Papers by Benoit Caillaud
Lecture Notes in Computer Science, 2022
Tom Henzinger was among the co-founders of the paradigm of hybrid automata in 1992. Hybrid automa... more Tom Henzinger was among the co-founders of the paradigm of hybrid automata in 1992. Hybrid automata possess different locations, holding different ODE-based dynamics; exit conditions from a location trigger transitions, resulting in starting conditions for the next location. A large research activity was developed in the formal verification of hybrid automata; this paradigm still grounds popular commercial tools such as Stateflow for Simulink. However, modeling from first principles of physics requires a different approach: balance equations and conservation laws play a central role, and elementary physical components come with no prespecified input/output profile. All of this leads to grounding physical modeling on DAEs (Differential Algebraic Equations, of the form f (x ′ , x, v) = 0) instead of ODEs. DAE-based modeling, implemented for example in the Modelica language, allows for modularity and reuse of models. Unsurprisingly, DAE-based hybrid systems (also known as multimode DAE systems) emerge as the central paradigm in multiphysics modeling. Despite the growing popularity of modeling tools based on this paradigm, fundamental problems remain in the handling of multiple modes and mode changes-corresponding to multiple locations and transitions in hybrid automata. Deep symbolic analyses (grouped under the term "structural analysis" in the related community), grounded on solid foundations, are required to generate simulation code. This paper reviews the issues related to multimode DAE systems and proposes algorithms for their analysis. Computer science is instrumental in these works, with a lot to offer to the simulation scientific community.
In this paper we present a new method to perform the higher order sliding modes analysis of traje... more In this paper we present a new method to perform the higher order sliding modes analysis of trajectories of hybrid systems with chattering behavior. This method improves our previous work [AC15] as it modifies numerical simulation algorithms to make them compute the higher order terms of the normal unit vectors of the systems dynamics whenever the first order sliding mode theory cannot be applied. Such modification does not affect the generality of our previous contribution in [AC15]. Our algorithm is general enough to handle both chattering on a single (n−1) switching manifold (i.e. chattering between two dynamics) as well as chattering on the intersection of finitely many intersected (n−1) switching manifolds. In this last case, we show by a special hierarchical application of convex combinations, that unique solutions can be found in general cases when the switching function takes the form of finitely many intersecting manifolds so that an efficient numerical treatment of the sli...
HAL is a multi-disciplinary open access archive for the deposit and dissemination of scientific r... more HAL is a multi-disciplinary open access archive for the deposit and dissemination of scientific research documents, whether they are published or not. The documents may come from teaching and research institutions in France or abroad, or from public or private research centers. L'archive ouverte pluridisciplinaire HAL, est destinée au dépôt et à la diffusion de documents scientifiques de niveau recherche, publiés ou non, émanant des établissements d'enseignement et de recherche français ou étrangers, des laboratoires publics ou privés.
Lecture Notes in Computer Science, 2017
In this short note, we establish a link between the theory of Moore Interfaces proposed in 2002 b... more In this short note, we establish a link between the theory of Moore Interfaces proposed in 2002 by Chakraborty et al. as a specification framework for synchronous transition systems, and the Assume/Guarantee contracts as proposed in 2007 by Benveniste et al. as a simple and flexible contract framework. As our main result we show that the operation of saturation of A/G contracts (namely the mapping (A, G) → (A, G∨¬A)), which was considered a drawback of this theory, is indeed implemented by the Moore Game of Chakraborty et al. We further develop this link and come up with some remarks on Moore Interfaces.
Linköping Electronic Conference Proceedings, 2021
Since its version 3.3, the Modelica language offers the possibility to model multimode systems ha... more Since its version 3.3, the Modelica language offers the possibility to model multimode systems having different DAE-based dynamics in each mode, thanks to the introduction of state machines. When the differentiation index and structure varies with mode changes, compilers generate erroneous simulation code, often resulting in runtime exceptions. We propose in this paper a multimode structural analysis for both multiple modes and mode change events and we show how correct code for restarts can be generated. Our approach is illustrated on two simple but representative mechanical systems.
The Visual Computer, 2020
When defining virtual reality applications with complex procedures, such as medical operations or... more When defining virtual reality applications with complex procedures, such as medical operations or mechanical assembly or maintenance procedures, the complexity and the variability of the procedures makes the definition of the scenario difficult and time-consuming. Indeed, the variability complicates the definition of the scenario by the experts, and its combinatories demands a comprehension effort for the developer, which is often out of reach. Additionally, the experts have a hard time explaining the procedures with a sufficient level of details, as they usually forget to mention some actions that are, in fact, important for the application. To ease the creation of scenario, we propose a complete methodology, based on (1) an iterative process composed of: (2) the recording of actions in virtual reality to create sequences of actions, and (3) the use of mathematical tools that can generate a complete scenario from a few of those sequences, with (4) graphical visualization of the scenarios and complexity indicators. This process helps the expert to determine the sequences that must be recorded to obtain a scenario with the required variability.
Computing and Software Science, 2019
Our objective is to model and simulate Cyber-Physical Systems (CPS) such as robots, vehicles, and... more Our objective is to model and simulate Cyber-Physical Systems (CPS) such as robots, vehicles, and power plants. The structure of CPS models may change during simulation due to the desired operation, due to failure situations or due to changes in physical conditions. Corresponding models are called multi-mode. We are interested in multidomain, component-oriented modeling as performed, for example, with the modeling language Modelica that leads naturally to Differential Algebraic Equations (DAEs). This paper is thus about multi-mode DAE systems. In particular, new methods are discussed to overcome one key problem that was only solved for specific subclasses of systems before: How to switch from one mode to another one when the number of equations may change and variables may exhibit impulsive behavior? An evaluation is performed both with the experimental modeling and simulation system Modia, a domain specific language extension of the programming language Julia, and with SunDAE, a novel structural analysis library for multi-mode DAE systems.
Recently, contract based design has been proposed as an "orthogonal" approach that can be applied... more Recently, contract based design has been proposed as an "orthogonal" approach that can be applied to all methodologies proposed so far to cope with the complexity of system design. Contract based design provides a rigorous scaffolding for verification, analysis and abstraction/refinement. Companion paper proposes a unified treatment of the topic that can help in putting contract-based design in perspective. This paper complements by further discussing methodological aspects of system design with contracts in perspective and presenting two application cases. The first application case illustrates the use of contracts in requirement engineering, an area of system design where formal methods were scarcely considered, yet are stringently needed. We focus in particular to the critical design step by which sub-contracts are generated for suppliers from a set of different viewpoints (specified as contracts) on the global system. We also discuss important issues regarding certification in requirement engineering, such as consistency, compatibility, and completeness of requirements. The second example is developed in the context of the Autosar methodology now widely advocated in the automotive sector. We propose a contract framework to support schedulability analysis, a key step in Autosar methodology. Our aim differs from the many proposals for compositional schedulability analysis in that we aim at defining sub-contracts for suppliers, not just performing the analysis by parts-we know from companion paper [11] that sub-contracting to suppliers differs from a compositional analysis entirely performed by the OEM. We observe that the methodology advocated by Autosar is in contradiction with contract based design in that some recommended design steps cannot be refinements. We show how to circumvent this difficulty by precisely bounding the risk at system integration phase. Another feature of this application case is the combination of manual reasoning for local properties and use of the formal contract algebra to lift a collection of local checks to a system wide analysis.
Proceedings of the 4th ACM international conference on Embedded software, 2004
We present an extension of a mathematical framework proposed by the authors to deal with the comp... more We present an extension of a mathematical framework proposed by the authors to deal with the composition of heterogeneous reactive systems. Our extended framework encompasses diverse models of computation and communication such as synchronous, asynchronous, causality-based partial orders, and earliest execution times. We introduce an algebra of tag structures and morphisms between tag sets to define heterogeneous parallel composition formally and we use a result on pullbacks from category theory to handle properly the case of systems derived by composing many heterogeneous components. The extended framework allows us to establish theorems, from which design techniques for correct-by-construction deployment of abstract specifications can be derived. We illustrate this by providing a complete formal support for correct-by-construction distributed deployment of a synchronous design specification over an Ltta medium.
Lecture Notes in Computer Science, 2004
Recently we proposed a mathematical framework offering diverse models of computation and a formal... more Recently we proposed a mathematical framework offering diverse models of computation and a formal foundation for correct-byconstruction deployment of synchronous designs over distributed architecture (such as GALS or LTTA). In this paper, we extend our framework to model explicitly causality relations and scheduling constraints. We show how the formal results on the preservation of semantics hold also for these cases and we discuss the overall contribution in the context of previous work on desynchronization.
Computational Analysis, Synthesis, & Design Dynamic Systems, 2009
Formal Methods in System Design, 2006
HAL is a multi-disciplinary open access archive for the deposit and dissemination of scientific r... more HAL is a multi-disciplinary open access archive for the deposit and dissemination of scientific research documents, whether they are published or not. The documents may come from teaching and research institutions in France or abroad, or from public or private research centers. L'archive ouverte pluridisciplinaire HAL, est destinée au dépôt et à la diffusion de documents scientifiques de niveau recherche, publiés ou non, émanant des établissements d'enseignement et de recherche français ou étrangers, des laboratoires publics ou privés.
Electronic Notes in Theoretical Computer Science, 2006
We consider the problem of synthesizing the asynchronous wrappers and glue logic needed for the c... more We consider the problem of synthesizing the asynchronous wrappers and glue logic needed for the correct GALS implementation of a modular synchronous system. Our approach is based on the weakly endochronous synchronous model, which defines high-level, implementation-independent conditions guaranteeing correct desynchronization at the level of the abstract synchronous model. We can therefore factor the synthesis problem into (1) a high-level, implementation-independent phase insuring the weak endochrony of each synchronous module and (2) the actual wrapper synthesis phase, highly simplified by the high-level assumptions, yet flexible enough to produce various, efficient implementations. We focus here on the synthesis of delay-insensitive asynchronous wrappers from weakly endochronous synchronous modules, and show how this can be done for a simple DLX processor model.
R sum : On propose un nouveau formalisme, appel Bdl, destin servir de socle s mantique aux diagra... more R sum : On propose un nouveau formalisme, appel Bdl, destin servir de socle s mantique aux diagrammes dynamiques d'UML. Bdl permet de conf rer une s mantique comportementale globale un syst me impliquant plusieurs composants. On peut traduire en Bdl di rents types de diagrammes, tels que les diagrammes de s quence ou les diagrammes d' tats (statecharts), ce qui permet ensuite de combiner ces di rents diagrammes. Bdl o re au choix une s mantique synchrone ou asynchrone pour la communication entre composants. Le passage de l'une l'autre est s mantiquement contr l pour tre garanti correct. Ceci permet plus de exibilit au concepteur pour modi er son architecture lors du processus qui conduit de la sp ci cation initiale au d ploiement. Nous illustrons l'utilisation de Bdl sur un exercice d'adaptation de service en t l communications.
HAL (Le Centre pour la Communication Scientifique Directe), Feb 18, 2022
Since its 3.3 release, Modelica offers the possibility to specify models of dynamical systems wit... more Since its 3.3 release, Modelica offers the possibility to specify models of dynamical systems with multiple modes having different DAE-based dynamics. However, the handling of such models by the current Modelica tools is not satisfactory, with mathematically sound models yielding exceptions at runtime. In this report, we illustrate this behavior on several small-sized examples, shedding light on the shortcomings of the approximate structural analysis implemented in current Modelica tools. To address part of these issues, we propose a systematic transformation process for multimode Modelica models, based on the results of an already implemented multimode structural analysis, that guarantees that the output Modelica model is correctly compiled by state-of-the-art Modelica tools. Still, this transformation is limited to models that do not exhibit impulsive behaviors at mode changes: the remaining issues illustrated by our introductory examples can only be solved by a structural analysis of mode changes, coupled with a specific handling of impulsive variables. We address these points in this report by proposing, first, a structural analysis method able to handle modes and mode changes in a unified framework, and second, a compile-time identification and characterization of impulsive variables. Implementations of both methods, based on efficient symbolic representations and algorithms, are in the works.
Nurse Education Today, 2019
Background: Virtual Reality (VR) simulation has recently been developed and has improved surgical... more Background: Virtual Reality (VR) simulation has recently been developed and has improved surgical training. Most VR simulators focus on learning technical skills and few on procedural skills. Studies that evaluated VR simulators focused on feasibility, reliability or easiness of use, but few of them used a specific acceptability measurement tool. Objectives: The aim of the study was to assess acceptability and usability of a new VR simulator for procedural skill training among scrub nurses, based on the Unified Theory of Acceptance and Use of Technology (UTAUT) model. Participants: The simulator training system was tested with a convenience sample of 16 nonexpert users and 13 expert scrub nurses from the neurosurgery department of a French University Hospital. Methods: The scenario was designed to train scrub nurses in the preparation of the instrumentation table for a craniotomy in the operating room (OR). Results: Acceptability of the VR simulator was demonstrated with no significant difference between expert scrub nurses and non-experts. There was no effect of age, gender or expertise. Workload, immersion and simulator sickness were also rated equally by all participants. Most participants stressed its pedagogical interest, fun and realism, but some of them also regretted its lack of visual comfort. Conclusion: This VR simulator designed to teach surgical procedures can be widely used as a tool in initial or vocational training.
Proceedings of the 23rd International Conference on Hybrid Systems: Computation and Control
The Modelica mathematical modeling language, based on Differential Algebraic Equations (DAE), bri... more The Modelica mathematical modeling language, based on Differential Algebraic Equations (DAE), brings several specific issues that do not exist with modeling languages based on Ordinary Differential Equations. The main problem is the determination of the differentiation index and latent equations. Prior to generating simulation code and calling solvers, the compilation of a Modelica model requires a structural analysis step, which reduces the differentiation index to a level acceptable by numerical solvers. The Modelica language allows hybrid models with multiple modes, mode-dependent dynamics and state-dependent mode switching. These Multimode DAE (mDAE) systems are much harder to deal with. The main difficulties are (i) the combinatorial explosion of the number of modes, and (ii) the correct handling of mode switchings. The focus of this report is on the first issue, namely: How can one perform a structural analysis of an mDAE in all possible modes, without enumerating these modes? A structural analysis algorithm for mDAE systems is presented, based on an implicit representation of the varying structure of an mDAE. It generalizes J. Pryce's structural analysis method to the multimode case and uses Binary Decision Diagrams (BDD) to represent the mode-dependent structure of an mDAE. The algorithm determines, as a function of the mode, the set of latent equations, the leading variables and the state vector. This is then used to compute a mode-dependent block-triangular decomposition of the system, that can be used to generate simulation code with a mode-dependent scheduling of the blocks of equations. This report is an extended version of the homonym paper, published in the proceedings of the HSCC'20 conference [7].
MDPI Electronics, 2022
HAL is a multidisciplinary open access archive for the deposit and dissemination of scientific re... more HAL is a multidisciplinary open access archive for the deposit and dissemination of scientific research documents, whether they are published or not. The documents may come from teaching and research institutions in France or abroad, or from public or private research centers. L'archive ouverte pluridisciplinaire HAL, est destinée au dépôt et à la diffusion de documents scientifiques de niveau recherche, publiés ou non, émanant des établissements d'enseignement et de recherche français ou étrangers, des laboratoires publics ou privés.
Uploads
Papers by Benoit Caillaud