Hybrid System Modeling: Operational Semantics Issues Edward A. Lee Professor UC Berkeley Center for Hybrid and embedded software systems OMG Technical.

Slides:



Advertisements
Similar presentations
Model Checker In-The-Loop Flavio Lerda, Edmund M. Clarke Computer Science Department Jim Kapinski, Bruce H. Krogh Electrical & Computer Engineering MURI.
Advertisements

The Operational Semantics of Hybrid Systems Edward A. Lee Professor, Chair of EE, and Associate Chair of EECS, UC Berkeley With contributions from: Adam.
Overview This project applies the tagged-signal model to explain the semantics of piecewise continuous signals. Then it illustrates an operational way.
Discrete Event Models: Getting the Semantics Right Edward A. Lee Robert S. Pepper Distinguished Professor Chair of EECS UC Berkeley With thanks to Xioajun.
Event Driven Real-Time Programming CHESS Review University of California, Berkeley, USA May 10, 2004 Arkadeb Ghosal Joint work with Marco A. Sanvido, Christoph.
Mobies Phase 1 UC Berkeley 1 Process-Based Software Components Mobies Phase 1, UC Berkeley Edward A. Lee and Tom Henzinger PI Meeting, New York July 24,
PTIDES: Programming Temporally Integrated Distributed Embedded Systems Yang Zhao, EECS, UC Berkeley Edward A. Lee, EECS, UC Berkeley Jie Liu, Microsoft.
Process-Based Software Components for Networked Embedded Systems Edward A. Lee, PI UC Berkeley Core Technical Team (Mobies, SEC, and GSRC): Christopher.
Berkeley, CA, March 12, 2002 Modal Models in Vehicle-Vehicle Coordination Control Xiaojun Liu The Ptolemy Group EECS Department, UC Berkeley.
Advanced Tool Architectures Supporting Interface-Based Design
Integrated Design and Analysis Tools for Software-Based Control Systems Shankar Sastry (PI) Tom Henzinger Edward Lee University of California, Berkeley.
NSF Foundations of Hybrid and Embedded Software Systems UC Berkeley: Chess Vanderbilt University: ISIS University of Memphis: MSI A New System Science.
Mobies Phase 1 UC Berkeley 1 Agenda 8:00-8:30 Continental breakfast 8:30-9:00 Overview of Mobies Phase 1 effort (Edward A. Lee) 9:00-9:40 Introduction.
7th Biennial Ptolemy Miniconference Berkeley, CA February 13, 2007 Leveraging Synchronous Language Principles for Hybrid System Models Haiyang Zheng and.
Department of Electrical Engineering and Computer Sciences University of California at Berkeley Behavioral Types for Actor-Oriented Design Edward A. Lee.
Behavioral Types as Interface Definitions for Concurrent Components Center for Hybrid and Embedded Software Systems Edward A. Lee Professor UC Berkeley.
Heterogeneous Modeling and Design in Ptolemy II Johan Eker UC Berkeley with material courtesy of Edward Lee and the Ptolemy group ECE Seminar Series, Carnegie.
Mobies Phase 1 UC Berkeley 1 Process-Based Software Components Mobies Phase 1, UC Berkeley Edward A. Lee and Tom Henzinger (with contributions from Steve.
Are “Embedded Systems" Just Systems Made with Small Computers? Chess: Center for Hybrid and Embedded Software Systems Invited Talk Artist International.
6th Biennial Ptolemy Miniconference Berkeley, CA May 12, 2005 Operational Semantics of Hybrid Systems Haiyang Zheng and Edward A. Lee With contributions.
Review of “Embedded Software” by E.A. Lee Katherine Barrow Vladimir Jakobac.
FunState – An Internal Design Representation for Codesign A model that enables representations of different types of system components. Mixture of functional.
Chess Review May 11, 2005 Berkeley, CA Operational Semantics of Hybrid Systems Haiyang Zheng and Edward A. Lee With contributions from the Ptolemy group.
Mixing Models of Computation Jie Liu Palo Alto Research Center (PARC) 3333 Coyote Hill Rd., Palo Alto, CA joint work with Prof. Edward.
Design of Fault Tolerant Data Flow in Ptolemy II Mark McKelvin EE290 N, Fall 2004 Final Project.
Models of Computation for Embedded System Design Alvise Bonivento.
Discrete Event Models: Getting the Semantics Right Edward A. Lee Robert S. Pepper Distinguished Professor Chair of EECS UC Berkeley With special thanks.
MoBIES PI-Meeting, July 2001, Jackson Hole Controller Design Using Multiple Models of Computation Edward Lee Johan Eker with thanks to Paul Griffiths,
NSF Foundations of Hybrid and Embedded Software Systems UC Berkeley: Chess Vanderbilt University: ISIS University of Memphis: MSI A New System Science.
Ptolemy Miniconference May 9, 2003 Berkeley, CA Ptolemy Project Plans for the Future Edward A. Lee Professor Ptolemy Project Director.
SEC PI Meeting Annapolis, May 8-9, 2001 Component-Based Design of Embedded Control Systems Edward A. Lee & Jie Liu UC Berkeley with thanks to the entire.
Department of Electrical Engineering and Computer Sciences University of California at Berkeley Concurrent Component Patterns, Models of Computation, and.
MoBIES Working group meeting, September 2001, Dearborn Ptolemy II The automotive challenge problems version 4.1 Johan Eker Edward Lee with thanks.
7th Biennial Ptolemy Miniconference Berkeley, CA February 13, 2007 PTIDES: A Programming Model for Time- Synchronized Distributed Real-time Systems Yang.
Designing Predictable and Robust Systems Tom Henzinger UC Berkeley and EPFL.
Testing and Monitoring at Penn An Integrated Framework for Validating Model-based Embedded Software Li Tan University of Pennsylvania September, 2003.
Tool Integration of Ptolemy II EE290N Class Project Haiyang Zheng May
Panel: What Comes After C++ in System-Level Specification Edward Lee UC Berkeley Forum on Design Languages Workshop on System Specification & Design Languages.
5 th Biennial Ptolemy Miniconference Berkeley, CA, May 9, 2003 MESCAL Application Modeling and Mapping: Warpath Andrew Mihal and the MESCAL team UC Berkeley.
MOBIES Project Progress Report Engine Throttle Controller Design Using Multiple Models of Computation Edward Lee Haiyang Zheng with thanks to Ptolemy Group.
NSF Foundations of Hybrid and Embedded Software Systems UC Berkeley: Chess Vanderbilt University: ISIS University of Memphis: MSI Program Review May 10,
Real-Time System Requirements & Design Specs Shaw - Chapters 3 & 4 Homework #2: 3.3.1, 3.4.1, Add Error states to Fig 4.1 Lecture 4/17.
Department of Electrical Engineering and Computer Sciences University of California at Berkeley The Ptolemy II Framework for Visual Languages Xiaojun Liu.
Operational Semantics of Hybrid Systems Edward A. Lee and Haiyang Zheng With contributions from: Adam Cataldo, Jie Liu, Xiaojun Liu, Eleftherios Matsikoudis.
Code Generation from CHARON Rajeev Alur, Yerang Hur, Franjo Ivancic, Jesung Kim, Insup Lee, and Oleg Sokolsky University of Pennsylvania.
02/06/05 “Investigating a Finite–State Machine Notation for Discrete–Event Systems” Nikolay Stoimenov.
Cheng/Dillon-Software Engineering: Formal Methods Model Checking.
Timed UML State Machines Ognyana Hristova Tutor: Priv.-Doz. Dr. Thomas Noll June, 2007.
ECE 720T5 Winter 2014 Cyber-Physical Systems Rodolfo Pellizzoni.
Composing Models of Computation in Kepler/Ptolemy II
Benjamin Gamble. What is Time?  Can mean many different things to a computer Dynamic Equation Variable System State 2.
CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur
Hybrid Systems Concurrent Models of Computation EEN 417 Fall 2013.
- 1 - Embedded Systems - SDL Some general properties of languages 1. Synchronous vs. asynchronous languages Description of several processes in many languages.
CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur
Ch. 2. Specification and Modeling 2.1 Requirements Describe requirements and approaches for specifying and modeling embedded systems. Specification for.
C. André, J. Boucaron, A. Coadou, J. DeAntoni,
Design Languages in 2010 Chess: Center for Hybrid and Embedded Software Systems Edward A. Lee Professor UC Berkeley Panel Position Statement Forum on Design.
What’s Ahead for Embedded Software? (Wed) Gilsoo Kim
CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur
Software Systems Verification and Validation Laboratory Assignment 4 Model checking Assignment date: Lab 4 Delivery date: Lab 4, 5.
CS 5991 Presentation Ptolemy: A Framework For Simulating and Prototyping Heterogeneous Systems.
T imed Languages for Embedded Software Ethan Jackson Advisor: Dr. Janos Szitpanovits Institute for Software Integrated Systems Vanderbilt University.
CPE555A: Real-Time Embedded Systems
Event Relation Graphs and Extensions in Ptolemy II
Shanna-Shaye Forbes Ben Lickly Man-Kit Leung
Retargetable Model-Based Code Generation in Ptolemy II
Concurrent Models of Computation for Embedded Software
Embedded Systems: A Focus on Time
Hybrid and Embedded Systems: Generalized Hybrid Systems
Presentation transcript:

Hybrid System Modeling: Operational Semantics Issues Edward A. Lee Professor UC Berkeley Center for Hybrid and embedded software systems OMG Technical Meeting Feb. 4, 2004 Anaheim, CA, USA Special thanks to Jie Liu, Xiaojun Liu, Steve Neuendorffer, and Haiyang Zheng.

Lee, UC Berkeley 2 Abstract Chess, the Berkeley Center for Hybrid and Embedded Software Systems, has been studying the representation and execution of hybrid systems models. These models combine the discrete events of conventional software systems with the continuous dynamics of the physical world. Part of this effort has been an interaction with the DARPA MoBIES project (Model-Based Integration of Embedded Software), which has recently drafted a proposed "standard" for hybrid systems representation called HSIF, Hybrid System Interchange Format. In this presentation, I will be describe the issues that arise in the semantics of executable hybrid systems models. Fundamentally, computer systems are not capable of precise execution of hybrid system models because they cannot precisely realize the continuous dynamics. However, reasonable approximations are available, using for example numerical solvers for ordinary differential equations. However, these approximation techniques do not address the issues peculiar to hybrid systems, where discrete events can realize discontinuous behaviors in these ODEs. In this talk, I will outline the issues and how they have been addressed in Chess.

Lee, UC Berkeley 3 Focus on Hybrid & Embedded Software Systems Computational systems but not first-and-foremost a computer Integrated with physical processes sensors, actuators Reactive at the speed of the environment Heterogeneous hardware/software, mixed architectures Networked adaptive software, shared data, resource discovery

Lee, UC Berkeley 4 Model-Based Design Recall from the Previous talk: Model-based design is specification of designs in platforms with “useful modeling properties.”

Lee, UC Berkeley 5 “Useful Modeling Properties” for Embedded Systems Example: Control systems: Continuous dynamics Stability analysis

Lee, UC Berkeley 6 Discretized Model A Small Step Towards Software Numerical integration techniques provided sophisticated ways to get from the continuous idealizations to computable algorithms. Discrete-time signal processing techniques offer the same sophisticated stability analysis as continuous-time methods. But it’s not accurate for software controllers

Lee, UC Berkeley 7 Hybrid Systems – A Bigger Step Towards Software Combine: finite-state automata classical models of continuous or discrete-time dynamics

Lee, UC Berkeley 8 Actor-Oriented Platforms Recall from the Previous talk: Actor oriented models compose concurrent components according to a model of computation.

Lee, UC Berkeley 9 Ptolemy II – Our Laboratory Ptolemy II: Our current framework for experimentation with actor-oriented design, concurrent semantics, visual syntaxes, and hierarchical, heterogeneous design. Hierarchical component modal model dataflow controller example Ptolemy II model: hybrid control system

Lee, UC Berkeley 10 HyVisual – Hybrid System Modeling Tool Based on Ptolemy II HyVisual was first released in January 2003.

Lee, UC Berkeley 11 Operational Semantics of Hybrid Systems (How to Build Simulators) If you are going to rely on simulation results, then you need an operational semantics. Hybrid system semantics tend to be denotational. A simulator cannot ignore nondeterminism. It is incorrect to choose one trajectory. Creating deterministic models must be easy. Nondeterministic models must be explored either exhaustively or using Monte Carlo methods. Must avoid unnecessary nondeterminism. Should not use continuous-time models to represent discrete behaviors. Inaccurate for software. Heterogeneous models are better.

Lee, UC Berkeley 12 View Hybrid Systems as Networks of Automata The key question becomes: What is the semantics for the interaction between automata?

Lee, UC Berkeley 13 Many Interaction Semantics Between Automata Have Been Tried Asynchronous Promela (specification language for Spin) SDL Ptolemy II (PN+FSM, DE+FSM) Synchronous w/ fixed point Esterel Simulink Ptolemy II (SR+FSM) Synchronous w/out fixed point Statecharts Giotto Ptolemy II (SDF+FSM) Continuous time Simulink + Stateflow Ptolemy II (CT+FSM) Discrete time Teja

Lee, UC Berkeley 14 Context of the Discussion DARPA/MoBIES Effort to Standardize: Hybrid System Interchange Format: HSIF HSIF allows modeling of Networks of Hybrid Automata Automata interact via signals (synchronous semantics) and global variables (unrestricted) example from Gabor Karsai, Vanderbilt

Lee, UC Berkeley 15 Some Semantics Questions What automata can be expressed? nondeterministic, guard expression language, actions, … How are transitions in distinct automata coordinated? synchronous, time-driven, event-driven, dataflow, … can outputs and updates be separated? What can automata communicate? messages, events, triggers How is communication carried out? synchronous, rendezvous, buffered, lossy, … How are continuous variables shared? global name space, scoping, mutual exclusion, … What is the meaning of directed cycles? fixed point, error, infinite loop, … What is the meaning of simultaneous events? secondary orderings, such as data precedences, priorities, …

Lee, UC Berkeley 16 Modeling continuous dynamics using Initial Value Ordinary Differential Equations: fg x u y Interaction Between ODE Solvers and State Machine Dynamics

Lee, UC Berkeley 17 ODE Solvers Numerical solution of the ODE on discrete time points. Implementing ODE solvers by token passing Evaluate f and g by firing a sorted sequence of components. t t0t0 t1t1 t2t2 t3t3 tsts f2f2 g1g1 x u f1f1 f3f3 g2g2... Step sizes are dynamically determined!

Lee, UC Berkeley 18 Executing Discrete Event Systems Global notion of time event = (time_tag, data_token) Event-driven execution Global event queue, sorting events in their chronological order Components are causal Components can schedule “refires” by producing pure events. B CA

Lee, UC Berkeley 19 Mixing The Two Means Dealing with Events In Continuous-Time Signals Breakpoint Handling: Predictable Breakpoints: known beforehand. Register to a Breakpoint Table in advance. Use breakpoints to adjust step sizes. Unpredictable Breakpoints: Prediction is not accurate enough. Check after each integration step. Refine the last step size if a breakpoint is missed.

Lee, UC Berkeley 20 Transitions of an FSM Are Discrete Events In continuous-time models, Ptolemy II can use event detectors to identify the precise time at which an event occurs: Semantics of transitions: can either enable a mode change or trigger a mode change. Under enabling: deterministic model becomes nondeterministic if simulator takes steps that are too large. Also under enabling: invariants may be violated due to failure to take mode transitions on time.

Lee, UC Berkeley 21 Can yield values that are conceptually impossible in the model, purely as an artifact of the chosen step size. Guards Enabling Transitions is the Wrong Answer! In this example, overshoot violates invariants Timer used in Pump Temperature

Lee, UC Berkeley 22 Simultaneous Events: The Order of Execution Question Given an event from the event source, which of these should react first? Nondeterministic? Data precedences? Simulink/Stateflow and the Ptolemy II CT domain declare this to be deterministic, based on data precedences. Actor1 executes before Actor2. Many formal hybrid systems languages (with a focus on verification) declare this to be nondeterministic.

Lee, UC Berkeley 23 Non-Deterministic Interaction is the Wrong Answer turn one trigger into N, where N is the number of actors encode the desired sequence as an automaton that produces a schedule embellish the guards with conditions on the schedule An attempt to achieve deterministic execution by making the scheduling explicit shows that this is far too difficult to do. broadcast the schedule

Lee, UC Berkeley 24 OTOH: Nondeterminism is Easily Added in a Deterministic Modeling Framework At a time when the event source yields a positive number, both transitions are enabled. Although this can be done in principle, Ptolemy II does not support this sort of nondeterminism. What execution trace should it give?

Lee, UC Berkeley 25 Nondeterministic Ordering In favor Physical systems have no true simultaneity Simultaneity in a model is artifact Nondeterminism reflects this physical reality Against It surprises the designer counters intuition about causality It is hard to get determinism determinism is often desired (to get repeatability) Getting the desired nondeterminism is easy build on deterministic ordering with nondeterministic FSMs Writing simulators that are trustworthy is difficult It is incorrect to just pick one possible behavior!

Lee, UC Berkeley 26 More Semantics Questions: How to Get Predictable Execution Discontinuous signals must have zero transition times. Precise transition times. Accurate model of Zeno conditions. Avoid unnecessary nondeterminism. Discrete signals should have values only at discrete times Accurately heterogeneous model (vs. continuous approximation) Sampling of discontinuous signals must be well-defined. Avoid unnecessary nondeterminism. Transient states must be active for zero time. Properly represent glitches.

Lee, UC Berkeley 27 Discontinuous Signals Timed automaton generating a piecewise constant signal. Correct output: RK 2-3 variable-step solver and breakpoint solver determine sample times: Incorrect output: Discontinuous signals must predictably have multiple values at the time of the discontinuity. Note two values at the same time:

Lee, UC Berkeley 28 Sampling Discontinuous Signals Samples must be deterministically taken at t- or t+. Our choice is t-, inspired by hardware setup times. Note that in Ptolemy II, unlike Simulink, discrete signals have no value except at discrete points. Continuous signal with sample times chosen by the solver: Discrete result of sampling:

Lee, UC Berkeley 29 Transient States and Glitches If an outgoing guard is true upon entering a state, then the time spent in that state is identically zero. This can create glitches.

Lee, UC Berkeley 30 Status of HSIF: Limited Tool Interchange CHARON HSIF SALPtolemySimulink/SflowCheckmate Export:Import: Partial: GME/HSIF U Penn SRI UC Berkeley VU/ISISVU/ISIS CMU VU/ISIS Teja Planned: UC Berkeley courtesy of Gabor Karsai, Vanderbilt

Lee, UC Berkeley 31 Personal Experience with HSIF Models exchanged between the tools had limited value: Imported models had enough translation applied that little intuition remained about the model. Exporting models is only practical if the exporting framework exactly matches the HSIF semantics. Hybrid systems don’t solve the whole problem anyway. More work is needed…

Lee, UC Berkeley 32 Caveat: Hybrid Systems are Not the Only Useful Continuous/Discrete Mixture An example, due to Jie Liu, has two controllers sharing a CPU under an RTOS. Under preemptive multitasking, only one can be made stable (depending on the relative priorities). Under non- preemptive multitasking, both can be made stable. Hybrid systems theory does not deal well with this. Modeling multitasking with hybrid systems is extremely awkward.

Lee, UC Berkeley 33 Alternatives Give Clean Temporal Semantics to Software: e.g. Giotto t+10ms ttt+5ms Higher frequency Task Lower frequency task: Giotto compiler targets the E Machine/S Machine Created by Tom Henzinger and colleagues Giotto model of computation also implemented in Ptolemy II Giotto – Periodic Hard-Real-Time Tasks with Precise Mode Changes. Deterministic task interaction.

Lee, UC Berkeley 34 Giotto with a Visual Syntax hierarchical modes tasks defined using another MoC The Giotto Director in Ptolemy II gives the diagram Giotto semantics.

Lee, UC Berkeley 35 Design Pattern: Periodic/Time-Driven Inside Continuous Time Giotto director indicates a new model of computation. Domain-polymorphic component. Domains can be nested and mixed.

Lee, UC Berkeley 36 Nesting Giotto With State Machine for Modeling Faults Periodic, time-driven tasks Modes (normal & faulty) Controller task

Lee, UC Berkeley 37 Simulink With Real-Time Workshop Has Similar Semantics continuous time discrete actors are logically instantaneous separation of output/update methods to support algebraic loops, integration, and zero- crossing detection output method invoked many times multitasking mode for periodic discrete-time tasks. multitasking mode requires Giotto-like delayed output commit image from Writing S-Functions, version 4, The MathWorks

Lee, UC Berkeley 38 Conclusion Modeling hybrid systems correctly is subtle There are other formalisms for discrete/continuous mixtures Standardization will be challenging see

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.