The theory of hybrid automata (2000)

by T A Henzinger
Venue:Verification of Digital and Hybrid Systems. Volume 170 of NATO ASI Series F: Computer and Systems Science
Add To MetaCart
Results 1 - 10 of 685

A theory of timed automata

by Rajeev Alur , 1999
"... Model checking is emerging as a practical tool for automated debugging of complex reactive systems such as embedded controllers and network protocols (see [23] for a survey). Traditional techniques for model checking do not admit an explicit modeling of time, and are thus, unsuitable for analysis of ..."
Abstract - Cited by 2651 (32 self) - Add to MetaCart
Model checking is emerging as a practical tool for automated debugging of complex reactive systems such as embedded controllers and network protocols (see [23] for a survey). Traditional techniques for model checking do not admit an explicit modeling of time, and are thus, unsuitable for analysis of real-time systems whose correctness depends on relative magnitudes of different delays. Consequently, timed automata [7] were introduced as a formal notation to model the behavior of real-time systems. Its definition provides a simple way to annotate state-transition graphs with timing constraints using finitely many real-valued clock variables. Automated analysis of timed automata relies on the construction of a finite quotient of the infinite space of clock valuations. Over the years, the formalism has been extensively studied leading to many results establishing connections to circuits and logic, and much progress has been made in developing verification algorithms, heuristics, and tools. This paper provides a survey of the theory of timed automata, and their role in specification and verification of real-time systems.
(Show Context)

The algorithmic analysis of hybrid systems

by R. Alur, C. Courcoubetis, N. Halbwachs , T. A. Henzinger, P.-H. Ho, X. Nicollin , A. Olivero , J. Sifakis , S. Yovine - THEORETICAL COMPUTER SCIENCE , 1995
"... We present a general framework for the formal specification and algorithmic analysis of hybrid systems. A hybrid system consists of a discrete program with an analog environment. We model hybrid systems as nite automata equipped with variables that evolve continuously with time according to dynamica ..."
Abstract - Cited by 778 (71 self) - Add to MetaCart
We present a general framework for the formal specification and algorithmic analysis of hybrid systems. A hybrid system consists of a discrete program with an analog environment. We model hybrid systems as nite automata equipped with variables that evolve continuously with time according to dynamical laws. For verification purposes, we restrict ourselves to linear hybrid systems, where all variables follow piecewise-linear trajectories. We provide decidability and undecidability results for classes of linear hybrid systems, and we show that standard program-analysis techniques can be adapted to linear hybrid systems. In particular, we consider symbolic model-checking and minimization procedures that are based on the reachability analysis of an infinite state space. The procedures iteratively compute state sets that are definable as unions of convex polyhedra in multidimensional real space. We also present approximation techniques for dealing with systems for which the iterative procedures do not converge.

PDDL2.1: An Extension to PDDL for Expressing Temporal Planning Domains

by Maria Fox, Derek Long , 2003
"... In recent years research in the planning community has moved increasingly towards application of planners to realistic problems involving both time and many types of resources. For example, interest in planning demonstrated by the space research community has inspired work in observation scheduling, ..."
Abstract - Cited by 609 (41 self) - Add to MetaCart
In recent years research in the planning community has moved increasingly towards application of planners to realistic problems involving both time and many types of resources. For example, interest in planning demonstrated by the space research community has inspired work in observation scheduling, planetary rover exploration and spacecraft control domains. Other temporal and resource-intensive domains including logistics planning, plant control and manufacturing have also helped to focus the community on the modelling and reasoning issues that must be confronted to make planning technology meet the challenges of application. The international planning competitions have acted as an important motivating force behind the progress that has been made in planning since 1998. The third competition (held in 2002) set the planning community the challenge of handling time and numeric resources. This necessitated the development of a modelling language capable of expressing temporal and numeric properties of planning domains. In this paper we describe the language, PDDL2.1, that was used in the competition. We describe the syntax of the language, its formal semantics and the validation of concurrent plans. We observe that PDDL2.1 has considerable modelling power — exceeding the capabilities of current planning technology — and presents a number of important challenges to the research community.
(Show Context)

Conflict Resolution for Air Traffic Management: A Study in Multiagent Hybrid Systems

by Claire Tomlin, George J. Pappas, Shankar Sastry - IEEE TRANSACTIONS ON AUTOMATIC CONTROL , 1998
"... Air Traffic Management (ATM) of the future allows for the possibility of free flight, in which aircraft choose their own optimal routes, altitudes, and velocities. The safe resolution of trajectory conflicts between aircraft is necessary to the success of such a distributed control system. In this p ..."
Abstract - Cited by 287 (50 self) - Add to MetaCart
Air Traffic Management (ATM) of the future allows for the possibility of free flight, in which aircraft choose their own optimal routes, altitudes, and velocities. The safe resolution of trajectory conflicts between aircraft is necessary to the success of such a distributed control system. In this paper, we present a method to synthesize provably safe conflict resolution maneuvers. The method models the aircraft and the maneuver as a hybrid control system and calculates the maximal set of safe initial conditions for each aircraft so that separation is assured in the presence of uncertainties in the actions of the other aircraft. Examples of maneuvers using both speed and heading changes are worked out in detail.

PHAVer: Algorithmic verification of hybrid systems past HyTech

by Goran Frehse , 2005
"... In 1995, HyTech broke new ground as a potentially powerful tool for verifying hybrid systems – yet it has remained severely limited in its applicability to more complex systems. We address the main problems of HyTech with PHAVer, a new tool for the exact verification of safety properties of hybrid ..."
Abstract - Cited by 217 (9 self) - Add to MetaCart
In 1995, HyTech broke new ground as a potentially powerful tool for verifying hybrid systems – yet it has remained severely limited in its applicability to more complex systems. We address the main problems of HyTech with PHAVer, a new tool for the exact verification of safety properties of hybrid systems with piecewise constant bounds on the derivatives. Affine dynamics are handled by on-the-fly overapproximation and by partitioning the state space based on user-definable constraints and the dynamics of the system. PHAVer’s exact arithmetic is robust due to the use of the Parma Polyhedra Library, which supports arbitrarily large numbers. To manage the complexity of the polyhedral computations, we propose methods to conservatively limit the number of bits and constraints of polyhedra. Experimental results for a navigation benchmark and a tunnel diode circuit show the effectiveness of the approach.
(Show Context)

Model-integrated development of embedded software

by Gabor Karsai, Janos Sztipanovits, Akos Ledeczi, Ted Bapty - Proceedings of the IEEE , 2003
"... Proceedings of the IEEE January 2003 The paper describes a model-integrated approach for embedded software development that is based on domain-specific, multiple view models used in all phases of the development process. Models explicitly represent the embedded software and the environment it operat ..."
Abstract - Cited by 164 (33 self) - Add to MetaCart
Proceedings of the IEEE January 2003 The paper describes a model-integrated approach for embedded software development that is based on domain-specific, multiple view models used in all phases of the development process. Models explicitly represent the embedded software and the environment it operates in, and capture the requirements and the design of the application, simultaneously. Models are descriptive, in the sense that they allow the formal analysis, verification and validation of the embedded system at design time. Models are also generative, in the sense that they carry enough information for automatically generating embedded systems using the techniques of program generators. Because of the widely varying nature of embedded systems, a single modeling language may not be suitable for all domains, thus modeling languages are often domain-specific. To decrease the cost of defining and integrating domain-specific modeling languages and corresponding analysis and synthesis tools, the model-integrated approach is applied in a metamodeling architecture, where formal models of domain-specific modeling languages – called metamodels – play a key role in customizing and connecting components of tool chains. The paper will discuss the principles and techniques of model-integrated embedded software development in detail, as well as the capabilities of the tools supporting the process. Examples in terms of real systems will be given that illustrate how the model-integrated approach addresses the physical nature, the assurance issues, and the dynamic structure of embedded software.
(Show Context)

Hierarchical Finite State Machines with Multiple Concurrency Models

by Alain Girault, Bilung Lee, Edward A. Lee - IEEE Transactions on Computer-aided Design of Integrated Circuits and Systems , 1999
"... This paper studies the semantics of hierarchical finite state machines (FMS's) that are composed using various concurrency models, particularly dataflow, discrete-events, and synchronous/reactive modeling. It is argued that all three combinations are useful, and that the concurrency model can b ..."
Abstract - Cited by 146 (43 self) - Add to MetaCart
This paper studies the semantics of hierarchical finite state machines (FMS's) that are composed using various concurrency models, particularly dataflow, discrete-events, and synchronous/reactive modeling. It is argued that all three combinations are useful, and that the concurrency model can be selected independently of the decision to use hierarchical FSM's. In contrast, most formalisms that combine FSM's with concurrency models, such as Statecharts (and its variants) and hybrid systems, tightly integrate the FSM semantics with the concurrency semantics. An implementation that supports three combinations is described.
(Show Context)

Algorithmic analysis of nonlinear hybrid systems

by Thomas A. Henzinger, Pei-hsin Ho, Howard Wong-toi - in Proc. CAV 95: Computer-aided Verification, Lecture Notes in Computer Science , 1995
"... Abstract—Hybrid systems are digital real-time systems that are embedded in analog environments. Model-checking tools are available for the automatic analysis of linear hybrid automata, whose environment variables are subject to piecewise-constant polyhedral differential inclusions. In most embedded ..."
Abstract - Cited by 138 (13 self) - Add to MetaCart
Abstract—Hybrid systems are digital real-time systems that are embedded in analog environments. Model-checking tools are available for the automatic analysis of linear hybrid automata, whose environment variables are subject to piecewise-constant polyhedral differential inclusions. In most embedded systems, however, the environment variables have differential inclusions that vary with the values of the variables, e.g., _x = x. Such inclusions are prohibited in the linear hybrid automaton model. We present two methods for translating nonlinear hybrid systems into linear hybrid automata. Properties of the nonlinear systems can then be inferred from the automatic analysis of the translated linear hybrid automata. The first method, called clock translation, replaces constraints on nonlinear variables by constraints on clock variables. The clock translation is efficient but has limited applicability. The second method, called linear phase-portrait approximation, con-servatively overapproximates the phase portrait of a hybrid automaton using piecewise-constant polyhedral differential inclu-sions. Both methods are sound for safety properties; that is, if we establish a safety property of the translated linear system, we may conclude that the original nonlinear system satisfies the property. When applicable, the clock translation is also complete for safety properties; that is, the original system and the translated system satisfy the same safety properties. The phase-portrait approxi-mation method is not complete for safety properties, but it is asymptotically complete; intuitively, for every safety property, and for every relaxed nonlinear system arbitrarily close to the original, if the relaxed system satisfies the safety property, then there is a linear phase-portrait approximation that also satisfies the property. We illustrate both methods by using HYTECH—a symbolic model checker for linear hybrid automata—to automatically check properties of a nonlinear temperature controller and of a predator–prey ecology. Index Terms — Clock translation, formal verification, hybrid systems, HYTECH, linear hybrid automata, model checking, phase-portrait approximation, predator–prey ecologies.
(Show Context)

Logics for Hybrid Systems

by J. M. Davoren, Anil Nerode - Proceedings of the IEEE , 2000
"... This paper offers a synthetic overview of, and original contributions to, the use of logics and formal methods in the analysis of hybrid systems ..."
Abstract - Cited by 137 (12 self) - Add to MetaCart
This paper offers a synthetic overview of, and original contributions to, the use of logics and formal methods in the analysis of hybrid systems
(Show Context)

Computational Techniques for Hybrid System Verification

by Alongkrit Chutinan, Bruce H. Krogh - IEEE Trans. on Automatic Control , 2003
"... Abstract—This paper concerns computational methods for ver-ifying properties of polyhedral invariant hybrid automata (PIHA), which are hybrid automata with discrete transitions governed by polyhedral guards. To verify properties of the state trajectories for PIHA, the planar switching surfaces are p ..."
Abstract - Cited by 115 (5 self) - Add to MetaCart
Abstract—This paper concerns computational methods for ver-ifying properties of polyhedral invariant hybrid automata (PIHA), which are hybrid automata with discrete transitions governed by polyhedral guards. To verify properties of the state trajectories for PIHA, the planar switching surfaces are partitioned to define a finite set of discrete states in an approximate quotient transition system (AQTS). State transitions in the AQTS are determined by the reachable states, or flow pipes, emitting from the switching sur-faces according to the continuous dynamics. This paper presents a method for computing polyhedral approximations to flow pipes. It is shown that the flow-pipe approximation error can be made arbi-trarily small for general nonlinear dynamics and that the computa-tions can be made more efficient for affine systems. The paper also describes CheckMate, a MATLAB-based tool for modeling, simu-lating and verifying properties of hybrid systems based on the com-putational methods previously described. Index Terms—Hybrid systems, model checking, reachability, verification. I.
(Show Context)