Operator Patterns for Analysis of Composite Events in Timed Automata AnnMarie Ericsson, Robert Nilsson, Sten F. Andler Department of Computer Science University of Sk¨ ovde Box 408, 541 28 Sk¨ ovde, Sweden e-mail: ammi.ericsson, robert.nilsson, sten.f.andler @ida.his.se Abstract— Event-triggered real-time systems interact with the environment by executing actions in response to monitored events. Such systems may be implemented using event condition action (ECA) rules, which execute an action if the associated event occurs and a specified condition is true. However, the ECA rule paradigm is known to be hard to analyze with respect to correctness and timeliness, which is not conducive to the high predictability requirements typically associated with real-time systems. To still take advantage of the ECA rule paradigm when event-triggered real-time systems are developed, we propose an approach where systems are specified and analyzed in a high-level formal language (timed automata) and later transformed into the ECA rule paradigm. We especially focus on a high-level approach for specifying and analyzing composite event occurrences in timed automata. I. I NTRODUCTION Event-triggered real-time systems respond to occurrences of events by executing actions associated with the event occurrence. This behaviour is convenient to implement using event condition action (ECA) rules [1]. In the ECA rule paradigm, actions are executed as a response to an event occurrence if a specified condition is true. ECA rules are used to specify the behaviour of active databases, where the reactive capability is managed inside the active database management system instead of being spread among several applications [2]. The event part of ECA rules may be primitive or composite. A primitive event is an atomic occurrence while a composite event is a combination of primitive or composite events. The use of an active real-time database system (ARTDBS) such as DeeDS [3], makes it possible to implement event- triggered control applications that respond to sporadic event occurrences in a timely manner, as a set of ECA rules. Besides the benefit that applications can react to external events in a timely manner, the use of an ARTDBS adds facilities such as backward recovery, concurrency control and persistent storage of data about the controlled environment. One of the main disadvantages of ECA rules is the poor CASE-tool support for development activities specialized on ECA rule applications [2]. ECA rules is a low-level specifi- cation language and rules may depend on each other in many intricate ways, which makes it hard to predict what impact a change of a single rule has on the entire rule set. To facilitate the development and maintenance of active real-time applications, we propose a method which simplifies the analysis of ECA rule sets and allows us to verify their tem- poral correctness. The approach is to raise the abstraction level by specifying and analyzing systems in a formal specification which is later transformed into ECA rules. Our approach is similar to a compiler approach [4], however, starting from a formally verified specification including time constraints. The formal specification of our choice is timed automata, which are finite automata extended with a set of clocks [5]. Timed automata are designed to be a specification language for real-time systems and we propose a new method for how to specify and transform timed automata models to ECA rules. The timed automata specifications can be modelled and verified in the CASE tool UPPAAL [6]. The use of UPPAAL makes it possible to graphically simulate the behaviour of the model as well as automatically perform model checking and reachability analysis. One of the strengths of ECA rules is their ability to respond to sporadic event occurrences arriving in arbitrary order. This behaviour is not as straightforward to specify in timed automata as in ECA rules. We therefore propose timed automata operator patterns as a general solution for specifying and analyzing composite events that can capture sporadic event occurrences in timed automata. We believe that the use of operator patterns will facilitate development of timely active applications using an expressive rule language, especially if the patterns are integrated with some of the CASE tools available for timed automata. II. GENERATE ECA RULES As previously mentioned, there are several benefits of rais- ing the abstraction level and specifying reactive applications as timed automata instead of directly in ECA rules. Being able to rely on the correctness of transformations from the timed automata to corresponding ECA rules is crucial for the usefulness of this approach. Equally important is the ability to conveniently express reactive behaviour in the timed automata model. For reactive behaviours involving the monitoring of primitive event occurrences in deterministic environments, we have proposed [7] a method for transforming timed automata to rules: Entering an external state in the timed automaton is transformed to a primitive event occurrence in the rule base;