Alternatingtime Temporal Logic
 Journal of the ACM
, 1997
"... Temporal logic comes in two varieties: lineartime temporal logic assumes implicit universal quantification over all paths that are generated by system moves; branchingtime temporal logic allows explicit existential and universal quantification over all paths. We introduce a third, more general var ..."
Temporal logic comes in two varieties: lineartime temporal logic assumes implicit universal quantification over all paths that are generated by system moves; branchingtime temporal logic allows explicit existential and universal quantification over all paths. We introduce a third, more general variety of temporal logic: alternatingtime temporal logic offers selective quantification over those paths that are possible outcomes of games, such as the game in which the system and the environment alternate moves. While lineartime and branchingtime logics are natural specification languages for closed systems, alternatingtime logics are natural specification languages for open systems. For example, by preceding the temporal operator "eventually" with a selective path quantifier, we can specify that in the game between the system and the environment, the system has a strategy to reach a certain state. Also the problems of receptiveness, realizability, and controllability can be formulated as modelchecking problems for alternatingtime formulas.
Effective Synthesis of Switching Controllers for Linear Systems
, 2000
"... In this work we suggest a novel methodology for synthesizing switching controllers for continuous and hybrid systems whose dynamics are defined by linear differential equations. We formulate the synthesis problem as finding the conditions upon which a controller should switch the behavior of the sys ..."
In this work we suggest a novel methodology for synthesizing switching controllers for continuous and hybrid systems whose dynamics are defined by linear differential equations. We formulate the synthesis problem as finding the conditions upon which a controller should switch the behavior of the system from one "mode" to another in order to avoid a set of bad states, and propose an abstract algorithm which solves the problem by an iterative computation of reachable states. We have implemented a concrete version of the algorithm, which uses a new approximation scheme for reachability analysis of linear systems.
Modularity for Timed and Hybrid Systems
, 1997
"... In a tracebased world, the modular specification, verification, and control of live systems require each module to be receptive; that is, each module must be able to meet its liveness assumptions no matter how the other modules behave. In a realtime world, liveness is automatically present in ..."
In a tracebased world, the modular specification, verification, and control of live systems require each module to be receptive; that is, each module must be able to meet its liveness assumptions no matter how the other modules behave. In a realtime world, liveness is automatically present in the form of diverging time. The receptiveness condition, then, translates to the requirement that a module must be able to let time diverge no matter how the environment behaves. We study the receptiveness condition for realtime systems by extending the model of reactive modules to timed and hybrid modules. We define the receptiveness of such a module as the existence of a winning strategy in a game of the module against its environment. By solving the game on region graphs, we present an (optimal) Exptime algorithm for checking the receptiveness of propositional timed modules. By giving a fixpoint characterization of the game, we present a symbolic procedure for checking the re...
The Impressive Power of Stopwatches
 IN PROC. OF CONCUR 2000: CONCURRENCY THEORY
, 2000
"... In this paper we define and study the class of stopwatch automata which are timed automata augmented with stopwatches and unobservable behaviour. In particular, we investigate the expressive power of this class of automata, and show as a main result that any finite or infinite timed language accept ..."
In this paper we define and study the class of stopwatch automata which are timed automata augmented with stopwatches and unobservable behaviour. In particular, we investigate the expressive power of this class of automata, and show as a main result that any finite or infinite timed language accepted by a linear hybrid automaton is also acceptable by a stopwatch automaton. The consequences of this result are twofold: firstly, it shows that the seemingly minor upgrade from timed automata to stopwatch automata immediately yields the full expressive power of linear hybrid automata. Secondly, reachability analysis of linear hybrid automata may effectively be reduced to reachability analysis of stopwatch automata. This, in turn, may be carried out using an easy (overapproximating) extension of the efficient reachability analysis for timed automata to stopwatch automata. We report on preliminary experiments on analyzing translations of linear hybrid automata using a stopwatchextension of the realtime verification tool UPPAAL.
The Element of Surprise in Timed Games
"... We consider concurrent twoperson games played in real time, in which the players decide both which action to play, and when to play it. Such timed games differ from untimed games in two essential ways. First, players can take each other by surprise, because actions are played with delays that canno ..."
We consider concurrent twoperson games played in real time, in which the players decide both which action to play, and when to play it. Such timed games differ from untimed games in two essential ways. First, players can take each other by surprise, because actions are played with delays that cannot be anticipated by the opponent. Second, a player should not be able to win the game by preventing time from diverging. We present a model of timed games that preserves the element of surprise and accounts for time divergence in a way that treats both players symmetrically and applies to all !regular winning conditions.
A Comparison of Control Problems for Timed and Hybrid Systems
, 2002
"... In the literature, we nd several formulations of the control problem for timed and hybrid systems. We argue that formulations where a controller can cause an action at any point in dense (rational or real) time are problematic, by presenting an example where the controller must act faster and faster ..."
In the literature, we nd several formulations of the control problem for timed and hybrid systems. We argue that formulations where a controller can cause an action at any point in dense (rational or real) time are problematic, by presenting an example where the controller must act faster and faster, yet causes no Zeno eects (say, the control actions are at times 0; 1 2 ; 1; 1 3 4 ; 2; 2 7 8 ; 3; 3 15 16 ; : : :). Such a controller is, of course, not implementable in software. Such controllers are avoided by formulations where the controller can cause actions only at discrete (integer) points in time. While the resulting control problem is wellunderstood if the time unit, or \sampling rate" of the controller, is xed a priori, we dene a novel, stronger formulation: the discretetime control problem with unknown sampling rate asks if a sampling controller exists for some sampling rate. We prove that, surprisingly and unfortunately, this problem is undecidable even in the special case of timed automata. 1
Rectangular Hybrid Games
 In CONCUR 99, LNCS 1664
, 1999
"... In order to study control problems for hybrid systems, we generalize hybrid automata to hybrid games  say, controller vs. plant. If we specify the continuous dynamics by constant lower and upper bounds, we obtain rectangular games. We show that for rectangular games with objectives expressed in Lt ..."
In order to study control problems for hybrid systems, we generalize hybrid automata to hybrid games  say, controller vs. plant. If we specify the continuous dynamics by constant lower and upper bounds, we obtain rectangular games. We show that for rectangular games with objectives expressed in Ltl (linear temporal logic), the winning states for each player can be computed, and winning strategies can be synthesized. Our result is sharp, as already reachability is undecidable for generalizations of rectangular systems, and optimal  singly exponential in the size of the game structure and doubly exponential in the size of the Ltl objective. Our proof systematically generalizes the theory of hybrid systems from automata (singleplayer structures) [9] to games (multiplayer structures): we show that the successively more general infinitestate classes of timed, 2d rectangular, and rectangular games induce successively weaker, but still finite, quotient structures called game bisimilarity, game similarity, and game trace equivalence. These quotients can be used, in particular, to solve the Ltl control problem.
A lattice theory for solving games of imperfect information (extended version
 U.L.B. – Federated Center in Verification
, 2006
"... Abstract. In this paper, we propose a fixed point theory to solve games of imperfect information. The fixed point theory is defined on the lattice of antichains of sets of states. Contrary to the classical solution proposed by Reif [Rei84], our new solution does not involve determinization. As a con ..."
Abstract. In this paper, we propose a fixed point theory to solve games of imperfect information. The fixed point theory is defined on the lattice of antichains of sets of states. Contrary to the classical solution proposed by Reif [Rei84], our new solution does not involve determinization. As a consequence, it is readily applicable to classes of systems that do not admit determinization. Notable examples of such systems are timed and hybrid automata. As an application, we show that the discrete control problem for games of imperfect information defined by rectangular automata is decidable. This result extends a result by Henzinger and Kopke in [HK99]. 1
OptimalReachability and Control for Acyclic Weighted Timed Automata
 Proc. 2nd IFIP International Conference on Theoretical Computer Science (TCS’02
, 2002
"... Weighted timed automata extend timed automata with costs on both locations and transitions. In this framework we study the optimal reachability and the optimal control synthesis problems for the automata with acyclic control graphs. This class of automata is relevant for some practical problems such ..."
Weighted timed automata extend timed automata with costs on both locations and transitions. In this framework we study the optimal reachability and the optimal control synthesis problems for the automata with acyclic control graphs. This class of automata is relevant for some practical problems such as some static scheduling problems or airtraffic control problems. We give a nondeterministic polynomial time algorithm to solve the decision version of the considered optimal reachability problem. This algorithm matches the known lower bound on the reachability for acyclic timed automata, and thus the problem is NPcomplete. We also solve in doubly exponential time the corresponding control synthesis problem. ∗ The first and the second authors were supported in part by the NSF award CCR9970925,
Dense Realtime Games
 IN LICS 02
, 2002
"... The rapid development of complex and safetycritical systems requires the use of reliable verification methods and tools for system design (synthesis). Many systems of interest are reactive, in the sense that their behavior depends on the interaction with the environment. A natural framework to mode ..."
The rapid development of complex and safetycritical systems requires the use of reliable verification methods and tools for system design (synthesis). Many systems of interest are reactive, in the sense that their behavior depends on the interaction with the environment. A natural framework to model them is a twoplayer game: the system versus the environment. In this context, the central problem is to determine the existence of a winning strategy according to a given winning condition. We focus on realtime systems, and choose to model the related game as a nondeterministic timed automaton. We express winning conditions by formulas of the branchingtime temporal logic TCTL. While timed games have been studied in the literature, timed games with densetime winning conditions constitute a new research topic. The main result of this paper is an exponentialtime algorithm to check for the existence of a winning strategy for TCTL games where equality is not allowed in the timing constraints. Our approach consists on translating to timed tree automata both the game graph and the winning condition, thus reducing the considered decision problem to the emptiness problem for this class of automata. The proposed algorithm matches the known lower bound on timed games. Moreover, if we relax the limitation we have placed on the timing constraints, the problem becomes undecidable.