On Time Petri Nets and Scheduling - Conférences … · On Time Petri Nets and Scheduling Didier Lime IRCCyN / ´Ecole Centrale de Nantes 5 septembre 2007 Didier Lime (IRCCyN / ECN)
Post on 14-Sep-2018
221 Views
Preview:
Transcript
On Time Petri Nets and Scheduling
Didier Lime
IRCCyN / Ecole Centrale de Nantes
5 septembre 2007
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 1 / 48
Plan I
Introduction
Time Petri Nets with Stopwatches (and more)Petri Nets and ExtensionsTime Petri NetsScheduling Time Petri Nets
Abstractions for Scheduling-TPNsThe State Class GraphPolyhedra On Demand!
Verifying propertiesObserversModel-checking
Conclusion and Future Work
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 2 / 48
Introduction
Plan I
Introduction
Time Petri Nets with Stopwatches (and more)
Abstractions for Scheduling-TPNs
Verifying properties
Conclusion and Future Work
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 3 / 48
Introduction
Introduction
◮ Results in this talk owe credit to Olivier H. Roux, BernardBerthomieu, Morgan Magnin and Francois Vernadat;
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 4 / 48
Introduction
Introduction
◮ Results in this talk owe credit to Olivier H. Roux, BernardBerthomieu, Morgan Magnin and Francois Vernadat;
◮ Verification of real-time systems is a tough problem: time,uncertainty, complex synchronizations, preemptive scheduler,distribution. . .
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 4 / 48
Introduction
Introduction
◮ Results in this talk owe credit to Olivier H. Roux, BernardBerthomieu, Morgan Magnin and Francois Vernadat;
◮ Verification of real-time systems is a tough problem: time,uncertainty, complex synchronizations, preemptive scheduler,distribution. . .
◮ A lot of work has been devoted to analytical results ofschedulability, giving worst-case response-time for tasks;
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 4 / 48
Introduction
Introduction
◮ Results in this talk owe credit to Olivier H. Roux, BernardBerthomieu, Morgan Magnin and Francois Vernadat;
◮ Verification of real-time systems is a tough problem: time,uncertainty, complex synchronizations, preemptive scheduler,distribution. . .
◮ A lot of work has been devoted to analytical results ofschedulability, giving worst-case response-time for tasks;
◮ They are very good with simple settings;
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 4 / 48
Introduction
Introduction
◮ Results in this talk owe credit to Olivier H. Roux, BernardBerthomieu, Morgan Magnin and Francois Vernadat;
◮ Verification of real-time systems is a tough problem: time,uncertainty, complex synchronizations, preemptive scheduler,distribution. . .
◮ A lot of work has been devoted to analytical results ofschedulability, giving worst-case response-time for tasks;
◮ They are very good with simple settings;
◮ They are not so good with precedences, timing uncertainties,distribution, . . .
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 4 / 48
Introduction
A well-known paradox
τ1
0 5 10 15 20
τ4
0 5 10 15 20
τ3
0 5 10 15 20
τ2
0 5 10 15 20
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 5 / 48
Introduction
A well-known paradox
τ1
0 5 10 15 20
τ4
0 5 10 15 20
τ3
0 5 10 15 20
τ2
0 5 10 15 20
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 6 / 48
Time Petri Nets with Stopwatches (and more)
Plan I
Introduction
Time Petri Nets with Stopwatches (and more)Petri Nets and ExtensionsTime Petri NetsScheduling Time Petri Nets
Abstractions for Scheduling-TPNs
Verifying properties
Conclusion and Future Work
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 7 / 48
Time Petri Nets with Stopwatches (and more) Petri Nets and Extensions
Petri Nets
p1 p2
p3
p4
t1 t3
t2
• • •
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 8 / 48
Time Petri Nets with Stopwatches (and more) Petri Nets and Extensions
Petri Nets
p1 p2
p3
p4
t1 t3
t2
•
•
if M ≥ •t then M ′ = M − •t + t•
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 8 / 48
Time Petri Nets with Stopwatches (and more) Petri Nets and Extensions
Petri Net Example: Basic Semaphore Synchronization
P2 P4
P3P1
Psem
TsemV TsemP
T1 T2
• •
(τ1) (τ2)
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 9 / 48
Time Petri Nets with Stopwatches (and more) Petri Nets and Extensions
Petri Net Example: Mutual Exclusion
sc
P1
Psem
sc
P3
semV
semP
semV
semP
• •
•
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 10 / 48
Time Petri Nets with Stopwatches (and more) Petri Nets and Extensions
Petri Net Example: Peterson’s Algorithm
P:d ← false
loop
<non critical section>
d ← true
turn ← 1
wait(¬d ′∨ turn= 0)<critical section>
d ← false
end loop
P ′:
d ′ ← false
loop
<non critical section>
d ′ ← true
turn ← 0
wait(¬d∨ turn= 1)<critical section>
d ′ ← false
end loop
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 11 / 48
Time Petri Nets with Stopwatches (and more) Petri Nets and Extensions
Petri Net Example: Peterson’s Algorithm
P1
P2
sc
d0 d1
d ′
0 d ′
1
turn0 turn1
update
waitwait′
endsc
• •
•
•
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 12 / 48
Time Petri Nets with Stopwatches (and more) Petri Nets and Extensions
Petri Net Example: Peterson’s Algorithm
P1
P2
sc
d0 d1
d ′
0 d ′
1
turn0 turn1
update
waitwait′
endsc
•
•
•
•
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 12 / 48
Time Petri Nets with Stopwatches (and more) Petri Nets and Extensions
Petri Net Example: Peterson’s Algorithm
P1
P2
sc
d0 d1
d ′
0 d ′
1
turn0 turn1
update
waitwait′
endsc
•
•
•
•
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 12 / 48
Time Petri Nets with Stopwatches (and more) Petri Nets and Extensions
Petri Net Example: Peterson’s Algorithm
P1
P2
sc
d0 d1
d ′
0 d ′
1
turn0 turn1
update
waitwait′
endsc
•
•
•
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 12 / 48
Time Petri Nets with Stopwatches (and more) Petri Nets and Extensions
Read Arcs
P0 P0
T0 T0
• •
if M ≥ •t and M ≥ ⋄t then M ′ = M − •t + t•
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 13 / 48
Time Petri Nets with Stopwatches (and more) Petri Nets and Extensions
Inhibitor Arcs
P0 P1
T0
• •
if M ≥ •t and M < ◦t then M ′ = M − •t + t•
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 14 / 48
Time Petri Nets with Stopwatches (and more) Petri Nets and Extensions
Petri Net Example: Fixed Priority Scheduling
(non-preemptive)
P0 P1 P2
P ′
0 P ′
1 P ′
2
Pe
T0 T1 T2
Tin0 Tin1 Tin2
T ′
0 T ′
1 T ′
2
•
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 15 / 48
Time Petri Nets with Stopwatches (and more) Time Petri Nets
Time Petri Nets
p1 p2
p3
p4
t1 t3
t2
• • •
A Petri Net
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 16 / 48
Time Petri Nets with Stopwatches (and more) Time Petri Nets
Time Petri Nets
p1 p2
p3
p4
t1[0, 1] t3[2, 3]
t2[1, 3]
• • •
A Time Petri Net
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 16 / 48
Time Petri Nets with Stopwatches (and more) Time Petri Nets
Time Petri Nets
p1 p2
p3
p4
t1[0, 1] t3[2, 3]
t2[1, 3]
• • •
A Time Petri Net
(
M0,t1 = 0,t3 = 0
)
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 16 / 48
Time Petri Nets with Stopwatches (and more) Time Petri Nets
Time Petri Nets
p1 p2
p3
p4
t1[0, 1] t3[2, 3]
t2[1, 3]
• • •
A Time Petri Net
(
M0,t1 = 0,t3 = 0
)
0.62−−→
(
M0,t1 = 0.62,
t3 = 0.62
)
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 16 / 48
Time Petri Nets with Stopwatches (and more) Time Petri Nets
Time Petri Nets
p1 p2
p3
p4
t1[0, 1] t3[2, 3]
t2[1, 3]
•
•
A Time Petri Net
(
M0,t1 = 0,t3 = 0
)
0.62−−→
(
M0,t1 = 0.62,
t3 = 0.62
)
t1−→(
M1,t1 = 0.62,t2 = 0
)
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 16 / 48
Time Petri Nets with Stopwatches (and more) Time Petri Nets
About newly enabled transitions
P1
t1 [0, 6]
t2 [0, 3]
•
Fire t1
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 17 / 48
Time Petri Nets with Stopwatches (and more) Time Petri Nets
About newly enabled transitions
P1
t1 [0, 6]
t2 [0, 3]
Fire t1t1 and t2 are not enabled by M − •t1
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 17 / 48
Time Petri Nets with Stopwatches (and more) Time Petri Nets
About newly enabled transitions
P1
t1 [0, 6]
t2 [0, 3]
•
Fire t1t1 and t2 are not enabled by M − •t1t1 and t2 are newly enabled
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 17 / 48
Time Petri Nets with Stopwatches (and more) Time Petri Nets
About newly enabled transitions
P1
t1 [0, 6]
t2 [0, 3]
••
Fire t1
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 17 / 48
Time Petri Nets with Stopwatches (and more) Time Petri Nets
About newly enabled transitions
P1
t1 [0, 6]
t2 [0, 3]
•
Fire t1t1 and t2 are enabled by M − •t1 but t1 is the fired transition
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 17 / 48
Time Petri Nets with Stopwatches (and more) Time Petri Nets
About newly enabled transitions
P1
t1 [0, 6]
t2 [0, 3]
••
Fire t1t1 and t2 are enabled by M − •t1 but t1 is the fired transitiont2 remains enabled, t1 is newly enabled
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 17 / 48
Time Petri Nets with Stopwatches (and more) Time Petri Nets
Time Petri Net Example: Fixed Priority Scheduling
(non-preemptive)
P0 P1 P2
P ′
0 P ′
1 P ′
2
Pe
T0[0, 0] T1[0, 0] T2[0, 0]
Tin0[2, 5] Tin1[0, 4] Tin2[1, 4]
T ′
0[1, 2] T ′
1[3, 3] T ′
2[4, 6]
•
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 18 / 48
Time Petri Nets with Stopwatches (and more) Time Petri Nets
TPN Example: Task Activation
Px
P1
Po
P2
P1 P1
Px
Tx [3, 3]
T1 [1, 2]
To [1, 1]
Tx [3, 3]
T1 [1, 2] T1 [1, 2]
Tx [0, 0]
•
•
•
(a) (b) (c)
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 19 / 48
Time Petri Nets with Stopwatches (and more) Time Petri Nets
Read Arcs and Time
P0
T0[3, 4]
T1[1, 2]
•
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 20 / 48
Time Petri Nets with Stopwatches (and more) Time Petri Nets
Read Arcs and Time
P0
T0[3, 4]
T1[1, 2]
•
Read should not be destructive:
(
M0,T0 = 0,T1 = 0
)
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 20 / 48
Time Petri Nets with Stopwatches (and more) Time Petri Nets
Read Arcs and Time
P0
T0[3, 4]
T1[1, 2]
•
Read should not be destructive:
(
M0,T0 = 0,T1 = 0
)
1.62−−→
(
M0,T0 = 1.62,T1 = 1.62
)
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 20 / 48
Time Petri Nets with Stopwatches (and more) Time Petri Nets
Read Arcs and Time
P0
T0[3, 4]
T1[1, 2]
•
Read should not be destructive:
(
M0,T0 = 0,T1 = 0
)
1.62−−→
(
M0,T0 = 1.62,T1 = 1.62
)
T0−→(
M0,T0 = 0,T1 = 0
)
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 20 / 48
Time Petri Nets with Stopwatches (and more) Time Petri Nets
Read Arcs and Time
P0 P0
T0[3, 4]
T1[1, 2]
T0[3, 4]
T1[1, 2]
6=
• •
Read should not be destructive:
(
M0,T0 = 0,T1 = 0
)
1.62−−→
(
M0,T0 = 1.62,T1 = 1.62
)
T0−→(
M0,T0 = 0,T1 = 0
)
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 20 / 48
Time Petri Nets with Stopwatches (and more) Time Petri Nets
From Read Arcs To Activator Arcs
P0 P1
P2
T0[3, 4] T1[1, 2] T2[0, 1]
• •
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 21 / 48
Time Petri Nets with Stopwatches (and more) Time Petri Nets
From Read Arcs To Activator Arcs
P0 P1
P2
T0[3, 4] T1[1, 2] T2[0, 1]
• •
Memory / No Memory:
(
M0,T0 = 0,T1 = 0
)
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 21 / 48
Time Petri Nets with Stopwatches (and more) Time Petri Nets
From Read Arcs To Activator Arcs
P0 P1
P2
T0[3, 4] T1[1, 2] T2[0, 1]
• •
Memory / No Memory:
(
M0,T0 = 0,T1 = 0
)
1.62−−→
(
M0,T0 = 1.62,T1 = 1.62
)
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 21 / 48
Time Petri Nets with Stopwatches (and more) Time Petri Nets
From Read Arcs To Activator Arcs
P0 P1
P2
T0[3, 4] T1[1, 2] T2[0, 1]
•
•
Memory / No Memory:
(
M0,T0 = 0,T1 = 0
)
1.62−−→
(
M0,T0 = 1.62,T1 = 1.62
)
T1−→ (M1,T2 = 0)
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 21 / 48
Time Petri Nets with Stopwatches (and more) Time Petri Nets
From Read Arcs To Activator Arcs
P0 P1
P2
T0[3, 4] T1[1, 2] T2[0, 1]
•
•
Memory / No Memory:
(
M0,T0 = 0,T1 = 0
)
1.62−−→
(
M0,T0 = 1.62,T1 = 1.62
)
T1−→ (M1,T2 = 0)
0.2−−→ (M1,T2 = 0.2)
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 21 / 48
Time Petri Nets with Stopwatches (and more) Time Petri Nets
From Read Arcs To Activator Arcs
P0 P1
P2
T0[3, 4] T1[1, 2] T2[0, 1]
• •
Memory / No Memory:
(
M0,T0 = 0,T1 = 0
)
1.62−−→
(
M0,T0 = 1.62,T1 = 1.62
)
T1−→ (M1,T2 = 0)
0.2−−→ (M1,T2 = 0.2)
T2−→(
M0,T0 = 0,
T1 = 0
)
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 21 / 48
Time Petri Nets with Stopwatches (and more) Time Petri Nets
From Read Arcs To Activator Arcs
P0 P1
P2
T0[3, 4] T1[1, 2] T2[0, 1]
•
•
Memory / No Memory:
(
M0,T0 = 0,T1 = 0
)
1.62−−→
(
M0,T0 = 1.62,T1 = 1.62
)
T1−→(
M1,T0 = 1.62,
T2 = 0
)
0.2−−→ (M1,T2 = 0.2)
T2−→(
M0,T0 = 0,
T1 = 0
)
0.31−−→
(
M0,T0 = 0.31,T1 = 0.31
)
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 21 / 48
Time Petri Nets with Stopwatches (and more) Time Petri Nets
From Read Arcs To Activator Arcs
P0 P1
P2
T0[3, 4] T1[1, 2] T2[0, 1]
•
•
Memory / No Memory:
(
M0,T0 = 0,T1 = 0
)
1.62−−→
(
M0,T0 = 1.62,T1 = 1.62
)
T1−→(
M1,T0 = 1.62,
T2 = 0
)
0.2−−→
(
M1,T0 = 1.62,
T2 = 0.2
)
T2−→(
M0,T0 = 0,
T1 = 0
)
0.31−−→
(
M0,T0 = 0.31,T1 = 0.31
)
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 21 / 48
Time Petri Nets with Stopwatches (and more) Time Petri Nets
From Read Arcs To Activator Arcs
P0 P1
P2
T0[3, 4] T1[1, 2] T2[0, 1]
• •
Memory / No Memory:
(
M0,T0 = 0,T1 = 0
)
1.62−−→
(
M0,T0 = 1.62,T1 = 1.62
)
T1−→(
M1,T0 = 1.62,
T2 = 0
)
0.2−−→
(
M1,T0 = 1.62,
T2 = 0.2
)
T2−→(
M0,T0 = 1.62,
T1 = 0
)
0.31−−→
(
M0,T0 = 0.31,T1 = 0.31
)
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 21 / 48
Time Petri Nets with Stopwatches (and more) Time Petri Nets
From Read Arcs To Activator Arcs
P0 P1
P2
T0[3, 4] T1[1, 2] T2[0, 1]
• •
Memory / No Memory:
(
M0,T0 = 0,T1 = 0
)
1.62−−→
(
M0,T0 = 1.62,T1 = 1.62
)
T1−→(
M1,T0 = 1.62,
T2 = 0
)
0.2−−→
(
M1,T0 = 1.62,
T2 = 0.2
)
T2−→(
M0,T0 = 1.62,
T1 = 0
)
0.31−−→
(
M0,T0 = 1.93,
T1 = 0.31
)
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 21 / 48
Time Petri Nets with Stopwatches (and more) Time Petri Nets
TPN with Stopwatches Example: Round-Robin Scheduling
P0 P1P2 P2
T0[3, 4] T1[2, 3]
Ts1[1, 1]
Ts2[1, 1]
• ••
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 22 / 48
Time Petri Nets with Stopwatches (and more) Time Petri Nets
TPN with Stopwatches Example: Round-Robin Scheduling
P0 P1P2 P2
T0[3, 4] T1[2, 3]
Ts1[1, 1]
Ts2[1, 1]
• ••
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 22 / 48
Time Petri Nets with Stopwatches (and more) Time Petri Nets
TPN with Stopwatches Example: Round-Robin Scheduling
P0 P1P2 P2
T0[3, 4] T1[2, 3]
Ts1[1, 1]
Ts2[1, 1]
• ••
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 22 / 48
Time Petri Nets with Stopwatches (and more) Time Petri Nets
Time Inhibitor Arcs: Fixed Priority Scheduling
(Preemptive)
P0 P1 P2
T0[1, 3] T1[4, 10] T2[2, 3]
Tin0[1, 3] Tin1[0, 2] Tin2[0, 1]
•
T0 =? T1 = 0 T2 =?
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 23 / 48
Time Petri Nets with Stopwatches (and more) Time Petri Nets
Time Inhibitor Arcs: Fixed Priority Scheduling
(Preemptive)
P0 P1 P2
T0[1, 3] T1[4, 10] T2[2, 3]
Tin0[1, 3] Tin1[0, 2] Tin2[0, 1]
•
T0 =? T1 = 0.22 T2 =?
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 23 / 48
Time Petri Nets with Stopwatches (and more) Time Petri Nets
Time Inhibitor Arcs: Fixed Priority Scheduling
(Preemptive)
P0 P1 P2
T0[1, 3] T1[4, 10] T2[2, 3]
Tin0[1, 3] Tin1[0, 2] Tin2[0, 1]
• •
T0 =? T1 = 0.22 T2 = 0
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 23 / 48
Time Petri Nets with Stopwatches (and more) Time Petri Nets
Time Inhibitor Arcs: Fixed Priority Scheduling
(Preemptive)
P0 P1 P2
T0[1, 3] T1[4, 10] T2[2, 3]
Tin0[1, 3] Tin1[0, 2] Tin2[0, 1]
• •
T0 =? T1 = 1.6 T2 = 0
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 23 / 48
Time Petri Nets with Stopwatches (and more) Time Petri Nets
Time Inhibitor Arcs: Fixed Priority Scheduling
(Preemptive)
P0 P1 P2
T0[1, 3] T1[4, 10] T2[2, 3]
Tin0[1, 3] Tin1[0, 2] Tin2[0, 1]
• • •
T0 = 0 T1 = 1.6 T2 = 0
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 23 / 48
Time Petri Nets with Stopwatches (and more) Time Petri Nets
Time Inhibitor Arcs: Fixed Priority Scheduling
(Preemptive)
P0 P1 P2
T0[1, 3] T1[4, 10] T2[2, 3]
Tin0[1, 3] Tin1[0, 2] Tin2[0, 1]
• • •
T0 = 1.5 T1 = 1.6 T2 = 0
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 23 / 48
Time Petri Nets with Stopwatches (and more) Time Petri Nets
Time Inhibitor Arcs: Fixed Priority Scheduling
(Preemptive)
P0 P1 P2
T0[1, 3] T1[4, 10] T2[2, 3]
Tin0[1, 3] Tin1[0, 2] Tin2[0, 1]
• •
T0 =? T1 = 1.6 T2 = 0
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 23 / 48
Time Petri Nets with Stopwatches (and more) Time Petri Nets
Time Inhibitor Arcs: Fixed Priority Scheduling
(Preemptive)
P0 P1 P2
T0[1, 3] T1[4, 10] T2[2, 3]
Tin0[1, 3] Tin1[0, 2] Tin2[0, 1]
• •
T0 =? T1 = 1.8 T2 = 0
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 23 / 48
Time Petri Nets with Stopwatches (and more) Time Petri Nets
The price of expressiveness
The reachability problem:
General case Bounded
Petri Nets decidable decidable
Petri Nets w/ Inhibitor undecidable[8] decidable
Time Petri Nets undecidable [9] decidable [1]
Stopwatch Time Petri Nets undecidable [2] undecidable[2]
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 24 / 48
Time Petri Nets with Stopwatches (and more) Scheduling Time Petri Nets
Scheduling Time Petri Nets
◮ A model in the class of Time Petri Nets w/ Stopwatches;
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 25 / 48
Time Petri Nets with Stopwatches (and more) Scheduling Time Petri Nets
Scheduling Time Petri Nets
◮ A model in the class of Time Petri Nets w/ Stopwatches;
◮ Dedicated to the modelling of preemptive scheduling policies;
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 25 / 48
Time Petri Nets with Stopwatches (and more) Scheduling Time Petri Nets
Scheduling Time Petri Nets
◮ A model in the class of Time Petri Nets w/ Stopwatches;
◮ Dedicated to the modelling of preemptive scheduling policies;
◮ Places and transitions are associated with tasks;
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 25 / 48
Time Petri Nets with Stopwatches (and more) Scheduling Time Petri Nets
Scheduling Time Petri Nets
◮ A model in the class of Time Petri Nets w/ Stopwatches;
◮ Dedicated to the modelling of preemptive scheduling policies;
◮ Places and transitions are associated with tasks;
◮ Tasks are given a processor and priority (or deadline or . . . );
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 25 / 48
Time Petri Nets with Stopwatches (and more) Scheduling Time Petri Nets
Scheduling Time Petri Nets
◮ A model in the class of Time Petri Nets w/ Stopwatches;
◮ Dedicated to the modelling of preemptive scheduling policies;
◮ Places and transitions are associated with tasks;
◮ Tasks are given a processor and priority (or deadline or . . . );
◮ Processors are given a scheduling policy.
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 25 / 48
Time Petri Nets with Stopwatches (and more) Scheduling Time Petri Nets
Scheduling Time Petri Nets
◮ A model in the class of Time Petri Nets w/ Stopwatches;
◮ Dedicated to the modelling of preemptive scheduling policies;
◮ Places and transitions are associated with tasks;
◮ Tasks are given a processor and priority (or deadline or . . . );
◮ Processors are given a scheduling policy.
◮ With the state of the net of progress rate for each transition iscomputed at each change of marking.
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 25 / 48
Time Petri Nets with Stopwatches (and more) Scheduling Time Petri Nets
Example: Fixed Priority Scehduling (Preemptive)
P0, γ = τ1 P1, γ = τ2 P2, γ = τ3
T0[1, 3] T1[4, 10] T2[2, 3]
Tin0[1, 3] Tin1[0, 2] Tin2[0, 1]
• ••
Proc(τ1) = 1Prio(τ1) = 3
Proc(τ2) = 1Prio(τ2) = 2
Proc(τ3) = 1Prio(τ3) = 1
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 26 / 48
Time Petri Nets with Stopwatches (and more) Scheduling Time Petri Nets
Example: Fixed Priority Scehduling (Preemptive)
P0, γ = τ1 P1, γ = τ2 P2, γ = τ3
T0[1, 3] T1[4, 10] T2[2, 3]
Tin0[1, 3] Tin1[0, 2] Tin2[0, 1]
• ••
Proc(τ1) = 1Prio(τ1) = 3
Proc(τ2) = 1Prio(τ2) = 2
Proc(τ3) = 1Prio(τ3) = 1
Flow(T0) = 1,Flow(T1) = 0,Flow(T2) = 0
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 26 / 48
Time Petri Nets with Stopwatches (and more) Scheduling Time Petri Nets
Example: Fixed Priority Scehduling (Preemptive)
P0, γ = τ1 P1, γ = τ2 P2, γ = τ3
T0[1, 3] T1[4, 10] T2[2, 3]
Tin0[1, 3] Tin1[0, 2] Tin2[0, 1]
• •
Proc(τ1) = 1Prio(τ1) = 3
Proc(τ2) = 1Prio(τ2) = 2
Proc(τ3) = 1Prio(τ3) = 1
Flow(T0) =?,Flow(T1) = 1,Flow(T2) = 0
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 26 / 48
Time Petri Nets with Stopwatches (and more) Scheduling Time Petri Nets
Example: Fixed Priority Scehduling (Preemptive)
P0, γ = τ1 P1, γ = τ2 P2, γ = τ3
T0[1, 3] T1[4, 10] T2[2, 3]
Tin0[1, 3] Tin1[0, 2] Tin2[0, 1]
•
Proc(τ1) = 1Prio(τ1) = 3
Proc(τ2) = 1Prio(τ2) = 2
Proc(τ3) = 1Prio(τ3) = 1
Flow(T0) =?,Flow(T1) =?,Flow(T2) = 1
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 26 / 48
Time Petri Nets with Stopwatches (and more) Scheduling Time Petri Nets
Example: Round-Robin
P0, γ = τ1 P1, γ = τ2 P2, γ = τ3
T0[1, 3] T1[4, 10] T2[2, 3]
Tin0[1, 3] Tin1[0, 2] Tin2[0, 1]
• ••
Proc(τ1) = 1Prio(τ1) = 1
Proc(τ2) = 1Prio(τ2) = 1
Proc(τ3) = 1Prio(τ3) = 1
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 27 / 48
Time Petri Nets with Stopwatches (and more) Scheduling Time Petri Nets
Example: Round-Robin
P0, γ = τ1 P1, γ = τ2 P2, γ = τ3
T0[1, 3] T1[4, 10] T2[2, 3]
Tin0[1, 3] Tin1[0, 2] Tin2[0, 1]
• ••
Proc(τ1) = 1Prio(τ1) = 1
Proc(τ2) = 1Prio(τ2) = 1
Proc(τ3) = 1Prio(τ3) = 1
Flow(T0) = 13 ,Flow(T1) = 1
3 ,Flow(T2) = 13
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 27 / 48
Time Petri Nets with Stopwatches (and more) Scheduling Time Petri Nets
Example: Round-Robin
P0, γ = τ1 P1, γ = τ2 P2, γ = τ3
T0[1, 3] T1[4, 10] T2[2, 3]
Tin0[1, 3] Tin1[0, 2] Tin2[0, 1]
• •
Proc(τ1) = 1Prio(τ1) = 1
Proc(τ2) = 1Prio(τ2) = 1
Proc(τ3) = 1Prio(τ3) = 1
Flow(T0) =?,Flow(T1) = 12 ,Flow(T2) = 1
2
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 27 / 48
Time Petri Nets with Stopwatches (and more) Scheduling Time Petri Nets
Example: Round-Robin
P0, γ = τ1 P1, γ = τ2 P2, γ = τ3
T0[1, 3] T1[4, 10] T2[2, 3]
Tin0[1, 3] Tin1[0, 2] Tin2[0, 1]
•
Proc(τ1) = 1Prio(τ1) = 1
Proc(τ2) = 1Prio(τ2) = 1
Proc(τ3) = 1Prio(τ3) = 1
Flow(T0) =?,Flow(T1) =?,Flow(T2) = 1
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 27 / 48
Time Petri Nets with Stopwatches (and more) Scheduling Time Petri Nets
Example: Round-Robin
P0, γ = τ1 P1, γ = τ2 P2, γ = τ3
T0[1, 3] T1[4, 10] T2[2, 3]
Tin0[1, 3] Tin1[0, 2] Tin2[0, 1]
•
Proc(τ1) = 1Prio(τ1) = 1
Proc(τ2) = 1Prio(τ2) = 1
Proc(τ3) = 1Prio(τ3) = 1
A fluid approach: minimize the number of discrete changes.
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 27 / 48
Time Petri Nets with Stopwatches (and more) Scheduling Time Petri Nets
Example: Earliest Deadline First
p1 γ = φ
p2 γ = τ1
p3 γ = τ1
p4 γ = τ2
t1 [10, 10]
t2 [1, 3]
t3 [3, 3]
t4 [2, 2]
•
•
Proc(τ1) = 1Deadline(τ1) = 10B(τ1) = {t1},E (τ1) = {t3}
Proc(τ2) = 1Deadline(τ2) = 8B(τ2) = {t2}E (τ2) = {t4}
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 28 / 48
Time Petri Nets with Stopwatches (and more) Scheduling Time Petri Nets
Example: Earliest Deadline First
p1 γ = φ
p2 γ = τ1
p3 γ = τ1
p4 γ = τ2
t1 [10, 10]
t2 [1, 3]
t3 [3, 3]
t4 [2, 2]
•
•
Proc(τ1) = 1Deadline(τ1) = 10B(τ1) = {t1},E (τ1) = {t3}
Proc(τ2) = 1Deadline(τ2) = 8B(τ2) = {t2}E (τ2) = {t4}
Flow(t1) = 1 Flow(t2) = 1 Flow(t3) =? Flow(t4) =?
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 28 / 48
Time Petri Nets with Stopwatches (and more) Scheduling Time Petri Nets
Example: Earliest Deadline First
p1 γ = φ
p2 γ = τ1
p3 γ = τ1
p4 γ = τ2
t1 [10, 10]
t2 [1, 3]
t3 [3, 3]
t4 [2, 2]
•
•
•
Proc(τ1) = 1Deadline(τ1) = 10B(τ1) = {t1},E (τ1) = {t3}
Proc(τ2) = 1Deadline(τ2) = 8B(τ2) = {t2}E (τ2) = {t4}
if t2 was fired before 2Flow(t1) = 1 Flow(t2) =? Flow(t3) = 0 Flow(t4) = 1if t2 was fired after 2Flow(t1) = 1 Flow(t2) =? Flow(t3) = 1 Flow(t4) = 0
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 28 / 48
Time Petri Nets with Stopwatches (and more) Scheduling Time Petri Nets
Example: Earliest Deadline First
p1 γ = φ
p2 γ = τ1
p3 γ = τ1
p4 γ = τ2
xτ1
xτ2
t1 [10, 10]
t2 [1, 3]
t3 [3, 3]
t4 [2, 2]
Dτ1 [10, 10]
Dτ2[8, 8]
•
•
•
Proc(τ1) = 1Deadline(τ1) = 10B(τ1) = {t1},E (τ1) = {t3}
Proc(τ2) = 1Deadline(τ2) = 8B(τ2) = {t2}E (τ2) = {t4}
if t2 was fired before 2Flow(t1) = 1 Flow(t2) =? Flow(t3) = 0 Flow(t4) = 1if t2 was fired after 2Flow(t1) = 1 Flow(t2) =? Flow(t3) = 1 Flow(t4) = 0
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 28 / 48
Time Petri Nets with Stopwatches (and more) Scheduling Time Petri Nets
Example: Earliest Deadline First
p1 γ = φ
p2 γ = τ1
p3 γ = τ1
p4 γ = τ2
xτ1
xτ2
t1 [10, 10]
t2 [1, 3]
t3 [3, 3]
t4 [2, 2]
Dτ1 [10, 10]
Dτ2[8, 8]
•
•
•
Proc(τ1) = 1Deadline(τ1) = 10B(τ1) = {t1},E (τ1) = {t3}
Proc(τ2) = 1Deadline(τ2) = 8B(τ2) = {t2}E (τ2) = {t4}
if Dτ2≤ Dτ1
Flow(t1) = 1 Flow(t2) =? Flow(t3) = 0 Flow(t4) = 1if Dτ1
< Dτ2
Flow(t1) = 1 Flow(t2) =? Flow(t3) = 1 Flow(t4) = 0Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 28 / 48
Abstractions for Scheduling-TPNs
Plan I
Introduction
Time Petri Nets with Stopwatches (and more)
Abstractions for Scheduling-TPNsThe State Class GraphPolyhedra On Demand!
Verifying properties
Conclusion and Future Work
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 29 / 48
Abstractions for Scheduling-TPNs
Abstractions
◮ Infinite state-space ⇒ Abstractions
◮ TPNs: Zone-based simulation graph [5]
◮ TPNs: State class graph [1]
◮ TPNs w/ stopwatches (IHTPNs,. . . ): State class graph [10, 11, 3]
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 30 / 48
Abstractions for Scheduling-TPNs The State Class Graph
Basic Algorithm
beginPassed = ∅Waiting = {C0}while Waiting 6= ∅
C = pop(Waiting)Passed = Passed ∪ Cfor t firable from C
C ′ = AbstractSuccessor(C, t)if C ′ 6∈ PassedWaiting = Waiting ∪ C ′
end ifend for
end whileend
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 31 / 48
Abstractions for Scheduling-TPNs The State Class Graph
State Class
C =
01021
,
TPNs: Zone (encoded by a Difference Bound Matrix (DBM) [dij ]i ,j∈[0..n]):{
−d0i ≤ θi−0 ≤ di0,
θi − θj ≤ dij
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 32 / 48
Abstractions for Scheduling-TPNs The State Class Graph
State Class
C =
01021
,
SwTPNs: General polyhedron: AΘ ≤ B
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 32 / 48
Abstractions for Scheduling-TPNs The State Class Graph
Over-approximation
C =
01021
,
Over-approximation using the smallest englobing zone
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 33 / 48
Abstractions for Scheduling-TPNs The State Class Graph
Over-approximation
C =
01021
,
Over-approximation using the smallest englobing zone
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 33 / 48
Abstractions for Scheduling-TPNs The State Class Graph
Computing the state class graph (normal)
Let C = (M,D) and D = (A.Θ ≤ B). We fire tf .
◮ M ′ = M − •tf + tf•
◮ D ′ is computed by:◮ for all enabled transitions ti s.t. Flow(ti) 6= 0, constrain by θf ≤ θi
◮ for all enabled transitions ti s.t. Flow(ti) 6= 0, θ′i = θi − θf
◮ eliminate variables for disabled transitions (e.g. using Fourier-Motzkinmethod [4])
◮ add new variables for newly enabled transitions ti :
α(ti ) ≤ θi ≤ β(ti )
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 34 / 48
Abstractions for Scheduling-TPNs The State Class Graph
Computing the state class graph (round-robin)
Let C = (M,D) and D = (A.Θ ≤ B). We fire tf .
◮ M ′ = M − •tf + tf•
◮ D ′ is computed by:◮ for all enabled transitions ti s.t. Flow(ti) 6= 0, constrain by θf ≤ θi
◮ for all enabled transitions ti s.t. Flow(ti) 6= 0, θ′i = θi −Flow(tj)Flow(tf )
θf
◮ eliminate variables for disabled transitions (e.g. using Fourier-Motzkinmethod [4])
◮ add new variables for newly enabled transitions ti :
α(ti ) ≤ θi ≤ β(ti )
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 35 / 48
Abstractions for Scheduling-TPNs The State Class Graph
Computing the state class graph (earliest deadline first)
Let C = (M,D) and D = (A.Θ ≤ B). We fire tf .
◮ M ′ = M − •tf + tf•
◮ D ′ is computed by:◮ for all enabled transitions ti s.t. Flow(ti) 6= 0, constrain by θf ≤ θi
◮ for all enabled transitions ti s.t. Flow(ti) 6= 0, θ′i = θi − θf
◮ eliminate variables for disabled transitions (e.g. using Fourier-Motzkinmethod [4])
◮ add new variables for newly enabled transitions ti :
α(ti ) ≤ θi ≤ β(ti )
◮ partition D with Dτ ≤ Dτ′ and Dτ > Dτ
′
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 36 / 48
Abstractions for Scheduling-TPNs The State Class Graph
Example
P1 P2
P3P4
t1 [4, 5] t2 [1, 1]
t3 [1, 2]t4 [2, 4]
• •
•
C0
C1
C2 C3
C4 C5
C6
T2
T3 T4
T4 T3
T1
T1
4 ≤ θ1 ≤ 5θ2 = 12 ≤ θ4 ≤ 4
3 ≤ θ1 ≤ 41 ≤ θ3 ≤ 21 ≤ θ4 ≤ 3
. . .
3 ≤ θ1
0 ≤ θ3 ≤ 1θ1 + θ3 ≤ 5
. . . . . .
. . .
{P1, P2, P4}
{P2, P3, P4}
{P1, P4} {P1, P3}
{P1} {P1}
∅
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 37 / 48
Abstractions for Scheduling-TPNs Polyhedra On Demand!
The Way of the Middle (1/2)
For IHTPNs:
◮ The polyhedron in the initial state class is always a zone.
◮ The successor of a non-zone polyhedron might be a zone
◮ The successor of a zone might not be a zone
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 38 / 48
Abstractions for Scheduling-TPNs Polyhedra On Demand!
The Way of the Middle (1/2)
For IHTPNs:
◮ The polyhedron in the initial state class is always a zone.
◮ The successor of a non-zone polyhedron might be a zone
◮ The successor of a zone might not be a zone
We want to start to compute with zones and fall back to generalpolyhedra when needed (and return to zones asap).
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 38 / 48
Abstractions for Scheduling-TPNs Polyhedra On Demand!
The Way of the Middle (1/2)
For IHTPNs:
◮ The polyhedron in the initial state class is always a zone.
◮ The successor of a non-zone polyhedron might be a zone(easy to check: O(n2))
◮ The successor of a zone might not be a zone(not so easy to check)
We want to start to compute with zones and fall back to generalpolyhedra when needed (and return to zones asap).
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 38 / 48
Abstractions for Scheduling-TPNs Polyhedra On Demand!
Abstractions: The Way of the Middle (2/2)
D = [dij ]i ,j∈[0..n] and (M ′,D ′) = AbstractSuccessor((M,D), tf ).
D ′ is not a zone iff there are at least three enabled transitions ti , tj , tk inD such that:
1. ti , tj , tk are not disabled when firing tf ;
2. Flow(ti ) 6= 0 and Flow(tk) 6= 0;
3. Flow(tj) = 0;
4. dj0 + dki > dk0 + dji or d0j − dik < d0k − dij
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 39 / 48
Abstractions for Scheduling-TPNs Polyhedra On Demand!
Abstractions: The Way of the Middle (2/2)
D = [dij ]i ,j∈[0..n] and (M ′,D ′) = AbstractSuccessor((M,D), tf ).
D ′ is not a zone iff there are at least three enabled transitions ti , tj , tk inD such that:
1. ti , tj , tk are not disabled when firing tf ;
2. Flow(ti ) 6= 0 and Flow(tk) 6= 0;
3. Flow(tj) = 0;
4. dj0 + dki > dk0 + dji or d0j − dik < d0k − dij
Complexity: O(n3)
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 39 / 48
Verifying properties
Plan I
Introduction
Time Petri Nets with Stopwatches (and more)
Abstractions for Scheduling-TPNs
Verifying propertiesObserversModel-checking
Conclusion and Future Work
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 40 / 48
Verifying properties Observers
Observing durations
p1 p3
p2 pobsp4
t1 [0, 4] t3 [5, 6]
t2 [3, 4] tobs [5, 5]t4 [0, 0]
• •
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 41 / 48
Verifying properties Observers
Observing durations
p1 p3
p2 pobsp4
t1 [0, 4] t3 [5, 6]
t2 [3, 4] tobs [5, 5]t4 [0, 0]
• •
There can be ≥ 5 t.u. between the firings of t1 and t2 iff tobs is fired.
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 41 / 48
Verifying properties Observers
Observing durations
p1 p3
p2 pobsp4
t1 [0, 4] t3 [5, 6]
t2 [3, 4] tobs [5, 5]t4 [0, 0]
• •
the max sojourn time of the token is max(M,D)∈Classes{5−min(D|tobs)}.
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 41 / 48
Verifying properties Model-checking
TCTL Model-checking
◮ Techniques for the verification of Timed Computation Tree Logic(TCTL) exist for TPNs ([6, 7]).
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 42 / 48
Verifying properties Model-checking
TCTL Model-checking
◮ Techniques for the verification of Timed Computation Tree Logic(TCTL) exist for TPNs ([6, 7]).
◮ They can be (easily) extended to work with SwTPNs.
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 42 / 48
Verifying properties Model-checking
TCTL Model-checking
◮ Techniques for the verification of Timed Computation Tree Logic(TCTL) exist for TPNs ([6, 7]).
◮ They can be (easily) extended to work with SwTPNs.
◮ One can check for instance AG (M(p2) ≥ 1)⇒ EF [0, 5](M(p2) = 0))(bounded response).
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 42 / 48
Verifying properties Model-checking
TCTL Model-checking
◮ Techniques for the verification of Timed Computation Tree Logic(TCTL) exist for TPNs ([6, 7]).
◮ They can be (easily) extended to work with SwTPNs.
◮ One can check for instance AG (M(p2) ≥ 1)⇒ EF [0, 5](M(p2) = 0))(bounded response).
◮ This is implemented ina Romeo!(http://romeo.rts-software.org)
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 42 / 48
Verifying properties Model-checking
TCTL Model-checking
◮ Techniques for the verification of Timed Computation Tree Logic(TCTL) exist for TPNs ([6, 7]).
◮ They can be (easily) extended to work with SwTPNs.
◮ One can check for instance AG (M(p2) ≥ 1)⇒ EF [0, 5](M(p2) = 0))(bounded response).
◮ This is implemented ina Romeo!(http://romeo.rts-software.org)
◮ Warning: It cannot express properties on stopwatches (responsetimes but not cumulated execution durations).
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 42 / 48
Conclusion and Future Work
Plan I
Introduction
Time Petri Nets with Stopwatches (and more)
Abstractions for Scheduling-TPNs
Verifying properties
Conclusion and Future Work
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 43 / 48
Conclusion and Future Work
Conclusion
◮ Time Petri Nets with Stopwatches (and more) are a very niceformalism for real-time systems modelling, including (preemptive)scheduling;
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 44 / 48
Conclusion and Future Work
Conclusion
◮ Time Petri Nets with Stopwatches (and more) are a very niceformalism for real-time systems modelling, including (preemptive)scheduling;
◮ Theoretical properties are not good but they are usable in practice!
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 44 / 48
Conclusion and Future Work
Conclusion
◮ Time Petri Nets with Stopwatches (and more) are a very niceformalism for real-time systems modelling, including (preemptive)scheduling;
◮ Theoretical properties are not good but they are usable in practice!
◮ Some tools exist including Romeo (IRCCyN, Nantes) and Tina
(LAAS, Toulouse).
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 44 / 48
Conclusion and Future Work
Future Work
Future work includes:
◮ Interaction with higher-level models and specifications languages;
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 45 / 48
Conclusion and Future Work
Future Work
Future work includes:
◮ Interaction with higher-level models and specifications languages;
◮ Discrete time semantics;
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 45 / 48
Conclusion and Future Work
Future Work
Future work includes:
◮ Interaction with higher-level models and specifications languages;
◮ Discrete time semantics;
◮ Parametric extensions;
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 45 / 48
Conclusion and Future Work
Future Work
Future work includes:
◮ Interaction with higher-level models and specifications languages;
◮ Discrete time semantics;
◮ Parametric extensions;
◮ Control problems.
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 45 / 48
Conclusion and Future Work
B. Berthomieu and M. Diaz.Modeling and verification of time dependent systems using time Petrinets.IEEE transactions on software engineering, 17(3):259–273, 1991.
B. Berthomieu, D. Lime, O.H. Roux, and F. Vernadat.Reachability problems and abstract state spaces for time petri netswith stopwatches.Journal of Discrete Event Dynamic Systems (jDEDS), 17(2):133–158,2007.
G. Bucci, A. Fedeli, L. Sassoli, and E. Vicario.Time state space analysis of real-time preemptive systems.IEEE transactions on software engineering, 30(2):97–111, February2004.
G.B. Dantzig.Linear programming and extensions.IEICE Transactions on Information and Systems, 1963.
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 46 / 48
Conclusion and Future Work
G. Gardey, O.H. Roux, and O.F. Roux.State space computation and analysis of time Petri nets.Theory and Practice of Logic Programming (TPLP). Special Issue onSpecification Analysis and Verification of Reactive Systems, 2005.to appear.
Guillaume Gardey.Rseaux de Petri temporels.PhD thesis, Universite de Nantes, Nantes, France, 2005.
Rachid Hadjidj and Hanifa Boucheneb.On-the-fly tctl model checking for time petri nets using state classgraphs.In Sixth International Conference on Application of Concurrency toSystem Design (ACSD’06), pages 111–122, 2006.
R. Janicki and M. Koutny.Semantics of inhibitor nets.Information and Computation, 123(1):1–15, 1995.
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 47 / 48
Conclusion and Future Work
N.D. Jones, L.H. Landweber, and Y.E. Lien.Complexity of some problems in Petri nets.Theoretical Computer Science 4, pages 277–299, 1977.
D. Lime and O.H. Roux.Expressiveness and analysis of scheduling extended time Petri nets.In 5th IFAC International Conference on Fieldbus Systems and theirApplications, (FET 2003), Aveiro, Portugal, July 2003. ElsevierScience.
O.H. Roux and D. Lime.Time Petri nets with inhibitor hyperarcs. Formal semantics and statespace computation.In Jordi Cortadella and Wolfgang Reisig, editors, The 25thInternational Conference on Application and Theory of Petri Nets,(ICATPN 2004), volume 3099 of Lecture Notes in Computer Science,pages 371–390, Bologna, Italy, June 2004. Springer-Verlag.
Didier Lime (IRCCyN / ECN) ETR 2007 5 septembre 2007 48 / 48
top related