Expressing and organizing real-time specification patterns via temporal logics
PATTERN 系列之四
1、Introduction
The patterns presented in [Dwyer et al, 1999] can be regarded as qualitative patterns with respect to the quantitative patterns proposed in [Konrad and Cheng, 2005].
Qualitative patterns:the distance among events is not measured in terms of time units.
quantitative patterns:contain specific time bounds that are typically of real time systems. provide a metric of time. including but not limited to :TCTL, RTGIL, MTL, TILCO(Temporal Internal Logic with Compositional Operator);Among them, MTL, TILCO and TRIO are first order temporal logics(一阶时序逻辑).
1.1 Paper organization, contributions and related works
impact of the usage of patterns:
1、provide examples of the usage of formal methods (形式方法的使用示例)in many different notations with respect to the same cases, which can shorten the time to understand.
2、shorten the specification time, reuse and compose different patterns for the specification of more complex problems, thus for producing more understandable specifications referring to other users at the commonly known patterns
Section 3:an overview of qualitative and quantitative specification patterns
Section 4:the proposed patterns organization is reported together with relationships among patterns && the arrangement of the new proposed patterns.
Section 5:qualitative and quantitative patterns expressed in TILCO-X together with their relationships and related demonstrations.
Section 6:A discussion about patterns’ scope
Section 7:discussion about the additional scopes and other aspects related to the scopes
2、 TILCO-X overview
TILCO-X: a logic language which can be used to specify temporal constraints in either a qualitative or a quantitative way
instant:The minimum time interval corresponds to one instant
The current, future, past time instant represented by 0, positive number, negative number respectively.
Boundary: can be included and excluded, represented by "[""]" and "(",")" respectively
basic TILCO-X temporal operators:
- “@”, universal quantification over a temporal interval
- “ ? ”, existential quantification over a temporal interval
Interval can be also defined as a single time instant:A@[− 3,−3] ≡ A@− 3.
2.1 TILCO-X Dynamic Intervals
the temporal intervals are not only constant integer sets, but also dynamic interval bound defined as predicates.
注:\(A\)@[10,\(+B\))states that A is true from 10 time units in the future until \(B\) is true for the first time,where \(+ B\) identifies the first future instant in which \(B\) is true.
注:同理有 -\(B\) identifies the last instant where \(B\) was true
例:\((A \rightarrow B)\)@\((-C,+D)\),\(A?[+B,+C]\)
注:总结一下就是就近原则。这种以其他event为端点的temporal interval就是Dynamic Interval
until \(A\) \(B\) \(≡\) \(B\)@\((0,+A)\)
since \(A\) \(B\) \(≡\) \(B\)@\((− A,0)\)
2.2 TILCO-X Bounded Happen
Bounded Happen operator: used to state that a formula is true in an interval from a minimum to a maximum number of times.
e.g. \(A?^{3}_{2}[1,15)\) indicates \(A\) has to be true in the interval from a minimum \((2)\) to a maximum \((3)\) number of times.
可以只有下标(minimum)或者上标(maximum)
疑\(?\):由Bounded Happen的定义来说,是否只能用 \("?"\)?毕竟用@的话,\(A\)的occurrence 是填满整个interval的,而用\("?"\)则\(A\)可以是离散的
3、Overview of Specification Patterns
Patterns are typically formalized considering the:
- Pattern:the pattern itself which is the property, the behavior that has to be specified with the chosen formalism
- Scope
3.1 Scope
- global,before R,after Q,between Q and R,after Q until R
- in the presence of \(F\):a property has to hold only in an interval where \(F\) occurs at least once
- in the absence of \(F\):a property has to hold only in an interval where \(F\) never occurs;
- from when \(F\) never holds:a property has to hold only from the state/event where \(F\) is going to stay false forever.
疑?:if the operators to define the interval are used for modelling the scope, interval logics can be considered an exception. 后半句没看懂..
3.2 Pattern models
- Occurrence Patterns
- Absence, Universality, Existence, Bounded Existence
- Order Patterns
- Precedence, Response, Chain Precedence, Chain Response
- Duration Patterns
- Minimum Duration, Maximum Duration
- Periodic Patterns
- Bounded Recurrence
- Real Time Order Patterns
- Bounded Response:Limits the maximum time duration from the event/state where a formula is true until another formula becomes true;
- Bounded Invariance:Limits the minimum time duration from the event/state where a formula is true once another formula is true.
bounded:
- In [Konrad and Cheng, 2005], used for describing a bound in time
- In [Dwyer et al, 1999], refer to a limit in the number of event occurrences
in order to avoid confusion and provide a unified model, some of the patterns presented in [Konrad and Cheng, 2005] have been renamed in this paper as reported above, mainly by substituting “Bounded” with “Time-Constrained”.
hence:
- Bounded Recurrence \(\rightarrow\) Time-Constrained Recurrence
- Bounded Response \(\rightarrow\) Time-Constrained Response
- Bounded Invariance \(\rightarrow\) Time-Constrained Invariance
4、Specification Patterns Organization
The categories distinguish only which kind of constraint the pattern is applying to the predicates:
- Occurrence:properties which express if a given predicate has to occur, always, never, periodically or for a given amount of times.
- Duration:properties that, even though not imposing the occurrence, require a predicate to hold for a given duration.
- Order:properties that put in relationship more predicates, by ordering them.
3 categories:
- Occurrence:Absence, Universality, Existence \(\rightarrow\) Bounded Existence, Time-Constrained Recurrence
- Duration:Minimum Duration, Maximum Duration
- Order:Precedence \(\rightarrow\) Time-Constrained Precedence, Response \(\rightarrow\) Time-Constrained Response, Time-Constrained Invariance
remarks of the categories:
-
Periodic pattern has not been used, because Time-Constrained Recurrence can be better classified as an occurrence pattern
-
the Time-Constrained Precedence is a \(new\) \(pattern\).
-
consists in requiring a cause occurred in the past, in order to accept the present effect, similarly to Precedence pattern.
-
in this pattern, time constraints can be specified as lower and upper bounds of the time window, located in the past, where the cause is expected.
-
dual with respect to the Time-Constrained Response pattern. Hence the needed properties expressing time constraints in the past can be transformed in “pure future” form.(由于对偶可以转换成pure future form?疑:怎么转换?P Precede Q == Q Respond P然后就能用future了吗?)
-
With some temporal logics, which do not support past operators, a “pure future” transformation could be required when formulating a mapping of this pattern.
-
-
the Time-Constrained Response pattern:
- can also produce simpler properties by setting bounds to extreme values,while a single-sided constraint model would require to use two different properties in order to limit the occurrence of the response in a given time window (\(i.e.\) \(“S\) \(responds\) \(to\) \(P\) \(after\) \(at\) \(most\) \(k_{max}\) \(time\) \(units”,\) and \(“if\) \(P\) \(holds\) \(that\) \(not\) \(S\) \(holds\) \(for\) \(at\) \(least\) \(k_{min}\) \(time\) \(units”)\).
\(behavioural\) \(generalisation:\)
- Response pattern can be regarded as a specific case of the Time-Constrained Response(\(“S\) \(responds\) \(to\) \(P\) \(between\) \(k_{min}\) \(and\) \(k_{max}”\) ,k\(_{min}=0\) and k\(_{max}=\infin\) )
- Precedence pattern ~~ Time-Constrained Precedence (k\(_{min}=0\) and k\(_{max}=-\infin\) , because the time window is located in the past)
- Existence pattern ~~ Bounded Existence pattern:\(P?i \equiv P?^{\infin}_{1}i\) (occurrence count is not limited:accepted occurrences of P \(\geq\) 1)
上面的方法把the proposed unified organization of patterns 和 Dwyer et al、Konrad and Cheng的patterns 关联了起来。
5、Temporal Logic Specification of Patterns
TILCO-X:
- possible to specify formulas in the past and in future in a uniform manner
- specific process start:(start : A) \(≡\) process_start \(→\) A(\(process\)_\(start\) is the given time instant from which any property has to be satisfied)
- rule imposes the validity of the formula from the process start to the time limit:(rule : A) \(≡\) start A@\([0,+∞)\)
- 即是(rule : A) \(≡\) process_start \(→\) A@\([0,+∞)\)
\(start\):identifies an expression which has to be verified only on the initial time instant
\(rule\):imposes the expression to be verified on the entire time domain.
\(\rightarrow\) patterns are typically presented in the form of \(start\) or of \(rule\)
5.1 Occurrence specification patterns
the scopes modelled through intervals \(independently\):
| scope | interval |
|---|---|
| Globally | \([0,+∞)\) |
| Before R | \([0,+\)R\()\) |
| After Q | \([+\)Q\(,+∞)\) |
| Between Q and R | \([+\)Q\(,+\)R\()\) |
| After Q until R | \([+\)Q\(,+\)R\()\) |
\(example\) \(1\):Absence pattern Temporal Logic Mappings:
| scope | TILCO-X Temporal Logic Mappings |
|---|---|
| Globally | start : \(¬\)P@\([0,+∞)\) |
| Before R | start :R?\((0,+∞)→¬\)P@\([0,+\)R\()\) |
| After Q | start : \(¬\)P@\([+\)Q\(,+∞)\) |
| Between Q and R | rule :R?\((0,+∞)→¬\)P@\([+\)Q\(,+\)R\()\) |
| After Q until R | rule:\(¬\)P@\([+\)Q\(,+\)R\()\) |
\(example\) \(2\):all the occurrence patterns for the “After Q until R” scope:(formulas share the same structure)
| pattern name | Temporal Logic Mappings |
|---|---|
| Universality | rule : P@\([+\) Q\(,+\)R\()\) |
| Absence | rule : \(¬\)P@\([+\)Q\(,+\)R\()\) |
| Existence | rule : true ?\([+\)Q\(,+\)R\()→\)P ?\([+\)Q\(,+\)R\()\) |
| Bounded Existence | rule : true ?\([+\)Q\(,+\)R\()→\)P ?\(^{max}_{min}[+\)Q\(,+\)R\()\) |
| Time-Constrained Recurrence | rule : \((\)true ?\([\)k\(,+\) R\()→\)P ?\([\)k\(,+\)R\())\)@\([+\)Q\(,+\)R\()\) |
注:true?\([+\)Q\(,+\)R\()\) \(\Leftrightarrow\) with respect to the evaluation time instant, a non-empty interval [+Q,+R] will occur in the future (Q and R are predicates). (注:根据其 Boolean值也可用于判断某个interval是否存在)
疑:TILCO-X operators model the occurrence patterns in a quite simple way, while leaving to the intervals the definition of the pattern scope and thus keeping separate the two concepts into the specification. “two concepts”指什么?scope和interval 还是 pattern和interval?
when the specified time interval is empty, “@” operator is \(vacuously\) \(true\), while “? ” operator is evaluated as \(false\)
- $\square (Q $ & $ !R\rightarrow (!R$ \(\mathcal{W}\) \((P\) & \(!R)))\):The LTL mapping for “\(Universality\) \(of\) \(P\)” in “\(Between\) \(Q\) \(and\) \(R\)” scope
- $\square ((Q $ & $ !R$ & \(\lozenge) \rightarrow (P \cup R))\):“\(Occurrence\) \(of\) \(P\)” in “\(Between\) \(Q\) \(and\) \(R\)” scope
5.2 Duration Specification Patterns
-
Minimum duration —— start : \(((¬\)P@−1\(∧\) P\()→\)P@\((\)0\(,\) k\())\)@\([+\)Q\(,+∞)\)
-
Maximum duration —— start : \(((¬\)P@−1\(∧\) P\()→ \lnot\)P?\((\)0\(,\) k\())\)@\([+\)Q\(,+∞)\)
-
因为\(\lnot(\)P@$(\(0\),$ k\())\Leftrightarrow\lnot\)P?$(\(0\),$ k\())\),所以上面两个property 是对偶的(dual)
\((¬\)P@\(−\)1 \(∧\) P\()\) \(\Leftrightarrow\) the occurrence of a false-true transition of P. (意思就是P从false transition到了 true)
5.3 Order Specification Patterns
5.3.1 Precedence pattern
“\(S\) \(precedes\) \(P\)” on “\(Between\) \(Q\) \(and\) \(R\)”:
- with past mapping rule :R?\((\)0\(,+∞)→(\)P \(→\)S ?\([−\)Q\(,\)0\())\)@\([+\)Q\(,+\)R\()\)
- pure future mapping rule :Q \(∧\) \(¬\)R \(∧\) R?\((\)0\(,+∞)→¬\)P@\([\)0\(,+(\)S \(∧\) R\())\)
疑:pure future到底是怎么个意思,只有future?所以把第一种形式中的负号去掉了?
“\(S\) \(precedes\) \(P\)” in “\(After\) \(Q\)” scope:
- in LTL is :\(\square\) \(!Q\) | \(\lozenge (Q\) & \((!P\) \(\mathcal{W}\) \(S)\)
- but in TILCO-X is P\(→\)S?\([−\)Q\(,\)0\()\)
5.3.2 Response pattern
“\(S\) \(responds\) \(to\) \(P\)” in “\(Between\) \(Q\) \(and\) \(R\)”:
-
TILCO-X:rule :R?\((\)0\(,+∞)→(\)P \(→\)S ?\([\)0\(,+\)R\())\)@\([+\)Q\(,+\)R\()\)
-
LTL: \(\square ((Q\) & \(!R\) & \(\lozenge R) \rightarrow(P \rightarrow(!R \cup (S\) & \(!R)))\cup R)\)
“\(S\) \(responds\) \(to\) \(P\)” in “\(After\) \(Q\)”:
-
LTL: \(\square (\) Q\(\rightarrow\) \(\square(P \rightarrow \lozenge S))\)
-
TILCO-X:start : \((\)P \(→\)S?\([\)0\(,+∞))\)@\([+\)Q\(,+∞)\)
5.3.3 Consideration on Order Specification Patterns
| Scope | Beginning of scope | Beginning of scope | End of scope |
|---|---|---|---|
| w.r.t. process_start | w.r.t time instants inside scope | ||
| Parameter predicates | scope _ beg | scope _ beg _ in | scope _ end |
| Globally | 0 | \(-\) process _ start | \(+\infin\) |
| Before R | 0 | \(-\) process _ start | \(+\)R |
| After Q | \(+\)Q | \(-\)Q | \(+\infin\) |
| Between Q and R | \(+\)Q | \(-\)Q | \(+\)R \((must\) \(exist)\) |
| After Q until R | \(+\)Q | \(-\)Q | \(+\)R |
The general expression of “\(S\) \(precedes\) \(P\)” for the first three scopes(\(Globally\),\(Before\) \(R\),\(After\) \(Q\)) can be written in terms of parameter predicates (defined as reported in the above table) as
start : \((\)P \(→\)S ?\([\)scope _ beg _ in\(,\)0\())\)@\([\)scope _ beg\(,\) scope _ end \()\)
“\(S\) \(precedes\) \(P\)” in “\(After\) \(Q\) \(until\) \(R\)” scope:
rule : \((\)P \(→\)S ?\([\)scope _ beg _ in\(,\)0\())\)@\([\)scope _ beg\(,\) scope _ end \()\)
the expression of “\(Between\) \(Q\) \(and\) \(R\)” only adds the scope existence (i.e. R must happen):
rule : \(\exist\) scope _ end \(\rightarrow\) \((\)P \(→\)S ?\([\)scope _ beg _ in\(,\)0\())\)@\([\)scope _ beg\(,\) scope _ end \()\)
To let in a clear form the interval “Q-R” has been considered of great value for the reader.
Two versions of TILCO-X mapping for “\(S\) \(responds\) \(to\) \(P\)” in \(After\) \(Q\) \(until\) \(R\) scope are reported :
- rule : \((\)P \(→\)S?\([\)0\(,+\)R\())\)@\([+\)Q\(,+\)R\()\)
- rule :Q \(→((\)P \(→\)S?\([\)0\(,+\)R\())\)@\([+\)0\(,+\)R\())\)
(注:这个例子是response的,也就是5.3.2的..不是Precedence,两者不要搞混)
5.3.4 Time-Constrained Precedence Pattern
5.3.5 Time-Constrained Response Pattern
注:略,appendix里都有了,注意那几个复杂式的化简以及TILCO-X里future和past的使用就好
5.3.6 Time-Constrained Invariance Pattern
Invariance Pattern is related to the corresponding real-time version: Time-Constrained Invariance.
-
After Q: start: \((\)P \(→\)S@\([\)0\(,\)k\())\)@\([+\)Q\(,+∞)\)
-
Between Q and R rule : R?\((\)0\(,+∞)→(\)P \(→\)true\([\)k\(,+\)R\(]\) \(∧\) S@\([\)0\(,\)k\())\)@\([+\)Q\(,+\)R\()\)
true\([\)k\(,+\)R\(]\) state that “\(R\) \(occurs\) \(after\) \(at\) \(least\) \(k\) \(time\) \(instants\)”.
注意区分:true?\([+\)Q\(,+\)R\()\) 代表的是a non-empty interval [+Q,+R] will occur in the future
而 true\([\)k\(,+\)R\(]\) 则表示“\(R\) \(occurs\) \(after\) \(at\) \(least\) \(k\) \(time\) \(instants\)”
6、Discussion on Pattern Scopes
\(in\) \(the\) \(presence\) \(of\) \(F\) –– a property has to hold only in an interval where \(F\) occurs at least once:
start : F ?\([\)0\(,+∞)→\)P@\([\)0\(,+∞)\)
\(in\) \(the\) \(absence\) \(of\) \(F\) –– a property has to hold only in an interval where \(F\) never occurs:
start : \(\lnot\)F ?\([\)0\(,+∞)→\)P@\([\)0\(,+∞)\)
\(from\) \(when\) \(F\) \(never\) \(holds\) –– a property has to hold only from the state/event where \(F\) is going to stay false for ever:
start : P @\([+ (¬\)F ?\([\)0\(,+∞)),+∞)\)
7、Case study: Crossroad Traffic-light controller
最后咱们分析出来的结果应该也是像这个case中给出的结果一样,有structured English Grammar、TILCO-X expression、pattern name、scope
注:这个Section里出现了一个 hybrid interval: true?\([\)BLINK\(,+\)on\()\), used with “\(?\)” and with a “\(true\)” Boolean expression,means if such interval exists.(用于判断这个interval是否存在)
