1 / 23

Hybrid Automata Specification Formalism for Real-Time Systems

Hybrid Automata Specification Formalism for Real-Time Systems Hybrid = { Discrete + Continuous } Behaviors. Ref. Thomas A. Henzinger, The Theory of Hybrid Automata, Proc. of 11 th Annual IEEE Symp. on Logic in Computer Science (LICS’96), pp 278-292, 1996. Hybrid automata.

chaz
Download Presentation

Hybrid Automata Specification Formalism for Real-Time Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Hybrid Automata Specification Formalism for Real-Time Systems Hybrid = { Discrete + Continuous } Behaviors Ref. Thomas A. Henzinger, The Theory of Hybrid Automata, Proc. of 11th Annual IEEE Symp. on Logic in Computer Science (LICS’96), pp 278-292, 1996

  2. Hybrid automata • H = X, , G=(V,E), VL=(init, inv, flow), EL=(ET, EC) • X = {x1,…xn} - finite set of real-numbered variables. • x∂ - the derivatives of x during continuous change. • x’ - values at the conclusion of discrete change. •  - finite set of events (atomic entities) • G - directed multi-graph (control graph): V - control modes, E - control switches. • VL-mode labeling functions: • init: V  {predicates overx} -- defines initial condition • inv: V  {predicates overx} -- defines invariant condition • flow: V  {predicates overx,x∂} -- defines continuous evolvement. • EL – switch labeling functions • ET: E  -- assigns a transition event to each edge. • EC: E {predicates overx,x’} -- defines discrete transition condition.

  3. Hybrid automata: Heated Room indicates ‘init’ predicate ‘init’ not specified means ‘false’ when T’ not explicitly specifiedthen T’=T is implicitly assumed T={T} - - T - temperature. = {heat-on, heat-off} G= ({OFF,ON}, { e1=(OFF,ON), e2=(ON,OFF) } LOFF = { init(OFF) = (T=20), inv(OFF) = (T>17), flow(OFF) = (T∂=-0.1T)} LON = { init(ON) = false, inv(ON) = (T<=22), flow(ON) = (T∂=5-0.1T)} ET(e1) = heat-on, EC(e1) = (T<19) T’=T ET(e2) = heat-off, EC(e2) = (T>21) T’=T

  4. Semantics of Hybrid automata Infinite-state where executions consist of discrete changed, solely. Hybrid Automata Transition Systems Finite-state where executions are interleaving of continuous and discrete changes. Traces (behaviors)

  5. Transition System • Labeled transition system is: • S = Q, Q0, A,  • where: • Q – set of states (possibly infinite) • Q0Q - subset of initial states. • A - set A of labels (possibly infinite) •   (QAQ) - transition relation

  6. From Hybrid Automaton to Timed Transition System

  7. Timed Transition System of an Hybrid Automaton • H = X, , G=(V,E), VL=(init, inv, flow), ET,EC • is interpreted by: • STH =Q, Q0, A,  • where: • Q  (VRn) s.t. Q = { (v,ū) | [X:=ū]= inv(v) }- recall X = {x1,…xn}:Rn • Q0 = { (v,ū) | [X:=ū] | inv(v)  init(v) } • A =  R0 •  =   R • = { ((v,ū),, (v’,ū’)) | e=(v,v’)E, ET(e)=, [X:=ū, X’:=ū’] |EC(e) } • R= { ((v,ū),,(v’,ū’)) | v=v’ & fD1. f:[0,]Rn and f’:(0,)Rn - f(0)=ū and f()=ū’ - t. 0<t<: [X:=f(t)] |inv(v), [X:=f(t), X∂:=f’(t)] |flow(v) } where: ū Rn, , R0 , D1is the set of differential functions

  8. Timed Transition System of an Hybrid Automaton (exm.) • STH =Q, Q0, A,  • Q = { (OFF,T) | T>17 }  { (ON,T) | T22 } • Q0 = { (OFF,20) } • A = {heat-on, heat-off}  R0 •  = { ((OFF,T),,(ON,T)) | 17<T<19 }  { ((ON,T),,(OFF,T)) | 21<T22 } R ={ ((OFF,T),, (OFF,T’)) | 17<T”T22, =|((T-T’)/0.05)½| }  { ((ON,T),, (ON,T’)) | 17<TT’22, =g(T,T’) } f(t)=-0.05t2+c, 17<c22 f(t)= 0.05t2+5t+c, 17<c22

  9. Time Abstract Transition System of an Hybrid Automaton

  10. Time Abstract Transition System of an Hybrid Automaton • The time-abstract transition system of • H = X, , G=(V,E), VL=(init, inv, flow), ET,EC • is: • SAH =Q, Q0, B,  • where: • Q  (VRn) s.t. Q = { (v,ū) | [X:=ū]= inv(v) } • Q0 = { (v,ū) | [X:=ū] | inv(v)  init(v) } • B =  {} s.t.  •  = { ((v,ū),,(v’,ū’)) | e=(v,v’)E, ET(e)=, [X:=ū, X’:=ū’] |EC(e) }  { ((v,ū),, (v’,ū’)) | . ((v,ū),,(v’,ū’))} where: , R0 As in STH According to definition of  in STH

  11. Behavior of Transition System • For a transition system S =Q, Q0, A, : • A trajectory of S is a - finite or infinite – sequence of pairs ai,qii1 such • that q0Q0 and (qi-1,ai,qi)fori1. • A live transition system(S,L) is a pair consisting of a labeled transition • system S and a set L of infinite trajectories of S. • The set L is machine-closed for S if every finite trajectory of S is a prefix of • some trajectory in L. • For live transition system (S,L) and trajectory ai,qii1L, the corresponding • sequence (ai)i1 is called a trace of (S,L). Similar for finite trajectories in S.

  12. Timed Semantics of Hybrid Automata • H = X, , G=(V,E), VL=(init, inv, flow), ET,EC  STH=Q, Q0, A,  • Associate with each transition of STH a durationin R0: • - for ((v,ū),, (v’,ū’))the duration is 0. • - for ((v,ū),,(v,ū’))Rthe duration is . • An infinite trajectory ai,qii1 of STHdiverges if di, i=1..diverges, • where di is the duration of the transition (qi-1,ai,qi). • Let LTH be the set of divergent trajectories of STH. H is non-zeno if LTH • is machine-closed for STH. • Each trace of the live transition system (STH,LTH) is called a timed-trace of H. • The timed semantics of H is the set of timed-traces of H

  13. Abstract Semantics of Hybrid Automata • H = X, , G=(V,E), VL=(init, inv, flow), ET, EC •  STH=Q, Q0, A,  •  SAH=Q, Q0, B,  • An infinite trajectory bi,qii1 of SAHdiverges if there is a diverging • trajectory ai,qii1 of STHsuch that aibi and ai=bi for every ai. • Let LAH be the set of divergent trajectories of SAH. H is non-zeno if LAH • is machine-closed for SAH. • Each trace of the live transition system (STH,LAH) is called a trace of H. • The abstract semantics of H is the set of traces of H

  14. Composition of Hybrid Automata: Heated System Exm. controller Heater Heated space

  15. Composition of Hybrid Automata • H1 STH1=Q1, Q01, A1, 1, H2 STH2=Q2, Q02, A2, 2, • H1H2 STH1H2 • where: STH1H2 = STH1STH2 • where: STH1STH2 = Q1Q2, Q01Q02,A,  • where: • ● ((q1,q2),a,(q’1,q’2)) for a2 • iff: - a12 and (q1,a,q’1)1, (q2,a,q’2)2 • or - a12 and (q1,a,q’1)1, (q2,0,q’2)2 • or - a21 and (q1,0,q’1)1, (q2,a,q’2)2 • ((q1,q2),,(q’1,q’2)) for >0 iff: (q1,,q’1)1, (q2,,q’2)2 • ●A = { a |((q1,q2),a,(q’1,q’2)) }  { |((q1,q2),,(q’1,q’2)) } • SAH1H2 is derived fromSTH1H2 (in general SAH1H2  SAH1SAH2) The composition of two non-zeno hybrid automata is not necessarily non-zeno.

  16. T – distance from gate K – reaction delay Controller Train y - gate position () Gate

  17. A train on a circular track, (2-5)Km long, with a gate. • T - distance of the train from the gate (Initially T5Km, and T (train speed) is • between 40m/s and 50m/s. • 1000 meters from the gate, the train issues an approach event and may • slow down to 30m/s. • 100 meters past the gate, the train issues an eTit event. • The variableclk is a clock for measuring elapsed time. • When an approach event is received at the gate controller, it issues close_cmd • event within K seconds (K is a symbolic constant that represents the • reaction delay of the controller), and when an eTit event is received, the • controller issues open_cmd event also within K seconds. • y - position of the gate in degrees. Initially, the gate is open (y = 90). When • close_cmd event is received, the gate starts closing at the rate of 9 degrees per • second, and when open_cmd event is received, the gate starts opening at the • same rate.

  18. Train Controller Gate

  19. Train || Controller

  20. Verification Procedures for Hybrid Automata • Reachability - given a control mode v of H, is there a trajectory of STH (SAH) • that visits a state of the form (v,T)?. • Emptiness - is there a divergent trajectory of STH (SAH)?. • Timed trace inclusion - given H1 and H2, is every timed trace of H1 also a • timed trace of H2. • Time-abstract trace inclusion - given H1 and H2, is every time-abstract trace • of H1 also a time-abstract trace of H2. • Remarks: • Reachability can be reduced to finitary time-abstract trace inclusion, • Emptiness can be reduced to time-abstract trace inclusion. • Finitary trace inclusion can be reduced to trace inclusion.

  21. Composition of Hybrid Automata: principles • Given hybrid automata H1, H2, we define the parallel composition H1||H2. • In principle, H1, H2 interact via joint events: • if a12 then H1, H2 must synchronize on a-transitions, • if a1-2 then each a-transition of H1synchronizes with a 0-duration time • transition of H2, and vice versa. • For each real >0, a -duration time-transition of H1 must synchronize with • a -duration time-transition of H2. A=11such that isan associative partial function for each aA, ((q1,q2),a,(q’1,q’2)) iff(q1,a1,q’1)1, (q2,a2,q’2)2 such that(q1,a1,q’1)(q2,a2,q’2)=a

  22. PRE/POSTransition System • Labeled transition system is: • S = Q, Q0, A,  • where: • Q – set of states (possibly infinite) • Q0Q - subset of initial states. • A - set A of labels (possibly infinite) •   (QAQ) - transition relation A subset RQ is called a region. Given a region R and a label aA: - posta(R) = { q’ | qR s.t. (q,a,q’) } - a-successors - prea(R) = { q’ | qR s.t. (q’,a,q) } - a-predecessors

  23. Hybrid automata: “idle” events designates change of variable values; not eTplicitly specified if not used outside (system environment) T={T} - temperature. = {}– idle event G= ({OFF,ON}, { e1=(OFF,ON), e2=(ON,OFF) } init(OFF) = (T=20) inv(OFF) = (T>17), inv(ON) = (T<=22) flow(OFF) = (T∂=-0.1T), flow(ON) = (T∂=5-0.1T) ET(e1) = , ET(e2) =  EC(e1) = (T<19), EC(e2) = (T>21) vertices with no init label are considered to be labeld by false. if T” not explicitly specifiedthen T”=T is implicitly assumed

More Related