lccc workshop: systems design meets equation-based languages
TRANSCRIPT
-
LCCC Workshop: Systems Design meets Equation-based Languages
19-21 September 2012
Old Bishops Palace at Biskopsgatan 1 in Lund
Scientific CommitteeJohan kesson, Lund University, Sweden (Chair)
Moritz Diehl, KU Leuven, BelgiumHilding Elmqvist, Dassault Systmes, Sweden
Claus Fhrer, Lund University, SwedenClas Jacobson, United Technologies Research Center, USA
Eric Van Wyk, University of Minnesota, USAAnders Rantzer, Lund University, Sweden, LCCC coordinator
Organizing CommitteeClaus FhrerGrel Hedin
Anders RantzerEva Westin
Johan kesson
-
MAILING ADDRESSDepartment of Automatic ControlLund UniversityBox 118SE-221 00 LUND, SWEDEN
VISITING ADDRESSInstitutionen fr ReglerteknikOle Rmers vg 1232 63 LUND
TELEPHONE+46 46 222 87 87
FAX+46 46 13 81 18
GENERIC E-MAIL [email protected]
WWWwww.lccc.lth.se
Printed: Media-Tryck, Lund, Sweden, August 2013
ISSN 0280-5316ISRN LUTFD2/TFRT--7638--SE
-
3
Content
1. Introduction 51.1 Workshop Theme 51.2 Scope 51.3 Organization and venue 62. Panel discussion 72.1 Modeling and systems engineering in education 72.2 Employing equation-based languages in systems design 72.3 Formalization of models 83. Summary and outlook 93.1 Important observations 93.2 Open problems 93.3 Actions 10
Appendix A PROGRAM 11
Appendix B PARTICIPANTS 13
Appendix C PRESENTATIONS 15Non-standard semantics of hybrid systems modelers 15Albert Benveniste, IRISA/INRIA
Equations, Synchrony, Time, and Modes 30Edward A. Lee, EECS, UC Berkeley
Formal Modeling and Analysis of Software Systems with Lustre 39Mike Whalen, University of Minnesota
Systems Engineering: Status of Industrial Use, Opportunities and Needs 46Clas Jacobson, United Technologies Systems & Controls Engineering
The OpenModelica Environment including Static and Dynamic Debugging of Modelica Models and Systems Engineering/Design verification 51Peter Fritzson, Linkping University, Department of Computer and Information Science, PELAB Programming Environment Laboratory
The Dark Side of Object-Oriented Modelling: Numerical Problems, Existing Solutions, Future Perspectives 65Francesco Casella, Politecnico di Milano, Dipartimento di Elettronica e Informazione
Bridging between different modeling formalisms results from the MULTIFORM project 75Sebastian Engell, Process Dynamics and Operations Group, Department of Biochemical and Chemical Engineering, TU Dortmund
Equation-based Modeling and Control of Industrial Processes 84Johan Sjberg, ABB AB, Corporate Research and Linkping university
FMI: Functional Mockup Interface for Model Exchange and Co Simulation 91Torsten Blochwitz, ITI GmbH Dresden, Germany
-
4
Vertical Integration in Tool Chains for Modeling, Simulation and Optimization of Large-Scale Systems 102Johan kesson, Modelon AB and Lund University, Lund, Sweden
System Design From Requirements to Implementation 109Alberto Ferrari, ALES S.r.l.
Synchronous Control and State Machines in Modelica 116Hilding Elmqvist, Dassault Systmes AB
Extensible Programming and Modeling Languages 126Eric Van Wyk, University of Minnesota
Extensible compiler architecture examples from JModelica.org 133Grel Hedin, Dept of Computer Science, Lund University, Sweden
Constraint satisfaction methods in embedded system design 138Krzysztof Kuchcinski, Dept. of Computer Science, Lund University
Dynamical models for industrial controls: use cases and challenges 148Fernando DAmato, GE Global Research Cente
Origins of Equation-Based Modeling Languages 155Karl Johan strm, Department of Automatic Control, LTH, Lund University Lund, Sweden
Assimulo a Python package for solving differential equation with interface to equation based languages 163Claus Fhrer, Centre of Mathematical Sciences, Lund University
CasADi: A Tool for Automatic Differentiation and Simulation-Based Nonlinear Programming 169Moritz Diehl, Electrical Engineering Department and Optimization in Engineering Center OPTEC KU Leuven
Pyomo: Optimization Modeling in Python 182Carl Laird, Artie McFerrin Department of Chemical Engineering, Texas A&M University
Efficient symbolical and numerical algorithms for nonlinear model predictive control with OpenModelica 195Bernhard Bachmann, Fachhochschule Bielefeld University of Applied Sciences
Modeling Seen as Programming 210Klaus Havelund, Jet Propulsion Laboratory, California Institute of Technology
Verification of Stiff Hybrid Systems by Modeling the Approximations of Computational Semantics 232Pieter J. Mosterman, MathWorks
Algorithmic differentiation: Sensitivity analysis and the computation of adjoints 253Andrea Walther, Institut fur Mathematik Universitt Paderborn
Functional Development with Modelica 270Stefan-Alexander Schneider, Schneider System Consulting
-
5
1. Introduction
LCCC workshops are organized in a 3-day for-mat. About 20-25 speakers from academia and industry are invited for the workshop, selected for excellence and for an optimal coverage of the theme. The speakers are also encouraged to extend their stay beyond the workshop for further interaction with the local research en-vironment. For each workshop, the research theme is chosen strategically to support the vision of a LCCC, usually with a cross-disciplinary perspective. An international scientific commit-tee is responsible for the program.
1.1 WORKSHOP THEMEEquation-based object-oriented languages (EOOL), such as Modelica and VHDL-AMS, have become widely used in academia and industry during recent years. While these languages are mainly oriented towards dynamic simulation, they are well suited as a basis for solving a wider range of engineering design problems, making use of existing and new algorithms. Examples include sensitivity analysis, state and parameter estimation, optimal control and MPC, robust design, and model reduction.
1.2 SCOPE The workshop focused on how EOOLs can be extended to support this wider range of pro-blems in systems design. The following aspects are of primarily interest:
1. Extension examples: What kind of engine-ering design problems could benefit from support through EOOLs, or extensions to an EOOL language? What existing or new al-gorithms could be used for such extensions? An existing example for such an extension is Optimica which adds optimization capabili-ties to Modelica.
2. Language extension design: How can such
extensions be formulated as language ex-tensions? What different techniques, e.g., annotations, syntactic extensions, semantic extensions, or embedded DSLs are appropri-ate for different extensions? How can model execution standards, e.g., the Functional Mock-up Interface (FMI) be explored to link language extensions to algorithms?
3. Language extension implementation: How can these extensions be implemented in supporting tools like compilers? How can modularity with respect to core languages be maintained? How can interactive tools like IDEs be extended to support the language extensions? Examples of new metacompila-tion frameworks supporting language exten-sions include JastAdd, Silver, and Kiama.
4. Applications: What interesting industrial cases can be found that could benefit from such new developments?
Supporting such extensions to EOOLs would answer the strong industrial need for integra-ting existing EOOL models with systems design algorithms and on-line control systems.
The problems are cross disciplinary, and the aim of the workshop was therefore to bring to-gether researchers and industrial practitioners in several fields, including engineering design (modeling, simulation, optimization, etc.), com-puter science (languages and tools), numerical analysis (algorithms for solving design problems), and applications.
The workshop supported the LCCC theme Modeling for design and verification. During the last few years, a local community has emerged, consisting of researchers at the departments of Mathematics, Computer Science and Automa-tic Control, and companies, notably Modelon, Lund, and ABB, Malm. The local community is oriented towards the two open source projects
-
6 INTRODUCTION
JModelica.org (an open-source implementation of Modelica) and JastAdd (a meta-compilation tool supporting language extension). The theme of the workshop stemmed from this environ-ment cross-disciplinary interactions between researchers at Lund university, local companies, and students are frequent. Such interactions include joint masters thesis projects, joint sci-entific publications, joint PhD student advising, all inspired by industral applications.
1.3 ORGANIZATION AND VENUEThe workshop was initiated by Claus Fhrer (Center for Mathematical Sciences), Grel Hedin (Department of Computer Science) and Johan kesson (Department of Automatic Control).
The scientific committee consisted of Johan kesson (chair), Moritz Diehl, Hilding Elmqvist, Claus Fhrer, Clas Jacobson and Eric van Wyk.
The local organization and interactions with workshop speakers and participants was hand-led by Eva Westin.
The workshop was held at the Pufendorf Insti-tute at Lund University 19-21 September 2012.
-
7
2. Panel discussion
Participants: Albert Benveniste, Hilding Elmqvist, Carl D. Laird, Edward E. Lee, Clas Jacobson
Moderator: Karl Johan strm
The panel discussion circled around three main themes; modeling and systems engine-ering in eduction, employing equation-based languages in systems design, and formaliza-tion of model representations.
2.1 MODELING AND SYSTEMS ENGINEERING IN EDUCATIONC. Jacobson put forward the observation that systems engineering is no longer taught by academic institutions. As a consequence, graduated engineers lack experience with systems design tools, which are widely used in industry. In cases where systems design courses are offered by universities, they are often taught by industrial practitioners that are brought in for the occasion.
E. Lee suggested to introduce a new topic into program curricula: Model Engineering. While this topic would build on established disciplines, it would emphasize that the con-cept of modeling as a key element in systems engineering. What is currently offered by universities in this area is generally weak. E. Lee made an analogy to software engine-ering, which has a long-time tradition within academia, and which contains a number of structured concepts that are taught systema-tically. Concepts suggested to be integrated into the topic model engineering include object-orientation, represented by languages such as Modelica, and refactoring of model code, which is a standard technique in soft-ware engineering.
A. Benveniste noted that mathematics is and must remain a fundamental element of systems engineering mathematics is every-
where! It was also noted that French software industry emphasizes systems engineering for this particular reason.
2.2 EMPLOYING EQUATION-BASED LANGUAGES IN SYSTEMS DESIGNIn his opening note, H. Elmqvist talked about recent directions in the development of the Modelica language. The latest version of Modelica supports synchronous constructs. State-machines have been added in order to promote modeling of clock and sequential control systems. H. Elmqvist stressed the need to continue to expand the scope of Modelica to cover areas such as requirements mana-gement, integration with 3D modeling tools, Monte Carlo analysis, embedded optimization in physical models and systems design in ge-neral. H. Elmqvist also took the opportunity to invite everybody to interact and to contribute to the further development of Modelica.
C. Jacobson commented that equation-based languages are currently not used to their full potential. Given the languages and tools available today, we can move from ex-perimentation based on simulation to compu-tations in systems design. C. Jacobson men-tioned Six Sigma and Monte Carlo techniques as targets for integration with computational frameworks based on physical models, and he highlighted rich opportunities for research in the area, for example in propagation of uncertainty.
C. Laird talked about the interplay between algorithm design and modeling, specifially in the context of dynamic optimization of large-scale non-linear systems. In effect, the way models are constructed is affected by the ca-pabilities of such algorithms. In addition, the need for exploitation of structure in models was stressed.
-
8 PANEL DISCUSSION
2.3 FORMALIZATION OF MODELSA. Benveniste used the fighter aircraft Rafale to exemplify the need for integrated and formal methods in requirements managment and veri-fication. Approximately 250.000 requirements were considered in the design. The process was characterized by informal handling of the requi-rements, multiple engaged sub-contractors, and often, requirements verification without mo-dels. In other activities in the project, however, models were developed and used extensively, including system dimensioning, control design and Product Lifecycle Management (PLM). Typi-cally, very different modeling tools were used for these purposes. Based on the example, A. Ben-veniste put forward questions to be adressed in research and in industrial practice. How to fuse the model-based tools in order for models to become widely available in different processes? How does the V-model for product development come into play in this context? What is needed in terms of Modelica extensions in order to ac-comodate the needs exemplified in the Rafale project?
In his remarks, E. Lee reasoned about what properties of models we should value. Three aspects were brought forward. Firstly, fidelity of models is a key property, that is to what de-gree the models mimic a given system. Secondly, understandability of a model, something we are often eager to sacrifice, should be valued. E. Lee called for a cultural change in this respect we should be proud of small models! Thirdly, analyzability of a model is important in order to perform model-based analyses such as model checking and verification. E. Lee stressed in this context the need for formal model description formats.
-
9
3.1 IMPORTANT OBSERVATIONS Different approaches to modeling of hybrid
systems were discussed during the work-shop. This seems to be one of the core chal-lenges in the area, i.e., to develop a rigorous mathematical formalism to describe the semantics of models encoded in languages such as Modelica, Ptolemy and VHDL-AMS, and in model exchange standards such as FMI.
The interest in model exchange formats which are neutral with respect to physical domain, modeling language, and software tool is increasing. The Functional Mock-up Interface is rapidly being adopted in research and in industry, which was evident from se-veral presentations. In addition, the CIF for-mat which resulted from the MULTIFORMS project was presented.
The interest in Modelica is broadening, and the scope of the language is expanding from primarily modeling of physical systems to control systems and systems design. Speci-fically, synchronous extensions to Modelica and optimization based on Modelica models were discussed. Also, the potential of Mo-delica in systems design was high-lighted during the panel discussion.
The need for formal verification of require-ments, and approaches to solving such pro-blems was a strong theme during the work-shop. This topic was high-lighted during the panel discussion in the context of aircraft control systems and in several presentations.
Some speakers bore witness to difficulties in applying software for non-convex dynamic optimization to industrial problems. The level of maturity of existing algorithms for such problems seems to be significantly less than
3. Summary and outlook
for simulation tools targeting the same class of systems.
Extensible languages and compilers is beco-ming feasible through research efforts in the computer science community. Two different approaches to compiler extensibility was dis-cussed in the workshop presentations.
Python holds a strong position in the scien-tific computing field, which was underlined in a number of presentations.
3.2 OPEN PROBLEMS Modeling formalizms for hybrid systems.
Several speakers touched upon modeling for-malisms for hybrid systems. While there are different frameworks available for descrip-tion of hybrid systems, consensus is yet to be reached upon the semantic behaviour and a unified mathematical theory.
Robustness of numerical optimization algorithms for large-scale non-linear dnamic systems. The academic community has produced a large body of algorithms for optimization of large-scale non-linear dy-namic systems. Still, industrial practitioners experiences significant challenges in apply-ing such algorithms to problems relevant for their applications.
Physical modeling languages for convex optimization. Current modeling languages such as VHDL-AMS and Modelica target con-struction of non-linear and hybrid physical system models, which are not immediately useful as a basis for the large body of availa-ble optimization algorithms for convex opti-mization. Still, many physical systems can be modeled in order to fulfill the requirements of convex optimization. Accordingly, chal-lenges remain in combining concepts from EOOL and convex optimization.
-
10 SUMMARY AND OUTLOOK
3.3 ACTIONSFrom the discussions during the workshop, it is clear that there are rich opportunities for cross fertilization between different fields represen-ted by speakers and paricipants. Based on these discussions, the following actions are recom-mended.
More efforts are needed in terms of language support for optimization. Several presentations touched upon this topic and several interesting directions were mentioned, including convex optimization formulations based on physical modeling languages, challenges in application of state-of-the-art optimization algorithms to large-scale physical models, and industrial applications.
Increased interaction is needed between communities working with modeling for-malisms for hybrid systems. It is clear that there are several research groups developing modeling formalisms for hybrid systems, as well as industrial initiatives such as FMI and Modelica. Interactions between these groups would be beneficial in order to develop a unified framework for modeling of hybrid sys-tems. An initiative in this direction was taken by the Modelica community, represented by H. Elmqvist, who visited E. Lees group in the weeks following the workshop.
Establishment of a repository of dy-namic benchmark models of industrial grade to support research in systems design. Development of relevant industrial grade models requires a high level of exper-tise, that this not always available in research projects targeting systems design. Such pro-jects benefit from freely available dynamic models.
-
11PANEL DISCUSSION
Wednesday, September 19, 2012
08.30-09.00 Registration09.00-09.10 Opening session09:10-10:10 Non-standard semantics of hybrid systems modelers Albert Benveniste, IRISA/INRIA Equations, Synchrony, Time, and Modes Edward A. Lee, EECS, UC Berkeley10:10-10:40 Coffee10:40-12:10 Formal Modeling and Analysis of Software Systems with Lustre Mike Whalen, University of Minnesota Systems Engineering: Status of Industrial Use, Opportunities and Needs Clas Jacobson, United Technologies Systems & Controls Engineering The OpenModelica Environment including Static and Dynamic Debugging of Modelica Models and Systems Engineering / Design verification Peter Fritzson, Linkping University, PELAB12:10-13:30 Lunch13:30-15:00 The Dark Side of Object-Oriented Modelling: Numerical Problems, Existing Solutions, Future Perspectives Francesco Casella, Politecnico di Milano Bridging between different modeling formalisms results from the MULTIFORM project Sebastian Engell, TU Dortmund Equation-based Modeling and Control of Industrial Processes Johan Sjberg, ABB AB, Corporate Research and Linkping university15:00-15:30 Coffee15:30-16:30 FMI: Functional Mockup Interface for Model Exchange and Co-Simulation Torsten Blochwitz, ITI GmbH Dresden Vertical Integration in Tool Chains for Modeling, Simulation and Optimization of Large-Scale Systems Johan kesson, Modelon AB and Lund University
Thursday, September 20, 2012
09:00-10:00 System Design From Requirements to Implementation Alberto Ferrari, ALES S.r.l. Synchronous Control and State Machines in Modelica Hilding Elmqvist, Dassault Systmes AB10:00-10:30 Coffee
Appendix A PROGRAM
-
12 PANEL DISCUSSION
10:30-12:00 Extensible Programming and Modeling Languages Eric Van Wyk, University of Minnesota Extensible compiler architecture examples from JModelica.org Grel Hedin, Lund University Constraint satisfaction methods in embedded system design Krzysztof Kuchcinski, Lund University12:00-13:30 Lunch13:30-15:00 Discussion15:00-15:30 Coffee15:30-16:30 Dynamical models for industrial controls: use cases and challenges Fernando DAmato, GE Global Research Center Origins of Equation-Based Modeling Languages Karl Johan strm, Lund University18:20 Gathering at Bangatan 14 (next to Ica Kvantum Malmborgs)19:00 Workshop dinner at Hckeberga castle
Friday, 21 September, 2012
09:15-10:00 Panel discussion10:00-10:30 Coffee10:30-12:00 Pyomo: Optimization Modeling in Python Carl Laird, Texas A&M University Efficient symbolical and numerical algorithms for nonlinear model predictive control with OpenModelica Bernhard Bachmann, Fachhochschule Bielefeld University of Applied Sciences Algorithmic differentiation: Sensitivity analysis and the computation of adjoints Andrea Walther, Universitt Paderborn12:00-13:00 Lunch13:00-14:30 CasADi: A Tool for Automatic Differentiation and Simulation-Based Nonlinear Programming Moritz Diehl, OPTEC KU Leuven Modeling Seen as Programming Klaus Havelund, Jet Propulsion Laboratory, California Institute of Technology Verification of Stiff Hybrid Systems by Modeling the Approximations of Computational Semantics Pieter J. Mosterman, MathWorks14:30-15:00 Coffee15:00-16:00 Assimulo a Python package for solving differential equation with interface to equation based languages Claus Fhrer, Lund University Functional Development with Modelica Stefan-Alexander Schneider, Schneider System Consulting16:00-16:05 Closing
-
13
Appendix B PARTICIPANTSChristian Andersson Joel Andersson Bernhard Bachmann Albert Benveniste Karl BerntorpEnrico Bini Torsten Blochwitz Anders Blomdell Francesco Casella Fernando DAmato Moritz DiehlAdam Duracz Jonas Eborn Johans Eker Hilding Elmqvist Sebastian Engell Alberto Ferrari Niklas ForsPeter Fritzson Claus Fhrer Mahdi Ghazaei Joris Gillis Christian Grussler Manuel Grber Meng Guo Magnus Gfvert Gabriel Hackebeil Mathias HaagePer Hagander Ulf Hagberg Klaus Havelund Grel Hedin Clas Jacobson Jrn JanneckKrzysztof KuchcinskiCarl LairdEdward LeeFredrik Magnusson Sven Erik Mattsson Pieter Mosterman
Lund University KU Leuven Bielefeld University IRISA/INRIALund University Lund University ITI GmbhLund UniversityPolitecnico di MilanoGeneral Electric Global ResearchKU Leuven Halmstad University ModelonEricssonDassault Systmes AB University of Dortmund ALESLund University Linkping University Lund UniversityLund University KU Leuven Lund UniversityTU BraunschweigKTH ModelonTexas A&M UniversityLund University Lund University ABBJPL-NASALund UniversityUnited Technologies Res. CenterLund UniversityLund UniversityTexas A&M University University of California Lund University Dassault Systmes ABMcGill University/Mathworks
[email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected]@kth.se [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected]
-
14 PARTICIPANTS
Anders Nilsson Bjrn Olofsson Hans OlssonAlessandro PapadopoulosAnders RantzerStefan-Alexander SchneiderEelco Scholte Johan Sjberg Emma Sderberg Walid TahaHubertus TummescheitAndreas Varchmin Eric van Wyk Andrea Walther Mike Whalen Daniel WordJohan kesson Karl-Erik rzn Karl Johan strm
Lund University Lund UniversityDassault Systmes AB Politecnico di Milano Lund UniversityBMWUnited Technologies Res. CenterABB Corporate Research Lund University Halmstad University Modelon ABTU Braunschweig University of Minnesota Universitt Paderborn University of Minnesota Texas A&M University Lund University/Modelon Lund UniversityLund University
[email protected] [email protected] [email protected] [email protected]@[email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected]@cs.umn.edu [email protected] [email protected] [email protected] [email protected] [email protected] [email protected]
-
15
Appendix C PRESENTATIONSNON-STANDARD SEMANTICS OF HYBRID SYSTEMS MODELERSAlbert Benveniste, IRISA/INRIA
Hybrid system modelers have become a corner stone of complex embedded system development. Embedded systems include not only control components and software, but also physical devices. In this area, Simulink is a de facto standard design framework, and Modelica a new player. However, such tools raise several issues related to the lack of reproducibility of simulations (sensitivity to simulation parameters and to the choice of a simulation engine). In this paper we propose using techniques from non-standard analysis to define a semantic domain for hybrid systems. Non-standard analysis is an extension of classical analysis in which in-finitesimal (the and in the celebrated generic sentence of college maths) can be manipulated as first class citizens. This approach allows us to define both a denotational semantics, a constructive semantics, and a Kahn Process Network semantics for hybrid systems, thus establishing simulation engines on a sound but flexible mathematical foundation. These semantics offer a clear distinction between the concerns of the numerical analyst (solving differential equations) and those of the computer scientist (generating execution schemes). We also discuss a num-ber of practical and fundamental issues in hybrid system modelers that give rise to non-reproducibility of results, non-determinism, and undesirable side effects. Of particular importance are casca-ded mode changes (also called zero-crossings in the context of hybrid systems modelers).
-
16 PRESENTATIONS
Non
-Sta
ndar
dS
eman
tics
ofH
ybrid
Sys
tem
sM
odel
ers
Alb
ertB
enve
nist
eTi
mot
hyB
ourk
eB
eno
tCai
llaud
Mar
cPo
uzet
INR
IAR
enne
san
dE
NS
Ulm
,Fra
nce
Sep
tem
ber1
4,20
12
Diffi
culti
esin
Hyb
ridS
yste
ms
Mod
eler
s
Som
eex
ampl
es
Non
-Sta
ndar
dH
ybrid
Sys
tem
s(fo
rthe
mat
h-av
erse
)
Non
-Sta
ndar
dA
naly
sis
and
Sta
ndar
disa
tion
(fort
hefa
n)
Non
-Sta
ndar
dH
ybrid
Sys
tem
san
dth
eirS
tand
ardi
satio
n
The
SIM
PLE
HY
BR
IDm
ini-l
angu
age
Con
clus
ion
Diffi
culti
esin
Hyb
rid
Sys
tem
sM
odel
ers
C
asca
ded
zero
-cro
ssin
gsan
dst
artn
-kill
sof
OD
E/D
AE
ZC
can
trave
rse,
tang
ent,
beth
ick.
..ho
wto
defin
eth
em?
ca
scad
es:
finite
?bo
unde
d?
solv
erca
nst
opin
zero
time
ifin
itial
ized
ona
zero
-cro
ssin
g
isth
isth
edu
tyof
Con
tinuo
usor
Dis
cret
e?
U
seof
agl
obal
solv
er
no
n-in
tera
ctin
gsu
bsys
tem
sin
tera
ct!
tim
esc
ales
prop
agat
eev
eryw
here
H
ot/C
old
rest
arto
fsol
vers
S
licin
gD
iscr
ete/
Con
tinuo
usis
esse
ntia
l
st
rang
ehy
brid
D+
CS
imul
ink/
Sta
teflo
wdi
agra
ms
can
besp
ecifi
edth
eyge
tstra
nge
retu
rns
from
the
tool
th
eM
odel
ica
cons
ortiu
mha
sm
ade
this
ace
ntra
leffo
rt
Diffi
culti
esin
Hyb
rid
Sys
tem
sM
odel
ers
C
asca
ded
zero
-cro
ssin
gsan
dst
artn
-kill
sof
OD
E/D
AE
ZC
can
trave
rse,
tang
ent,
beth
ick.
..ho
wto
defin
eth
em?
ca
scad
es:
finite
?bo
unde
d?
solv
erca
nst
opin
zero
time
ifin
itial
ized
ona
zero
-cro
ssin
g
isth
isth
edu
tyof
Con
tinuo
usor
Dis
cret
e?
U
seof
agl
obal
solv
er
no
n-in
tera
ctin
gsu
bsys
tem
sin
tera
ct!
tim
esc
ales
prop
agat
eev
eryw
here
H
ot/C
old
rest
arto
fsol
vers
S
licin
gD
iscr
ete/
Con
tinuo
usis
esse
ntia
l
st
rang
ehy
brid
D+
CS
imul
ink/
Sta
teflo
wdi
agra
ms
can
besp
ecifi
edth
eyge
tstra
nge
retu
rns
from
the
tool
th
eM
odel
ica
cons
ortiu
mha
sm
ade
this
ace
ntra
leffo
rt
-
17PRESENTATIONS
Diffi
culti
esin
Hyb
rid
Sys
tem
sM
odel
ers
C
asca
ded
zero
-cro
ssin
gsan
dst
artn
-kill
sof
OD
E/D
AE
ZC
can
trave
rse,
tang
ent,
beth
ick.
..ho
wto
defin
eth
em?
ca
scad
es:
finite
?bo
unde
d?
solv
erca
nst
opin
zero
time
ifin
itial
ized
ona
zero
-cro
ssin
g
isth
isth
edu
tyof
Con
tinuo
usor
Dis
cret
e?
U
seof
agl
obal
solv
er
no
n-in
tera
ctin
gsu
bsys
tem
sin
tera
ct!
tim
esc
ales
prop
agat
eev
eryw
here
H
ot/C
old
rest
arto
fsol
vers
S
licin
gD
iscr
ete/
Con
tinuo
usis
esse
ntia
l
st
rang
ehy
brid
D+
CS
imul
ink/
Sta
teflo
wdi
agra
ms
can
besp
ecifi
edth
eyge
tstra
nge
retu
rns
from
the
tool
th
eM
odel
ica
cons
ortiu
mha
sm
ade
this
ace
ntra
leffo
rt
Diffi
culti
esin
Hyb
ridS
yste
ms
Mod
eler
s
Som
eex
ampl
es
Non
-Sta
ndar
dH
ybrid
Sys
tem
s(fo
rthe
mat
h-av
erse
)
Non
-Sta
ndar
dA
naly
sis
and
Sta
ndar
disa
tion
(fort
hefa
n)
Non
-Sta
ndar
dH
ybrid
Sys
tem
san
dth
eirS
tand
ardi
satio
n
The
SIM
PLE
HY
BR
IDm
ini-l
angu
age
Con
clus
ion
Som
eex
ampl
es1:
infin
iteca
scad
e
8 < :y
=0
init
1
rese
t[1,
1]ev
ery
up[x
,x]
x=
0in
it
1re
set[
1,1,
1]ev
ery
up[y
,y,
z]z
=1
init
1
Not
eth
atz
isju
sta
phys
ical
cloc
k.S
o,su
chan
exam
ple
can
aris
ew
ithd
iscr
ete
syst
ems
follo
win
gth
edi
scre
te/h
ybrid
clas
sific
atio
nin
forc
ein
the
com
mun
ityof
hybr
idsy
stem
sm
odel
ers.
yx
+1
1
2
34
56
1 here
and
subs
eque
ntly
,is
infin
itesi
mal
Som
eex
ampl
es2:
slid
ing
mod
e
x
=0
init
sg
n(y 0
)re
set[
1,1]
ever
yup
[y,
y]y
=x
init
y 0
23
45
6
+
1
+1
|y
0|
x y
This
isa
sim
ple
form
fora
nA
BS
syst
em.
Cor
resp
ondi
nga
vera
ged
syst
emis
:
y=
sgn(
y 0),
fort
hein
terv
al[0
,|y 0|)
0fo
r[|y
0|,
),
-
18 PRESENTATIONS
Som
eex
ampl
es3:
finite
casc
ade
8 < :x
=0
init
0re
set[
last
(x)+
1,la
st(x
)+
2]ev
ery
up[y
,z]
z=
1in
it
1y
=0
init
1re
set[
1]ev
ery
up[z
]
1
+1
+2
+3
x y
23
45
61
Her
eth
equ
estio
nis
:ho
wsh
ould
the
rese
ton
xan
dy
bepe
rform
ed?
Her
ew
eha
vead
opte
da
mirc
o-st
epin
terp
reta
tion
refle
ctin
gca
usal
itybe
twee
nth
etw
ore
sets
.A
diffe
rent
inte
rpre
tatio
nis
ofte
npr
opos
edby
exis
ting
mod
eler
s.
Som
eex
ampl
es4:
balls
onw
all
12
w1
d 1
8 > > < > > :
x 1=
v 1in
itd 1
x 2=
v 2in
itd 2
v 1=
0in
itw
1re
setl
ast(
v 2)
ever
yup
[x1
x 2]
v 2=
0in
itw
2re
set[
last
(v1),
last
(v2)]
ever
yup
[x1
x 2,x
2]
Her
eth
edi
fficu
ltyis
the
casc
ade
invo
lvin
g
1.ba
ll1
hitti
ngba
ll2,
resu
lting
inba
ll2
mov
ing
toth
erig
ht(r
eset
)
2.w
hich
caus
esba
ll2
tohi
tthe
wal
lim
med
iate
ly(O
DE
activ
ated
forz
ero
time)
3.re
sulti
ngin
ball
2m
ovin
gba
ckw
ard
(res
et)
4.fo
llow
edby
the
sym
met
ricsh
eme.
Que
stio
ns
C
anw
epr
opos
ea
sem
antic
dom
ain
fort
hese
(and
all)
exam
ples
?
C
anw
eus
eit
to
iden
tify
exam
ple
(1)a
spa
thol
ogic
al,b
utno
texa
mpl
e(2
)?
tode
cide
onth
ese
man
tics
ofex
ampl
e(3
)?
togi
vea
sem
antic
sto
exam
ple
(4)?
M
ore
gene
rally
,can
we
deve
lop
ase
man
ticdo
mai
nto
serv
eas
am
athe
mat
ical
basi
sfo
rthe
man
agem
ento
f(po
ssib
lyca
scad
ed)
zero
-cro
ssin
gs?
yx
+1
1
2
34
56
1
1
+1
+2
+3
x y
23
45
61
12
w1
d 1
(1)
(2)
(3)
(4)
23
45
6
+
1
+1
|y
0|
x y
The
grea
tide
a:no
n-st
anda
rdan
alys
is
Sup
pose
fora
whi
leth
atw
eca
ngi
vea
form
alm
eani
ngto
the
follo
win
g:
y=
xm
eans
,by
defin
ition
:y t
+
y t
=x t
whe
re
isin
finite
sim
al
Lets
mak
ea
tria
luse
ofno
n-st
anda
rdan
aysi
s.Th
e
ofou
rexa
mpl
esw
illbe
iden
tified
with
the
abov
e
.B
ydo
ing
so,o
urdr
awin
gsbe
com
eth
ese
man
tics
ofca
scad
esan
dO
DE
sse
man
tics
isw
ritte
nas
trans
ition
rela
tions
invo
lvin
g
.
-
19PRESENTATIONS
Diffi
culti
esin
Hyb
ridS
yste
ms
Mod
eler
s
Som
eex
ampl
es
Non
-Sta
ndar
dH
ybrid
Sys
tem
s(fo
rthe
mat
h-av
erse
)
Non
-Sta
ndar
dA
naly
sis
and
Sta
ndar
disa
tion
(fort
hefa
n)
Non
-Sta
ndar
dH
ybrid
Sys
tem
san
dth
eirS
tand
ardi
satio
n
The
SIM
PLE
HY
BR
IDm
ini-l
angu
age
Con
clus
ion
Non
-Sta
ndar
dTi
me
Bas
e
Fix
anin
finite
sim
alba
sest
ep
time
base
:T
={t
n=
n|n
Z}
defin
et
T
: t
=
max
{s|s
T,
st}
Tof
fers
the
butte
rand
the
mon
eyof
the
butte
r(p
opul
arfre
nch
idio
m):
(i)T
isto
tally
orde
red
(ii)
ever
ysu
bset
ofT
that
isbo
unde
dfro
mab
ove
bya
finite
(non
-sta
ndar
d)nu
mbe
rhas
aun
ique
max
imal
elem
ent
(iii)
Tis
dens
ein
RB
y(i)
and
(ii)T
look
sd
iscr
ete
By
(iii),
Tlo
oks
con
tinuo
us
Non
-Sta
ndar
dTi
me
Bas
e
T=
{tn
=n
|n
Z}
t
T:
t
=m
ax{s
|s
T,s
t}
OD
E:
x=
f(x,
u)|
{z}
(pos
sibl
yno
twel
ldefi
ned)
x t=
xt+
f(x
t,u
t)|
{z}
(alw
ays
wel
ldefi
ned)
Stre
ams
ofev
ents
gene
rate
dby
the
zero
-cro
ssin
gsof
x:
x=
def
{t
T|x
t
1 n
ff>
1 n2
ff>
0
clos
eto
+
:
n
y n},
{n|x
n
y n},
{n|x
n
y n},
{n|x
n0
such
that
y
0du
ratio
nw
ithin
mod
es:
OD
E
fin
iteca
scad
esof
mod
ech
ange
s:su
per-
dens
etim
e(t
,n)
R
N
Non
-sta
ndar
d(
-dep
ende
nt)s
eman
tics:
sp
endi
ng
0du
ratio
nw
ithin
mod
es:
non-
stan
dard
OD
E
ca
scad
esof
mod
ech
ange
s:d
iscr
ete
dyna
mic
sin
dexe
dby
T
Theo
rem
:[s
tand
ardi
satio
n]if
the
Sse
man
tics
isw
ell-d
efine
d,th
enit
isth
est
anda
rdis
atio
nof
the
NS
(-d
epen
dent
)sem
antic
s,fo
rany
choi
ceof
-
27PRESENTATIONS
Non
-Sta
ndar
dH
ybri
dS
yste
ms,
Sta
ndar
disa
tion
Pri
ncip
le
a inv
aria
nt:
dyna
mic
s:V b
gb a(x
)
0x
=f a
(x,t
)
bgb a
(x)
>0
/x
:=zb a
(x,t
)
Sta
ndar
dse
man
tics:
sp
endi
ngst
anda
rd>
0du
ratio
nw
ithin
mod
es:
OD
E
fin
iteca
scad
esof
mod
ech
ange
s:su
per-
dens
etim
e(t
,n)
R
NN
on-s
tand
ard
(-d
epen
dent
)sem
antic
s:
sp
endi
ng
0du
ratio
nw
ithin
mod
es:
non-
stan
dard
OD
E
ca
scad
esof
mod
ech
ange
s:d
iscr
ete
dyna
mic
sin
dexe
dby
T
Theo
rem
:[s
tand
ardi
satio
n]if
the
Sse
man
tics
isw
ell-d
efine
d,th
enit
isth
est
anda
rdis
atio
nof
the
NS
(-d
epen
dent
)sem
antic
s,fo
rany
choi
ceof
Non
-Sta
ndar
dH
ybri
dS
yste
ms,
Sta
ndar
disa
tion
Pri
ncip
le
a inv
aria
nt:
dyna
mic
s:V b
gb a(x
)
0x
=f a
(x,t
)
bgb a
(x)
>0
/x
:=zb a
(x,t
)
Sta
ndar
dse
man
tics:
sp
endi
ngst
anda
rd>
0du
ratio
nw
ithin
mod
es:
OD
E
fin
iteca
scad
esof
mod
ech
ange
s:su
per-
dens
etim
e(t
,n)
R
NN
on-s
tand
ard
(-d
epen
dent
)sem
antic
s:
sp
endi
ng
0du
ratio
nw
ithin
mod
es:
non-
stan
dard
OD
E
ca
scad
esof
mod
ech
ange
s:d
iscr
ete
dyna
mic
sin
dexe
dby
T
Theo
rem
:[s
tand
ardi
satio
n]if
the
Sse
man
tics
isw
ell-d
efine
d,th
enit
isth
est
anda
rdis
atio
nof
the
NS
(-d
epen
dent
)sem
antic
s,fo
rany
choi
ceof
Non
-Sta
ndar
dH
ybri
dS
yste
ms,
Sta
ndar
disa
tion
Pri
ncip
le(e
xten
ded)
11
1
1.2.
3.4.
6.5.
12
21
2w
1
d 1
1w
12
12
22
12
Inth
isex
ampl
e,w
esu
cces
sive
lyha
ve,w
ithin
anin
finite
sim
alpe
riod
oftim
e:
1.a
first
casc
ade
ofz-
c(a
hitc
ausi
ngch
ange
sin
velo
citie
s)
2.th
ela
unch
ing
ofan
OD
Ew
ithan
imm
edia
tez-
c
3.an
othe
rcas
cade
ofz-
c,fo
llow
edby
the
sym
met
ricsc
hem
e.
Pro
vide
dth
atsu
cha
casc
ade
of{z
-c+
OD
Em
icro
-ste
ps}
rem
ains
finite
,a
supe
r-de
nse
time
sem
antic
sca
nbe
give
n.E
xecu
tion
isby
exec
utin
gth
esy
mbo
licno
n-st
anda
rdse
man
tics:
Ext
ende
dS
tand
ardi
satio
nP
rinci
ple.
Non
-Sta
ndar
dH
ybri
dS
yste
ms,
Sta
ndar
disa
tion
Pri
ncip
le(e
xten
ded)
11
1
1.2.
3.4.
6.5.
12
21
2w
1
d 1
1w
12
12
22
12
Non
-sta
ndar
dsy
mbo
licsi
mul
atio
nof
the
colli
ding
balls
exam
ple:
1.t=
,x
1=
w
1>
0
z-c
(zer
o-cr
ossi
ng)o
nx 1
x 2
.
2.
att=
2ba
llsex
chan
geve
loci
ties:
v 1=
0an
dv 2
=w
1.
3.t=
3,x
1=
2w
1an
dx 2
=w
1
OD
Eha
sim
med
iate
z-c
onx 2
4.t=
4,x
1=
x 2=
2w
1,v
1=
0an
dv 2
=
w1.
5.t=
5,x
1=
2w
1an
dx 2
=w
1
z-c
x 1
x 2
6.
att=
6,x
1=
2w
1,x
2=
0,v 1
=
w1
and
v 2=
0.
-
28 PRESENTATIONS
Diffi
culti
esin
Hyb
ridS
yste
ms
Mod
eler
s
Som
eex
ampl
es
Non
-Sta
ndar
dH
ybrid
Sys
tem
s(fo
rthe
mat
h-av
erse
)
Non
-Sta
ndar
dA
naly
sis
and
Sta
ndar
disa
tion
(fort
hefa
n)
Non
-Sta
ndar
dH
ybrid
Sys
tem
san
dth
eirS
tand
ardi
satio
n
The
SIM
PLE
HY
BR
IDm
ini-l
angu
age
Con
clus
ion
The
SIM
PLE
HY
BR
IDm
ini-l
angu
age
and
itsse
man
tics
T=
def
{n} n
N
xt
=de
fx
t
(n
)=
(n
1)
(n
)=
(n+
1)
stat
emen
ttr
ansi
tion
rela
tion
y=
f(x)
y=
f(x)
y=
last
(x)
init
y 0y
= x
init
y 0
=
up(x
)
=
([ x
0])
y=
xin
ity 0
rese
tz
on\
z:
y=
y+
xon
z:
y=
z
y=
xev
ery
in
ity 0
befo
re
:y
=y 0
on
:y
=x
y=
pre(x
)in
ity 0
y=
xbe
fore
min
(y):
y=
y 0on
y:
y=
x
S1
S2
conj
unct
ion
abor
ting
OD
E
ZC
thre
ety
pes
ofze
ro-c
ross
ing
none
edfo
rle
ft/rig
htlim
it
allZ
C+
abor
ting
OD
Ein
S:
S
The
SIM
PLE
HY
BR
IDm
ini-l
angu
age
and
itsse
man
tics
T=
def
{n} n
N
xt
=de
fx
t
(n
)=
(n
1)
(n
)=
(n+
1)
stat
emen
ttr
ansi
tion
rela
tion
y=
f(x)
y=
f(x)
y=
last
(x)
init
y 0y
= x
init
y 0
=
up(x
)
=
([ x
0])
y=
xin
ity 0
rese
tz
on\
z:
y=
y+
xon
z:
y=
z
y=
xev
ery
in
ity 0
befo
re
:y
=y 0
on
:y
=x
y=
pre(x
)in
ity 0
y=
xbe
fore
min
(y):
y=
y 0on
y:
y=
x
S1
S2
conj
unct
ion
abor
ting
OD
E
ZC
thre
ety
pes
ofze
ro-c
ross
ing
none
edfo
rle
ft/rig
htlim
it
allZ
C+
abor
ting
OD
Ein
S:
S
Slic
ing
disc
rete
com
pile
r
SS
uu
OD
Eso
lver
-
29PRESENTATIONS
Slic
ing
disc
rete
com
pile
r
SS
uu
OD
Eso
lver
stat
emen
tofS
Ass
igne
dto
SA
ssig
ned
toS
y=
f([x
])on
S
:y
=f(
[x])
outs
ide
S
:y
=f(
[x])
y=
last
(x)
on
S:
y=
last
(x)
outs
ide
S
:y
=la
st(x
)
=
up(x
)
=up
(x)
y=
xin
ity 0
y=
xre
set
zon
S\
S:
y=
xin
ity 0
on
S\
S:
y=
xre
set
zou
tsid
e
S:
y=
xin
ity 0
outs
ide
S
:y
=x
rese
tz
y=
[x]
ever
y[
]y
=[x
]in
ity 0
y=
[x]
ever
y[
]y
=[x
]in
ity 0
y=
pre
(x)
y=
init
y 0y
=pr
e(x
)y
=in
ity 0
Furt
her
use
ofN
on-S
tand
ard
Sem
antic
s
C
ausa
lity
Ana
lysi
san
dC
onst
ruct
ive
Sem
antic
s
co
mpi
latio
nan
dco
dege
nera
tion
cl
ock-
awar
eco
mpi
latio
n
new
appl
icat
ion:
DA
Ean
din
dex
anal
ysis
K
ahn
Net
wor
kse
man
tics
(KP
Nar
gum
ents
exte
ndto
N
)
di
strib
uted
sim
ulat
ion
&m
ultip
leso
lver
sto
avoi
dun
wan
ted
coup
ling
due
toad
aptiv
est
epsi
ze
Diffi
culti
esin
Hyb
ridS
yste
ms
Mod
eler
s
Som
eex
ampl
es
Non
-Sta
ndar
dH
ybrid
Sys
tem
s(fo
rthe
mat
h-av
erse
)
Non
-Sta
ndar
dA
naly
sis
and
Sta
ndar
disa
tion
(fort
hefa
n)
Non
-Sta
ndar
dH
ybrid
Sys
tem
san
dth
eirS
tand
ardi
satio
n
The
SIM
PLE
HY
BR
IDm
ini-l
angu
age
Con
clus
ion
Con
clus
ion
Non
-sta
ndar
dse
man
tics
isno
tjus
tfor
the
fun
ofA
lber
tBen
veni
ste
it
give
sa
sem
antic
sto
alls
ynta
ctic
ally
wel
l-for
med
prog
ram
s
no
hand
wav
ing,
none
edfo
robs
cure
cont
inui
ty/z
eno
assu
mpt
ion
co
mpo
sitio
nal
this
isw
hatt
hela
ngua
gede
sign
erne
eds
pr
ovid
esse
man
ticsu
ppor
tfor
cloc
k-aw
are
caus
ality
anal
ysis
cl
ock-
awar
eco
-sim
ulat
ion
(get
ting
ridof
glob
also
lver
s)
futu
re:
exte
ndto
DA
E
pr
ovid
esse
man
ticsu
ppor
tfor
Dis
cret
e/C
ontin
uous
slic
ing
N
Ssy
mbo
licsi
mul
atio
nof
abor
ting
OD
Es
fu
ture
:si
ngul
arpe
rtur
batio
nsan
dm
ultip
letim
e-sc
ales
Pre
vent
sth
ede
sign
erfro
mth
ene
edfo
rman
uals
moo
thin
g(n
onco
mpo
sitio
nalb
ecau
seba
ndw
idth
-dep
ende
nt)
You
hybr
idgu
ys,g
ole
arni
ngit!
-
30 PRESENTATIONS
EQUATIONS, SYNCHRONY, TIME, AND MODESEdward A. Lee, EECS, UC Berkeley
The key principle behind equation-based languages is that com-ponents in a system interact with one another not by reacting to inputs to produce outputs, but rather by asserting relationships between the values of variables that they share. This principle is closely related to key principle behind synchronous-reactive (SR) languages, where the meaning of a composition of components is a fixed-point solution to a system of equations. In both cases, interactions between components is a dialog, with give and take, rather than a monolog. SR languages have been used to model discrete behaviors primarily, whereas equation-based languages, particularly Modelica, have been used to model continuous dy-namics primarily. In this talk, I will show how to bridge the two.
Synchronous programs execute a sequence of (conceptually) simultaneous and instantaneous computations. Each step in the sequence is called a tick of a conceptual clock that governs the execution. Distinctly lacking, however, is any notion of metric or measurable time in this clock, so there is no foundation in these languages for modeling continuous dynamics. The ticks form a sequence, not a time line. In fact, a correct execution of a synchronous program (conformant with the semantics) can take as much time as it likes between ticks. The intervals need not even be constant or defined.
In this talk, I will review the principles of synchronous semantics and show how they can be extended to provide a rigorous foun-dation for timed systems that do have a metric notion of time. In particular, I will show how discrete-event (DE) and continuous-time models can be built on top of synchronous semantics. I will also introduce a hierarchical multiform time that allows time progress at different rates in different parts of the system, and I will show how the underlying synchronous semantics ensures determinacy and preserves causality. This multiform model of time provides a foundation for modal behaviors and hybrid systems.
-
31PRESENTATIONS
Equa
tions
, Sy
nchr
ony,
Ti
me,
and
M
odes
E
dwar
d A
. Lee
R
ober
t S. P
eppe
r Dis
tingu
ishe
d P
rofe
ssor
U
C B
erke
ley
Invi
ted
Talk
at W
orks
hop:
Sy
stem
Des
ign
mee
ts E
quat
ion-
base
d La
ngua
ges:
Wor
ksho
p Pr
ogra
m
Lund
s, S
wed
en,
Sep
t. 18
-21
Col
labo
rativ
e w
ith:
A
dam
Cat
aldo
Patr
icia
Der
ler
Jo
hn E
idso
n
Xiao
jun
Liu
El
efth
erio
s M
atsi
koud
is
H
aiya
ng Z
heng
Lee,
Ber
kele
y 2
Wha
t is
the
mom
entu
m o
f the
mid
dle
ball
as a
func
tion
of ti
me?
p(t)=
mv(
t)
Lee,
Ber
kele
y 3
Wha
t is
the
mom
entu
m o
f the
mid
dle
ball
as a
func
tion
of ti
me?
It
mig
ht s
eem
: p(
t)=
mv(
t)
v(t)=
0
p(t)=
0Le
e, B
erke
ley
4
But
no,
it is
: w
here
t i is
the
time
of c
ollis
ion
v(t)=
{K,
t=t i
0ot
herw
ise
-
32 PRESENTATIONS
Lee,
Ber
kele
y 5
Sin
ce p
ositi
on is
the
inte
gral
of
vel
ocity
, and
the
inte
gral
of
v is
zer
o, th
e ba
ll do
es n
ot
mov
e.
v(t)=
{K,
t=t i
0ot
herw
ise
K
t i Le
e, B
erke
ley
6
v(t)=
{K,
t=t i
0ot
herw
ise
A d
iscr
ete
repr
esen
tatio
n of
th
is s
igna
l with
sam
ples
is
inad
equa
te.
K
t i
Lee,
Ber
kele
y 7
Sam
ples
yie
ld d
iscr
ete
sign
als
A si
gnal
is
sam
pled
at t
ags
t t 0
t 1 t 2 t
3 t s
...
A s
igna
l s is
dis
cret
e if
ther
e is
an
orde
r em
bedd
ing
from
its
tag
set
( s )
(th
e ta
gs fo
r whi
ch it
is d
efin
ed a
nd n
ot
abse
nt) t
o th
e na
tura
l num
bers
(und
er th
eir u
sual
ord
er).
Not
e: B
enve
nist
e et
al.
use
a di
ffere
nt (a
nd le
ss u
sefu
l?) n
otio
n of
dis
cret
e.
(s)={t0,t 1,...}T
s:TD
Lee,
Ber
kele
y 8
v(t)=
{K,
t=t i
0ot
herw
ise
No
disc
rete
sub
set o
f rea
l-va
lued
tim
es is
ade
quat
e to
un
ambi
guou
sly
repr
esen
t thi
s si
gnal
. K
t i
-
33PRESENTATIONS
Lee,
Ber
kele
y 9
v(t)=
{K,
t=t i
0ot
herw
ise
Ther
e is
no
sem
antic
di
stin
ctio
n be
twee
n a
disc
rete
even
t and
a ra
pidl
y va
ryin
g co
ntin
uous
sig
nal.
K
t i Le
e, B
erke
ley
10
Sim
ulin
k/S
tate
flow
can
not a
ccur
atel
y m
odel
suc
h ev
ents
.
In S
imul
ink,
a s
igna
l can
onl
y ha
ve o
ne v
alue
at a
giv
en ti
me.
Hen
ce
Sim
ulin
k in
trodu
ces
solv
er-d
epen
dent
beh
avio
r.
Lee,
Ber
kele
y 1
1
1
1
Pto
lem
y II
uses
Sup
erde
nse
Tim
e [M
aler
, Man
na, P
nuel
li, 9
2]
for C
ontin
uous
-Tim
e S
igna
ls
At e
ach tag,
the
sign
al h
as e
xact
ly o
ne v
alue
. At e
ach
time
poin
t, th
e si
gnal
has
a s
eque
nce
of v
alue
s. S
igna
ls a
re p
iece
wis
e co
ntin
uous
, in
a w
ell-d
efin
ed te
chni
cal s
ense
, a p
rope
rty th
at m
akes
OD
E s
olve
rs w
ork
wel
l.
v:(R
N)
R3
v(t i,
0)=
0In
itial
val
ue:
Inte
rmed
iate
val
ue:
Fina
l val
ue:
v(t i,
1)=
K
v(t i,
n)=
0,n
2
Lee,
Ber
kele
y 1
2
Con
sequ
ence
s of
usi
ng S
uper
dens
e Ti
me
Tra
nsie
nt s
tate
s ar
e w
ell r
epre
sent
ed:
Inf
inite
ssim
als
(eve
n D
irac
delta
func
tions
):
Lee
LLLee
Lee
Lee,
LLLLLLLLLLLLLLLLLLLLLLLLLLLeB
erBBB
erB
erB
erBBBBBBBBBBBBBBBBBBBBBBBB
keleelkeleekele
keleeeeeeekeeeeeeeeekeeeeeekeeeeeee
y11
y1
y 1
y 111 11111 11111
2222
-
34 PRESENTATIONS
Lee,
Ber
kele
y 1
3
Mor
e C
onse
quen
ces:
H
ybrid
Sys
tem
Fi
nite
Sta
te M
achi
ne
Dya
nmic
s 1
Dyn
amic
s 2
Lee,
Ber
kele
y 1
4
Tran
sitio
ns b
etw
een
mod
es a
re in
stan
tane
ous
In th
e si
gnal
s at
the
right
, the
vel
ociti
es
and
acce
lera
tions
pro
ceed
thro
ugh
a se
quen
ce o
f val
ues
at th
e tim
es o
f the
co
llisi
ons
and
sepa
ratio
ns.
Lee,
Ber
kele
y 1
5
1
5
Sup
erde
nse
Tim
e
The
red
arro
ws
indi
cate
val
ue c
hang
es b
etw
een
tags
, whi
ch c
orre
spon
d to
dis
cont
inui
ties.
Sig
nals
are
con
tinuo
us fr
om th
e le
ft an
d co
ntin
uous
fro
m th
e rig
ht a
t poi
nts
of d
isco
ntin
uity
.
Lee,
Ber
kele
y 1
6 Le
e, B
erke
ley
16
Mod
al M
odel
s an
d M
ultif
orm
Tim
e O
nce
we
have
a
clea
n, in
stan
tane
ous
hand
off b
etw
een
mod
es, a
que
stio
n ar
ises
abo
ut h
ow to
m
odel
tim
e is
a
dorm
ant m
ode.
Act
or
Ref
inem
ent
FSM
Sta
te
Tran
sitio
n
Ref
inem
ent
Por
ts
Por
ts
Whe
n th
is m
ode
is in
activ
e,
shou
ld ti
me
adva
nce?
-
35PRESENTATIONS
Lee,
Ber
kele
y 1
7
The
Mod
al M
odel
Mud
dle
Its
abou
t tim
e A
fter t
ryin
g se
vera
l var
iant
s on
the
sem
antic
s of
mod
al
time,
we
settl
ed o
n th
is:
A m
ode
refin
emen
t has
a lo
cal n
otio
n of
tim
e. W
hen
the
mod
e re
finem
ent i
s in
activ
e, lo
cal t
ime
does
not
adv
ance
. Lo
cal t
ime
has
a m
onot
onic
ally
incr
easi
ng g
ap re
lativ
e to
en
viro
nmen
t tim
e.
Lee,
Ber
kele
y 1
8 1
Mul
tiFor
m T
ime
in P
tole
my
II
susp
end
resu
me
refe
renc
e tim
e
loca
l tim
e In
Pto
lem
y II
Mod
al M
odel
s,
Tim
e is
sus
pend
ed a
nd re
sum
ed
Lee,
Ber
kele
y 1
9
Var
iant
s fo
r the
Sem
antic
s of
Mod
al T
ime
that
we
Trie
d or
Con
side
red,
but
that
Fai
led
Mod
e re
finem
ent e
xecu
tes
whi
le i
nact
ive
but
inpu
ts a
re n
ot
prov
ided
and
out
puts
are
not
obs
erve
d.
Tim
e ad
vanc
es w
hile
mod
e is
inac
tive,
and
mod
e re
finem
ent
is re
spon
sibl
e fo
r ca
tchi
ng u
p.
Mod
e re
finem
ent i
s n
otifi
ed w
hen
it ha
s re
ques
ted
time
incr
emen
ts th
at a
re n
ot m
et b
ecau
se it
is in
activ
e.
Whe
n a
mod
e re
finem
ent i
s re
-act
ivat
ed, i
t res
umes
from
its
first
mis
sed
even
t. A
ll of
thes
e le
d to
som
e ve
ry s
trang
e m
odel
s
Fina
l sol
utio
n: L
ocal
tim
e do
es n
ot a
dvan
ce w
hile
a m
ode
is
inac
tive.
Mon
oton
ical
ly g
row
ing
gap
betw
een
loca
l tim
e an
d en
viro
nmen
t tim
e.
Lee,
Ber
kele
y 2
0
Onc
e w
e ha
ve m
ultif
orm
tim
e, w
e ca
n bu
ild a
ccur
ate
mod
els
of c
yber
-phy
sica
l sys
tem
s
-
36 PRESENTATIONS
Lee,
Ber
kele
y 2
1
Eng
inee
rs m
odel
phy
sica
l dyn
amic
s us
ing
di
ffere
ntia
l-alg
ebra
ic e
quat
ions
.
The
varia
ble
t re
pres
ents
an
idea
lized
N
ewto
nian
no
tion
of
time.
Le
e, B
erke
ley
22
But
com
puta
tiona
l pla
tform
s ha
ve n
o ac
cess
to t.
In
stea
d, lo
cal m
easu
rem
ents
of t
ime
are
used
.
A su
perd
ense
N
ewto
nian
no
tion
of ti
me
beco
mes
en
viro
nmen
t tim
e
Lee,
Ber
kele
y 2
3
Loca
l tim
e w
ithin
a h
iera
rchy
ca
n ad
vanc
e at
diff
eren
t rat
es.
Mod
el u
ses
ora
cle
time,
w
hich
bec
omes
env
ironm
ent t
ime
fo
r the
sub
syst
ems.
Mod
el in
tern
ally
use
s lo
cal t
ime
Dis
cret
e E
vent
MoC
Mod
el in
tern
ally
use
s lo
cal t
ime
Lee,
Ber
kele
y 2
4
Clo
cks
drift
Fab
ricat
ion
tole
ranc
e A
ging
T
empe
ratu
re
Hum
idity
V
ibra
tions
Q
ualit
y of
the
quar
tz.
Clo
ck d
rifts
mea
sure
d in
pa
rts p
er m
illio
n o
r ppm
1
ppm
cor
resp
onds
to a
dev
iatio
n of
1s
eve
ry s
econ
d
-
37PRESENTATIONS
Lee,
Ber
kele
y 2
5
Mul
tiFor
m T
ime
in P
tole
my
refe
renc
e tim
e
loca
l tim
e
Hea
ven
for e
ngin
eers
. Lo
cal t
ime
and
envi
ronm
ent
time
are
in s
ync!
Lee,
Ber
kele
y 2
6 2
Mul
tifor
m T
ime
in th
e R
eal W
orld
offs
et
refe
renc
e tim
e
loca
l tim
e R
ealit
y:
Ther
e is
an
offs
et b
etw
een
loca
l tim
e an
d en
viro
nmen
t tim
e
Lee,
Ber
kele
y 2
7 2
Mul
tifor
m T
ime
in P
tole
my
fast
clo
ck
slow
clo
ck refe
renc
e tim
e
loca
l tim
e M
ore
real
: clo
cks
drift
Lee,
Ber
kele
y 2
8 2
Mul
tifor
m T
ime
in P
tole
my
envi
ronm
ent t
ime:
t e st
art t
ime:
s e
, sl
offs
et:
o =
s e -
s l cl
ock
rate
: c l lo
cal t
ime:
t l =
(te - o
) c
l
t e
t l
s e
s lo
c l =
1.0
c l=
0.5
se
t clo
ck d
rift
Eve
n m
ore
real
: clo
ck d
rift c
hang
es!
-
38 PRESENTATIONS
Lee,
Ber
kele
y 2
9 2
Mul
tifor
m T
ime
in P
tole
my
envi
ronm
ent t
ime:
t e st
art t
ime:
s e
, sl
offs
et:
o =
s e -
s l cl
ock
rate
: c l lo
cal t
ime:
t l =
(te - o
) c
l
t e
t l
s e
s lo
c l =
1.0
c l=
0.5
se
t clo
ck d
rift
Pto
lem
y II
prov
ides
a
hier
arch
y of
loca
l clo
cks
This
can
be
used
, for
exa
mpl
e, to
acc
urat
ely
mod
el ti
me
sync
hron
izat
ion
prot
ocol
s.
Lee,
Ber
kele
y 3
0
Mul
tifor
m T
ime
is In
trins
ic!
Tim
e
Phys
ical
M
easu
red
Rela
tivis
tic
New
toni
an
Mic
ropr
oces
sor
Clo
ck
Sync
hron
ized
C
lock
NTP
PT
P, IE
EE 1
588
GPS
Mas
ter C
lock
TA
I
Tim
e in
physical
law
s,
mat
hem
atic
al,
cont
inuo
us
Tim
e in
digital s
yste
ms
Circ
uits
, dis
cret
e cl
ocks
, ge
nera
ting
wel
l def
ined
pe
riodi
c si
gnal
s
Clo
ck
sync
hron
izat
ion
Sou
rce:
Pat
ricia
Der
ler a
nd J
ohn
Eid
son
Lee,
Ber
kele
y 3
2
Oth
er Q
uest
ions
abo
ut T
ime:
1.
Pre
cisi
on
In fl
oatin
g-po
int f
orm
ats,
pr
ecis
ion
degr
ades
as
mag
nitu
de in
crea
ses
2.
Cle
ar S
eman
tics
of S
imul
tane
ity
Req
uire
s pr
ecis
e ad
ditio
n an
d su
btra
ctio
n, e
.g.
(a
+ b
) + c
= a
+ (b
+ c
). Fl
oatin
g-po
int n
umbe
rs d
ont
have
this
pro
perty
. Fl
oatin
g po
int n
umbe
rs a
re a
poo
r cho
ice
for m
odel
ing
time!
Lee,
Ber
kele
y 3
3
Con
clus
ions
Mod
elin
g tim
e as
a s
impl
e co
ntin
uum
is n
ot a
dequ
ate.
S
uper
dens
e tim
e of
fers
cle
an s
eman
tics
for i
nsta
ntan
eous
ev
ents
.
Hom
ogen
eous
tim
e ad
vanc
ing
unifo
rmly
is n
ot a
dequ
ate.
H
iera
rchi
cal m
ultif
orm
tim
e en
able
s ac
cura
te a
nd p
ract
ical
m
odel
s of
het
erog
eneo
us d
istri
bute
d sy
stem
s.
Flo
atin
g po
int n
umbe
rs fo
r tim
e ar
e no
t ade
quat
e.
A m
odel
with
inva
riant
pre
cisi
on a
nd p
reci
se a
dditi
on a
nd
subt
ract
ion
is.
-
39PRESENTATIONS
FORMAL MODELING AND ANALYSIS OF SOFTWARE SYSTEMS WITH LUSTREMike Whalen, University of Minnesota
Rockwell Collins and the University of Minnesota have used the synchronous dataflow language Lustre as a basis for a variety of analyses of industrial critical systems both for component level models written in Simulink and system architectural models writ-ten in AADL. This talk describes the approach, several examples of analyzed models as well as several challenges to extend the scale and variety of systems that can be practically analyzed.
-
40 PRESENTATIONS
Softw
are
Engi
neer
ing
Cen
ter
Mik
e W
hale
n Pr
ogra
m D
irect
or
Uni
vers
ity o
f Min
neso
ta S
oftw
are
Engi
neer
ing
Cen
ter
Spon
sore
d by
NSF
Res
earc
h G
rant
C
NS-
1035
715
Roc
kwel
l Col
lins
(Dar
ren
Cof
er, A
ndre
w
Gac
ek, S
teve
n M
iller
, Luc
as W
agne
r)
UPe
nn: (
Insu
p Le
e, O
leg
Soko
lsky
) U
MN
(M
ats
P. E.
Hei
mda
hl)
CM
U S
EI (
Pete
r Fe
iler)
Sept
embe
r, 20
12
2 LC
CC
201
2: M
ike
Wha
len
Sept
embe
r, 20
12
LCC
C 2
012:
Mik
e W
hale
n 3
Febr
uary
, 201
2 IF
IP 2
012:
Mik
e W
hale
n 4
Syst
em d
esig
n &
ver
ifica
tion
thro
ugh
patt
ern
appl
icat
ion
and
com
posi
tiona
l rea
soni
ng
CO
MPU
TIN
G
RES
OU
RC
E SE
NSO
R
LRU
FAIL
-SIL
ENT
N
OD
E FR
OM
R
EPLI
CA
S
CO
MPU
TIN
G
RES
OU
RC
E A
CO
MPU
TIN
G
RES
OU
RC
E B
VOT
E M
ULT
IPLE
D
ATA
SEN
SOR
1
SEN
SOR
2
SEN
SOR
3
VER
IFIE
D AV
AIL
ABI
LIT
Y V
ERIF
IED
INT
EGR
ITY
AR
CH
ITEC
TU
RE
MO
DEL
CO
MPO
SIT
ION
AL
PRO
OF
OF
CO
RR
ECT
NES
S (A
SSU
ME
G
UA
RA
NT
EE)
SAFE
TY,
BEH
AVIO
RA
L,
PER
FOR
MA
NC
E PR
OPE
RTIE
S
ABSTRACTION VERIFICATION
REUSE
CO
MP
OSI
TIO
N
C
opyr
ight
201
1 Roc
kwel
l Col
lins,
Inc
.
All
righ
ts r
eser
ved.
-
41PRESENTATIONS
Sept
embe
r, 20
12
LCC
C 2
012:
Mik
e W
hale
n 5
PATT
ERN
&
CO
MP
SPE
C
LIBRARY
SYS
TEM
M
OD
ELIN
G
ENVIR
ON
MEN
T
INSTA
NTI
ATE
ARCH
ITEC
TURAL
PATT
ERN
S
SYS
TEM
M
OD
EL
AU
TO
GEN
ERAT
E
SYS
TEM
IM
PLEM
ENTA
TIO
N
ARCH
PA
TTER
N
MO
DEL
S
CO
MPO
NEN
T M
OD
ELS
AN
NO
TATE
&
VER
IFY
MO
DEL
S
CO
MPO
NEN
T LI
BRARY
SPE
CIF
ICAT
ION
SYS
TEM
DEV
ELO
PMEN
T FO
UN
DRY
CO
MPO
SIT
ION
AL
REA
SO
NIN
G &
AN
ALY
SIS
OD
ELIN
G
IRO
NM
ENENEEEENEEEEENENENNEENEENEENNENNNEENNT
MO
DEL
CO
MPO
SIT
ION
AL
REA
SO
NIN
G &
AN
ALY
SIS
Inst
an
tiati
on
: Che
ck s
truc
tura
l con
stra
ints
, Em
bed
assu
mpt
ions
&
guar
ante
es in
sys
tem
mod
el
L LALL
ALLLLLLLLL
&
Co
mp
osi
tio
nal V
eri
fica
tio
n:
Sys
tem
pro
pert
ies
are
verifie
d by
mod
el c
heck
ing
usin
g co
mpo
nent
& p
atte
rn
cont
ract
s
LIBRARY
CCO
MPPPPPPPPPPPPPPPPPPPPPPPPPP
CCO
MPPPPPPPPPPP
ENT TTTTT
NTTT
PPPPOOPPPPPOOPPOOOON
OONN
MMOOOOOOOOOOOOOOOOOO
DO
DMM
OOOOOOOOOOOOOODD
LLSS
DDE
DDEELLELL
CO
MPO
NEN
T LI
BRARY
Reu
sab
le V
eri
fica
tio
n:
Proo
f of
com
pone
nt a
nd p
atte
rn
requ
irem
ents
(gu
aran
tees
) an
d sp
ecifi
cation
of
cont
ext
(ass
umpt
ions
)
C
opyr
ight
201
1 Roc
kwel
l Col
lins,
Inc
.
All
righ
ts r
eser
ved.
Avi
onic
s sy
stem
req
requ
irem
ent
Rel
ies
upon
Acc
urac
y of
air
dat
a se
nsor
s
Con
trol
com
man
ds fr
om F
CS
Mod
e of
FG
S F
GS
cont
rol l
aw b
ehav
ior
Fai
love
r be
havi
or b
etw
een
FGS
syst
ems
.
R
espo
nse
of A
ctua
tors
Tim
ing/
Lag/
Late
ncy
of
Com
mun
icat
ions
Se
ptem
ber,
2012
LC
CC
201
2: M
ike
Wha
len
6
FCS
Avi
onic
s Sy
stem
U
nder
sin
gle-
faul
t as
sum
ptio
n,
GC
out
put
tran
sien
t re
spon
se is
bo
unde
d in
tim
e an
d m
agni
tude
Aut
opilo
t FG
S_L
FGS_
R
AD
S_L
AD
S_R
Syst
em
Mod
es
Con
trol
La
ws
Co-
ord
W
ant
to p
rove
a t
rans
ient
re
spon
se p
rope
rty
T
he a
utop
ilot
will
not
cau
se a
sha
rp
chan
ge in
pitc
h of
airc
raft.
Ev
en w
hen
one
FGS
fails
and
the
ot
her
assu
mes
con
trol
G
iven
ass
umpt
ions
abo
ut t
he
envi
ronm
ent
T
he s
ense
d ai
rcra
ft pi
tch
from
the
ai
r da
ta s
yste
m is
with
in s
ome
abso
lute
bou
nd a
nd d
oesn
t ch
ange
to
o qu
ickl
y
T
he d
iscr
epan
cy in
sen
sed
pitc
h be
twee
n le
ft an
d ri
ght
side
sen
sors
is
boun
ded.
an
d gu
aran
tees
pro
vide
d by
co
mpo
nent
s
Whe
n a
FGS
is a
ctiv
e, it
will
gen
erat
e an
acc
epta
ble
pitc
h ra
te
A
s w
ell a
s fa
cts
prov
ided
by
patt
ern
appl
icat
ion
Le
ader
sel
ectio
n: a
t le
ast
one
FGS
will
alw
ays
be a
ctiv
e (m
odul
o on
e f
ailo
ver
ste
p)
Sept
embe
r, 20
12
LCC
C 2
012:
Mik
e W
hale
n 7
transient_response_1 : assert true ->
abs(CSA.CSA_Pitch_Delta) < CSA_MAX_PITCH_DELTA ;
transient_response_2 : assert true ->
abs(CSA.CSA_Pitch_Delta - prev(CSA.CSA_Pitch_Delta, 0.0))
< CSA_MAX_PITCH_DELTA_STEP ;
A
vion