r3 r1 r1 r1 r1 r1 r1 r2 r2 r2 r2 r2 r2 r3 r3 r3 r3 2012-03-30

4

2012-03-30 10

Petri Nets

  Model introduced by C.A. Petri in 1962 Ph.D. Thesis: “Communication with Automata”

  Applications: distributed computing, manufacturing, control, communication networks, transportation…

  Petri nets describe explicitly and graphically:   sequencing/causality,   conflict/non-deterministic choice,   concurrency.

  Asynchronous model (partial ordering)

  Main drawback: no hierarchy

2012-03-30 11

Petri Net example

p1

p2

p3

t1

t2

t3

2012-03-30 12

Definition

  A Petri net structure, C, is a four tuple

C = (P, T, I, O) P = {p1, p2, ..., pn} is a finite set of places, n ≥ 0;

T = {t1, t2, ..., tm} is a finite set of transitions, m ≥ 0;

P ∩ T = ∅;

I: T → P∞ is the input function, a mapping from transitions to bags of places;

0: T → P∞ is the output function, a mapping from transitions to bags of places;

Page 5: Design representations Control Oriented Modelsfileadmin.cs.lth.se/cs/Education/EDAN15/Lectures/Lecture6.pdf33/u2 r1 r1 r1 r3 r3 r3 r1 r1 r1 r1 r1 r1 r2 r2 r2 r2 r2 r2 r3 r3 r3 r3 2012-03-30

5

2012-03-30 13

Petri Net Marking

  A marking m of a Petri net C = (P, T, I, O) is a function from the set of places P to the non-negative integer

µ : P → N

  A marking represents an assignment of tokens to the places.

  A marking m can also be defined as an n-vector, µ = (µ1, µ2, ..., µn), where n= |P| and µi ∈ N, i = 1, 2, ..., n. The number of tokens in the place pi is denoted by µi.

  A marked Petri net M = (C, µ) is a Petri net structure C = (P, T, I, O) and a marking µ.

2012-03-30 14

Summary

  A (C,µ0) is a Petri Net Graph N   places: represent distributed state by holding tokens   marking (state) µ is an n-vector (µ1,µ2,µ3…), where µi

is the non-negative number of tokens in place pi.   initial marking (µ0 ) is initial state

  transitions: represent actions/events   enabled transition: enough tokens in predecessors   firing transition: modifies marking

  …and an initial marking µ0.

  Place/Transition <=> conditions/events

2012-03-30 15

Firing Rules

  The execution of a Petri net is carried out by firing transitions, which moves tokens from places to places.

  A transition tj ∈ T in a marked Petri net C = (P, T, I, O) with marking m is enabled if for all pi ∈ I(tj)

µ(pi) ≥ #(pi, I(tj))

  A transition tj in a marked Petri net with marking µ may fire whenever it is enabled. Firing an enabled transition tj results in a new marking µ’ defined by

µ’(pi) = µ(pi) - #(pi, I(tj)) + #(pi, O(tj))

#(pi, I(tj)) (#(pi, O(tj))) – number of occurrences of pi in I(tj) (O(tj))

Page 6: Design representations Control Oriented Modelsfileadmin.cs.lth.se/cs/Education/EDAN15/Lectures/Lecture6.pdf33/u2 r1 r1 r1 r3 r3 r3 r1 r1 r1 r1 r1 r1 r2 r2 r2 r2 r2 r2 r3 r3 r3 r3 2012-03-30

6

2012-03-30 16

An Example

2012-03-30 17

Sequencing

t1 t2

2012-03-30 18

Concurrency

t1 t2

t3

Page 7: Design representations Control Oriented Modelsfileadmin.cs.lth.se/cs/Education/EDAN15/Lectures/Lecture6.pdf33/u2 r1 r1 r1 r3 r3 r3 r1 r1 r1 r1 r1 r1 r2 r2 r2 r2 r2 r2 r3 r3 r3 r3 2012-03-30

7

2012-03-30 19

Conflict

The firing order is not irrelevant.

2012-03-30 20

Communication Protocol

Send msg Receive msg

Send ack Receive ack

2012-03-30 21

Produces/Consumer

producer

consumer 1

buffer

consumer 2

Page 8: Design representations Control Oriented Modelsfileadmin.cs.lth.se/cs/Education/EDAN15/Lectures/Lecture6.pdf33/u2 r1 r1 r1 r3 r3 r3 r1 r1 r1 r1 r1 r1 r2 r2 r2 r2 r2 r2 r3 r3 r3 r3 2012-03-30

8

2012-03-30 22

Properties of Petri Nets

  Most important analysis problems for Petri nets:   reachability and coverability

  liveness

  boundness

  safeness

  conservation

2012-03-30 23

Reachability

  Marking µ is reachable from marking µ0 if there exists a sequence of firings s = µ0 t1 µ1 t2 µ2… µ that transforms µ0 to µ.

  The reachability problem is decidable.

2012-03-30 24

Liveness

  Liveness: from any marking any transition can become fireable

  Liveness implies deadlock freedom, not viceversa

Page 9: Design representations Control Oriented Modelsfileadmin.cs.lth.se/cs/Education/EDAN15/Lectures/Lecture6.pdf33/u2 r1 r1 r1 r3 r3 r3 r1 r1 r1 r1 r1 r1 r2 r2 r2 r2 r2 r2 r3 r3 r3 r3 2012-03-30

9

2012-03-30 25

Boundness

  Boundedness: the number of tokens in any place cannot grow indefinitely   (1-bounded also called safe)

  Application: places represent buffers and registers (check there is no overflow)

2012-03-30 26

Conservation

  Conservation: the total number of tokens in the net is constant

2012-03-30 27

Analysis Techniques

  State Space Analysis techniques   Reachability Tree or Coverability Graph

  Structural analysis techniques   Incidence matrix   T- and S- Invariants

Page 10: Design representations Control Oriented Modelsfileadmin.cs.lth.se/cs/Education/EDAN15/Lectures/Lecture6.pdf33/u2 r1 r1 r1 r3 r3 r3 r1 r1 r1 r1 r1 r1 r2 r2 r2 r2 r2 r2 r3 r3 r3 r3 2012-03-30

10

2012-03-30 28

The Reachanility Tree

p1

p2

p3 t2

t1 t3

(1,0,0)

(1,1,0) (0,1,1)

(1,2,0) (0,2,1) (0,0,1)

(1,3,0) (0,3,1) (0,1,1)

t1 t2

t3 t1

t1

t2

t2 t3

2012-03-30 29

Infinite Tree

p1

p2

t2 t1

(1,0)

(0,1)

(1,0)

(0,1)

(0,1)

t1

t2

t1

t2

2012-03-30 30

Reachability Tree

  We will try to limit the tree to the finite size (notice, however, that it will usually result in the lost of information)

  We introduce three types of nodes   frontier

  terminal

  duplicate

Page 11: Design representations Control Oriented Modelsfileadmin.cs.lth.se/cs/Education/EDAN15/Lectures/Lecture6.pdf33/u2 r1 r1 r1 r3 r3 r3 r1 r1 r1 r1 r1 r1 r2 r2 r2 r2 r2 r2 r3 r3 r3 r3 2012-03-30

11

2012-03-30 31

An extended marking

  Let us assume that after sequence of transitions σ we will end up in marking µ’ from µ

and µ’ > µ µ’ = µ + (µ’-µ) and (µ’ - µ) > 0

since transition firing can be repeated it can lead to µ’’ µ’’ = µ’ + (µ’-µ) or µ’’ = µ’ + 2(µ’-µ) after n times we can produce a marking µ’ + n(µ’-µ) which, in fact, produces infinite marking.

2012-03-30 32

Infinite Marking

  infinite number of markings is represented by ω symbol with following properties:   ω + a = ω

  ω - a = ω

  α < ω

  ω ≤ ω

2012-03-30 33

Finite Reachability Tree

p1

p2

p3 t2

t1 t3

(1,0,0)

(1,ω,0) (0,1,1)

(1,ω,0) (0,ω,1) (0,0,1)

(0,ω,1)

t1 t2

t3 t1 t2

t3

Page 12: Design representations Control Oriented Modelsfileadmin.cs.lth.se/cs/Education/EDAN15/Lectures/Lecture6.pdf33/u2 r1 r1 r1 r3 r3 r3 r1 r1 r1 r1 r1 r1 r2 r2 r2 r2 r2 r2 r3 r3 r3 r3 2012-03-30

12

2012-03-30 34

Analysis Techniques Based on Reachabilty Tree

  it can be used for analysing several properties such as   safeness and boundness   conservation   coverability

  it cannot be used, in general, to solve problems such as   reachability   liveness   determine which firing sequences are possible

  limitations => loss information by the use of ω symbol

2012-03-30 35

Matrix Equations

  An alternative definition of Petri nets   instead of defining (P, T, I, O), we define

(P, T, D-, D+), where two matrices D- and D+represent input and output function

  we define D-[i, j] = #(pi, I(tj)) D+[i, j] = #(pi, O(tj))

  the transition tj is represented by the unit m-vector e[j]

2012-03-30 36

Matrix Equations (cont’d)

  transition tj is enabled in a marking µ if µ ≥ e[j]⋅D-

  the result of firing transition tj in marking µ, if it is enabled, is

δ(µ, tj) = µ - e[j]⋅D- + e[j]⋅D+ = µ + e[j]⋅(- D- + D+) = µ + e[j]⋅D where D = D+ - D-

Page 13: Design representations Control Oriented Modelsfileadmin.cs.lth.se/cs/Education/EDAN15/Lectures/Lecture6.pdf33/u2 r1 r1 r1 r3 r3 r3 r1 r1 r1 r1 r1 r1 r2 r2 r2 r2 r2 r2 r3 r3 r3 r3 2012-03-30

13

2012-03-30 37

Matrix Equations - Example

t1

t2

t3 p1

p2

p3

p4

!!!

"

#

$$$

%

&

=−

010

101

001

001

D

!!!

"

#

$$$

%

&

=+

100

010

020

001

D

!!!

"

#

$$$

%

&

−−

=

110

111

021

000

D

2012-03-30 38

Examples

[ ] [ ] [ ] [ ] [ ]100111000101110

111

021

000

1000101' =−+=

"""

#

$

%%%

&

'

−−

×+=µ

  firing t3

  firing t3 t2 t3 t2 t1

[ ] [ ] [ ] [ ] [ ]003101300101110

111

021

000

2210101' =−+=

"""

#

$

%%%

&

'

−−

×+=µ

2012-03-30 39

Examples (cont’d)

  To determine if the marking (1, 8, 0, 1) is reachable from the marking (1, 0, 1, 0), we have the equation

[ ] [ ]!!!

"

#

$$$

%

&

−−

×+=

110

111

021

000

01011081 x

[ ]!!!

"

#

$$$

%

&

−−

×=−

110

111

021

000

1180 x

  which has a solution x = (0, 4, 5) and sequence the s = t3t2t3t2t3t2t3t2t3.

Page 14: Design representations Control Oriented Modelsfileadmin.cs.lth.se/cs/Education/EDAN15/Lectures/Lecture6.pdf33/u2 r1 r1 r1 r3 r3 r3 r1 r1 r1 r1 r1 r1 r2 r2 r2 r2 r2 r2 r3 r3 r3 r3 2012-03-30

14

2012-03-30 40

Matrix Equations - Problems

  matrix D by itself does not properly reflect the structure of the Petri net - self loops disappear.

  lack of sequencing information in the firing vector.

  a solution of equation µ’ = µ + x ⋅ D is necessary for reachability but it is not sufficient

2012-03-30 41

Summary of Petri Nets

  Graphical formalism   Distributed state (including buffering)

  Concurrency, sequencing and choice made explicit

  Structural and behavioral properties

  Analysis techniques available

2012-03-30 42

Petri Nets Extensions

  Add interpretation to tokens and transitions   Colored nets (tokens have value)

  Add time   time/timed Petri Nets (deterministic delay)

  type (duration, delay)   where (place, transition)   control (weak, strong)

  Stochastic PNs (probabilistic delay)   Generalized Stochastic PNs (timed and immediate

transitions)

  Add hierarchy   Place Chart Nets

Page 15: Design representations Control Oriented Modelsfileadmin.cs.lth.se/cs/Education/EDAN15/Lectures/Lecture6.pdf33/u2 r1 r1 r1 r3 r3 r3 r1 r1 r1 r1 r1 r1 r2 r2 r2 r2 r2 r2 r3 r3 r3 r3 2012-03-30

15

2012-03-30 43

Time Petri Nets (TPN’s)

ti (a, b)

  a (0 ≤ a), is the minimal time that must elapse, starting from the time at which transition ti is enabled, until this transition can fire,

  b (0 ≤ b ≤ ∞), denotes the maximal time during which transition ti can be enabled without being fired.

Reference: B. Berthomieu and M. Diaz, Modeling and Verification of Time Dependent Systems Using Time Petri Nets, IEEE Trans. on Software Engineering, vol. 17, no. 3, March 1991.

2012-03-30 44

TPN example

P1

t1 (1, 6)

P3

P5

t3(2, 3)

P6

t4(1, 4)

P4P2

t2 (1, 6)

(1, 4)t5P7

2012-03-30 45

Some Properties of TPN’s

  The reachability and boundness problems for TPN’s are undecidable.

  There exist subclasses of TPN’s which are bound.

Page 16: Design representations Control Oriented Modelsfileadmin.cs.lth.se/cs/Education/EDAN15/Lectures/Lecture6.pdf33/u2 r1 r1 r1 r3 r3 r3 r1 r1 r1 r1 r1 r1 r2 r2 r2 r2 r2 r2 r3 r3 r3 r3 2012-03-30

16

2012-03-30 46

Literature

  Tadao Murata, “Petri Nets: Properties, Analysis and Applications”, Proceedings of IEEE, vol. 77, no. 4, April 1989.

  Bernard Berthomieu and Michel Diaz, “Modeling and Verification of Time Dependent Systems Using Time Petri Nets”, IEEE Trans. on Software Engineering, vol. 17, no. 3, March 1991.

  D. Harel, et. al., “STATEMATE: A Working Environment for the Development of Complex Reactive Systems”, IEEE Trans. on Software Engineering, vol. 16, no. 4, April 1990.