Papers by Benoît Caillaud
Differential Algebraic Equation (DAE) systems constitute the mathematical model supporting physic... more Differential Algebraic Equation (DAE) systems constitute the mathematical model supporting physical modeling languages such as Modelica, VHDL-AMS, or Simscape. Unlike ODEs, they exhibit subtle issues because of their implicit latent equations and related differentiation index. Multi-mode DAE (mDAE) systems are much harder to deal with, not only because of their mode-dependent dynamics, but essentially because of the events and resets occurring at mode transitions. Unfortunately, the large literature devoted to the numerical analysis of DAEs does not cover the multi-mode case. It typically says nothing about mode changes. This lack of foundations cause numerous difficulties to the existing modeling tools. Some models are well handled, others are not, with no clear boundary between the two classes. In this paper we develop a comprehensive mathematical approach to the structural analysis of mDAE systems which properly extends the usual analysis of DAE systems. We define a constructive semantics based on nonstandard analysis and show how to produce execution schemes in a systematic way. This report is an extended version of the publication [2].
Lecture Notes in Computer Science, 2022
Tom Henzinger was among the co-founders of the paradigm of hybrid automata in 1992. Hybrid automa... more Tom Henzinger was among the co-founders of the paradigm of hybrid automata in 1992. Hybrid automata possess different locations, holding different ODE-based dynamics; exit conditions from a location trigger transitions, resulting in starting conditions for the next location. A large research activity was developed in the formal verification of hybrid automata; this paradigm still grounds popular commercial tools such as Stateflow for Simulink. However, modeling from first principles of physics requires a different approach: balance equations and conservation laws play a central role, and elementary physical components come with no prespecified input/output profile. All of this leads to grounding physical modeling on DAEs (Differential Algebraic Equations, of the form f (x ′ , x, v) = 0) instead of ODEs. DAE-based modeling, implemented for example in the Modelica language, allows for modularity and reuse of models. Unsurprisingly, DAE-based hybrid systems (also known as multimode DAE systems) emerge as the central paradigm in multiphysics modeling. Despite the growing popularity of modeling tools based on this paradigm, fundamental problems remain in the handling of multiple modes and mode changes-corresponding to multiple locations and transitions in hybrid automata. Deep symbolic analyses (grouped under the term "structural analysis" in the related community), grounded on solid foundations, are required to generate simulation code. This paper reviews the issues related to multimode DAE systems and proposes algorithms for their analysis. Computer science is instrumental in these works, with a lot to offer to the simulation scientific community.
Proceedings of the 23rd International Conference on Hybrid Systems: Computation and Control
The Modelica mathematical modeling language, based on Differential Algebraic Equations (DAE), bri... more The Modelica mathematical modeling language, based on Differential Algebraic Equations (DAE), brings several specific issues that do not exist with modeling languages based on Ordinary Differential Equations. The main problem is the determination of the differentiation index and latent equations. Prior to generating simulation code and calling solvers, the compilation of a Modelica model requires a structural analysis step, which reduces the differentiation index to a level acceptable by numerical solvers. The Modelica language allows hybrid models with multiple modes, mode-dependent dynamics and state-dependent mode switching. These Multimode DAE (mDAE) systems are much harder to deal with. The main difficulties are (i) the combinatorial explosion of the number of modes, and (ii) the correct handling of mode switchings. The focus of this report is on the first issue, namely: How can one perform a structural analysis of an mDAE in all possible modes, without enumerating these modes? A structural analysis algorithm for mDAE systems is presented, based on an implicit representation of the varying structure of an mDAE. It generalizes J. Pryce's structural analysis method to the multimode case and uses Binary Decision Diagrams (BDD) to represent the mode-dependent structure of an mDAE. The algorithm determines, as a function of the mode, the set of latent equations, the leading variables and the state vector. This is then used to compute a mode-dependent block-triangular decomposition of the system, that can be used to generate simulation code with a mode-dependent scheduling of the blocks of equations. This report is an extended version of the homonym paper, published in the proceedings of the HSCC'20 conference [7].
Electronics
Since its 3.3 release, Modelica offers the possibility to specify models of dynamical systems wit... more Since its 3.3 release, Modelica offers the possibility to specify models of dynamical systems with multiple modes having different DAE-based dynamics. However, the handling of such models by the current Modelica tools is not satisfactory, with mathematically sound models yielding exceptions at runtime. In this article, we propose several contributions to this multifaceted issue, namely: an efficient and scalable multimode extension of the structural analysis of Modelica models; a systematic way of rewriting a multimode Modelica model, based on this analysis, so that the rewritten model is guaranteed to be correctly compiled by state-of-the-art Modelica tools; a proposal for the handling of the consistent initialization of multimode models; multimode structural analysis algorithms that handle both multiple modes and mode change events in a unified framework, coupled with a compile-time algorithm for identifying and quantifying impulsive behaviors at mode changes. Our approach is illu...
2020 Forum for Specification and Design Languages (FDL)
Deterministic Propositional Acceptance Automata (DPAA) are proposed to capture system requirement... more Deterministic Propositional Acceptance Automata (DPAA) are proposed to capture system requirements expressing mandatory and forbidden discrete-time behavior. The main feature of this formalism is that it can express the expected behavior when the system is in a particular state. DPAA are therefore blending together state properties, expressed as propositional formulas, and simple discrete-time temporal properties, expressed as mandatory and forbidden actions whenever a given state property holds. They extend modal transition systems to a propositonal setting, where models are Kripke structures, rather than labelled transition systems. Composition operators on DPAA are provided, making them an Interface Theory, with a refinement relation, parallel composition, conjunction and quotient operators. An implicit representation using characteristic functions is also proposed to limit the time/space computational complexity.
HAL is a multidisciplinary open access archive for the deposit and dissemination of scientific re... more HAL is a multidisciplinary open access archive for the deposit and dissemination of scientific research documents, whether they are published or not. The documents may come from teaching and research institutions in France or abroad, or from public or private research centers. L'archive ouverte pluridisciplinaire HAL, est destinée au dépôt et à la diffusion de documents scientifiques de niveau recherche, publiés ou non, émanant des établissements d'enseignement et de recherche français ou étrangers, des laboratoires publics ou privés.
ArXiv, 2021
Modern modeling languages for general physical systems, such as Modelica, Amesim, or Simscape, re... more Modern modeling languages for general physical systems, such as Modelica, Amesim, or Simscape, rely on Differential Algebraic Equations (DAEs), i.e., constraints of the form f(x′, x, u) = 0. This drastically facilitates modeling from first principles of the physics, as well as model reuse. In recent works [2, 3], we presented the mathematical theory needed to establish the development of compilers and tools for DAE-based physical modeling languages on solid mathematical grounds. At the core of this analysis sits the so-called structural analysis, whose purpose, at compile time, is to either identify underand overspecified subsystems (if any), or to rewrite the model in a form amenable of existing DAE solvers, including the handling of mode change events. The notion of “structure” collects, for each mode and mode change event, the variables and equations involved, as well as the latent equations (additional equations redundant with the system), needed to prepare the code submitted to...
Proceedings of the 20th International Conference on Hybrid Systems: Computation and Control, 2017
Differential Algebraic Equation (DAE) systems constitute the mathematical model supporting physic... more Differential Algebraic Equation (DAE) systems constitute the mathematical model supporting physical modeling languages such as Modelica, VHDL-AMS, or Simscape. Unlike ODEs, they exhibit subtle issues because of their implicit latent equations and related differentiation index. Multi-mode DAE (mDAE) systems are much harder to deal with, not only because of their mode-dependent dynamics, but essentially because of the events and resets occurring at mode transitions. Unfortunately, the large literature devoted to the numerical analysis of DAEs does not cover the multi-mode case. It typically says nothing about mode changes. This lack of foundations cause numerous difficulties to the existing modeling tools. Some models are well handled, others are not, with no clear boundary between the two classes. In this paper we develop a comprehensive mathematical approach to the structural analysis of mDAE systems which properly extends the usual analysis of DAE systems. We define a constructive semantics based on nonstandard analysis and show how to produce execution schemes in a systematic way. This report is an extended version of the publication [2].
Fundamenta Informaticae, 2011
This paper presents the modal interface theory, a unification of interface automata and modal spe... more This paper presents the modal interface theory, a unification of interface automata and modal specifications, two radically dissimilar models for interface theories. Interface automata is a game-based model, which allows the designer to express assumptions on the environment and which uses an optimistic view of composition: two components can be composed if there is an environment where they can work together. Modal specifications are a language theoretic account of a fragment of the modal mu-calculus logic with a rich composition algebra which meets certain methodological requirements but which does not allow the environment and the component to be distinguished. The present paper contributes a more thorough unification of the two theories by correcting a first attempt in this direction by Larsen et al., drawing a complete picture of the modal interface algebra, and pushing the comparison between interface automata, modal automata and modal interfaces even further. The work reported here is based on earlier work presented in [41] and [42].
Proceedings of the IEEE, 2018
Hybrid systems modeling languages that mix discrete and continuous time signals and systems are w... more Hybrid systems modeling languages that mix discrete and continuous time signals and systems are widely used to develop Cyber-Physical systems where control software interacts with physical devices. Compilers play a central role, statically checking source models, generating intermediate representations for testing and verification, and producing sequential code for simulation and execution on target platforms. This paper presents a novel approach to the design and implementation of a hybrid systems language, built on synchronous language principles and their proven compilation techniques. The result is a hybrid systems modeling language in which synchronous programming constructs can be mixed with Ordinary Differential Equations (ODEs) and zero-crossing events, and a runtime that delegates their approximation to an off-the-shelf numerical solver. We propose an ideal semantics based on non standard analysis, which defines the execution of a hybrid model as an infinite sequence of infinitesimally small time steps. It is used to specify and prove correct three essential compilation steps: (1) a type system that guarantees that a continuous-time signal is never used where a discrete-time one is expected and conversely; (2) a type system that ensures the absence of combinatorial loops; (3) the generation of statically scheduled code for efficient execution. Our approach has been evaluated in two implementations: the academic language Zélus, which extends a language reminiscent of Lustre with ODEs and zero-crossing events, and the industrial prototype Scade Hybrid, a conservative extension of Scade 6.
Recently, contract based design has been proposed as an "orthogonal" approach that can be applied... more Recently, contract based design has been proposed as an "orthogonal" approach that can be applied to all methodologies proposed so far to cope with the complexity of system design. Contract based design provides a rigorous scaffolding for verification, analysis and abstraction/refinement. Companion paper [11] proposes a unified treatment of the topic that can help in putting contract-based design in perspective. This paper complements [11] by further discussing methodological aspects of system design with contracts in perspective and presenting two application cases. The first application case illustrates the use of contracts in requirement engineering, an area of system design where formal methods were scarcely considered, yet are stringently needed. We focus in particular to the critical design step by which subcontracts are generated for suppliers from a set of different viewpoints (specified as contracts) on the global system. We also discuss important issues regarding certification in requirement engineering, such as consistency, compatibility, and completeness of requirements. The second example is developed in the context of the Autosar methodology now widely advocated in the automotive sector. We propose a contract framework to support schedulability analysis, a key step in Autosar methodology. Our aim differs from the many proposals for compositional schedulability analysis in that we aim at defining subcontracts for suppliers, not just performing the analysis by parts-we know from companion paper [11] that subcontracting to suppliers differs from a compositional analysis entirely performed by the OEM. We observe that the methodology advocated by Autosar is in contradiction with contract based design in that some recommended design steps cannot be refinements. We show how to circumvent this difficulty by precisely bounding the risk at system integration phase. Another feature of this application case is the combination of manual reasoning for local properties and use of the formal contract algebra to lift a collection of local checks to a system wide analysis.
Proceedings of the 17th international conference on Hybrid systems: computation and control, 2014
Lecture Notes in Computer Science, 2004
Recently we proposed a mathematical framework offering diverse models of computation and a formal... more Recently we proposed a mathematical framework offering diverse models of computation and a formal foundation for correct-byconstruction deployment of synchronous designs over distributed architecture (such as GALS or LTTA). In this paper, we extend our framework to model explicitly causality relations and scheduling constraints. We show how the formal results on the preservation of semantics hold also for these cases and we discuss the overall contribution in the context of previous work on desynchronization.
Hybrid systems exhibit mode-dependent continuous-time dynamics. They are encountered in several p... more Hybrid systems exhibit mode-dependent continuous-time dynamics. They are encountered in several phases of Cyber-Physical Systems design: physical system modeling, budgeting time over the computing architecture, safety analyses, and more generally virtual system modeling. These different phases typically involve different kinds of tools, with differing interpretations of the underlying mathematics. By exhibiting a mix of continuous-and discrete-time, hybrid systems raise a number of unexpected challenges for existing modeling and simulation tools. We review these challenges and propose some new perspectives for addressing them. Recalling the theoretical effort that underpinned the development of synchronous languages-which allowed, for example, the development of a certified compiler for SCADE-we propose redoing the same for hybrid systems modeling tools.
Task description: Provides the formal definition and semantics of multi-mode DAE systems. The fir... more Task description: Provides the formal definition and semantics of multi-mode DAE systems. The first version of this deliverable is the basis for the prototypes in WP4.2. The second version is an improved form taking into account the experience with the prototypes. .
49th IEEE Conference on Decision and Control (CDC), 2010
Hybrid systems modelers have become the corner stone of embedded system development, with Simulin... more Hybrid systems modelers have become the corner stone of embedded system development, with Simulink a de facto standard and Modelica a new player. Such tools still raise a number of issues that, we believe, require more fundamental understanding. In this paper we propose using non standard analysis as a semantic domain for hybrid systems-non standard analysis is an extension of classical analysis in which infinitesimals (the ε and η in the celebrated generic sentence ∀ε∃η. .. in college maths) can be manipulated as first class citizens. This allows us to provide a denotational semantics and a constructive semantics for hybrid systems, thus establishing simulation engines on a firm mathematical basis. In passing, we cleanly separate the job of the numerical analyst (solving differential equations) from that of the computer scientist (generating execution schemes). 1
Lecture Notes in Computer Science, 2008
2009 Ninth International Conference on Application of Concurrency to System Design, 2009
In this paper we revisit the fundamentals of interface theories. Methodological considerations ca... more In this paper we revisit the fundamentals of interface theories. Methodological considerations call for supporting "aspects" and "assume/guarantee" reasoning. From these considerations, we show that, in addition to the now classical refinement and substitutability properties of interfaces, two additional operations are needed, namely: conjunction and residuation (or quotient). We draw the attention to the difficulty in handling interfaces having different alphabetswhich calls for alphabet equalization. We show that alphabet equalization must be performed differently for the different operations. Then, we show that Modal Interfaces, as adapted from the original proposal by Kim Larsen, offer the needed flexibility.
Journal of Computer and System Sciences, 2012
Uploads
Papers by Benoît Caillaud