Nicolescu/Model-Based Design for Embedded Systems 67842_C013 Finals Page 426 2009-10-1 426 Model-Based Design for Embedded Systems 0 0.5 x (a) (b) –0.5–1 –1 –0.5 0 0.5 1 y 1.5 2 2.5 3 –1.5 1 1.5 2.52 00.5 x –0.5–1 –1 –0.5 0 0.5 1 y 1.5 2 2.5 3 –1.5 1 1.5 2.52 FIGURE 13.25 Results obtained using gRRT (a) and hRRT (b), with the same number of visited states. Suppose that we have sampled a discrete state q goal = q. Since all the stay- ing sets are boxes, the staying set I q is denoted by the box B and called the bounding box. As mentioned earlier, the coverage estimation is done using a box parti- tion of the state space B, and sampling of a continuous goal state can be done by two steps: first, sample a goal box b goal from the partition, second, “uni- formly” sample a point x goal in b goal . Guiding is thus done in the goal box sampling process by defining, at each iteration of the test generation algo- rithm, a probability distribution over the set of the boxes in the partition. Essentially, we favor the selection of a box if adding a new state in this box allows to improve the coverage of the visited states. This is captured by a potential influence function, which assigns to each elementary box b in the partition a real number that reflects the change in the coverage if a new state is added in b. The current coverage estimation is given in form of a lower and an upper bound. In order to improve the coverage, both the lower and the upper bounds need to be reduced (see more details in [32]). The hRRT algorithm for hybrid automata in which the goal state sampling is done using this coverage-guided method is now called the gRRT algorithm (which means “guided hRRT”). To illustrate the coverage- efficiency of gRRT, Figure 13.25 shows the results obtained by the hRRT and the gRRT on a linear system after 50,000 iterations. We can see that the gRRT algorithm has a better coverage result. Indeed with the “same number of states,” the states visisted by the gRRT are more equi-distributed over the reachable set than those visisted by hRRT. These algorithms were implemented in the prototype tool HTG, which was successfully applied to treat a number of benchmarks in control appli- cations and in analog and mixed-signal circuits [31,79]. Nicolescu/Model-Based Design for Embedded Systems 67842_C013 Finals Page 427 2009-10-1 Modeling, Verification, and Testing Using Timed and Hybrid Automata 427 13.8 Conclusions Embedded systems consist of hardware and software embedded in a phys- ical environment with continuous dynamics. To model such systems, timed and hybrid automata models have been developed and studied extensively in the past two decades. In this chapter we have reviewed the basics of these models and methods of exhaustive or partial verification, as well as testing for these models. We hope that our overview will motivate embed- ded system designers to use these models in their applications, and that they will find them useful. Timed and hybrid automata are still an active field of research, and we refer the readers to the numerous papers published on these topics, in addition to those referenced in our bibliography section. Acknowledgments We would like to thank Eugene Asarin, Olivier Bournez, Saddek Bensalem, Antoine Girard, Moez Krichen, Oded Maler, Tarik Nahhal, Sergio Yovine, and other colleagues for their collaborations and their contributions to the results presented in this chapter. References 1. N. Abed, S. Tripakis, and J M. Vincent. Resource-aware verification using randomized exploration of large state spaces. In SPIN’08,Los Angeles, CA, LNCS, 5156, 2008. 2. K. Altisen and S. Tripakis. Implementation of timed automata: An issue of semantics or modeling? In P. Pettersson and W. Yi (editors), 3rd International Conference on Formal Modeling and Analysis of Timed Sys- tems (FORMATS’05), Uppsala, Sweden, LNCS, 3829:273–288, September 2005, Springer, Berlin, Heidelberg. 3. R. Alur. Timed automata. NATO-ASI 1998 Summer School on Verifica- tion of Digital and Hybrid Systems, 1998. 4. R. Alur, C. Courcoubetis, N. Halbwachs, D.L. Dill, and H. Wong-Toi. Minimization of timed transition systems. In Third Conference on Concur- rency Theory CONCUR ’92, Stony Brook, NY, LNCS, 630:340–354, 1992, Springer-Verlag, New York. Nicolescu/Model-Based Design for Embedded Systems 67842_C013 Finals Page 428 2009-10-1 428 Model-Based Design for Embedded Systems 5. R. Alur, C. Courcoubetis, N. Halbwachs, T. Henzinger, P. Ho, X. Nicollin, A. Olivero, J. Sifakis, and S. Yovine. The algorithmic analy- sis of hybrid systems. Theoretical Computer Science, 138:3–34, 1995. 6. R. Alur, C. Courcoubetis, T.A. Henzinger, and P H. Ho. Hybrid automata: An algorithmic approach to the specification and verification of hybrid systems. In Hybrid Systems, pp. 209–229, 1992. 7. R. Alur, T. Dang, J. Esposito, Y. Hur, F. Ivan, C. Kumar, I. Lee, P. Mishra, G. Pappas, and O. Sokolsky. Hierarchical modeling and analysis of embedded systems. Proceedings of the IEEE, 91(1):11–28, 2003. 8. R. Alur, T. Dang, and F. Ivancic. Counter-example guided predi- cate abstraction of hybrid systems. Theoretical Computer Science (TCS), 354(2):250–271, 2006. 9. R. Alur and D. Dill. A theory of timed automata. Theoretical Computer Science, 126:183–235, 1994. 10. H. Anai and V. Weispfenning. Reach set computations using real quan- tifier elimination. In M.D. Di Benedetto and A. Sangiovanni-Vincentelli (editors), Hybrid Systems: Computation and Control, Rome, Italy, LNCS, 2034:63–75, 2001, Springer-Verlag, Berlin, Heidelberg. 11. E. Asarin, O. Bournez, T. Dang, and O. Maler. Approximate reacha- bility analysis of piecewise-linear dynamical systems. In B. Krogh and N. Lynch (editors), Hybrid Systems: Computation and Control, Pittsburg, PA, LNCS, 1790:20–31, 2000, Springer-Verlag, Berlin, Heidelberg. 12. E. Asarin, T. Dang, and A. Girard. Hybridization methods for the anal- ysis of nonlinear systems. Acta Informatica, 43(7):451–476, 2007. 13. E. Asarin, T. Dang, and O. Maler. Thed/dt tool for verification of hybrid systems. In Computer Aided Verification, Copenhagen, Denmark, LNCS, 2404:365–370, 2002, Springer-Verlag, Berlin, Heidelberg. 14. E. Asarin and G. Schneider. Widening the boundary between decidable and unde- cidable hybrid systems. In CONCUR, Irno, Czech Republic, 2002. 15. J. Beck and W. W. L. Chen. Irregularities of distribution. In Acta Arith- metica, Cambridge, U.K., 1997. Cambridge University Press. 16. B. Berthomieu and M. Menasche. An enumerative approach for analyz- ing time Petri nets. IFIP Congress Series, 9:41–46, 1983. 17. A. Bhatia and E. Frazzoli. Incremental search methods for reachability analysis of continuous and hybrid systems. In HSCC, Philadelphia, PA, pp. 142–156, 2004. Nicolescu/Model-Based Design for Embedded Systems 67842_C013 Finals Page 429 2009-10-1 Modeling, Verification, and Testing Using Timed and Hybrid Automata 429 18. S. Bornot, J. Sifakis, and S. Tripakis. Modeling urgency in timed systems. In W.P. de Roever, H. Langmaack, and A. Pnueli (edi- tors), Compositionality: The Significant Difference, International Symposium (COMPOS’97), Bad Malente, Germany, LNCS, 1536:103–129, September 1998, Springer, Berlin, Heidelberg. 19. D. Bosnacki. Digitization of timed automata. In Proceedings of the Fourth International Workshop on Formal Methods for Industrial Critical Systems (FMICS ’99), Berlin, Germany, pp. 283–302, 1999. 20. O. Botchkarev and S. Tripakis. Verification of hybrid systems with lin- ear differential inclusions using ellipsoidal approximations. In B. Krogh and N. Lynch (editors), Hybrid Systems: Computation and Control, Pitts- burg, PA, LNCS, 1790:73–88, 2000, Springer-Verlag, Berlin, Heidelberg. 21. O. Bournez, O. Maler, and A. Pnueli. Orthogonal polyhedra: Rep- resentation and computation. In F. Vaandrager and J. van Schup- pen (editors), Hybrid Systems: Computation and Control, Bergen Dal, the Netherlands, LNCS, 1569:46–60, 1999, Springer-Verlag, Berlin, Heidelberg. 22. P. Bouyer. Forward analysis of updatable timed automata. Formal Meth- ods in System Design, 24(3):281–320, 2004. 23. P. Bouyer, C. Dufourd, E. Fleury, and A. Petit. Are timed automata updatable? In CAV’00, Chicago, IL, LNCS, 1855, 2000. 24. M. Bozga, O. Maler, and S. Tripakis. Efficient verification of timed automata using dense and discrete time semantics. In L. Pierre and T. Kropf (editors), Correct Hardware Design and Verification Methods, 10th IFIP WG 10.5 Advanced Research Working Conference (CHARME ’99),Bad Herrenalb, Germany, LNCS, 1703:125–141, September 1999, Springer, Berlin, Heidelberg. 25. M. Branicky, M. Curtiss, J. Levine, and S. Morgan. Sampling-based reachability algorithms for control and verification of complex sys- tems. In Thirteenth Yale Workshop on Adaptive and Learning Systems,New Haven, CI, 2005. 26. K. Cerans and J. Viksna. Deciding reachability for planar multi- polynomial systems. In Hybrid Systems, pp. 389–400, 1995. 27. A. Chutinan and B.H. Krogh. Verification of polyhedral invariant hybrid automata using polygonal flow pipe approximations. In F. Vaan- drager and J. van Schuppen (editors), Hybrid Systems: Computation and Control, Bergen Dal, the Netherlands, LNCS, 1569:76–90, 1999, Springer- Verlag, Berlin, Heidelberg. Nicolescu/Model-Based Design for Embedded Systems 67842_C013 Finals Page 430 2009-10-1 430 Model-Based Design for Embedded Systems 28. E. Clarke, A. Fehnker, Z. Han, B. Krogh, J. Ouaknine, O. Stursberg, and M. Theobald. Abstraction and counterexample-guided refinement in model checking of hybrid systems. International Journal of Foundations of Computer Science, 14(4):583–604, 2003. 29. T. Dang. Reachability-based technique for idle speed control synthe- sis. International Journal of Software Engineering and Knowledge Engineer- ing IJSEKE, 15(2):397–404, 2005. 30. T. Dang and O. Maler. Reachability analysis via face lifting. In T.A. Hen- zinger and S. Sastry (editors), Hybrid Systems: Computation and Control, Berkeley, CA, LNCS, 1386:96–109, 1998, Springer-Verlag, Berlin, Heidel- berg. 31. T. Dang and T. Nahhal. Using disparity to enhance test generation for hybrid systems. In TESTCOM/FATES, Tokyo, Japan, LNCS, 2008, Springer, Berlin, Heidelberg. 32. T. Dang and T. Nahhal. Model-based testing of hybrid systems. Techni- cal report, Verimag, IMAG, November 2007. 33. C. Daws, A. Olivero, S. Tripakis, and S. Yovine. The tool KRONOS. In R. Alur, T.A. Henzinger, and E.D. Sontag (editors), Hybrid Systems III: Verification and Control, LNCS, 1066:208–219, 1996, Springer, New York. 34. C. Daws and S. Tripakis. Model checking of real-time reachability prop- erties using abstractions. In B. Steffen (editor), Fourth International Con- ference on Tools and Algorithms for the Construction and Analysis of Sys- tems (TACAS’98), Lisbon, Portugal, LNCS, 1384:313–329, 1998, Springer, Berlin, Heidelberg. 35. D. Dill. Timing assumptions and verification of finite-state concurrent systems. In J. Sifakis (editor), Automatic Verification Methods for Finite State Systems, Grenoble, France, LNCS, 407:197–212, 1989, Springer. 36. A. Donzé and O. Maler. Systematic simulation using sensitivity analy- sis. In HSCC, Gières, France, 174–189, 2007. 37. J. Esposito, J. W. Kim, and V. Kumar. Adaptive RRTs for validating hybrid robotic control systems. In Proceedings Workshop on Algorithmic Foundations of Robotics, Zeist, the Netherlands, July 2004. 38. J.C. Fernandez, C. Jard, T. Jéron, and G. Viho. Using on-the-fly veri- fication techniques for the generation of test suites. In CAV’96,New Brunswick, NJ, LNCS, 1102, 1996, Springer. 39. G. Frehse, B. Krogh, R. Rutenbar, and O. Maler. Time domain verifica- tion of oscillator circuit properties. Electronics Notes on Theoretical Com- puter Science, 153(3):9–22, 2006. Nicolescu/Model-Based Design for Embedded Systems 67842_C013 Finals Page 431 2009-10-1 Modeling, Verification, and Testing Using Timed and Hybrid Automata 431 40. A. Girard. Reachability of uncertain linear systems using zonotopes. In Hybrid Systems: Computation and Control, Zurich, Switzerland, LNCS, 3414:291–305, 2005, Springer, Berlin, Heidelberg. 41. A. Girard and C. Le Guernic. Zonotope/hyperplane intersection for hybrid systems reachability analysis. In Hybrid Systems: Computation and Control HSCC, St. Louis, MU, 2008, Springer, Berlin, Heidelberg. 42. A. Girard, C. Le Guernic, and O. Maler. Efficient computation of reach- able sets of linear time-invariant systems with inputs. In Hybrid Systems: Computation and Control HSCC, Santa Barbara, CA, LNCS, 3927:257–271, 2006, Springer, Berlin, Heidelberg. 43. A. Girard and G. Pappas. Verification using simulation. In HSCC,Santa Barbara, CA, pp. 272–286, 2006. 44. P. Godefroid, N. Klarlund, and K. Sen. DART: Directed automated ran- dom testing. SIGPLAN Not. (PLDI’05), 40(6):213–223, 2005. 45. M.R. Greenstreet and I. Mitchell. Reachability analysis using polygo- nal projections. In F. Vaandrager and J. van Schuppen (editors), Hybrid Systems: Computation and Control, Bergen Dal, the Netherlands, LNCS, 1569:76–90, 1999, Springer-Verlag, Berlin, Heidelberg. 46. R. Grosu, X. Huang, S.A. Smolka, W. Tan, and S. Tripakis. Deep random search for efficient model checking of timed automata. In F. Kordon and O. Sokolsky (editors), Seventh Monterey Workshop on Composition of Embedded Systems, Paris, France, LNCS, 4888, October 2006, Springer. 47. T. Henzinger, P. Kopke, A. Puri, and P. Varaiya. What’s decidable about hybrid automata? In Journal of Computer and System Sciences, 373–382, 1995, ACM Press. 48. T. Henzinger, Z. Manna, and A. Pnueli. What good are digital clocks? In ICALP’92, Vienna, Austria, LNCS, 623, 1992. 49. T. Henzinger, X. Nicollin, J. Sifakis, and S. Yovine. Symbolic model checking for real-time systems. Information and Computation, 111(2):193– 244, 1994. 50. T.A. Henzinger, P H. Ho, and H. Wong-Toi. HyTech: A model checker for hybrid systems. Software Tools for Technology Transfer, 1:110–122, 1997. 51. G.J. Holzmann. An analysis of bitstate hashing. In Formal Methods in System Design, Kluwer, 3(3):287–305, 1998. 52. G.J. Holzmann. The Spin Model Checker-Primer and Reference Manual. Addison-Wesley, Reading, MA, 2004. Nicolescu/Model-Based Design for Embedded Systems 67842_C013 Finals Page 432 2009-10-1 432 Model-Based Design for Embedded Systems 53. S. Iman and S. Joshi. The e-Hardware Verification Language. Springer, New York, 2004. 54. C. Jard and T. Jeron. Bounded-memory algorithms for verification on-the-fly. In CAV’91, Aalborg, Denmark, LNCS, 575, 1992, Springer, Berlin, Heidelberg. 55. A. A. Julius, G. E. Fainekos, M. Anand, I. Lee, and G. J. Pappas. Robust test generation and coverage for hybrid systems. In HSCC, Pisa, Italy, pp. 329–342, 2007. 56. J. Kapinski, B. Krogh, O. Maler, and O. Stursberg. On systematic sim- ulation of open continuous systems. In HSCC, Prague, Czech Republic, pp. 283–297, 2003. 57. J. Kim, J. Esposito, and V. Kumar. Sampling-based algorithm for testing and validating robot controllers. International Journal of Robotics Research, 25(12):1257–1272, 2006. 58. D. E. Kirk. Optical control theory: An introduction. Dover Publications, May 2004. 59. M. Kloetzer and C. Belta. Reachability analysis of multi-affine systems. In Hybrid Systems: Computation and Control, Santa Barbara, CA, pp. 348– 362, 2006, Springer, Berlin, Heidelberg. 60. M. Krichen and S. Tripakis. Conformance testing for real-time systems. Formal methods in system design, 34(3):238–304, 2009. 61. M. Krichen and S. Tripakis. Black-box conformance testing for real-time systems. In S. Graf and L. Mounier (editors), 11th International SPIN Workshop on Model Checking Software (SPIN’04), Barcelona, Spain, LNCS, 2989:109–126, April 2004, Springer, Berlin, Heidelberg. 62. M. Krichen and S. Tripakis. Real-time testing with timed automata testers and coverage criteria. In Y. Lakhnech and S. Yovine (edi- tors), Joint International Conference on Formal Modelling and Analysis of Timed Systems and Formal Techniques in Real-Time and Fault-Tolerant Sys- tems, FORMATS/FTRTFT 2004, Grenoble, France, LNCS, 3253:134–151, September 2004, Springer. 63. M. Krichen and S. Tripakis. State identification problems for timed automata. In F. Khendek and R. Dssouli (editors), 17th IFIP TC6/WG 6.1 International Conference on Testing of Communicating Systems (Test- Com’05), Montreal, QC, LNCS, 3502:175–191, May 2005, Springer, Berlin, Germany. 64. A. Kuehlmann, K. McMillan, and R. Brayton. Probabilistic state space search. In ICCAD’99, San Jose, CA, 574–579, 1999. Nicolescu/Model-Based Design for Embedded Systems 67842_C013 Finals Page 433 2009-10-1 Modeling, Verification, and Testing Using Timed and Hybrid Automata 433 65. J. Kuffner and S. LaValle. RRT-connect: An efficient approach to single- query path planning. In Proceedings of the IEEE International Confer- ence on Robotics and Automation (ICRA’2000), San Francisco, CA, April 2000. 66. A. Kurzhanski and I. Valyi. Ellipsoidal Calculus for Estimation and Control. Birkhauser, Boston, MA, 1997. 67. A.B. Kurzhanski and P. Varaiya. Ellipsoidal techniques for reachabil- ity analysis. In Hybrid Systems: Computation and Control, Pittsburgh, PA, 2000. 68. A. A. Kurzhanskiy and P. Varaiya. Ellipsoidal toolbox (et). In Proceed- ings of the 45th IEEE Conference on Decision and Control, San Diego, CA, 2006. 69. M. Kvasnica, P. Grieder, M. Baoti, and M. Morari. Multi-parametric toolbox (mpt). In Hybrid Systems: Computation and Control, Philadelphia, PA, LNCS, 2993:448–462, 2004, Springer, Berlin, Heidelberg. 70. K. Larsen, P. Petterson, and W. Yi. Uppaal in a nutshell. Software Tools for Technology Transfer, 1(1/2):134–152, October, 1997. 71. S. LaValle and J. Kuffner. Rapidly-exploring random trees: Progress and prospects, 2000. In Workshop on the Algorithmic Foundations of Robotics. 72. S. LaValle. Planning Algorithms. Cambridge University Press, New York, 2006. 73. D. Lee and M. Yannakakis. Principles and methods of testing finite state machines - A survey. Proceedings of the IEEE, 84:1090–1126, 1996. 74. J. Lygeros, K. Johansson, S. Sastry, and M. Egerstedt. the existence of executions of hybrid automata. In IEEE Conference on Decision and Con- trol, Phoenix, AZ, 1999. 75. M. Mihail and C. H. Papadimitriou. On the random walk method for protocol testing. In D. L. Dill (editor), Proceedings of the Sixth Inter- national Conference on Computer-Aided Verification CAV,Stanford,CA, LNCS, 818:132–141, 1994, Springer, London, U.K. 76. O. Maler and A. Pnueli. Reachability analysis of planar multilinear systems. In Proceedings of the 4th Computer-Aided Verification, Elounda, Greece, volume 697. Springer, 1993. 77. I. M. Mitchell and J. A. Templeton. A toolbox of Hamilton-Jacobi solvers for analysis of nondeterministic continuous and hybrid systems. In Hybrid Systems: Computation and Control, Zurich, Switzerland, LNCS. Springer-Verlag, 2005, to appear. Nicolescu/Model-Based Design for Embedded Systems 67842_C013 Finals Page 434 2009-10-1 434 Model-Based Design for Embedded Systems 78. N. Kitchen and A. Kuehlmann. Stimulus generation for constrained ran- dom simulation. In ICCAD 2007, San Jose, CA, pp. 258–265, 2007. 79. T. Nahhal and T. Dang. Test coverage for continuous and hybrid sys- tems. In CAV, Berlin, Germany, pp. 454–468, 2007. 80. X. Nicollin, A. Olivero, J. Sifakis, and S. Yovine. An approach to the description and analysis of hybrid systems. In Hybrid Systems, pp. 149– 178, 1992. 81. J. Ouaknine and J. Worrell. Revisiting digitization, robustness, and decidability for timed automata. In LICS 2003, Ottawa, ON, 2003, IEEE CS Press, Washington, DC. 82. R. Paige and R. Tarjan. Three partition refinement algorithms. SIAM Journal on Computing, 16(6):973–989, 1987. 83. G. Pappas, G. Lafferriere, and S. Yovine. A new class of decidable hybrid systems. In F. Vaandrager and J. van Schuppen (editors), Hybrid Systems: Computation and Control, Bergen Dal, the Netherlands, LNCS, 1569:29–31, 1999, Springer-Verlag, Berlin, Heidelberg. 84. R. Pelanek and I. Cerna. Enhancing random walk state space explo- ration. In Proc. of Formal Methods for Industrial Critical Systems (FMICS’05), Lisbon, Portugal, 98–105, 2005, ACM Press, New York. 85. E. Plaku, L. Kavraki, and M. Vardi. Hybrid systems: From verification to falsification. In W. Damm and H. Hermanns (editors), International Conference on Computer Aided Verification (CAV), Berlin, Germany, LNCS, 4590:468–481, 2007, Springer-Verlag, Heidelberg, Berlin, Germany. 86. S. Prajna and A. Jadbabaie. Safety verification of hybrid systems using barrier certificates. In R. Alur and G. J. Pappas (editors), Hybrid Systems: Computation and Control, Philadelphia, PA, LNCS, 2993:477–492, 2004, Springer, Berlin, Heidelberg. 87. S. Prajna, A. Papachristodoulou, P. Seiler, and P. A. Parrilo. SOSTOOLS: Sum of Squares Optimization Toolbox for MATLAB, 2004. 88. A. Puri. Dynamical properties of timed automata. Discrete Event Dynamic Systems, 10(1–2):87–113, 2000. 89. A. Puri and P. Varaiya. Decidability of hybrid systems with rectangular differential inclusions. In D. L. Dill (editor), Proceedings of the Sixth Inter- national Conference on Computer-Aided Verification CAV,Stanford,CA, LNCS, 818:95–104, 1994. Springer-Verlag, Berlin, Heidelberg. 90. S. Ratschan and Z. She. Safety verification of hybrid systems by con- straint propagation-based abstraction refinement. ACM Transactions on Embedded Computer Systems, 6(1): 2007. Nicolescu/Model-Based Design for Embedded Systems 67842_C013 Finals Page 435 2009-10-1 Modeling, Verification, and Testing Using Timed and Hybrid Automata 435 91. S. Sankaranarayanan, T. Dang, and F. Ivancic. Symbolic model checking of hybrid systems using template polyhedra. In TACAS’08 — Tools and Algorithms for the Construction and Analysis of Systems, Budapest, Hun- gary, 2008, Springer. 92. S. Shyam and V. Bertacco. Distance-guided hybrid verification with GUIDO. In DATE ’06: Proceedings of the Conference on Design, Automation and Test in Europe, pp. 1211–1216. European Design and Automation Association, Munich, Germany, 2006. 93. J. Sifakis and S. Yovine. Compositional specification of timed systems. In 13th Annual Symposium on Theoretical Aspects of Computer Science, STACS’96, Grenoble, France, LNCS, 1046, 1996, Spinger-Verlag, Berlin, Heidelberg. 94. O. Stursberg and B. Krogh. Efficient representation and computation of reachable sets for hybrid systems. In Hybrid Systems: Computation and Control HSCC, Prague, Czech Republic, LNCS, 482–497, 2003, Springer, Berlin, Heidelberg. 95. L. Tan, J. Kim, O. Sokolsky, and I. Lee. Model-based testing and moni- toring for hybrid embedded systems. In Proceedings of IEEE Internation Conference on Information Reuse and Integration (IRI’04), Los Vegas, NV, 2004. 96. A. Tiwari. Formal semantics and analysis methods for Simulink State- flow models. Technical report, SRI International, 2002. 97. A. Tiwari and G. Khanna. Nonlinear systems: Approximating reach sets. In Hybrid Systems: Computation and Control, Philadelphia, PA, LNCS, 2993:600–614, 2004, Springer, Berlin, Heidelberg. 98. C. Tomlin, I. Mitchell, A. Bayen, and M. Oishi. Computational tech- niques for the verification of hybrid systems. Proceedings of the IEEE, 91(7):986–1001, 2003. 99. F. Torrisi and A. Bemporad. HYSDEL—A tool for generating computa- tional hybrid models. IEEE Transactions on Control Systems Technology, 12(2):235–249, 2004. 100. J. Tretmans. Testing concurrent systems: A formal approach. In CON- CUR’99, Eindhoven, the Netherlands, LNCS, 1664, 1999, Springer, Berlin, Heidelberg. 101. S. Tripakis. Checking Timed Büchi Automata Emptiness on Simulation Graphs. ACM Transactions on Computational Logic (to appear). 102. S. Tripakis. Fault diagnosis for timed automata. In W. Damm and E R. Olderog (editors), Formal Techniques in Real Time and Fault [...]... simplified design flow for embedded control systems is shown in Figure 14.1 Heterogeneity of the design objectives (e.g., dynamics, safety, and power consumption) and the need for mitigating design complexity dictates that design progresses along abstraction layers, or design platforms” [8] The objective of controller design is the construction and verification of Controller Models that meet performance... model of the software component platform and the execution model of the system platform on the required controller dynamics The last stage of the design flow is implementation platform design, which includes code generation for the software components from controller models, design of the assignment of the software components and their 440 Model-Based Design for Embedded Systems interactions to the... Modeling Languages Plant dynamics models 439 Controller models Controller design Specification implementation interface Software architecture models System-level models System-level design Specification implementation interface Code HW and network configuration Implementation platform design FIGURE 14.1 Simplified design flow for embedded controllers of independent processing nodes In current practice,... [15]) While this approach represented a major step ahead and had opened up the possibility for developing metaprogrammable tool suites for model-based design [15,27], specification of precise semantics both for the metamodeling languages and for the DSMLs has remained an open problem • Specification of semantics for various DSMLs have been most frequently done by means of natural language (possibly interspersed... manipulable As such, formal specifications remove ambiguity and enable automated analysis for many design issues at a cost of higher detail Formal specification of semantics is particularly important in translating models between languages recognized by different tools In the rest of the chapter we will focus on the formal and explicit specification of semantics of DSMLs 14.2.2 Framework for Formal Semantics... is a well-formed model If r is well formed, then r meta maps r to a new domain Note that all other interpretations map models in a domain to models of another domain To make a mapping from models to domain, as r meta does, a domain of domains must be created This is beyond the scope of this chapter See [23] for a more detailed explanation of metamodeling semantics 444 Model-Based Design for Embedded. .. and model transformations For example, we must be able to reason about the effects of model transformations on structural semantics However, model transformations are not constraint systems, but (semi-)operational rewriting procedures Thus, a purely algebraic formalism is not an ideal candidate Additionally, the non-emptiness checking and model finding operations suggest formalisms for which finite... framework Our specification language, called FORMULA (Formal Modeling Using Logic Analysis), provides structuring and composition operators for formalizing and composing structural semantics and model transformations At its core is a wellstudied class of LP called non-recursive and stratified 14.3.2 Formal Foundations 14.3.2.1 Signatures and Terms A function symbol, for example, f (·), is a symbol denoting... implemented embedded controller In addition, the design flow is supported by heterogeneous tools including modeling tools, formal verification tools, simulators, test generators, language design tools, code generators, debuggers, and performance analysis tools that must all cooperate to assist developers and engineers struggling to construct the required systems If the DSMLs are only informally specified... for DSML specification, show examples for the different specification styles, and discuss the key concepts required for the formal specification of DSMLs 14.2.1 DSML Specification: Informal and Formal Current practice of specifying DSMLs covers a wide range of methods from formal to informal Starting with the conceptualization of Harel and Rumpe [19], a DSML specification can be expressed as a 5-tuple . their Nicolescu /Model-Based Design for Embedded Systems 67842_C014 Finals Page 440 2009-10-2 440 Model-Based Design for Embedded Systems interactions to the computation, and communication resources in the form of. See [23] for a more detailed explanation of metamodeling semantics. Nicolescu /Model-Based Design for Embedded Systems 67842_C014 Finals Page 444 2009-10-2 444 Model-Based Design for Embedded. Springer- Verlag, Berlin, Heidelberg. Nicolescu /Model-Based Design for Embedded Systems 67842_C013 Finals Page 430 2009-10-1 430 Model-Based Design for Embedded Systems 28. E. Clarke, A. Fehnker,