Presentation is loading. Please wait.

Presentation is loading. Please wait.

Compositional Refinement for Hierarchical Hybrid Systems

Published byCharles Giroux Modified over 5 years ago

Similar presentations

Presentation on theme: "Compositional Refinement for Hierarchical Hybrid Systems"— Presentation transcript:

1 Compositional Refinement for Hierarchical Hybrid Systems
Rajeev Alur, Insup Lee, Oleg Sokolsky University of Pennsylvania Radu Grosu SUNY Stony Brook

2 Outline Motivation Charon modeling lanaguage
Compositional semantics for Charon Refinement HSCC'01 4/5/2019

3 Motivation ? Verification of hybrid systems is very hard
Refinement – reasoning about change Refinement should be modular ? M M’ HSCC'01 4/5/2019

4 Motivation II ? ! Formal semantics to reason about refinement
Compositional semantics for modular reasoning ? M M’ M M’ ! HSCC'01 4/5/2019

5 Main results Modular semantics for a hierarchical modeling language for hybrid systems Semantics allows compositional refinement rules HSCC'01 4/5/2019

6 Related work Hybrid system specification languages
SHIFT Modelica Simulink/STATEFLOW Masaccio Compositional semantics (hybrid) reactive modules hierarchical reactive machines HSCC'01 4/5/2019

7 CHARON Language for hierarchical modeling of hybrid systems
Two kinds of hierarchy: architectural hierarchy concurrent components data flow behavioral hierarchy discrete control flow control laws HSCC'01 4/5/2019

8 CHARON Language Features
Individual components described as agents Composition, instantiation, and hiding Individual behaviors described as modes Encapsulation, instantiation, and scoping Support for concurrency Shared variables as well as message passing Support for discrete and continuous behavior Differential as well as algebraic constraints HSCC'01 4/5/2019

9 Syntax: modes and agents
local t, rate global level, infusion {t = 1} global level global infusion level { level[2,10] } {level = f(infusion)} Compute Emergency level[4,8] e x infusion t=10 de dx t:=0 level[2,10] dx de Maintain dx de {t<10} Normal Agent Controller Agent Tank Agents describe concurrency Modes describe sequential behavior Control flow between control points Group transitions describe exceptions HSCC'01 4/5/2019

10 Informal semantics Semantics of a component: interface set of traces
agent: global variables mode: global variables and control points set of traces level Controller Tank infusion level[4,8] de dx global level, infusion global level, infusion level[2,10] Normal Emergency dx de HSCC'01 4/5/2019

11 Traces 3 kinds of execution steps: continuous steps discrete steps
environment steps Continuous steps: take time all agents together Discrete steps: instantaneous interleaved HSCC'01 4/5/2019

12 System vs. environment: it’s a game
The choice between discrete and continuous steps is external to every component Chosen component completes the step before next one can be chosen Agent 1 Pass time Agent 2 HSCC'01 4/5/2019

13 Compositional step construction
Discrete step of a mode (macro-step) mode transitions discrete steps of submodes micro-steps de local t, rate, h global level, infusion Controller Normal dx Emergency level[4,8] de dx level[2,10] de dx HSCC'01 4/5/2019

14 Continuous steps: all in due time
Cannot let time pass at arbitrary moments: All modes need to be properly initialized All applicable constraints must be used { v1 = f(v2) } e1 { v1 = g(v2) } x1 x2 e2 v2:=0 M11 M21 M1 M2 HSCC'01 4/5/2019

15 Closure of a mode add default entry and exit transitions
manipulate history variable de local t, rate, h global level, infusion Controller h=Normal h := Emergency Normal dx Emergency h := Normal level[4,8] de dx level[2,10] h := Emergency de dx HSCC'01 4/5/2019

16 States and flows (c,s) valuations for a set of variables V: QV
state of a mode (c,s) control state: c is an entry or exit point data state: sQV flows for V: FV flow: differentiable function HSCC'01 4/5/2019

17 Steps of a mode Continuous steps set of flows for a given data state
Discrete steps set of macro-steps between two control points HSCC'01 4/5/2019

18 Executions and traces of modes
Mode execution: sequence of states i is one of: f, if and o, if , if , , and Trace: an execution restricted to global variables HSCC'01 4/5/2019

19 From agents to modes Modes define behavior of agents HSCC'01 4/5/2019

20 Executions and traces of agents
Agent execution: sequence of states i is one of: f, if and o, if , if , , and Trace: an execution restricted to global variables HSCC'01 4/5/2019

21 Executions and traces of agents
HSCC'01 4/5/2019

22 Refinement < Refinement is trace inclusion
Every trace of Normal is also a trace of Normal’ control points and global variables are the same transition guards and constraints are relaxed {t = 1} {t = 1} { level[2,10] } { level  10 } Compute Compute < e x e x de de t:=0 t:=0 t=10 t  10 dx de dx de Maintain Maintain dx dx {t<10} {t<10} Normal Normal’ HSCC'01 4/5/2019

23 Compositional Reasoning I
< G N N’ < M M’ N’ N < N < N M M M M’ Sub-mode refinement Context refinement HSCC'01 4/5/2019

24 Sub-mode refinement v Controller’ Normal’ Controller Normal Emergency
level[4,8] de dx level[2,10] dx de v Controller Normal Emergency level[4,8] de dx level[2,10] dx de HSCC'01 4/5/2019

25 Compositional reasoning II
parallel composition preserves refinement local t, rate global level, infusion Agent Controller’ global level global infusion level Normal’ Emergency level[4,8] {level = f(infusion)} de dx level[2,10] infusion Agent Tank dx de v local t, rate global level, infusion Agent Controller global level global infusion level Normal Emergency level[4,8] {level = f(infusion)} de dx level[2,10] infusion Agent Tank dx de HSCC'01 4/5/2019

26 Conclusions HSCC'01 4/5/2019

Download ppt "Compositional Refinement for Hierarchical Hybrid Systems"

Similar presentations

Embedded System, A Brief Introduction

Embedded System, A Brief Introduction
Efficient Reachability Analysis of Hierarchic Reactive Modules R. Alur, R.Grosu, M.McDougall University of Pennsylvania www.cis.upenn.edu/~alur,grosu,mmcdougall.

Efficient Reachability Analysis of Hierarchic Reactive Modules R. Alur, R.Grosu, M.McDougall University of Pennsylvania
Use trace algebra to formalize the YAPI model EE290N Spring2002 Alessandro Pinto Mentors: Roberto Passerone Jerry Burch.

Use trace algebra to formalize the YAPI model EE290N Spring2002 Alessandro Pinto Mentors: Roberto Passerone Jerry Burch.
Models of Concurrency Manna, Pnueli.

Models of Concurrency Manna, Pnueli.
Architecture Representation

Architecture Representation
STATEMATE A Working Environment for the Development of Complex Reactive Systems.

STATEMATE A Working Environment for the Development of Complex Reactive Systems.
Event structures Mauro Piccolo. Interleaving Models Trace Languages:  computation described through a non-deterministic choice between all sequential.

Event structures Mauro Piccolo. Interleaving Models Trace Languages:  computation described through a non-deterministic choice between all sequential.
CS 290C: Formal Models for Web Software Lecture 4: Implementing and Verifying Statecharts Specifications Using the Spin Model Checker Instructor: Tevfik.

CS 290C: Formal Models for Web Software Lecture 4: Implementing and Verifying Statecharts Specifications Using the Spin Model Checker Instructor: Tevfik.
Timed Automata.

Timed Automata.
1 It pays to be Persistent Dina Goldin, U.Mass/Boston (U.Conn) Joint work with Scott Smolka, SUNY at Stony Brook Peter Wegner, Brown University.

1 It pays to be Persistent Dina Goldin, U.Mass/Boston (U.Conn) Joint work with Scott Smolka, SUNY at Stony Brook Peter Wegner, Brown University.
Semantic Translation of Simulink/Stateflow Models to Hybrid Automata using Graph Transformations A. Agarwal, Gy. Simon, G. Karsai ISIS, Vanderbilt University.

Semantic Translation of Simulink/Stateflow Models to Hybrid Automata using Graph Transformations A. Agarwal, Gy. Simon, G. Karsai ISIS, Vanderbilt University.
Solutions to Review Questions. 4.1 Define object, class and instance. The UML Glossary gives these definitions: Object: an instance of a class. Class:

Solutions to Review Questions. 4.1 Define object, class and instance. The UML Glossary gives these definitions: Object: an instance of a class. Class:
Luca de Alfaro Thomas A. Henzinger Ranjit Jhala UC Berkeley Compositional Methods for Probabilistic Systems.

Luca de Alfaro Thomas A. Henzinger Ranjit Jhala UC Berkeley Compositional Methods for Probabilistic Systems.
Modular Specification of Hybrid Systems in CHARON R. Alur, R. Grosu, Y. Hur, V. Kumar, I. Lee University of Pennsylvania SDRL and GRASP.

Modular Specification of Hybrid Systems in CHARON R. Alur, R. Grosu, Y. Hur, V. Kumar, I. Lee University of Pennsylvania SDRL and GRASP.
Modeling and Verification of Embedded Software Rajeev Alur POPL Mentoring Workshop, Jan 2012 University of Pennsylvania.

Modeling and Verification of Embedded Software Rajeev Alur POPL Mentoring Workshop, Jan 2012 University of Pennsylvania.
Fault-Tolerant Real-Time Networks Tom Henzinger UC Berkeley MURI Kick-off Workshop Berkeley, May 2000.

Fault-Tolerant Real-Time Networks Tom Henzinger UC Berkeley MURI Kick-off Workshop Berkeley, May 2000.
System Design Research Lab University of Pennylvania 2/8/2006 CHARON modeling language.

System Design Research Lab University of Pennylvania 2/8/2006 CHARON modeling language.
DIVES: Design, Implementation and Validation of Embedded Software Alur, Kumar, Lee(PI), Pappas, Sokolsky GRASP/SDRL University of Pennsylvania www.cis.upenn.edu/mobies/

DIVES: Design, Implementation and Validation of Embedded Software Alur, Kumar, Lee(PI), Pappas, Sokolsky GRASP/SDRL University of Pennsylvania
IBM WebSphere survey Kristian Bisgaard Lassen. University of AarhusIBM WebSphere survey2 Tools  WebSphere Application Server Portal Studio Business Integration.

IBM WebSphere survey Kristian Bisgaard Lassen. University of AarhusIBM WebSphere survey2 Tools  WebSphere Application Server Portal Studio Business Integration.
SDRL and GRASP University of Pennsylvania 6/27/00 MoBIES 1 Design, Implementation, and Validation of Embedded Software (DIVES) Contract No. F33615-00-C-1707.

SDRL and GRASP University of Pennsylvania 6/27/00 MoBIES 1 Design, Implementation, and Validation of Embedded Software (DIVES) Contract No. F C-1707.

Similar presentations

Ads by Google