HYBRID ZIA AND ITS APPROXIMATED REFINEMENT
RELATION
Zining Cao
1,2,3
and Hui Wang
1
1
National Key Laboratory of Science and Technology on Avionics System Integration, Shanghai 200233, China
2
Department of Computer Science and Technology, Nanjing University of Aero. & Astro., Nanjing 210016, China
3
Provincial Key Laboratory for Computer Information Processing Technology, Soochow University, Suzhou 215006, China
Keywords:
Interface automata, Z notation, Hybrid automata, Approximated refinement relation.
Abstract:
In this paper, we propose a specification model combining interface automata, hybrid automata and Z lan-
guage, named HZIA. This model can be used to describe temporal properties, hybrid properties, and data
properties of hybrid software/hardware components. We also study the approximated refinement relation on
HZIAs.
1 INTRODUCTION
Modern software systems are comprised of numerous
components, and are made larger through the use of
software frameworks. Hybrid software/hardware sys-
tems exhibit various behavioural aspects such as dis-
crete and continuous transition, communication be-
tween components, and state transformation inside
components. Formal specification techniques for such
systems have to be able to describe all these aspects.
Unfortunately, a single specification technique that
is well suited for all these aspects is yet not avail-
able. Instead one needs various specialised tech-
niques that are very good at describing individual as-
pects of system behaviour. This observation has led
to research into the combination and semantic integra-
tion of specification techniques. In this paper we com-
bine three well researched specification techniques:
Interface automata, hybrid automata and Z.
Interface automaton is a light-weight automata-
based languages for component specification, which
was proposed in (Luca de Alfaro, 2001). An inter-
face automaton (IA), introduced by de Alfaro and
Henzinger, is an automata-based model suitable for
This work was supported by the Aviation Science
Fund of China under Grant No. 20085552023, the Na-
tional Natural Science Foundation of China under Grants
No. 60873025, the Natural Science Foundation of Jiangsu
Province of China under Grant No. BK2008389, and the
Foundation of Provincial Key Laboratory for Computer In-
formation Processing Technology of Soochow University
under Grant No. KJS0920.
specifying component-based systems. IA is part of a
class of models called interface models, which are in-
tended to specify concisely how systems can be used
and to adhere to certain well-formedness criteria that
make them appropriate for modelling component-
based systems.
Hybrid automaton (Henzinger, 1996) is a formal
model for a mixed discrete-continuous system. A
paradigmatic example of a mixed discrete-continuous
system is a digital controller of an analog plant. The
discrete state of the controller is modelled by the ver-
tices of a graph (control modes), and the discrete dy-
namics of the controller is modelled by the edges of
the graph (control switches). The continuous state of
the plant is modelled by points in R
n
, and the contin-
uous dynamics of the plant is modelled by flow con-
ditions such as differential equations. The behavior
of the plant depends on the state of the controller:
each control mode determines a flow condition, and
each control switch may cause a discrete change in the
state of the plant, as determined by a jump condition.
Dually, the behavior of the controller depends on the
state of the plant: each control mode continuously ob-
serves an invariant condition of the plant state, and by
violating the invariant condition, a continuous change
in the plant state will cause a control switch.
Z (Bowen, 2003; Spivey, 1998; Woodcock and
Davies, 1996) is a typed formal specification nota-
tion based on first order predicate logic and set the-
ory. The formal basis for Z is first order predicate
logic extended with type set theory. Using mathemat-
260
Cao Z. and Wang H..
HYBRID ZIA AND ITS APPROXIMATED REFINEMENT RELATION.
DOI: 10.5220/0003504002600265
In Proceedings of the 6th International Conference on Evaluation of Novel Approaches to Software Engineering (ENASE-2011), pages 260-265
ISBN: 978-989-8425-57-7
Copyright
c
2011 SCITEPRESS (Science and Technology Publications, Lda.)
ics for specification is all very well for small exam-
ples, but for more realistically sized problems, things
start to get out of hand. To deal with this, Z in-
cludes the schema notation to aid the structuring and
modularization of specifications. A boxed notation
called schemas is used for structuring Z specifica-
tions. This has been found to be necessary to han-
dle the information in a specification of any size. In
particular, Z schemas and the schema calculus enable
a structured way of presenting large state spaces and
their transformation. But Z itself is cumbersome for
specifying parallel systems. Its use will produce a
much longer specification than if some other speci-
fication languages are used. Hence it is more con-
venient to use a language like CSP (Hoare, 1985) in
such cases. Work has been undertaken to attempt to
combine some of the features of CSP with Z (Fischer,
1996; Fischer, 1997; Fischer, 1998).
In this paper, we present a new specification lan-
guage which combines interface automata, hybrid au-
tomata and Z language. Interface automata are a kind
of intuitive models for interface property of software
components. Hybrid automata are a model of mixed
discrete-continuous systems. Z can describe the data
property of states and transitions of a system. To
specify mixed discrete-continuous software/hardware
components, we give the definition of HZIA. Roughly
speaking, a HZIA is in a style of hybrid interface au-
tomata but its states and operations are described by Z
language. Furthermore, we define the approximated
refinement relation between HZIAs and prove some
propositions of such refinement relation. This paper
is organized as follows: Section 2 gives a brief re-
view of interface automata, hybrid automata and Z
language. In Section 3, we propose a specification
language-HZIA. Furthermore, the approximated re-
finement relation for HZIA are presented and studied.
The paper is concluded in Section 4.
2 OVERVIEW OF INTERFACE
AUTOMATA, HYBRID
AUTOMATA AND Z LANGUAGE
In this section, we give a brief overview of interface
automata, hybrid automata and Z language.
2.1 Interface Automata
An interface automaton (IA) (Luca de Alfaro,
2001), introduced by de Alfaro and Henzinger, is
an automata-based model suitable for specifying
component-based systems. IA is part of a class of
models called interface models, which are intended
to specify concisely how systems can be used and
to adhere to certain well-formedness criteria that
make them appropriate for modelling component-
based systems. The two main characteristics of in-
terface models are that they assume a helpful envi-
ronment and support top-down design.
Definition 1. An interface automaton (IA) P = hV
P
,
V
i
P
, A
I
P
, A
O
P
, A
H
P
, T
P
i consists of the following ele-
ments:
(1) V
P
is a set of states,
(2) V
i
P
V
P
is a set of initial states. If V
i
P
=
/
0 then
P is called empty.
(3) A
I
P
, A
O
P
and A
H
P
are disjoint sets of input, out-
put, and internal actions, respectively. We denote by
A
P
= A
I
P
A
O
P
A
H
P
the set of all actions.
(4) T
P
is the set of transitions between states such
that T
P
V
P
× A
P
× V
P
.
The interface automaton P is closed if it has only
internal actions, that is, A
I
P
= A
O
P
=
/
0; otherwise we
say that P is open.
The composition of two IAs consists of all possi-
ble interleaved transitions of the two IAs, except for
those actions that are shared. Two IAs are composable
if they do not take any of the same inputs, do not pro-
duce any of the same outputs and the internal actions
of the two components do not overlap. An internal
action is created through the composition of IA when
an output action of one component is internally con-
sumed by an input action of another component. This
synchronization reduces the two actions to an internal
action on a single transition.
IA Q refines IA P if Q provides the services of P;
it can have more inputs but no more output actions.
As such, a refinement of an IA does not constrain the
environment more than the original IA does.
2.2 Hybrid Automata
A hybrid system is a dynamical system with both dis-
crete and continuous components. Hybrid automata
(Henzinger, 1996) are a model of hybrid systems.
Definition 2. A hybrid automaton H consists of the
following components.
(1) Variables. A finite set X = {x
1
,...,x
n
} of real-
numbered variables. The number n is called the di-
mension of H. We write X
0
for the set {x
0
1
,...,x
0
n
} of
primed variables (which represent values at the con-
clusion of change).
(2) Q is a finite set of states.
(3) q
0
Q is the initial state.
(4) φ
init
Φ(X) is the initial condition.
HYBRID ZIA AND ITS APPROXIMATED REFINEMENT RELATION
261
(5) T Q×Φ(x
1
,...,x
|X|
,x
0
1
,...,x
0
|X|
)×Q is a finite
set of transitions. Variables x
0
1
,...,x
0
|X|
represent the
new values taken by the variables x
1
,...,x
|X|
after the
firing of the transition.
(6) Act : Q Φ(x
1
,...,x
|X|
,t, x
0
1
,...,x
0
|X|
) is the ac-
tivity function assigning to each state q a formula
Act(q). The variable t represents time elapsing.
For the sake of space, more details of Hybrid
automata can be refereed to the article (Henzinger,
1996).
2.3 Z Language
Z was introduced in the early 80’s in Oxford by Abrial
as a set-theoretic and predicate language for the spec-
ification of data structure, state spaces and state trans-
formations. The first systematic description of Z is
(Spivey, 1998). Since then the language has been
used in many case studies and industrial projects (e.g.
(Bowen, 2003; Woodcock and Davies, 1996)).
Z includes the schema notation to aid the struc-
turing and modularization of specifications. A boxed
notation called schemas is used for structuring Z spec-
ifications.
Schemas are primarily used to specify state spaces
and operations for the mathematical modelling of sys-
tems. For example, here is a schema called StateS-
pace:
StateSpace
x
1
: S
1
; ...; x
n
: S
n
Inv(x
1
,...,x
n
)
This schema specifies a state space in which x
1
,
. . . , x
n
are the state variables and S
1
, . . . , S
n
are expressions from which their types may be sys-
tematically derived. Z types are sets - x
1
, . . . ,
x
n
should not occur free in S
1
, . . . , S
n
, or if they
do, they refer instead to other occurrences of these
variables already in scope (e.g., globally defined vari-
ables). Inv(x
1
,...,x
n
) is the state invariant, relating the
variables in some way for all possible allowed states
of the system during its lifetime.
Z makes use of identifier decorations to encode in-
tended interpretations. A state variable with no deco-
ration represents the current (before) state and a state
variable ending with a prime (
0
) represents the next
(after) state. A variable ending with a question mark
(?) represents an input and a variable ending with an
exclamation mark (!) represents an output.
The vertical form of schema
S
D
1
; ...; D
m
P
1
; ...; P
n
is equivalent to the horizontal form of schema
S b=[D
1
; ...; D
m
| P
1
; ...; P
n
]
In the following, we sometimes use the horizontal
form.
In Z (Bowen, 2003; Spivey, 1998; Woodcock and
Davies, 1996), there are many schema operators. For
example, we write S T to denote the conjunction of
these two schemas: a new schema formed by merging
the declaration parts of S and T and conjoining their
predicate parts. S T (S T) is similar to S T
except connecting their predicate parts by ().
The hiding operation S\(x
1
,...,x
n
) removes from the
schema S the components x
1
,...,x
n
explicitly listed,
which must exist. Formally, S\(x
1
,...,x
n
) is equiva-
lent to (x
1
: t
1
; ...; x
n
: t
n
S), where x
1
,...,x
n
have
types t
1
,...,t
n
in S. The notation x : a S states that
there is some object x in a for which S is true. The
notation x : a S states that for each object x in a, S
is true.
For the sake of space, more details of Z can be
refereed to some books on Z (Bowen, 2003; Spivey,
1998; Woodcock and Davies, 1996).
3 HYBRID INTERFACE
AUTOMATA WITH Z
NOTATION
In many cases, systems have both discrete and con-
tinuous property. To specify hybrid systems, we now
propose hybrid interface automata with Z notation,
named HZIA.
3.1 Model
In (Cao, 2010), we propose a model which combines
interface automata and Z notation, named ZIA. In this
paper, the ZIA (Cao, 2010) is extended to hybrid ver-
sion of ZIA, which can be used to specify hybrid be-
havioural and the data structure aspects of a system.
Definition 3. A hybrid interface automaton with Z
notation (HZIA) P = hS
P
, S
i
P
, A
I
P
, A
O
P
, A
H
P
, X
P
,V
I
P
,
V
O
P
, V
H
P
, C
P
, F
S
P
, F
A
P
, T
P
i consists of the following
elements:
(1) S
P
is a set of states;
(2) S
i
P
S
P
is a set of initial states. If S
i
P
=
/
0 then
P is called empty;
ENASE 2011 - 6th International Conference on Evaluation of Novel Software Approaches to Software Engineering
262
(3) A
I
P
, A
O
P
and A
H
P
are disjoint sets of input, output,
and internal actions, respectively. We denote by A
P
=
A
I
P
A
O
P
A
H
P
the set of all actions;
(4) X
P
= {x
1
,...,x
n
} is a finite set of real-
numbered variables; The number n is called the di-
mension of P. We write X
0
for the set {x
0
1
,...,x
0
n
} of
primed variables (which represent values at the con-
clusion of change).
(5) V
I
P
, V
O
P
and V
H
P
are disjoint sets of input, out-
put, and internal variables, respectively. We denote by
V
P
= V
I
P
V
O
P
V
H
P
the set of all variables. We have
that X
P
V
P
which are all continuous valued vari-
ables and V
P
X
P
are all discrete valued variables;
(6) C
P
is a variable representing time, whose value
is a real number, C
P
/ V
P
;
(7) F
S
P
is a map, which maps any state in S
P
to a
state schema Φ(V
P
{C
P
}) in Z language;
(8) F
A
P
is a map, which maps any input action in
A
I
P
to an input operation schema Φ(V
P
) in Z language,
and maps any output action in A
O
P
to an output op-
eration schema Φ(V
P
) in Z language, and maps any
internal action in A
H
P
to an internal operation schema
Φ(V
P
) in Z language;
(9) T
P
is the set of transitions between
states such that T
P
S
P
× A
P
× S
P
. If
(s,a,t) T
P
then |= ((F
S
P
(s) F
A
P
(a))\(x
1
,...,x
m
)
F
S
P
(t)[y
0
1
/y
1
,...,y
0
n
/y
n
]), where {x
1
,...,x
m
} is the set
of the variables in F
S
P
(s), {y
1
,...,y
n
} is the set of the
variables in F
S
P
(t), the set of variables in F
A
P
(a) is the
subset of {x
1
,...,x
m
} {y
0
1
,...,y
0
n
}.
4 APPROXIMATED
REFINEMENT RELATION ON
HZIAS
The refinement relation aims at formalizing the re-
lation between abstract and concrete versions of the
same component, for example, between an interface
specification and its implementation.
Since HZIA have some real-numbered variables
which may be measured with small errors. We should
consider the measuring errors of real-numbered vari-
ables in the definition of approximated refinement re-
lation on HZIAs. Roughly, a HZIA P approximately
refines a HZIA Q if all the input or output actions of
P can be simulated by Q except that some small mea-
suring errors of real numbered variables. The precise
definition must take into account the fact that the in-
ternal actions of P and Q are independent. For this,
we need some preliminary notions. The closure of a
state s consists of the set of states that can be reached
from s by taking only internal actions.
We now give the following definition which de-
scribes the set of states after performing a sequence
of internal actions from a given state.
Definition 4. Given a HZIA P and a state s S
P
, the
set εclosure
P
(s) is the smallest set U S
P
such that
(1) s U and (2) if t U, a A
H
P
, and (t, a, t
) T
P
then t
U.
The environment of a HZIA P cannot see the inter-
nal actions of P. Consequently if P is at a state s then
the environment cannot distinguish between s and any
state in ε closure
P
(s).
The following definition describes the set of states
after performing several internal actions and an exter-
nal action from a given state.
Definition 5. Consider a HZIA P and a state s S
P
.
For an action a, we let
ExtDest
P
(s,a) = {s
| (t,a,t
) T
P
.t ε
closure
P
(s) and s
ε closure
P
(t
)}.
In the following, we use V
I
(A) to denote the set
of input variables in Z schema A, V
O
(A) to denote
the set of output variables in Z schema A, V
H
(A) to
denote the set of internal variables in Z schema A, and
CV(A) to denote the set of real-numbered variables in
Z schema A.
In order to define the approximated refinement re-
lation between Z schemas, we need the following no-
tation.
Definition 6. Given a positive real-numbered as-
signment δ on {x
1
,...,x
m
} which represents the mea-
suring errors of real-numbered variables {x
1
,...,x
m
},
an assignment ρ on {v
1
,...,v
n
}, where {x
1
,...,x
m
} are
set of all real-numbered variables in {v
1
,...,v
n
}. We
use the notation ρ δ to denote the set of assign-
ment {σ | σ(v) = ρ(v) if v / {x
1
,...,x
m
}, and σ(x) =
ρ(x)+a, if x {x
1
,...,x
m
}, where δ(x) a δ(x)}.
Definition 7. Consider two Z schemas A and B with
V
I
(A) = V
I
(B), V
O
(A) = V
O
(B), V
H
(A) = V
H
(B) =
/
0 and CV(A) = CV(B). δ is a positive real-numbered
assignment on CV(A). We use the notation A
δ
B if
one of the following cases holds:
(1) if V
I
(A) 6=
/
0 and V
O
(A) 6=
/
0 then given an as-
signment ρ on V
I
(A), for any assignment σ on V
O
(A),
(ρ σ) |= B implies (ρ σ) δ |= A, and given an
assignment σ on V
O
(A), for any assignment ρ on
V
I
(A), (ρ σ) |= A implies (ρ σ) δ |= B, where
(ρ σ) δ |= A means that there is an assignment
λ (ρ σ) δ, such that λ |= A, and ρ σ is an as-
signment which is the union of ρ and σ;
(2) if V
I
(A) 6=
/
0 and V
O
(A) =
/
0 then for any as-
signment ρ on V
I
(A), ρ |= A implies ρ δ |= B;
HYBRID ZIA AND ITS APPROXIMATED REFINEMENT RELATION
263
(3) if V
I
(A) =
/
0 and V
O
(A) 6=
/
0 then for any as-
signment ρ on V
O
(A), ρ |= B implies ρ δ |= A;
(4) V
I
(A) =
/
0 and V
O
(A) =
/
0.
Intuitively, A
δ
B means that schemas A and B
have the same input variables and the same output
variables, and except of small measuring errors δ of
real numbered variables, schema B has bigger do-
mains of input variables but smaller ranges of output
variables than schema A. For example, A b=[x? : N;
y! : R | x is an even number, y! = π × x?]
δ=[y!:=0.1]
Bb=[x? : N; y! : R | y! = 2π ×bx?/2c ± 0.02], where N
is the set of natural numbers, R is the set of reals, and
bx?/2c is the largest natural number that is not larger
than x?/2.
Now we give the approximated refinement rela-
tion between Z schemas, which describe the approx-
imated refinement relation between data structures
properties of states.
Definition 8. Consider two Z schemas A and B, we
use the notation A D
δ
B if
(1) V
I
(A) V
I
(B), V
O
(A) V
O
(B), and CV(A)
(V
I
(A) V
O
(A)) = CV(B) (V
I
(A) V
O
(A));
(2) A\(x
1
,...,x
m
)
δ
B\(y
1
,...,y
n
), where
{x
1
,...,x
m
} = V(A) V
I
(A) V
O
(A), {y
1
,...,y
n
} =
V(B) V
I
(A) V
O
(A), and δ is a positive real-
numbered assignment on CV(A) (V
I
(A) V
O
(A).
For example, Ab=[x? : N; y! : R | x is an even
number,y! = π × x?] D
δ=[y!:=0.1]
Bb=[x? : N; u? : R;
y! : R; v! : R; z : N | y! = 2π × bx?/2c ± 0.02;
v! = z u?].
In the following, we give a approximated refine-
ment relation between HZIAs. For HZIAs, a state
has not only behaviour properties but also data prop-
erties. Therefore this approximated refinement rela-
tion involves both the refinement relation between be-
haviour properties and the approximated refinement
relation between data properties.
Definition 9. Given a HZIA P and a configuration
(s,D
P
) S
P
× R, where R is the set of real numbers,
the set ε transition
P
((s,D
P
),d) = {(s
,D
P
+ d) |
t ε closure
P
(s), for every 0 e d, the in-
variant F
S
P
(t) holds for C
P
= D
P
+ e, and s
ε
closure
P
(t)}.
Intuitively, ε transition
P
((s,T
P
),d) is the set of
configurations after performing some internal actions
with d time delay.
Definition 10. Given a HZIA P and a configura-
tion (s,D
P
) S
P
× R, where R is the set of real
numbers, the set ε delay
P
((s,D
P
),d) = {(s
i
,D
i
P
) |
(s
1
,D
1
P
) ε transition
P
((s,D
P
),d
1
),..., (s
i
,D
i
P
)
ε transition
P
((s
i1
,D
i1
P
),d
i
), where d = d
1
+ ... +
d
i
}.
The set ε delay
P
((s,D
P
),d) is the set of config-
urations after performing several internal actions with
time delay d.
Definition 11. Consider a HZIA P and a configu-
ration (s,D
P
) S
P
× R, where R is the set of real
numbers. For an action a, we let
ExtDest
P
((s,D
P
),a,d) = {(s
,D
P
) | (t,D
1
P
) ε
delay
P
((s,D
P
),d
1
), D
1
P
= D
P
+ d
1
. (t, a, t
) T
P
,
(s
,D
P
) ε delay
P
((t
,D
1
P
),d
2
), and d = d
1
+ d
2
,
D
P
= D
1
P
+ d
2
}.
The set ExtDest
P
((s,D
P
),a,d) is the set of config-
urations after performing several internal actions and
an external action with time delay d.
The approximated refinement relation between
HZIAs is similar to that of original ZIAs (Cao, 2010)
except that a transition with time delay d should be
matched by another transition with time delay d and
small measuring errors δ of real numbered variables
should be considered.
Definition 12. Consider two HZIAs P and Q. Sup-
pose CV
P
(V
I
P
V
O
P
) = CV
Q
(V
I
P
V
O
P
), where CV
P
(CV
Q
) denotes the set of real-numbered variables in
HZIA P (Q). δ is a positive real-numbered assign-
ment on CV
P
(V
I
P
V
O
P
). A binary relation R
δ
A
(S
P
× R) × (S
Q
× R) is an approximated simulation
from Q to P, if for all configurations (s,D
P
) S
P
×R,
there exists (t,D
Q
) S
Q
× R such that (s,D
P
) R
δ
A
(t, D
Q
) the following conditions hold:
(1) F
S
P
(s) D
δ
F
S
Q
(t);
(2) For any (s
,D
P
) εdelay
P
((s,D
P
),d), there
is a configuration (t
,D
Q
) ε delay
Q
((t, D
Q
),d),
such that F
S
P
(s
) D
δ
F
S
Q
(t
), and (s
,D
P
) R
δ
A
(t
,D
Q
);
(3) For any input action a, if (s
,D
P
)
ExtDest
P
((s,D
P
),a,d), there is a configuration
(t
,D
Q
) ExtDest
Q
((t, D
Q
),a,d), such that F
A
P
(a)D
δ
F
A
Q
(a), F
S
P
(s
) D
δ
F
S
Q
(t
), and (s
,D
P
) R
δ
A
(t
,D
Q
);
(4) For any output action a, if (s
,D
P
)
ExtDest
P
((s,D
P
),a,d), there is a configuration
(t
,D
Q
) ExtDest
Q
((t, D
Q
),a,d), such that F
A
P
(a)D
δ
F
A
Q
(a), F
S
P
(s
) D
δ
F
S
Q
(t
), and (s
,D
P
) R
δ
A
(t
,D
Q
).
We write (s,D
P
)
δ
A
(t, D
Q
) if there is an approxi-
mated simulation R
δ
A
such that (s,D
P
) R
δ
A
(t, D
Q
).
Definition 13. The HZIA Q approximately refines
the HZIA P written P
δ
A
Q if
There is an approximated simulation
δ
A
from Q
to P, a configuration (s, 0) S
i
P
and a configuration
(t, 0) S
i
Q
such that (s,0)
δ
A
(t, 0).
We have the following proposition about approxi-
mated refinement relation
δ
A
.
ENASE 2011 - 6th International Conference on Evaluation of Novel Software Approaches to Software Engineering
264
Proposition 1. (1) P
δ
A
P, where δ(x) = 0 for any
x;
(2) If P
δ
A
Q and δ(x) η(x) for any x, then P
η
A
Q;
(3) If P
δ
A
Q and Q
η
A
R, then P
(δ+η)
dom(δ)
A
R, where (δ + η)
dom(δ)
is a positive real-numbered
assignment such that the domain of (δ + η)
dom(δ)
is the same as that of δ and ((δ + η)
dom(δ)
)(x) =
δ(x) + η(x) for any x in the domain of δ.
In the following, we present a simplified approx-
imated refinement relation
δ
S
where the appearance
of time delay d in Clauses (3) and (4) in the definition
of
δ
A
is replaced by 0. Then we show the equivalence
between
δ
A
and
δ
S
.
Definition 14. Consider two HZIAs P and Q. Sup-
pose CV
P
(V
I
P
V
O
P
) = CV
Q
(V
I
P
V
O
P
), where
CV
P
(CV
Q
) denotes the set of real-numbered vari-
ables in HZIA P (Q). δ is a positive real-numbered
assignment on CV
P
(V
I
P
V
O
P
). A binary relation
R
δ
S
(S
P
× R) × (S
Q
× R) is a simplified approxi-
mated simulation from Q to P, if for all configurations
(s,D
P
) S
P
× R, there exists (t,D
Q
) S
Q
× R such
that (s,D
P
) R
δ
S
(t, D
Q
) the following conditions hold:
(1) F
S
P
(s) D
δ
F
S
Q
(t);
(2) For any (s
,D
P
) εdelay
P
((s,D
P
),d), there
is a configuration (t
,D
Q
) ε delay
Q
((t, D
Q
),d),
such that F
S
P
(s
) D
δ
F
S
Q
(t
), and (s
,D
P
) R
δ
S
(t
,D
Q
);
(3) For any input action a, if (s
,D
P
)
ExtDest
P
((s,D
P
),a,0), there is a configura-
tion (t
,D
Q
) ExtDest
Q
((t, D
Q
),a,0), such that
F
A
P
(a) D
δ
F
A
Q
(a), F
S
P
(s
) D
δ
F
S
Q
(t
), and (s
,D
P
) R
δ
S
(t
,D
Q
);
(4) For any output action a, if (s
,D
P
)
ExtDest
P
((s,D
P
),a,0), there is a configura-
tion (t
,D
Q
) ExtDest
Q
((t, D
Q
),a,0), such that
F
A
P
(a) D
δ
F
A
Q
(a), F
S
P
(s
) D
δ
F
S
Q
(t
), and (s
,D
P
) R
δ
S
(t
,D
Q
).
We write (s,D
P
)
δ
S
(t, D
Q
) if there is a simpli-
fied approximated simulation R
δ
S
such that (s, D
P
) R
δ
S
(t, D
Q
).
Definition 15. The HZIA Q simply approximately
refines the HZIA P written P
δ
S
Q if
There is a simplified approximated simulation
δ
S
from Q to P, a configuration (s,0) S
i
P
and a config-
uration (t, 0) S
i
Q
such that (s,0)
δ
S
(t, 0).
We have the following proposition about the re-
lation between approximated refinement relations
δ
A
and
δ
S
.
Proposition 2. (1) (s,D
P
)
δ
A
(t, D
Q
) iff (s,D
P
)
δ
S
(t, D
Q
) for any HZIA P and Q, any state s in P and t
in Q, and any real number D
P
and D
Q
;
(2) P
δ
A
Q iff P
δ
S
Q for any HZIA P and Q.
5 CONCLUSIONS
This paper proposed a specification approach of hy-
brid software/hardware components which is suitable
to specify the hybrid behaviour and data structures
properties of a system. There are several other works
for such topic (Fischer, 1996; Fischer, 1997; Fischer,
1998). But the specification languages in these works
are based on process calculi which are abstract and
difficult to be applied by programmers. Interface au-
tomata are a kind of models for programmers to spec-
ify the behaviour properties of a system. However
it can not specify the hybrid property and data struc-
tures property of a system. In this paper, we define
a combination of interface automata, hybrid automata
and Z called HZIA, which can be applied to specify
the behaviour and data structures properties of a hy-
brid system. Moreover, it is intuitive, and it is easy
to be understood and to be applied by programmers.
We also define the approximated refinement relation
for HZIA. The properties of the approximated refine-
ment relation for HZIA are also studied. HZIA is well
suited for specification and development of hybrid
software/hardware components. It provides powerful
techniques to model control aspects, hybrid property
and data structures in a common framework.
REFERENCES
Bowen, J. (2003). Formal Specification and Documentation
using Z: A Case Study Approach. Thomson Publish-
ing.
Cao, Z. (2010). Refinement checking for interface automata
with z notation. Proceeding of Software Engineering
and Knowledge Engineering, pages 399–404.
Fischer, C. (1996). Combining CSP and Z. Technical report,
TRCF-97-1, University of Oldenburg.
Fischer, C. (1997). Csp-oz: A combination of object-z and
csp. Proceedings of FMODDS’97, pages 423–438.
Fischer, C. (1998). How to combine z with a process alge-
bra. Proceedings of ZUM’98, pages 5–23.
Henzinger, T. A. (1996). The theory of hybrid automata.
Proceedings of LICS 96, pages 278–292.
Hoare, C. A. R. (1985). Communicating Sequential Pro-
cesses. Prentice-Hall.
Luca de Alfaro, T. A. H. (2001). Interface automata. Pro-
ceedings of FSE2001, pages 109–120.
Spivey, J. M. (1998). The Z Notation: A Reference Manual.
Sencond Edition. Prentice Hall International.
Woodcock, J. and Davies, J. (1996). Using Z - Specification,
Refinement, and Proof. Prentice-Hall.
HYBRID ZIA AND ITS APPROXIMATED REFINEMENT RELATION
265