Abstract not found

We present a method of translating discrete-time Simulink models to Lustre programs. Our method consists of three steps: type inference, clock inference and hierarchical bottom-up translation. In the process, we formalize typing and timing mechanisms of Simulink. The method has been implemented in a prototype tool called S2L. The tool has been used to translate part of an industrial automotive controller provided by Audi. 1

Abstract. We present a methodology and a toolkit for improving simulation coverage of Simulink/Stateflow models of hybrid systems using symbolic analysis of simulation traces. We propose a novel instrumentation scheme that allows the simulation engine of Simulink/Stateflow to output, along with the concrete simulation trace, the symbolic transformers needed for our analysis. Given a simulation trace, along with the symbolic transformers, our analysis computes a set of initial states that would lead to traces with the same sequence of discrete components at each step of the simulation. Such an analysis relies critically on the use of convex polyhedra to represent sets of states. However, the exponential complexity of the polyhedral operations implies that the performance of the analysis would degrade rapidly with the increasing size of the model and the simulation traces. We propose a new representation, called the bounded vertex representation, which allows us to perform under-approximate computations while fixing the complexity of the representation a priori. Using this representation we achieve a trade-off between the complexity of the symbolic computation and the quality of the under-approximation. We demonstrate the benefits of our approach over existing simulation and verification methods with case studies. 1

Abstract. Interchange formats have been the backbone of the EDA industry for several years. They are used as a way of helping the development of design flows that integrate foreign tools using formats with different syntax and, more importantly, different semantics. The need for integrating tools coming from different communities is even more severe for hybrid systems because of the relative immaturity of the field and the intrinsic difficulty of the mathematical underpinnings. In this paper, we provide a discussion about interchange formats for hybrid systems, we survey the approaches used by different tools for analysis (simulation and formal verification) and synthesis of hybrid systems, and we give a recommendation for an interchange format for hybrid systems based on the Metropolis metamodel. The proposed interchange format has rigorous semantics and can accommodate the translation to and from the formats of the tools we have surveyed while providing a formal reasoning framework. 1

As VLSI fabrication technology progresses to 65nm feature sizes and smaller, transistors no longer operate as ideal switches. This motivates verifying digital circuits using continuous models. This paper presents the verification of the high-speed, toggle flip-flop proposed by Yuan and Svensson [1]. Our approach builds on the projection based methods originally proposed by Greenstreet and Mitchell [2], [3]. While they were only able to demonstrate their approach with two- and threedimensional systems, we apply projection based analysis to a seven-dimensional model for the flip-flop. We believe that this is the largest verification to date of a digital circuit using non-linear circuit-level models. In this paper, we describe how we overcame problems of numerical errors and instability associated with the original projection based methods. In particular, we present a novel linear-program solver and new methods for constructing accurate linear approximations of non-linear dynamics. We use the toggle flip-flop as an example and consider how these methods could be extended to verify a standard cell library for digital design.

Coho is a verification tool for systems modeled by nonlinear ordinary differential equations (ODEs). Verification is performed using reachability analysis. The reachable space is represented by projectagons which are the polyhedron described by their projection onto two dimensional subspace. Coho approximates nonlinear ODEs with linear differential inclusions to compute the reachable state. We re-engineer the Coho system to provide a robust implementation with a clear interface and well-organized structure. We demonstrate the soundness and robustness of our approach by applying it to several examples, including a three dimensional, non-linear systems for which previous version of Coho failed due to numerical stability problems. The correctness of Coho strongly depends on the accuracy, efficiency and robustness of the linear program solver that is used throughout the analysis. Our Coho linear program solver is implemented by integrating the Simplex algorithm with interval arithmetic based on the framework set up by Laza [Laz01]. For highly illconditioned problems, an approximation that is very close to the optimal result is computed by our algorithm. This results in a very small error bound that allows Coho to successfully verify interesting examples. This thesis also presents an algorithm to solve the problem of projecting the feasible region of a linear program onto two dimensional subspaces. This algorithm uses the Coho linear program solver for efficiency and accuracy. We derive an analytical upper bound for the error and present experimental results to show that the errors are negligible in practice. ii

We present the circuit-level verification of a common arbiter circuit. To perform this verification, we address three issues. First, we present a specification for the arbiter and show how this specification amounts to a set of topological constraints on trajectories of the continuous model. Second, we show that computing bounding sets for these trajectories is complicated by stiffness of the differential equation model and present novel techniques for handling stiff equations in a formal verification context. Finally, we note that while no arbiter can be guaranteed to always grant a pending request, we can show liveness in the presence of concurrent requests in an “almost surely ” sense. I.

Abstract. We present a new algorithm for the reachability analysis of multi-affine hybrid systems. In our previous work on reachability analysis and that of our collaborators [1–3], we exploited the convexity of multiaffine functions and the fact that the vector field in modes with rectangular invariants is uniquely determined by its values at the rectangle vertices. In this paper, we explicitly calculate conical overapproximations of the reachable set in the invariant of each mode. We describe our Multi-Affine Reachability analysis using Conical Overapproximations, Marco, and show that it yields results that are superior to those obtained by existing methods for multi-affine hybrid systems. Finally, we demonstrate the application of Marco to the analysis of an ant house hunting model that incorporates quorum sensing [4] and the analysis of bi-stability of the lactose induction system regulated by glucose and lactose [5]. 1

Abstract not found

Abstract—This paper presents the verification of an asynchronous arbiter modeled at the circuit level with non-linear ordinary differential equations. We use Brockett’s annulus to represent the allowed families of continuous waveforms for input and output signals and show that the metastability filter of the arbiter can be understood as a “Brockett annulus transformer.” Improvements to the Coho verification tool are described that reduce the over approximation errors when working with nonconvex reachable regions. The verification shows that the arbiter observes a four-phase handshake protocol with its clients and maintains mutual exclusion. We also show several liveness properties including bounded time response to uncontested requests and that grants are issued fairly.