SSK5220

Cyber-Physical Systems Modeling

Chapter 3
Discrete
Dynamics
What is Modeling?

. Developing insight about a system through imitation.

. A model is an artifact that imitates the system of interest.
. A mathematical model is a model in the form of a set of
definitions and mathematical formulas often represented using a
modeling language.
. Key point: a modeling language has formal semantics.
What is Model-Based Design?

. Create a mathematical model of all the parts of the embedded

system:
. Physical world
. Sensors and actuators
. Hardware platform
. Software
. Network
. Control system
. Construct the implementation from the model:
. Construction may be automated, like a compiler.
. More commonly, only portions are automatically constructed.
Key Modeling Issues for Embedded Systems

. Concurrency
. Time
. Dynamics: discrete and continuous
Modeling Techniques

. Models are abstractions of system dynamics (i.e., how things

change over time):
. Discrete dynamics - finite-state machines (FSMs)
. Continuous dynamics - ordinary differential equations (ODEs) .
Discrete & Continuous Dynamics - Hybrid systems
3.1 Discrete Systems

► Discrete = “individually separate / distinct”

► A discrete system is one that operates in a
sequence of discrete steps or has signals
taking discrete values.
► It is said to have discrete dynamics.

►A discrete event occurs at an instant of time

rather than over time.
Discrete Systems: Example

► Count the number of cars that are present in a

parking garage by sensing cars enter and
leave the garage. Show this count on a display.
Discrete Systems

► Example: count the number of cars in a

parking garage by sensing those that enter and
leave:
Discrete Systems
. Example: count the number of cars that enter and exit a parking
garage:

> Pure signal: up: R -{absent,present}

■ Carries no value, information is being present or absent
> at anytime t =R, the input up(t) is
. either absent, meaning that there is no event at that time,
. or present, meaning that there is.
Reaction / Transition
. Discrete dynamics: sequence of reactions.
. For any t ∈ R where up(t) = present or down(t) = present the
Counter reacts by producing an output value in Z and changing its
internal state - event-triggered.

State: condition of the system at a particular point in time

• Encodes everything about the past that influences the
system’s reaction to current input

Discrete actor:
Counter : (R → {absent, present}){up,down} → (R → {absent ∪
Inputs and Outputs at Reaction

. For t ∈ R, the inputs are in a set:

Inputs = ({up, down} → {absent, present})

. The outputs are in a set:

Outputs = ({count} → {absent} ∪ Z)

3.2 State Space

. A practical parking garage has a finite number, M, parking spaces,

so the state space for the counter is:

States = {0 , 1 , 2 , . . . , M }
3.3 Finite State Machine (FSM)

► A statemachine is a model of a system with

discrete dynamics
. at each reaction maps inputs to outputs
. Map may depend on current state
► An FSM is a state machine where the set States
is finite. stares={state1,state2,state3}
FSM Notation

Input declarations, Output declarations, Extended state declarations

The guard (are conditions or state

constraints associated with
transitions) determines whether
transition
the transition may be taken on a
reaction. initial state
The action specifies what
outputs are produced on each
reaction.
self loop or self transition
Examples of Guards for Pure Signals

Transition is always enabled.

Transition is enabled if p1 is present.
Transition is enabled if p1 is absent.
Transition is enabled if both p1 and p2 are present.
Transition is enabled if either p1 or p2 is present.
Transition is enabled if p1 is present and p2 is
absent.
Guards for Signals

Transition is enabled if p3 is present (not absent).

Transition is enabled if p3 is present and has value 1.
Transition is enabled if p3 has value 1 and p1 is present.
Transition is enabled if p3 is present with value greater than 5.
3.3 FSM: Garage Counter

w dwn / 1 w dwn / M

dwn / 2 dwn /M-1

. Input is specified as guard g using the shorthand:

up ∧ ¬ down

which means

g = {{ up}} .
Inputs(up) = present and Inputs(down) = absent
3.3 FSM: Thermostat

input: :R
outputs pure

18 / heaton

temperature≥22/heatoff

. Hysteresis is used in this example to prevent chattering.

3.3.2 Default Transitions

UP A down / 1

down up / 0

. A default transition is enabled if no non-default transition is

enabled and it either has no guard or the guard evaluates to true.
. When is the above default transition enabled?
Difference Between Mealy And Moore Machine - link
Mealy Versus Moore Machines

up

down∧ up / M - 1

Mealy
Machine

Moore
Machine
Garage Counter Mathematical Model

/M
-1

Formally: (States, Inputs, Outputs, Update, InitialState),

where: . States = {0, 1, 2, . . . , M}
. Inputs = ({up, down} → {absent, present}) .
Outputs = ({count} → {0, 1, . . . , M, absent})
. Update : States ×Inputs → States ×Outputs (see above) .
InitialState = 0
3.3.4 FSM: Definitions

► Stuttering: (possibly implicit) default transition that is enabled

. when inputs are absent it does not change state and produces absent outputs.

► Deterministic (given the same inputs it will always produce the same
outputs)
. if, for each state, there is at most one transition enabled by each input value.
. formal definition of an FSM ensures that it is deterministic, since update is a function.

► Receptive (ensures that a state machine is always ready to react to any

input, and does not “get stuck” in any state)
. if, for each state, there is at least one transition possible on each input symbol.
. formal definition of an FSM ensures that it is receptive, since update is a function, not
a partial function.
3.4 Extended State Machines

nt al set act
lon
3.4 Extended FSM for the Garage Counter
augments the FSM model
varlable: c : …M} with variables that may be
pure read and written as part of
taking a transition between
…M} states

up∧ down c<M / c＋

down A Up 人 c
c ： 0 >0/c
c · c 1
Example of Thermostat
When does a reaction occur?

► Suppose all inputs are discrete and a reaction

occurs when any input is present. Then the below
transition will be taken whenever the current
state is s1 and x is present.

► This is an event-triggered model.

When does a reaction occur?

► Suppose x andy are discrete and pure

signals. When does the transition occur?

Answer: when the environment triggers a reaction and x is absent.

If this is a (complete) event-triggered model, then the transition will
never betaken because the reaction will only occur when x is present!
When does a reaction occur?

► Suppose all inputs are discrete and a

reaction occurs on the tick of an external
clock.
► This is a time-triggered model.
More Notation: Default Transitions

►A default transition is enabled if it either has

no guard or the guard evaluates to true. When
is
the below default transition enabled?
Default Transitions

► Example: Traffic Light Controller

FSM to Program
3.4 Extended FSM for Traffic Light Controller
3.5 Non-deterministic FSM for Environment

. Model of the environment for the traffic light is abstracted using

non-determinism.
3.5 Non-deterministic FSM for Specification

trueIsigG

true lsigR / · 7

rue s/ g
7
3.6 FSM Behaviors

. FSM behavior is a sequence of reactions.

. A trace is the record of inputs, states, and outputs in a behavior.

uw dwn / 1 uw dwn / M

dwn / 2 dwn /M-1

Input seqeuence
sup= (present, absent, present, absent,...)
sdown = (present, absent, absent,
3.6 FSM Behaviors

. A execution trace is a sequence of values assigned to inputs,

states, and outputs.
. A observable trace is a sequence of values assigned to inputs,
and outputs.
. For a fixed input sequence:
. A deterministic FSM exhibits a single behavior (trace).
. A non-deterministic FSM exhibits a set of behaviors (traces) which
can be visualized as a computation tree.
Computation Tree
Concluding Remarks

FSMs provide:
1 A way to represent the system for mathematical analysis, so that
a computer program can manipulate it.
2 A way to model the environment of a system.
3 A way to represent what the system must do and must not do -
(i.e., its specification).
4 A way to check whether the system satisfies its specification in its
operating environment.
. For example, using reachability analysis, one can determine that
some unsafe state is not reachable.