Results 11  20
of
207
The image computation problem in hybrid systems model checking
 Hybrid Systems: Computation and Control, 10th International Conference, HSCC 2007, Pisa, Italy, Proceedings, volume 4416 of LNCS
, 2007
"... Abstract. In this paper, we analyze limits of approximation techniques for (nonlinear) continuous image computation in model checking hybrid systems. In particular, we show that even a single step of continuous image computation is not semidecidable numerically even for a very restricted class of ..."
Abstract

Cited by 29 (19 self)
 Add to MetaCart
(Show Context)
Abstract. In this paper, we analyze limits of approximation techniques for (nonlinear) continuous image computation in model checking hybrid systems. In particular, we show that even a single step of continuous image computation is not semidecidable numerically even for a very restricted class of functions. Moreover, we show that symbolic insight about derivative bounds provides sufficient additional information for approximation refinement model checking. Finally, we prove that purely numerical algorithms can perform continuous image computation with arbitrarily high probability. Using these results, we analyze the prerequisites for a safe operation of the roundabout maneuver in air traffic collision avoidance.
European Train Control System: A Case Study in Formal Verification
, 2009
"... Complex physical systems have several degrees of freedom. They only work correctly when their control parameters obey corresponding constraints. Based on the informal specification of the European Train Control System (ETCS), we design a controller for its cooperation protocol. For its free paramet ..."
Abstract

Cited by 22 (10 self)
 Add to MetaCart
(Show Context)
Complex physical systems have several degrees of freedom. They only work correctly when their control parameters obey corresponding constraints. Based on the informal specification of the European Train Control System (ETCS), we design a controller for its cooperation protocol. For its free parameters, we successively identify constraints that are required to ensure collision freedom. We formally prove the parameter constraints to be sharp by characterizing them equivalently in terms of reachability properties of the hybrid system dynamics. Using our deductive verification tool KeYmaera, we formally verify controllability, safety, liveness, and reactivity properties of the ETCS protocol that entail collision freedom. We prove that the ETCS protocol remains correct even in the presence of perturbation by disturbances in the dynamics. We verify that safety is preserved when a PI controlled speed supervision is used.
Symbolic model checking of hybrid systems using template polyhedra
 In TACAS’08  Tools and Algorithms for
, 2008
"... Abstract. We propose techniques for the verification of hybrid systems using template polyhedra, i.e., polyhedra whose inequalities have fixed expressions but with varying constant terms. Given a hybrid system description and a set of template linear expressions as inputs, our technique constructs o ..."
Abstract

Cited by 21 (7 self)
 Add to MetaCart
(Show Context)
Abstract. We propose techniques for the verification of hybrid systems using template polyhedra, i.e., polyhedra whose inequalities have fixed expressions but with varying constant terms. Given a hybrid system description and a set of template linear expressions as inputs, our technique constructs overapproximations of the reachable states using template polyhedra. Therefore, operations used in symbolic model checking such as intersection, union and postcondition across discrete transitions over template polyhedra can be computed efficiently using template polyhedra without requiring expensive vertex enumeration. Additionally, the verification of hybrid systems requires techniques to handle the continuous dynamics inside discrete modes. We propose a new flowpipe construction algorithm using template polyhedra. Our technique uses higherorder Taylor series expansion to approximate the time trajectories. The terms occurring in the Taylor series expansion are bounded using repeated optimization queries. The location invariant is used to enclose the remainder term of the Taylor series, and thus truncate the expansion. Finally, we have implemented our technique as a part of the tool TimePass for the analysis of affine hybrid automata. 1
Reachability for Linear Hybrid Automata Using Iterative Relaxation Abstraction
"... Abstract. Procedures for analysis of linear hybrid automata (LHA) do not scale well with the number of continuous state variables in the model. This paper introduces iterative relaxation abstraction (IRA), a new method for reachability analysis of LHA that aims to improve scalability by combining th ..."
Abstract

Cited by 21 (4 self)
 Add to MetaCart
(Show Context)
Abstract. Procedures for analysis of linear hybrid automata (LHA) do not scale well with the number of continuous state variables in the model. This paper introduces iterative relaxation abstraction (IRA), a new method for reachability analysis of LHA that aims to improve scalability by combining the capabilities of current tools for analysis of lowdimensional LHA with the power of linear programming (LP) for large numbers of constraints and variables. IRA is inspired by the success of counterexample guided abstraction refinement (CEGAR) techniques in verification of discrete systems. On each iteration, a lowdimensional LHA called a relaxation abstraction is constructed using a subset of the continuous variables from the original LHA. Hybrid system reachability analysis then generates a regular language called the discrete path abstraction representing all possible counterexamples (paths to the bad locations) in the relaxation abstraction. If the discrete path abstraction is nonempty, a particular counterexample is selected and LP infeasibility
Verification of analog/mixedsignal circuits using labeled hybrid petri nets
 IN: PROC. OF ICCAD
, 2006
"... System on a chip design results in the integration of digital, analog, and mixedsignal circuits on the same substrate which further complicates the already difficult validation problem. This paper presents a new model, labeled hybrid Petri nets (LHPNs), that is developed to be capable of modeling s ..."
Abstract

Cited by 19 (9 self)
 Add to MetaCart
(Show Context)
System on a chip design results in the integration of digital, analog, and mixedsignal circuits on the same substrate which further complicates the already difficult validation problem. This paper presents a new model, labeled hybrid Petri nets (LHPNs), that is developed to be capable of modeling such a heterogeneous set of components. This paper also describes a compiler from VHDLAMS to LHPNs. To support formal verification, this paper presents an efficient zonebased state space exploration algorithm for LHPNs. This algorithm uses a process known as warping to allow zones to describe continuous variables that may be changing at variable rates. Finally, this paper describes the application of this algorithm to a couple of analog/mixedsignal circuit examples.
Generating and Analyzing Symbolic Traces of Simulink/Stateflow Models
"... Abstract. We present a methodology and a toolkit for improving simulation coverage of Simulink/Stateflow models of hybrid systems using symbolic analysis of simulation traces. We propose a novel instrumentation scheme that allows the simulation engine of Simulink/Stateflow to output, along with the ..."
Abstract

Cited by 18 (3 self)
 Add to MetaCart
(Show Context)
Abstract. We present a methodology and a toolkit for improving simulation coverage of Simulink/Stateflow models of hybrid systems using symbolic analysis of simulation traces. We propose a novel instrumentation scheme that allows the simulation engine of Simulink/Stateflow to output, along with the concrete simulation trace, the symbolic transformers needed for our analysis. Given a simulation trace, along with the symbolic transformers, our analysis computes a set of initial states that would lead to traces with the same sequence of discrete components at each step of the simulation. Such an analysis relies critically on the use of convex polyhedra to represent sets of states. However, the exponential complexity of the polyhedral operations implies that the performance of the analysis would degrade rapidly with the increasing size of the model and the simulation traces. We propose a new representation, called the bounded vertex representation, which allows us to perform underapproximate computations while fixing the complexity of the representation a priori. Using this representation we achieve a tradeoff between the complexity of the symbolic computation and the quality of the underapproximation. We demonstrate the benefits of our approach over existing simulation and verification methods with case studies. 1
Temporal Logic Verification Using Simulation
 In Proc. FORMATS’06
, 2006
"... Abstract. In this paper, we consider a novel approach to the temporal logic verification problem of continuous dynamical systems. Our methodology has the distinctive feature that enables the verification of the temporal properties of a continuous system by verifying only a finite number of its (simu ..."
Abstract

Cited by 17 (7 self)
 Add to MetaCart
Abstract. In this paper, we consider a novel approach to the temporal logic verification problem of continuous dynamical systems. Our methodology has the distinctive feature that enables the verification of the temporal properties of a continuous system by verifying only a finite number of its (simulated) trajectories. The proposed framework comprises two main ideas. First, we take advantage of the fact that in metric spaces we can quantify how close are two different states. Based on that, we define robust, multivalued semantics for MTL (and LTL) formulas. These capture not only the usual Boolean satisfiability of the formula, but also topological information regarding the distance from unsatisfiability. Second, we use the recently developed notion of bisimulation functions to infer the behavior of a set of trajectories that lie in the neighborhood of the simulated one. If the latter set of trajectories is bounded by the tube of robustness, then we can infer that all the trajectories in the neighborhood of the simulated one satisfy the same temporal specification as the simulated trajectory. The interesting and promising feature of our approach is that the more robust the system is with respect to the temporal logic specification, the less is the number of simulations that are required in order to verify the system. 1
Automatic Synthesis of Robust and Optimal Controllers – An Industrial Case Study ⋆
"... Abstract. In this paper, we show how to apply recent tools for the automatic synthesis of robust and nearoptimal controllers for a real industrial case study. We show how to use three different classes of models and their supporting existing tools, UPPAALTIGA for synthesis, PHAVER for verification ..."
Abstract

Cited by 17 (1 self)
 Add to MetaCart
(Show Context)
Abstract. In this paper, we show how to apply recent tools for the automatic synthesis of robust and nearoptimal controllers for a real industrial case study. We show how to use three different classes of models and their supporting existing tools, UPPAALTIGA for synthesis, PHAVER for verification, and SIMULINK for simulation, in a complementary way. We believe that this case study shows that our tools have reached a level of maturity that allows us to tackle interesting and relevant industrial control problems. 1