DSpace at VNU: An extension of Mazukiewicz Traces and their applications in specification of real-time systems

An extension of Mazukiewicz traces and their applications in specification ofreal-time systems University of Engineering and Technology Vietnam National University, Hanoi chieudv@hpu.edu.

An extension of Mazukiewicz traces and their applications in specification of

real-time systems

University of Engineering and Technology Vietnam National University, Hanoi chieudv@hpu.edu.vn,dvh@vnu.edu.vn

Abstract—This paper proposes a method for specification

of concurrency and timing constraints of real-time systems

The key idea of the proposed method is to extend the

Mazurkiewicz Traces with time in order to capture the

concurrency and timing constraints among the services of

systems The method is formal, effective for abstracting and

supporting automated checking

Keywords-Mazurkiewicz trace, timing constraint,

Asyn-chronous automaton, Duration automata, Distributed

Au-tomata

I INTRODUCTION

Trace theory has been recognized as an important

the-ory to provide a concrete mathematical underpinning for

the study of concurrent computation and process calculi

It was proposed by the classical works of Keller [1]

and Mazurkiewicz [2] The contributions of it include

combinatorial properties, formal languages, automata, and

logic It can specify the concurrency of systems with finite

representation [2], specially, can be definable by linear

temporal logic (LTL) formulas Thus, the trace theory is

often used to specify the protocol of concurrent systems

[3] However it does not provide support to specify

time systems with the timing constraints, specially in

real-time component-based systems (CBS)

In developing formal methods to specify the real-time

systems, we need to deal with the problem of specifying

timing constraints To do this, in [4], the authors used a

theory of timed automata that each automaton is equivalent

with a component of system and a system is a network

of timed automata This method is too complex, difficult

to use and has some exponential problems in verification

[5] In some systems - specially in embedded systems,

the timing constraints are mainly constraints of duration

execution time of services [6]

The aim of our work is to develop a method that

can not only specify real-time systems at hight level

of abstraction but also support model checking of the

system automatically We propose a method to specify

real-time systems as an extension of the Mazurkiewicz

traces so that it can specify the concurrency and timing

constraints with finite, compact representations and be

definable by LTL formulas We describe the main idea of

our approach as follows We introduce an independence

relation between methods, and consider an interaction

protocol of system as a set of the Mazurkiewicz traces

according to the introduced dependence relation In this

way, the concurrency can be specified by the traditional

Figure 1 A dependence Alphabet

interleaving in the interface of components To specify the time constraints, we extend Mazurkiewicz traces with time labels for each letter occurrence to denote the time distance to the previous letter occurrence it depends on With this extension the Marzurkiewiczs traces become Mazurkiewicz timed traces And we will also show that the technique is simple, formal and abstract and supports the automated checking

The rest of this paper is organized as follows We first review some standard notations of the trace theory and asynchronous automata in Section 2 Section 3 introduces the concept of timed Trace and timed Trace language Section 4 presents some concepts of network of duration automata and the relation to regular timed trace language Finally, we conclude the paper and show the future work

in Section 5

II MAZURKIEWICZTRACES ANDASYNCHRONOUS

AUTOMATA

We recall some standard notations from trace theory taken from [7], [8], [9] and some examples from [10] A dependence alphabet is a pair ( Σ, D) where the alphabet

Σ is a finite set and the dependence relation D ⊆ Σ×Σ is

reflexive and symmetric The independence relation I is the complement of D, and we call (Σ, I) to be independence alphabet For A⊆ Σ, the set of letters dependent on A is

denoted byD (A) = {b ∈ Σ|(a, b) ∈ D for some a ∈ A}.

Example 1: Let us consider the independence alphabet (Σ, I) with a set of actions Σ = {a, b, c, d} and the independence relation I = {(a, d), (d, a), (b, c), (c, b)}.

The dependence graphG(Σ, D) is isomorphic to the one

shown in Figure 1

A Mazurkiewicz trace is an equivalence class of a labelled partial order t = [V, ≤, λ] where V is a set of

vertices labelled by λ : V → Σ and ≤ is a partial order

over V satisfying the following conditions: For allx ∈ V ,

2010 Second International Conference on Knowledge and Systems Engineering

Figure 2 An Diagram of a Mazurkiewicz trace

the downward set↓x= {y ∈ V |y ≤ x} is finite (and we

call to be history of event x), and for all (x, y) ∈ V we

have that (λ(x), λ(y)) ∈ D implies x ≤ y or y ≤ x, and

that x y implies (λ(x), λ(y)) ∈ D, where  ˆ= ≤ \ ≤2

where≤2 denotes the relational product of≤ with itself,

i.e., ≤2= {(x, z)|∃y(x, y) ∈≤ and (y, z) ∈≤}, is the

immediate successor relation in t For x ∈ V , we also

define ↑x= {y ∈ V |x ≤ y} and ⇑x= {y ∈ V |x < y}

-the future of x

Example 2: Let us consider the independence alphabet

(Σ; I) with a set of actions Σ = {a, b, c, d} and the

independence relation I = {(a, d), (d, a), (b, c), (c, b)}.

Then, the poset shown in Figure 2 is a trace

The tracet is finite if V is finite and we denote the set

of finite traces byM(Σ, D) (or simply M) By R(Σ, D)

(or simplyR), we denote the set of finite or infinite traces

(also called real traces) We writealph (t) = λ(V ) for the

alphabet oft and we let alphinf (t) = {a ∈ G|λ −1 (a) is

infinite} be the set of letters occurring infinitely often in

t.

We define the concatenation for tracest1= [V l , ≤1, λ1]

andt2= [V2, ≤2, λ2], provided alphinf(t1)×alph(t2) ⊆

I It is given by t1.t2= [V, ≤, λ] where V is the disjoint

union of V1 and V2,λ = λ1∪ λ2, and ≤ is the transitive

closure of the relation ≤1 ∪ ≤2 ∪(V1× V2∩ λ −1 (D)).

The setM of finite traces is then a monoid with the empty

trace1 = (∅, ∅, ∅) as unit If we can write t = rs, then r

is a prefix oft and s is a suffix of t.

We denote bymin (t) the set of minimal vertices of t.

We let R1 = {t ∈ R||min(t)| = 1} be the set of traces

with exactly one minimal vertex

We also use min (t) for the set λ(min(t)) of labels

of the minimal vertices of t, and similarly for max (t).

What we actually mean is always clear from the context

Ift = [V, ≤, λ] ∈ R is a real trace and x ∈ V is a vertex

then we also write x ∈ t instead of x ∈ V

A cut of t is a maximal set of incomparable vertexes

in V So, min (t) is a cut of t Since Σ is finite, and

since I is irreflexive, a cut of t is finite If t is finite,

Figure 3 An asynchronous automaton

max (t) = {e ∈ V |e  e < e  } is also a cut of t When t

is infinite (not finite), max (T ) does not exists.

A trace p is called a prime, if it is finite and has a

unique maximal element The set of all primes in R is denoted by P We have P ⊆ R, whereas R1 contains infinite traces (if

As in [8] we call Σ = {Σ1, ,Σm } a distributed

alphabet, and Γ = {Γ1, ,Γm } a distributed interval

alphabet where T j = {(a, J(a))|a ∈ Σ j } Let Γ =

∪ j∈P rOCΓj } In the sequel we win use the following

notations As usual, Σ∗ and Σω denote the set of finite and infinite words over Σ respectively, and Σ∞ denotes

Σ∗ ∪ Σ ω For ω ∈ Σ ω , proj i (ω) denotes the projection

of the word ω on Σi; and pref (ω) denotes the set of

all prefixes of ω For a set {S j } j ∈ P roc, and a ∈ Σ

with loc (a) = {j i , j2, , j k } we denote by S P roc the

Cartesian product 

j∈P roc S j, and by S a the Cartesian product S j1 × S j2 × × S jk }.

Definition 1 An asynchronous automaton over

Σ is a structure A = ({S i } i∈P roc , {→ a }a ∈

Σ, S in , {F i } i∈P roc , {G i } i∈P roc) where:

• EachS i is a finite set of i-local states,

• → a ⊂ S a × S a for each a is a set of a-transitions,

• F i , G i are subsets of S i for eachi ∈ P roc.

To define the behavior of A we first define a global

transition relation → A ⊆ Sproc × Σ × Sproc of A as: (s, a, s  ) ∈→ A iff there exists a transitions a → a s  a such that s (i) = s a (i) and s  (i) = s 

a (i) for every i ∈ loc(a),

ands (j) = s  (j) for j /∈ loc(a) When (s, a, s  ) ∈→ A we write s → s a 

Example 3 An asynchronous automaton over ({a,b}, {b,c}) that is not deterministic is illustrated in Figure 3

where b-synchronizing transitions are joined by dashed lines Thus, its transitions are shown in Table 1

Table 1 The transitions of the asynchronous

automaton from Figure 3

(s0, ∗) −→ (sa 0, ∗)

(s0, ∗) a

−→ (s1, ∗)

(s1, ∗) a

−→ (s1, ∗)

(s1, t0) −→ (sb 1, t0)

(s1, t1) b

−→ (s1, t1)

(∗, t0) c

−→ (∗, t0)

(∗, t0) −→ (∗, tc 1)

(∗, t1) c

−→ (∗, t1)

A run on a wordω toΣω is a mapρ : pref(ω) → S P roc

defined by:

• ρ () ∈ S in,

• for each prefix τ a of ω, ρ (τ) → a A ρ (τa).

The run p is an accepting run iff for eachj ∈ P roc either:

• P roj j (ω) is finite, and ρ(ω  )(j) ∈ F j where ω  ∈

P ref ix (ω) and P roj j (ω  ) = P roj j (ω), or

• P roj j (ω) is infinite, and ρ(τ)(j) ∈ G j, for infinitely

manyτ ∈ prefix(ω).

Whenρ is an accepting run on ω, we say that ω is accepted

by A The set of all accepted words of A forms the

language accepted byA and is denoted by L sym (A).

A word in Σω is associated with a trace over (Σ, D)

by the mapping wtot: Σω → T r(Σ, D) defined as: for

ω ∈ Σ ω , wtot (ω) is (the equivalence class of) [V, ≤, λ]

where:

• V = pref(ω) − {e}.

• ≤ is the least partial order over V satisfying that for

τ a, τ  b ∈ V if τa is a prefix of τ  b and if (a, b) ∈ D

then τ a ≤ τ  b,

• λ (τa) = a.

In [10], wtot is well-defined

Therefore,ω is a linearization of wtot (ω) and wtot(ω)

represents the dependence between letter occurrences inω

according to the dependence relationD This partial order

represents a concurrent behaviour of the automaton To be

complete we define the mappingttow : T r(Σ, D) → Σ ∞

as

ttow ([V, ≤, λ]) ˆ={λ(δ)|δ is a linearization of (V ≤)}.

The map ttow is extended to be defined on trace

languages as follows: for any trace language L over(Σ, D)

ttow (L) ˆ= 

T ∈L ttow (T )

Example 4: The trace obtained by wtot(acbdacb)

ap-plied to the word acbdacb is shown in Figure 4

A regular (accepted by a B¨uchi automaton) language

L ⊆ Σ ω is consistent iff for anyω ∈ L, for any ω  ∈ Σ ω

we have that wtot (ω) = wtot(ω  ) implies ω  ∈ L For

such a regular languageL we also call L an ω − regular

consistent language overΣ It is obvious that for such a

languageL we have ttow (wtot(L)) = L.

The following result due to Gastin and Petit [11] is a

generalisation to infinite word languages from Zielonka’s

result in [12]

Theorem 1 Let L ⊆ Σ ω Then L is an ω − regular

consistent language over Σ if and only if L is accepted

by a distributed automaton over Σ

Therefore, if a wordω ∈ Σ ω is accepted byA then any

ωttow (wtot(ω)) is also accepted by A In fact, A accepts

the tracewtot (ω) We define the trace language accepted

byA as T rL (A) ˆ=wtot(L sym (A)).

III TIMEDTRACE

Let time be continuous and represented as the set of

non-negative realR≤0 Let ≤ also represents the natural

Figure 4 wtot(acbdacb)

ordering in R≤0 without the fear of confusion since its meaning is clear from the context As for the case of words, we add a labelling functionθ to associate a vertex

of a trace with a time point in R≤0 Definition 2 A timed trace over(Σ, D) is a pair (T, θ)

where

• T = [V, ≤, λ] is a trace over (Σ, D),

• θ : V → R ≤0 satisfying:

– e < e  ⇒ θ(e) ≤ θ(e ) (time should respect the causality)

– if T is infinite, for any t ≥ 0, there is a cut C of

T such thatmin{θ(e)|e ∈ C} ≥ 0 (time should

be progress and divergent)

A linearizationδ of (V, ≤) respects θ iff e precedes e’

inδ implies δ (e) < δ(e  ) For a timed trace ([V, ≤, λ], θ)

lettword ([V, ≤, λ], θ) be the set {(λ, θ)(δ)|δ is a linearization of (V, ≤) respecting θ},

where (λ, θ)(e1e2 ) ˆ=(λ(e1), θ(e1)(λ(e2), θ(e2))

Unlike the setting in [8] here we allow that at a time point a finite sequence of actions can take place This is compatible with the commonly accepted synchrony hypothesis saying that communication and computation take no time and correspond to instantaneous actions Therefore, it could be that e less than e’ butθ (e) = θ(e )

A set of timed traces over(Σ, D) is called a timed trace

language For our specification purpose, we are interested

in finite representations of timed trace languages which correspond to the real-time and concurrent behaviours of the system under the specification

IV NETWORK OFDURATIONAUTOMATA AND

REGULARTIMEDTRACELANGUAGES

Automata are natural facilities to recognize languages For timed trace languages, because of the presence of the concurrency and real-time, we need networks of timed automata to represent For simplicity we just consider special kind of timed automata called duration automata by

us [13] or interval automata by Deepak D’Souza [8] Let

P roc = {1, 2, , m} be a set of process indexes Let the

dependence alphabet(Σ, D) be such that Σ = ∪ j∈P rocΣj

and D = {(a, b)|∃j.{a, b} ⊂ Σ j } This means that two

actions inΣ are dependent iff they belong two the same

process Fora ∈ Σ let loc(a) = {j ∈ P roc|a ∈ Σ j }.

Let intv be the set of all time intervals over R≥0,

intv ˆ={[l, u]|l ∈ R ≥0 ∧ u ∈ R ≥0 ∪ {∞} Let J i: Σi →

intv be a function that associates a time interval to

each a ∈ Σ, and J(a) ˆ=(J i (a)) j∈loc(a) J (a) could be

interpreted as a time constraint for the execution time of

the action a in each process that involved ina.

The triple (Σ, D, J) represents the static information

about timing and concurrency of a system Let T =

[V, ≤, λ] be a trace over (Σ, D) We call the pair (T, J)

an interval trace over (Σ, D) The interval trace (T, J)

represents a class of timed traces in the following ways

A timed trace (T, θ) is said to satisfy the interval trace

(T, J) iff for all e ∈ V , for all e   e, we have

θ (e) − θ(e  ) ∈ J i (λ(e)), where i is the unique process

for which{λ(e), λ(e  )} ⊆ Σ i In word, the time distance

from any event e to all its immediate preceders should

satisfy the time constraintJ (e) associated to e.

Definition 3 Given J : Σ → intv and a trace T = [V, ≤

, λ]

• The pair(T, J) is called an interval trace.

• The timed trace language defined by the interval

trace (T, J), denoted by ttr(T, J) is defined as

{(T, θ)|(T, θ) is a timed trace and ∀e ∈ V ∀e  ∈

e λ (e  ) ∈ Σ i ⇒ θ(e  ) ∈ J i (λ(e))}.

Note thatttr (T, J) could be empty This is because that

the constraints specified by J are inconsistent

Let J be an interval assignment for the elements ofσ.

GivenJ as above, we now define a duration distributed

automaton as a distributed automaton added with a

du-ration time constraint J (a) = (J i (a)) i∈loc(a) for each

a − transition.

Definition 4 A duration distributed automaton is a pair

(A, J) where A is a distributed automaton.

We now define when a timed word is accepted by(A, J)

directly to justify our interpretation of time constraints for

interval traces

A run on a timed word ω ∈ (Σ × R ≥0)ω is a map

ρ : pref(ω) → S P roc defined by:

• ρ () ∈ S in,

• for all prefix τ (a, t) of ω, ρ(τ) → a A ρ (τa) and t −

time i (τ) ∈ J i (a) for all i ∈ loc(a) where for a time

wordτ = ω  (b, t  )ω” such that b ∈ Σ and ω” has no

occurrence of a symbol inΣi, we definetime i (τ) ˆ=t 

The run ρ is an accepting run iff for each j ∈ P roc

either

• P roj j (ω) is finite, and ρ(ω  )(j) ∈ F j, where ω  ∈

P ref (ω) andP roj j (ω  ) = P roj j (ω), or

• P roj j (ω) is infinite and ρ(τ)(j) ∈ G j, for infinitely

manyτ ∈ pref(ω).

When ρ is an accepting run on timed word ω we

say that ω is accepted by (A, J) The set of all timed

words accepted by duration distributed automaton (A, J)

is called timed language accepted by(A, J) and denoted

bytL (A, J) Like for the untimed case [14], we have:

Theorem 2: tL (A, J) =T ∈T rL(A) tword (ttr(T, J)).

We therefore, give the following definition

Definition 5 Timed trace language accepted by a duration distributed automaton (A, J) is defined as

tT rL (A, J) ˆ=T ∈T rL(A) ttr (T, J).

Since the emptiness is decidable effectively for asyn-chronous automata [12], [8], it is also decidable effectively for asynchronous duration automata In addition, duration automata (or interval automata) is just only a special kind of timed automata [8], so as in [15], it can be checked automatic with uppall model checker Therefore, specification by using interval traces also supports the automatic check

V CONCLUSION

We have presented a method for specification of real-time systems The key idea of this method is an extension

of the Mazurkiewicz Traces with time in order to capture the concurrency and timing constraints among services of systems We have showed that the timed trace language

is equivalent to the language of an asynchronous duration automaton By using the proposed method, the behaviour

of a system can be easy to specify with timing and concurrency constraints by timed Mazurkiewicz traces, and can be checked automatically

When using timed trace language to specify the real-time system, we need a technique to specify logical properties of the language and to verify if a property is satisfied by the system A popular technique to specify properties of reactive systems is LTL This logic has been extended to reason about trace languages in [7], [14] and their earlier work We are going to extend their LTL with time to specify properties of timed trace languages Moreover, by using timed trace and their relation with LTL and interval automata, we will propose a model that

is based on rCOS [16], [3], [13] to become a complete method for modelling real-time component based systems

ACKNOWLEDGMENT

This work is partly supported by the research project

No QGTD.09.02 granted by Vietnam National University, Hanoi

REFERENCES [1] R M Keller, “Parallel program schemata and maximal

parallelism i fundamental results,” J ACM, vol 20, no 3,

pp 514–537, 1973

[2] A Mazurkiewicz, “Trace theory,” in Advances in Petri nets

1986, part II on Petri nets: applications and relationships

to other models of concurrency. New York, NY, USA: Springer-Verlag New York, Inc., 1987, pp 279–324 [3] Z Liu, H Jifeng, and X Li, “rcos: A refinement calculus for object systems,” Theoretical Computer Science, Tech Rep., 2006

[4] R Alur and D L Dill, “A theory of timed automata,” Theor Comput Sci., vol 126, no 2, pp 183–235, 1994.

[5] K G Larsen, P Pettersson, and W Yi, “Model-checking for real-time systems,” 1995, pp 62–88

[6] L D Hung and D V Hung, “Timing and concurrency spec-ification in component-based real-time embedded systems

development,” in TASE ’07: Proceedings of the First Joint IEEE/IFIP Symposium on Theoretical Aspects of Software Engineering. Washington, DC, USA: IEEE Computer Society, 2007, pp 293–304

[7] V Diekert and P Gastin, “From local to global temporal

logics over mazurkiewicz traces,” Theor Comput Sci., vol.

356, no 1, pp 126–135, 2006

[8] D D’Souza, “A logical study of timed distributed automata, phd thesis,” 2000

[9] B Bollig, Formal Models of Communicating Systems: Languages, Automata, and Monadic Second-Order Logic (Texts in Theoretical Computer Science An Eatcs Series).

Secaucus, NJ, USA: Springer-Verlag New York, Inc., 2006 [10] V D F F Mathematik, I Und, N D Rheinisch-westflischen, T Hochschule, A Erlangung, M Leucker,

M Leucker, B Prof, D K Indermark, P Dr, W Thomas, and T D M Prfung, “Logics for mazurkiewicz traces,” 2002

[11] P Gastin and A Petit, “Asynchronous cellular automata

for infinite traces,” in ICALP ’92: Proceedings of the 19th International Colloquium on Automata, Languages and Programming. London, UK: Springer-Verlag, 1992, pp 583–594

[12] W Zielonka, “Notes on finite asynchronous automata,” ITA,

vol 21, no 2, pp 99–135, 1987

[13] D V Hung and B V Anh, “Model checking real-time

component based systems with blackbox testing,” in RTCSA

’05: Proceedings of the 11th IEEE International Confer-ence on Embedded and Real-Time Computing Systems and Applications. Washington, DC, USA: IEEE Computer Society, 2005, pp 76–79

[14] P S Thiagarajan and I Walukiewicz, “An expressively complete linear time temporal logic for mazurkiewicz

traces,” Inf Comput., vol 179, no 2, pp 230–249, 2002.

[15] J Bengtsson and W Yi, “Timed automata: Semantics,

algorithms and tools,” in Lectures on Concurrency and Petri Nets, 2003, pp 87–124.

[16] H Jifeng, Z Liu, and L Xiaoshan, “Contract-oriented component software development,” UNU/IIST, P.O Box

3058, Macao SAR, Tech Rep., 2003