2010 Second International Conference on Knowledge and Systems Engineering An extension of Mazukiewicz traces and their applications in specification of real-time systems Do Van Chieu Dang Van Hung University of Engineering and Technology Vietnam National University, Hanoi chieudv@hpu.edu.vn,dvh@vnu.edu.vn Abstract—This paper proposes a method for specification of concurrency and timing constraints of real-time systems The key idea of the proposed method is to extend the Mazurkiewicz Traces with time in order to capture the concurrency and timing constraints among the services of systems The method is formal, effective for abstracting and supporting automated checking Keywords-Mazurkiewicz trace, timing constraint, Asynchronous automaton, Duration automata, Distributed Automata Figure A dependence Alphabet I I NTRODUCTION Trace theory has been recognized as an important theory to provide a concrete mathematical underpinning for the study of concurrent computation and process calculi It was proposed by the classical works of Keller [1] and Mazurkiewicz [2] The contributions of it include combinatorial properties, formal languages, automata, and logic It can specify the concurrency of systems with finite representation [2], specially, can be definable by linear temporal logic (LTL) formulas Thus, the trace theory is often used to specify the protocol of concurrent systems [3] However it does not provide support to specify realtime systems with the timing constraints, specially in realtime component-based systems (CBS) In developing formal methods to specify the real-time systems, we need to deal with the problem of specifying timing constraints To this, in [4], the authors used a theory of timed automata that each automaton is equivalent with a component of system and a system is a network of timed automata This method is too complex, difficult to use and has some exponential problems in verification [5] In some systems - specially in embedded systems, the timing constraints are mainly constraints of duration execution time of services [6] The aim of our work is to develop a method that can not only specify real-time systems at hight level of abstraction but also support model checking of the system automatically We propose a method to specify real-time systems as an extension of the Mazurkiewicz traces so that it can specify the concurrency and timing constraints with finite, compact representations and be definable by LTL formulas We describe the main idea of our approach as follows We introduce an independence relation between methods, and consider an interaction protocol of system as a set of the Mazurkiewicz traces according to the introduced dependence relation In this way, the concurrency can be specified by the traditional 978-0-7695-4213-3/10 $25.00 © 2010 IEEE DOI 10.1109/KSE.2010.39 interleaving in the interface of components To specify the time constraints, we extend Mazurkiewicz traces with time labels for each letter occurrence to denote the time distance to the previous letter occurrence it depends on With this extension the Marzurkiewiczs traces become Mazurkiewicz timed traces And we will also show that the technique is simple, formal and abstract and supports the automated checking The rest of this paper is organized as follows We first review some standard notations of the trace theory and asynchronous automata in Section Section introduces the concept of timed Trace and timed Trace language Section presents some concepts of network of duration automata and the relation to regular timed trace language Finally, we conclude the paper and show the future work in Section II M AZURKIEWICZ T RACES AND A SYNCHRONOUS AUTOMATA We recall some standard notations from trace theory taken from [7], [8], [9] and some examples from [10] A dependence alphabet is a pair ( Σ, D) where the alphabet Σ is a finite set and the dependence relation D ⊆ Σ × Σ is reflexive and symmetric The independence relation I is the complement of D, and we call (Σ, I) to be independence alphabet For A ⊆ Σ, the set of letters dependent on A is denoted by D(A) = {b ∈ Σ|(a, b) ∈ D for some a ∈ A} Example 1: Let us consider the independence alphabet (Σ, I) with a set of actions Σ = {a, b, c, d} and the independence relation I = {(a, d), (d, a), (b, c), (c, b)} The dependence graph G(Σ, D) is isomorphic to the one shown in Figure A Mazurkiewicz trace is an equivalence class of a labelled partial order t = [V, ≤, λ] where V is a set of vertices labelled by λ : V → Σ and ≤ is a partial order over V satisfying the following conditions: For all x ∈ V , 167 Figure max(t) = {e ∈ V | e e < e } is also a cut of t When t is infinite (not finite), max(T ) does not exists A trace p is called a prime, if it is finite and has a unique maximal element The set of all primes in R is denoted by We have ⊆ , whereas contains infinite traces (if Σ = ∅) As in [8] we call Σ = {Σ1 , , Σm } a distributed alphabet, and Γ = {Γ1 , , Γm } a distributed interval alphabet where Tj = {(a, J(a))|a ∈ Σj } Let Γ = ∪j∈P rOC Γj } In the sequel we win use the following notations As usual, Σ∗ and Σω denote the set of finite and infinite words over Σ respectively, and Σ∞ denotes Σ∗ ∪ Σω For ω ∈ Σω , proji (ω) denotes the projection of the word ω on Σi ; and pref (ω) denotes the set of all prefixes of ω For a set {Sj }j ∈ P roc, and a ∈ Σ with loc(a) = {ji , j2 , , jk } we denote by SP roc the Cartesian product j∈P roc Sj , and by Sa the Cartesian product Sj1 × Sj2 × × Sjk } Definition An asynchronous automaton over Σ is a structure A = ({Si }i∈P roc , {→a }a ∈ Σ, Sin , {Fi }i∈P roc , {Gi }i∈P roc ) where: • Each Si is a finite set of i-local states, • →a ⊂ Sa × Sa for each a is a set of a-transitions, • Fi , Gi are subsets of Si for each i ∈ P roc To define the behavior of A we first define a global transition relation →A ⊆ Sproc × Σ × Sproc of A as: (s, a, s ) ∈→A iff there exists a transition sa →a sa such that s(i) = sa (i) and s (i) = sa (i) for every i ∈ loc(a), / loc(a) When (s, a, s ) ∈→A we and s(j) = s (j) for j ∈ a write s → s Example An asynchronous automaton over ({a,b}, {b,c}) that is not deterministic is illustrated in Figure where b-synchronizing transitions are joined by dashed lines Thus, its transitions are shown in Table P Figure An Diagram of a Mazurkiewicz trace the downward set ↓x= {y ∈ V |y ≤ x} is finite (and we call to be history of event x), and for all (x, y) ∈ V we have that (λ(x), λ(y)) ∈ D implies x ≤ y or y ≤ x, and that x y implies (λ(x), λ(y)) ∈ D, where = ˆ ≤ \ ≤2 where ≤ denotes the relational product of ≤ with itself, i.e., ≤2 = {(x, z)|∃y(x, y) ∈≤ and (y, z) ∈≤}, is the immediate successor relation in t For x ∈ V , we also define ↑x= {y ∈ V |x ≤ y} and ⇑x= {y ∈ V |x < y} the future of x Example 2: Let us consider the independence alphabet (Σ; I) with a set of actions Σ = {a, b, c, d} and the independence relation I = {(a, d), (d, a), (b, c), (c, b)} Then, the poset shown in Figure is a trace The trace t is finite if V is finite and we denote the set of finite traces by (Σ, D) (or simply ) By (Σ, D) (or simply ), we denote the set of finite or infinite traces (also called real traces) We write alph(t) = λ(V ) for the alphabet of t and we let alphinf (t) = {a ∈ G|λ−1 (a) is infinite } be the set of letters occurring infinitely often in t We define the concatenation for traces t1 = [Vl , ≤1 , λ1 ] and t2 = [V2 , ≤2 , λ2 ], provided alphinf (t1 )×alph(t2 ) ⊆ I It is given by t1 t2 = [V, ≤, λ] where V is the disjoint union of V1 and V2 , λ = λ1 ∪ λ2 , and ≤ is the transitive closure of the relation ≤1 ∪ ≤2 ∪(V1 × V2 ∩ λ−1 (D)) The set of finite traces is then a monoid with the empty trace = (∅, ∅, ∅) as unit If we can write t = rs, then r is a prefix of t and s is a suffix of t We denote by min(t) the set of minimal vertices of t We let = {t ∈ ||min(t)| = 1} be the set of traces with exactly one minimal vertex We also use min(t) for the set λ(min(t)) of labels of the minimal vertices of t, and similarly for max(t) What we actually mean is always clear from the context If t = [V, ≤, λ] ∈ is a real trace and x ∈ V is a vertex then we also write x ∈ t instead of x ∈ V A cut of t is a maximal set of incomparable vertexes in V So, min(t) is a cut of t Since Σ is finite, and since I is irreflexive, a cut of t is finite If t is finite, ❘ ✶ ▼ ▼ ❘ ▼ ❘ An asynchronous automaton P ❘ ❘ Table The transitions of the asynchronous automaton from Figure a (s0 , ∗) −→ (s0 , ∗) a (s0 , ∗) −→ (s1 , ∗) a (s1 , ∗) −→ (s1 , ∗) b (s1 , t0 ) −→ (s1 , t0 ) b (s1 , t1 ) −→ (s1 , t1 ) c (∗, t0 ) −→ (∗, t0 ) c (∗, t0 ) −→ (∗, t1 ) ❘ ❘ 168 c (∗, t1 ) −→ (∗, t1 ) A run on a word ω to Σω is a map ρ : pref (ω) → SP roc defined by: • ρ( ) ∈ Sin , a • for each prefix τ a of ω, ρ(τ ) →A ρ(τ a) The run p is an accepting run iff for each j ∈ P roc either: • P rojj (ω) is finite, and ρ(ω )(j) ∈ Fj where ω ∈ P ref ix(ω) and P rojj (ω ) = P rojj (ω), or • P rojj (ω) is infinite, and ρ(τ )(j) ∈ Gj , for infinitely many τ ∈ pref ix(ω) When ρ is an accepting run on ω, we say that ω is accepted by A The set of all accepted words of A forms the language accepted by A and is denoted by Lsym (A) A word in Σω is associated with a trace over (Σ, D) by the mapping wtot : Σω → T r(Σ, D) defined as: for ω ∈ Σω , wtot(ω) is (the equivalence class of) [V, ≤, λ] where: • V = pref (ω) − {e} • ≤ is the least partial order over V satisfying that for τ a, τ b ∈ V if τ a is a prefix of τ b and if (a, b) ∈ D then τ a ≤ τ b, • λ(τ a) = a In [10], wtot is well-defined Therefore, ω is a linearization of wtot(ω) and wtot(ω) represents the dependence between letter occurrences in ω according to the dependence relation D This partial order represents a concurrent behaviour of the automaton To be complete we define the mapping ttow : T r(Σ, D) → Σ∞ as ttow([V, ≤, λ])={λ(δ)|δ ˆ is a linearization of (V ≤)} The map ttow is extended to be defined on trace languages as follows: for any trace language L over (Σ, D) ttow(T ) ttow(L)= ˆ T ∈L Example 4: The trace obtained by wtot(acbdacb) applied to the word acbdacb is shown in Figure A regular (accepted by a Bă uchi automaton) language L is consistent iff for any ω ∈ L, for any ω ∈ Σω we have that wtot(ω) = wtot(ω ) implies ω ∈ L For such a regular language L we also call L an ω − regular consistent language over Σ It is obvious that for such a language L we have ttow(wtot(L)) = L The following result due to Gastin and Petit [11] is a generalisation to infinite word languages from Zielonka’s result in [12] Theorem Let L ⊆ Σω Then L is an ω − regular consistent language over Σ if and only if L is accepted by a distributed automaton over Σ Therefore, if a word ω ∈ Σω is accepted by A then any ωttow(wtot(ω)) is also accepted by A In fact, A accepts the trace wtot(ω) We define the trace language accepted by A as T rL(A)=wtot(L ˆ sym (A)) III T IMED T RACE Let time be continuous and represented as the set of non-negative real ≤0 Let ≤ also represents the natural ❘ Figure wtot(acbdacb) ❘ ordering in ≤0 without the fear of confusion since its meaning is clear from the context As for the case of words, we add a labelling function θ to associate a vertex of a trace with a time point in ≤0 Definition A timed trace over (Σ, D) is a pair (T, θ) where • T = [V, ≤, λ] is a trace over (Σ, D), ≤0 • θ: V → satisfying: – e < e ⇒ θ(e) ≤ θ(e ) (time should respect the causality) – if T is infinite, for any t ≥ 0, there is a cut C of T such that min{θ(e)|e ∈ C} ≥ (time should be progress and divergent) A linearization δ of (V, ≤) respects θ iff e precedes e’ in δ implies δ(e) < δ(e ) For a timed trace ([V, ≤, λ], θ) let tword([V, ≤, λ], θ) be the set {(λ, θ)(δ)|δ is a linearization of (V, ≤) respecting θ}, ˆ where (λ, θ)(e1 e2 )=(λ(e ), θ(e1 )(λ(e2 ), θ(e2 )) Unlike the setting in [8] here we allow that at a time point a finite sequence of actions can take place This is compatible with the commonly accepted synchrony hypothesis saying that communication and computation take no time and correspond to instantaneous actions Therefore, it could be that e less than e’ but θ(e) = θ(e ) A set of timed traces over (Σ, D) is called a timed trace language For our specification purpose, we are interested in finite representations of timed trace languages which correspond to the real-time and concurrent behaviours of the system under the specification ❘ ❘ IV N ETWORK OF D URATION AUTOMATA AND R EGULAR T IMED T RACE L ANGUAGES Automata are natural facilities to recognize languages For timed trace languages, because of the presence of the concurrency and real-time, we need networks of timed automata to represent For simplicity we just consider special kind of timed automata called duration automata by us [13] or interval automata by Deepak D’Souza [8] Let P roc = {1, 2, , m} be a set of process indexes Let the 169 dependence alphabet (Σ, D) be such that Σ = ∪j∈P roc Σj and D = {(a, b)|∃j.{a, b} ⊂ Σj } This means that two actions in Σ are dependent iff they belong two the same process For a ∈ Σ let loc(a) = {j ∈ P roc|a ∈ Σj } Let intv be the set of all time intervals over ≥0 , intv ={[l, ˆ u]|l ∈ ≥0 ∧ u ∈ ≥0 ∪ {∞} Let Ji : Σi → intv be a function that associates a time interval to each a ∈ Σ, and J(a)=(J ˆ i (a))j∈loc(a) J(a) could be interpreted as a time constraint for the execution time of the action a in each process that involved in a The triple (Σ, D, J) represents the static information about timing and concurrency of a system Let T = [V, ≤, λ] be a trace over (Σ, D) We call the pair (T, J) an interval trace over (Σ, D) The interval trace (T, J) represents a class of timed traces in the following ways A timed trace (T, θ) is said to satisfy the interval trace e, we have (T, J) iff for all e ∈ V , for all e θ(e) − θ(e ) ∈ Ji (λ(e)), where i is the unique process for which {λ(e), λ(e )} ⊆ Σi In word, the time distance from any event e to all its immediate preceders should satisfy the time constraint J(e) associated to e Definition Given J : Σ → intv and a trace T = [V, ≤ , λ] • The pair (T, J) is called an interval trace • The timed trace language defined by the interval trace (T, J), denoted by ttr(T, J) is defined as {(T, θ)|(T, θ) is a timed trace and ∀e ∈ V ∀e ∈ e λ(e ) ∈ Σi ⇒ θ(e ) ∈ Ji (λ(e))} Note that ttr(T, J) could be empty This is because that the constraints specified by J are inconsistent Let J be an interval assignment for the elements of σ Given J as above, we now define a duration distributed automaton as a distributed automaton added with a duration time constraint J(a) = (Ji (a))i∈loc(a) for each a − transition Definition A duration distributed automaton is a pair (A, J) where A is a distributed automaton We now define when a timed word is accepted by (A, J) directly to justify our interpretation of time constraints for interval traces A run on a timed word ω ∈ (Σ × ≥0 )ω is a map ρ : pref (ω) → SP roc defined by: • ρ( ) ∈ Sin , a • for all prefix τ (a, t) of ω, ρ(τ ) →A ρ(τ a) and t − timei (τ ) ∈ Ji (a) for all i ∈ loc(a) where for a time word τ = ω (b, t )ω” such that b ∈ Σ and ω” has no ˆ occurrence of a symbol in Σi , we define timei (τ )=t The run ρ is an accepting run iff for each j ∈ P roc either • P rojj (ω) is finite, and ρ(ω )(j) ∈ Fj , where ω ∈ P ref (ω) andP rojj (ω ) = P rojj (ω), or • P rojj (ω) is infinite and ρ(τ )(j) ∈ Gj , for infinitely many τ ∈ pref (ω) When ρ is an accepting run on timed word ω we say that ω is accepted by (A, J) The set of all timed words accepted by duration distributed automaton (A, J) is called timed language accepted by (A, J) and denoted by tL(A, J) Like for the untimed case [14], we have: ❘ ❘ ❘ ❘ Theorem 2: tL(A, J) = T ∈T rL(A) tword(ttr(T, J)) We therefore, give the following definition Definition Timed trace language accepted by a duration distributed automaton (A, J) is defined as tT rL(A, J)= ˆ T ∈T rL(A) ttr(T, J) Since the emptiness is decidable effectively for asynchronous automata [12], [8], it is also decidable effectively for asynchronous duration automata In addition, duration automata (or interval automata) is just only a special kind of timed automata [8], so as in [15], it can be checked automatic with uppall model checker Therefore, specification by using interval traces also supports the automatic check V C ONCLUSION We have presented a method for specification of realtime systems The key idea of this method is an extension of the Mazurkiewicz Traces with time in order to capture the concurrency and timing constraints among services of systems We have showed that the timed trace language is equivalent to the language of an asynchronous duration automaton By using the proposed method, the behaviour of a system can be easy to specify with timing and concurrency constraints by timed Mazurkiewicz traces, and can be checked automatically When using timed trace language to specify the realtime system, we need a technique to specify logical properties of the language and to verify if a property is satisfied by the system A popular technique to specify properties of reactive systems is LTL This logic has been extended to reason about trace languages in [7], [14] and their earlier work We are going to extend their LTL with time to specify properties of timed trace languages Moreover, by using timed trace and their relation with LTL and interval automata, we will propose a model that is based on rCOS [16], [3], [13] to become a complete method for modelling real-time component based systems ACKNOWLEDGMENT This work is partly supported by the research project No QGTD.09.02 granted by Vietnam National University, Hanoi R EFERENCES [1] R M Keller, “Parallel program schemata and maximal parallelism i fundamental results,” J ACM, vol 20, no 3, pp 514–537, 1973 [2] A Mazurkiewicz, “Trace theory,” in Advances in Petri nets 1986, part II on Petri nets: applications and relationships to other models of concurrency New York, NY, USA: Springer-Verlag New York, Inc., 1987, pp 279–324 [3] Z Liu, H Jifeng, and X Li, “rcos: A refinement calculus for object systems,” Theoretical Computer Science, Tech Rep., 2006 [4] R Alur and D L Dill, “A theory of timed automata,” Theor Comput Sci., vol 126, no 2, pp 183–235, 1994 [5] K G Larsen, P Pettersson, and W Yi, “Model-checking for real-time systems,” 1995, pp 62–88 170 [6] L D Hung and D V Hung, “Timing and concurrency specification in component-based real-time embedded systems development,” in TASE ’07: Proceedings of the First Joint IEEE/IFIP Symposium on Theoretical Aspects of Software Engineering Washington, DC, USA: IEEE Computer Society, 2007, pp 293–304 [7] V Diekert and P Gastin, “From local to global temporal logics over mazurkiewicz traces,” Theor Comput Sci., vol 356, no 1, pp 126–135, 2006 [8] D D’Souza, “A logical study of timed distributed automata, phd thesis,” 2000 [9] B Bollig, Formal Models of Communicating Systems: Languages, Automata, and Monadic Second-Order Logic (Texts in Theoretical Computer Science An Eatcs Series) Secaucus, NJ, USA: Springer-Verlag New York, Inc., 2006 [10] V D F F Mathematik, I Und, N D Rheinischwestflischen, T Hochschule, A Erlangung, M Leucker, M Leucker, B Prof, D K Indermark, P Dr, W Thomas, and T D M Prfung, “Logics for mazurkiewicz traces,” 2002 [11] P Gastin and A Petit, “Asynchronous cellular automata for infinite traces,” in ICALP ’92: Proceedings of the 19th International Colloquium on Automata, Languages and Programming London, UK: Springer-Verlag, 1992, pp 583–594 [12] W Zielonka, “Notes on finite asynchronous automata,” ITA, vol 21, no 2, pp 99–135, 1987 [13] D V Hung and B V Anh, “Model checking real-time component based systems with blackbox testing,” in RTCSA ’05: Proceedings of the 11th IEEE International Conference on Embedded and Real-Time Computing Systems and Applications Washington, DC, USA: IEEE Computer Society, 2005, pp 76–79 [14] P S Thiagarajan and I Walukiewicz, “An expressively complete linear time temporal logic for mazurkiewicz traces,” Inf Comput., vol 179, no 2, pp 230–249, 2002 [15] J Bengtsson and W Yi, “Timed automata: Semantics, algorithms and tools,” in Lectures on Concurrency and Petri Nets, 2003, pp 87–124 [16] H Jifeng, Z Liu, and L Xiaoshan, “Contract-oriented component software development,” UNU/IIST, P.O Box 3058, Macao SAR, Tech Rep., 2003 171 ... Hung and B V Anh, “Model checking real-time component based systems with blackbox testing,” in RTCSA ’05: Proceedings of the 11th IEEE International Conference on Embedded and Real-Time Computing... hypothesis saying that communication and computation take no time and correspond to instantaneous actions Therefore, it could be that e less than e’ but θ(e) = θ(e ) A set of timed traces over... duration automaton By using the proposed method, the behaviour of a system can be easy to specify with timing and concurrency constraints by timed Mazurkiewicz traces, and can be checked automatically