Results 1  10
of
244
The Theory of Hybrid Automata
, 1996
"... A hybrid automaton is a formal model for a mixed discretecontinuous system. We classify hybrid automata acoording to what questions about their behavior can be answered algorithmically. The classification reveals structure on mixed discretecontinuous state spaces that was previously studied on pur ..."
Abstract

Cited by 685 (12 self)
 Add to MetaCart
A hybrid automaton is a formal model for a mixed discretecontinuous system. We classify hybrid automata acoording to what questions about their behavior can be answered algorithmically. The classification reveals structure on mixed discretecontinuous state spaces that was previously studied on purely discrete state spaces only. In particular, various classes of hybrid automata induce finitary trace equivalence (or similarity, or bisimilarity) relations on an uncountable state space, thus permitting the application of various modelchecking techniques that were originally developed for finitestate systems.
UPPAAL in a Nutshell
, 1997
"... . This paper presents the overall structure, the design criteria, and the main features of the tool box Uppaal. It gives a detailed user guide which describes how to use the various tools of Uppaal version 2.02 to construct abstract models of a realtime system, to simulate its dynamical behavior, ..."
Abstract

Cited by 662 (51 self)
 Add to MetaCart
. This paper presents the overall structure, the design criteria, and the main features of the tool box Uppaal. It gives a detailed user guide which describes how to use the various tools of Uppaal version 2.02 to construct abstract models of a realtime system, to simulate its dynamical behavior, to specify and verify its safety and bounded liveness properties in terms of its model. In addition, the paper also provides a short review on casestudies where Uppaal is applied, as well as references to its theoretical foundation. 1 Introduction Uppaal is a tool box for modeling, simulation and verification of realtime systems, based on constraintsolving and onthefly techniques, developed jointly by Uppsala University and Aalborg University. It is appropriate for systems that can be modeled as a collection of nondeterministic processes with finite control structure and realvalued clocks, communicating through channels and (or) shared variables [34, 26]. Typical application areas in...
HyTech: A Model Checker for Hybrid Systems
 Software Tools for Technology Transfer
, 1997
"... A hybrid system is a dynamical system whose behavior exhibits both discrete and continuous change. A hybrid automaton is a mathematical model for hybrid systems, which combines, in a single formalism, automaton transitions for capturing discrete change with differential equations for capturing conti ..."
Abstract

Cited by 473 (6 self)
 Add to MetaCart
(Show Context)
A hybrid system is a dynamical system whose behavior exhibits both discrete and continuous change. A hybrid automaton is a mathematical model for hybrid systems, which combines, in a single formalism, automaton transitions for capturing discrete change with differential equations for capturing continuous change. HyTech is a symbolic model checker for linear hybrid automata, a subclass of hybrid automata that can be analyzed automatically by computing with polyhedral state sets. A key feature of HyTech is its ability to perform parametric analysis, i.e. to determine the values of design parameters for which a linear hybrid automaton satisfies a temporallogic requirement. 1 Introduction A hybrid system typically consists of a collection of digital programs that interact with each other and with an analog environment. Examples of hybrid systems include manufacturing controllers, automotive and flight controllers, medical equipment, microelectromechanical systems, and robots. When thes...
Bisimulation for Labelled Markov Processes
 INFORMATION AND COMPUTATION
, 1997
"... In this paper we introduce a new class of labelled transition systems  Labelled Markov Processes  and define bisimulation for them. Labelled Markov processes are ..."
Abstract

Cited by 195 (24 self)
 Add to MetaCart
(Show Context)
In this paper we introduce a new class of labelled transition systems  Labelled Markov Processes  and define bisimulation for them. Labelled Markov processes are
Logics for Hybrid Systems
 Proceedings of the IEEE
, 2000
"... This paper offers a synthetic overview of, and original contributions to, the use of logics and formal methods in the analysis of hybrid systems ..."
Abstract

Cited by 137 (12 self)
 Add to MetaCart
(Show Context)
This paper offers a synthetic overview of, and original contributions to, the use of logics and formal methods in the analysis of hybrid systems
EventClock Automata: A Determinizable Class of Timed Automata
 Theoretical Computer Science
, 1999
"... We introduce eventrecording automata. An eventrecording automaton is a timed automaton that contains, for every event a, a clock that records the time of the last occurrence of a. The class of eventrecording automata is, on one hand, expressive enough to model (finite) timed transition systems an ..."
Abstract

Cited by 118 (2 self)
 Add to MetaCart
(Show Context)
We introduce eventrecording automata. An eventrecording automaton is a timed automaton that contains, for every event a, a clock that records the time of the last occurrence of a. The class of eventrecording automata is, on one hand, expressive enough to model (finite) timed transition systems and, on the other hand, determinizable and closed under all boolean operations. As a result, the language inclusion problem is decidable for eventrecording automata. We present a translation from timed transition systems to eventrecording automata, which leads to an algorithm for checking if two timed transition systems have the same set of timed behaviors. We also consider eventpredicting automata, which contain clocks that predict the time of the next occurrence of an event. The class of eventclock automata, which contain both eventrecording and eventpredicting clocks, is a suitable specification language for realtime properties. We provide an algorithm for checking if a timed automa...
Constructing Invariants for Hybrid Systems
 IN HYBRID SYSTEMS: COMPUTATION AND CONTROL, LNCS 2993
, 2004
"... An invariant of a system is a predicate that holds for every reachable state. In this paper, we present techniques to generate invariants for hybrid systems. This is achieved by reducing the invariant generation problem to a constraint solving problem using methods from the theory of ideals over p ..."
Abstract

Cited by 59 (7 self)
 Add to MetaCart
(Show Context)
An invariant of a system is a predicate that holds for every reachable state. In this paper, we present techniques to generate invariants for hybrid systems. This is achieved by reducing the invariant generation problem to a constraint solving problem using methods from the theory of ideals over polynomial rings. We extend our previous work on the generation of algebraic invariants for discrete transition systems in order to generate algebraic invariants for hybrid systems. In doing so, we present a new technique to handle consecution across continuous differential equations. The techniques we present allow a tradeoff between the complexity of the invariant generation process and the strength of the resulting invariants.
Impulse differential inclusions: A viability approach to hybrid systems
 IEEE Transactions on Automatic Control
, 2002
"... Abstract. Impulse differential inclusions are introduced as a framework for modelling hybrid phenomena. Connections to standard problems in area of hybrid systems are discussed. Conditions are derived that allow one to determine whether a set of states is viable or invariant under the action of an i ..."
Abstract

Cited by 49 (7 self)
 Add to MetaCart
(Show Context)
Abstract. Impulse differential inclusions are introduced as a framework for modelling hybrid phenomena. Connections to standard problems in area of hybrid systems are discussed. Conditions are derived that allow one to determine whether a set of states is viable or invariant under the action of an impulse differential inclusion. For sets that violate these conditions, methods are developed for approximating their viability and invariance kernels, that is the largest subset that is viable or invariant under the action of the impulse differential inclusion. The results are demonstrated on examples. 1.
The Bounded Retransmission Protocol must be on time!
 THIRD INT. WORKSHOP ON TOOLS AND ALGORITHMS FOR THE CONSTRUCTION AND ANALYSIS OF SYSTEMS (TACAS'97), LNCS 1217
, 1997
"... This paper concerns the transfer of files via a lossy communication channel. It formally specifies this file transfer service in a propertyoriented way and investigates  using two different techniques  whether a given bounded retransmission protocol conforms to this service. This protocol is ba ..."
Abstract

Cited by 48 (10 self)
 Add to MetaCart
This paper concerns the transfer of files via a lossy communication channel. It formally specifies this file transfer service in a propertyoriented way and investigates  using two different techniques  whether a given bounded retransmission protocol conforms to this service. This protocol is based on the wellknown alternating bit protocol but allows for a bounded number of retransmissions of a chunk, i.e., part of a file, only. So, eventual delivery is not guaranteed and the protocol may abort the file transfer. We investigate to what extent realtime aspects are important to guarantee the protocol's correctness and use Spin and
Model Checking via Reachability Testing for Timed Automata
, 1997
"... In this paper we develop an approach to modelchecking for timed automata via reachability testing. As our specification formalism, we consider a densetime logic with clocks. This logic may be used to express safety and bounded liveness properties of realtime systems. We show how to automatically ..."
Abstract

Cited by 47 (13 self)
 Add to MetaCart
In this paper we develop an approach to modelchecking for timed automata via reachability testing. As our specification formalism, we consider a densetime logic with clocks. This logic may be used to express safety and bounded liveness properties of realtime systems. We show how to automatically synthesize, for every logical formula ', a socalled test automaton T' in such a way that checking whether a system S satisfies the property ' can be reduced to a reachability question over the system obtained by making T' interact with S.