Assume-Guarantee Reasoning for Hierarchical Hybrid Systems

  • Thomas A. Henzinger
  • Marius Minea
  • Vinayak Prabhu
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2034)

Abstract

The assume-guarantee paradigm is a powerful divide-and-conquer mechanism for decomposing a verification task about a system into subtasks about the individual components of the system. The key to assume-guarantee reasoning is to consider each component not in isolation, but in conjunction with assumptions about the context of the component. Assume-guarantee principles are known for purely concurrent contexts, which constrain the input data of a component, as well as for purely sequential contexts, which constrain the entry configurations of a component. We present a model for hierarchical system design which permits the arbitrary nesting of parallel as well as serial composition, and which supports an assume-guarantee principle for mixed parallel-serial contexts. Our model also supports both discrete and continuous processes, and is therefore well-suited for the modeling and analysis of embedded software systems which interact with real-world environments. Using an example of two cooperating robots, we show refinement between a high-level model which specifies continuous timing constraints and an implementation which relies on discrete sampling.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. [ACH+95]
    R. Alur, C. Courcoubetis, N. Halbwachs, T.A. Henzinger, P.-H. Ho, X. Nicollin, A. Olivero, J. Sifakis, and S. Yovine. The algorithmic analysis of hybrid systems. Theoretical Computer Science, 138:3–34, 1995.MATHCrossRefMathSciNetGoogle Scholar
  2. [AG00]
    R. Alur and R. Grosu. Modular refinement of hierarchic reactive machines. In Principles of Programming Languages, pp. 390–402, ACM Press, 2000.Google Scholar
  3. [AGH+00]
    R. Alur, R. Grosu, Y. Hur, V. Kumar, and I. Lee. Modular specification of hybrid systems in Charon. In Hybrid Systems: Computation and Control, LNCS 1790, pp. 130–144, Springer-Verlag, 2000.CrossRefGoogle Scholar
  4. [AH97]
    R. Alur and T.A. Henzinger. Modularity for timed and hybrid systems. In Concurrency Theory, LNCS 1243, pp. 74–88, Springer-Verlag, 1997.Google Scholar
  5. [AH99]
    R. Alur and T.A. Henzinger. Reactive modules. Formal Methods in System Design, 15:7–48, 1999.CrossRefGoogle Scholar
  6. [AL95]
    M. Abadi and L. Lamport. Conjoining specifications. ACM Transactions on Programming Languages and Systems, 17:507–534, 1995.CrossRefGoogle Scholar
  7. [BRJ98]
    G. Booch, J. Rumbaugh, and I. Jacobson. The Unified Modeling Language User Guide. Addison-Wesley, 1998.Google Scholar
  8. [DGH+99]
    J. Davis, M. Goel, C. Hylands, B. Kienhuis, E.A. Lee, J. Liu, X. Liu, L. Muliadi, S. Neuendorffer, J. Reekie, N. Smyth, J. Tsay, and Y. Xiong. Overview of the Ptolemy project. Tech. Rep. UCB/ERL M99/37, University of California, Berkeley, 1999.Google Scholar
  9. [DGV97]
    A. Deshpande, A. Göllü, and P. Varaiya. Shift: A formalism and a programming language for dynamic networks of hybrid automata. In Hybrid Systems, LNCS 1273, pp. 113–134, Springer-Verlag, 1997.CrossRefGoogle Scholar
  10. [Har87]
    D. Harel. Statecharts: A visual formalism for complex systems. Science of Computer Programming, 8:231–274, 1987.MATHCrossRefMathSciNetGoogle Scholar
  11. [Hen96]
    T.A. Henzinger, The theory of hybrid automata. In Logic in Computer Science, pp. 278–292, IEEE Computer Society Press, 1996.Google Scholar
  12. [Hen00]
    T.A. Henzinger. Masaccio: A formal model for embedded components. In Theoretical Computer Science, LNCS 1872, pp. 549–563, Springer Verlag, 2000.Google Scholar
  13. [LSVW96]
    N.A. Lynch, R. Segala, F. Vaandrager, and H.B. Weinberg. Hybrid I/O Automata. In Hybrid Systems, LNCS 1066, pp. 496–510, Springer-Verlag, 1996.CrossRefGoogle Scholar
  14. [McM97]
    K.L. McMillan. A compositional rule for hardware design refinement. In Computer-aided Verification, LNCS 1254, pp. 24–35, Springer-Verlag, 1997.Google Scholar
  15. [MC81]
    J. Misra and K.M. Chandy. Proofs of networks of processes. IEEE Transactions on Software Engineering, 7:417–426, 1981.CrossRefMathSciNetGoogle Scholar
  16. [TAKB96]
    S. Tasiran, R. Alur, R.P. Kurshan, and R.K. Brayton. Verifying abstractions of timed systems. In Concurrency Theory, LNCS 1119, pp. 546–562, Springer-Verlag, 1996.Google Scholar
  17. [US94]
    A.C. Uselton and S.A. Smolka. A compositional semantics for Statecharts using labeled transition systems. In Concurrency Theory, LNCS 836, pp. 2–17, Springer-Verlag, 1994.CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2001

Authors and Affiliations

  • Thomas A. Henzinger
    • 1
  • Marius Minea
    • 1
  • Vinayak Prabhu
    • 1
  1. 1.Dept. of EECSUniversity of CaliforniaBerkeleyUSA

Personalised recommendations