From Hybrid Data-Flow Languages to Hybrid Automata: A Complete Translation
Size: px
Start display at page:

Download "From Hybrid Data-Flow Languages to Hybrid Automata: A Complete Translation"

Transcription

1 From Hybrid Data-Flow Languages to Hybrid Automata: A Complete Translation Peter Schrammel peter.schrammel@inria.fr (joint work with Bertrand Jeannet) INRIA Grenoble Rhône-Alpes INRIA large-scale initiative Synchronics Schrammel and Jeannet (INRIA) From Hybrid Data-Flow to Hybrid Automata 1 / 29

2 Introduction Motivation Motivation: Verification of safety properties Synchronous program + physical environment = hybrid system synchronous program physical environment Schrammel and Jeannet (INRIA) From Hybrid Data-Flow to Hybrid Automata 2 / 29

3 Introduction Motivation Motivation: Verification of safety properties Synchronous program + physical environment = hybrid system synchronous program physical environment Invariance properties checked by reachability analysis init safe unsafe Schrammel and Jeannet (INRIA) From Hybrid Data-Flow to Hybrid Automata 2 / 29

4 Introduction Motivation Motivation: Verification of safety properties Synchronous program + physical environment = hybrid system synchronous program physical environment Invariance properties checked by reachability analysis init safe unsafe Schrammel and Jeannet (INRIA) From Hybrid Data-Flow to Hybrid Automata 2 / 29

5 Introduction Motivation Motivation: Verification of safety properties Synchronous program + physical environment = hybrid system synchronous program physical environment Invariance properties checked by reachability analysis init safe unsafe Schrammel and Jeannet (INRIA) From Hybrid Data-Flow to Hybrid Automata 2 / 29

6 Introduction Motivation Motivation: Verification of safety properties Synchronous program + physical environment = hybrid system synchronous program physical environment Invariance properties checked by reachability analysis init safe unsafe Schrammel and Jeannet (INRIA) From Hybrid Data-Flow to Hybrid Automata 2 / 29

7 Introduction Motivation Hybrid Systems Specification Simulation Languages Simulink, Modelica, Zelus (Benveniste, Bourke, Caillaud, Pouzet 2011) Purpose: Features: modelling, implementation and simulation Modularity, hierarchy, data-flow or equational syntax Discrete transitions triggered by the activation of zero-crossings: z(x(t)) up(z) 0 t Schrammel and Jeannet (INRIA) From Hybrid Data-Flow to Hybrid Automata 3 / 29

8 Introduction Motivation Hybrid Systems Specification Simulation Languages Simulink, Modelica, Zelus (Benveniste, Bourke, Caillaud, Pouzet 2011) Purpose: Features: modelling, implementation and simulation Modularity, hierarchy, data-flow or equational syntax Discrete transitions triggered by the activation of zero-crossings integration step discrete step initialization numerical solver zero-crossing detected discrete program no more discrete steps Schrammel and Jeannet (INRIA) From Hybrid Data-Flow to Hybrid Automata 3 / 29

9 Introduction Motivation Hybrid Systems Specification Simulation Languages Simulink, Modelica, Zelus (Benveniste, Bourke, Caillaud, Pouzet 2011) Purpose: Features: Modelling, implementation and simulation Modularity, hierarchy, data-flow or equational syntax Discrete transitions triggered by the activation of zero-crossings Hybrid Automata (Alur et al 1993) Purpose: Features: Verification Non-deterministic semantics Transitions governed by staying conditions and guards 0 x 20 1 ẋ 2 x 10 Schrammel and Jeannet (INRIA) From Hybrid Data-Flow to Hybrid Automata 3 / 29

10 Introduction Motivation Conceptual Mismatch simulation languages hybrid automata syntax equation-based automata-based discrete transition activation system zero-crossings deterministic, open with inputs staying conditions and guards non-deterministic, closed Zelus and Stateflow also allow automata-based specifications. Schrammel and Jeannet (INRIA) From Hybrid Data-Flow to Hybrid Automata 4 / 29

11 Introduction Motivation Goals Formalize translation from hybrid data-flow formalism to hybrid automata Special topic: Translation of zero-crossings Application: Verification of reactive systems in their environment large discrete state space translation to logico-numerical hybrid automata Source language more expressive than destination language: translation is a sound over-approximation (inclusion of sets of execution traces) Schrammel and Jeannet (INRIA) From Hybrid Data-Flow to Hybrid Automata 5 / 29

12 Introduction Related Work Outline 1 Introduction Motivation Related Work 2 Hybrid Data-Flow Model 3 Logico-Numerical Hybrid Automata 4 Semantics of Zero-Crossings 5 Translation Translation of Continuous Zero-Crossings Translation of Discrete Zero-Crossings Complete Translation 6 Conclusion Schrammel and Jeannet (INRIA) From Hybrid Data-Flow to Hybrid Automata 6 / 29

13 Introduction Related Work Outline 1 Introduction Motivation Related Work 2 Hybrid Data-Flow Model 3 Logico-Numerical Hybrid Automata 4 Semantics of Zero-Crossings 5 Translation Translation of Continuous Zero-Crossings Translation of Discrete Zero-Crossings Complete Translation 6 Conclusion Schrammel and Jeannet (INRIA) From Hybrid Data-Flow to Hybrid Automata 7 / 29

14 Introduction Related Work Related Work Translations from Simulink to hybrid automata Agrawal, Simon and Karsai 2004 for verification Alur, Kanade, Ramesh and Shashidhar 2008: for improvement of simulation coverage Manamcheri, Mitra, Bak and Caccamo 2011: tool HyLink for verification and controller synthesis Restrictions: Stateflow diagrams for discrete behavior No zero-crossings No soundness property Schrammel and Jeannet (INRIA) From Hybrid Data-Flow to Hybrid Automata 8 / 29

15 Introduction Related Work Related Work Verification of hybrid systems with large discrete state space Briand and Jeannet 2010: Analysis of a language Lustre + differential equations Kind of logico-numerical hybrid automata Do not use standard semantics of hybrid automata Other work Tripakis, Sofronis, Caspi and Curic 2005: Discrete-time Simulink to Lustre Najafi and Nikoukhah 2007: Embedding of hybrid automata in Scicos Schrammel and Jeannet (INRIA) From Hybrid Data-Flow to Hybrid Automata 9 / 29

16 Hybrid Data-Flow Model Outline 1 Introduction Motivation Related Work 2 Hybrid Data-Flow Model 3 Logico-Numerical Hybrid Automata 4 Semantics of Zero-Crossings 5 Translation Translation of Continuous Zero-Crossings Translation of Discrete Zero-Crossings Complete Translation 6 Conclusion Schrammel and Jeannet (INRIA) From Hybrid Data-Flow to Hybrid Automata 10 / 29

17 Hybrid Data-Flow Model Zelus Lucid Synchrone + differential equations Synchronous program with zero-crossings as base clock Exact, mathematical semantics Independent of integration method and numerical issues Common basis for simulation, code-generation and verification Example: Thermostat system let node main xi eps = x where assert 0<=xi && xi<=30 && -0.1<=eps && eps<=0.1; and der x = if on then xi-x+22 else xi-x init xi and on = (xi<=19) -> true every up(18-x+eps) false every up(x-20) x Schrammel and Jeannet (INRIA) From Hybrid Data-Flow to Hybrid Automata 11 / 29 t

18 Hybrid Data-Flow Model Hybrid Data-Flow Model I(s) A(s,i) { e(s,i) if ϕ(b) else ẋ 1 = { s 1 = Φ(s,i) if ϕ Z (s,i) else... Schrammel and Jeannet (INRIA) From Hybrid Data-Flow to Hybrid Automata 12 / 29

19 Hybrid Data-Flow Model Hybrid Data-Flow Model initial states I(s) A(s,i) { e(s,i) if ϕ(b) else ẋ 1 = { s 1 = Φ(s,i) if ϕ Z (s,i) else... Schrammel and Jeannet (INRIA) From Hybrid Data-Flow to Hybrid Automata 12 / 29

20 Hybrid Data-Flow Model Hybrid Data-Flow Model initial states I(s) A(s,i) b x «discrete vars continuous vars { e(s,i) if ϕ(b) else ẋ 1 = { s 1 = Φ(s,i) if ϕ Z (s,i) else... Schrammel and Jeannet (INRIA) From Hybrid Data-Flow to Hybrid Automata 12 / 29

21 Hybrid Data-Flow Model Hybrid Data-Flow Model initial states assertion I(s) A(s,i) b x «discrete vars continuous vars { e(s,i) if ϕ(b) else ẋ 1 = { s 1 = Φ(s,i) if ϕ Z (s,i) else... Schrammel and Jeannet (INRIA) From Hybrid Data-Flow to Hybrid Automata 12 / 29

22 Hybrid Data-Flow Model Hybrid Data-Flow Model initial states assertion input vars I(s) A(s,i) b x «discrete vars continuous vars { e(s,i) if ϕ(b) else ẋ 1 = { s 1 = Φ(s,i) if ϕ Z (s,i) else... Schrammel and Jeannet (INRIA) From Hybrid Data-Flow to Hybrid Automata 12 / 29

23 Hybrid Data-Flow Model Hybrid Data-Flow Model initial states assertion input vars I(s) A(s,i) b x «discrete vars continuous vars { e(s,i) if ϕ(b) else ẋ 1 = { s 1 = Φ(s,i) if ϕ Z (s,i) else... differential equations Schrammel and Jeannet (INRIA) From Hybrid Data-Flow to Hybrid Automata 12 / 29

24 Hybrid Data-Flow Model Hybrid Data-Flow Model initial states assertion input vars I(s) A(s,i) b x «discrete vars continuous vars { e(s,i) if ϕ(b) else ẋ 1 = { s 1 = Φ(s,i) if ϕ Z (s,i) else... differential equations discrete transitions Schrammel and Jeannet (INRIA) From Hybrid Data-Flow to Hybrid Automata 12 / 29

25 Hybrid Data-Flow Model Hybrid Data-Flow Model initial states assertion input vars I(s) A(s,i) b x «discrete vars continuous vars { e(s,i) if ϕ(b) else ẋ 1 = { s 1 = Φ(s,i) if ϕ Z (s,i) else... zero-crossings differential equations discrete transitions Schrammel and Jeannet (INRIA) From Hybrid Data-Flow to Hybrid Automata 12 / 29

26 Hybrid Data-Flow Model Hybrid Data-Flow Model initial states assertion input vars I(s) A(s,i) b x «discrete vars continuous vars { e(s,i) if ϕ(b) else ẋ 1 = { s 1 = Φ(s,i) if ϕ Z (s,i) else... zero-crossings differential equations discrete transitions Example: Thermostat system I(on, x) = 0 x 30 (x 19 on x > 19 on) A((on, x), (ξ, ǫ)) = 0 ξ ǫ 0.1 { ξ x + 22 if on else ẋ = ξ x if on { ff if up(x 20) else on = tt if up(18 x + ǫ) Schrammel and Jeannet (INRIA) From Hybrid Data-Flow to Hybrid Automata 12 / 29

27 Hybrid Data-Flow Model Hybrid Data-Flow Model initial states assertion input vars I(s) A(s,i) b x «discrete vars continuous vars { e(s,i) if ϕ(b) else ẋ 1 = { s 1 = Φ(s,i) if ϕ Z (s,i) else... zero-crossings differential equations discrete transitions Discrete transitions only by zero-crossings Change of dynamics only on discrete transitions Discrete transitions are urgent Simultaneous zero-crossings: priority by order in the program source Zero-crossing can also be triggered by discrete transitions Schrammel and Jeannet (INRIA) From Hybrid Data-Flow to Hybrid Automata 12 / 29

28 Hybrid Data-Flow Model Semantics Operational semantics inspired by the behavior of a simulator Uses non-standard analysis x =x+e(s,i) A up(z j ) s =Φ(s,i) A I(s ) continuous evolution zero-crossing discrete transitions no more zero-crossing Execution trace: (s 0,i 0 ) (s 1,i 1 ) (s 2,i 2 )... Schrammel and Jeannet (INRIA) From Hybrid Data-Flow to Hybrid Automata 13 / 29

29 Logico-Numerical Hybrid Automata Outline 1 Introduction Motivation Related Work 2 Hybrid Data-Flow Model 3 Logico-Numerical Hybrid Automata 4 Semantics of Zero-Crossings 5 Translation Translation of Continuous Zero-Crossings Translation of Discrete Zero-Crossings Complete Translation 6 Conclusion Schrammel and Jeannet (INRIA) From Hybrid Data-Flow to Hybrid Automata 14 / 29

30 Logico-Numerical Hybrid Automata Logico-Numerical Hybrid Automata Example: Thermostat system x 18.1 on = tt { on 17.9 x 30 x ẋ 30 x on 0 x x ẋ 52 x x =20 on = ff Schrammel and Jeannet (INRIA) From Hybrid Data-Flow to Hybrid Automata 15 / 29

31 Logico-Numerical Hybrid Automata Logico-Numerical Hybrid Automata Example: Thermostat system x 18.1 on = tt { on 17.9 x 30 x ẋ 30 x on 0 x x ẋ 52 x flow relation x =20 on = ff Schrammel and Jeannet (INRIA) From Hybrid Data-Flow to Hybrid Automata 15 / 29

32 Logico-Numerical Hybrid Automata Logico-Numerical Hybrid Automata Example: Thermostat system staying condition flow relation x 18.1 on = tt { on 17.9 x 30 x ẋ 30 x x =20 on = ff on 0 x x ẋ 52 x Schrammel and Jeannet (INRIA) From Hybrid Data-Flow to Hybrid Automata 15 / 29

33 Logico-Numerical Hybrid Automata Logico-Numerical Hybrid Automata Example: Thermostat system jump relation staying condition flow relation x 18.1 on = tt { on 17.9 x 30 x ẋ 30 x x =20 on = ff on 0 x x ẋ 52 x Schrammel and Jeannet (INRIA) From Hybrid Data-Flow to Hybrid Automata 15 / 29

34 Logico-Numerical Hybrid Automata Logico-Numerical Hybrid Automata Example: Thermostat system jump relation staying condition { on 17.9 x 30 x ẋ 30 x guard { }} { x 18.1 on = tt on 0 x x ẋ 52 x flow relation x =20 on = ff Schrammel and Jeannet (INRIA) From Hybrid Data-Flow to Hybrid Automata 15 / 29

35 Semantics of Zero-Crossings Outline 1 Introduction Motivation Related Work 2 Hybrid Data-Flow Model 3 Logico-Numerical Hybrid Automata 4 Semantics of Zero-Crossings 5 Translation Translation of Continuous Zero-Crossings Translation of Discrete Zero-Crossings Complete Translation 6 Conclusion Schrammel and Jeannet (INRIA) From Hybrid Data-Flow to Hybrid Automata 16 / 29

36 Semantics of Zero-Crossings Continuous vs. Discrete Zero-Crossings Continuous zero-crossing: triggered by continuous evolution sk 1 c s k s k+1... z(x(t)) 0 up(z) t Discrete zero-crossing: triggered by discrete transition occur in zero-crossing cascades: sk 2 c s k 1 d s k... z(x(t)) 0 up(z) t A zero-crossing may be both, e.g. up(x n) Schrammel and Jeannet (INRIA) From Hybrid Data-Flow to Hybrid Automata 17 / 29

37 Semantics of Zero-Crossings Semantics of Zero-Crossings up(z(s,i)) interpreted over: (s k 1,i k 1 ) (s k,i k ) up(z(s, i)) At-zero semantics: z(s k 1,i k 1 ) 0 z(s k,i k ) 0 Contact semantics: z(s k 1,i k 1 ) < 0 z(s k,i k ) 0 Crossing semantics: z(s k 1,i k 1 ) 0 z(s k,i k ) > 0 Schrammel and Jeannet (INRIA) From Hybrid Data-Flow to Hybrid Automata 18 / 29

38 Semantics of Zero-Crossings Semantics of Zero-Crossings up(z(s,i)) interpreted over: (s k 1,i k 1 ) (s k,i k ) up(z(s, i)) At-zero semantics: z(s k 1,i k 1 ) 0 z(s k,i k ) 0 Contact semantics: z(s k 1,i k 1 ) < 0 z(s k,i k ) 0 Crossing semantics: z(s k 1,i k 1 ) 0 z(s k,i k ) > 0 Simulink: contact crossing Modelica: choice left to the programmer Schrammel and Jeannet (INRIA) From Hybrid Data-Flow to Hybrid Automata 18 / 29

39 Translation Outline 1 Introduction Motivation Related Work 2 Hybrid Data-Flow Model 3 Logico-Numerical Hybrid Automata 4 Semantics of Zero-Crossings 5 Translation Translation of Continuous Zero-Crossings Translation of Discrete Zero-Crossings Complete Translation 6 Conclusion Schrammel and Jeannet (INRIA) From Hybrid Data-Flow to Hybrid Automata 19 / 29

40 Translation Translation of Continuous Zero-Crossings Single Zero-crossing without Inputs History must be memorized s = Φ(s) if up(z(s)) encoded by locations φ 1 φ 2 Schrammel and Jeannet (INRIA) From Hybrid Data-Flow to Hybrid Automata 20 / 29

41 Translation Translation of Continuous Zero-Crossings Single Zero-crossing without Inputs History must be memorized s = Φ(s) if up(z(s)) encoded by locations φ 1 φ 2 At-zero semantics z(s k 1 ) 0 } {{ } staying condition before zero-crossing z(s k ) 0 } {{ } guard Schrammel and Jeannet (INRIA) From Hybrid Data-Flow to Hybrid Automata 20 / 29

42 Translation Translation of Continuous Zero-Crossings Single Zero-crossing without Inputs History must be memorized s = Φ(s) if up(z(s)) encoded by locations φ 1 φ 2 At-zero semantics z(s k 1 ) 0 } {{ } staying condition before zero-crossing z(s k ) 0 } {{ } guard φ 1 z 0 tt φ 1 z 0 z =0 s =Φ(s) φ 2 above below Schrammel and Jeannet (INRIA) From Hybrid Data-Flow to Hybrid Automata 20 / 29

43 Translation Translation of Continuous Zero-Crossings Single Zero-crossing without Inputs History must be memorized s = Φ(s) if up(z(s)) encoded by locations φ 1 φ 2 At-zero semantics z(s k 1 ) 0 } {{ } staying condition before zero-crossing z(s k ) 0 } {{ } guard φ 1 z 0 tt φ 1 z 0 z =0 s =Φ(s) φ 2 z above below z t t Schrammel and Jeannet (INRIA) From Hybrid Data-Flow to Hybrid Automata 20 / 29

44 Translation Translation of Continuous Zero-Crossings Single Zero-crossing without Inputs History must be memorized s = Φ(s) if up(z(s)) encoded by locations φ 1 φ 2 Contact semantics z(s k 1 ) < 0 } {{ } guard for entering ready location z(s k ) 0 } {{ } guard φ 1 z 0 tt φ 1 z < 0 z 0 φ 1 z 0 z = 0 s = Φ(s) φ 2 above below ready Schrammel and Jeannet (INRIA) From Hybrid Data-Flow to Hybrid Automata 21 / 29

45 Translation Translation of Continuous Zero-Crossings Single Zero-crossing without Inputs History must be memorized s = Φ(s) if up(z(s)) encoded by locations φ 1 φ 2 Contact semantics z(s k 1 ) < 0 } {{ } guard for entering ready location z(s k ) 0 } {{ } guard φ 1 z 0 tt φ 1 z < 0 z 0 φ 1 z 0 z = 0 s = Φ(s) φ 2 z above below ready z t t Schrammel and Jeannet (INRIA) From Hybrid Data-Flow to Hybrid Automata 21 / 29

46 Translation Translation of Continuous Zero-Crossings Further Cases Zero-crossing with inputs Inputs quantified existentially s = Φ(s,i) if up(z(s,i)) Schrammel and Jeannet (INRIA) From Hybrid Data-Flow to Hybrid Automata 22 / 29

47 Translation Translation of Continuous Zero-Crossings Further Cases Zero-crossing with inputs Inputs quantified existentially s = Φ(s,i) if up(z(s,i)) Example I(b, x, y) = b... A(b, x, ( y, ξ) ) = 0.1 ξ ( ) 0.1 b ff y = if up(x ξ) ξ... b x 0.1 tt b x <0.1 x 0.1 b x x 0.1 b x =x y =x b Schrammel and Jeannet (INRIA) From Hybrid Data-Flow to Hybrid Automata 22 / 29

48 Translation Translation of Continuous Zero-Crossings Further Cases Zero-crossing with inputs Inputs quantified existentially s = Φ(s,i) if up(z(s,i)) Conjunctions of zero-crossings s = Φ if M p=1 up(z p) Schrammel and Jeannet (INRIA) From Hybrid Data-Flow to Hybrid Automata 22 / 29

49 Translation Translation of Continuous Zero-Crossings Further Cases Zero-crossing with inputs Inputs quantified existentially s = Φ(s,i) if up(z(s,i)) Conjunctions of zero-crossings s = Φ if M p=1 up(z p) Loss of urgency Example up(z 1 ) up(z 2 ) up(z 2 ) up(z 1 ) up(z 2 ) up(z 1 ) up(z 1 ) up(z 2 ) Schrammel and Jeannet (INRIA) From Hybrid Data-Flow to Hybrid Automata 22 / 29

50 Translation Translation of Continuous Zero-Crossings Further Cases Zero-crossing with inputs Inputs quantified existentially s = Φ(s,i) if up(z(s,i)) Conjunctions of zero-crossings Lists of zero-crossings s = Φ if M p=1 up(z p) Φ 1 if ϕ Z s 1 else = Φ 2 if ϕ Z 2 else Schrammel and Jeannet (INRIA) From Hybrid Data-Flow to Hybrid Automata 22 / 29

51 Translation Translation of Continuous Zero-Crossings Further Cases Zero-crossing with inputs Inputs quantified existentially s = Φ(s,i) if up(z(s,i)) Conjunctions of zero-crossings Lists of zero-crossings s = Φ if M p=1 up(z p) Φ 1 if ϕ Z s 1 else = Φ 2 if ϕ Z 2 else Iterative translation of all zero-crossings: cumbersome graph transformations Encoding of locations into additional state variables q of the enumerated type {above, below, ready} Schrammel and Jeannet (INRIA) From Hybrid Data-Flow to Hybrid Automata 22 / 29

52 Translation Translation of Discrete Zero-Crossings Translation of Discrete Zero-Crossings In zero-crossing cascades: s k c s k+1 d s k+2... Schrammel and Jeannet (INRIA) From Hybrid Data-Flow to Hybrid Automata 23 / 29

53 Translation Translation of Discrete Zero-Crossings Translation of Discrete Zero-Crossings In zero-crossing cascades: s k c s k+1 d s k+2... Example n = n + 1 if up(x) m = tt if up(n) } = n =... q d = n<0 { (m = tt) q d n 0 (m =m) (q d n 0) Schrammel and Jeannet (INRIA) From Hybrid Data-Flow to Hybrid Automata 23 / 29

54 Translation Translation of Discrete Zero-Crossings Translation of Discrete Zero-Crossings In zero-crossing cascades: s k c s k+1 d s k+2... Example n = n + 1 if up(x) m = tt if up(n) } = n =... q d = n<0 { (m = tt) q d n 0 (m =m) (q d n 0) Translating urgency Interrupting continuous evolution if a discrete zero-crossing is active Example: V ( q d n 0) Schrammel and Jeannet (INRIA) From Hybrid Data-Flow to Hybrid Automata 23 / 29

55 Translation Complete Translation Complete Translation (1) Translate each zero-crossing formula ϕ Z j and obtain: Staying conditions Jump transitions for s and q (2) Create a logico-numerical hybrid automaton: L = {l 0 } Flow relation V in l 0 S 0 V R Jump relation l 0 R l 0 l 0 Initial states S 0 in l 0 Explicit representation Enumerating the valuations of variables q and Partitioning the system into O(2 N ) states Schrammel and Jeannet (INRIA) From Hybrid Data-Flow to Hybrid Automata 24 / 29

56 Conclusion Outline 1 Introduction Motivation Related Work 2 Hybrid Data-Flow Model 3 Logico-Numerical Hybrid Automata 4 Semantics of Zero-Crossings 5 Translation Translation of Continuous Zero-Crossings Translation of Discrete Zero-Crossings Complete Translation 6 Conclusion Schrammel and Jeannet (INRIA) From Hybrid Data-Flow to Hybrid Automata 25 / 29

57 Conclusion Conclusion Translation: sound over-approximation Handle zero-crossings Large subsets of actual languages reduced to our formalism Insight: Some semantics of simulation languages are badly suited for translation to hybrid automata Translation to standard hybrid automata: Analysis with existing tools: HyTech (Henzinger et al 1997) PHaver (Frehse 2005) SpaceEx (Frehse et al 2011) Schrammel and Jeannet (INRIA) From Hybrid Data-Flow to Hybrid Automata 26 / 29

58 Conclusion Conclusion Translation: sound over-approximation Handle zero-crossings Large subsets of actual languages reduced to our formalism Insight: Some semantics of simulation languages are badly suited for translation to hybrid automata Translation to standard hybrid automata: Analysis with existing tools: HyTech (Henzinger et al 1997) PHaver (Frehse 2005) SpaceEx (Frehse et al 2011) Future Work Tools above require full enumeration of discrete state space: Adaption of methods to the analysis of logico-numerical hybrid automata Schrammel and Jeannet (INRIA) From Hybrid Data-Flow to Hybrid Automata 26 / 29

59 Conclusion Related Work Translation of restricted Simulink/Stateflow Schrammel and Jeannet (INRIA) From Hybrid Data-Flow to Hybrid Automata 27 / 29

60 Conclusion Semantics of Logico-numerical Hybrid Automata Executions (l 0,s 0 ) (l 1,s 1 ) (l 2,s 2 )... (l,s) c (l,s ) l=l s flow Vl (s) (l,s) d (l,s ) R l,l : R l,l (s,s ) C l (s ) flow V (b,x) = (b,x ) Set of differentiable trajectories T [0,δ] : [0, δ] R n δ>0, τ T [0,δ] : τ(0) = x τ(δ) = x δ [0, δ] : C(b, τ(δ )) δ (0, δ) : V(b, τ(δ ), τ(δ )) Schrammel and Jeannet (INRIA) From Hybrid Data-Flow to Hybrid Automata 28 / 29

61 Conclusion One Zero-Crossing without Inputs History must be memorized s = Φ(s) if up(z(s)) encoded by locations φ 1 φ 2 Crossing semantics z(s k 1 ) 0 z(s k ) > 0 Schrammel and Jeannet (INRIA) From Hybrid Data-Flow to Hybrid Automata 29 / 29

62 Conclusion One Zero-Crossing without Inputs History must be memorized s = Φ(s) if up(z(s)) encoded by locations φ 1 φ 2 Crossing semantics 0 z(s k 1 ) ǫ } {{ } staying condition before zero-crossing z(s k ) 0 } {{ } guard φ 1 z 0 tt φ 1 z 0 tt 0 z ǫ φ 1 s =Φ(s) 0 z ǫ φ 2 z above below ready z t ǫ t Schrammel and Jeannet (INRIA) From Hybrid Data-Flow to Hybrid Automata 29 / 29

Similar documents

Languages for Programming Hybrid Discrete/Continuous-Time Systems

Languages for Programming Hybrid Discrete/Continuous-Time Systems Languages for Programming Hybrid Discrete/Continuous-Time Systems Marc Pouzet ENS Paris/UPMC/INRIA Collège de France, March 26, 2014 In collaboration with Albert Benveniste, Timothy Bourke, Benoit Caillaud

More information

Combining Control and Data Abstraction in the Verification of Hybrid Systems

Combining Control and Data Abstraction in the Verification of Hybrid Systems IEEE TRANSACTIONS ON COMPUTER-AIDED DESIGN OF INTEGRATED CIRCUITS AND SYSTEMS, VOL. 29, NO. 10, OCTOBER 2010 1481 Combining Control and Data Abstraction in the Verification of Hybrid Systems Xavier Briand

More information

Modeling Techniques, Programming Languages, and Design Toolsets for Hybrid Systems

Modeling Techniques, Programming Languages, and Design Toolsets for Hybrid Systems Modeling Techniques, Programming Languages, and Design Toolsets for Hybrid Systems Luca P. Carloni, Maria Domenica DiBenedetto, Roberto Passerone, Alessandro Pinto and Alberto Sangiovanni-Vincentelli Abstract

More information

StateFlow Hands On Tutorial

StateFlow Hands On Tutorial StateFlow Hands On Tutorial HS/PDEEC 2010 03 04 José Pinto zepinto@fe.up.pt Session Outline Simulink and Stateflow Numerical Simulation of ODEs Initial Value Problem (Hands on) ODEs with resets (Hands

More information

Verification of hybrid dynamical systems

Verification of hybrid dynamical systems Verification of hybrid dynamical systems Jüri Vain Tallinn Technical University/Institute of Cybernetics vain@ioc.ee Outline What are Hybrid Systems? Hybrid automata Verification of hybrid systems Verification

More information

The Kiel Reactive Processor

The Kiel Reactive Processor The Kiel Reactive Processor Reactive Processing beyond the KEP Claus Traulsen Christian-Albrechts Universität zu Kiel Synchron 2007 29. November 2007 Claus Traulsen The Kiel Reactive Processor Slide 1

More information

Online Checking of a Hybrid Laser Tracheotomy Model in UPPAAL-SMC

Online Checking of a Hybrid Laser Tracheotomy Model in UPPAAL-SMC Master Thesis Xintao Ma Online Checking of a Hybrid Laser Tracheotomy Model in UPPAAL-SMC Date 06. June, 2013-06. December, 2013 supervised by: Prof. Dr. Sibylle Schupp Prof. Dr. Alexander Schlaefer Jonas

More information

A Synchronous-based Code Generator For Explicit Hybrid Systems Languages

A Synchronous-based Code Generator For Explicit Hybrid Systems Languages A Synchronous-based Code Generator For Explicit Hybrid Systems Languages Timothy Bourke 1,3, Jean-Louis Colaço 2, Bruno Pagano 2, Cédric Pasteur 2, and Marc Pouzet 4,3,1 1 INRIA Paris-Rocquencourt 2 ANSYS/Esterel-Technologies,

More information

Modeling, Verification and Testing using Timed and Hybrid. Automata. Stavros Tripakis and Thao Dang

Modeling, Verification and Testing using Timed and Hybrid. Automata. Stavros Tripakis and Thao Dang Modeling, Verification and Testing using Timed and Hybrid Automata Stavros Tripakis and Thao Dang September 12, 2008 ii Contents 1 Modeling, Verification and Testing using Timed and Hybrid Automata 1 1.1

More information

On Recognizable Timed Languages FOSSACS 2004

On Recognizable Timed Languages FOSSACS 2004 On Recognizable Timed Languages Oded Maler VERIMAG Grenoble France Amir Pnueli NYU and Weizmann New York and Rehovot USA FOSSACS 2004 Nutrition Facts Classical (Untimed) Recognizability Timed Languages

More information

HYBRID systems involve a combination of discrete and continuous

HYBRID systems involve a combination of discrete and continuous UNPUBLISHED REPORT Formal Semantics and Analysis Methods for Simulink Stateflow Models A. Tiwari Abstract Embedded control systems typically comprise continuous control laws combined with discrete mode

More information

An Introduction to Hybrid Automata

An Introduction to Hybrid Automata An Introduction to Hybrid Automata Jean-François Raskin, email: jraskin@ulb.ac.be Computer Science Department University of Brussels Belgium 1 Introduction Hybrid systems are digital real-time systems

More information

Transferring Causality Analysis from Synchronous Programs to Hybrid Programs

Transferring Causality Analysis from Synchronous Programs to Hybrid Programs Transferring Causality Analysis from Synchronous Programs to Hybrid Programs Kerstin Bauer and Klaus Schneider Department of Computer Science University of Kaiserslautern {k_bauer,klaus.schneider}@cs.uni-kl.de

More information

Abstract Simulation: a Static Analysis of Simulink Models

Abstract Simulation: a Static Analysis of Simulink Models Abstract Simulation: a Static Analysis of Simulink Models Alexandre Chapoutot LIP6 Université Pierre et Marie Curie 4, place Jussieu F75252 Paris Cedex 05, France Email: alexandre.chapoutot@lip6.fr Matthieu

More information

InvGen: An Efficient Invariant Generator

InvGen: An Efficient Invariant Generator InvGen: An Efficient Invariant Generator Ashutosh Gupta and Andrey Rybalchenko Max Planck Institute for Software Systems (MPI-SWS) Abstract. In this paper we present InvGen, an automatic linear arithmetic

More information

Modeling and Verification of Sampled-Data Hybrid Systems

Modeling and Verification of Sampled-Data Hybrid Systems Modeling and Verification of Sampled-Data Hybrid Systems Abstract B. Izaias Silva and Bruce H. Krogh Dept. of Electrical and Computer Engineering, Carnegie Mellon University (Izaias /krogh)@cmu.edu We

More information

Formal Specification of Performance Metrics for Intelligent Systems

Formal Specification of Performance Metrics for Intelligent Systems Formal Specification of Performance Metrics for Intelligent Systems Ying Zhang System and Practice Lab, Xerox Palo Alto Research Center Palo Alto, CA 94304 Alan K. Mackworth Department of Computer Science,

More information

HYBRID SYSTEMS CONTROLLER DESIGN METHODOLOGY

HYBRID SYSTEMS CONTROLLER DESIGN METHODOLOGY FISITA2010-SC-O-14 HYBRID SYSTEMS CONTROLLER DESIGN METHODOLOGY 1 Pluska Michal*, 1 Sinclair David 1 LERO@DCU i, Dublin City University, School of Computing, Dublin 9, Ireland michal.pluska2@mail.dcu.ie

More information

Symbolic Analysis for Improving Simulation Coverage of Simulink/Stateflow Models

Symbolic Analysis for Improving Simulation Coverage of Simulink/Stateflow Models Symbolic Analysis for Improving Simulation Coverage of Simulink/Stateflow Models Rajeev Alur University of Pennsylvania alur@cis.upenn.edu Aditya Kanade University of Pennsylvania kanade@seas.upenn.edu

More information

A Static Analyzer for Large Safety-Critical Software. Considered Programs and Semantics. Automatic Program Verification by Abstract Interpretation

A Static Analyzer for Large Safety-Critical Software. Considered Programs and Semantics. Automatic Program Verification by Abstract Interpretation PLDI 03 A Static Analyzer for Large Safety-Critical Software B. Blanchet, P. Cousot, R. Cousot, J. Feret L. Mauborgne, A. Miné, D. Monniaux,. Rival CNRS École normale supérieure École polytechnique Paris

More information

Integrating System Descriptions by Clocked Guarded Actions

Integrating System Descriptions by Clocked Guarded Actions Integrating System Descriptions by Clocked Guarded Actions Jens Brandt, Mike Gemünde, Klaus Schneider, Sandeep K. Shukla and Jean-Pierre Talpin Department of Computer Science, University of Kaiserslautern,

More information

Automata-based Verification - I

Automata-based Verification - I CS3172: Advanced Algorithms Automata-based Verification - I Howard Barringer Room KB2.20: email: howard.barringer@manchester.ac.uk March 2006 Supporting and Background Material Copies of key slides (already

More information

A Classification of Model Checking-based Verification Approaches for Software Models

A Classification of Model Checking-based Verification Approaches for Software Models A Classification of Model Checking-based Verification Approaches for Software Models Petra Brosch, Sebastian Gabmeyer, Martina Seidl Sebastian Gabmeyer Business Informatics Group Institute of Software

More information

Formal Specification and Verification

Formal Specification and Verification Formal Specification and Verification Stefan Ratschan Katedra číslicového návrhu Fakulta informačních technologíı České vysoké učení technické v Praze 2. 5. 2011 Stefan Ratschan (FIT ČVUT) PI-PSC 4 2.

More information

System modeling. Budapest University of Technology and Economics Department of Measurement and Information Systems

System modeling. Budapest University of Technology and Economics Department of Measurement and Information Systems System modeling Business process modeling how to do it right Partially based on Process Anti-Patterns: How to Avoid the Common Traps of Business Process Modeling, J Koehler, J Vanhatalo, IBM Zürich, 2007.

More information

INF5140: Specification and Verification of Parallel Systems

INF5140: Specification and Verification of Parallel Systems INF5140: Specification and Verification of Parallel Systems Lecture 7 LTL into Automata and Introduction to Promela Gerardo Schneider Department of Informatics University of Oslo INF5140, Spring 2007 Gerardo

More information

On the Modeling and Verification of Security-Aware and Process-Aware Information Systems

On the Modeling and Verification of Security-Aware and Process-Aware Information Systems On the Modeling and Verification of Security-Aware and Process-Aware Information Systems 29 August 2011 What are workflows to us? Plans or schedules that map users or resources to tasks Such mappings may

More information

Using the Theory of Reals in. Analyzing Continuous and Hybrid Systems

Using the Theory of Reals in. Analyzing Continuous and Hybrid Systems Using the Theory of Reals in Analyzing Continuous and Hybrid Systems Ashish Tiwari Computer Science Laboratory (CSL) SRI International (SRI) Menlo Park, CA 94025 Email: ashish.tiwari@sri.com Ashish Tiwari

More information

Temporal Logics. Computation Tree Logic

Temporal Logics. Computation Tree Logic Temporal Logics CTL: definition, relationship between operators, adequate sets, specifying properties, safety/liveness/fairness Modeling: sequential, concurrent systems; maximum parallelism/interleaving

More information

Finite Automata. Reading: Chapter 2

Finite Automata. Reading: Chapter 2 Finite Automata Reading: Chapter 2 1 Finite Automaton (FA) Informally, a state diagram that comprehensively captures all possible states and transitions that a machine can take while responding to a stream

More information

Software Modeling and Verification

Software Modeling and Verification Software Modeling and Verification Alessandro Aldini DiSBeF - Sezione STI University of Urbino Carlo Bo Italy 3-4 February 2015 Algorithmic verification Correctness problem Is the software/hardware system

More information

Reducing Clocks in Timed Automata while Preserving Bisimulation

Reducing Clocks in Timed Automata while Preserving Bisimulation Reducing Clocks in Timed Automata while Preserving Bisimulation Shibashis Guha Chinmay Narayan S. Arun-Kumar Indian Institute of Technology Delhi {shibashis, chinmay, sak}@cse.iitd.ac.in arxiv:1404.6613v2

More information

Chair of Software Engineering. Software Verification. Assertion Inference. Carlo A. Furia

Chair of Software Engineering. Software Verification. Assertion Inference. Carlo A. Furia Chair of Software Engineering Software Verification Assertion Inference Carlo A. Furia Proving Programs Automatically The Program Verification problem: Given: a program P and a specification S = [Pre,

More information

Formal Verification and Linear-time Model Checking

Formal Verification and Linear-time Model Checking Formal Verification and Linear-time Model Checking Paul Jackson University of Edinburgh Automated Reasoning 21st and 24th October 2013 Why Automated Reasoning? Intellectually stimulating and challenging

More information

Formal Verification by Model Checking

Formal Verification by Model Checking Formal Verification by Model Checking Natasha Sharygina Carnegie Mellon University Guest Lectures at the Analysis of Software Artifacts Class, Spring 2005 1 Outline Lecture 1: Overview of Model Checking

More information

Automatic Conversion Software for the Safety Verification of Goal-based Control Programs

Automatic Conversion Software for the Safety Verification of Goal-based Control Programs Automatic Conversion Software for the Safety Verification of Goal-based Control Programs Julia M. B. Braman and Richard M. Murray Abstract Fault tolerance and safety verification of control systems are

More information

Software Verification/Validation Methods and Tools... or Practical Formal Methods

Software Verification/Validation Methods and Tools... or Practical Formal Methods Software Verification/Validation Methods and Tools... or Practical Formal Methods John Rushby Computer Science Laboratory SRI International Menlo Park, CA John Rushby, SR I Practical Formal Methods: 1

More information

Algorithmic Software Verification

Algorithmic Software Verification Algorithmic Software Verification (LTL Model Checking) Azadeh Farzan What is Verification Anyway? Proving (in a formal way) that program satisfies a specification written in a logical language. Formal

More information

From Control Loops to Software

From Control Loops to Software CNRS-VERIMAG Grenoble, France October 2006 Executive Summary Embedded systems realization of control systems by computers Computers are the major medium for realizing controllers There is a gap between

More information

linear hybrid automata is undecidable the method provides also diagnostic information that aids in design

linear hybrid automata is undecidable the method provides also diagnostic information that aids in design Symbolic Analysis of Hybrid Systems y Rajeev Alur 1 Thomas A. Henzinger 2 Howard Wong-Toi 3 Abstract. A hybrid system is a dynamical system whose behavior exhibits both discrete and continuous change.

More information

Feasibility of a Software Process Modeling Library based on MATLAB / Simulink

Feasibility of a Software Process Modeling Library based on MATLAB / Simulink Feasibility of a Software Process Modeling Library based on MATLAB / Simulink T. Birkhoelzer University of Applied Sciences Konstanz, Braunegger Str. 55, 7846 Konstanz, Germany, birkhoelzer@fh-kontanz.de

More information

Reliability Guarantees in Automata Based Scheduling for Embedded Control Software

Reliability Guarantees in Automata Based Scheduling for Embedded Control Software 1 Reliability Guarantees in Automata Based Scheduling for Embedded Control Software Santhosh Prabhu, Aritra Hazra, Pallab Dasgupta Department of CSE, IIT Kharagpur West Bengal, India - 721302. Email: {santhosh.prabhu,

More information

Finite Automata. Reading: Chapter 2

Finite Automata. Reading: Chapter 2 Finite Automata Reading: Chapter 2 1 Finite Automata Informally, a state machine that comprehensively captures all possible states and transitions that a machine can take while responding to a stream (or

More information

Deployment of Model-based Software Development in Safety-related Applications: Challenges and Solutions Scenarios

Deployment of Model-based Software Development in Safety-related Applications: Challenges and Solutions Scenarios Deployment of Model-based Software Development in Safety-related Applications: Challenges and Solutions Scenarios Mirko Conrad, Heiko Doerr Research E/E and Information Technology DaimlerChrysler AG Alt-Moabit

More information

ACES-MB 2009 MADS CLAUSEN INSTITUTE

ACES-MB 2009 MADS CLAUSEN INSTITUTE Formal Design Models for Distributed Embedded Control Systems Christo Angelov Krzysztof Sierszecki Yu Guo {angelov, ksi, guo}@mci.sdu.dk 06-10-2009 MODELS 2009, Denver, Colorado, USA 1 Contents Introduction:

More information

Today s Agenda. Automata and Logic. Quiz 4 Temporal Logic. Introduction Buchi Automata Linear Time Logic Summary

Today s Agenda. Automata and Logic. Quiz 4 Temporal Logic. Introduction Buchi Automata Linear Time Logic Summary Today s Agenda Quiz 4 Temporal Logic Formal Methods in Software Engineering 1 Automata and Logic Introduction Buchi Automata Linear Time Logic Summary Formal Methods in Software Engineering 2 1 Buchi Automata

More information

Formal Verification of Software

Formal Verification of Software Formal Verification of Software Sabine Broda Department of Computer Science/FCUP 12 de Novembro de 2014 Sabine Broda (DCC-FCUP) Formal Verification of Software 12 de Novembro de 2014 1 / 26 Formal Verification

More information

VSE II - Hybrid Automata to Express Realtime Properties

VSE II - Hybrid Automata to Express Realtime Properties From: FLAIRS-01 Proceedings. Copyright 2001, AAAI (www.aaai.org). All rights reserved. Using Hybrid Automata to Express Realtime Properties in VSE-II Andreas Nonnengart Georg Rock Werner Stephan* Deutsches

More information

Formal verification of contracts for synchronous software components using NuSMV

Formal verification of contracts for synchronous software components using NuSMV Formal verification of contracts for synchronous software components using NuSMV Tobias Polzer Lehrstuhl für Informatik 8 Bachelorarbeit 13.05.2014 1 / 19 Problem description and goals Problem description

More information

Runtime Enforcement of Timed Properties

Runtime Enforcement of Timed Properties Runtime Enforcement of Timed Properties Srinivas Pinisetty 1,Yliès Falcone 2, Thierry Jéron 1, Hervé Marchand 1, Antoine Rollet 3 and Omer Nguena Timo 3 INRIA Rennes - Bretagne Atlantique, France LIG,

More information

Specification and Analysis of Contracts Lecture 1 Introduction

Specification and Analysis of Contracts Lecture 1 Introduction Specification and Analysis of Contracts Lecture 1 Introduction Gerardo Schneider gerardo@ifi.uio.no http://folk.uio.no/gerardo/ Department of Informatics, University of Oslo SEFM School, Oct. 27 - Nov.

More information

asked the Software Engineering Institute Publishes Software Technology Review A Cliffs Notes Approach for PEOs, PMs, IPTs, and Support Staff

asked the Software Engineering Institute Publishes Software Technology Review A Cliffs Notes Approach for PEOs, PMs, IPTs, and Support Staff ACQUISITION REFERENCE SOURCE Software Engineering Institute Publishes Software Technology Review A Cliffs Notes Approach for PEOs, PMs, IPTs, and Support Staff ROBERT ROSENSTEIN KIMBERLY BRUNE JOHN FOREMAN

More information

Two-Way Traceability and Conflict Debugging for AspectLTL Programs

Two-Way Traceability and Conflict Debugging for AspectLTL Programs Two-Way Traceability and Conflict Debugging for AspectLTL Programs Shahar Maoz RWTH Aachen University, Germany maoz@se-rwth.de Yaniv Sa ar Weizmann Institute of Science, Israel yaniv.saar@weizmann.ac.il

More information

Artificial Intelligence

Artificial Intelligence Artificial Intelligence ICS461 Fall 2010 1 Lecture #12B More Representations Outline Logics Rules Frames Nancy E. Reed nreed@hawaii.edu 2 Representation Agents deal with knowledge (data) Facts (believe

More information

Introduction to Simulink & Stateflow. Coorous Mohtadi

Introduction to Simulink & Stateflow. Coorous Mohtadi Introduction to Simulink & Stateflow Coorous Mohtadi 1 Key Message Simulink and Stateflow provide: A powerful environment for modelling real processes... and are fully integrated with the MATLAB environment.

More information

Business Process Modeling

Business Process Modeling Business Process Concepts Process Mining Kelly Rosa Braghetto Instituto de Matemática e Estatística Universidade de São Paulo kellyrb@ime.usp.br January 30, 2009 1 / 41 Business Process Concepts Process

More information

Fabio Patrizi DIS Sapienza - University of Rome

Fabio Patrizi DIS Sapienza - University of Rome Fabio Patrizi DIS Sapienza - University of Rome Overview Introduction to Services The Composition Problem Two frameworks for composition: Non data-aware services Data-aware services Conclusion & Research

More information

tutorial: hardware and software model checking

tutorial: hardware and software model checking tutorial: hardware and software model checking gerard holzmann and anuj puri { gerard anuj } @research.bell-labs.com Bell Labs, USA outline introduction (15 mins) theory and algorithms system modeling

More information

Automated Domain-Specific C Verification with mbeddr

Automated Domain-Specific C Verification with mbeddr Automated Domain-Specific C Verification with mbeddr Zaur Molotnikov Fortiss Institute Guerickestraße 25 Munich, Germany molotnikov@fortiss.org Markus Völter independent/itemis Oetztaler Straße 38 Stuttgart,

More information

Simulink Modeling Guidelines for High-Integrity Systems

Simulink Modeling Guidelines for High-Integrity Systems Simulink Modeling Guidelines for High-Integrity Systems R2015a How to Contact MathWorks Latest news: www.mathworks.com Sales and services: www.mathworks.com/sales_and_services User community: www.mathworks.com/matlabcentral

More information

Software Engineering

Software Engineering Software Engineering Lecture 04: The B Specification Method Peter Thiemann University of Freiburg, Germany SS 2013 Peter Thiemann (Univ. Freiburg) Software Engineering SWT 1 / 50 The B specification method

More information

Cassandra. References:

Cassandra. References: Cassandra References: Becker, Moritz; Sewell, Peter. Cassandra: Flexible Trust Management, Applied to Electronic Health Records. 2004. Li, Ninghui; Mitchell, John. Datalog with Constraints: A Foundation

More information

A Static Analyzer for Large Safety-Critical Software

A Static Analyzer for Large Safety-Critical Software A Static Analyzer for Large Safety-Critical Software (Extended Abstract) Bruno Blanchet Patrick Cousot Radhia Cousot Jérôme Feret Laurent Mauborgne Antoine Miné David Monniaux Xavier Rival ABSTRACT We

More information

Generating Embedded Software from Hierarchical Hybrid Models

Generating Embedded Software from Hierarchical Hybrid Models Generating Embedded Software from Hierarchical Hybrid Models Rajeev Alur, Franjo Ivančić, Jesung Kim, Insup Lee and Oleg Sokolsky Department of Computer and Information Science University of Pennsylvania

More information

Lecture 9 verifying temporal logic

Lecture 9 verifying temporal logic Basics of advanced software systems Lecture 9 verifying temporal logic formulae with SPIN 21/01/2013 1 Outline for today 1. Introduction: motivations for formal methods, use in industry 2. Developing models

More information

The Roman Model for Automated Synthesis in Practice: the SM4All Experience

The Roman Model for Automated Synthesis in Practice: the SM4All Experience The Roman Model for Automated Synthesis in Practice: the SM4All Experience An implementation of the game structure based automated syntesis of services applied to a real scenario Mario Caruso 1 Claudio

More information

European Train Control System: A Case Study in Formal Verification

European Train Control System: A Case Study in Formal Verification European Train Control System: A Case Study in Formal Verification André Platzer 1 and Jan-David Quesel 2 1 Computer Science Department, Carnegie Mellon University, Pittsburgh, PA 2 University of Oldenburg,

More information

Complexities of Simulating a Hybrid Agent-Landscape Model Using Multi-Formalism

Complexities of Simulating a Hybrid Agent-Landscape Model Using Multi-Formalism Complexities of Simulating a Hybrid Agent-Landscape Model Using Multi-Formalism Composability Gary R. Mayer Gary.Mayer@asu.edu Hessam S. Sarjoughian Sarjougian@asu.edu Arizona Center for Integrative Modeling

More information

The Designer's Guide to VHDL

The Designer's Guide to VHDL The Designer's Guide to VHDL Third Edition Peter J. Ashenden EDA CONSULTANT, ASHENDEN DESIGNS PTY. LTD. ADJUNCT ASSOCIATE PROFESSOR, ADELAIDE UNIVERSITY AMSTERDAM BOSTON HEIDELBERG LONDON m^^ yj 1 ' NEW

More information

i. Node Y Represented by a block or part. SysML::Block,

i. Node Y Represented by a block or part. SysML::Block, OMG SysML Requirements Traceability (informative) This document has been published as OMG document ptc/07-03-09 so it can be referenced by Annex E of the OMG SysML specification. This document describes

More information

Model Checking: An Introduction

Model Checking: An Introduction Announcements Model Checking: An Introduction Meeting 2 Office hours M 1:30pm-2:30pm W 5:30pm-6:30pm (after class) and by appointment ECOT 621 Moodle problems? Fundamentals of Programming Languages CSCI

More information

Static Analysis. Find the Bug! 15-654: Analysis of Software Artifacts. Jonathan Aldrich. disable interrupts. ERROR: returning with interrupts disabled

Static Analysis. Find the Bug! 15-654: Analysis of Software Artifacts. Jonathan Aldrich. disable interrupts. ERROR: returning with interrupts disabled Static Analysis 15-654: Analysis of Software Artifacts Jonathan Aldrich 1 Find the Bug! Source: Engler et al., Checking System Rules Using System-Specific, Programmer-Written Compiler Extensions, OSDI

More information

HECTOR a software model checker with cooperating analysis plugins. Nathaniel Charlton and Michael Huth Imperial College London

HECTOR a software model checker with cooperating analysis plugins. Nathaniel Charlton and Michael Huth Imperial College London HECTOR a software model checker with cooperating analysis plugins Nathaniel Charlton and Michael Huth Imperial College London Introduction HECTOR targets imperative heap-manipulating programs uses abstraction

More information

Digital Design Verification

Digital Design Verification Digital Design Verification Course Instructor: Debdeep Mukhopadhyay Dept of Computer Sc. and Engg. Indian Institute of Technology Madras, Even Semester Course No: CS 676 1 Verification??? What is meant

More information

Model-Driven Software Development for Robotics: an overview

Model-Driven Software Development for Robotics: an overview Model-Driven Software Development for Robotics: an overview IEEE-ICRA2011 Workshop on Software Development and Integration in Robotics Jan F. Broenink, Maarten M. Bezemer Control Engineering, University

More information

StaRVOOrS: A Tool for Combined Static and Runtime Verification of Java

StaRVOOrS: A Tool for Combined Static and Runtime Verification of Java StaRVOOrS: A Tool for Combined Static and Runtime Verification of Java Jesús Mauricio Chimento 1, Wolfgang Ahrendt 1, Gordon J. Pace 2, and Gerardo Schneider 3 1 Chalmers University of Technology, Sweden.

More information

How Can Metaheuristics Help Software Engineers

How Can Metaheuristics Help Software Engineers and Software How Can Help Software Engineers Enrique Alba eat@lcc.uma.es http://www.lcc.uma.es/~eat Universidad de Málaga, ESPAÑA Enrique Alba How Can Help Software Engineers of 8 and Software What s a

More information

Compiler Construction

Compiler Construction Compiler Construction Regular expressions Scanning Görel Hedin Reviderad 2013 01 23.a 2013 Compiler Construction 2013 F02-1 Compiler overview source code lexical analysis tokens intermediate code generation

More information

The System Designer's Guide to VHDL-AMS

The System Designer's Guide to VHDL-AMS The System Designer's Guide to VHDL-AMS Analog, Mixed-Signal, and Mixed-Technology Modeling Peter J. Ashenden EDA CONSULTANT, ASHENDEN DESIGNS PTY. LTD. VISITING RESEARCH FELLOW, ADELAIDE UNIVERSITY Gregory

More information

Monitoring Metric First-order Temporal Properties

Monitoring Metric First-order Temporal Properties Monitoring Metric First-order Temporal Properties DAVID BASIN, FELIX KLAEDTKE, SAMUEL MÜLLER, and EUGEN ZĂLINESCU, ETH Zurich Runtime monitoring is a general approach to verifying system properties at

More information

Regression Verification: Status Report

Regression Verification: Status Report Regression Verification: Status Report Presentation by Dennis Felsing within the Projektgruppe Formale Methoden der Softwareentwicklung 2013-12-11 1/22 Introduction How to prevent regressions in software

More information

Formal Languages and Automata Theory - Regular Expressions and Finite Automata -

Formal Languages and Automata Theory - Regular Expressions and Finite Automata - Formal Languages and Automata Theory - Regular Expressions and Finite Automata - Samarjit Chakraborty Computer Engineering and Networks Laboratory Swiss Federal Institute of Technology (ETH) Zürich March

More information

Overview Motivating Examples Interleaving Model Semantics of Correctness Testing, Debugging, and Verification

Overview Motivating Examples Interleaving Model Semantics of Correctness Testing, Debugging, and Verification Introduction Overview Motivating Examples Interleaving Model Semantics of Correctness Testing, Debugging, and Verification Advanced Topics in Software Engineering 1 Concurrent Programs Characterized by

More information

IEEE TRANSACTIONS ON AUTOMATIC CONTROL, VOL. 56, NO. 10, OCTOBER 2011 2345

IEEE TRANSACTIONS ON AUTOMATIC CONTROL, VOL. 56, NO. 10, OCTOBER 2011 2345 IEEE TRANSACTIONS ON AUTOMATIC CONTROL, VOL 56, NO 10, OCTOBER 2011 2345 Compositional Modeling and Analysis of Multi-Hop Control Networks Rajeev Alur, Fellow, IEEE, Alessandro D Innocenzo, Karl H Johansson,

More information

Abstract. Cycle Domain Simulator for Phase-Locked Loops

Abstract. Cycle Domain Simulator for Phase-Locked Loops Abstract Cycle Domain Simulator for Phase-Locked Loops Norman James December 1999 As computers become faster and more complex, clock synthesis becomes critical. Due to the relatively slower bus clocks

More information

Module 1: Introduction to Computer System and Network Validation

Module 1: Introduction to Computer System and Network Validation Module 1: Introduction to Computer System and Network Validation Module 1, Slide 1 What is Validation? Definition: Valid (Webster s Third New International Dictionary) Able to effect or accomplish what

More information

University of Konstanz Department of Computer and Information Science

University of Konstanz Department of Computer and Information Science Technical Report soft-08-05, Chair for Software Engineering, University of Konstanz DRAFT Copyright by the authors 2008 University of Konstanz Department of Computer and Information Science Technical Report

More information

Monitoring the Execution of Space Craft Flight Software

Monitoring the Execution of Space Craft Flight Software Copyright 2009. All rights reserved. Monitoring the Execution of Space Craft Flight Software Klaus Havelund, Alex Groce, Margaret Smith Jet Propulsion Laboratory (JPL), CA USA California Institute of Technology

More information

Project Scheduling in Software Development

Project Scheduling in Software Development Project Scheduling in Software Development Eric Newby, Raymond Phillips, Dario Fanucchi, Byron Jacobs, Asha Tailor, Lady Kokela, Jesal Kika, Nadine Padiyachi University of the Witwatersrand January 13,

More information

Simple Loop Patterns and Rich Loop Invariants

Simple Loop Patterns and Rich Loop Invariants Simple Loop Patterns and Rich Loop Invariants Marc Sango AdaCore CNAM 05-10-2011 Marc Sango (AdaCore CNAM) Simple Loop Patterns and Rich Loop Invariants 05-10-2011 1 / 17 Contents 1 Motivation 2 Principle

More information

INF5140: Specification and Verification of Parallel Systems

INF5140: Specification and Verification of Parallel Systems Motivation INF5140: Specification and Verification of Parallel Systems Lecture 1 Introduction: Formal Methods Gerardo Schneider Department of Informatics University of Oslo INF5140, Spring 2009 Outline

More information

Formal Engineering for Industrial Software Development

Formal Engineering for Industrial Software Development Shaoying Liu Formal Engineering for Industrial Software Development Using the SOFL Method With 90 Figures and 30 Tables Springer Contents Introduction 1 1.1 Software Life Cycle... 2 1.2 The Problem 4 1.3

More information

Goal of the Talk Theorem The class of languages recognisable by T -coalgebra automata is closed under taking complements.

Goal of the Talk Theorem The class of languages recognisable by T -coalgebra automata is closed under taking complements. Complementation of Coalgebra Automata Christian Kissig (University of Leicester) joint work with Yde Venema (Universiteit van Amsterdam) 07 Sept 2009 / Universitá degli Studi di Udine / CALCO 2009 Goal

More information

Static Program Transformations for Efficient Software Model Checking

Static Program Transformations for Efficient Software Model Checking Static Program Transformations for Efficient Software Model Checking Shobha Vasudevan Jacob Abraham The University of Texas at Austin Dependable Systems Large and complex systems Software faults are major

More information

Modern Optimization Methods for Big Data Problems MATH11146 The University of Edinburgh

Modern Optimization Methods for Big Data Problems MATH11146 The University of Edinburgh Modern Optimization Methods for Big Data Problems MATH11146 The University of Edinburgh Peter Richtárik Week 3 Randomized Coordinate Descent With Arbitrary Sampling January 27, 2016 1 / 30 The Problem

More information

Introduction to Logic in Computer Science: Autumn 2006

Introduction to Logic in Computer Science: Autumn 2006 Introduction to Logic in Computer Science: Autumn 2006 Ulle Endriss Institute for Logic, Language and Computation University of Amsterdam Ulle Endriss 1 Plan for Today Now that we have a basic understanding

More information

Data Modeling. Database Systems: The Complete Book Ch. 4.1-4.5, 7.1-7.4

Data Modeling. Database Systems: The Complete Book Ch. 4.1-4.5, 7.1-7.4 Data Modeling Database Systems: The Complete Book Ch. 4.1-4.5, 7.1-7.4 Data Modeling Schema: The structure of the data Structured Data: Relational, XML-DTD, etc Unstructured Data: CSV, JSON But where does

More information

Development of global specification for dynamically adaptive software

Development of global specification for dynamically adaptive software Development of global specification for dynamically adaptive software Yongwang Zhao School of Computer Science & Engineering Beihang University zhaoyw@act.buaa.edu.cn 22/02/2013 1 2 About me Assistant

More information

Model-Checking Verification for Reliable Web Service

Model-Checking Verification for Reliable Web Service Model-Checking Verification for Reliable Web Service Shin NAKAJIMA Hosei University and PRESTO, JST nkjm@i.hosei.ac.jp Abstract Model-checking is a promising technique for the verification and validation

More information

Test Case Generation for Ultimately Periodic Paths Joint work with Saddek Bensalem Hongyang Qu Stavros Tripakis Lenore Zuck Accepted to HVC 2007 How to find the condition to execute a path? (weakest precondition

More information
2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback | Do Not Sell My Personal Information