Hycomes was created a local team of the Rennes — Bretagne Atlantique Inria research center in 2013 and has been created as an Inria Project-Team in 2016. The team is focused on two topics in cyber-physical systems design:
Hybrid systems modelling, with an emphasis on the design of modelling languages in which software systems, in interaction with a complex physical environment, can be modelled, simulated and verified. A special attention is paid to the mathematical rigorous semantics of these languages, and to the correctness (wrt. such semantics) of the simulations and of the static analyses that must be performed during compilation. The Modelica language is the main application field. The team aims at contributing language extensions facilitating the modelling of physical domains which are poorly supported by the Modelica language. The Hycomes team is also designing new structural analysis methods for hybrid (aka. multi-mode) Modelica models. New simulation and verification techniques for large Modelica models are also in the scope of the team.
Contract-based design and interface theories, with applications to requirements engineering in the context of safety-critical systems design. The objective of our research is to bridge the gap between system-level requirements, often expressed in natural, constrained or semi-formal languages and formal models, that can be simulated and verified.
Systems industries today make extensive use of mathematical modeling tools to design computer controlled physical systems. This class of tools addresses the modeling of physical systems with models that are simpler than usual scientific computing problems by using only Ordinary Differential Equations (ODE) and Difference Equations but not Partial Differential Equations (PDE). This family of tools first emerged in the 1980's with SystemBuild by MatrixX (now distributed by National Instruments) followed soon by Simulink by Mathworks, with an impressive subsequent development.
In the early 90's control scientists from the University of Lund
(Sweden) realized that the above approach did not support component
based modeling of physical systems with reuse
Despite these tools are now widely used by a number of engineers, they raise a number of technical difficulties. The meaning of some programs, their mathematical semantics, can be tainted with uncertainty. A main source of difficulty lies in the failure to properly handle the discrete and the continuous parts of systems, and their interaction. How the propagation of mode changes and resets should be handled? How to avoid artifacts due to the use of a global ODE solver causing unwanted coupling between seemingly non interacting subsystems? Also, the mixed use of an equational style for the continuous dynamics with an imperative style for the mode changes and resets is a source of difficulty when handling parallel composition. It is therefore not uncommon that tools return complex warnings for programs with many different suggested hints for fixing them. Yet, these “pathological” programs can still be executed, if wanted so, giving surprising results — See for instance the Simulink examples in , and .
Indeed this area suffers from the same difficulties that led to the development of the theory of synchronous languages as an effort to fix obscure compilation schemes for discrete time equation based languages in the 1980's. Our vision is that hybrid systems modeling tools deserve similar efforts in theory as synchronous languages did for the programming of embedded systems.
Non-Standard analysis plays a central role in our research on hybrid systems modeling , , , . The following text provides a brief summary of this theory and gives some hints on its usefulness in the context of hybrid systems modeling. This presentation is based on our paper , a chapter of Simon Bliudze's PhD thesis , and a recent presentation of non-standard analysis, not axiomatic in style, due to the mathematician Lindström .
Non-standard numbers allowed us to reconsider the semantics of hybrid
systems and propose a radical alternative to the super-dense
time semantics developed by Edward Lee and his team as part of the
Ptolemy II project, where cascades of successive instants can occur in
zero time by using
Non-standard analysis was proposed by Abraham Robinson in the 1960s to allow the explicit manipulation of “infinitesimals” in analysis , , . Robinson's approach is axiomatic; he proposes adding three new axioms to the basic Zermelo-Fraenkel (ZFC) framework. There has been much debate in the mathematical community as to whether it is worth considering non-standard analysis instead of staying with the traditional one. We do not enter this debate. The important thing for us is that non-standard analysis allows the use of the non-standard discretization of continuous dynamics “as if” it was operational.
Not surprisingly, such an idea is quite ancient. Iwasaki et al. first proposed using non-standard analysis to discuss the nature of time in hybrid systems. Bliudze and Krob , have also used non-standard analysis as a mathematical support for defining a system theory for hybrid systems. They discuss in detail the notion of “system” and investigate computability issues. The formalization they propose closely follows that of Turing machines, with a memory tape and a control mechanism.
The Modelica language is based on Differential Algebraic Equations (DAE). The general form of a DAE is given by:
where
Let
The state variables of
A leading variable
DAE are a strict generalization of ordinary differential
equations (ODE), in the sense that it may not be immediate
to rewrite a DAE as an explicit ODE of the form
For a square DAE of dimension
can locally be made explicit, i.e., the Jacobian matrix of
In practice, the problem of automatically finding a ”minimal”
solution
A renowned method for the SA of DAE is the Pantelides method;
however, Pryce's
In 1988, Pantelides proposed what is probably the most well-known SA method for DAE . The leading idea of his work is that the structural representation of a DAE can be condensed into a bipartite graph whose left nodes (resp. right nodes) represent the equations (resp. the variables), and in which an edge exists if and only if the variable occurs in the equation.
By detecting specific subsets of the nodes, called Minimally Structurally Singular (MSS) subsets, the Pantelides method iteratively differentiates part of the equations until a perfect matching between the equations and the leading variables is found. One can easily prove that this is a necessary and sufficient condition for the structural nonsingularity of the system.
The main reason why the Pantelides method is not used in our work is that it cannot efficiently be adapted to multimode DAE (mDAE). As a matter of fact, the adjacency graph of a mDAE has both its nodes and edges parametrized by the subset of modes in which they are active; this, in turn, requires that a parametrized Pantelides method must branch every time no mode-independent MSS is found, ultimately resulting, in the worst case, in the enumeration of modes.
Albeit less renowned that the Pantelides method, Pryce's
This matrix is given by:
where
The primal problem consists in finding a maximum-weight perfect matching (MWPM) in the weighted adjacency graph. This is actually an assignment problem, for the solving of which several standard algorithms exist, such as the push-relabel algorithm or the Edmonds-Karp algorithm to only give a few. However, none of these algorithms are easily parametrizable, even for applications to mDAE systems with a fixed number of variables.
The dual problem consists in finding the component-wise minimal
solution
Initialize
For every
For every
Repeat Steps 2 and 3 until convergence is reached.
Another important result is that, if the Pantelides method succeeds
for a given DAE
Working with this method is natural for our works, since the algorithm for solving the dual problem is easily parametrizable for dealing with multimode systems, as shown in our recent paper .
Once structural analysis has been performed, system
the dependency graph of system
the strongly connected components (SCC) in this graph are determined: these will be the equation blocks that have to be solved;
the block dependency graph is constructed as the
condensation of the dependency graph, from the knowledge of the SCC;
a BTF of system
System companies such as automotive and aeronautic companies are facing significant difficulties due to the exponentially raising complexity of their products coupled with increasingly tight demands on functionality, correctness, and time-to-market. The cost of being late to market or of imperfections in the products is staggering as witnessed by the recent recalls and delivery delays that many major car and airplane manufacturers had to bear in the recent years. The specific root causes of these design problems are complex and relate to a number of issues ranging from design processes and relationships with different departments of the same company and with suppliers, to incomplete requirement specification and testing.
We believe the most promising means to address the challenges in systems engineering is to employ structured and formal design methodologies that seamlessly and coherently combine the various viewpoints of the design space (behavior, space, time, energy, reliability, ...), that provide the appropriate abstractions to manage the inherent complexity, and that can provide correct-by-construction implementations. The following technology issues must be addressed when developing new approaches to the design of complex systems:
The overall design flows for heterogeneous systems and the associated use of models across traditional boundaries are not well developed and understood. Relationships between different teams inside a same company, or between different stake-holders in the supplier chain, are not well supported by solid technical descriptions for the mutual obligations.
System requirements capture and analysis is in large part a heuristic process, where the informal text and natural language-based techniques in use today are facing significant challenges . Formal requirements engineering is in its infancy: mathematical models, formal analysis techniques and links to system implementation must be developed.
Dealing with variability, uncertainty, and life-cycle issues, such as extensibility of a product family, are not well-addressed using available systems engineering methodologies and tools.
The challenge is to address the entire process and not to consider only local solutions of methodology, tools, and models that ease part of the design.
Contract-based design has been proposed as a new approach to
the system design problem that is rigorous and effective in dealing
with the problems and challenges described before, and that, at the
same time, does not require a radical change in the way industrial
designers carry out their task as it cuts across design flows of
different type.
Indeed, contracts can be used almost everywhere and at nearly all
stages of system design, from early requirements capture, to embedded
computing infrastructure and detailed design involving circuits and
other hardware. Contracts explicitly handle pairs of properties,
respectively representing the assumptions on the environment and the
guarantees of the system under these assumptions. Intuitively, a
contract is a pair
Mathematical foundations for interfaces and requirements engineering that enable the design of frameworks and tools;
A system engineering framework and associated methodologies and tool sets that focus on system requirements modeling, contract specification, and verification at multiple abstraction layers.
A detailed bibliography on contract and interface theories for embedded system design can be found in . In a nutshell, contract and interface theories fall into two main categories:
By explicitly relying on the notions of assumptions and guarantees, A/G-contracts are intuitive, which makes them appealing for the engineer. In A/G-contracts, assumptions and guarantees are just properties regarding the behavior of a component and of its environment. The typical case is when these properties are formal languages or sets of traces, which includes the class of safety properties , , , , . Contract theories were initially developed as specification formalisms able to refuse some inputs from the environment . A/G-contracts were advocated in and are is still a very active research topic, with several contributions dealing with the timed and probabilistic , viewpoints in system design, and even mixed-analog circuit design .
Interfaces combine assumptions and guarantees in a single, automata theoretic specification. Most interface theories are based on Lynch Input/Output Automata , . Interface Automata , , , focus primarily on parallel composition and compatibility: Two interfaces can be composed and are compatible if there is at least one environment where they can work together. The idea is that the resulting composition exposes as an interface the needed information to ensure that incompatible pairs of states cannot be reached. This can be achieved by using the possibility, for an Interface Automaton, to refuse selected inputs from the environment in a given state, which amounts to the implicit assumption that the environment will never produce any of the refused inputs, when the interface is in this state. Modal Interfaces inherit from both Interface Automata and the originally unrelated notion of Modal Transition System , , , . Modal Interfaces are strictly more expressive than Interface Automata by decoupling the I/O orientation of an event and its deontic modalities (mandatory, allowed or forbidden). Informally, a must transition is available in every component that realizes the modal interface, while a may transition needs not be. Research on interface theories is still very active. For instance, timed , , , , , , probabilistic , and energy-aware interface theories have been proposed recently.
Requirements Engineering is one of the major concerns in large systems industries today, particularly so in sectors where certification prevails . Most requirements engineering tools offer a poor structuring of the requirements and cannot be considered as formal modeling frameworks today. They are nothing less, but nothing more than an informal structured documentation enriched with hyperlinks. As examples, medium size sub-systems may have a few thousands requirements and the Rafale fighter aircraft has above 250,000 of them. For the Boeing 787, requirements were not stable while subcontractors were working on the development of the fly-by-wire and of the landing gear subsystems, leading to a long and cahotic convergence of the design process.
We see Contract-Based Design and Interfaces Theories as innovative tools in support of Requirements Engineering. The Software Engineering community has extensively covered several aspects of Requirements Engineering, in particular:
the development and use of large and rich ontologies; and
the use of Model Driven Engineering technology for the structural aspects of requirements and resulting hyperlinks (to tests, documentation, PLM, architecture, and so on).
Behavioral models and properties, however, are not properly encompassed by the above approaches. This is the cause of a remaining gap between this phase of systems design and later phases where formal model based methods involving behavior have become prevalent—see the success of Matlab/Simulink/Scade technologies. We believe that our work on contract based design and interface theories is best suited to bridge this gap.
The Hycomes team has reached in 2019 an important milestone in the team's research objectives: the design and implementation of an implicit structural analysis algorithm supporting multimode DAE systems. This method is based on an encoding of the varying structure of a multimode DAE as Boolean functions, represented with Binary Decision Diagrams (BDD). This enables a complete strucutral analysis of a multimode DAE system, without enumerating its modes.
Demodocos (Examples to Generic Scenario Models Generator)
Keywords: Surgical process modelling - Net synthesis - Process mining
Scientific Description: Demodocos is used to construct a Test and Flip net (Petri net variant) from a collection of instances of a given procedure. The tool takes as input either standard XES log files (a standard XML file format for process mining tools) or a specific XML file format for surgical applications. The result is a Test and Flip net and its marking graph. The tool can also build a #SEVEN scenario for integration into a virtual reality environment. The scenario obtained corresponds to the generalization of the input instances, namely the instances synthesis enriched with new behaviors respecting the relations of causality, conflicts and competition observed.
Demodocos is a synthesis tool implementing a linear algebraic polynomial time algorithm. Computations are done in the Z/2Z ring. Test and Flip nets extend Elementary Net Systems by allowing test to zero, test to one and flip arcs. The effect of flip arcs is to complement the marking of the place. While the net synthesis problem has been proved to be NP hard for Elementary Net Systems, thanks to flip arcs, the synthesis of Test and Flip nets can be done in polynomial time. Test and flip nets have the required expressivity to give concise and accurate representations of surgical processes (models of types of surgical operations). Test and Flip nets can express causality and conflict relations. The tool takes as input either standard XES log files (a standard XML file format for process mining tools) or a specific XML file format for surgical applications. The output is a Test and Flip net, solution of the following synthesis problem: Given a finite input language (log file), compute a net, which language is the least language in the class of Test and Flip net languages, containing the input language.
Functional Description: The tool Demodocos allows to build a generic model for a given procedure from some examples of instances of this procedure. The generated model can take the form of a graph, a Test 'n Flip net or a SEVEN scenario (intended for integration into a virtual reality environment).
The classic use of the tool is to apply the summary operation to a set of files describing instances of the target procedure. Several file formats are supported, including the standard XES format for log events. As output, several files are generated. These files represent the generic procedure in different forms, responding to varied uses.
This application is of limited interest in the case of an isolated use, out of context and without a specific objective when using the model generated. It was developed as part of a research project focusing in particular on surgical procedures, and requiring the generation of a generic model for integration into a virtual reality training environment. It is also quite possible to apply the same method in another context.
Participants: Aurélien Lamercerie and Benoît Caillaud
Contact: Benoît Caillaud
Publication: Surgical Process Mining with Test and Flip Net Synthesis
Model Interface Compositional Analysis Library
Keywords: Modal interfaces - Contract-based desing
Scientific Description: In Mica, systems and interfaces are represented by extension. However, a careful design of the state and event heap enables the definition, composition and analysis of reasonably large systems and interfaces. The heap stores states and events in a hash table and ensures structural equality (there is no duplication). Therefore complex data-structures for states and events induce a very low overhead, as checking equality is done in constant time.
Thanks to the Inter module and the mica interactive environment, users can define complex systems and interfaces using Ocaml syntax. It is even possible to define parameterized components as Ocaml functions.
Functional Description: Mica is an Ocaml library implementing the Modal Interface algebra. The purpose of Modal Interfaces is to provide a formal support to contract based design methods in the field of system engineering. Modal Interfaces enable compositional reasoning methods on I/O reactive systems.
Participant: Benoît Caillaud
Contact: Benoît Caillaud
Implicit Structural Analysis of Multimode DAE systems
Keywords: Structural analysis - Differential algebraic equations - Multimode - Scheduling
Scientific Description: Modeling languages and tools based on Differential Algebraic Equations (DAE) bring several specific issues that do not exist with modeling languages based on Ordinary Differential Equations. The main problem is the determination of the differentiation index and latent equations. Prior to generating simulation code and calling solvers, the compilation of a model requires a structural analysis step, which reduces the differentiation index to a level acceptable by numerical solvers.
The Modelica language, among others, allows hybrid models with multiple modes, mode-dependent dynamics and state-dependent mode switching. These Multimode DAE (mDAE) systems are much harder to deal with. The main difficulties are (i) the combinatorial explosion of the number of modes, and (ii) the correct handling of mode switchings.
The aim of the software is on the first issue, namely: How can one perform a structural analysis of an mDAE in all possible modes, without enumerating these modes? A structural analysis algorithm for mDAE systems has been designed and implemented, based on an implicit representation of the varying structure of an mDAE. It generalizes J. Pryce's Sigma-method to the multimode case and uses Binary Decision Diagrams (BDD) to represent the mode-dependent structure of an mDAE. The algorithm determines, as a function of the mode, the set of latent equations, the leading variables and the state vector. This is then used to compute a mode-dependent block-triangular decomposition of the system, that can be used to generate simulation code with a mode-dependent scheduling of the blocks of equations.
Functional Description: IsamDAE (Implicit Structural Analysis of Multimode DAE systems) is a software library for testing new structural analysis algorithms for multimode DAE systems, based on an implicit representation of incidence graphs, matchings between equations and variables, and block decompositions. The input of the software is a variable dimension multimode DAE system consisting in a set of guarded equations and guarded variable declarations. It computes a mode-dependent structural index-reduction of the multimode system and produces a mode-dependent graph for the scheduling of blocks of equations. Evaluation functions make it possible to return the lists of leading equations and leading variables, as well as the actual scheduling of blocks, in a specified mode.
IsamDAE is coded in OCaml, and uses the following packages: * MLBDD by Arlen Cox, * Menhir by François Pottier and Yann Régis-Gianas, * Pprint by François Pottier, * XML-Light by Nicolas Cannasse and Jacques Garrigue.
Release Functional Description: Version 0.2: * MEL: ad hoc language for the declaration of variable dimension multi-mode DAE systems * automatic parsing, model checking and model allocation * XML output for the list of evaluation blocks (parameters, equations, unknowns to be computed) * new algorithms for the mode-dependent scheduling and the evaluation of the scheduling in a given mode
News Of The Year: It has been possible to perform the structural analysis of systems with more than 750 equations and 10 to the power 23 modes, therefore demonstrating the scalability of the method.
Authors: Benoît Caillaud and Mathias Malandain
Contact: Benoît Caillaud
Modern modeling languages for general physical systems, such as Modelica or Simscape, rely on Differential Algebraic Equations (DAE), i.e., constraints of the form
Unlike Ordinary Differential Equations (ODE, of the form
Multimode DAE systems, having multiple modes with mode-dependent dynamics and state-dependent mode switching, are much harder to deal with. The main difficulty is the handling of the events of mode change. Unfortunately, the large literature devoted to the numerical analysis of DAEs does not cover the multimode case, typically saying nothing about mode changes. This lack of foundations causes numerous difficulties to the existing modeling tools. Some models are well handled, others are not, with no clear boundary between the two classes. Basically, no tool exists that performs a correct structural analysis taking multiple modes and mode changes into account.
In our work, we developed a comprehensive mathematical approach supporting compilation and code generation for this class of languages. Its core is the structural analysis of multimode DAE systems, taking both multiple modes and mode changes into account. As a byproduct of this structural analysis, we propose well sound criteria for accepting or rejecting models at compile time.
For our mathematical development, we rely on nonstandard analysis, which allows us to cast hybrid systems dynamics to discrete time dynamics with infinitesimal step size, thus providing a uniform framework for handling both continuous dynamics and mode change events.
A big comprehensive document has been written, which will be finalized and submitted next year.
The Hycomes team has obtained two results related to the structural analysis of multimode DAE systems.
A major difficulty with multimode DAE systems are the commutations from one mode to another one when the number of equations may change and variables may exhibit impulsive behavior, meaning that not only the trajectory of the system may be discontinuous, but moreover, some variables may be Dirac measures at the instant of mode changes. In , we compare two radically different approaches to the structural analysis problem of mode changes. The first one is a classical approach, for a restricted class of DAE systems, for which the existence and uniqueness of an impulsive state jump is proved. The second approach is based on nonstandard analysis and is proved to generalize the former approach, to a larger class of multimode DAE systems. The most interesting feature of the latter approach is that it defines the state-jump as the standardization of the solution of a system of system of difference equations, in the framework of nonstandard analysis.
Modeling languages and tools based on Differential Algebraic Equations (DAE) bring several specific issues that do not exist with modeling languages based on Ordinary Differential Equations. The main problem is the determination of the differentiation index and latent equations. Prior to generating simulation code and calling solvers, the compilation of a model requires a structural analysis step, which reduces the differentiation index to a level acceptable by numerical solvers.
The Modelica language, among others, allows hybrid models with multiple modes, mode-dependent dynamics and state-dependent mode switching. These Multimode DAE (mDAE) systems are much harder to deal with. The main difficulties are (i) the combinatorial explosion of the number of modes, and (ii) the correct handling of mode switchings.
The focus of the paper is on the first issue,
namely: How can one perform a structural analysis of an mDAE in all
possible modes, without enumerating these modes? A structural analysis
algorithm for mDAE systems is presented, based on an implicit
representation of the varying structure of an mDAE. It generalizes
J. Pryce's
This method has been implemented in the IsamDAE software. This has
allowed the Hycomes team to evaluate the performance and scalability
of the method on several examples. In particular, it has been possible
to perform the structural analysis of systems with more than 750
equations and
Zero-suppressed binary Decision Diagram (ZDD) is a notable alternative data structure of Reduced Ordered Binary Decision Diagram (ROBDD) that achieves a better size compression rate for Boolean functions that evaluate to zero almost everywhere. Deciding a priori which variant is more suitable to represent a given Boolean function is as hard as constructing the diagrams themselves. Moreover, converting a ZDD to a ROBDD (or vice versa) often has a prohibitive cost. This observation could be in fact stated about almost all existing BDD variants as it essentially stems from the non-compatibility of the reduction rules used to build such diagrams. Indeed, they are neither interchangeable nor composable. In , we investigate a novel functional framework, termed Lambda Decision Diagram (LDD), that ambitions to classify the already existing variants as implementations of special LDD models while suggesting, in a principled way, new models that exploit application-dependant properties to further reduce the diagram's size. We show how the reduction rules we use locally capture the global impact of each variable on the output of the entire function. Such knowledge suggests a variable ordering that sharply contrasts with the static fixed global ordering in the already existing variants as well as the dynamic reordering techniques commonly used.
(until March 2019)
Glose is a bilateral collaboration between Inria and Safran Tech., the corporate research entity of Safran Group. It started late 2017 for a duration of 44 months. Three Inria teams are involved in this collaboration: Diverse (Inria Rennes), Hycomes and Kairos (Inria Sophia-Antipolis). The scope of the collaboration is systems engineering and co-simulation.
The simulation of system-level models requires synchronizing, at simulation-time, physical models with software models. These models are developed and maintained by different stakeholders: physics engineers, control engineers and software engineers. Models designed by physics engineers are either detailed 3D finite-elements models, with partial differential equations (PDEs), or finite-dimension 0D models (obtained by model reduction techniques, or by empirical knowledge) expressed in modeling languages such as Simulink (with ordinary differential equations, or ODEs), Modelica (with differential algebraic equations, or DAEs), or directly as a C code embedding both the differential equations and its discretization scheme. Coupling together heterogeneous models and programs, so that they can be co-simulated, is not only a technological challenge, but more importantly raises several deep and difficult questions: Can we trust simulations? What about their reproducibility? Will it be possible to simulate large systems with hundreds to thousands of component models?
Co-simulation requires that models are provided with interfaces, specifying static and dynamic properties about the model and its expected environments. Interfaces are required to define how each model may synchronize and communicate, and how the model should be used. For instance, an interface should define (i) which variables are inputs, which are outputs, (ii) their data types, physical units, and sampling periods, but also (iii) the environmental assumptions under which the model is valid, and (iv) the causal dependencies between input and output variables and for continuous-time models, (v) the stiffness of the model, often expressed as a time-varying Jacobian matrix.
Formally, an interface is an abstraction of a model's
behavior. A typical example of interface formalism for 0D
continuous-time models is the FMI standard. Co-simulation also
requires that a model of the system architecture is provided. This
architectural model specifies how components are interconnected, how
they communicate and how computations are scheduled. This is not
limited to the topology of the architecture, and should also specify
how components interact. For instance, variables in continuous-time
models may have different data-types and physical units. Conversion
may be required when continuous-time models are plugged
together. Another fine example is the coupling of a 3D finite-element
model to a 0D model: effort and flow fields computed in the 3D model
must be averaged in a scalar value, before it can be sent to the 0D
model, and conversely, scalar values computed by the 0D model must be
distributed as a (vector) field along a boundary manifold of the 3D
model. For discrete-time models (eg., software), components may
communicate in many ways (shared variables, message passing, …), and
computations can be time- or event-triggered. All these features are
captured as data-/behavior-coordination patterns, as exemplified by
the GEMOC initiative
In the Glose project, we propose to formalize the behavioral semantics of several modeling languages used at system-level. These semantics will be used to extract behavioral language interfaces supporting the definition of coordination patterns. These patterns, in turn, can systematically be used to drive the coordination of any model conforming to these languages. The co-simulation of a system-level architecture consists in an orchestration of hundreds to thousands of components. This orchestration is achieved by a master algorithm, in charge of triggering the communication and computation steps of each component. It takes into account the components' interfaces, and the data-/behavior-coordination patterns found in the system architecture model. Because simulation scalability is a major issue, the scheduling policy computed by the master algorithm should be optimal. Parallel or distributed simulations may even be required. This implies that the master algorithm should be hierarchical and possibly distributed.
In 2019, the Hycomes team has been working on the use of Quantized State System (QSS) nethods for the cosimulation of aeronautics system models. The aim is to design new distributed simulation protocols, capable of simulating large, but heterogeneous system models. The investigation is on the trade-offs between pessimistic simulation techniques, where no roll-back is required, and speculative methods, where roll-back may be required. The latter method can be beneficial to the performance and scalability of the simulation, provided roll-backs do not happen too often. The models under consideration are cyberphysical systems consisting in both Modelica models (for the physics) and discrete-time models expressed in a dedicated language (for the control).
In 2019, the Hycones team has delivered one report, detailing the state-of-the-art techniques for continuous systems cosimulation.
The Hycomes has been participating to the SUNSET project (2016–2019)
of the CominLabs excellence
laboratory
The project gathers researchers from three Inria teams, and from three other research labs in Grenoble and Paris area.
Name | Team | Inria Center or Laboratory |
Vincent Acary | Tripop | Inria Grenoble Rhône Alpes |
Bernard Brogliato | ||
Alexandre Rocca | ||
Albert Benveniste | Hycomes | Inria Rennes |
Benoît Caillaud | Bretagne Atlantique | |
Khalil Ghorbal | ||
Christelle Kozaily | ||
Mathias Malandain | ||
Benoît Vernay | ||
Marc Pouzet | Parkas | ENS & |
Tim Bourke | Inria Paris | |
Imsail Lakhim-Bennani | ||
Goran Frehse | SSH | ENSTA Paris-Tech. |
Antoine Girard | L2S-CNRS, Saclay | |
Eric Goubault | Cosynus | LIX, École Polytechnique, |
Sylvie Putot | Saclay |
The main objective of ModeliScale is to advance modeling technologies (languages, compile-time analyses, simulation techniques) for CPS combining physical interactions, communication layers and software components. We believe that mastering CPS comprising thousands to millions of components requires radical changes of paradigms. For instance, modeling techniques must be revised, especially when physics is involved. Modeling languages must be enhanced to cope with larger models. This can only be done by combining new compilation techniques (to master the structural complexity of models) with new mathematical tools (new numerical methods, in particular).
MiodeliScale gathers a broad scope of experts in programming language design and compilation (reactive synchronous programming), numerical solvers (nonsmooth dynamical systems) and hybrid systems modeling and analysis (guaranteed simulation, verification). The research program is carried out in close cooperation with the Modelica community as well as industrial partners, namely, Dassault Systèmes as a Modelica/FMI tool vendor, and EDF and Engie as end users.
In 2019, three general meetings have been organized, with presentations of the partners on new results related to hybrid systems modeling and verification.
Two PhDs are funded by the ModeliScale IPL. Both started in October 2018:
Christelle Kozaily has started a PhD, under the supervision of Vincent Acary (TRIPOP team at Inria Grenoble), Benoît Caillaud, Khalil Ghorbal on the structural and numerical analysis of non-smooth DAE systems. She is located in the Hycomes team at Inria Rennes.
Ismail Lahkim-Bennani has started a PhD under the supervision of Goran Frehse (ENSTA ParisTech.) and Marc Pouzet (PARKAS team, Inria/ENS Paris). His PhD topic is on random testing of hybrid systems, using techniques inspired by QuickCheck .
FUI ModeliScale is a French national collaborative project coordinated by Dassault Systèmes. The partners of this project are: EDF and Engie as main industrial users; DPS, Eurobios and PhiMeca are SME providing mathematical modeling expertise; CEA INES (Chambéry) and Inria are the academic partners. The project started January 2018, for a maximal duration of 42 months. Three Inria teams are contributing to the project : Hycomes, Parkas (Inria Paris / ENS) and Tripop (Inria Grenoble / LJK).
The focus of the project is on the scalable analysis, compilation and simulation of large Modelica models. One of the main contributions expected from Inria are:
A novel structural analysis algorithms for multimode DAE systems, capable of handling large systems of guarded equations, that do not depend on the enumeration of a possibly exponential number of modes.
The partitioning and high-performance distributed co-simulation of large Modelica models, based on the results of the structural analysis.
In 2019, the effort has been put on the first objective, and two important milestones have been reached:
The design of a novel algorithm for the structural analysis of multimode DAE systems. This algorithm is a generalization of the Pryce structural analysis method to the multimode case. The key feature of our method is that it works on implicit representations of the set of modes, and of the varying structure of the multimode DAE. In other words, it does not imply the enumeration of the system's modes. Performing the structural analysis at compile-time brings two decisive advantages: 1/ it allows to deliver to the user precise diagnostics about the model, and can be compared type-checking in programming languages; 2/ it is instrumental for the generation of efficient simulation code. Our algorithm is the first method enabling the compile-time analysis of systems with extremely large combinatorics of modes.
Our multimode DAE structural analysis algorithm has been
implemented in IsamDAE, a software comprizing an algorithmic
library, to be used in modeling language compilers (Modelica tools)
and a standalone tool, to be used independently of a complex
Modelica toolset. IsamDAE has allowed to benchmark the method against
several families of models, inspired by case-studies developed by
industrial partners of the FUI ModeliScale project. Despite the tool is still
under development, we have already been able to deal with models
with up to
On top of these two main results, the Hycomes team has started investigating the use of Quantized Space Systems (QSS), for the simulation of large DAE systems. QSSs simulation (QSS) was introduced in the early 2000’s by F. Cellier and E. Kofman as an alternative to time-based simulation, which is the dominant approach to ODE/DAE systems simulation. Rather than linking QSS to Discrete Event Simulation, we propose to relate it to Synchronous Programming and its continuous time extension Zelus. In the deliverable , we expose our understanding of QSS and its variants, then we propose ideas toward a QSS-based cosimulation, by building on top of our knowledge on distributed executions of synchronous programs.
The plan for 2020 is to extend our structural analysis to cover impulsive mode changes and the consistent initialization problem, in the multimode case. A coupling of IsamDAE with Dymola (Dassault Système's commercial implementation of the Modelica language) is under development.
Another future development is to turn our structural analysis method to a compositional method, where large models could be considered by parts. This is a key problem in the Modelica language, as the compilation of a Modelica model is not modular.
Work on QSS methods will continue, and we envision to prototype a QSS-based distributed simulation method for hybrid ODE systems, based on the Zélus language.
We have a long standing informal collaboration with Martin Otter (DLR, Munich, Germany) and Hilding Helmqvist (Mogram AB, Lund, Sweden). In 2019, this fruitful collaboration has resulted in one publication . The publication draws links between two radically different, but equivalent approaches to the same problem: the impulsive behavior of some multimode DAE, when it is switching from one mode to another. The first approach relies on a transformation of the multimode DAE system to a special index one form, for which state-jumps are proved to be solution of a system of algebraic equations relating right limits to left limits. The second approach builds on the use of nonstandard analysis, combined with the heritage of synchronous programming languages, particularly on the concept of constructive semantics. This gives a formulation of the state-jumps, as a system of difference equations, with an infinitesimal time-step. The latter approach is more general than the former, in the sense that impulsive behavior can be characterized for a larger class of multimode DAE systems. Yet, both approaches coincide on a restricted class of multimode DAEs.
Albert Benveniste has served on the Program Committee of the Modelica Conference 2019.
Khalil Ghorbal has served on the Program Committee of the VMCAI 2019 conference.
Benoît Caillaud has served on the Steering Committee of the ACSD 2019 conference.
Albert Benveniste has given an invited talk titled “Why considering nonstandard semantics for hybrid systems and how to reconcile it with superdense time semantics” at the Oded Maler Memorial workshop at the HSCC'19 conference in Montreal, Canada.
Albert Benveniste is member of the French Académie des Technologies.
In 2019, Benoît Caillaud has reviewed collaborative research project proposals submitted to the French national funding agency ANR. As an Inria Evaluation Committee member, he has served on several Inria hiring and promotion committees.
Albert Benveniste is president of the Scientific Council of Orange and member of the Scientific Council of Safran.
Albert Benveniste is member of the Burex (Executive Bureau) of the Cominlabs Labex
Benoît Caillaud is in charge of the IPL
ModeliScale
Master : Khalil Ghorbal, Analyse et Conception Formelles, M1, (chargé de TD), 22h EqTD, University Rennes 1 and ENS Rennes, France
Master : Khalil Ghorbal, Solvers Principle and Architectures, M2, (enseignant principal), 30h EqTD, ENS Rennes, France
Master : Khalil Ghorbal, Modeling Physics with Differential-Algebraic Equations, M2, (enseignant principal), 25h EqTD, Ecole Polytechnique, Palaiseau, France
PhD: Christelle Kozaily, Structural analysis of nonsmooth
dynamical systems, university of Rennes 1, co-supervised by Vincent
Acary (Tripop
PhD: Aurélien Lamercerie, Formal analysis of cyber-physical systems requirements expressed in natural language, university of Rennes 1, co-supervised by par Benoît Caillaud et Annie Forêt (SemLIS
PhD: Joan Thibault, Structural Analysis Techniques for Binary Decision Diagrams, university of Rennes 1, co-supervised by Benoît Caillaud and Khalil Ghorbal.
Benoît Caillaud has served as president of the jury for Hugo Bazille's PhD defense, at the University of Rennes 1.
The Hycomes team has hosted short internships for secondary school students. This has been an opportunity to promote women in computing, since three female students visited the team for four days, to discover what scientific research is, and what research in computer science could mean. All team members contributed to the initiative.