Abstract. There has been much recent progress on invariant generation techniques for continuous systems whose dynamics are described by Ordinary Differential Equations (ODE). In this paper, we present a simple abstraction scheme for hybrid systems that abstracts continuous dynamics by relating any state of the system to a state that can potentially be reached at some future time instant. Such relations are then interpreted as discrete transitions that model the continuous evolution of states over time. We adapt template-based invariant generation techniques for continuous dynamics to derive relational abstractions for continuous systems with linear as well as non-linear dynamics. Once a relational abstraction hasbeen derived,theresultingsystemis apurelydiscrete, infinite-statesystem. Therefore, techniquessuchas k-inductioncan be directly applied to this abstraction to prove properties, and bounded model-checking techniques applied to find potential falsifications. We present the basic underpinnings of our approach and demonstrate its use on many benchmark systems to derive simple and usable abstractions. 1

Abstract — Intelligent vehicle systems have interesting prospects for solving inefficiencies and risks in ground transportation, e.g., by making cars aware of their environment and regulating speed intelligently. If the computer control technology reacts fast enough, intelligent control can be used to increase the density of cars on the streets. The technology may also help prevent crashes at intersections, which cost the US $97 Billion in the year 2000. The crucial prerequisite for intelligent vehicle control, however, is that it must be correct, for it may otherwise do more harm than good. Formal verification techniques provide the best reliability guarantees but have had difficulties in the past with scaling to such complex systems. We report our successes with a logical approach to hybrid systems verification, which can capture discrete control decisions and continuous driving dynamics. We present a model for the interaction of two cars and a traffic light at a two lane intersection and verify with a formal proof that our system always ensures collision freedom and that our controller always prevents cars from running red lights. I.