Building a hybrid systems modeler from synchronous language principles

Abstract

Hybrid systems modeling languages are widely used in the development of embedded systems. Two representatives are Simulink/Stateflow1 that combine Ordinary Differential Equations (ODEs), data-flow and difference equations, hierarchical automata a la StateCharts [14] together with imperative features; and the Modelica language [1]2 based on DAEs with features for modeling discrete components. Ptolemy II3 is another example in which several models of computation are combined [15]. The formal verification of hybrid systems has been extensively studied [9]. Yet, we share the viewpoint of Lee and Zheng that hybrid modeling languages are best viewed as programming languages that happen to have a hybrid systems semantics [16, 17]. This raises important questions related to their design, semantics and implementation, to get efficient and reliable simulations as well as provably equivalent embedded target code. While sequential code generation in hybrid modeling tools is routinely used for efficient simulation, it is little used or not used at all to produce target embedded code in critical applications that are submitted to strong safety requirements. This results in a break in the development chain: parts of applications must be rewritten into sequential code and all properties verified on the source model cannot be trusted and have to be reverified on the target code.