Skip to main content
SpringerLink
Log in

Hybrid automata: from verification to implementation

  • Regular Paper
  • Published:
International Journal on Software Tools for Technology Transfer Aims and scope Submit manuscript

Abstract

Hybrid automata are an important formalism for modeling dynamical systems exhibiting mixed discrete–continuous behavior such as control systems and are amenable to formal verification. However, hybrid automata lack expressiveness compared to integrated model-based design frameworks such as the MathWorks’ Simulink/Stateflow (SlSf). In this paper, we propose a technique for correct-by-construction compositional design of cyber-physical systems (CPS) by embedding hybrid automata into SlSf models. Hybrid automata are first verified using verification tools such as SpaceEx and then automatically translated to embed the hybrid automata into SlSf models such that the properties verified are transferred and maintained in the translated SlSf model. The resultant SlSf model can then be used for automatic code generation and deployment to hardware, resulting in an implementation. The approach is implemented in a software tool building on the HyST model transformation tool for hybrid systems. We show the effectiveness of our approach on a CPS case study—a closed-loop buck converter—and validate the overall correct-by-construction methodology: from formal verification to implementation in hardware controlling an actual physical plant.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15
Fig. 16
Fig. 17

Similar content being viewed by others

Notes

  1. We note that our notion of backtracking is different from the one that occurs with multiple junctions in SlSf. In particular, we require allowing some dwell time to elapse in states, whereas junctions are instantaneous.

References

  1. Agrawal, A., Simon, G., Karsai, G.: Semantic translation of Simulink/Stateflow models to hybrid automata using graph transformations. Electr. Notes Theor. Comput. Sci 109, 43–56 (2004). doi:10.1016/j.entcs.2004.02.055

    Article  MATH  Google Scholar 

  2. Agut, D.E.N., van Beek, D.A., Rooda, J.E.: Syntax and semantics of the compositional interchange format for hybrid systems. J. Log. Algebr. Program 82(1), 1–52 (2013). doi:10.1016/j.jlap.2012.07.001

    Article  MathSciNet  MATH  Google Scholar 

  3. Alur, R., Kanade, A., Ramesh, S., Shashidhar, K.C.: Symbolic analysis for improving simulation coverage of Simulink/Stateflow models. In: EMSOFT, pp. 89–98. ACM (2008). doi:10.1145/1450058.1450071

  4. Annpureddy, Y., Liu, C., Fainekos, G.E., Sankaranarayanan, S.: S-TaLiRo: a tool for temporal logic falsification for hybrid systems. In: TACAS, vol. 6605, pp. 254–257. Springer (2011). doi:10.1007/978-3-642-19835-9_21

  5. Bak, S., Bogomolov, S., Johnson, T.T.: HYST: a source transformation and translation tool for hybrid automaton models. In: HSCC, pp. 128–133, ACM (2015). doi:10.1145/2728606.2728630

  6. Bak, S., Johnson, T.T.: Periodically-scheduled controller analysis using hybrid systems reachability and continuization. In: RTSS, pp. 195–205. IEEE Computer Society (2015). doi:10.1109/RTSS.2015.26

  7. Balasubramanian, D., Pasareanu, C.S., Whalen, M.W., Karsai, G., Lowry, M.R.: Polyglot: modeling and analysis for multiple statechart formalisms. In: ISSTA, pp. 45–55. ACM (2011), doi:10.1145/2001420.2001427

  8. Bogomolov, S., Donzé, A., Frehse, G., Grosu, R., Johnson, T.T., Ladan, H., Podelski, A., Wehrle, M.: Guided search for hybrid systems based on coarse-grained space abstractions. STTT 18(4), 449–467 (2016). doi:10.1007/s10009-015-0393-y

    Article  Google Scholar 

  9. Bogomolov, S., Frehse, G., Greitschus, M., Grosu, R., Pasareanu, C.S., Podelski, A., Strump, T.: Assume-guarantee abstraction refinement meets hybrid systems. In: HVC. LNCS, vol. 8855, pp. 116–131. Springer (2014). doi:10.1007/978-3-319-13338-6_10

  10. Bogomolov, S., Frehse, G., Grosu, R., Ladan, H., Podelski, A., Wehrle, M.: A box-based distance between regions for guiding the reachability analysis of SpaceEx. In: CAV. LNCS, vol. 7358, pp. 479–494. Springer (2012). doi:10.1007/978-3-642-31424-7_35

  11. Bogomolov, S., Schilling, C., Bartocci, E., Batt, G., Kong, H., Grosu, R.: Abstraction-based parameter synthesis for multiaffine systems. In: HVC. LNCS, vol. 9434, pp. 19–35. Springer (2015). doi:10.1007/978-3-319-26287-1_2

  12. Bouissou, O., Chapoutot, A.: An operational semantics for Simulink’s simulation engine. In: LCTES, pp. 129–138. ACM (2012). doi:10.1145/2248418.2248437

  13. Carloni, L., Di Benedetto, M.D., Pinto, A., Sangiovanni-Vincentelli, A.: Modeling techniques, programming languages, design toolsets and interchange formats for hybrid systems. Tech. Rep. (2004)

  14. Carloni, L.P., Passerone, R., Pinto, A., Sangiovanni-Vincentelli, A.L.: Languages and tools for hybrid systems design. In: Foundations and Trends in Electronic Design Automation 1(1/2) (2006). doi:10.1561/1000000001

  15. Chen, M., Ravn, A.P., Wang, S., Yang, M., Zhan, N.: A two-way path between formal and informal design of embedded systems. In: UTP. LNCS, vol. 10134, pp. 65–92. Springer (2016)

  16. Chen, X., Ábrahám, E., Sankaranarayanan, S.: Flow*: an analyzer for non-linear hybrid systems. In: CAV. LNCS, vol. 8044, pp. 258–263. Springer (2013). doi:10.1007/978-3-642-39799-8_18

  17. Clarke, E.M., Zuliani, P.: Statistical model checking for cyber-physical systems. In: ATVA. LNCS, vol. 6996, pp. 1–12. Springer (2011). doi:10.1007/978-3-642-24372-1_1

  18. Donzé, A.: Breach, a toolbox for verification and parameter synthesis of hybrid systems. In: CAV. LNCS, vol. 6174, pp. 167–170. Springer (2010). doi:10.1007/978-3-642-14295-6_17

  19. Duggirala, P.S., Mitra, S., Viswanathan, M.: Verification of annotated models from executions. In: EMSOFT, pp. 26:1–26:10. IEEE (2013). doi:10.1109/EMSOFT.2013.6658604

  20. Fisher, M.E.: A semiclosed-loop algorithm for the control of blood glucose levels in diabetics. IEEE Trans. Biomed. Eng. 38(1), 57–61 (1991)

    Article  Google Scholar 

  21. Frehse, G., Guernic, C.L., Donzé, A., Cotton, S., Ray, R., Lebeltel, O., Ripado, R., Girard, A., Dang, T., Maler, O.: SpaceEx: Scalable verification of hybrid systems. In: Gopalakrishnan, G., Qadeer, S. (eds.) CAV. LNCS, vol. 6806, pp. 379–395. Springer (2011). doi:10.1007/978-3-642-22110-1_30

  22. Hamon, G.: A denotational semantics for Stateflow. In: EMSOFT, pp. 164–172. ACM (2005). doi:10.1145/1086228.1086260

  23. Hamon, G., Rushby, J.M.: An operational semantics for Stateflow. STTT 9(5–6), 447–456 (2007). doi:10.1007/s10009-007-0049-7

    Article  MATH  Google Scholar 

  24. Hybrid Automata: From verification to implementation—supplementary material. http://swt.informatik.uni-freiburg.de/tool/spaceex/ha2slsf

  25. Jiang, Z., Pajic, M., Alur, R., Mangharam, R.: Closed-loop verification of medical devices with model abstraction and refinement. STTT 16(2), 191–213 (2014). doi:10.1007/s10009-013-0289-7

    Article  Google Scholar 

  26. Johansson, K.H., Egerstedt, M., Lygeros, J., Sastry, S.: On the regularization of zeno hybrid automata. Syst. Control Lett. 38(3), 141–150 (1999)

    Article  MathSciNet  MATH  Google Scholar 

  27. Larsen, K.G., Pettersson, P., Yi, W.: UPPAAL in a nutshell. STTT 1(1–2), 134–152 (1997). doi:10.1007/s100090050010

    Article  MATH  Google Scholar 

  28. Lavalle, S.M., Kuffner, J.J., Jr.: Rapidly-exploring random trees: progress and prospects. In: Donald, B., Lynch, K., Rus, D. (eds.) Algorithmic and Computational Robotics: New Directions, pp. 293–308. A K Peters/CRC Press (2000)

  29. Manamcheri, K., Mitra, S., Bak, S., Caccamo, M.: A step towards verification and synthesis from Simulink/Stateflow models. In: Proceedings of the 14th international conference on Hybrid systems: computation and control HSCC’11, pp. 317–318. ACM (2011). doi:10.1145/1967701.1967749

  30. Minopoli, S., Frehse, G.: From simulation models to hybrid automata using urgency and relaxation. In: HSCC, pp. 287–296. ACM (2016). doi:10.1145/2883817.2883825

  31. Minopoli, S., Frehse, G.: SL2SX translator: from Simulink to SpaceEx models. In: HSCC, pp. 93–98. ACM (2016). doi:10.1145/2883817.2883826

  32. Nguyen, L.V., Johnson, T.T.: Benchmark: DC-to-DC switched-mode power converters (buck converters, boost converters, and buck-boost converters). In: ARCH. EPiC Series in Computing, vol. 34, pp. 19–24. EasyChair (2014). http://www.easychair.org/publications/paper/Benchmark_DC-to-DC_Switched-Mode_Power_Converters_-Buck_Converters-_Boost_Converters-_and_Buck-Boost_Converters

  33. Pajic, M., Jiang, Z., Lee, I., Sokolsky, O., Mangharam, R.: From verification to implementation: a model translation tool and a pacemaker case study. In: RTAS, pp. 173–184. IEEE Computer Society (2012). doi:10.1109/RTAS.2012.25

  34. Pajic, M., Jiang, Z., Lee, I., Sokolsky, O., Mangharam, R.: Safety-critical medical device development using the UPP2SF model translation tool. ACM Trans. Embed. Comput. Syst. 13(4s), 127:1–127:26 (2014). doi:10.1145/2584651

  35. Pajic, M., Mangharam, R., Sokolsky, O., Arney, D., Goldman, J.M., Lee, I.: Model-driven safety analysis of closed-loop medical systems. IEEE Trans. Ind. Inform. 10(1), 3–16 (2014). doi:10.1109/TII.2012.2226594

    Article  Google Scholar 

  36. Pinto, A., Carloni, L.P., Passerone, R., Sangiovanni-Vincentelli, A.L.: Interchange format for hybrid systems: abstract semantics. In: HSCC. LNCS, vol. 3927, pp. 491–506. Springer (2006). doi:10.1007/11730637_37

  37. Pinto, A., Sangiovanni-Vincentelli, A.L., Carloni, L.P., Passerone, R.: Interchange formats for hybrid systems: review and proposal. In: HSCC. LNCS, vol. 3414, pp. 526–541. Springer (2005). doi:10.1007/978-3-540-31954-2_34

  38. Sampath, P., Rajeev, A.C., Ramesh, S.: Translation validation for Stateflow to C. In: DAC, pp. 23:1–23:6. ACM (2014). doi:10.1145/2593069.2593237

  39. Sanfelice, R.G., Copp, D.A., Nanez, P.: A toolbox for simulation of hybrid systems in Matlab/Simulink: hybrid equations (HyEQ) toolbox. In: HSCC, pp. 101–106. ACM (2013). doi:10.1145/2461328.2461346

  40. Schrammel, P., Jeannet, B.: From hybrid data-flow languages to hybrid automata: a complete translation. In: HSCC, pp. 167–176. ACM (2012). doi:10.1145/2185632.2185658

  41. Severns, R.P., Bloom, G.: Modern DC-to-DC Switchmode Power Converter Circuits. Van Nostrand Reinhold Company, New York (1985)

    Book  Google Scholar 

  42. Simulink Design Verifier. http://www.mathworks.com/products/sldesignverifier/

  43. Tiwari, A., Shankar, N., Rushby, J.M.: Invisible formal methods for embedded control systems. Proc. IEEE 91(1), 29–39 (2003)

    Article  Google Scholar 

  44. Yan, G., Jiao, L., Li, Y., Wang, S., Zhan, N.: Approximate bisimulation and discretization of hybrid CSP. In: Fitzgerald, J., Heitmeyer, C., Gnesi, S., Philippou, A., (eds.) FM. LNCS, vol. 9995, pp. 702–720. Springer, Cham (2016) doi:10.1007/978-3-319-48989-6_43

  45. Zou, L., Zhan, N., Wang, S., Fränzle, M.: Formal verification of Simulink/Stateflow diagrams. In: Finkbeiner, B., Pu, G., Zhang, L. (eds.) ATVA. LNCS, vol. 9364, pp. 464–481. Springer, Cham (2015) doi:10.1007/978-3-319-24953-7_33

Download references

Acknowledgements

The authors thank the anonymous reviewers for their insightful comments. The material presented in this paper is based upon work supported by the Air Force Office of Scientific Research (AFOSR), in part under contract numbers FA9550-15-1-0258 and W911NF-16-1-0534, by AFRL through contract number FA8750-15-1-0105, by the National Science Foundation (NSF) under Grant Numbers CNS 1464311, EPCN 1509804, and CCF 1527398, and by the ARC Project DP140104219 “Robust AI Planning for Hybrid Systems”. Any opinions, findings, and conclusions or recommendations expressed in this publication are those of the authors and do not necessarily reflect the views of AFRL, AFOSR, or NSF.

Author information

Authors and Affiliations

  1. Air Force Research Laboratory, Dayton, OH, USA

    Stanley Bak

  2. University of Texas at Arlington, Arlington, TX, USA

    Omar Ali Beg & Luan Viet Nguyen

  3. Australian National University, Canberra, Australia

    Sergiy Bogomolov

  4. Vanderbilt University, Nashville, TN, USA

    Taylor T. Johnson

  5. University of Freiburg, Freiburg im Breisgau, Germany

    Christian Schilling

Authors
  1. Stanley Bak
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Omar Ali Beg
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Sergiy Bogomolov
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Taylor T. Johnson
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Luan Viet Nguyen
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Christian Schilling
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Christian Schilling.

Additional information

DISTRIBUTION A. Approved for public release; Distribution unlimited. (Approval AFRL PA #88ABW-2015-2402).

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Bak, S., Beg, O.A., Bogomolov, S. et al. Hybrid automata: from verification to implementation. Int J Softw Tools Technol Transfer 21, 87–104 (2019). https://doi.org/10.1007/s10009-017-0458-1

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10009-017-0458-1

Keywords

Search

Navigation