Simulation and Verification of Timed and Hybrid Systems

Transcription

1 Simulation and Verification of Timed and Hybrid Systems Bert van Beek and Koos Rooda Systems Engineering Group Eindhoven University of Technology ISC 2007 Delft 11 June 2007 Bert van Beek and Koos Rooda TU/e Simulation and Verification of Timed and Hybrid Systems 1/27

2 Outline 1. Introduction: Systems Engineering Group and applications 2. Model based engineering 3. Languages for dynamical systems analysis 4. The Chi language 5. Conclusions Bert van Beek and Koos Rooda TU/e Simulation and Verification of Timed and Hybrid Systems 2/27

3 Systems Engineering Group: Objectives The Systems Engineering group aims to use quantitative methods for the analysis, design and implementation of (embedded) systems exhibiting concurrent behavior. The objectives are to develop theory and techniques, and to build computational tools, inspired by mechanical engineering science, computer science and mathematics, and to apply these in selected cases from industry. Bert van Beek and Koos Rooda TU/e Simulation and Verification of Timed and Hybrid Systems 3/27

4 Intro MBE Languages Chi Conclusions Application domains Networks: semiconductor plants automotive plants transport systems container terminals Bert van Beek and Koos Rooda TU/e Simulation and Verification of Timed and Hybrid Systems 4/27

5 Application domains Machines: semiconductor industry front end: lithographic systems back end: chip mounting medical systems printing / paper handling machines Bert van Beek and Koos Rooda TU/e Simulation and Verification of Timed and Hybrid Systems 5/27

6 Trend The complexity of a high tech embedded system increases considerably with each new generation. This leads to increasing time to market (T ), decreasing quality (Q ), and increasing cost and manpower (C ). How can time to market be decreased (T ), quality be increased (Q ), without increasing cost and man power (C =)? Bert van Beek and Koos Rooda TU/e Simulation and Verification of Timed and Hybrid Systems 6/27

7 Current (embedded) system development R 1 design D 1 realize Z 1 integrate R design D integrate R 2 design D 2 realize Z 2 integration testing When integrating different interacting subsystems, usually: Requirements (R.. ) are incomplete and ambiguous Designs (D.. ) are incomplete and ambiguous Testing is possible only when realizations (Z.. ) are ready Correcting errors in realizations is costly and time-consuming Bert van Beek and Koos Rooda TU/e Simulation and Verification of Timed and Hybrid Systems 7/27

8 Model-based engineering realize R 1 design D 1 model M 1 realize Z 1 integrate R design D integrate R 2 design D 2 model M 2 realize Z 2 realize model simulation model verification Simulation allows early detection of presence of model/interface errors Verification allows proof of absence of model errors with respect to properties Controller synthesis allows generation of models that satisfy requirements by definition Bert van Beek and Koos Rooda TU/e Simulation and Verification of Timed and Hybrid Systems 8/27

9 Model-based engineering Hybrid models realize R 1 design D 1 model M 1 realize Z 1 integrate R design D integrate R 2 design D 2 model M 2 realize Z 2 realize The combination of M 1 and M 2 often leads to hybrid models, e.g: M 1 is a discrete-event model of a supervisory control system M 2 is continuous-time (or hybrid) model of the controlled physical system Bert van Beek and Koos Rooda TU/e Simulation and Verification of Timed and Hybrid Systems 9/27

10 Model-based engineering Hybrid models Hybrid models are composed of: Continuous-time models (DAEs: differential algebraic equations), including switched or switching sets of DAEs Discrete-time models (e.g. sampled systems) Discrete-event models (timed automata, process algebra), e.g. execution of a sequence of processing steps in a machine Embedded system models can be composed of any combination of the models described above. Bert van Beek and Koos Rooda TU/e Simulation and Verification of Timed and Hybrid Systems 10/27

11 Model-based engineering Hardware-in-the-loop simulation realize R 1 design D 1 model M 1 realize Z 1 integrate R design D integrate R 2 design D 2 model M 2 realize Z 2 realize hardware -in-the-loop simulation and testing Hardware-in-the-loop simulation allows early detection of the presence of realization errors Bert van Beek and Koos Rooda TU/e Simulation and Verification of Timed and Hybrid Systems 11/27

12 Model-based engineering Results realize R 1 design D 1 model M 1 realize Z 1 integrate R design D integrate R 2 design D 2 model M 2 realize Z 2 realize final implementation and testing Fewer errors in realizations (Q ) Enabler for automatic code generation (Q, T ) Bert van Beek and Koos Rooda TU/e Simulation and Verification of Timed and Hybrid Systems 12/27

13 Language requirements for model based engineering Formal compositional semantics Concurrent Executable Modular and hierarchical Scalable Easy to use Stochastic Discrete-event, continuous-time and hybrid Bert van Beek and Koos Rooda TU/e Simulation and Verification of Timed and Hybrid Systems 13/27

14 Dynamics and control world view Predominantly continuous-time system Modeled by means of DAEs (differential algebraic equations), or by means of a set of trajectories Hybrid phenomena modeled by means of discontinuous functions and/or switched equations, possibly using extended solution concepts (Filippov, Utkin) leading to sliding modes (i = 0 v 0) (v = 0 i 0) DAE model of a diode Bert van Beek and Koos Rooda TU/e Simulation and Verification of Timed and Hybrid Systems 14/27

15 Computer science world view Predominantly discrete-event system Modeled by means of (timed/hybrid) automaton, process algebra, Petri net, data flow languages, etc. Evolution of a hybrid system: sequence of time transitions and action transitions Discontinuities are represented by actions i = 0 v 0 v = 0 i 0 Automaton model of a diode Bert van Beek and Koos Rooda TU/e Simulation and Verification of Timed and Hybrid Systems 15/27

16 Simulation languages Ease of modeling = complex languages Verification not an issue, no formal semantics: (no verification) Languages specialize either in the discrete-event (DE) domain or in the continuous-time (CT) domain Hybrid languages usually DE + (E.g. Siman, Simple++) or CT + (E.g. Simulink, Modelica, EcosimPro) Bert van Beek and Koos Rooda TU/e Simulation and Verification of Timed and Hybrid Systems 16/27

17 Verification formalisms Ease of formal analysis = small languages with formal semantics Ease of modeling not an issue: cumbersome for modeling and simulation Bert van Beek and Koos Rooda TU/e Simulation and Verification of Timed and Hybrid Systems 17/27

18 overview syntax examples tools Overview of the Chi language (1) Suited to: simulation verification code generation Integrates: discrete-event modeling (CS world view: automata, process algebra) continuous-time modeling, (DC world view: switched differential algebraic equations) discrete-time modeling (DC world view: sampled systems) Formal compositional semantics Consistent equation semantics of Chi ensures that equations are always consistent, comparable to invariants of hybrid automata Bert van Beek and Koos Rooda TU/e Simulation and Verification of Timed and Hybrid Systems 18/27

19 overview syntax examples tools Overview of the Chi language (2) Is a process algebra d by means of: atomic statements, e.g. assignment (x := 2), DAE (ẋ = x + 1) an orthogonal set of operators, e.g. sequential comp. (;) and parallel comp. ( ) that can be freely combined. Core language small. Ease of use due to many syntactical extensions (all formally d). Modular and hierarchical and scalable by means of process definition and process instantiation (reuse). Stochastic: definition of distributions and sampling. Bert van Beek and Koos Rooda TU/e Simulation and Verification of Timed and Hybrid Systems 19/27

20 overview syntax examples tools The Chi language definition (1) A Chi model is of the following form: model M(parameter declarations) = [ channel and variable declarations :: p ] where p represents a process term (statement) Bert van Beek and Koos Rooda TU/e Simulation and Verification of Timed and Hybrid Systems 20/27

21 overview syntax examples tools The Chi language definition (2) Process term Meaning p ::= skip internal action x := e assignment a! e sending a? x receiving delay e delay statement inv u invariant (equations) X recursion variable b -> p guard operator p ; p sequential composition p p parallel composition p p alternative composition *p infinite repetition Bert van Beek and Koos Rooda TU/e Simulation and Verification of Timed and Hybrid Systems 21/27

22 overview syntax examples tools Controlled tank system (1) Simulation tank on-off controller n Qi 10 8 V Qi Qo n V 6 4 Qo Time model ControlledTank()= [ var n: nat = 0, cont V: real = 10, alg Qi,Qo: real :: inv dot V = Qi - Qo, Qi = n * 5, Qo = sqrt(v) *( V <= 2 -> n:= 1; V >= 10 -> n:= 0 ) ] Bert van Beek and Koos Rooda TU/e Simulation and Verification of Timed and Hybrid Systems 22/27

23 overview syntax examples tools Controlled tank system (2) Equivalent specification using modes, as in automata model ControlledTank()= [ var n: nat = 0, cont V: real = 10, alg Qi,Qo: real :: inv dot V = Qi - Qo, Qi = n * 5, Qo = sqrt(v) [ mode noinflow = V <= 2 -> n:= 1; inflow, mode inflow = V >= 10 -> n:= 0; noinflow :: noinflow ] ] V<=2 -> n:=1 noinflow inflow V>=10 -> n:=0 Bert van Beek and Koos Rooda TU/e Simulation and Verification of Timed and Hybrid Systems 23/27

24 overview syntax examples tools Distributor and Machines in D a b M M proc D(chan in?, out1!, out2!: nat) = [ var x: nat :: *( in?x; ( out1!x out2!x ) ) ] proc M(chan in?: nat, val t: real) = [ var x: nat :: *( in?x; delay t ) ] proc DMM2(chan in?: nat) = [ chan a,b: nat :: D(in,a,b) M(a,4) M(b,5) ] Bert van Beek and Koos Rooda TU/e Simulation and Verification of Timed and Hybrid Systems 24/27

25 overview syntax examples tools Distributor and Machines a M in D a M b M in D proc D(chan in?, out1!, out2!: nat) = [ var x: nat :: *( in?x; ( out1!x out2!x ) ) ] proc M(chan in?: nat, val t: real) = [ var x: nat :: *( in?x; delay t ) ] proc DMM2(chan in?: nat) = [ chan a,b: nat :: D(in,a,b) M(a,4) M(b,5) ] proc D(chan in?, out!: nat) = [ var x: nat :: *( in?x; out!x ) ] proc DMM2(chan in?: nat) = [ chan a: nat :: D(in,a) M(a,4) M(a,5) ] a M Bert van Beek and Koos Rooda TU/e Simulation and Verification of Timed and Hybrid Systems 24/27

26 overview syntax examples tools Assembler in1 in2 A out proc A( chan in1?, in2?: nat, out!: (nat,nat), val t: real ) = [ var x,y: nat :: *( ( in1?x in2?y ) ; delay t ; out!(x,y) ) ] Bert van Beek and Koos Rooda TU/e Simulation and Verification of Timed and Hybrid Systems 25/27

27 overview syntax examples tools Tools for Chi simulation verification real-time control Stand-alone symbolic simulator for hybrid and timed Chi (Python) S-function block hybrid Chi simulator for co-simulation in Matlab/Simulink Stand-alone simulator for timed Chi (C) Translation of timed Chi to UPPAAL Translation of timed Chi to mcrl Translation of timed Chi to Promela/Spin Translation of hybrid Chi to PHAVer Prototype state space generator Stand-alone Linux implementation Bert van Beek and Koos Rooda TU/e Simulation and Verification of Timed and Hybrid Systems 26/27

28 Conclusions Chi language suited to model based engineering of dynamical (embedded) systems Concurrent process algebra allowing free combinations of statements and operators Integrates concepts from the dynamics and control theory with concepts from computer science Formal compositional semantics Integrates ease of modeling, simulation and verification Scalable: allows modular and hierarchical composition Bert van Beek and Koos Rooda TU/e Simulation and Verification of Timed and Hybrid Systems 27/27