dives: design, implementation and validation of embedded software alur, kumar, lee(pi), pappas,...
Post on 20-Dec-2015
218 views
TRANSCRIPT
DIVES: Design, Implementation and
Validation of Embedded Software
Alur, Kumar, Lee(PI), Pappas, Sokolsky
GRASP/SDRLUniversity of Pennsylvania
www.cis.upenn.edu/mobies/MOBIES PI Meeting, Jan 2001
CHARON Team
FacultyRajeev Alur (CIS)Vijay Kumar (MEAM)Insup Lee (CIS)George Pappas (EE)
Research AssociatesRafael Fiero (GRASP)John Koo (GRASP)Oleg Sokolsky (SDRL)
PhD StudentsJoel EspositoYerang HurFranjo IvancicSalvatore La Torre
Pradumna Mishra Jiaxiang Zhou
ProgrammersUsa SamuppanValya Sokolsky
DIVES Summary
High-level modeling language and design environment: CHARON Combines the state-of-the-art in formal and
object-oriented methods
Tools for Formal Analysis Simulation
Model Checking
Controller Synthesis
Runtime monitoring
Focus on Hierarchy and Compositionality
CHARON Language Features
Individual components described as agents Composition, instantiation, and hiding
Individual behaviors described as modes Encapsulation, instantiation, and Scoping
Support for concurrency Shared variables as well as message passing
Support for discrete and continuous behavior
Differential as well as algebraic constraints
Discrete transitions can call Java routines
Accomplishments
Language Design Syntax and Semantics
Tool Development Parser, Type checker, Simulator, GUI
Research Results Accurate event detection
Modular (multi-rate) simulation
Compositional semantics & refinement
Optimal control in timed automata
Synthesis of mode switching
See www.cis.upenn.edu/mobies/ for tool/papers
Talk Outline
Overview
Research in Formal Verification
Compositional Refinement (AGLS01)
Synthesis of Mode Switching (KPS01)
Optimal Control in Timed Automata (ALP01)
Demo (today evening)
Automated Formal Analysis
Background Decidability results: Timed automata, o-minimal systems ….
Reachability tools: Polyhedra-based (HyTech), ellipsoidal, flowpipes (Checkmate)
Research Themes Can modular reasoning be combined with state-space analysis?
Beyond reachability: Optimization
Systematic abstraction techniques
Talk Outline
Compositional Semantics/Refinement for Hierarchical Hybrid Systems
Synthesis of Mode Switching
Optimal Control in Weighted Timed Automata
Why Modular Reasoning?
Behavior of a component can be computed from behaviors of its parts
Components can be analyzed in isolation
Assume-guarantee rules -> Scalable analysis
MoBIES Theme: Composable Behavioral Interfaces!
Syntax: Modes and Agents
Modes describe sequential behavior Agents describe concurrency
Emergency
{t = 1} • local t, rate
global level, infusion
Agent Controller
dx de
Agent Tank
infusion
global levelglobal infusion
{level = f(infusion)} •
{ level[2,10] } level
level[2,10]
level[4,8]
dxde
Compute
Normal
e
dedx
xt=10t:=0
Maintain{t<10}
Mode Executions
(ctl,t,level,infusion,rate,h)
(dx,0,5.1,1,0.2,Maintain)
(dx,10,15.1,3,0.2,Maintain)
Flow Step
(de,10,15.1,5,0.2,Maintain)
Env Step
(dx,10,15.1,5,0.1,Compute)
Discrete Mode Step
{t = 1} •
dx
{ level[2,10] }
de
Compute
Normal
e
dedx
xt=10
t:=0
Maintain
{t<10}
Semantics of modes
Semantics of a mode consists of: entry and exit points global variables traces
Key Thm: Semantics is compositional
traces of a mode can be computed from traces of its sub-modes
Refinement
Refinement is trace inclusion
dx
Compute
Normal
e
dedx
x
t=10 t:=0
Maintain{t<10} dx
Compute
Normal’
e
dedx
x
t 10 t:=0
Maintain{t<10}
de de<
{t = 1} •
{ level[2,10] }
{t = 1} •
{ level 10 }
• Same control points and global variables
• Guards and constraints are relaxed
Normal Normal’
Sub-mode refinement
Normal
Controller
dx
de
Normal’
Controller’
dx
Emergency
de
level[2,10]
level[4,8]
dx
Emergency
de
level[2,10]
level[4,8]
dx
de
Refines
Compositional Reasoning
N N’< M<
M’
N
M
N’
M<
Sub-mode refinement
N
M< N
M’
Context refinement
Talk Outline
Compositional Semantics/Refinement
Synthesis of Mode Switching
Optimal Control of Timed Automata
Synthesis of Mode Switching Background
Multi-agent, multi-objective systems are designed for many modes of operation
Input: collection of control modes
Research Challenge Does there exist a finite switching sequence of control modes for satisfying a set of given reachability specifications?
Illustrative Example
Multi-Modal Control of a Helicopter ModelControl Modes: Hover, Cruise, Ascend, Descend
Task: High-altitude take-off
Hover Ascend Cruise
Trajectories leading to ARegardless of initial cond
Trajectories leading to CRegardless of initial cond
Common Trajectories
Key Computational Step
Consistent mode switching condition:
Pair-wise controlled bisimulation
Output-tracking controllers simplify required reachability
computation
x1 t
X i
Si(r i)Sj(r j)
x2
Results Summary
Algorithm “Consistent Control Mode Graph”
Input : Control Modes
Output: Control Mode Graph
Computation for N control modesReachability Computation: N2
Intersection Computation: N3
Framework for Multi-Modal ControlOffline: Synthesis of control mode graph
Online : Synthesis of control switching sequence
Talk Outline
Compositional Semantics/Refinement
Synthesis of Mode Switching
Optimal Control of Timed Automata
Background: Timed Automata
Model for real-time systems
Many Theoretical Results + Tools
Key step: Finite bisimulation partitions
Optimal Controller Synthesis
System Model Timed Automaton + weights (costs) on transitions and locations (WTA)
Goal Synthesize a Controller to drive System form Start to Target at minimal cost
Key Step of the Solution Solve Shortest Paths Problem in WTA
An Air-traffic Control Problem
Start
c0
c2 :
c1:
w1
:
x:=0
wait1
c3 :
c4 :
w’1
w2 :
w’2
wait2
hold1
hold2
land2
Land1
x<1 y<1
y:=0
y<2
x<1 y<1
x:=0
x>1
y>1
c0 + w1
1<y<2x>1
y:=0
y>1
x>1
c0 + w2
y>11<x<2
Done
x<2
Shortest Paths in WTA
Algorithm1. Reduce to Parametric Shortest Path
Problem on graphs (PSP)
2. Solve PSP
Optimum solution may only be a limit
Region graph construction not enough
w0
Startw1 Target
x<2 x=2
From WTA to Weighted Graphs
Augmented Region AutomatonRegions are split in boundary sub-regions
wait1
hold1
c3+ w1 (2 + 3)
y=00<x<1
(1,2)
0<y<x<1x=0
0<y<1
x=0Y>0
y=0x=0
~(1,2
)
(1)
(2,1) (2,1
)
c3
c3
w1 (2 + 3)
hold1
hold1
wait1
Summary of Results
Algorithmic solution to Shortest Paths Problem in WTA
Reduction causes exponential blow-up
Symbolic fix-point algorithm can compute solution to all source states
(Optimal Controller Synthesis can be solved similarly)
Ongoing Work
Tool Development Modular simulator
Research Distributed simulation
Predicate Abstraction for hybrid systems
Applications/Case-studies Inverted pendulum, Robot soccer
MoBIES challenge problems
Animation, Biomolecular networks…