Compositional Refinement for Hierarchical Hybrid Systems

Slides:

Advertisements

Similar presentations

Embedded System, A Brief Introduction

Advertisements

Efficient Reachability Analysis of Hierarchic Reactive Modules R. Alur, R.Grosu, M.McDougall University of Pennsylvania

Use trace algebra to formalize the YAPI model EE290N Spring2002 Alessandro Pinto Mentors: Roberto Passerone Jerry Burch.

Models of Concurrency Manna, Pnueli.

Architecture Representation

STATEMATE A Working Environment for the Development of Complex Reactive Systems.

Event structures Mauro Piccolo. Interleaving Models Trace Languages:  computation described through a non-deterministic choice between all sequential.

CS 290C: Formal Models for Web Software Lecture 4: Implementing and Verifying Statecharts Specifications Using the Spin Model Checker Instructor: Tevfik.

Timed Automata.

1 It pays to be Persistent Dina Goldin, U.Mass/Boston (U.Conn) Joint work with Scott Smolka, SUNY at Stony Brook Peter Wegner, Brown University.

Semantic Translation of Simulink/Stateflow Models to Hybrid Automata using Graph Transformations A. Agarwal, Gy. Simon, G. Karsai ISIS, Vanderbilt University.

Solutions to Review Questions. 4.1 Define object, class and instance. The UML Glossary gives these definitions: Object: an instance of a class. Class:

Luca de Alfaro Thomas A. Henzinger Ranjit Jhala UC Berkeley Compositional Methods for Probabilistic Systems.

Modular Specification of Hybrid Systems in CHARON R. Alur, R. Grosu, Y. Hur, V. Kumar, I. Lee University of Pennsylvania SDRL and GRASP.

Modeling and Verification of Embedded Software Rajeev Alur POPL Mentoring Workshop, Jan 2012 University of Pennsylvania.

Fault-Tolerant Real-Time Networks Tom Henzinger UC Berkeley MURI Kick-off Workshop Berkeley, May 2000.

System Design Research Lab University of Pennylvania 2/8/2006 CHARON modeling language.

DIVES: Design, Implementation and Validation of Embedded Software Alur, Kumar, Lee(PI), Pappas, Sokolsky GRASP/SDRL University of Pennsylvania

IBM WebSphere survey Kristian Bisgaard Lassen. University of AarhusIBM WebSphere survey2 Tools  WebSphere Application Server Portal Studio Business Integration.

SDRL and GRASP University of Pennsylvania 6/27/00 MoBIES 1 Design, Implementation, and Validation of Embedded Software (DIVES) Contract No. F C-1707.

University of Pennsylvania 1 SDRL CHARON SDRL and GRASP University of Pennsylvania Funded by DARPA ITO.

6th Biennial Ptolemy Miniconference Berkeley, CA May 12, 2005 Operational Semantics of Hybrid Systems Haiyang Zheng and Edward A. Lee With contributions.

Review of “Embedded Software” by E.A. Lee Katherine Barrow Vladimir Jakobac.

Chess Review May 11, 2005 Berkeley, CA Operational Semantics of Hybrid Systems Haiyang Zheng and Edward A. Lee With contributions from the Ptolemy group.

Models of Computation for Embedded System Design Alvise Bonivento.

Tools for Formal Modeling And Verification: MOCHA, HeRMes, CHARON Rajeev Alur Systems Design Research Lab University of Pennsylvania

1 Ivan Lanese Computer Science Department University of Bologna Italy Concurrent and located synchronizations in π-calculus.

February 12, 2009 Center for Hybrid and Embedded Software Systems Model Transformation Using ERG Controller Thomas H. Feng.

System Design Research Laboratory Model-based Testing and Monitoring for Hybrid Embedded Systems Li Tan Jesung Kim Oleg Sokolsky Insup Lee University of.

DIVES Alur, Lee, Kumar, Pappas: University of Pennsylvania  Charon: high-level modeling language and a design environment reflecting the current state.

Tool Integration of Ptolemy II EE290N Class Project Haiyang Zheng May

Verification of Hierarchical Component-Based Designs in FRESCO Tom Henzinger, Marius Minea, Vinayak Prabhu.

Code Generation from CHARON Rajeev Alur, Yerang Hur, Franjo Ivancic, Jesung Kim, Insup Lee, and Oleg Sokolsky University of Pennsylvania.

1 System-Level Description Languages Andrew Mihal EE249 Fall 1999 Project Presentation 4 December 1999.

Lecture 6 Template Semantics CS6133 Fall 2011 Software Specification and Verification.

Advances in Language Design

Model-Based Design and Verification of Embedded Systems Radu Grosu SUNY at Stony Brook

Lecture 4 Finite State Machine CS6133 Software Specification and Verification.

Lecture 9: Chapter 9 Architectural Design

CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur

Advanced Topics in SE Spring Process Algebra Hossein Hojjat Formal Methods Lab University of Tehran.

Behavioral diagrams Lecture p4 T120B pavasario sem.

Automated Software Engineering with Concurrent Class Machines Radu Grosu SUNY at Stony Brook joint work with Y. Liu, S. Smolka, S.Stoller, J. Yan SUNY.

Documenting Software Architectures 1.Uses and Audiences for Architecture Documentation Architecture documentation serves as a means of education Architecture.

Lyra – A service-oriented and component-based method for the development of communicating systems (by Sari Leppänen, Nokia/NRC) Traditionally, the design,

Advanced Topics in Software Engineering Marjan Sirjani Tehran University Faculty of Engineering ECE Department Tehran,

System Design Research Lab University of Pennylvania 1/29/2002 CHARON modeling language.

Modular Refinement of Hierarchic Reactive Machines Rajeev Alur Radu Grosu University of Pennsylvania

CS3773 Software Engineering Lecture 06 UML State Machines.

1 Software Design Lecture What’s Design It’s a representation of something that is to be built. i.e. design  implementation.

Course: COMS-E6125 Professor: Gail E. Kaiser Student: Shanghao Li (sl2967)

1 Unified Modeling Language, Version 2.0 Chapter 2.

Review of Parnas’ Criteria for Decomposing Systems into Modules Zheng Wang, Yuan Zhang Michigan State University 04/19/2002.

Shared Variables Interaction Diagrams Radu Grosu State University of New York at Stony Brook joint work with Rajeev Alur University of Pennsylvania.

Safety-Liveness Semantics for UML 2.0 Sequence Diagrams Radu Grosu SUNY at Stony Brook Joint work with Scott A. Smolka.

CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur

Systems Analysis and Design With UML 2

Process Algebra (2IF45) Extending Process Algebra: Abstraction

Deadlock Freedom by Construction

State Machine Diagrams

Shanna-Shaye Forbes Ben Lickly Man-Kit Leung

Autonomous Cyber-Physical Systems: Synchronous Components: II

Logical architecture refinement

Component-Level Design

Multiple Aspect Modeling of the Synchronous Language Signal

Hybrid and Embedded Systems: Generalized Hybrid Systems

Model Transformation with the Ptera Controller

CHARON modeling language

Synthesizing Controllers for Multi-Lane Traffic Maneuvers

Algebraic Trace Theory

Presentation transcript:

Compositional Refinement for Hierarchical Hybrid Systems Rajeev Alur, Insup Lee, Oleg Sokolsky University of Pennsylvania Radu Grosu SUNY Stony Brook

Outline Motivation Charon modeling lanaguage Compositional semantics for Charon Refinement HSCC'01 4/5/2019

Motivation ? Verification of hybrid systems is very hard Refinement – reasoning about change Refinement should be modular ? M M’ HSCC'01 4/5/2019

Motivation II ? ! Formal semantics to reason about refinement Compositional semantics for modular reasoning ? M M’ M M’ ! HSCC'01 4/5/2019

Main results Modular semantics for a hierarchical modeling language for hybrid systems Semantics allows compositional refinement rules HSCC'01 4/5/2019

Related work Hybrid system specification languages SHIFT Modelica Simulink/STATEFLOW Masaccio Compositional semantics (hybrid) reactive modules hierarchical reactive machines HSCC'01 4/5/2019

CHARON Language for hierarchical modeling of hybrid systems Two kinds of hierarchy: architectural hierarchy concurrent components data flow behavioral hierarchy discrete control flow control laws HSCC'01 4/5/2019

CHARON Language Features Individual components described as agents Composition, instantiation, and hiding Individual behaviors described as modes Encapsulation, instantiation, and scoping Support for concurrency Shared variables as well as message passing Support for discrete and continuous behavior Differential as well as algebraic constraints HSCC'01 4/5/2019

Syntax: modes and agents local t, rate global level, infusion {t = 1} • global level global infusion level { level[2,10] } {level = f(infusion)} • Compute Emergency level[4,8] e x infusion t=10 de dx t:=0 level[2,10] dx de Maintain dx de {t<10} Normal Agent Controller Agent Tank Agents describe concurrency Modes describe sequential behavior Control flow between control points Group transitions describe exceptions HSCC'01 4/5/2019

Informal semantics Semantics of a component: interface set of traces agent: global variables mode: global variables and control points set of traces level Controller Tank infusion level[4,8] de dx global level, infusion global level, infusion level[2,10] Normal Emergency dx de HSCC'01 4/5/2019

Traces 3 kinds of execution steps: continuous steps discrete steps environment steps Continuous steps: take time all agents together Discrete steps: instantaneous interleaved HSCC'01 4/5/2019

System vs. environment: it’s a game The choice between discrete and continuous steps is external to every component Chosen component completes the step before next one can be chosen Agent 1 Pass time Agent 2 HSCC'01 4/5/2019

Compositional step construction Discrete step of a mode (macro-step) mode transitions discrete steps of submodes micro-steps de local t, rate, h global level, infusion Controller Normal dx Emergency level[4,8] de dx level[2,10] de dx HSCC'01 4/5/2019

Continuous steps: all in due time Cannot let time pass at arbitrary moments: All modes need to be properly initialized All applicable constraints must be used { v1 = f(v2) } • e1 { v1 = g(v2) } • x1 x2 e2 v2:=0 M11 M21 M1 M2 HSCC'01 4/5/2019

Closure of a mode add default entry and exit transitions manipulate history variable de local t, rate, h global level, infusion Controller h=Normal h := Emergency Normal dx Emergency h := Normal level[4,8] de dx level[2,10] h := Emergency de dx HSCC'01 4/5/2019

States and flows (c,s) valuations for a set of variables V: QV state of a mode (c,s) control state: c is an entry or exit point data state: sQV flows for V: FV flow: differentiable function HSCC'01 4/5/2019

Steps of a mode Continuous steps set of flows for a given data state Discrete steps set of macro-steps between two control points HSCC'01 4/5/2019

Executions and traces of modes Mode execution: sequence of states i is one of: f, if and o, if , if , , and Trace: an execution restricted to global variables HSCC'01 4/5/2019

From agents to modes Modes define behavior of agents HSCC'01 4/5/2019

Executions and traces of agents Agent execution: sequence of states i is one of: f, if and o, if , if , , and Trace: an execution restricted to global variables HSCC'01 4/5/2019

Executions and traces of agents HSCC'01 4/5/2019

Refinement < Refinement is trace inclusion Every trace of Normal is also a trace of Normal’ control points and global variables are the same transition guards and constraints are relaxed {t = 1} • {t = 1} • { level[2,10] } { level  10 } Compute Compute < e x e x de de t:=0 t:=0 t=10 t  10 dx de dx de Maintain Maintain dx dx {t<10} {t<10} Normal Normal’ HSCC'01 4/5/2019

Compositional Reasoning I < G N N’ < M M’ N’ N < N < N M M M M’ Sub-mode refinement Context refinement HSCC'01 4/5/2019

Sub-mode refinement v Controller’ Normal’ Controller Normal Emergency level[4,8] de dx level[2,10] dx de v Controller Normal Emergency level[4,8] de dx level[2,10] dx de HSCC'01 4/5/2019

Compositional reasoning II parallel composition preserves refinement local t, rate global level, infusion Agent Controller’ global level global infusion level Normal’ Emergency level[4,8] {level = f(infusion)} • de dx level[2,10] infusion Agent Tank dx de v local t, rate global level, infusion Agent Controller global level global infusion level Normal Emergency level[4,8] {level = f(infusion)} • de dx level[2,10] infusion Agent Tank dx de HSCC'01 4/5/2019

Conclusions HSCC'01 4/5/2019