Object Oriented Design of Software Tool for Finite Abstractions of Max-Plus-Linear Systems using Unified Modeling Language

Max-Plus-Linear (MPL) systems are a class of discrete-event systems with a continuous state space characterizing the timing of the underlying sequential discrete events. There is a formal approach to analyze these systems based on finite abstractions. The abstraction algorithms have been in MATLAB using list data structure and in JAVA using tree data structure. The MATLAB implementation requires long computational time, whereas the JAVA one requires larger memory allocation. In this work, we discuss an object oriented design in C++ using tree data structure without recursive functions in the hope of improving the results obtained by the two previous implementations.

Object Oriented Design of Software Tool for Finite Abstractions of Max-Plus-Linear Systems using Unified Modeling Language Muhammadun, Dieky Adzkiya and Imam Mukhlash Abstract-Max-Plus-Linear (MPL) systems are a class of discrete-event systems with a continuous state space characterizing the timing of the underlying sequential discrete events.There is a formal approach to analyze these systems based on finite abstractions.The abstraction algorithms have been in MATLAB using list data structure and in JAVA using tree data structure.The MATLAB implementation requires long computational time, whereas the JAVA one requires larger memory allocation.In this work, we discuss an object oriented design in C++ using tree data structure without recursive functions in the hope of improving the results obtained by the two previous implementations.
Index Terms-Finite abstractions, max-plus-linear systems, object oriented design, unified modeling language.

I. INTRODUCTION
M AX-PLUS-LINEAR (MPL) systems are a class of discrete-event dynamic systems [1], [2] with a continuous state space characterizing the time of occurrence of the underlying sequential discrete events.MPL systems can be used to describe the timing synchronization between interleaved processes, under the assumption that timing events are linearly dependent (within the max-plus algebra) on previous event occurrences.Such systems are employed in the analysis and scheduling of infrastructure networks, such as communication and railway systems [2], production and manufacturing lines [3], [4], or biological systems [5].They cannot model concurrency and are related to a subclass of Timed Petri Nets, namely Timed-Event Graphs [1].
Classical dynamical analysis of MPL systems leverages their algebraic [6] or geometric features [7].It allows investigating model properties such as its transient behavior, its periodic regimes, or its ultimate dynamical behavior [8].Recently, there is a formal approach that has explored a new, alternative approach to analysis that is based on finitestate abstractions [9] of autonomous and nonautonomous MPL systems.The proposed abstraction procedures generates a finite-state Transition System (TS) in a finite number of steps.There is a formal relationship between the concrete model and its abstraction.More precisely, [9] argue that in general the LTS abstraction simulates the original MPL model, and furthermore they provide sufficient conditions to establish a Manuscript received January 27, 2017; accepted February 28, 2017.The authors are with the Department of Mathematics, Institut Teknologi Sepuluh Nopember, Surabaya 60111, Indonesia.Email: muhammadun14@mhs.matematika.its.ac.id, {dieky,imamm}@matematika.its.ac.id bisimulation relation between abstract and concrete models [10].
The abstraction algorithms over MPL systems have been implemented in MATLAB using list data structure [11].In this implementation, the process to compute transition requires a long computation time.Then the implementation has been improved by using tree data structure in JAVA language [12].This implementation successfully accelerates the computational time but requires a larger memory allocation because its functions are recursive.In this work, we will discuss the object oriented design in C++ using tree data structure without recursive functions in the hope of improving the results obtained by the previous two implementations.

II. MODELS AND PRELIMINARIES
A. Max-Plus-Linear Systems An (autonomous) Max-Plus-Linear (MPL) system [1, Rem.2.75] is defined as: where The detailed discussion on MPL systems can be seen in [1], [2].The meaning of k does not represent the "time", as in the usual discrete-time systems.MPL systems are a discrete-event system.More precisely, the parameter k represents an event counter.The state x(k) represents the time of k-th occurrence of state events.

B. Piecewise Affine Systems
An autonomous MPL system characterized by row-finite state matrix A ∈ R n×n ε can be expressed as a PWA system in the event domain [13,Sec. 3].The regions and the corresponding affine dynamics can be constructed from coefficients g = (g 1 , . . ., g n ) ∈ {1, . . ., n} n [9], [12].For each i ∈ {1, . . ., n}, the coefficient g i represents the maximal term in the i-th state equation x gi for all j ∈ {1, . . ., n}.
The set of states corresponding to coefficients g is denoted by R g , which can be expressed explicitly as follows The affine dynamics that is active in the above region is

C. Difference Bound Matrices
In this section, we introduce the notion of Difference Bound Matrices (DBM).DBM will be used in the finite abstraction of MPL systems to represent the (partitioning) region, the dynamics and also the set of states satisfying each atomic proposition.
Definition 1 ([14, Sec.4.1]): A DBM in R n is the intersection of finitely many sets defined as x j − x i i,j α i,j where i,j ∈ {<, ≤} represents a strict and nonstrict inequality sign, α i,j ∈ R ∪ {+∞} denotes the upper bound, for i, j ∈ {0, . . ., n} and value of the special variable x 0 is always equal to 0. The sets are subsets of R n that are characterized by the values of variables x 1 , . . ., x n .
There are some operations defined over DBM such as the intersection of two DBM, the complement of a DBM, the canonical-form representation of a DBM, the orthogonal projection of a DBM, the emptiness checking on a DBM, the image of a DBM w.r.t.affine dynamics, and the inverse image of a DBM w.r.t.affine dynamics.The interested reader is referred to [12,Sec. 2.3] for more detailed explanation.T S is called finite if the cardinality of S and AP is finite.

D. Finite Abstractions of Transition Systems
2) Linear Temporal Logic: Linear Temporal Logic [10, Def.5.1] (LTL) formulae over the set AP of atomic propositions are formed according to the following grammar: The semantics of LTL formulae can be seen in [10].
3) Abstractions: Abstraction is a fundamental concept that enables the analysis of large [10,Ex. 7.53] or even infinite [10,Ex. 7.54] transition systems.An abstraction is identified by a set of abstract states Ŝ; an abstraction function f , that associates to each (concrete) state s of the transition system T S the abstract state f (s) that represents it; and a set AP of atomic propositions labelling the concrete and abstract states.Abstractions differ in the choice of the set Ŝ of abstract states, the abstraction function f , and the relevant propositions AP .
Typically an abstract transition system simulates the corresponding concrete transition system.Simulation relations are used as a basis for abstraction techniques, where the idea is to replace the model to be verified by a smaller abstract model and to verify the latter instead of the original one.Simulation relations are preorders on the state space requiring that whenever s simulates s, state s can mimic all stepwise behavior of s, but the reverse is not guaranteed.The formal definition of the simulation order is given below.
Definition 2 (Simulation Order [10]): ) then there exists s 2 ∈ P ost(s 2 ) with (s 1 , s 2 ) ∈ R Transition system T S 1 is simulated by T S 2 (or, equivalently, T S 2 simulates T S 1 ) if there exists a simulation R for (T S 1 , T S 2 ).
We briefly outline the essential ideas of abstractions that are obtained by aggregating disjoint sets of concrete states into single abstract states.Abstraction functions map concrete states onto abstract ones, such that abstract states are associated with equally labeled concrete states only.
Proposition 2 ([10]): Let T S 2 simulates T S 1 , assume T S 1 does not have terminal states, let ϕ be a linear-time property.If T S 2 satises ϕ, then T S 1 also satises ϕ.

E. Unified Modeling Language
The Unified Modeling Language (UML) is a generalpurpose, developmental, modeling language in the field of software engineering, that is intended to provide a standard way to visualize the design of a system.  1) is used to represent an element in a singly linked list.Member variables are as follows:

A. Auxiliary Classes
1) elem is a variable of type node.
2) next is a pointer to ListEl.If this is not the last element, this variable points to the next element in the list.If this is the last element in the list, this variable does not point to anything.Member functions are as follows: 1) ListEl() is a constructor without any argument.This function does not do anything.2) ListEl(n) is a constructor with one argument of type node.In this function, value of the argument is stored in member variable elem and pointer next is initialized to null.3) ˜ListEl() is a destructor.This function does not do anything.2) List: This class (cf.Fig. 2) is an implementation of singly linked list, where each element is of type ListEl.The list stores all leaves of the abstraction tree.Member variables are as follows: 1) first is a pointer to ListEl.If the list is not empty, this variable points to the first element in the list.If the list is empty, this variable does not point to anything.2) last is a pointer to ListEl.If the list is not empty, this variable points to the last element in the list.If the list is empty, this variable does not point to anything.Member functions are as follows: 1) List() is a constructor without any argument.In this function, both member variables are initialized to null.This means that they do not point to anything.2) ˜List() is a destructor.This function does not do anything.3) pushBack(n) is a function with one argument of type node.In this function, the argument is inserted to end of the list.3) ListStateMatrixElemEl: This class ((cf.Fig. 3)) is used to represent an element in a singly linked list.Member variables are as follows: 1) elem is a variable of type StateMatrixElem.
2) next is a pointer to ListStateMatrixElemEl.If this is not the last element, this variable points to the next element in the list.If this is the last element in the list, this variable does not point to anything.Member functions are as follows: 1) ListStateMatrixElemEl() is a constructor without any argument.This function does not do anything.2) ListStateMatrixElemEl(sme) is a constructor with one argument of type StateMatrixElem.In this function, value of the argument is stored in member variable elem and pointer next is initialized to null.3) ˜ListStateMatrixElemEl() is a destructor.This function does not do anything.4) ListStateMatrixElem: This class (cf.Fig. 4) is an implementation of singly linked list, where each element is of type ListStateMatrixElemEl.This linked list is used to store entries of the state matrix.We use a linked list, rather than an array, because we do not know size of the state matrix a-priori.Member variables are as follows: 1) first is a pointer to ListStateMatrixElemEl.
If the list is not empty, this variable points to the first element in the list.If the list is empty, this variable does not point to anything.2) last is a pointer to ListStateMatrixElemEl.If the list is not empty, this variable points to the last element in the list.If the list is empty, this variable does not point to anything.Member functions are as follows: 1) ListStateMatrixElem() is a constructor without any argument.In this function, both member variables are initialized to null.This means that they do not point to anything.2) ˜ListStateMatrixElem() is a destructor.This function does not do anything.3) pushBack(sme) is a function with one argument of type StateMatrixElem.In this function, the argument is inserted to end of the list.5) is used to represent an element in a singly linked list.Member variables are as follows: 1) elem is a variable of type string.
2) next is a pointer to ListStrEl.If this is not the last element, this variable points to the next element in the list.If this is the last element in the list, this variable does not point to anything.Member functions are as follows: 1) ListStrEl() is a constructor without any argument.This function does not do anything.2) ListStrEl(strElem) is a constructor with one argument of type string.In this function, value of the argument is stored in member variable elem and pointer next is initialized to null.3) ˜ListStrEl() is a destructor.This function does not do anything.6) is an implementation of singly linked list, where each element is of type ListStrEl.This list stores the specifications that are going to be checked against the model.We use a linked list, rather than an array, because we do not know a-priori the number of specifications.Member variables are as follows: 1) first is a pointer to ListStrEl.If the list is not empty, this variable points to the first element in the list.If the list is empty, this variable does not point to anything.2) last is a pointer to ListStrEl.If the list is not empty, this variable points to the last element in the list.If the list is empty, this variable does not point to anything.
Member functions are as follows: 1) ListStr() is a constructor without any argument.In this function, both member variables are initialized to null.This means that they do not point to anything.2) ˜ListStr() is a destructor.This function does not do anything.3) pushBack(strElem) is a function with one argument of type string.In this function, the argument is inserted to end of the list.7) represents an element of the state matrix of an MPL system, whose value can be either a finite integer or minus infinity.Member variables are as follows: 1) isMinInfinite is a Boolean variable that represents whether the element is finite or not.If the value of isMinInfinite is true, then the element is minus infinity and the value stored in val is ignored.However if the value of isMinInfinite is false, then the element equals the value of val.2) val is an integer variable which stores the element, if the element is finite, i.e. the value of isMinInfinite is false.
Member functions are as follows: 1) StateMatrixElem() is a constructor without any argument.In this function, the element is initialized to minus infinity.2) StateMatrixElem(v) is a constructor with one argument v of type integer.The element is initialized to the argument of the function.3) ˜StateMatrixElem() is a destructor.This function does not do anything.8) represents the state matrix of an MPL system.The dimension of state matrix must be n × n, which will be allocated dynamically.Member variables are as follows: 1) matrix is a variable of type pointer to pointer to StateMatrixElem, which is equivalent to a twodimensional array of StateMatrixElem.This variable stores entries of the state matrix.2) dim is an integer variable that stores dimension of the state matrix.In other words, dimension of the state matrix is given by dim × dim.Member functions are as follows: 1) StateMatrix() is a constructor without any argument.This function does not do anything.9) represents an element of a DBM, namely x i − x j i,j α i,j (cf.Section II-C).Member variables are used to characterize such interval: 1) strictness is a Boolean variable.If the value is true, then the inequality sign is not strict, i.e. ≤.If the value is false, then the inequality sign is strict, i.e. <. 2) isPlusInfinite is a Boolean variable.If the value is true, then the upper bound is +∞ and the inequality sign is not strict, i.e. the value of strictness is false.In this case, the value of strictness is ignored.On the other hand, if the value of isPlusInfinite is false, then the upper bound is defined as the value of upperbound and the inequality sign depends on the value of strictness.3) upperbound is an integer variable that represents the upper bound if the upper bound is finite.If the upper bound is not finite, the value stored in this member variable is ignored.
Member functions are as follows: 1) DbmInterval() is a constructor without any argument.In this function, upper bound of the interval is initialized to +∞. 2) DbmInterval(s,u) is a constructor with two arguments.The first agument s is of type Boolean and the second argument u is of type integer.In this function, upper bound of the interval is defined to be finite.Furthermore, the upper bound is defined to be u and the strictness is defined to be s.2) AffineDynamics: This class (cf.Fig. 10) represents an affine dynamics generated by an MPL system (2).Member variables are as follows: 1) indeks (in English: index) is a variable of type pointer to integer.This variable stores the integer coefficients g 1 , . . ., g n .2) konstanta (in English: constants) is a variable of type pointer to integer.This variable stores integer constants A(1, g 1 ), . . ., A(n, g n ).
This variable stores size of the state matrix.Remember that the state matrix is a square matrix.Thus, we only need a single integer variable to store its dimension.
Member functions are as follows: 1) AffineDynamics() is a constructor without any argument.This function does not do anything.2) AffineDynamics(d) is a constructor with one argument d of type integer.In this function, member variables indeks and konstanta are defined as onedimensional integer arrays of size d.Furthermore, all entries of both member variables are initialized to zero.3) ˜AffineDynamics() is a destructor.This function does not do anything.4) setDim(d) is a function with one argument d of type integer.In this function, member variables indeks and konstanta are defined as one-dimensional integer arrays of size d.Furthermore, all entries of both member variables are initialized to zero.C. Abstraction Classes 1) Node: This class (cf.Fig. 12) represents a node in the partition tree.Member variables are as follows: 1) d is a variable of type DBM.This variable stores the DBM represented by a node in the partition tree.2) dipenuhi (in English: satisfied) is a variable of type pointer to Boolean.In other words, the data type is an array of Boolean.The size of the array is equal to the number of atomic propositions.If the i-th atomic proposition is satisfied, then the i-th element of the array is true.If the i-th atomic proposition is not satisfied, then the i-th element of the array is false.3) ad is a variable of type AffineDynamics.This variable stores the affine dynamics that are active in the DBM represented by this node.4) state is an integer variable that represents the unique identifier for each leaf node.As such, this variable is only used for nodes that become leaf.5) numChild is an integer variable that stores the number of children of this node.6) child is a variable of type pointer to node.This variable will be initialized to a dynamic one-dimensional array of type node.The number of elements in the array equals the number of children of this node.Member functions are as follows: 1) node() is a constructor without any argument.This function does not do anything.
2) node(d1,dipenuhi1,numAP,lev,ApDbm) is a constructor to build the AP partition tree.This function is recursive in the following sense: in this constructor, we create some objects of type node that will call this constructor.3) node(A,d1,ad1,lev) is a constructor to build the AD partition tree.This function is recursive in the following sense: in this constructor, we create some objects of type node that will call this constructor.4) node(d1,dipenuhi1,numAP,lev,ApDbm,A, ad1) is a constructor to build the Π 0 partition tree.This function is a combination of the preceding two constructors.This function is recursive in the following sense: in this constructor, we create some objects of type node that will call this constructor.
2) Tree: This class (cf.Fig. 13) is used to represent a tree, for example AP partition tree, AD partition tree and Π 0 partition tree.This class has a single member variable root of type node.This variable is used to store root of the tree.This class has a constructor and a destructor.Both functions do not do anything.
3) AbstractionTree: This class (cf.Fig. 14) is used to store the abstract transition system.Initially, the partition of the state space is represented as a tree.Member variables are as follows: 1) numAP is an integer variable that is used to store the number of atomic propositions.2) ApDbm is a pointer to DBM.We assume that the set of states satisfying each atomic proposition is a DBM.This variable is used to represent the set of states that satisfies each atomic proposition.3) ApPartTree is a variable of type tree that is used to store the AP partition tree.4) AdPartTree is a variable of type tree that is used to store the AD partition tree.5) pi0PartTree is a variable of type tree that is used to store the Π 0 partition tree.6) A is a variable of type StateMatrix, which is used to store the state matrix.7) pi0PartTreeLeaf is a variable that represents a list of nodes.This variable is used to store the leaf nodes in the Π 0 partition tree.8) numpi0PartTreeLeaf is an integer variable which stores the number of leaf nodes in the Π 0 partition tree.9) adj is a two-dimensional matrix, where each entry is a Boolean variable.This variable is used to represent the set of transitions in the abstract transition system.If the entry in i-th row and j-th column is true, then there is a transition from j-th node to i-th node.If the entry in i-th row and j-th column is false, then there is no transition from j-th node to i-th node.This variable is still used after the refinement phase.10) numInitStates is an integer variable that represents the number of DBM that defines the initial states.The initial states are represented by a union of finitely many DBM.11) initStates is a pointer to DBM (or equivalently, an array of DBM).This variable stores the initial states of the concrete transition system, i.e. the MPL system.12) isInitState is an array of boolean variables, where the size is the same with the number of abstract states.This variable represents the set of abstract initial states.
If the i-th element is true, then the i-th abstract state is an initial state.If the i-th element is false, then the i-th abstract state is not an initial state.13) LSCTLf is a variable of type ListStr which stores the set of CTL specifications.14) LSLTLf is a variable of type ListStr which stores the set of LTL specifications.15) abstractState is an array of node which repre-sents the set of abstract states.This variable is still used after the refinement phase.16) numAbstractState is an integer variable that represents the number of abstract states.This variable is still used after the refinement phase.
Member functions are as follows: 1) AbstractionTree() is a constructor without any argument.This function does not do anything.2) ˜AbstractionTree() is a destructor.This function does not do anything.3) ApPart() is a function to construct the AP partition tree.The result is stored in member variable ApPartTree.4) AdPart() is a function to construct the AD partition tree.The result is stored in member variable AdPartTree.5) pi0Part() is a function to construct the Π 0 partition tree.Roughly speaking, this function is a combination of ApPart() and AdPart().The result is stored in member variable pi0PartTree.6) Transition() is a function to compute the set of transitions.In order to minimize the memory usage, this function is not implemented in a recursive manner.This function uses the Π 0 partition that is stored as a tree, i.e. member variable pi0PartTree.The result is stored in member variable adj.Furthermore, this function also initializes member variable pi0PartTreeLeaf.7) determineInitState() is a function to determine the set of initial states over the abstract transition system.This function uses member variable abstractState.
Since member variable abstractState is initialized in member function Refinement(upperbound), this function has to be called after execution of the refinement function.The result is stored in member variables numInitStates and initStates.8) Refinement(upperbound) is used to refine the abstract transition system.In general, this procedure does not necessarily terminate in a finite time.Thus, we define one argument upperbound which represents the maximum number of abstract states (for the stopping criterion of the procedure).This function uses member variable pi0PartTreeLeaf.Since the member variable is initialized in member function Transition(), then this function can be executed after the execution of the function to compute transitions.Furthermore, in this function, we initialize member variables abstractState and numAbstractState.9) Ts2nusmv() is a function to generate a NuSMV language stored in a file from the abstract transition system.This function uses member variables numAbstractState, abstractState, numInitStates, initStates and adj.Thus, this function can be executed after the functions Transition(), Refinement(upperbound) and determineInitState() have been executed.

1 )
Transition Systems: A transition system [10, Def.2.1] T S is characterized by a quintuple (S, −→, I, AP, L) where • S is a set of states, • −→ ⊆ S × S is a transition relation, • I ⊆ S is a set of initial states, • AP is a set of atomic propositions, and • L : S → 2 AP is a labelling function.

Fig. 1 .
Fig. 1.Class diagram for ListEl 1) ListEl: This class (cf.Fig.1) is used to represent an element in a singly linked list.Member variables are as follows:1) elem is a variable of type node.2) next is a pointer to ListEl.If this is not the last element, this variable points to the next element in the list.If this is the last element in the list, this variable does not point to anything.Member functions are as follows:1) ListEl() is a constructor without any argument.This function does not do anything.2) ListEl(n) is a constructor with one argument of type node.In this function, value of the argument is stored in member variable elem and pointer next is initialized to null.3) ˜ListEl() is a destructor.This function does not do anything.

Fig. 5 .
Fig. 5. Class diagram for ListStrEl 5) ListStrEl: This class (cf.Fig.5) is used to represent an element in a singly linked list.Member variables are as follows:1) elem is a variable of type string.2) next is a pointer to ListStrEl.If this is not the last element, this variable points to the next element in the list.If this is the last element in the list, this variable does not point to anything.Member functions are as follows:1) ListStrEl() is a constructor without any argument.This function does not do anything.2) ListStrEl(strElem) is a constructor with one argument of type string.In this function, value of the argument is stored in member variable elem and pointer next is initialized to null.3) ˜ListStrEl() is a destructor.This function does not do anything.

Fig. 8 .
Fig. 8. Class diagram for StateMatrix 8) StateMatrix: This class (cf.Fig.8) represents the state matrix of an MPL system.The dimension of state matrix must be n × n, which will be allocated dynamically.Member variables are as follows:1) matrix is a variable of type pointer to pointer to StateMatrixElem, which is equivalent to a twodimensional array of StateMatrixElem.This variable stores entries of the state matrix.2) dim is an integer variable that stores dimension of the state matrix.In other words, dimension of the state matrix is given by dim × dim.Member functions are as follows:1) StateMatrix() is a constructor without any argument.This function does not do anything.2) StateMatrix(d) is a constructor with one argument of type integer.This function generates a matrix of size d × d.The entries are minus infinity.3) SetDim(d) is a function with one argument of type integer.This function generates a matrix of size d × d.The entries are minus infinity.4) ˜StateMatrix() is a destructor.This function does not do anything.

2 )Fig. 9 .
Fig. 9. Class diagram for DbmInterval 1) DbmInterval: This class (cf.Fig.9) represents an element of a DBM, namely x i − x j i,j α i,j (cf.Section II-C).Member variables are used to characterize such interval:

4 )
FloydWarshall() is used to compute the canonicalform representation of this DBM.Since the canonicalform representation of a DBM is again a DBM, this function returns a DBM. 5) operator-(d2) is a function that overloads the minus operator.This function has one argument of type DBM.The purpose is to determine the intersection of two DBM.Since the intersection of two DBM is a DBM, this function returns a DBM. 6) Complement(sizecomp) is a function to compute the complement of this DBM.The complement of a DBM is in general a union of finitely many DBM.This function has an argument of type address of an integer.This argument is not used for the input, but this is used as the output to store the number of DBM that becomes the complement of this DBM.7) isEmpty() is a function to check whether this DBM is empty or not.This function returns a Boolean value.If this function returns true, then this DBM is empty.If this function returns false, then this DBM is not empty.8) image(ad1) is a function to determine the image of this DBM w.r.t. the affine dynamics defined in the argument.Since the image of a DBM w.r.t. an affine dynamics is a DBM, this function returns a DBM.9) invimage(ad1) is a function to determine the inverse image of this DBM w.r.t. the affine dynamics defined in the argument.Since the inverse image of a DBM w.r.t. an affine dynamics is a DBM, this function returns a DBM.