Applications

1
Applications

• CS 5270 Lecture 7

2
Outline

• The Bounded Retransmission Protocol.
• The TTA model
• The verification issues
• Task arrival patterns and their schedulability.
• Periodic, aperiodic, sporadic tasks.
• More sophisticated patterns captured by timed
  automata.
• Timed automata can also be used for schedulabilty
  analysis !
• Introduction to Regional Automata

3
Case Studies

• Available from the UPPAAL home page (Examples).
• Bang Olufsen Audio/Video Protocol.
• Bang Olufsen Power Down Protocol.
• Commercial Field Bus Protocol.
• Gear Box Controller.
• Multimedia Stream.

4
BRP

• Bounded Retransmission Protocol (BRP).
• Developed by Phillips Electronics Corporation.
• A real-time bounded variant of the
  alternating-bit protocol.
• Used to transfer in burst-mode a list of data (a
  file)
• via an infra-red communication medium between AV
  equipment and a remote control unit.

5
BRP

• The medium is lossy!
• The file is transmitted in chunks.
• If an acknowledgment for a sent-chunk is not
  received in time the chunk is retransmitted.
• If the number of retransmissions for the same
  chunk exceed a bound then the transmission is
  aborted.

6
BRP

• Timing aspects
• The sender has a timer to decide when to
  retransmit a chunk.
• The receiver has a timer to detect when a
  transmission has been aborted by the sender.

7
Sin
Rout
Sout
Sender
Receiver
G
F
K
L
B
A
8
(d1, d2, ,,,,dn) a file consisting of n chunks
of data.
Sin
Rout
Sout
Sender
Receiver
G
F
K
L
B
A
9
IOK, INOK, IDK
Sin
Rout
Sout
Sender
Receiver
G
F
K
L
B
A
10
The values of Sout

• IOK
• All the acknowledgments were received.
• All the chunks were transmitted successfully and
  were received by the receiver.
• INOK
• Some ack. failed to arrive in time the MAX
  count of retransmissions for that chunk was
  exhausted without receiving an ack.
• IDK
• The ack. Were received for all the chunks except
  the last one.
• Dont know whether the transmission was
  successful or not.
• This is due to asynchronous communication via a
  lossy channel.
• Byzantine agreement is impossible!

11
(e1, i1) (e2, i2) .(ek, ik)
Sin
Rout
Sout
Sender
Receiver
G
F
K
L
B
A
12
(e1, i1) (e2, i2) .(ek, ik)
(d1, d2, ,,,,dn)
Sin
Rout
Sout
Sender
Receiver
G
F
K
L
B
A
13
Rout

• (e1, i1) (e2, i2). (ek, ik)
• 0 k n
• ij 2 IFST, IINC, IOK, INOK , 0 lt j k
• IFST --- The first chunk of the file but not the
  last one.
• IOK --- The last chunk of the file.
• IINC --- For all other chunks.
• INOK ---- Something has gone wrong.
• In this case j k and ek (no datum).

14
The Specification

• (ej, ij)
• For every 0 lt j k, if ij ? INOK then ej dj
• The datum delivered is the chunk that was sent.
• If n gt 1 then i1 IFST
• INOK is put out only if something at all was
  received.
• If 1 lt j lt k then ij IINC

15
The Specification

• ik IOK OR ik INOK
• The last output must signal positive or negative
  termination.
• ik IOK implies k n.
• Successful transmission.
• ik INOK implies k gt 1.
• Unsuccessful only if something was received to
  start with.

16
The Specification

• If Sout IOK then ik IOK.
• Should we demand the converse too?
• If Sout INOK then ik INOK
• If Sout IDK then k n.
• ik ?
• If k 0 then
• Sout IDK iff n 1.
• Sout INOK iff n gt 1.

17
IOK
a
a
b
b
c
c
(a, FST) (b, INC) (C, OK)
18
?
a
a
b
b
c
c
(a, FST) (b, INC) (C, OK)
19
IDK
a
a
b
b
c
c
(a, FST) (b, INC) (C, OK)
20
?
a
a
b
b
?
21
INOK
a
a
b
b
(a, FST) (b, INC) (NOK, )
22
INOK
a
a
b
(a, FST) (NOK, )
23
INOK
a
24
The Sender Module

• S reads the file (with n chunks d1, d2,, dn) and
  sets the retry counter to 0.
• It then starts sending over the chunks one by
  one
• Its sets a timer T1 and the first frame into the
  channel K. A frame is of the form (b1, b2, ab,
  d).
• b1 (b2) indicates whether or not this chunk is
  the first (last) one. ab is the alternating bit.
  d is the chunk.
• ab is used to distinguish between a retry and a
  fresh chunk.

25
The Sender Module

• After sending the frame (b1, b2, ab, d), the
  sender module waits for an acknowledgment or a
  time-out.
• If an ack. is received in time then T1 is reset.
• The next frame (b1, b2, 1-ab, d) is sent or
  (if b2 1 in the previous round), it signals
  Rout IOK.
• If it times out, the frame (b1, b2, ab, d) is
  resent after resetting the timer and incrementing
  the retry counter.
• If MAX is exceeded in the process of incrementing
  the counter, the transmission is broken off it
  signals Rout INOK or Rout IDK depending on n
  and how many ack messages were received.

26
ab 0
idle
27
ab 0
? (d1, d2,..,dn) i 1 x 0
idle
x 0
28
ab 0
? (d1, d2,..,dn) i 1 x 0
idle
x 0
x T1
! (i 1, i n, ab, di) rc 0
29
(rc lt MAX ) ? (x T1) ! (i 1, i n, ab, di)
rc rc 1 x 0
ab 0
? (d1, d2,..,dn) i 1 x 0
idle
x 0
x T1
(i 1, i n, ab, di) rc0
30
(rc lt MAX ) ? (x T1) ! (i 1, i n, ab, di)
rc rc 1 x 0
ab 0
(i 1, i n, ab, di) rc0
? (d1, d2,..,dn) i 1 x 0
idle
x 0
x T1
(x lt T1) ? (?ack) x 0 ab 1 -ab
31
(rc lt MAX ) ? (x T1) ! (i 1, i n, ab, di)
rc rc 1 x 0
ab 0
(i 1, i n, ab, di) rc0
? (d1, d2,..,dn) i 1 x 0
idle
x 0
x T1
i lt n i i 1
(x lt T1) ? (?ack) x 0 ab 1 -ab
x 0
32
(rc lt MAX ) ? (x T1) ! (i 1, i n, ab, di)
rc rc 1 x 0
ab 0
(i 1, i n, ab, di) rc0
? (d1, d2,..,dn) i 1 x 0
idle
x 0
x T1
i lt n i i 1
(x lt T1) ? (?ack) x 0 ab 1 -ab
i n ! IOK
x 0
33
(rc lt MAX ) ? (x T1) ! (i 1, i n, ab, di)
rc rc 1 x 0
ab 0
(i 1, i n, ab, di) rc0
? (d1, d2,..,dn) i 1 x 0
idle
x 0
x T1
i lt n i i 1
i n ! IOK
(x lt T1) ? (?ack) x 0 ab 1 -ab
x 0
(rc MAX), x T1, i lt n ! INOK x 0
34
(rc lt MAX ) ? (x T1) ! (i 1, i n, ab, di)
rc rc 1 x 0
ab 0
(i 1, i n, ab, di) rc0
? (d1, d2,..,dn) i 1 x 0
idle
x 0
x T1
i lt n i i 1
i n ! IOK
(x lt T1) ? (?ack) x 0 ab 1 -ab
x 0
(rc MAX), x T1, i lt n ! INOK x 0
(rc MAX), x T1, i n ! IDK x 0
35
(rc lt MAX ) ? (x T1) ! (i 1, i n, ab, di)
rc rc 1 x 0
ab 0
(i 1, i n, ab, di) rc0
? (d1, d2,..,dn) i 1 x 0
idle
x 0
x T1
i lt n i i 1
i n ! IOK
x SYNCH ab 0,
(x lt T1) ? (?ack) x 0 ab 1 -ab
x 0
(rc MAX), x T1, i lt n ! INOK x 0
(rc MAX), x T1, i n ! IDK x 0
x SYNCH
36
The Receiver Module
?(rb1, rb2, rab, d)
w0
z 0 w0
exp_ab rab
37
?(rb1, rb2, rab, d)
w0
z 0 w0
rab exp_ab , rb2 1 !(IOK, d)
exp_ab rab
w0
38
?(rb1, rb2, rab, d)
w0
z 0 w0
rab exp_ab, rb2 1 !(IOK, d)
exp_ab rab
rab exp_ab, rb10, rb2 0 !(IINC, d)
w0
39
?(rb1, rb2, rab, d)
w0
z 0 w0
rab exp_ab, rb2 1 !(IOK, d)
exp_ab rab
rab exp_ab, rb10, rb2 0 !(IINC, d)
w0
rab exp_ab, rb11, rb2 0 !(IFST, d)
40
?(rb1, rb2, rab, d)
w0
z 0 w0
rab exp_ab, rb2 1 !(IOK, d)
exp_ab rab
rab exp_ab, rb10, rb2 0 !(IINC, d)
w0
w0
rab exp_ab, rb11, rb2 0 !(IFST, d)
!ack exp_ab 1 exp_ab z0
41
?(rb1, rb2, rab, d)
w0
z 0 w0
rab exp_ab, rb2 1 !(IOK, d)
exp_ab rab
rab exp_ab, rb10, rb2 0 !(IINC, d)
w0
w0
z TR
z lt TR ?(rb1, rb2, rab, d) w 0
rab exp_ab, rb11, rb2 0 !(IFST, d)
!ack exp_ab 1 exp_ab z0
42
?(rb1, rb2, rab, d)
w0
z 0 w0
rab exp_ab, rb2 1 !(IOK, d)
z TR rb2 1
exp_ab rab
rab exp_ab, rb10, rb2 0 !(IINC, d)
w0
w0
z TR
z lt TR ?(rb1, rb2, rab, d) w 0
rab exp_ab, rb11, rb2 0 !(IFST, d)
!ack exp_ab 1 exp_ab z0
43
?(rb1, rb2, rab, d)
w0
z 0 w0
rab exp_ab, rb2 1 !(IOK, d)
z TR rb2 1
exp_ab rab
rab exp_ab, rb10, rb2 0 !(IINC, d)
w0
w0
z TR
z lt TR ?(rb1, rb2, rab, d) w 0
rab exp_ab, rb11, rb2 0 !(IFST, d)
!ack exp_ab 1 exp_ab z0
44
?(rb1, rb2, rab, d)
w0
z 0 w0
rab exp_ab, rb2 1 !(IOK, d)
z TR rb2 0 !(INOK, )
z TR rb2 1
exp_ab rab
z lt TR ?(rb1, rb2, rab, d) w 0
rab exp_ab, rb10, rb2 0 !(IINC, d)
w0
w0
z TR
rab exp_ab, rb11, rb2 0 !(IFST, d)
exp-ab ? rab !ack
!ack exp_ab 1 exp_ab z0
45
Verification

• Premature time-outs do not occur.
• In case of abortion, Sender waits sufficiently
  long so that the Receiver has reacted to the
  abortion before starting a new file.

46
Verification

• Using UPPAAL it was determined
• T1 gt 2 TD
• TD the transmission delay of the channel.
• SYNCH ? TR ? (2 MAX T1) 3 TD
• Both the verifier and the simulator had to be
  used!

47
Task Scheduling

• Basic Idea
• Classical scheduling
• Periodic
• Aperiodic
• Sporadic
• Use timed automata to describe task arrivals.
• Some of the control states have tasks associated
  with them.
• Whenever a state is entered, its task is added
  to the ready queue.

48
Periodic Task
TSK
x0
x T
49
Periodic Task Set
TSK1
TSK2
TSK3
x0
x T1
y0
y T2
z0
z T3
50
The Task Arrival Model
TSK (c, d)
TSK (c, d)
G X
c computation time d relative deadline Whenever a
task is released, it is added to the ready
queue. Scheduling is done according to some
policy (EDF) uniprocessor model.
51
The Scheduling problem.

• TSKA (S, S0, CL, INV, Tasks, label, !)
• Label S ----gt TASKS
• TSTSKA (S, S0, R)
• R ? S S
• conf (s, V, Q)
• Q The current state of the ready queue.
• Q ERROR if the ready queue contains a task that
  has missed (will miss) its deadline according to
  the scheduling policy.

52
A non-schedulable automaton
A
C (3, 3.5)
B (2, 2)
x
x 1
A, 0, ?
A, x gt 0, ?
53
A non-schedulable automaton
A
C (3, 3.5)
B (2, 2)
x
x 1 x
A, 0, ?
A, x gt 0, ?
C, 1, (3, 2.5) (0, 0)
B, 0, (2, 2)
B, 1, (1, 1)
C, 0, (3, 3.5) (1, 1)
54
A non-schedulable automaton
A
C (3, 3.5)
B (2, 2)
x
x 1 x
A, 0, ?
A, x gt 0, ?
C, 0, (3, 2.5)
B, 0, (2, 2)
B, 1, (1, 1)
C, 0, (3, 3.5) (1, 1)
55
A non-schedulable automaton
A
C (3, 3.5)
B (2, 2)
x
x 1 x
A, 0, ?
A, x gt 0, ?
C, 0, ERROR
B, 0, (2, 2)
B, 1, (1, 1)
C, 0, (3, 3.5) (1, 1)
56
The Scheduling Problem

• Given TSKA, determine if ERROR state is
  reachable.
• This problem can be solved (using UPPAAL) for
  both pre-emeptive and non-preemptive schedules.
• TIMES is a specialized tool for schedulability
  analysis.

57
The Regional Automaton
58
What We Need to Do

• Problem
• We need to analyze the timed behavior of a TTS.
• The timed behavior of TTS is given by TSTTS
• But TSTTS is an infinite transition system!
• Solution
• Represent TSTTS as a finite transition system.
• How?
• By using the notion of regions, quotient TSTTS
  into a finite transition system RTS.
• Using regions we can compute RTS from TTS.
• UPPAAL computes a refined version of RTS from
  TTS.

59
The Reductions.
Both the set of states and actions are infinite.
TSTTS
TTS
Semantics
Time abstraction
Finite set of actions but infinite set of states.
TATTS
Quotient via stable equivalence relation of
finite index.
Regions
RTS
Both states and actions are finite sets.
60
The Reductions.
Both the set of states and actions are infinite.
TSTTS
TTS
Semantics
RTS is computed directly from TTS (a finite
object) s is reachable in TTS iff the
corresponding state is reachable in RTS.
Finite set of actions but infinite set of states.
TATTS
Regions
RTS
Both states and actions are finite sets.
61
The Reductions.
Both the set of states and actions are infinite.
TSTTS
TTS
Semantics
Finite set of actions but infinite set of states.
TATTS
Regions
RTS
Both states and actions are finite sets.
62
Behaviors

• TTS (S, sin, Act, X, I, ?)
• We associate a normal transition system with
  TTS while taking time into account
• TSTTS (S, sin, Act ? R, ?)
• R, non-negative reals
• ? ? S ? Act ? R ? S
• TSTTS is an infinite transition system!

63
Behaviors

• TTS (S, sin, Act, X, I, ?)
• TSTTS (S, sin, Act ? R, ?)
• S S ? V
• V --- Valuations
• A valuation says what the current values of each
  clock variable is.
• v X R

64
Behaviors

• TTS (S, sin, Act, X, I, !)
• TSTTS (S, sin, Act ? R, ?)
• R, non-negative reals
• ? ? S ? Act ? R ? S
• S S ? V
• sin (sin, VZERO)
• VZERO (x) 0 for every x in X.

65
Behaviors

• There will be two types of transitions.
• Time pass move
• (s, v) ? (s, v)
• t units of time pass starting from V.
• V (x) V(x) t for every x.
• V V t

t
66
Behaviors

• Instantaneous transition.
• (s, v) ? (s, v)
• In TTS there is a transition of the form
• (s, a, X, g, s) such that
• V satisfies g.
• V(x) 0 if x is in X.
• V(x) V(x) if x is not in X.

a
67
The Reductions.
Both the set of states and actions are infinite.
TSTTS
TTS
Semantics
Finite set of actions but infinite set of states.
TATTS
Regions
RTS
Both states and actions are finite sets.
68
Time Abstraction

• TTS (S, S0, Act, X, I, !) s 2 S
• TSTTS (S, S0, Act R, ))
• TATTS (S, S0, Act, ) where
• (s, V) (s, V) iff there exists ? such
  that
• (s, V) ) (s, V?) in TS and
• (s, V?) ) (s, V) in TS.

a
?
a
69
Time Abstraction

• TTS (S, S0, Act, X, I, !) s 2 S
• TSTTS (S, sin, Act R, ))
• TATTS (S, sin, Act, )
• FACT s is reachable in TTS (TS) iff s is
  reachable in TA.
• Infinite number of states but only a finite
  number of actions.

70
The Reductions.
Both the set of states and actions are infinite.
TSTTS
TTS
Semantics
Finite set of actions but infinite set of states.
TATTS
Regions
RTS
Both states and actions are finite sets.
71
Bisimulation

• Finite index bisimulation relation
• Used to quotient a big transition system into
  small one.
• big --- infinite
• small ---- finite.

72
Bisimulation

• TS (S, sin, Act, !)
• t µ S S, an equivalence relation
• s ? s for every s in S (reflexive)
• s ? s implies s ? s (symmetric)
• s ? s and s ? s implies s ? s (transitive)
• s t t and s s implies there exists t
  such that t t and s t t.
• s t t and t t implies there exists s
  such that s s and s t t.

a
a
a
a
73
Stable Relation
s

74
Stable Relation
75
Finite Index Bisimulation

• TS (S, sin, Act, !)
• t a bisimulation.
• s 2 S
• st the equivalence class containing s.
• s s t s
• t is of finite index if s s 2 S is a
  finite set.

76
An Example
a
b
a
b
a
b
1
2
3
4
5
6
i t j iff (i is odd and j is odd) OR (i is even
and j is even). t is a bisimulation of finite
index. 1, 3, 5,. 5 2, 4, 6, .. 8
77
The Quotient Transition System

• TS (S, sin, Act, !)
• t a bisimulation.
• QTS (QS, qsin, Act, )
• The t - quotient of TS.
• QS st s 2 S
• qsin sint
• s s iff there exists s1 2 s and
  s1 2 s such that s1 ! s1 in TS.

a
a
78
An Example
a
b
a
b
a
b
1
2
3
4
5
6
i t j iff (i is odd and j is odd) OR (i is even
and j is even). t is a stable equivalence
relation of finite index. 1, 3, 5,. 5
2, 4, 6, .. 8
a
5
12
b
79
The Reductions.
Both the set of states and actions are infinite.
TSTTS
TTS
Semantics
Finite set of actions but infinite set of states.
TATTS
Regions
RTS
Both states and actions are finite sets.
80
The Equivalence based on Regions.

• TA (S, S0, Act, )
• t µ S S , a bisimulation of finite index.
• (s, V) t (s, V) iff
• s s
• V Reg V
• V and V belong to the same clock region.