The design of hybrid systems controllers requires one to handle both discrete and continuous functionalities in a single development framework. In this paper, we propose the design and verification of such controllers using a correct-by-construction approach. We use proof-based formal methods to model and verify the required safety properties of the given controllers. Both Event-B with Rodin, and hybrid programs and dynamic differential logic with KeYmaera are experimented on a common case study related to the modelling of a car controller. Finally, we discuss the lessons learnt from these experiments and draw the first steps towards a generic method for modelling hybrid systems in Event-B.
This article describes a fully automated, credible autocoding chain for control systems. The framework generates code, along with guarantees of high level functional properties which can be independently verified. It relies on domain specific knowledge and fomal analysis to address a context of heightened safety requirements for critical embedded systems and ever-increasing costs of verification and validation. The platform strives to bridge the semantic gap between domain expert and code verification expert. First, a graphical dataflow language is extended with annotation symbols enabling the control engineer to express high level properties of its control law within the framework of a familiar language. An existing autocoder is enhanced to both generate the code implementing the initial design, but also to carry high level properties down to annotations at the level of the code. Finally, using customized code analysis tools, certificates are generated which guarantee the correctness of the annotations with respect to the code, and can be verified using existing static analysis tools. While only a subset of properties and controllers are handled at this point, the approach appears readily extendable to a broader array of both.A wide range of today's real-time embedded systems, especially their most critical parts, relies on a control-command computation core. The control-command of an aircraft, a satellite, a car engine, is processed into a global loop repeated forever, or at least during the activity of the controlled device. This loop models the acquisition of new input values via sensors: either from environment mesures (wind speed, acceleration, engine RPM, . . . ) or from the human feedback via the brakes, the accelerator, the stick or wheel control.The cost of failure of such systems is tremendous, and examples of such failures abound, in spite of increasingly high certification requirements. Current
Cyber-physical systems (CPS) are taking a crucial role in various areas of our society and industry. Yet, because of their hybrid nature (i.e. the integration of both continuous and discrete features), their design and verification are not easy to handle, in particular when they are part of a critical system. Their certification requires to exhibit a formal argumentation that formal methods should be able to provide.This paper addresses the formal development of CPS using correct-by-construction refinement and proof based approaches. It relies on the Event-B formal method. In addition to modeling both the discrete and continuous parts of a CPS, this paper presents a novel approach in two steps.First it shows that the generic formal model we have defined, integrating both discrete and continuous behaviors, can be instantiated by various kinds of CPS. Fundamentally, continuous behaviors modeled by differential equations mingle with discrete transition systems (mode automaton), which model discrete behaviors. Here, refinement is used as a decomposition mechanism.Second, it expands the refinement operation, well mastered in the discrete world, to cover continuous behaviors. We show that different levels of abstraction of continuous aspects can be glued in a refinement chain. The proposed approach has been completely formalized using Event-B on the Rodin platform and a case study based on water tanks is used to illustrate it.
The specification of cyber-physical systems usually relies on continuous functions over dense real numbers whereas their implementation is discrete. Proving the correctness of the discrete implementation with respect to the continuous specification remains a challenge in the presence of dense real numbers. In this paper, we propose a refinementbased formal method, relying on Event-B, for such developments. We illustrate our proposal with the development of a simple stability controller for a generic plant model. The continuous function that models the system behavior is refined as a discrete model of the same kind preserving stability expressed as a safety invariants of the continuous model. The obtained discrete model uses discrete time (instants modeled on N), whereas the continuous model is based on dense time (on R). The Rodin Platform, together with the Theory plug-in handling the Real datatype and its properties supported the whole developments and proofs.
One of the great benefits of computational grids is to give access to a wide range of scientific software and computers with different architectures. It is then possible to use a huge variety of tools for solving the same problem and even to combine these tools in order to obtain the best solution.Grid service trading (searching for the best combination of software and execution platform according to the user requirements) is thus a crucial issue. Trading relies on the description of available services and computers, on the current state of the grid, and on the user requirements. Given the large amount of services that may be deployed over the grid, this description cannot be reduced to a simple service name.A sophisticated service specification approach similar to algebraic data type is presented in this paper. Services are described in terms of their algebraic and semantic properties. This is nothing else than proceeding to a description of algorithms and objects properties for a given application domain.We then illustrate how this specification can be used to determine the service or the combination of services that best answer a user request. As a major benefit, users are not required to explicitly call grid-services, but instead manipulate high-level domainspecific expressions.Our approach is fully generic and can be used in almost all application domains. We illustrate this approach and its possible limitations within the framework of dense linear algebra. More precisely, we focus on Level 3 BLAS (ACM Trans Math Softw 16:1-17, 1990; ibid 16:18-28, 1990) and LAPACK (Society for Industrial and Applied Mathematics, Philadelphia, 1999). Some examples in nonlinear optimization A. Hurault ( ) · M. Daydé · M. Pantel Advanced service trading for scientific computing over the grid 65 are also given to demonstrate how generic our approach is and report on experiments where both domains interact to show the multi-domain possibilities.
The main purpose of this work is the static detection of orphan messages in actor based languages. An orphan is a message which may not be handled by its target in some execution paths. Two kinds of orphan messages may be encountered, i.e., safety and liveness ones. Safety orphans occur when all target behaviors on a given execution path do not know how to handle the message. Liveness orphans occur when one of the target behaviors in each execution path knows how to handle the message but the target is deadlocked and will never assume the corresponding behavior. This paper presents a safe static analysis which detects all safety orphan messages in actor-based programs. This result extends previous work derived from sequential object-oriented languages type systems to non-uniform behaviors.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.