Abstract
The analysis of behavioral models is of high importance for cyber-physical systems, as the systems often encompass complex behavior based on e.g. concurrent components with mutual exclusion or probabilistic failures on demand. The rule-based formalism of probabilistic timed graph transformation systems is a suitable choice when the models representing states of the system can be understood as graphs and timed and probabilistic behavior is important. However, model checking PTGTSs is limited to systems with rather small state spaces.We present an approach for the analysis of large-scale systems modeled as probabilistic timed graph transformation systems by systematically decomposing their state spaces into manageable fragments. To obtain qualitative and quantitative analysis results for a large-scale system, we verify that results obtained for its fragments serve as overapproximations for the corresponding results of the large-scale system. Hence, our approach allows for the detection of violations of qualitative and quantitative safety properties for the large-scale system under analysis. We consider a running example in which we model shuttles driving on tracks of a large-scale topology and for which we verify that shuttles never collide and are unlikely to execute emergency brakes. In our evaluation, we apply an implementation of our approach to the running example.
Highlights
Real-time cyber-physical systems often emit a complex behavior based on e.g. concurrent components with mutual exclusion or probabilistic failures on demand
PTGT rules of a probabilistic timed graph transformation systems (PTGTSs) correspond to edges of a probabilistic timed automata (PTA) and contain (a) a left-hand side graph L, (b) an attribute constraint on the clock attributes contained in L to capture a guard, (c) a natural number describing a priority where higher numbers denote higher priorities, and (d) a nonempty set of tuples of the form ( : K L, r : K R, φ, C, p) where (, r, φ) is an underlying GT rule with application condition φ1, C is a set of clock attributes contained in L to be reset, and p is a real-valued probability from [0, 1] where the probabilities of all such tuples must add up to 1
The entire analysis using our prototypical implementation required less than three days on a machine using up to 250 GB memory where the state space generation required most of the time
Summary
Real-time cyber-physical systems often emit a complex behavior based on e.g. concurrent components with mutual exclusion or probabilistic failures on demand. We present a decomposition-based approach for the analysis of large-scale systems modeled as PTGTSs to rule out violations of qualitative and quantitative safety properties. To obtain the mentioned simulation, we include modifications of the rules of the original PTGTS operating on the border of an FT into the adapted PTGTS With this direct relationship between behaviors on the FTs and the LST, we obtain that the likelihood of an unwanted or forbidden graph pattern in one of the adapated PTGTS is an upper bound for its likelihood in its embedding in the large-scale PTGTS. In [14], the idea to overapproximate the environment and border is explored for timed automata with explicit models of the roles in form of protocol automata This idea has been combined with dynamic collaborations in [12, 13] captured by timed GTSs (TGTSs) and their analysis via inductive invariant checking [3, 4].
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
