This monograph presents the Timed Input/Output Automaton (TIOA) modeling framework, a basic mathematical framework to support description and analysis of timed (computing) systems. Timed systems are systems in which desirable correctness or performance properties of the system depend on the timing of events, not just on the order of their occurrence. Timed systems are employed in a wide range of domains including communications, embedded systems, real-time operating systems, and automated control. Many applications involving timed systems have strong safety, reliability, and predictability requirements, which make it important to have methods for systematic design of systems and rigorous analysis of timing-dependent behavior. The TIOA framework also supports description and analysis of timed distributed algorithms -- distributed algorithms whose correctness and performance depend on the relative speeds of processors, accuracy of local clocks, or communication delay bounds. Such algorithms arise, for example, in traditional and wireless communications, networks of mobile devices, and shared-memory multiprocessors. The need to prove rigorous theoretical results about timed distributed algorithms makes it important to have a suitable mathematical foundation.
An important feature of the TIOA framework is its support for decomposing timed system descriptions. In particular, the framework includes a notion of external behavior for a timed I/O automaton, which captures its discrete interactions with its environment. The framework also defines what it means for one TIOA to implement another, based on an inclusion relationship between their external behavior sets, and defines notions of simulations, which provide sufficient conditions for demonstrating implementation relationships. The framework includes a composition operation for TIOAs, which respects external behavior, and a notion of receptiveness, which implies that a TIOA does not block the passage of time.
The TIOA framework also defines the notion of a property and what it means for a property to be a safety or a liveness property. It includes results that capture common proof methods for showing that automata satisfy properties.
Table of Contents
Describing Timed System Behavior
Operations on Timed Automata
Properties for Timed Automata
Timed I/O Automata
Operations on Timed I/O Automata
Conclusions and Future Work
About the Author(s)Dilsun Kaynar
, CyLab, Carnegie Mellon University
Dilsun Kaynar is a postdoctoral researcher at CyLab, Carnegie Mellon University. Previously, she was a postdoctoral research associate in the Theory of Distributed Systems Group at MIT's Computer Science and Artificial Intelligence Laboratory. She received her PhD degree from the University of Edinburgh at the Laboratory for Foundations of Computer Science and her BSc in Computer Engineering from METU in Turkey. The broad area of her research is the specification, programming, and verification of distributed computing systems. Her PhD work focused on the design of functional programming languages that support mobile computation. She investigated the application of type-based analysis in this context, in particular to improve safety and security of systems. In her postdoctoral research at MIT, she worked on the development of I/O automata-based formal modeling frameworks for distributed systems, with collaborators including Nancy Lynch, Roberto Segala, and Frits Vaandrager. She is currently pursuing research at CMU CyLab, developing methods for analyzing security guarantees offered by contemporary secure systems and establishing foundations for data privacy, based on specializations of general formal frameworks for distributed computing such as I/O automata.Nancy Lynch
, MIT Computer Science and Artificial Intelligence Laboratory
Nancy Lynch is a Professor in the Department of Electrical Engineering and Computer Science at MIT and heads the Theory of Distributed Systems research group in MIT's Computer Science and Artificial Intelligence Laboratory. Prior to joining MIT in 1981, she served on the faculty at Tufts University, the University of Southern California, Florida International University, and Georgia Tech. She received her B.S. degree in mathematics from Brooklyn College, and her PhD in mathematics from MIT. She has written numerous research articles about distributed algorithms and impossibility results, and about formal modeling and verification of distributed systems. Her notable research contributions include the well-known "FLP" impossibility result for distributed consensus in the presence of process failures (with Fischer and Paterson), the "DLS" algorithms for stabilizing fault-tolerant consensus (with Dwork and Stockmeyer), and the I/O automata mathematical modeling frameworks (with Tuttle, Vaandrager, Segala, and Kaynar). Prior to this monograph, she wrote two books: on "Atomic Transactions" (with Merritt, Weihl, and Fekete) and on "Distributed Algorithms." She is a member of the National Academy of Engineering and the American Academy of Arts and Sciences,and is an ACM Fellow. She is a winner of several prizes for her work in distributed computing theory, including the Dijkstra Prize (2001 and 2007), the van Wijngaarden Prize (2006), the Knuth Prize (2007), and the IEEE Piore Prize (2010).Roberto Segala
, Dipartimento di Informatica, University of Verona
Roberto Segala is a Professor at the University of Verona, Italy, and heads the Formal Models and Verification group at the Department of Computer Science. Prior to joining the University of Verona in 2001,he was research associate at the University of Bologna.He received his Laurea in Computer Science from the University of Pisa as a student of the Scuola Normale Superiore, and his Masters and PhD in Computer Science from MIT. As part of his PhD work, he made contributions to the theory of liveness and receptiveness for real-time systems and he designed the model of Probabilistic Automata for the formal analysis of randomized distributed algorithms. After that, he worked with Lynch, Kaynar, Vaandrager and others on the hybrid extension of the I/O automata framework. He also worked on model checking of probabilistic real-time systems, contributing to the design of some of the algorithms used in the PRISM model checker. One of his long-term goals is to design a general mathematical model that can be used for the description and analysis of systems that exhibit stochastic hybrid behavior.Frits Vaandrager
, Institute for Computing and Information Sciences, Radboud University Nijmegen
Frits Vaandrager is a Professor at the Radboud University Nijmegen, the Netherlands, within the Institute of Computing and Information Sciences.Prior to joining the Radboud University in 1995, he was group leader at the CWI in Amsterdam and held postdoctoral positions at MIT in the group of Nancy Lynch, and in the group of Gerard Berry at the Ecole Nationale Superieure des Mines in Sophia-Antipolis. He received his M.S. degree in Mathematics from the University of Leiden, and his PhD in Computer Science from the University of Amsterdam. As part of his PhD work, he made major contributions to the general theory of structural operational semantics. After that he worked with Lynch, Segala, Kaynar, and others on the theory and applications of the I/O automata framework. He has been and is involved in a large number of projects in which formal verification and model checking technology is applied to tackle practical problems from industrial partners. His group has been and is closely involved in the use and development of the timed automata model checker Uppaal. In part due to these efforts, Uppaal is now routinely used for industrial case studies and has thousands of users, both in academia and industry.