2015
DOI: 10.1007/978-3-662-46681-0_5
|View full text |Cite
|
Sign up to set email alerts
|

C2E2: A Verification Tool for Stateflow Models

Abstract: Mathworks' Stateflow is a predominant environment for modeling embedded and cyber-physical systems where control software interacts with physical processes. We present Compare-Execute-Check-Engine (C2E2)-a verification tool for continuous and hybrid Stateflow models. It checks bounded time invariant properties of models with nonlinear dynamics, and discrete transitions with guards and resets. C2E2 transforms the model, generates simulations using a validated numerical solver, and then computes reachtube over-a… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

1
99
0

Year Published

2015
2015
2023
2023

Publication Types

Select...
5
3
2

Relationship

1
9

Authors

Journals

citations
Cited by 131 publications
(100 citation statements)
references
References 18 publications
1
99
0
Order By: Relevance
“…While SpaceEx could also be leveraged for our approach, it is restricted to affine hybrid system models. Similarly, C2E2 [8] could be possibly leveraged for conformance testing, however it requires to annotate the model with certificates called discrepancy functions. If these certificates are given, Mitra provide a conformance checking procedure for continuous systems without inputs that particularly focus on security [19].…”
Section: Related Workmentioning
confidence: 99%
“…While SpaceEx could also be leveraged for our approach, it is restricted to affine hybrid system models. Similarly, C2E2 [8] could be possibly leveraged for conformance testing, however it requires to annotate the model with certificates called discrepancy functions. If these certificates are given, Mitra provide a conformance checking procedure for continuous systems without inputs that particularly focus on security [19].…”
Section: Related Workmentioning
confidence: 99%
“…The Flow* tool [15] handles systems given by ODEs that are expressed as polynomial functions of the state variables. The C2E2 tool can verify safety properties of hybrid systems but only if the designer provides sufficient annotations to the models in the form of discrepancy functions, which characterize the maximum rate at which pairs of trajectories can diverge from each other [16]. SLDV provides property-proving capability for Simulink models but only for open-loop, discrete-time (nonhybrid) models [8].…”
Section: Problems Applying Verification Approachesmentioning
confidence: 99%
“…A major case study using C2E2 for verifying temporal properties of parallel aircraft landing protocols was performed in [4]. The algorithm has been extended for "fully hybrid" systems and with several usability enhancements in [3]. In this demo, we present additional features of C2E2 such as full integration of temporal precedence properties, textual representation of the reachable set, and ongoing development features such as interfacing with intermediate representation HySt [1], console mode of C2E2, and automatic inference of discrepancy functions for a large set of linear hybrid systems.…”
Section: Introductionmentioning
confidence: 99%