Results 1  10
of
38
Abstraction and CounterexampleGuided Refinement in Model Checking of Hybrid Systems
, 2003
"... Hybrid dynamic systems include both continuous and discrete state variables. Properties of hybrid systems, which have an infinite state space, can often be verified using ordinary model checking together with a finitestate abstraction. Model checking can be inconclusive, however, in which case t ..."
Abstract

Cited by 55 (7 self)
 Add to MetaCart
Hybrid dynamic systems include both continuous and discrete state variables. Properties of hybrid systems, which have an infinite state space, can often be verified using ordinary model checking together with a finitestate abstraction. Model checking can be inconclusive, however, in which case the abstraction must be refined. This paper presents a new procedure to perform this refinement operation for abstractions of hybrid systems. Following an approach originally developed for finitestate systems [11, 25], the refinement procedure constructs a new abstraction that eliminates a counterexample generated by the model checker. For hybrid systems, analysis of the counterexample requires the computation of sets of reachable states in the continuous state space. We show how such reachability computations with varying degrees of complexity can be used to refine hybrid system abstractions efficiently.
CounterExample Guided Predicate Abstraction of Hybrid Systems
, 2003
"... Predicate abstraction has emerged to be a powerful technique for extracting finitestate models from infinitestate systems, and has been recently shown to enhance the effectiveness of the reachability computation techniques for hybrid systems. Given a hybrid system with linear dynamics and a set of ..."
Abstract

Cited by 44 (8 self)
 Add to MetaCart
(Show Context)
Predicate abstraction has emerged to be a powerful technique for extracting finitestate models from infinitestate systems, and has been recently shown to enhance the effectiveness of the reachability computation techniques for hybrid systems. Given a hybrid system with linear dynamics and a set of linear predicates, the verifier performs an onthefly search of the finite discrete quotient whose states correspond to the truth assignments to the input predicates. The success of this approach crucially depends on the choice of the predicates used for abstraction. In this paper, we focus on identifying these predicates automatically by analyzing spurious counterexamples generated by the search in the abstract statespace. We present the basic techniques for discovering new predicates that will rule out closely related spurious counterexamples, optimizations of these techniques, implementation of these in the verification tool, and case studies demonstrating the promise of the approach.
Predicate abstraction for reachability analysis of hybrid systems
 ACM Trans. Embedded Comput. Syst
, 2006
"... Embedded systems are increasingly finding their way into a growing range of physical devices. These embedded systems often consist of a collection of software threads interacting concurrently with each other and with a physical, continuous environment. While continuous dynamics have been well studie ..."
Abstract

Cited by 41 (3 self)
 Add to MetaCart
(Show Context)
Embedded systems are increasingly finding their way into a growing range of physical devices. These embedded systems often consist of a collection of software threads interacting concurrently with each other and with a physical, continuous environment. While continuous dynamics have been well studied in control theory, and discrete and distributed systems have been investigated in computer science, the combination of the two complexities leads us to the recent research on hybrid systems. This paper addresses the formal analysis of such hybrid systems. Predicate abstraction has emerged to be a powerful technique for extracting finitestate models from infinitestate discrete programs. This paper presents algorithms and tools for reachability analysis of hybrid systems by combining the notion of predicate abstraction with recent techniques for approximating the set of reachable states of linear systems using polyhedra. Given a hybrid system and a set of predicates, we consider the finite discrete quotient whose states correspond to all possible truth assignments to the input predicates. The tool performs an onthefly exploration of the abstract system. We present the basic techniques for guided search in the abstract statespace, optimizations of these techniques, implementation of these in our verifier, and case studies demonstrating the promise of the approach. We also address the completeness of our abstractionbased verification strategy by showing that predicate abstraction of hybrid systems can be used to prove bounded safety.
Formal verification of hybrid systems
, 2011
"... In formal verification, a designer first constructs a model, with mathematically precise semantics, of the system under design, and performs extensive analysis with respect to correctness requirements. The appropriate mathematical model for embedded control systems is hybrid systems that combines th ..."
Abstract

Cited by 34 (0 self)
 Add to MetaCart
(Show Context)
In formal verification, a designer first constructs a model, with mathematically precise semantics, of the system under design, and performs extensive analysis with respect to correctness requirements. The appropriate mathematical model for embedded control systems is hybrid systems that combines the traditional statemachine based models for discrete control with classical differentialequations based models for continuously evolving physical activities. In this article, we briefly review selected existing approaches to formal verification of hybrid systems, along with directions for future research.
Abstractions for Hybrid Systems
 Computer Science Laboratory, SRI International, Menlo Park, CA
, 2004
"... Abstract. We present a procedure for constructing sound finitestate discrete abstractions of hybrid systems. This procedure uses ideas from predicate abstraction to abstract the discrete dynamics and qualitative reasoning to abstract the continuous dynamics of the hybrid system. It relies on the ab ..."
Abstract

Cited by 26 (2 self)
 Add to MetaCart
(Show Context)
Abstract. We present a procedure for constructing sound finitestate discrete abstractions of hybrid systems. This procedure uses ideas from predicate abstraction to abstract the discrete dynamics and qualitative reasoning to abstract the continuous dynamics of the hybrid system. It relies on the ability to decide satisfiability of quantifierfree formulas in some theory rich enough to encode the hybrid system. We characterize the sets of predicates that can be used to create high quality abstractions and we present new approaches to discover such useful sets of predicates. Under certain assumptions, the abstraction procedure can be applied compositionally to abstract a hybrid system described as a composition of two hybrid automata. We show that the constructed abstractions are always sound, but are relatively complete only under certain assumptions.
Model checking of hybrid systems: From reachability towards stability
 Hybrid Systems: Computation and Control, volume 3927 of LNCS
, 2006
"... Abstract. We call a hybrid system stable if every trajectory inevitably ends up in a given region. Our notion of stability deviates from classical definitions in control theory. In this paper, we present a model checking algorithm for stability in the new sense. The idea of the algorithm is to reduc ..."
Abstract

Cited by 19 (3 self)
 Add to MetaCart
(Show Context)
Abstract. We call a hybrid system stable if every trajectory inevitably ends up in a given region. Our notion of stability deviates from classical definitions in control theory. In this paper, we present a model checking algorithm for stability in the new sense. The idea of the algorithm is to reduce the stability proof for the whole system to a set of (smaller) proofs for several onemode systems. 1
Guaranteed termination in the verification of LTL properties of nonlinear robust discrete time hybrid systems
 IN PELED, D., TSAY, Y.K., EDS.: ATVA. VOLUME 3707 OF LNCS
, 2005
"... We present a novel approach to the automatic verification of LTL requirements of nonlinear discretetime hybrid systems. The verification tool uses an intervalbased constraint solver for nonlinear robust constraints to compute incrementally refined abstractions. Although the problem is undecidabl ..."
Abstract

Cited by 19 (6 self)
 Add to MetaCart
(Show Context)
We present a novel approach to the automatic verification of LTL requirements of nonlinear discretetime hybrid systems. The verification tool uses an intervalbased constraint solver for nonlinear robust constraints to compute incrementally refined abstractions. Although the problem is undecidable, we prove termination of abstraction refinement based verification of such properties for the class of robust nonlinear hybrid systems, thus significantly extending previous semidecidability results. We argue, that safety critical control applications are robust hybrid systems. We give first results on the application of this approach to a variant of an aircraft collision avoidance protocol.
Logics of Dynamical Systems
"... We study the logic of dynamical systems, that is, logics and proof principles for properties of dynamical systems. Dynamical systems are mathematical models describing how the state of a system evolves over time. They are important in modeling and understanding many applications, including embedded ..."
Abstract

Cited by 18 (17 self)
 Add to MetaCart
We study the logic of dynamical systems, that is, logics and proof principles for properties of dynamical systems. Dynamical systems are mathematical models describing how the state of a system evolves over time. They are important in modeling and understanding many applications, including embedded systems and cyberphysical systems. In discrete dynamical systems, the state evolves in discrete steps, one step at a time, as described by a difference equation or discrete state transition relation. In continuous dynamical systems, the state evolves continuously along a function, typically described by a differential equation. Hybrid dynamical systems or hybrid systems combine both discrete and continuous dynamics. Distributed hybrid systems combine distributed systems with hybrid systems, i.e., they are multiagent hybrid systems that interact through remote communication or physical interaction. Stochastic hybrid systems combine stochastic
Verification of a Cruise Control System Using CounterexampleGuided Search
, 2003
"... Formal verification has been identified by the research community as a useful step in logic controller design since it reveals algorithmically whether the controller in conjunction with the controlled plant satisfies given design specifications. If it is necessary, however, to model the continuous/h ..."
Abstract

Cited by 12 (2 self)
 Add to MetaCart
Formal verification has been identified by the research community as a useful step in logic controller design since it reveals algorithmically whether the controller in conjunction with the controlled plant satisfies given design specifications. If it is necessary, however, to model the continuous/hybrid behavior of the plant, the verification is a computationally expensive task, thus limiting its applicability to rather small systems. This paper shows for the example of a cruise control system that the recently proposed approach of counterexampleguided verification can reduce the computational costs considerably. The method generates a sequence of abstractions, for which those behaviors (the counterexamples) are identified that potentially violate the specifications. The paper presents a tailormade sequence of validation methods that aim at checking the existence of these behaviors for the hybrid model of the controlled plant with as small computational costs as possible. As is shown for the cruise control system, the iteration consisting of counterexample generation, validation, and model refinement checks the specification while computing only a relatively small portion of the continuous reachable set. Since determining reachable sets is the most costly step in existing approaches, the overall e#ort is found to be much smaller in many cases.
HybridSAL Relational Abstracter
"... Abstract. In this paper, we present the HybridSAL relational abstracter – a tool for verifying continuous and hybrid dynamical systems. The input to the tool is a model of a hybrid dynamical system and a safety property. The output of the tool is a discrete state transition system and a safety prope ..."
Abstract

Cited by 11 (3 self)
 Add to MetaCart
(Show Context)
Abstract. In this paper, we present the HybridSAL relational abstracter – a tool for verifying continuous and hybrid dynamical systems. The input to the tool is a model of a hybrid dynamical system and a safety property. The output of the tool is a discrete state transition system and a safety property. The correctness guarantee provided by the tool is that if the output property holds for the output discrete system, then the input property holds for the input hybrid system. The input is in HybridSal input language and the output is in SAL syntax. The SAL model can be verified using the SAL tool suite. This paper describes the HybridSAL relational abstracter – the algorithms it implements, its input, its strength and weaknesses, and its use for verification using the SAL infinite bounded model checker and kinduction prover. 1