Results 1  10
of
685
A theory of timed automata
, 1999
"... Model checking is emerging as a practical tool for automated debugging of complex reactive systems such as embedded controllers and network protocols (see [23] for a survey). Traditional techniques for model checking do not admit an explicit modeling of time, and are thus, unsuitable for analysis of ..."
Abstract

Cited by 2651 (32 self)
 Add to MetaCart
(Show Context)
Model checking is emerging as a practical tool for automated debugging of complex reactive systems such as embedded controllers and network protocols (see [23] for a survey). Traditional techniques for model checking do not admit an explicit modeling of time, and are thus, unsuitable for analysis of realtime systems whose correctness depends on relative magnitudes of different delays. Consequently, timed automata [7] were introduced as a formal notation to model the behavior of realtime systems. Its definition provides a simple way to annotate statetransition graphs with timing constraints using finitely many realvalued clock variables. Automated analysis of timed automata relies on the construction of a finite quotient of the infinite space of clock valuations. Over the years, the formalism has been extensively studied leading to many results establishing connections to circuits and logic, and much progress has been made in developing verification algorithms, heuristics, and tools. This paper provides a survey of the theory of timed automata, and their role in specification and verification of realtime systems.
The algorithmic analysis of hybrid systems
 THEORETICAL COMPUTER SCIENCE
, 1995
"... We present a general framework for the formal specification and algorithmic analysis of hybrid systems. A hybrid system consists of a discrete program with an analog environment. We model hybrid systems as nite automata equipped with variables that evolve continuously with time according to dynamica ..."
Abstract

Cited by 778 (71 self)
 Add to MetaCart
We present a general framework for the formal specification and algorithmic analysis of hybrid systems. A hybrid system consists of a discrete program with an analog environment. We model hybrid systems as nite automata equipped with variables that evolve continuously with time according to dynamical laws. For verification purposes, we restrict ourselves to linear hybrid systems, where all variables follow piecewiselinear trajectories. We provide decidability and undecidability results for classes of linear hybrid systems, and we show that standard programanalysis techniques can be adapted to linear hybrid systems. In particular, we consider symbolic modelchecking and minimization procedures that are based on the reachability analysis of an infinite state space. The procedures iteratively compute state sets that are definable as unions of convex polyhedra in multidimensional real space. We also present approximation techniques for dealing with systems for which the iterative procedures do not converge.
PDDL2.1: An Extension to PDDL for Expressing Temporal Planning Domains
, 2003
"... In recent years research in the planning community has moved increasingly towards application of planners to realistic problems involving both time and many types of resources. For example, interest in planning demonstrated by the space research community has inspired work in observation scheduling, ..."
Abstract

Cited by 609 (41 self)
 Add to MetaCart
(Show Context)
In recent years research in the planning community has moved increasingly towards application of planners to realistic problems involving both time and many types of resources. For example, interest in planning demonstrated by the space research community has inspired work in observation scheduling, planetary rover exploration and spacecraft control domains. Other temporal and resourceintensive domains including logistics planning, plant control and manufacturing have also helped to focus the community on the modelling and reasoning issues that must be confronted to make planning technology meet the challenges of application. The international planning competitions have acted as an important motivating force behind the progress that has been made in planning since 1998. The third competition (held in 2002) set the planning community the challenge of handling time and numeric resources. This necessitated the development of a modelling language capable of expressing temporal and numeric properties of planning domains. In this paper we describe the language, PDDL2.1, that was used in the competition. We describe the syntax of the language, its formal semantics and the validation of concurrent plans. We observe that PDDL2.1 has considerable modelling power — exceeding the capabilities of current planning technology — and presents a number of important challenges to the research community.
Conflict Resolution for Air Traffic Management: A Study in Multiagent Hybrid Systems
 IEEE TRANSACTIONS ON AUTOMATIC CONTROL
, 1998
"... Air Traffic Management (ATM) of the future allows for the possibility of free flight, in which aircraft choose their own optimal routes, altitudes, and velocities. The safe resolution of trajectory conflicts between aircraft is necessary to the success of such a distributed control system. In this p ..."
Abstract

Cited by 287 (50 self)
 Add to MetaCart
Air Traffic Management (ATM) of the future allows for the possibility of free flight, in which aircraft choose their own optimal routes, altitudes, and velocities. The safe resolution of trajectory conflicts between aircraft is necessary to the success of such a distributed control system. In this paper, we present a method to synthesize provably safe conflict resolution maneuvers. The method models the aircraft and the maneuver as a hybrid control system and calculates the maximal set of safe initial conditions for each aircraft so that separation is assured in the presence of uncertainties in the actions of the other aircraft. Examples of maneuvers using both speed and heading changes are worked out in detail.
PHAVer: Algorithmic verification of hybrid systems past HyTech
, 2005
"... In 1995, HyTech broke new ground as a potentially powerful tool for verifying hybrid systems – yet it has remained severely limited in its applicability to more complex systems. We address the main problems of HyTech with PHAVer, a new tool for the exact verification of safety properties of hybrid ..."
Abstract

Cited by 217 (9 self)
 Add to MetaCart
(Show Context)
In 1995, HyTech broke new ground as a potentially powerful tool for verifying hybrid systems – yet it has remained severely limited in its applicability to more complex systems. We address the main problems of HyTech with PHAVer, a new tool for the exact verification of safety properties of hybrid systems with piecewise constant bounds on the derivatives. Affine dynamics are handled by onthefly overapproximation and by partitioning the state space based on userdefinable constraints and the dynamics of the system. PHAVer’s exact arithmetic is robust due to the use of the Parma Polyhedra Library, which supports arbitrarily large numbers. To manage the complexity of the polyhedral computations, we propose methods to conservatively limit the number of bits and constraints of polyhedra. Experimental results for a navigation benchmark and a tunnel diode circuit show the effectiveness of the approach.
Modelintegrated development of embedded software
 Proceedings of the IEEE
, 2003
"... Proceedings of the IEEE January 2003 The paper describes a modelintegrated approach for embedded software development that is based on domainspecific, multiple view models used in all phases of the development process. Models explicitly represent the embedded software and the environment it operat ..."
Abstract

Cited by 164 (33 self)
 Add to MetaCart
(Show Context)
Proceedings of the IEEE January 2003 The paper describes a modelintegrated approach for embedded software development that is based on domainspecific, multiple view models used in all phases of the development process. Models explicitly represent the embedded software and the environment it operates in, and capture the requirements and the design of the application, simultaneously. Models are descriptive, in the sense that they allow the formal analysis, verification and validation of the embedded system at design time. Models are also generative, in the sense that they carry enough information for automatically generating embedded systems using the techniques of program generators. Because of the widely varying nature of embedded systems, a single modeling language may not be suitable for all domains, thus modeling languages are often domainspecific. To decrease the cost of defining and integrating domainspecific modeling languages and corresponding analysis and synthesis tools, the modelintegrated approach is applied in a metamodeling architecture, where formal models of domainspecific modeling languages – called metamodels – play a key role in customizing and connecting components of tool chains. The paper will discuss the principles and techniques of modelintegrated embedded software development in detail, as well as the capabilities of the tools supporting the process. Examples in terms of real systems will be given that illustrate how the modelintegrated approach addresses the physical nature, the assurance issues, and the dynamic structure of embedded software.
Hierarchical Finite State Machines with Multiple Concurrency Models
 IEEE Transactions on Computeraided Design of Integrated Circuits and Systems
, 1999
"... This paper studies the semantics of hierarchical finite state machines (FMS's) that are composed using various concurrency models, particularly dataflow, discreteevents, and synchronous/reactive modeling. It is argued that all three combinations are useful, and that the concurrency model can b ..."
Abstract

Cited by 146 (43 self)
 Add to MetaCart
(Show Context)
This paper studies the semantics of hierarchical finite state machines (FMS's) that are composed using various concurrency models, particularly dataflow, discreteevents, and synchronous/reactive modeling. It is argued that all three combinations are useful, and that the concurrency model can be selected independently of the decision to use hierarchical FSM's. In contrast, most formalisms that combine FSM's with concurrency models, such as Statecharts (and its variants) and hybrid systems, tightly integrate the FSM semantics with the concurrency semantics. An implementation that supports three combinations is described.
Algorithmic analysis of nonlinear hybrid systems
 in Proc. CAV 95: Computeraided Verification, Lecture Notes in Computer Science
, 1995
"... Abstract—Hybrid systems are digital realtime systems that are embedded in analog environments. Modelchecking tools are available for the automatic analysis of linear hybrid automata, whose environment variables are subject to piecewiseconstant polyhedral differential inclusions. In most embedded ..."
Abstract

Cited by 138 (13 self)
 Add to MetaCart
(Show Context)
Abstract—Hybrid systems are digital realtime systems that are embedded in analog environments. Modelchecking tools are available for the automatic analysis of linear hybrid automata, whose environment variables are subject to piecewiseconstant polyhedral differential inclusions. In most embedded systems, however, the environment variables have differential inclusions that vary with the values of the variables, e.g., _x = x. Such inclusions are prohibited in the linear hybrid automaton model. We present two methods for translating nonlinear hybrid systems into linear hybrid automata. Properties of the nonlinear systems can then be inferred from the automatic analysis of the translated linear hybrid automata. The first method, called clock translation, replaces constraints on nonlinear variables by constraints on clock variables. The clock translation is efficient but has limited applicability. The second method, called linear phaseportrait approximation, conservatively overapproximates the phase portrait of a hybrid automaton using piecewiseconstant polyhedral differential inclusions. Both methods are sound for safety properties; that is, if we establish a safety property of the translated linear system, we may conclude that the original nonlinear system satisfies the property. When applicable, the clock translation is also complete for safety properties; that is, the original system and the translated system satisfy the same safety properties. The phaseportrait approximation method is not complete for safety properties, but it is asymptotically complete; intuitively, for every safety property, and for every relaxed nonlinear system arbitrarily close to the original, if the relaxed system satisfies the safety property, then there is a linear phaseportrait approximation that also satisfies the property. We illustrate both methods by using HYTECH—a symbolic model checker for linear hybrid automata—to automatically check properties of a nonlinear temperature controller and of a predator–prey ecology. Index Terms — Clock translation, formal verification, hybrid systems, HYTECH, linear hybrid automata, model checking, phaseportrait approximation, predator–prey ecologies.
Logics for Hybrid Systems
 Proceedings of the IEEE
, 2000
"... This paper offers a synthetic overview of, and original contributions to, the use of logics and formal methods in the analysis of hybrid systems ..."
Abstract

Cited by 137 (12 self)
 Add to MetaCart
(Show Context)
This paper offers a synthetic overview of, and original contributions to, the use of logics and formal methods in the analysis of hybrid systems
Computational Techniques for Hybrid System Verification
 IEEE Trans. on Automatic Control
, 2003
"... Abstract—This paper concerns computational methods for verifying properties of polyhedral invariant hybrid automata (PIHA), which are hybrid automata with discrete transitions governed by polyhedral guards. To verify properties of the state trajectories for PIHA, the planar switching surfaces are p ..."
Abstract

Cited by 115 (5 self)
 Add to MetaCart
(Show Context)
Abstract—This paper concerns computational methods for verifying properties of polyhedral invariant hybrid automata (PIHA), which are hybrid automata with discrete transitions governed by polyhedral guards. To verify properties of the state trajectories for PIHA, the planar switching surfaces are partitioned to define a finite set of discrete states in an approximate quotient transition system (AQTS). State transitions in the AQTS are determined by the reachable states, or flow pipes, emitting from the switching surfaces according to the continuous dynamics. This paper presents a method for computing polyhedral approximations to flow pipes. It is shown that the flowpipe approximation error can be made arbitrarily small for general nonlinear dynamics and that the computations can be made more efficient for affine systems. The paper also describes CheckMate, a MATLABbased tool for modeling, simulating and verifying properties of hybrid systems based on the computational methods previously described. Index Terms—Hybrid systems, model checking, reachability, verification. I.