Hybrid Statecharts

In this section we present the definitions and formalism for hybrid statecharts.

Before we begin the description of their formal syntax and semantics, we should note that we replace the notation of states in statecharts with the no-tation locations. This is because, a state in a hybrid automaton describes the evaluation of the continuous variables at a particular time instance at a certain location. Therefore, we will use the term location to avoid any confusion that

8.3 Hybrid Statecharts 113

may happen. It should be noted that we do not attempt to handle the maximal fragment of the statecharts languages. Instead, we focus on a representative fragment of hierarchy.

The locations in hybrid statechars are generalized into a set Q of locations, which is divided into three disjoint sets: Q_simple, Q_comp, and Q_conccalled sim-ple, composite and concurrent locations. There is one designated start loca-tion which is the topmost localoca-tion in the hierarchy. In essence, the localoca-tions of plain hybrid finite state machines correspond to simple locations in the hybrid statecharts. Based on this, we will now introduce the concepts of hybrid stat-echarts. In the following, we adopt and slightly change the basic definitions of [Furbach et al., 2008].

8.3.1 Syntax

Similar to the definition of syntax of hybrid automata, hybrid statecharts con-tain the basic components of hybrid automata including the set of real vari-ables Xrepresenting the continuous flows, invariants inside locations, jump conditions, and the initial state. However, the hierarchy of locations is the key difference to hybrid automata. Therefore, we will only concentrate on the locations hierarchy¹which will be defined in the following.

Definition 8.3.1 (Hierarchy components) The basic components of hybrid statecharts are the following disjoint sets:

Q : a finite set of locations, which is partitioned into three disjoint sets:

Qsimple, Qcomp, and Qconc—called simple, composite and concurrent lo-cations, containing one designated start location q0∈Qcomp∪Qconc. In order to introduce a concrete example of the previous definition, let us look at the hierarchical train gate controller example of Fig. 8.1. The locations far, idle, and down are example of simple locations. The location System is a concurrent location and the start location of the model too. The locations Train, Controller, Gate, Opening and Closing are composite locations.

Definition 8.3.2 (Location hierarchy) Each location q is associated with zero, one or more initial locations α(q): a simple location has zero, a com-posite location exactly one, and a concurrent location more than one initial location. Moreover, each location q∈Q\ {q0} is associated to exactly one superior stateβ(q). Therefore, it must holdβ(q)∈Q_conc∪Q_comp. A concur-rent state must not directly contain other concurconcur-rent ones and all transitions

1 see Chapter 4 for the basic components of a hybrid automaton

(q₁,q₂)must keep to the hierarchy, i. e.β(q₁) =β(q₂). Variables x∈Xmay be declared locally in a certain stateγ(x)∈S. A variable x∈Xis valid in all states s∈S withβⁿ(s) =γ(x)for some n≥0 (i.e. in all states belowγ(x)in the state hierarchy), unless another variable with the same name overwrites it locally.

For the example in Fig. 8.1, according to the previous Def., it holds e.g.:

α(Train) = f ar α(Gate) =opening α(opening) =up α(controller) =idle α(System) ={Train,Controller,Gate} β(near) =Train β(Train) =System γ(x) =Train γ(g) =Gate

γ(t) =controller

The functionβ from the previous definition naturally induces a location tree with q₀as root. This tree is formed as a result of the semantics between states which we will define as the following.

8.3.2 Semantics

As known, the semantics of hybrid automaton are described in terms of alter-nating sequences of states. A state is a control location and the valuation of the real variables at each time instance. Different to hybrid automata, the control location of statecharts may be composite or concurrent locations.

Therefore, state machines, which describe the behaviors of systems can not be described by simple sequences of states, but by configurations, which are trees of locations. While processing the behavior of the state machines, each composite location only contains one active control location. More specific, whenever a location is in a configuration and it is composed location, then each of its direct sub-automata must also contribute to the configuration and vice versa. In the case of concurrent location, each of the sub-automata con-tributes to the configuration, if their parent is in that configuration, i.e. one location of respective automata belong to the current configuration. In our example Fig. 8.1, this means that whenever the model in a location System, also Train,Gate, and Controller are active.

Fig. 8.2 shows the configuration tree of the example of Fig. 8.1. A con-figuration of the given statecharts is indicated by the thick lines. Let us now define the notion configuration more formally.

8.3 Hybrid Statecharts 115

far near past

System

Train Controller Gate

to-lower idle to-rise

Opening Closing

up open down closed

Fig. 8.2. Location hierarchy and configuration tree (thick lines).

Definition 8.3.3 (Configuration and Completion) A configuration c is a rooted tree of locations where the root node is the topmost initial location q₀of the overall state machine. Whenever a location q is an immediate predecessor of q^′ in c, it must holdβ(q^′) =q. A configuration is completed by applying the following procedure recursively as long as possible to leaf nodes: if there is a leaf node in c labeled with a location q, then introduce allα(q)as immediate successors of q.

As presented in Chapter 4, a hybrid automaton may change in two ways:

discretely, from location q1to another location q2, when the transition e∈E between the two locations is enabled (i.e., the jump condition holds) and con-tinuously within a control location q∈Q, by means of a finite (positive) time delay t. The semantics of hybrid statecharts can now be defined by alternating sequences of discrete and continuous steps between configurations. we as-sume that discrete state changes happen in zero time, while continuous steps (within one state) may last some time.

Definition 8.3.4 (Operational Semantic) The state machine starts with the initial configuration, i.e. the completed topmost initial state s0of the overall state machine. In addition, an initial condition must be given as a predicate with free variables from X. The current situation² of the whole system can be characterized by a triple(c,v,t)where c is a configuration, v a valuation (i. e. a mapping v :X→IRⁿ), and t the current time. The initial situation is a situation (c,v,t) where c is the initial configuration, v satisfies the initial condition, and t=0. The following steps are possible in the situation(c,v,t):

discrete step: a discrete/micro-step from one configuration c of a state ma-chine to a configuration(c^′,v^′,t)by means of a transition(q,q^′)∈E with

2situation are used instead of state to describe the time instance of a configuration

some jump condition in the current situation (written c→c^′) is possible iff:

1. c contains a node labeled with q;

2. the jump condition of the given transition holds in the current situa-tion(c,v,t);

3. c^′ is identical with c except that q together with its sub tree in c is replaced by the completion of q^′;

4. the variables in X are set by executing specific assignments.

continuous step: a continuous step/flow within the actual configuration to the situation(c,v^′,t^′)requires the computation of all x∈Xthat are valid in c at the time t^′according to the conjunction of all state conditions (i.e.

flow conditions plus invariants) of the active locations q∈c, where it must hold t^′>t.

From the previous semantics, a state machine is initially in a configuration derived from the initial top most location. This derivation is performed in a top-down manner; that is the root of the state machine contributes to the initial configuration by its initial location. If some location in the configuration is refined to further automata, then these automata must contribute their initial states to the initial configuration as well.

It should be noted that invariants of the definition of hybrid automata pre-sented in Chapter 4 are merged here with the flow conditions in continuous steps (see Def. 8.3.4). In particular, while jump conditions are checked dur-ing a discrete transition, flow and invariant conditions are only tested at the beginning and at the end of a continuous flow within one configuration, i.e.

only at the boundaries.