The DEVS Formalism- A Framework for Logical Analysis and Performance Evaluation for Discrete Event...

7/30/2019 The DEVS Formalism- A Framework for Logical Analysis and Performance Evaluation for Discrete Event Systems

1/6

The DEVS Formalism :A Framework for Logical Analysis andPerformance Evaluation for Discrete Event Systems *

Gyung Pyo Hong and Tag Gon KimDepartment of Electrical Engineering

Korea Advanced Institute of Science and Technology373-1 Kusung-dong Yusung-gu, Taejon 305-701, Korea.

AbstractThis paper proposes a framework which supportsperformance evaluation and logical analysis of dis-crete event systems using a unified formalism, i . e . ,

th e DEVS(Discrete Event System Specif ication) for-mal ism. For performance evaluation, DEVSim+ + arealization of th e DEVS formalism and the associatedsimulation algorithms in C++, is used. For logicalanalysis, the dual language approach is adopted. We'use the DE VS form alism as an operational formalismt o describe syste m's behavior. Tem.pora1 Log ic(TL ) isemployed as an assertional form alism t o specify sys-tem's properties. To reduce states space in logical anal-ysis, we exploit a projection mechanism. The methodzs a mappzng of a set of s ta t e s in models into a state,which obtained from 7'1, assertions. A n example o jLogical analysis for Alternating Bat Protocol is given.

1 IntroductionSystems development process consists of a formalspecification of requirements, modeling from the spec-ification, validation of the models, performance evalu-;ition and implementation. A model for performance

waluation should have time informations between thecommunicating entities t o analyze average delay time.i,hroughput, and so on. On the other hand, a model forvalidation should have logical informations to provethat there are no logical conflicts in procedure rules'ISBN 0-8186-6440-1. Copyright (c) 1994 IEEE. Al l rights

reserved. Personal use of this material is permitted. However,permission to reprint/repub lish this material for advertising orpromotional purposes or for creating new colle ctive works forresale or red istribution must b e obtained from the IEEE. Forinformation on o btaining per mission, send a blank email mes-sage t o [email protected]. B y choosing to view thisdocum ent, you agree to all provisions of the copyright laws pro-tecting it.

From these different features, the designer has to de-velop two kinds of models to perform the per formanceevaluation and the logical analysis. This is a very te-dious job.This paper presents a framework which supportsboth performance evaluation and logical analysiswithin a unified formalism. Logical analysis tech-niques can be divided into t8woapproachs, single lan-guage approach and dual language approach. Reach-ability analysis is a well known single language ap-proach. It is practically impossible to perform com-plete analysis for complex systems[2]. On the otherhand, the dual language approach uses two for-malisms: operational formalism which describes thebehavior of a system and assertzonal formalis m whichspecifies the property of a system. We adopt Tempo-ral Logic(TL) as an assertional language and DEVSformalism as a description language.This paper is organized as follows. Section 2 de-scribes the proposed framework for the dual languageapproach. In section 3 , we describe the assertionallanguage TL and its expansion procedure. And a pro-jection mechanism for atomic DEVS models and a val-idation procedure are also described. We conclude thispaper in section 4.

2 Proposed FrameworkFigure 1 proposes a framework for logical analysisand performance evaluation within the unified DEVSformalism, where the logical analysis exploits the duallanguage approach. A modeler should develop DEVSmodels to perform performance evaluation. Thi s is re-fined descriptions from informal requirements of a s y stem. The DEVS formalism and th e associated simula-

tion algorithms provide sound modeling semantics anda simulation methodology[8]. Therefore the modelingand the performance evaluation processes are easilyaccomplished by using the IlEVSim++[3].

1700-8186-6440-If9404.00 994 EEE
mailto:[email protected]:[email protected]:[email protected]


2/6

DEVS Spec.- Entities-pmoedUrerUl0

The main advantage of the dual language approachis in its flexibility; the use of specification languageprovides a uniform notation for expressing a wide va-riety of correctness properties and it separate mod-els from reachability assertions[6]. But the dual lan-guage approach also has the state explosion problemfor complex systems. Therefore partia l proof againstgiven specifications is a reasonable solution to theseproblems(41. The dual language approach with a pro-jection mechanism can be an efficient method for thevalidation of large systems.

Temporal constraints that present temporal prop-erties of the requirements are also required for logi-cal analysis. These constraints are expressed by usingTemporal Logic(TL). The temporal logic formula istranslated into a finite state automaton. The stateinformations are obtained from the automata. Theseinformations are applied to the DEVS model, devel-oped for performance evaluation, to obtain a projectedstate space. Logical analysis is performed by using theprojected state space and the finite automata of TLformulas.

DEVSModel State

3 Logical Analysis

InformalDescriptionofSystem8

The D E W models for performance evaluationdoes not have any constraints about the desiredstates/events set and global st at e information of a sys-tem. For logical analysis, such information should beadded to the DEVS models. The logical constraintswhich specify the state sequences of a system can beexpressed in terms of temporal logic formulas. Timinginformation does not need for logical analysis. Thus,the time advance function fro an atomic D E W modelmay not be used for logical analysis. The logical anal-ysis is basically a searching procedure to find illegalstates. For efficient analysis, there should be a mech-

information111111-_1.11111_1_-----111 111----111111--

Partial lyState Spate Selected State

PerformpnceEvaluntion

TLkseertions- system h P .

anism to reduce the sta te space. We accomplish itby an extension of the DEVS formalism, i . e , add aprojection function and s tat e set informations derivedfrom TL assertions into atomic D E W models. A fa-cility for global states manipulation is also added tocoupled DEVS models.

stateDiagramof t- LAssdim TeawralConstraints3.1 Expression of Temporal Logic

Temporal logic assertions express sequence of statesthat should be satisfied during system execution.Therefore the s tat e information of TL assertions canbe used to project with respect to related states fromthe D E W model of it target system. Temporal logicis an extended logic by adding the temporal operatorsto describe the timing relationship between entities.It has been widely used to specify discrete event sys-tems such as concurrent system and communicationprot,ocol. The temporal operators and their meaningsare as follows[I].O ( a l w a y s ) A : A is true now and will always betrue in the future.O(somet imes )A: A is h e ow or will be truesometimes in the future.AU(until)B: B is true now or A is true until Bwill be true.O ( n e z t ) A :A will be true next time.

To establish correspondence between TL assertionsand a DEVS model, TL assertions are described byusing the state variables and their values defined inthe DEVS model. Let grammar G of the temporalexpression be (VT,V N , ,S). Terminal VT is a set ofatomic formulas which contain no temporal operator.The non-terminal VN follows the next operator 0.given temporal expression, a non-terminal set and a

171


3/6

FINAL state constitute a states set S of the gram-mar. The production rules P for a set of temporaloperators are as follows, where an expression in {}isa language accepted by th e projection rules.U Aj . O ( o A ) { A * }V AA UBa I A A 7 B O ( AUB ) ) A A i B ) * }- iO A T A O ( T U A ) { ( - i A ) * }

0 ( A U B ) =s-

A I T A O ( O A ) { ( l A ) * A }1 O A ----I - A I A . O ( 7 0 A ) { A * - 7 d 4 }-B I B A - A . O ( l ( A U B ) ) ( ( B l A ) * l B }

A temporal expression which describes a sequencrbof states is expanded to a current st ate condition anda next state condition using the grammar. This isbased on the decision procedure in [7]. The expansionprocedure for temporal expression is as follows.(i) Start with application of the production rules

shown above to TL assertions.(ii) Set the non-terminal to a next state and the termina1 to a transition condition. Any formula thatcontains only terminals becomes a transition con -dition for the FINAL state.(iii) The outmost operator 0 or a next state is removed.(iv) If a new stat e does not appears, then terminateOtherwise go to (i).

After execution of the expansion procedure, a TI,assertion is translated into a finite state automalon Rits

S : sequential states set;A : logical assertions set;6 : state transition function;with the following constraintsS , A : finite set;6 R : S x 2 A + P ;

In this paper, we use the alternating bit protocol(ABP) as an example system. A detailed description of the A BP appears in [5]. Consider the followingproperty for the ABP. Error-free 7kansmasszon : fn o transmassron errom exist between Sender and Re-cezver, then messages are sent rnfinately and they havralternate control btt . The TL assertions of this property are as follows.

(i) O ( S . E r r o r A R . E r r o r =f a l s e )(ii) O ( ( S . P h a s e =F M A S.st =0 )+O ( R . P a h s e =F A A R.at =0 ) )(iii) O ( ( S . P h a s e=F M A S.st =1 )-+O ( R . P a h s e =F A A R.at =1) )(iv) U ( ( S . P h a s e=F M A R . P h a s e =W M )-+ ( S . P h a s e =F M A R . P h a s e =W M )U (S . Ph a s e=W A A R . P has e =F A ) )-+( S . P h a s e =WA A R . P h a s c =F,4)U ( S . P h a s e =F M A R.Pha.se =W M ) )

(v) U ( ( S . P h a s e=W A A R . P h a s e =F A )

The model of the ABP should be correct if it sat-isfies the above T L assertions. To prove th e property,we translate T L assertions into a finite stat e automa-ton. Figure 2 shows the resultant aut oma ta for the T Lassertion (iii). The expansion procedure for this as-sertion is as follows. Le t S.Phase =F M A S . a t =1beA , and R.Phase =F A A R . ~ 1 be B . The followingis the expansion procedure for the given property.1st step : apply expansion rule for 082nd step : determine transition conditionstransition to FINAL state . -A 1 Btransition to next state( O B ) : -B3th step : apply expansion rules to O B4th step : determine transition conditions

1 A I O B =T A B I 7 L . l . O ( O B )

O B =B I -7B.O ( O B )transition to FINAL state . Rtransition to next stat,e(OB) : T B

5th step : ( O B ) appears :!,gain : stop expansion

A =(S.Phase =F M A S.st =1)B =(R.Phase =F.4 A R.at =1)

Figure 2: Finite State AutomatonThe state values set which is related to the given

properties can bet extracted from the transition con-dition 2A of R . This is done by the grouping thevalues set used as transition conditions. The sta tevariables of SENDER and RECEIVER for the

172


4/6

above property can be grouped as follows: S.Phase ={ {WA } } ,S.st = { { 0 } } , S . E r r o r ={ }, R.Phas t , ={ F A , { W A } } ,R.at = { l , {O}} and R . E r r o r = { }.Therefore, stat es th at have the same vaiues except forE r r o r can be treated as an equivalent state. Table 1represents the values set of state variables of the AB Pofr the E r r o r - f re e T r a n s m i s s i o n property.Spec # I sv I SENDER 1 RECEIVER1 I Error 1 false I false2 Phase {WA}

st-.a t-3 I Phase {WA}

--Table 1. Grouped state variables for T L assertions3.2 Projection Procedure

The projection is an efficient method to reduce thespace/time complexity of logical analysis. Assumethat a model supports various properties and someof them are disjoint Then TL asserttons for a cer-tain property use only a subset of doniain of a statevariable. Therefore t h e states which have the unusedvalues can be groupcd i n one state.Definition. 1 h t M ( S , ) be a statc, uarzable of anatomzc DEL'S model and M ( V , ) be donvazn of M ( S , ) .Th r n the s e t of s?ates of the model as S M =M(1 / 1 )xM ( V 2 ) x " M(Vr,)Definition. 2 Le t R ( S , ) be a state vanable that 2suJed as transation condataons an the automata R andR I \ < ) be a se! of grouped value set Th en the setof states of requ~remeni\ E A ,S R = R ( \ f l ) x R(b i ) x

R( b;)Definition. 3 Projfc tzon 2s a mappzng of a set ofstates an SM anto a slate zn SR based on R(Vs) .(z I The states an SM whzch contaan a value zn the usedvalue set( t i ) The stat& zn SM whzch contazn values that doesnot appear an the used value set U L = ,( K ) are re-moved from Sfif The re9ultani asolatd sta tes are (ilsoremoved. (zzz) I f a date oarzables d o n o i used en the as-s e r t z o n s then the n d i m t n s r o n a l state space as m a p p e dznto th e n - drmemsronal zmage

R( & ) 1s aggregated znto a state zn S R

Consider a system shown in Figure 3 (a) that isdescribed by 2 state variables w 1 = ( t r u e , f a l s e } ,vz = {n I n 2 1). Let states S Z , S ~ nd s4 be s~=(w1 = f a l s e , v 2 =2} , s3 ={ V I =f a l s e , v z =3) ands3 ={VI = f a l s e , v z =3). Assume that state tran-sition conditions which are obtained from the expan-sion procedure have a value group wz =(1, ( 2 , 3 , 4 } } .If a transition condition for T L assertions satisfies711 = f a l s e , then the system can transit to thesestates. Therefore these states are equivalent and canbe grouped. Figure 3(b) shows the results after group-ing.

If TL assertions do not use the value q = f a l s e ,then the system never transit to the states that containt,his value. So, these states can be removed from theoriginal system. Figure 3 (c) shows the result afterremoving those states.

Figure 3: Projection of Example SystemThe DEVS formalism is extended for logical analy-sis and projection. The projection function is a map-ping of states from an atomi c D E W model t o a statein a finite state automaton of a T L assertion. SR st.he states set tha t is equivalent to the grouped statesof the DEVS model. Formally, the specification of anatomic mode M is as follows.

X : input events set;SM : sequential stat es set;Y : output events set;hirsl : internal transition function;Se,, : external transition function;

173


5/6

X : output function;t a : time advance function;f~ : projection function for requitements;SR : states set of requirement,s;X ,k;SM : infinite but, countable set;wi th the following constraints,dint : S M ---$ S M ;de, , : Q X x +S M ;Q ={(s, e) I s E S M , 5 e F t a ( s > ) ;Q : total state of M ,

e : elapsed time after scheduling;S M + Y ;

t u : Is;M --+ R e a l ;fR : 2s M --* S R ;

To validate, the gathering and tracking facili1.iesofglobal states of the coupled DEVS model are required.So a means for manipulating the global states set, isadded to the coupled IIEVS formalism.

D : componenl, names set;for each i in D ,M i : DEVS component i in LS ;ii : set of influrmcees of i ;for each j in l i ,Z i l j : 1: - j

i-tto-joutput translation function;SELECT : 2 D - : tie-breaking selector;SG : XSR, : global states set;6 D N : sC;x 2 A -+ 2 S ~state transition fiiiiction;

Figure 4 (a ) shows stat e diagrams of the at,omicmodels SENDER and RECEIVER. The global statvdiagram for the projected atomic models is shown in(b). The dotted area presents the projected stateswith respect t,o the property Error-free Transmission.The global state diagram obt.ained from the projectedatomic models is equivalent to t,he projection result.of the original couplecl model. 'rherefore applicat,ioriof the projectmion n the atomic DEVS model is mort'efficient twcausc the st,at,e pace coriip exity is reduced3.3 Validation Procedure

'The logical analysis is performed by an acceptancc3checking : check whether a TL assertion accepts thest ate transition sequences of a coupled DEVS niodelIf the model is correct then a sequence of sta tes in a

!msg-O?ack-O

- - - - - - - - - - -P h ase = IFwd-Mag, Wait-AckError =(true, alset

7msg-outlsg-in ? a ck i nt ack-out

Phase =IFwd. Ack, W ait-Mag1Ack-Turn = IO, 11Error = (true, false1(a ) Chuplerl & Projected DEVS Model of A B P

?ack-L, !a d -(FM,O,D, (WM,O,D (WA ,l,O, (FA ,l,f )rWA,O,f). FA,O. (FM, 1,0, (WM ,l,f)!msg-O !msg-l?msg-O ?msg- l?ack-O. !ack-0( b ) State Diagram of Coupled DEVS Model

Figure 4:Global State Diagram of Projected AR Pcycle of the model would be accepted by the temporalconstraints language. The validation algorithm is asfollows.Validation A lgorzthmVa Stack: stack of G ;

gi :global sta tes s et :S, x SG, ;S, : next states set of F S A ;t, : ransataon condataon of F S A ;SG , : ext stutes set o f M O D E L ;

beqznStack '={}g2 :=go:push(go, Stack);whzle not-emp ty(Stack,) d o began

s n =b ( S , , t * ) ;S G , '=6DN(SG,,tr)

174


6/6

z f SG,, ={} thengo to Label;gn .=s n x SG,;forQgn doi f (gn # S t a c k ) t he npush(g,, Stack);else if acceptance-check(g,) = true thenterminate(mode1 zs correct);

en d for;Label : i =pop(5taek);end while;terminate(c0nflict exist);en,d;By using the above algorithm, WP can find a loopfrom the transitions of a FSA(Finite State Autorna-ton) and a DEVS model in the Figures 2 and 4. Thepossible next states g1([2?( ( W A , , f ) , F A , , f))])and g2([3, ( ( W A , , j ) , I T A - , f))]) re obtained from

th e initial s t a t e y ~ ( [ l , ( ( E M , O , f ) , ( ~ M , O , f ) ) ] ) .extstate of 9 2 becomes g3([ l , (WA, , f), F A , , f))]) al-though 92 is an acceptance state. This is because a cy-clt, of sequences of global states does not exists. Andg1 transit into g4 ( [2 , ( iWAIO , j ) , (F , t , ( 1 , ))]) becausencxt st at e of the model can accept the transition cou-dition of the FSA The state transition of the modelbased on transition condition of the FS A is made untila cycle of s ta te sequences of the model IS detected andthe FSA reaches the acceptance st at e IFa model h a s adeadlock, then it can not proceed a t that st ate. Thwe-fore the model can not r ex h the acceptance sta te untilthe algori thm is terniinat ed The validation algorithmc a n also be applied to the negation of a TL assertionSuch negation of a giveii T L assertion may Increasevalidation speed for somc cases.

4 Conclusion

the atomic models are coupled. Then various valida-tion techniques which are used in the dual languageapproach can be applied.

AcknowledgementThe authors would like to thank ETRI(E1ectronicsand Telecommunications Research Institute) for sup-porting this research. This research was done in thecontext of the ETRI project on ATM network perfor-mance study.

References[1] Reinhard Gotzhein, Teniporal logic and applica-tions - a tutorial, Computer N etworks a nd ISDN

Systems 24, 1992.[2] Gerard J Holzmann, Deszgn and Valzdatzon ofComputer Protocols , Prentice-Hall, Inc., 1991.[3] Tag G . Kim, DEVSIM++ Users Manual:

C++ Based Sirnulation with Hierarchical Modu-lar DEVS Models, Computer Engineering Lab.,Dept. of Electrical Engineering, KAIST, 1994.[4] Simon S. Lam, A. Udaya Shankar, Protocol Ver-ification via Projections, IEEE Transactzons onSoftware Engzneerzng, Vol. SE-10, No. 4 , July1984,[5] Jawahar Malhotra, Scott A. Smolka, AlessandroGiacalone, Robert Shapiro, Winston : A Tool forHierarchical Design and Simulation of ConcurrentSystems, [SI Jonathan S. Ostroff, Temporal Cogzc for Real-TznieSystems, Advaneed Software Llevelopment Serzes.

I , Research Studies Press Ltd , 1989.This paper presents a unified framework for per-forrnance evaluation and logical analysis within theDEVS formalism. A performance analysis model hastiming informations between the communicating enti-ties. Th at is used to analyze time related performance

such as average delay time and throughput, etc. A val-idation model has logical informations which is usedto prove systems properties or procedure rules. Thi s isaccomplished hy an extension of the DEVS formalism.ro solve the state space explosion problem duringthe validation phase, we exploit a projection me( ha-

nisin using external TI, assertions. Thi s is a very ef-ficknt method because st ate reduction is made before

[7] Pierre Wolper, Temporal logic can be more ex-pressive, 22nd A nnual Sym posium on Foundationof Computer Science, pp.340-348, 1981.

[8] R.P. Zeigler, Multifacetted Modeling and DiscreteEvent Simulation: Academic Press, Orlando, FL,1984.

175

The DEVS Formalism- A Framework for Logical Analysis and Performance Evaluation for Discrete Event...

Documents

Transcript of The DEVS Formalism- A Framework for Logical Analysis and Performance Evaluation for Discrete Event...