1212 /k Action and Predicate Safety of Hybrid Processes Pieter Cuijpers Michel Reniers.
-
date post
18-Dec-2015 -
Category
Documents
-
view
216 -
download
0
Transcript of 1212 /k Action and Predicate Safety of Hybrid Processes Pieter Cuijpers Michel Reniers.
Overview• HyPA• Process representations• Two levels of abstraction• Specification of Safety• Congruence• Safety analysis of hybrid processes• Conclusions
HyPA termination deadlockactiondiscrete actioncflow clause (V|Pred) d >> P, b >> Pre-initialization clause [V|Pred] P Palternative compositionP Psequential compositionP P, P Pdisrupt P || P, P P, P Pparallel compositionH(P), Pred(P)encapsulation
State-space representation(Linear hybrid process definition)
Xi jJ(i) dj >>
jJ’(i) dj >> actionj Xj
jJ’’(i) dj >> cj Xj
SSR Xinit
Two levels of abstraction
• On the lowest level of abstraction, HyPA is aimed at giving different representations of the same system.
• At a higher level of abstraction,HyPA can also be used to analyse, for example, safety properties.
Robust bisimilarity
x x x y y x
x (y z) (x y) zx x x
x x (y z) (x y) z (x y) z (x z) (y z)
x y x y y x x
x (y z) (x y) z (x y) z (x z) (y z)d >> (x y) (d >> x) (d >> y)H(x y) H(x) H(y)
etc. etc. etc.
Initially stateless bisimilarity
d >> action x = d >> action d! >> x
d >> c x = d >> c (d D(c))! >> x
Congruence
X [x|x+ = 0] >> a1 a2Y [x|x+ = 0] >> a1 [x- = 0]
>> a2Z [x|x+ = 1] >> a3
X = YX || Z Y || Z
Predicate safety of a state-space repr.Create a re-initialization for every recursion variable, signifying its reachable set.
[true] = Rinit
(Ri dj)! Rj for all i and all jJ’(i)
(Ri dj D(cj))! Rj for all i and all jJ’’(i)
Predicate safety of a state-space repr.When do we have Ri >> Xi = Pred(Ri >> Xi),
and especiallySSR [true] >> Xinit =
Pred([true] >> Xinit) Pred(SSR) ?
Predicate safety of a state-space repr.
Ri >> Xi Ri >> (jJ(i) dj >>
jJ’(i) dj >> actionj Xj
jJ’’(i) dj >> cj Xj)
Predicate safety of a state-space repr.
Ri >> Xi jJ(i) (Ri dj) >>
jJ’(i) (Ri dj) >> actionj Xj
jJ’’(i) (Ri dj) >> cj Xj
Predicate safety of a state-space repr.
Ri >> Xi = jJ(i) (Ri dj) >>
jJ’(i) (Ri dj) >> actionj (Rj >> Xj)
jJ’’(i) (Ri dj) >> cj (Rj >> Xj)
Predicate safety of a state-space repr.
Pred(Ri >> Xi) Pred (Ri >> (jJ(i) dj >>
jJ’(i) dj >> actionj Xj
jJ’’(i) dj >> cj Xj))
Predicate safety of a state-space repr.Pred(Ri >> Xi) Pred (jJ(i) (Ri dj) >>
jJ’(i) (Ri dj) >> actionj Xj
jJ’’(i) (Ri dj) >> cj Xj)
Predicate safety of a state-space repr.Pred(Ri >> Xi) = Pred (jJ(i) (Ri dj) >>
jJ’(i) (Ri dj) >> actionj (Rj >> Xj)
jJ’’(i) (Ri dj) >> cj (Rj >> Xj) )
Predicate safety of a state-space repr.Pred(Ri >> Xi) = jJ(i) Pred ((Ri dj) >> )
jJ’(i) Pred ((Ri dj) >> actionj )
Pred (Rj >> Xj )
jJ’’(i) Pred ((Ri dj) >> cj ) Pred (Rj >> Xj )
Predicate safety of a state-space repr.Assuming safety of the following processes:
Pred ((Ri dj) >> ) = (Ri dj) >>
Pred ((Ri dj) >> actionj ) = (Ri dj) >> actionj
Pred ((Ri dj) >> cj )= (Ri dj) >> cj
Predicate safety of a state-space repr.Assuming safety of the following processes:
Pred ((Ri dj) >> actionj ) = (Ri dj) >> actionj
Pred ((Ri dj) >> cj )= (Ri dj) >> cj
Predicate safety of a state-space repr.Pred(Ri >> Xi) = jJ(i) (Ri dj) >>
jJ’(i) (Ri dj) >> actionj Pred (Rj >> Xj )
jJ’’(i) (Ri dj) >> cj Pred (Rj >> Xj )
Predicate safety of a state-space repr.So Ri >> Xi and Pred(Ri >> Xi) are both solutions of the state space definition:
Yi = jJ(i) (Ri dj) >> jJ’(i) (Ri dj) >> actionj Pred (Yi) jJ’’(i) (Ri dj) >> cj Pred (Yi )
Conclusions
• Different model representations.• Analysis at the cost of congruence ||• Safety of state space representations
depends on safety of sub-processes.• Termination of analysis method is a
problem• Calculation of reachable sets is a problem