Correct-by-construction code generation from hybrid automata specification

Bresolin, Davide; Guglielmo, Luigi Di; Geretti, Luca; Villa, Tiziano

doi:10.1109/iwcmc.2011.5982784

Cited by 6 publications

(8 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The developed methodology ( Figure 1) relies on the hybrid model discretization process proposed in [3] and is divided into the three phases summarized below: 1) Formal verification of the hybrid system. This phase consists of verifying the correctness of the hybrid model M of a hybrid system, against the set P of properties which represent the specifications that the system should satisfy.…”

Section: Methodology Overviewmentioning

confidence: 99%

“…For this reason, once the hybrid model of the system is proved to be correct, is still necessary to derive an implementable model of the hybrid system. Very few works in literature have focused on developing techniques for extracting a correct by construction HW/SW implementation from hybrid automata [2], [3]. Unfortunately, these approaches are able to refine, into a systematic way, only a subclass of hybrid automata, thus they allow to automatically implement only a small class of hybrid systems.…”

Section: Motivationsmentioning

confidence: 99%

“…During such transitions, the supply voltage must follow a linearly rising/falling reference voltage as closely as possible. The PSS implementation and the related ∆ constraints have been obtained by using the approach in [3]. In particular, the module that controls the supply voltage value (i.e., the controller) has been automatically refined (by means of a SystemC implementation), while the module implementing the linearly rising/falling reference voltage (i.e., the voltage unit) has been manually defined (by using the SystemC-AMS library) considering the implementation constraints synthesized for the PSS.…”

mentioning

confidence: 99%

See 2 more Smart Citations

Interactive presentation abstract: Reusing of properties after discretization of hybrid automata

Guglielmo

Fummi

Pravadelli

2011

2011 IEEE International High Level Design Validation and Test Workshop

Self Cite

View full text Add to dashboard Cite

I. MOTIVATIONSWhen designing embedded systems, often the need arises to model systems having a mixed discrete and continuous behavior (i.e., hybrid systems) that cannot be characterized faithfully using either only discrete or only continuous MoCs (models of computation). Hybrid automata [1] have been proved to be a powerful MoC for the design and verification of hybrid systems, but their high-level of abstraction cannot take into account all the details of the typical HW/SW designs. For this reason, once the hybrid model of the system is proved to be correct, is still necessary to derive an implementable model of the hybrid system. Very few works in literature have focused on developing techniques for extracting a correct by construction HW/SW implementation from hybrid automata [2], [3]. Unfortunately, these approaches are able to refine, into a systematic way, only a subclass of hybrid automata, thus they allow to automatically implement only a small class of hybrid systems. For this reason, it is not uncommon to manually refine hybrid automata into their corresponding discrete (e.g., SystemC [4]) or (approximated) continuous implementations (e.g., SystemC-AMS [4], Matlab Simulink). In such a case the refined system must be verified again to guarantee its correctness. In this context, it would be valuable to reuse as much as possible properties defined for the verification of hybrid automata to reduce the need of an error prone and time consuming ex-novo property definitions. To the best of our knowledge the refinement of formal properties from the hybrid into the discrete domains is still an open problem. The proposed methodology aims to fill this gap. II. METHODOLOGY OVERVIEWThe developed methodology (Figure 1) relies on the hybrid model discretization process proposed in [3] and is divided into the three phases summarized below: 1) Formal verification of the hybrid system. This phase consists of verifying the correctness of the hybrid model M of a hybrid system, against the set P of properties which represent the specifications that the system should satisfy. 2) Implementation refinement. This phase consists of (i) establishing which automaton of the hybrid model M can be refined in a systematic way [3] and (ii) synthesizing the ∆ constraints (e.g., latencies, clock frequencies, variables precision) that the final system has to obey for preserving its correctness. In fact, it may be the case that while some components can be automatically refined, others, whose complexity is not currently supported by the existing refinement methodologies, have to be manually refined. This manual refinement has to take into account the aforementioned ∆ constraints. 3) Property refinement. The property refinement phase consists not only of (i) refining the set P of properties formally verified against M, but also of (ii) guiding the definition of new properties that, exploiting the ∆ constraints, allows to check that the manually refined components have been correctly implemented. Hybrid domain verification 1 Implementation ...

show abstract

Section: Methodology Overviewmentioning

confidence: 99%

Section: Motivationsmentioning

confidence: 99%

mentioning

confidence: 99%

See 1 more Smart Citation

Interactive presentation abstract: Reusing of properties after discretization of hybrid automata

Guglielmo

Fummi

Pravadelli

2011

2011 IEEE International High Level Design Validation and Test Workshop

Self Cite

View full text Add to dashboard Cite

show abstract

“…Two synthesis (mapping) approaches have also been presented that can incorporate finite-precision sensors and actuators as well as the finite response time of the controller [103], [104]. In these works, the synthesis problem is addressed for two sub-classes of hybrid automata, namely elastic controllers, and lazy linear hybrid automata, operating in an environment represented by hybrid automata.…”

Section: B Control Synthesismentioning

confidence: 99%

“…The result is that any correct Almost ASAP controller can be implemented by a program on a hardware if this hardware is fast enough. The first paper [103] presents a corresponding automated tool chain that can extract from an elastic controller a correct-by-construction HW/SW implementation described in SystemC. On the other hand, lazy linear hybrid automata [107] are used to model the discrete-time behavior of control systems containing finite-precision sensors and actuators interacting with their environment under bounded delays.…”

Section: B Control Synthesismentioning

confidence: 99%

A Platform-Based Design Methodology With Contracts and Related Tools for the Design of Cyber-Physical Systems

Nuzzo

Sangiovanni-Vincentelli

Bresolin

et al. 2015

Proc. IEEE

Self Cite

138

View full text Add to dashboard Cite

Abstract-We introduce a platform-based design methodology that uses contracts to specify and abstract the components of a cyber-physical system (CPS), and provide formal support to the entire CPS design flow. The design is carried out as a sequence of refinement steps from a high-level specification to an implementation built out of a library of components at the lower level. We review formalisms and tools that can be used to specify, analyze or synthesize the design at different levels of abstractions. For each level, we highlight how the contract operations can be concretely computed as well as the research challenges that should be faced to fully implement them. We illustrate our approach on the design of embedded controllers for aircraft electric power distribution systems.

show abstract