Technical Report: BDD-based Discrete Analysis of Timed Systems

Complex timed systems are often composed of many components at multiple levels of hierarchy. Timed finite-state machines (TFSMs) were proposed to model timed system components, which are designed to capture useful system features like different ways of communication among system components. In this report, we will present a short introduction about TFSMs and a rich set of system composition functions accordingly based on TFSMs. Then we will explain how to encode a TFSM as a BDD and how to generate BDD encoding of these functions without constructing the composed TFSM. 1 Timed Finite-State Machines Definition 1. A TFSM is a tuple M = (GV ,LV ,S , init ,Act ,Ch,T ) such that GV is a set of finite-domain shared variables; LV is a set of finite-domain local variables such that GV ∩ LV = ∅; S is a finite set of control states; init ∈ S is the initial state; Act is the alphabet; Ch is a set of synchronous channels; and T is a labeled transition relation. A transition label is of the form [guard ]evt{prog} where guard is an optional guard condition constituted by variables in GV and LV ; evt is either an event name, a channel input/output or the special tick event (which denotes 1-unit time elapsing); and prog is an optional transaction, i.e., a sequential program which updates global/local variables. A transaction (which may contain program constructs like if -then-else or whiledo) associated with a transition is to be executed atomically. A non-atomic operation is thus to be broken into multiple transitions. TFSM supports many system features. For instance, TFSM may communicate with each other through shared variables GV , multi-way event synchronization (common events in parallel composition are synchronized) or pair-wise channel communication. The semantics of M is a labeled transition system (C , initc ,→) such that C contains finitely many configurations of the form (σg , σl , s) such that σg is 3 Asynchronous channels can be mimicked using shared variables. the valuation of GV and σl is the valuation of LV and s ∈ S is a control state; initc = (initg , initl , init) where initg is the initial valuation of GV and initl is the initial valuation of LV ; and → is defined as follows: for any (σg , σl , s), if (s, [guard ]e{prog}, s ′) ∈ T , then (σg , σl , s) e → (σ′ g , σ′ l , s ′) if the following holds: guard is true given σg and σl ; e is not a synchronous channel input/output; and prog updates σg and σl to be σ ′ g and σ ′ l respectively. Notice that synchronous input/output cannot occur on its own. Rather, it must be jointly performed by different TFSMs which execute concurrently. Furthermore, → contains transitions labeled with events to be synchronized, which later will be synchronized with corresponding transitions from other TFSMs. We remark that timing constraints are captured explicitly by allowing/disallowing transitions labeled with tick . For instance, an urgent state is a state which disallows ticks. 2 System Models and BDD Encoding A timed system may be built from the bottom up by gradually composing system components. We propose to model system components using timed finite-state machines (TFSM), which are designed to capture a variety of system features. In this following, we introduce TFSM and system compositions based on TFSM. Furthermore, we show abstractly how to generate BDD encoding of TFSM in a compositional way.