Modular Specification of Hybrid Systems in CHARON R. Alur, R. Grosu, Y. Hur, V. Kumar, I. Lee University of Pennsylvania SDRL and GRASP

Software Framework for the Deployment of Multiple Robots 1. High-level modeling language - platform independent –hierarchical and modular –specify modes and constraints –hierarchical and sequential composition of modes –parallel composition of agents

Software Framework for the Deployment of Multiple Robots 2. Tools for design, programming, and analysis –simulation and execution –analysis and optimization –automated generation of code 3. Demonstrate on multiple coordinating robots

Challenges in Coordinating Multiple Robots Large number of modes –Individual modes are well understood, but not their interaction. Software design –modes are designed bottom up. –coordination protocols are traditionally designed top down.

Charon Framework Architecture CHARON Code (High level language) Java Code Charon to Java Translator Control Code Generator Java Libraries Human Interface Analysis Simulator Code Generator Drivers

Charon Language Individual components described as agents –Composition, Instantiation, and Hiding Individual behaviors described as modes –Encapsulation, Instantiation, and Scoping Support for concurrency –Shared variables as well as message passing Support for discrete and continuous behavior Well-defined formal semantics

Robot Team Approaching a Target T

Architectural Hierarchy Robots Monitor pos 1 pos 2 write diff analog position pos 1, pos 2 class position { float x; float y;} Variables Specifiers Range: discrete/analog Computation: diff/alg Access: read/write/local

Architectural Hierarchy Robot 1 Robots Robot 2 pos 1 pos 2 r1Est 1 r1Est 2 r2Est 1 r2Est 2 Robots Monitor pos 1 pos 2

Behavioral Hierarchy pos r2Est 1 r2Est 2 r1Est 1 r1Est 2 Robot 1 dTimer timer = 1. local diff analog timer awTarget dPlan iAway atTarget dStop iAt arrive pos = target moving dSteer aOmega iFreq sensing dStop iConst sense move arrive timer/updateFreq = 0 omega = k * (theta – phi) pos.x = v * cos(phi) pos.y = v * sin(phi)..

Related Work Hybrid automata [ACH+95] Analysis, model checkers HyTech [AHH96, HHW95] No compositional models, no hierarchy I/O automata [LSVW96] and Hybrid Modules [AH97] Compositional models No behavioral hierarchy SHIFT [DGS97] and HyCharts [GSB98] Allow hierarchic specification of hybrid behavior No concern for modular simulation UML [BJR97]and (hybrid) Statecharts [Har87] Hierarchical but not modular Stateflow Hierchic specification but only for dynamic behavior Charon is a modeling language for hybrid systems reflecting the current state of the art both in formal and object oriented methods (UML)

Modular Simulation Goal –Simulation is efficient and accurate –Integration of modes at different time scales –Integration of agents at different time scales Modes are simulated using local information –Submodes are regarded as black-boxes –Submodes are simulated independently of other ones Agents are simulated using local information –Agents are regarded as black-boxes –Agents are simulated independently of other ones

The Simulator time Agents A1 A2 A3 1.Pick up the agents with minimum and second minimum reached time. t 2. Compute the time round interval  for the minimum agent, such that its absolute time may exceed with at most dt the time reached by the second one  t+dt 3. The agent executes a time round. This ends before  if the invariants of the agent were violated. Then, an actual time increment would be .  4. The agent executes an update round to synchronize the discrete variables with the analog ones. 5. The state of the agent get visible to other agents

Time Round of a Mode (Agent) x. y. z. 2. While (time t = 0; t <=  do: 3. Return s and  - Increment t = t+ . 1. Get integration time  and invariants from the supermode (or the scheduler). , xInv - Predict integration step dt based on  and the invariants. dt, - Execute time round of the active submode and get state s and time elapsed . , s z - Simplify all invariants. yInv - Return s and t+  if invariants were violated. t , - Integrate for time  and get new state s. sysy

atTarget arrive sensemove moving sensing awTarget Innermost transitions have higher priority Default transitions are taken if all other transitions are disabled Group transitions start at the default exit points Transitions to history are transitions to the default entry point Update Round of a Mode (Agent)

Hyst Env u Hysteresis Example inc dX 1 dec dX 1 dec inc strMinus dY iStrM aStrM s2u u2p up dY iUp aUp strPlus dY iStrP aStrP x 1 = u. y = 2u x 1 < a x 2 = -1. a a+2-a -(a+2) 1

Global vs Modular Simulation

Modular Simulation Error

Work to date –CHARON semantics –Parser for CHARON –Internal representation Current work –Type checker –Modular simulation scheme –Internal representation generator Current Implementation Status CHARON Parser Simulator Generator Simulator Generator Control Code Generator Control Code Generator Model Checker Syntax Tree Internal Representation Generator Type Checker Type Checker Internal Representation CHARON Specification

Ongoing Research Distributed simulation Accurate event detection And modes and And/Or hierarchies Exploiting the hierarchy in model checking

Wrap-Up Charon is a language for embedded systems reflecting the current state of the art both in formal and object oriented methods (UML) Its explicit support for a mixed visual/textual notation should improve communication among the various communities involved in an embedded system project.