1 / 29

Action and Predicate Safety of Hybrid Processes

Action and Predicate Safety of Hybrid Processes. Pieter Cuijpers Michel Reniers. Overview. HyPA Process representations Two levels of abstraction Specification of Safety Congruence Safety analysis of hybrid processes Conclusions. HyPA.

luka
Télécharger la présentation

Action and Predicate Safety of Hybrid Processes

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Action and Predicate Safety of Hybrid Processes Pieter Cuijpers Michel Reniers

  2. Overview • HyPA • Process representations • Two levels of abstraction • Specification of Safety • Congruence • Safety analysis of hybrid processes • Conclusions

  3. HyPA  termination  deadlockaction discrete action c flow clause (V|Pred) d >> P, b >> P re-initialization clause [V|Pred] P  P alternative composition P  P sequential composition P  P, P  P disrupt P || P, P  P, P  P parallel compositionH(P), Pred(P) encapsulation

  4. Hybrid automaton representation Xici  jJ(i)dj >> actionj Xj HA iI d’i >> Xi d1 ci d2

  5. Constitutive hybrid process repr. Xi(jJ(i)dj >> cj)  Xi  (jJ’(i)bj >> actionj)  Xi CHP  ||iI Xi

  6. State-space representation(Linear hybrid process definition) XijJ(i)dj >>  jJ’(i)dj >> actionj Xj jJ’’(i)dj >> cj Xj SSR  Xinit

  7. Two levels of abstraction • On the lowest level of abstraction, HyPA is aimed at giving different representations of the same system. • At a higher level of abstraction,HyPA can also be used to analyse, for example, safety properties.

  8. Two levels of abstraction Robust Bisimilarity Initially stateless bisimilarity = X  Y implies X = Y

  9. Robust bisimilarity x  x x  y y x x  (y  z) (x y)  z x      x  x   x   x  (y  z) (x y)  z (x y)  z  (x z)  (y z) x  y  x  y  y  x    x   x (y z)  (xy) z (x y)  z  (xz)  (yz) d >> (x  y)  (d >> x)  (d >> y) H(x  y) H(x)  H(y) etc. etc. etc.

  10. Initially stateless bisimilarity d >> action x = d >> action d! >> x d >> c  x = d >> c  (d D(c))! >> x

  11. Specification of Safety Safety for actions X= H(X) Safety for predicates X= Pred(X)

  12. Congruence X [x|x+ = 0] >> a1 a2 Y [x|x+ = 0] >> a1 [x- = 0] >> a2 Z [x|x+ = 1] >> a3 X =Y X || Z Y || Z

  13. Predicate safety of a state-space repr. When do we have SSR= Pred(SSR) ?

  14. Predicate safety of a state-space repr. Create a re-initialization for every recursion variable, signifying its reachable set. [true] = Rinit (Ri dj)!  Rj for all i and all jJ’(i) (Ri dj D(cj))! Rj for all i and all jJ’’(i)

  15. Predicate safety of a state-space repr. When do we have Ri >> Xi =Pred(Ri >> Xi), and especially SSR  [true] >> Xinit = Pred([true] >> Xinit)  Pred(SSR) ?

  16. Predicate safety of a state-space repr. Ri >> Xi Ri >> (jJ(i)dj >>  jJ’(i)dj >> actionj Xj jJ’’(i)dj >> cj Xj)

  17. Predicate safety of a state-space repr. Ri >> Xi  jJ(i)(Ridj) >>  jJ’(i)(Ridj) >> actionj Xj jJ’’(i)(Ridj) >> cj Xj

  18. Predicate safety of a state-space repr. Ri >> Xi =jJ(i)(Ridj) >>  jJ’(i)(Ridj) >> actionj (Rj >> Xj) jJ’’(i)(Ridj) >> cj (Rj >> Xj)

  19. Predicate safety of a state-space repr. Pred(Ri >> Xi)  Pred (Ri >> (jJ(i)dj >>  jJ’(i)dj >> actionj Xj jJ’’(i)dj >> cj Xj))

  20. Predicate safety of a state-space repr. Pred(Ri >> Xi)  Pred (jJ(i)(Ridj) >>  jJ’(i)(Ridj) >> actionj Xj jJ’’(i)(Ridj) >> cj Xj)

  21. Predicate safety of a state-space repr. Pred(Ri >> Xi) = Pred (jJ(i)(Ridj) >>  jJ’(i)(Ridj) >> actionj (Rj >> Xj) jJ’’(i)(Ridj) >> cj (Rj >> Xj))

  22. Predicate safety of a state-space repr. Pred(Ri >> Xi) = jJ(i)Pred ((Ridj) >>  ) jJ’(i)Pred ((Ridj) >> actionj ) Pred (Rj >> Xj ) jJ’’(i)Pred ((Ridj) >> cj ) Pred (Rj >> Xj )

  23. Predicate safety of a state-space repr. Assuming safety of the following processes: Pred ((Ridj) >>  ) = (Ridj) >>  Pred ((Ridj) >> actionj ) = (Ridj) >> actionj Pred ((Ridj) >> cj ) = (Ridj) >> cj

  24. Predicate safety of a state-space repr. Assuming safety of the following processes: Pred ((Ridj) >> actionj ) = (Ridj) >> actionj Pred ((Ridj) >> cj ) = (Ridj) >> cj

  25. Predicate safety of a state-space repr. Pred(Ri >> Xi) = jJ(i)(Ridj) >>   jJ’(i)(Ridj) >> actionj  Pred (Rj >> Xj ) jJ’’(i)(Ridj) >> cj  Pred (Rj >> Xj )

  26. Predicate safety of a state-space repr. So Ri >> Xi and Pred(Ri >> Xi) are both solutions of the state space definition: Yi = jJ(i)(Ridj) >>   jJ’(i)(Ridj) >> actionj  Pred (Yi) jJ’’(i)(Ridj) >> cj  Pred (Yi )

  27. Predicate safety of a state-space repr. Thus Ri >> Xi = Pred(Ri >> Xi) and hence SSR = Pred(SSR).

  28. Conclusions • Different model representations. • Analysis at the cost of congruence || • Safety of state space representations depends on safety of sub-processes. • Termination of analysis method is a problem • Calculation of reachable sets is a problem

  29. Future research • For CHP we have congruence || • Termination using predicate abstraction • Calculation/approximation of reachable sets • Algebraic specification of other properties

More Related