## Almost ASAP Semantics: From Timed Models to Timed Implementations (2003)

### Cached

### Download Links

- [www.ulb.ac.be]
- [www.ulb.ac.be]
- [www.ulb.ac.be]
- [www.ulb.ac.be]
- [www.ulb.ac.be]
- DBLP

### Other Repositories/Bibliography

Citations: | 42 - 5 self |

### BibTeX

@INPROCEEDINGS{Wulf03almostasap,

author = {Martin De Wulf and Laurent Doyen and Jean-françois Raskin},

title = {Almost ASAP Semantics: From Timed Models to Timed Implementations},

booktitle = {},

year = {2003},

pages = {296--310},

publisher = {Springer}

}

### Years of Citing Articles

### OpenURL

### Abstract

In this paper, we introduce a parametric semantics for timed controllers called the Almost ASAP semantics. This semantics is a relaxation of the usual ASAP semantics (also called the maximal progress semantics) which is a mathematical idealization that can not be implemented by any physical device no matter how fast it is. On the contrary, any correct Almost ASAP controller can be implemented by a program on a hardware if this hardware is fast enough. We study the properties of this semantics, show how it can be analyzed using the tool HyTech, and illustrate its practical use on examples.

### Citations

1977 | A theory of timed automata
- Alur, Dill
- 1994
(Show Context)
Citation Context ...ronment is specified as a timed automaton: • [Fixed] In this case we can obviously respond to the [Fixed] version of the correctness problem as it amounts to a reachability question on timed automata =-=[AD94]-=-, • [Maximization ] In this case, we can approximate as close as needed the solution of the [Maximization] question thanks to the “faster is better” property of the AASAP semantics: by doing a binary ... |

1332 | A Calculus of Communicating Systems - Milner - 1982 |

1213 |
The temporal logic of programs
- Pnueli
- 1977
(Show Context)
Citation Context ...S T1, if T2 ⊑ T1. In the following, we use simulation relations because they preserve safety properties [AL91], but they also preserve stronger properties such as the ones expressed in the logics LTL =-=[Pnu77]-=- or ACTL [CBG88]. We are now equipped to define the notion of safety control. This notion together with the notion of refinement we have introduced above allow us to formalize in section 4 and 5, the ... |

598 | The algorithmic analysis of hybrid systems - Alur, Courcoubetis, et al. - 1995 |

482 | The theory of hybrid automata
- Henzinger
- 1996
(Show Context)
Citation Context ...ler state moves discretely between control modes, and in each control mode, the plant state evolves continuously according to physical laws. A natural model for hybrid systems is the hybrid automaton =-=[Hen96]-=-, which represents discrete components using finite-state machines and continuous components using real-numbered variables which evolution is governed by differential equations or differential inclusi... |

471 | Symbolic model checking for real-time systems - Henzinger, Nicollin, et al. - 1994 |

438 | The existence of refinement mappings
- Abadi, Lamport
- 1991
(Show Context)
Citation Context ...Simulation can be used to define a notion of refinement. We say that the STTS T2 refines the STTS T1, if T2 ⊑ T1. In the following, we use simulation relations because they preserve safety properties =-=[AL91]-=-, but they also preserve stronger properties such as the ones expressed in the logics LTL [Pnu77] or ACTL [CBG88]. We are now equipped to define the notion of safety control. This notion together with... |

366 | Hierarchical correctness proofs for distributed algorithms
- Lynch, Tuttle
- 1987
(Show Context)
Citation Context ...id such problems we impose input enabledness of the STTS that we compose, which means that input labels have the property of being enabled in every state. Input enabledness is a concept introduced in =-=[LT87]-=-. Formally : Definition 3 [Input enabled STTS] A STTS T = 〈S, ι, Σ in , Σ out , Σ τ , →〉 is input enabled if for all σ ∈ Σ in , for all s1 ∈ S there exists s2 ∈ S such that (s1, σ, s2) ∈→. � We chose ... |

267 | What’s decidable about hybrid automata
- Henzinger, Kopke, et al.
- 1998
(Show Context)
Citation Context ... evolution is governed by differential equations or differential inclusions. Several verification and control problems have been studied for hybrid automata or interesting subclasses (see for example =-=[HKPV98]-=-). Tools like HyTech [HHWT95] have proven useful to analyze high-level descriptions of embedded controllers in continuous environments. When a high level description of a controller has been proven co... |

199 | The Foundations of Esterel
- Berry
- 2000
(Show Context)
Citation Context ...stantaneity characteristics of the traditional semantics given to timed automata is very closely related to the synchrony hypothesis that is commonly adopted in the community of synchronous languages =-=[Ber00]-=-. Roughly speaking, the synchrony hypothesis can be stated as follows: “the program reacts to inputs of the environment by emitting outputs instantaneously”. The rationale behind the synchrony hypothe... |

142 | A user guide to HYTECH
- Henzinger, Ho, et al.
- 1995
(Show Context)
Citation Context ... differential inclusions. Several verification and control problems have been studied for hybrid automata and interesting subclasses have been identified (see for example [HKPV98]). Tools like HyTech =-=[HHWT95]-=- have proven useful to analyze high-level descriptions of embedded controllers in continuous environments. When a high level description of a controller has been proven correct it would be valuable to... |

135 |
O.: Characterizing finite Kripke structures in propositional temporal logic. Theoretical Computer Science 59
- Browne, Clarke, et al.
- 1988
(Show Context)
Citation Context .... In the following, we use simulation relations because they preserve safety properties [AL91], but they also preserve stronger properties such as the ones expressed in the logics LTL [Pnu77] or ACTL =-=[CBG88]-=-. We are now equipped to define the notion of safety control. This notion together with the notion of refinement we have introduced above allow us to formalize in section 4 and 5, the notion of correc... |

83 |
A Calculus for Communicating Systems, volume 92 of LNCS
- Milner
- 1980
(Show Context)
Citation Context ... that the “important” properties of P1 are maintained. Usually, P2 is obtained from P1 by reducing nondeterminism. To reason about the correctness of P2 w.r.t. P1, we often use a notion of simulation =-=[Mil80]-=- which is powerful enough to ensure conservation of LTL properties for example. In this paper, we show how to adapt this elegant schema in the context of real-time embedded controllers. To reach this ... |

76 | Effective synthesis of switching controllers for linear systems - Asarin, Bournez, et al. - 2000 |

44 | PLC-Automata: A New Class of Implementable Real-Time Automata
- Dierks
- 1997
(Show Context)
Citation Context ...on semantics is good enough. In section 7, we show how to use this semantics in the context of the Lego Mindstorms TM platform. This semantics is close to the one of PLC-automata introduced by Dierks =-=[Die01]-=-. The main difference is that we explicitly model the granularity of clocks. We proceed now with the definition of the program semantics. This semantics manipulates digital clocks, so we need the foll... |

42 | From control models to real-time code using giotto - Henzinger, Kirsch, et al. |

41 | W.: TIMES - a tool for modelling and implementation of embedded systems - Amnell, Fersman, et al. - 2002 |

37 | A comparison of control problems for timed and hybrid systems
- Cassez, Henzinger, et al.
- 2002
(Show Context)
Citation Context ...acceptable even by authors making the synchrony hypothesis [AFP+ 03]. But even if we prove our controller model non-zeno, that does not mean that it can be implemented. In fact, we recently showed in =-=[CHR02]-=- that there are (very simple) timed automata that respect a syntactic criterion that ensures nonzenoness but require faster and faster reactions, say at times 0, 1 1 2 , 1, 11 4 , 2, 21 8 , 3, 316 , .... |

26 | Mixed real-integer linear quantifier elimination
- Weispfenning
- 1999
(Show Context)
Citation Context ...nd ∀D > Dmax : ¬ψ(D); – or there exists Dsup ∈ Q ≥0 such that ¬ψ(Dsup) and ∀0 ≤ D < Dsup : ψ(D). All those question are expressed as formulas of the additive theory of the reals and are thus solvable =-=[Wei99]-=- . In case the HyTech analysis does not terminate, we still have a practical solution for two of the problems of Definition 13 if the environment is specified as a timed automaton: • [Fixed] In this c... |

25 | Generating embedded software from hierarchical hybrid models - Alur, Ivancic, et al. - 2003 |

20 | Code synthesis for timed automata - Amnell, Fersman, et al. - 2003 |

19 | Robustness and Implementability of Timed Automata
- Wulf, Doyen, et al.
- 2004
(Show Context)
Citation Context ...orrect up to any precision. To answer those two previous questions, we are not restricted to the use of HyTech or other parametric tools and we for example can use Uppaal [PL00]. Finally, we prove in =-=[DDMR04]-=- the decidability of the [Existence] question when the environment is a timed automata. Running example If we apply the construction of Theorem 8 to our running example (Figure 1), we can ask HyTech t... |

12 | Exact acceleration of real-time model checking - Hendriks, Larsen |

8 | Model-checking real-time control programs - verifying lego mindstorms systems using uppaal
- Iversen, Kristoffersen, et al.
- 2000
(Show Context)
Citation Context ... that the “important” properties of P1 are maintained. Usually, P2 is obtained from P1 by reducing nondeterminism. To reason about the correctness of P2 w.r.t. P1, we often use a notion of simulation =-=[Mil80]-=- which is powerful enough to ensure conservation of LTL properties for example. ⋆ Supported by the FRFC project “Centre Fédéré en Vérification” funded by the Belgian National Science Fundation (FNRS) ... |

5 |
Bisimulation on speed: worst-case efficiency
- Lüttgen, Vogler
- 2004
(Show Context)
Citation Context ...ark. Note that in general, faster is not always better, for example in scheduling theory. Furthermore, there is an extended research about the notion of “faster” in the field of process algebras (see =-=[LV04]-=- for example) which shows that it is better if you impose only upper bounds on the delays, exactly as in the AASAP semantics. 10s5 Implementability of the AASAP semantics In this section, we show that... |

4 |
Timed vs. time triggered automata
- Kr£ál, Mokrushin, et al.
- 2004
(Show Context)
Citation Context ...red programs. In our approach, tasks that are computing expensive, should be modeled explicitly (with their worst-case execution time for example). This is coherent with the approach they propose. In =-=[KMTY04]-=-, the authors agree that an event must remain observable during some (usually small but not singular) period. They propose a digitalized semantics for timed automata in order to model the fact that th... |

1 | s3 k , s1k ) ∈ R (H3), we know that there exists s1k+1 such that - As |

1 | see (S21) in definition 8?). So that ((s1 k , s2 k ), σ, (s1 k+1 , s2 k+1 )) ∈→1,2 since σ ∈ Σ3 out ∪ Σ2 out ∪ R≥0 and Σ3 out = Σ2 - unknown authors |

1 | see1 (S21) in definition 8?) So that ((s1k , s2k ), σ, (s1k+1 , s2k+1 )) ∈→1,2 since σ ∈ Σ3 τ and Σ3 τ ⊆ Σ1 τ - unknown authors |

1 | iff s is n-reachable in T for some n) By (J2) and (J4), RefT 3(s3 1 ) = RefT 1(s11 ) and σ ∈ RefT 1(s11 ). In summary, we have (s11 , s21 ) ∈ Reach(T 1�T 2 ), σ ∈ Σ2 out, and s2 2 ∈ S2 such that (s2 1, σ, s2 2) ∈→2 and σ ∈ RefT 2(s2 1). This is in contrad - Proof |

1 | Assume there exists (s 3 1, s 2 1) ∈ Reach(T 3 �T 2 ) ∩ {(s 3 , s 2 ) | s 3 ∈ S 3 ∧ s 2 ∈ B}. Then s 2 1 ∈ B. By lemma 2, there exists s1 1 such that (s1 1 , s2 1 ) ∈ Reach(T 1 �T 2 ) ((since s ∈ Reach(T ) iff s is n-reachable in T for some n)). So that ( - unknown authors |

1 | Edg 2 iff one of the following condition holds: • σ ∈ Lab 1 out and 1. there exists (l, l ′ , σ, g, R) ∈ Edg 1 2. b ′ = b 3. R ′ = R ∪ {d} • σ = ¯α ∈ Lab 1 in and 1. there exists (l, l ′ , α, g, R) ∈ Edg 1 2. b(α) = ⊤ 3. b ′ = b[α := ⊥] 4. R ′ = R ∪ {d} • - ∆g∆, R |