Abstract Simulation: a Static Analysis of Simulink Models

Similar documents
Introduction to Simulink & Stateflow. Coorous Mohtadi

Converting Models from Floating Point to Fixed Point for Production Code Generation

Static analysis of numerical programs

A Static Analyzer for Large Safety-Critical Software. Considered Programs and Semantics. Automatic Program Verification by Abstract Interpretation

Simulink Modeling Guidelines for High-Integrity Systems

Lecture 9 Modeling, Simulation, and Systems Engineering

Reliability Guarantees in Automata Based Scheduling for Embedded Control Software

Introduction to Xilinx System Generator Part II. Evan Everett and Michael Wu ELEC Spring 2013

MECE 102 Mechatronics Engineering Orientation

Real-Time Systems Versus Cyber-Physical Systems: Where is the Difference?

Formal Verification and Linear-time Model Checking

Introduction to MATLAB Gergely Somlay Application Engineer

Matlab and Simulink. Matlab and Simulink for Control

Set-based Simulation for Design and Verification of Simulink Models

From Control Loops to Software

Ingo Stürmer, Dietrich Travkin. Automated Transformation of MATLAB Simulink and Stateflow Models

Solving ODEs in Matlab. BP205 M.Tremont

Software Development with Real- Time Workshop Embedded Coder Nigel Holliday Thales Missile Electronics. Missile Electronics

Static Program Transformations for Efficient Software Model Checking

Recurrent Neural Networks

SYSTEMS, CONTROL AND MECHATRONICS

StateFlow Hands On Tutorial

Professional Organization Checklist for the Computer Science Curriculum Updates. Association of Computing Machinery Computing Curricula 2008

Modeling Techniques, Programming Languages, and Design Toolsets for Hybrid Systems

Control Systems with Actuator Saturation

Digital Transmission of Analog Data: PCM and Delta Modulation

Outline Servo Control

What s New in MATLAB and Simulink

Numerical Methods in MATLAB

SGN-1158 Introduction to Signal Processing Test. Solutions

SCADE Suite in Space Applications

The Basics of System Dynamics: Discrete vs. Continuous Modelling of Time 1

Making model-based development a reality: The development of NEC Electronics' automotive system development environment in conjunction with MATLAB

Kalman Filter Applied to a Active Queue Management Problem

Programmable Logic Controllers Definition. Programmable Logic Controllers History

Feasibility of a Software Process Modeling Library based on MATLAB / Simulink

Modeling, Computers, and Error Analysis Mathematical Modeling and Engineering Problem-Solving

Introduction to Engineering System Dynamics

Modeling and Verification of Sampled-Data Hybrid Systems

DCMS DC MOTOR SYSTEM User Manual

Course overview Processamento de sinais 2009/10 LEA

MODELING, SIMULATION AND DESIGN OF CONTROL CIRCUIT FOR FLEXIBLE ENERGY SYSTEM IN MATLAB&SIMULINK

Sources: On the Web: Slides will be available on:

A Tool for Generating Partition Schedules of Multiprocessor Systems

Introduction. Compiler Design CSE 504. Overview. Programming problems are easier to solve in high-level languages

AC : MATHEMATICAL MODELING AND SIMULATION US- ING LABVIEW AND LABVIEW MATHSCRIPT

Wireless Communication and RF System Design Using MATLAB and Simulink Giorgia Zucchelli Technical Marketing RF & Mixed-Signal

Product Development Flow Including Model- Based Design and System-Level Functional Verification

Euler s Method and Functions

Model Engineering using Multimodeling

Numerical Matrix Analysis

6 Systems Represented by Differential and Difference Equations

Undergraduate Major in Computer Science and Engineering

The Joint Distribution of Server State and Queue Length of M/M/1/1 Retrial Queue with Abandonment and Feedback

Introducing Formal Methods. Software Engineering and Formal Methods

PID control - Simple tuning methods

Verification of hybrid dynamical systems

Integrating MBD and CBD Workflows for Automotive Control Software

Frequency Response of FIR Filters

ELECTRICAL ENGINEERING

Arithmetic Coding: Introduction

Numerical Methods with Excel/VBA:

FUZZY CLUSTERING ANALYSIS OF DATA MINING: APPLICATION TO AN ACCIDENT MINING SYSTEM

Nonlinear Algebraic Equations. Lectures INF2320 p. 1/88

Práctica 1: PL 1a: Entorno de programación MathWorks: Simulink

Software Development Principles Applied to Graphical Model Development

ROBOTICS 01PEEQW. Basilio Bona DAUIN Politecnico di Torino

Poznan University of Technology Faculty of Electrical Engineering

UNIVERSITY OF CALIFORNIA, SAN DIEGO Electrical & Computer Engineering Department ECE Fall 2009 Linear Systems Fundamentals

Parameter Identification for State of Discharge Estimation of Li-ion Batteries

Pricing and calibration in local volatility models via fast quantization

Why Adopt Model-Based Design for Embedded Control Software Development?

Data Storage 3.1. Foundations of Computer Science Cengage Learning

Content. Professur für Steuerung, Regelung und Systemdynamik. Lecture: Vehicle Dynamics Tutor: T. Wey Date: , 20:11:52

Spike-Based Sensing and Processing: What are spikes good for? John G. Harris Electrical and Computer Engineering Dept

Numerical Methods for Differential Equations

Module 6 Case Studies

Algorithms are the threads that tie together most of the subfields of computer science.

Integrating MATLAB into your C/C++ Product Development Workflow Andy Thé Product Marketing Image Processing Applications

Simulink Getting Started Guide

Breaking The Code. Ryan Lowe. Ryan Lowe is currently a Ball State senior with a double major in Computer Science and Mathematics and

Numerical Methods with Excel/VBA:

Numerical Methods for Differential Equations

Integrated Model-based Software Development and Testing with CSD and MTest

KS3 Computing Group 1 Programme of Study hours per week

Pull versus Push Mechanism in Large Distributed Networks: Closed Form Results

Online Tuning of Artificial Neural Networks for Induction Motor Control

An Introduction to Applied Mathematics: An Iterative Process

The continuous and discrete Fourier transforms

CS412/CS413. Introduction to Compilers Tim Teitelbaum. Lecture 20: Stack Frames 7 March 08

Transcription:

Abstract Simulation: a Static Analysis of Simulink Models Alexandre Chapoutot and Matthieu Martel LIP6 - Université Pierre et Marie Curie Paris, France ICESS 09 May 25th 2009

Purpose of the study Study of control-command systems Example: electronic throttle controller in cars Actuators Throttle L43: movl -6(%ebp), %eax movl 2(%eax), %eax movl %eax, -6(%ebp) movl -2(%ebp), %eax movl %eax, (%esp) call L_free$stub L34: cmpl $0, -6(%ebp) jne L37 movl $0, (%esp) call L_putchar$stub Sensors Four components: One software (the controller) One physical environment (the controlled element) Some actuators (to act on the environment) Some sensors (to get information on the environment) Heterogeneity of components: HYBRID SYSTEMS 2 / 27

Purpose of the study Study of control-command systems Example: electronic throttle controller in cars Actuators Throttle L43: movl -6(%ebp), %eax movl 2(%eax), %eax movl %eax, -6(%ebp) movl -2(%ebp), %eax movl %eax, (%esp) call L_free$stub L34: cmpl $0, -6(%ebp) jne L37 movl $0, (%esp) call L_putchar$stub Sensors Four components: One software (the controller) One physical environment (the controlled element) Some actuators (to act on the environment) Some sensors (to get information on the environment) Heterogeneity of components: HYBRID SYSTEMS 2 / 27

Purpose of the study Study of control-command systems Example: electronic throttle controller in cars Actuators Throttle L43: movl -6(%ebp), %eax movl 2(%eax), %eax movl %eax, -6(%ebp) movl -2(%ebp), %eax movl %eax, (%esp) call L_free$stub L34: cmpl $0, -6(%ebp) jne L37 movl $0, (%esp) call L_putchar$stub Sensors Four components: One software (the controller) One physical environment (the controlled element) Some actuators (to act on the environment) Some sensors (to get information on the environment) Heterogeneity of components: HYBRID SYSTEMS 2 / 27

Purpose of the study Study of control-command systems Example: electronic throttle controller in cars Actuators Throttle L43: movl -6(%ebp), %eax movl 2(%eax), %eax movl %eax, -6(%ebp) movl -2(%ebp), %eax movl %eax, (%esp) call L_free$stub L34: cmpl $0, -6(%ebp) jne L37 movl $0, (%esp) call L_putchar$stub Sensors Four components: One software (the controller) One physical environment (the controlled element) Some actuators (to act on the environment) Some sensors (to get information on the environment) Heterogeneity of components: HYBRID SYSTEMS 2 / 27

Purpose of the study Study of control-command systems Example: electronic throttle controller in cars Actuators Throttle L43: movl -6(%ebp), %eax movl 2(%eax), %eax movl %eax, -6(%ebp) movl -2(%ebp), %eax movl %eax, (%esp) call L_free$stub L34: cmpl $0, -6(%ebp) jne L37 movl $0, (%esp) call L_putchar$stub Sensors Four components: One software (the controller) One physical environment (the controlled element) Some actuators (to act on the environment) Some sensors (to get information on the environment) Heterogeneity of components: HYBRID SYSTEMS 2 / 27

Purpose of the study Study of control-command systems Example: electronic throttle controller in cars Actuators Throttle L43: movl -6(%ebp), %eax movl 2(%eax), %eax movl %eax, -6(%ebp) movl -2(%ebp), %eax movl %eax, (%esp) call L_free$stub L34: cmpl $0, -6(%ebp) jne L37 movl $0, (%esp) call L_putchar$stub Sensors Four components: One software (the controller) One physical environment (the controlled element) Some actuators (to act on the environment) Some sensors (to get information on the environment) Heterogeneity of components: HYBRID SYSTEMS 2 / 27

Design in Simulink Actuators Throttle L43: movl -6(%ebp), %eax movl 2(%eax), %eax movl %eax, -6(%ebp) movl -2(%ebp), %eax movl %eax, (%esp) call L_free$stub L34: cmpl $0, -6(%ebp) jne L37 movl $0, (%esp) call L_putchar$stub Sensors Simulink model: program describing the hybrid system l_0 Add l_ S_ l_2 l_3 Out2 l_4 S_2 l_6 l_5 In2 S_4 S_3 3 / 27

Numerical approximations Approximations in the real system Actuators Rounding errors Throttle L43: movl -6(%ebp), %eax movl 2(%eax), %eax movl %eax, -6(%ebp) movl -2(%ebp), %eax movl %eax, (%esp) call L_free$stub L34: cmpl $0, -6(%ebp) jne L37 movl $0, (%esp) call L_putchar$stub Sensors Temporal sampling Quantization Approximations in the Simulink model l_0 Add l_ S_ l_2 l_3 Out2 l_4 S_2 Rounding errors l_6 l_5 In2 method error S_4 S_3 4 / 27

Abstract Simulation: overview Fact: Numerical approximations may have bad influence on computations But: Simulations of Simulink models is often used as validation method! Abstract Simulation: contributions Static analysis by abstract interpretation of Simulink models In order to study numerical precision Formal definition of the semantics of a Simulink subset Definition of numerical abstract domains 5 / 27

Outline Simulink language and its semantics 2 Abstract numerical domains 3 Case study 6 / 27

Outline Simulink language and its semantics 2 Abstract numerical domains 3 Case study 7 / 27

Overview of the Simulink language Generality Matlab extension Graphical tool for designing embedded systems Numerical simulation engine Many specific libraries: signal processing, control theory, etc. De facto standard in the industry (in particular in automotive) Features Many data formats (float and fixed-point) Numerical algorithms: Euler, Runge-Kutta, etc. Code generator, debugger, etc. Various kinds of models Continuous-time Discrete-time Hybrid 8 / 27

Modelling with Simulink Actuators Throttle L43: movl -6(%ebp), %eax movl 2(%eax), %eax movl %eax, -6(%ebp) movl -2(%ebp), %eax movl %eax, (%esp) call L_free$stub L34: cmpl $0, -6(%ebp) jne L37 movl $0, (%esp) call L_putchar$stub Sensors Simulink model l_0 Add l_ S_ l_2 S_2 Out2 l_4 l_3 l_6 l_5 In2 S_4 S_3 9 / 27

Model of the electronic throttle control Simulink model of the system l_0 Add l_ S_ l_2 l_3 Out2 l_4 S_2 l_6 l_5 In2 S_4 S_3 Mathematical model of the throttle T (t) = Direction Effort C s ω(t) = J ( K s(θ(t) θ eq ) K d ω(t) + T (t)) 0 < θ < π/2 if (θ < 0 sgn( ω(t) = )) ((θ > π/2 sgn( ω(t) = ))) then ω(t) = 0 0 / 27

Model of the electronic throttle control Simulink model of the throttle 2 In2 l_23 l_24 Product l_25 Cs Gain l_26 l_30 l_37 l_29 Kd Ks Gain l_28 Add l_27 teq Constant Add2 Gain2 l_39 Sign l_3 == Relational Operator l_32 NOT Logical Operator l_33 l_34 Product /J Gain3 l_38 l_35 s Integrator l_36 s Integrator l_39 l_39 0 / 27

Model of the electronic throttle control Simulink model of the throttle (continuous-time system) 2 In2 l_23 l_24 Product l_25 Cs Gain l_26 l_30 l_37 l_29 Kd Ks Gain l_28 Add l_27 teq Constant Add2 Gain2 l_39 Sign l_3 == Relational Operator l_32 NOT Logical Operator l_33 l_34 Product /J Gain3 l_38 l_35 s Integrator l_36 s Integrator l_39 l_39 Temporal operation: Integrator (continuous-time) 0 / 27

Model of the controller Simulink model of the system Actionneurs l_0 Add l_6 l_ S_ S_4 l_2 l_5 l_3 Out2 l_4 S_2 In2 S_3 Papillon des gaz L43: movl -6(%ebp), %eax movl 2(%eax), %eax movl %eax, -6(%ebp) movl -2(%ebp), %eax movl %eax, (%esp) call L_free$stub L34: cmpl $0, -6(%ebp) jne L37 movl $0, (%esp) call L_putchar$stub Capteurs Mathematical model of the controller (PI regulator) y(k) = y p (k) + y i (k) y p (k) = K p e(k) y i (k + ) = y i (k) + K i T s e(k) 0 < y i (k) < / 27

Model of the controller Simulink model of the regulator l_7 Ki Gain Kp Gain l_ l_8 Ts Gain2 l_2 l_5 Add l_3 Add l_9 z Unit Delay l_4 Saturation / 27

Model of the controller Simulink model of the regulator (discrete-time system) l_7 Ki Gain Kp Gain l_ l_8 Ts Gain2 l_2 l_5 Add l_3 Add l_9 z Unit Delay l_4 Saturation Temporal operation: Unit Delay (discrete-time) / 27

Numerical simulation: semantics of Simulink Simulink model Numerical simulation l_0 Add l_6 l_ S_ S_4 l_2 l_5 l_3 Out2 l_4 S_2 In2 S_3 : Initial states 2: repeat 3: Read inputs 4: Compute outputs 5: Compute state 6: Compute next time-step 7: until end of time simulation What is a state? State: previous iteration values needed to compute the current output Informal definition of the semantics of Simulink 2 / 27

Formalization of the Simulink s semantics Name Bloc Equations Constant Add Switch Integrator UnitDelay c Constantl {l = c, } l l 2 Add l 3 {l 3 = l + l 2, } l l2 l4 l3 Switch {l 4 = if(p(l ), l 2, l 3 ), } l /s l 2 Integrator {l 2 (t) = ρ(t), ρ(t) = l (t)} l l 2 z Unit Delay {l 2 (k) = ρ(k), ρ(k + ) = l (k)} Two kinds of equations: Output equations State equation: temporal operation in the semantics Remark: Use the equivalence y(t) = x(z)dz ẏ(t) = x(t) 3 / 27

Formalization of the Simulink s semantics Name Bloc Equations Constant Add Switch Integrator UnitDelay c Constantl {l = c, } l l 2 Add l 3 {l 3 = l + l 2, } l l2 l4 l3 Switch {l 4 = if(p(l ), l 2, l 3 ), } l /s l 2 Integrator {l 2 (t) = ρ(t), ρ(t) = l (t)} l l 2 z Unit Delay {l 2 (k) = ρ(k), ρ(k + ) = l (k)} Two kinds of equations: Output equations State equation: temporal operation in the semantics Remark: Use the equivalence y(t) = x(z)dz ẏ(t) = x(t) 3 / 27

Formalization of the Simulink s semantics Name Bloc Equations Constant Add Switch Integrator UnitDelay c Constantl {l = c, } l l 2 Add l 3 {l 3 = l + l 2, } l l2 l4 l3 Switch {l 4 = if(p(l ), l 2, l 3 ), } l /s l 2 Integrator {l 2 (t) = ρ(t), ρ(t) = l (t)} l l 2 z Unit Delay {l 2 (k) = ρ(k), ρ(k + ) = l (k)} Two kinds of equations: Output equations State equation: temporal operation in the semantics Remark: Use the equivalence y(t) = x(z)dz ẏ(t) = x(t) 3 / 27

Formalization: semantics of Simulink Simulink model l_0 l_ l_2 Add S_ l_6 l_5 S_4 l_3 Out2 l_4 S_2 In2 S_3 System of equations 8 9 l 0 = l = l 0 l 6 >< l 2 = S (l ) >= (l 3, l 4 ) = S 2 (l 2 ) l 5 = S 3 (l 3, l 4 ) >: >; l 6 = S 4 (l 5 ) Numerical simulation : Initial states 2: repeat 3: Read inputs 4: Compute outputs 5: Compute state evolution 6: Compute next time-step 7: until time of end Approximation: Discretization of continuous-time functions ẏ(t) = x(t) transformed into η(k + ) = solver(η(k), x(k)) y(k) = η(k) Remark: several numerical integration methods then several semantics of Simulink 4 / 27

Abstract simulation vs Numerical simulation f (t) f (t) t t Numerical simulation f (t) f (t) t : Initial states 2: repeat 3: Read inputs 4: Compute outputs 5: Compute state evolution 6: Compute next time-step 7: until time of end f (t) f (t) t t t 5 / 27

Abstract simulation vs Numerical simulation Abstract simulation : Initlal states 2: while not fixed-point do 3: Read inputs 4: Compute outputs 5: Compute state 6: Compute next time-step 7: end while Semantic approach of Simulink models. Result: Evaluation of the robustness of control-command software to numerical approximations for a set of inputs Represent signals by interval sequences with finite lengths (domain of sequences) 5 / 27

Outline Simulink language and its semantics 2 Abstract numerical domains 3 Case study 6 / 27

Formalization: numerical properties Rounding errors Simulink: discretetime systems Activate Simulink: continuoustime systems Method error + Rounding errors Sample : Quantization errors Goal: Compute the distance between the results of the mathematical model and the results of the numerical simulation But: Different kinds of numerical approximations in the two types of systems 7 / 27

Numerical approximation in continuous-time systems Rounding errors Simulink: discretetime systems Activate Simulink: continuoustime systems Method error + Rounding errors Sample : Quantization errors Measure the distance between : the numerical simulation (using numerical integration methods) the mathematical results through perfect sensor 8 / 27

Numerical approximation in continuous-time systems For a system of differential equations: Simulink: interval sequence approximate the solution Guarantee solution: interval sequence over-approximate the real solutions [Bouissou 08,Nedialkov 05] Guarantee numerical solution Solution Simulink with intervals Exact solution t t 2 t 3 t 4 Time Correction criteria: distance between the guarantee solution and the interval solutions following Simulink s method 9 / 27

Set of values: intervals Intervals [Moore 66] [Cousot&Cousot 77] [a, b] = {x R a x b} Dependency problem: X X 0 in general Solution: centered form Middle value theorem f([a, b]) f(m) + [f ]([a, b])([a, b] m) m centered of the interval [a, b] 20 / 27

Numerical approximation in discrete-time systems Rounding errors Simulink: discretetime systems Activate Simulink: continuoustime systems Method error + Rounding errors Sample : Quantization errors Evaluate the distance between: the result of a floating-point computation and the result of the same computation did with real arithmetic 2 / 27

Computing the rounding errors Domain of floating-point with errors numbers [Goubault 0, Martel 02] Idea: breaking up a real value into Floating-point value f Rounding error e: the distance between the real value and the floating-point value ( ) Computation rules: e.g. addition a = (f a, e a ) and b = (f b, e b ) a + b = (f a + F f b, e a + e b + (f a + f b )) Correction criteria: Smaller the errors are, more precise the floating-point result is (i.e. closer to the real result) 22 / 27

Outline Simulink language and its semantics 2 Abstract numerical domains 3 Case study 23 / 27

Case study: electronic throttle controller Actuators Throttle L43: movl -6(%ebp), %eax movl 2(%eax), %eax movl %eax, -6(%ebp) movl -2(%ebp), %eax movl %eax, (%esp) call L_free$stub L34: cmpl $0, -6(%ebp) jne L37 movl $0, (%esp) call L_putchar$stub Sensors Simulink model l_0 Add l_ S_ l_2 S_2 Out2 l_4 l_3 l_6 l_5 In2 S_4 S_3 24 / 27

Case study: electronic throttle controller Model input: set of periodic inputs Behavior of the throttle Actuators Throttle L43: movl -6(%ebp), %eax movl 2(%eax), %eax movl %eax, -6(%ebp) movl -2(%ebp), %eax movl %eax, (%esp) call L_free$stub L34: cmpl $0, -6(%ebp) jne L37 movl $0, (%esp) call L_putchar$stub Sensors 25 / 27

Case study: electronic throttle controller PID output Numerical approximations Actuators Throttle L43: movl -6(%ebp), %eax movl 2(%eax), %eax movl %eax, -6(%ebp) movl -2(%ebp), %eax movl %eax, (%esp) call L_free$stub L34: cmpl $0, -6(%ebp) jne L37 movl $0, (%esp) call L_putchar$stub Conclusion: the numerical results are close to the mathematical ones (errors are very small) Sensors 26 / 27

Conclusion In summary Definition of a static analysis by abstract interpretation of Simulink models Formal verification of the numerical precision of the design of control-command systems Method taking into account all the elements of control-command systems Future works among several Increase the subset of Simulink language (e.g. Stateflow) Numerical precision of fixed-point arithmetic A step further in validation: temporal properties 27 / 27

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information