Parametric Real‐Time System Feasibility Analysis Using
Parametric Timed Automata
PhD Dissertation
Yusi Ramadian
Advisor : Luigi Palopoli
Co‐advisor : Alessandro Cimatti
1
Real‐Time System Applications
• A computer based system, which produces results to inputs complying with some temporal constraints
Page 2
Main Research Idea
Feasibility Analysis on Parametric Real Time System
Real Time System
Design Process
Parameters
Parameter2
Region of
Feasibility
Parameter1
Correct and Robust Real Time System
3
Contribution of PhD research
• Parametric Timed Automata (PTA) definition and representation of Real Time System
• Parametric Verification of Temporal Properties (PVTP) method
• Implementation in tool Quinq
• Application in case problems : – periodic task system [RTSS08],
– heterogeneous system [ETFA10], – collaboration with Modular Performance Analysis Toolbox (MPA) [CASES11].
Page 4
Presentation Outline
• Motivation
– Real time system design
– Example scenario
– Problem Statement
• Solution
– Parametric Timed Automata
– Parametric Verification of Temporal Property Method
• Implementation in Quinq
– Architecture
– Demo
• State of the art
• Conclusion
5
The Importance of
CORRECT & ROBUST Real Time System
• Safety consideration • Manufacturing consideration
• Variability in environment and run‐time ÆNeed for formalization of design process
Page 6
Functional Specification
Design Process
• Design & Modelling
Functional
Design
– Activation pattern
– Timing properties
– Scheduling Algorithm
• Robustness & Parameter Tuning
– Assign values
– Evaluate system robustness w.r.t to parameters
Architecture Design
Mapping on
RTS
RTS Model RTS Model
Environment
Design
Exogenous
Parameter
Parameter
Parametric Feasibility Analysis
Schedulability
Region
Correct and Robust
Page 7
RTS
Presentation Outline
• Motivation
– Real time system design
– Example scenario
– Problem Statement
• Solution
– Parametric Timed Automata
– Parametric Verification of Temporal Property Method
• Implementation in Quinq
– Architecture
– Demo
• State of the art
• Conclusion
8
Sensitivity Analysis : Example Scenario
Parameters
Period
Deadline
Computation Time
Offset
Task 1
20
20
11
0
Task 2
30
30
12
0
Task 1
11
11
Task 2
0
9
2
5 10 15 20 25 30
?
Page 9
Sensitivity Analysis : Example Scenario Discussion #1
• Classical scheduling theory Æ system failure
Task system is not schedulable
• Solution
‐ Stronger machine (Hardware solution)
‐ Tweaking offset..
Page 10
Sensitivity Analysis : Region of Schedulability on Offsets
O2
Parameters
Task 1
Task 2
Period
20
30
17
Deadline
20
30
15
Computation Time
11
12
13
Offset
0 ? 0 ? 19
11
9
7
5
3
0
1 3 5 7 9 11 13 15 17
O1
Page 11
Sensitivity Analysis:
Corrected Scenario
Parameters
Period
Deadline
Computation Time
Offset
Task 1
20
20
11
50
Task 2
30
30
12
0
Task 1
11
Task 2
5
0
11
9
7
5 10 15 20 25 30
Page 12
Sensitivity Analysis: Example Scenario Discussion #2: Robustness
C2
Parameters
Task 1
Task 2
Period
20
30
Deadline
20
30
Computation Time
11
?
12
?
Offset
5
5 0 ? System robustness = ?
29
27
25
23
21
19
17
15
13
11
9
7
5
3
0
O2 – O1 = 10
O2 – O1 = 8
O2 – O1= 5
C1
1 3 5 7 9 11 13 15 17 19
Page 13
Sensitivity Analysis
Requirement conclusion #1:
We want to find out :
the schedulability regions in the space of parameters
Æ
most robust design for our real-time systems
Page 14
Sensitivity Analysis: Example Scenario Discussion #3:
• System model not in classical RTS
• Examples:
– System with buffers
– Complex activation pattern
– Heterogeneous, distributed system
– Flexible deadline (e.g. Firm Deadline)
Page 15
Sensitivity Analysis
• Requirement conclusion #2
Sensitivity analysis for general real‐time system
Page 16
Presentation Outline
• Motivation
– Real time system design
– Example scenario
– Problem Statement
• Solution
– Parametric Timed Automata
– Parametric Verification of Temporal Property Method
• Implementation in Quinq
– Architecture
– Demo
• State of the art
• Conclusion
17
Sensitivity Analysis:
Formal problem definition
• Problem 1: System S
Task 1
Task 2
…
Task n
Scheduling Algorithm
P :{P1, P2, … Pn}
P1
R
P2
Page 18
Sensitivity Analysis:
Formal problem definition
• Problem 2: System S
Task 1
Task 2
…
Task n
P :{P1, P2, … Pn}
P1
R
Γ
P2
Page 19
Presentation Outline
• Motivation
– Real time system design
– Example scenario
– Problem Statement
• Solution
– Parametric Timed Automata
– Parametric Verification of Temporal Property Method
• Implementation in Quinq
– Architecture
– Demo
• State of the art
• Conclusion
20
Parametric Timed Automata
• Timed automata with parameters extension
• Main differences:
– Parameters
– Auxiliary variables
– General update statement
Page 21
Real Time System in PTA:
Activation Pattern
• Allow complex activation pattern
Avoiding restrictive 0 offset
Wait for offset
Clock≤O1
Activation depending on other tasks
Release τ2
Clock=Q2
Clock:= 0
Release τ1
Clock=O1
Clock:= 0
Release τ2
Clock=Q2
Clock:= 0
Wait
for Q1
Clock≤Q1
Wait for Q2
Clock≤Q2
Wait for event
Activation depending on time
Release τ1
General Clock=Q1
update
Clock:= Clock – Q2
Activation depending on environment Release τ3
Event_e = True
Clock:= 0
Page 22
Real Time System in PTA:
Feasibility Checker
Release τ1
Clock_x:=0
r:= C1
Parameter
Idle
Release τ1
Clock_x=D1 ∧
Clock_x ≤ r
Check
Error
Clock_x=r
Clock_x=r
Release τ1
Clock_x:=0
r:= C1
Release τ1
Clock_x:=0
r:= r + C1 –Clock_x
Busy
Release τ1
r:= r + C1
Auxiliary Variables
Page 23
Sensitivity Analysis via PTA
• PTA :
P2
P1
L1
L4
L2
P1
L4
…
L4
P2
L3
Activation Automata
Activation Automata
L2
L4
Pn
Pn
L1
L3
Activation Automata
• Feasibility region R:
L1
L4
L2
L4
L3
Feasibility
Checker
Automata
P1
R
R
Page 24
P2
Symbolic representation of PTA
• Current state variables V:
Discrete vars D: Location, transitions as boolean
Continuous vars X: Clocks and other variables as real
• Symbolic model of PTA : set of constraints on boolean and real variables
• Examples:
Loci Æ x‐y ≤ O1
Transi Æ (x ≥ C1) ∧ (x’ = C1+x) ∧ (y’ = y)
Page 25
Bounded Model Checking (BMC)
• Look only for counterexample made of k‐states
S0
Error
∨
S1
…
Error
∨
Sk
…∨
Error
• BMC(k):
• I(V0)∧R(V0,V1)∧… ∧ R(Vk‐1,Vk) ∧ Error(Vk)
• Completeness of the solution is not guaranteed
• Complementing method : inductive reasoning
Page 26
Presentation Outline
• Motivation
– Real time system design
– Example scenario
– Problem Statement
• Solution
– Parametric Timed Automata
– Parametric Verification of Temporal Property Method
• Implementation in Quinq
– Architecture
– Demo
• State of the art
• Conclusion
27
PTVP algorithm intuition: Search for an error trace
• Verification on reachability problem using BMC:
An error trace for every found counterexample
• Alternatively, error trace can be searched via non‐
parametric model checker
• An error trace π :
L1
L2
…
Error
Page 28
PTVP algorithm intuition:
An error trace π
• Along with the trace, an assignment for the parameters that validate the trace is produced
L1
…
L2
Error
P2
?
Γ
P1
Page 29
PTVP algorithm intuition:
Sensitivity analysis to an error trace
• By processing the trace, the surrounding region of parameters that make the trace true is identified
• …And we rule this region out from the next search
L1
…
L2
Error
P2
?
Γ
P1
Page 30
PTVP algorithm intuition:
Schedulability region
• Feasibility region : found by iteratively bounding the parameter space from the unschedulability regions
L1
L2
…
Error
P2
Γ
Final Schedulability
Region
P1
31
Parametric Verification of Temporal Properties (PVTP) Algorithm
Error Trace Search
Sensitivity Analysis
Region Exclusion
Collection of regions
Page 32
Sensitivity Analysis
• Given Polyhedron in the space of clocks and parameters Poly{P, X}
• Obtain Poly{P} <‐> ∃ X, Poly {P, X}
Æ Existential Quantifier Elimination
Page 33
Presentation Outline
• Motivation
– Real time system design
– Example scenario
– Problem Statement
• Solution
– Parametric Timed Automata
– Parametric Verification of Temporal Property Method
• Implementation in Quinq
– Architecture
– Demo
• State of the art
• Conclusion
34
Implementation in Quinq
• Based on NuSMV3 symbolic model checker with underlying MathSAT SMT solver
• Main functionalities :
–
–
–
–
Input handling
PVTP algorithm implementation
Completion check
Output handling
• Components
–
–
–
–
–
Sensitivity add‐on
High level periodic system analysis
Search optimization
Model checker drivers
Graph generator
• Blackbox components : UPPAAL, JUNT, existelim
Page 35
Architecture
RTS Model
QUINQ
Input Handling
NuSMV3
PVTP Implementation
UPPAAL
Output handling
Feasibility Region
Page 36
Input Handling
Periodic System Input
NuSMV Model
UPPAAL Model
Input Handling
Automatic Periodic Analysis
JUNT
NuSMV Model
37
Input via UPPAAL Model
UPPAAL Model
JUNT
Parameters
NuSMV Model
(Non‐Parametric)
Parametric Model Generator
NuSMV Model
(Parametric)
• Point of Considerations:
–
–
–
–
Integer vs Real domain
Array data structure
Clocks
Transition synchronization
Page 38
Architecture
RTS Model
QUINQ
Input Handling
NuSMV3
PVTP Implementation
UPPAAL
Output handling
Feasibility Region
Page 39
Parametric Verification of Temporal Property Implementation
NuSMV Model
PVTP Implementation
Error Trace Search
Error Trace
Sensitivity Analysis
Feasibility Region
40
PTVP Algorithm Implementation
NuSMV Model
Error Trace Search
NuSMV3
Parametric search
Non–parametric search
UPPAAL
Error Trace
Page 41
Non‐Parametric Search
UPPAAL Model+Parameters
Non–parametric search
UPPAAL
Search Point Generator
Trace Translation
Trace Replication
NuSMV3
Error Trace
Page 42
Sensitivity Analysis : Implementation
Model + Error Trace
Sensitivity Analysis
Trace Extraction
Polyhedral region in parameters space
Polyhedral region in clocks and variables space
Constraint Processing
After Processing
Parametric Constraints
Page 43
Constraint Processing
Constraints in Clocks & Vars
Constraint Processing
Reorder expression
Case Handling
Equality Constraint Propagation
Existelim
Parametric Constraints
Page 44
Presentation Outline
• Motivation
– Real time system design
– Example scenario
– Problem Statement
• Solution
– Parametric Timed Automata
– Parametric Verification of Temporal Property Method
• Implementation in Quinq
– Architecture
– Demo
• State of the art
• Conclusion
45
DEMO
• Previously Illustrated example:
2 periodic tasks system with 3 parameters
• S = {task1, task2}
• Periodic tasks : T1=D1=20, T2=D2=30
• Offset : O1 = 0 • Parameters :
– Computation time: C1 , C2
– Offset : O2
Page 46
Demo:result
•• Offset2 = 1
Offset2 = 5
Offset2 = 8
Page 47
Presentation Outline
• Motivation
– Real time system design
– Example scenario
– Problem Statement
• Solution
– Parametric Timed Automata
– Parametric Verification of Temporal Property Method
• Implementation in Quinq
– Architecture
– Demo
• State of the art
• Conclusion
48
Sensitivity Analysis Tools
Tool
Flexible RTS
Expression
System known apriori
Inference
Point
Bini
‐
‐
‐
‐
*
*
‐
‐
‐
MAST
SMART
IMITATOR
QUINQ
9
9
9
9
9
‐
‐
9
‐
9
‐
Number of Feasibility
Parameters Region
No limit
‐
No limit*
2
No limit*
9
‐
9
9
9
Page 49
Presentation Outline
• Motivation
– Real time system design
– Example scenario
– Problem Statement
• Solution
– Parametric Timed Automata
– Parametric Verification of Temporal Property Method
• Implementation in Quinq
– Architecture
– Demo
• State of the art
• Conclusion
50
Conclusion
• PTA representation Æ flexible activation pattern , general RTS presentation
• PVTP algorithm Æ General method to obtain feasibility region • Implemented in Quinq with applications on some example cases
• Edge on comparison with other tools:
– Flexible RTS representation
– No reference point input needed
– Whole region of schedulability result
Page 51
K‐Induction
• Does there exist k such that the following formula is unsatisfiable
S0
Error
S1
∧
Error
…
∧ … ∧
Sk‐1
Error
Sk
∧
Error
• if unsatisfiable and BMC(k) unsatisfiable then error state unreachable
52
© Copyright 2026 Paperzz