#### DMCA

## Logics for Hybrid Systems (2000)

Venue: | Proceedings of the IEEE |

Citations: | 137 - 12 self |

### Citations

2647 | A theory of timed automata
- Alur, Dill
- 1994
(Show Context)
Citation Context ...s K of LTS models all of which have a finite bisimulation quotient. As surveyed in [31], finite bisimulation results have been established, on the one hand, for the restricted class of timed automata =-=[24]-=-, and some extensions, and on the other, for the mathematically richer class of o-minimal hybrid automata [85], whose component flows # q , sets Inv q and Grd q,q # , and resets R q,q # in X # R n are... |

1868 |
Reasoning about Knowledge
- Fagin, Halpern, et al.
- 1995
(Show Context)
Citation Context ...s;” these structures are known as Kripke models, and LTS models are their generalization to multiple relations. The survey articles [33], [37], [56], and [65], and the textbooks [30], [34], [35], an=-=d [74]-=-, are good resources for modal and temporal logics. Fig. 7 is a schematic diagram of the family of logics with semantics over transition system models. The solid arrows indicate relations of inclusion... |

1705 |
A Discipline of Programming
- Dijkstra
- 1976
(Show Context)
Citation Context ...ould be given a semantics as relations in an LTS model over a valuation space of continuous and discrete variables plus communication channels. The work in [29] uses Dijkstra’s predicate transformer=-=s [68]-=- to reason about the effect of actions or processes; these are essentially the same as the basic operators of modal logic, as discussed in Section IV below. In work on discrete systems, there is a hug... |

1649 |
The temporal logic of programs
- Pnueli
- 1977
(Show Context)
Citation Context ...A. Overview of Modal and Temporal Logics The well-known temporal logics such as LTL or CTL, first formulated for program and hardware verification in the late 1970s and early 1980s in landmark papers =-=[71]-=-, [72], belong to a larger and older family of modal logics. Modal logic was originally the province of philosophers interested in analyzing the concepts of necessity and possibility. Symbolic modal l... |

806 | The Control of Discrete Event Systems,” - Ramadge, Wonham - 1989 |

681 | The theory of hybrid automata. In:
- Henzinger
- 1996
(Show Context)
Citation Context ...of discrete systems fall roughly into three overlapping camps, which have carried over to hybrid discrete+continuous systems: • logic-based approaches [12]–[23]; • automata-theoretic approaches =-=[18], [20], [2-=-4]–[28]; • process algebra approaches [28], [29]; with the reference lists intended as representative samples. Our focus is on logic-based approaches, although in the course of this paper, we will... |

620 | O.: Alternating-time temporal logic
- Alur, Henzinger, et al.
- 2002
(Show Context)
Citation Context ...e topological modal logics [23], real-time extensions of temporal logics [20], [21], [53], [77], interval temporal logics [15], [28], [78], [79], and alternating temporal logic (ATL) over game models =-=[80]-=-; the latter logic has an extension to an alternating -calculus, indicated by the broken line arrow. Since virtually all the work on logic-based specification of hybrid systems, and discrete systems b... |

517 |
Set-Valued Analysis
- Aubin, Frankowska
- 1990
(Show Context)
Citation Context ...tion, the elementary mathematical objects of interest are relations or set-valued functions, which are the nondeterministic analog of functions. Following the useful convention in set-valued analysis =-=[57]-=-, the notation will be used to mean is a set-valued function, with set-values for each (possibly ), or equivalently, is a relation, sometimes called the graph of a set-valued function. For points and ... |

461 |
Temporal verification of reactive systems - safety
- Manna, Pnueli
(Show Context)
Citation Context ...velopment in the body of this paper. In structuring our exposition, we draw on a paradigm framework for logic-based formal methods set out in the influential work of Manna and Pnueli in [12]–[14] an=-=d [30]-=- and widely used in the field; the functional parts of the framework are illustrated in the lower gray box in Fig. 1. In [13], the framework is applied first to discrete reactive systems, then to real... |

459 | Hybrid automata: An algorithmic approach to the specification and verification of hybrid systems
- Alur, Courcoubetis, et al.
(Show Context)
Citation Context ...lysis of discrete systems fall roughly into three overlapping camps, which have carried over to hybrid discrete+continuous systems: • logic-based approaches [12]–[23]; • automata-theoretic appro=-=aches [18], [2-=-0], [24]–[28]; • process algebra approaches [28], [29]; with the reference lists intended as representative samples. Our focus is on logic-based approaches, although in the course of this paper, w... |

425 | Formal Methods: State of the Art and Future Directions
- Clarke, Wing
- 1996
(Show Context)
Citation Context ...lysis of computer hardware and software is well established. The field has been active for over 30 years, and has more recently enjoyed some industrial and commercial success; the recent survey paper =-=[11]-=- gives an overview. Hardware systems and software programs are traditionally modeled as purely discrete systems: state variables take their values in discrete (finite or countable) sets, and state tra... |

421 |
Topology: A First Course
- Munkres
- 1975
(Show Context)
Citation Context ...ton is called deterministic if the transition map and the output map are both single-valued functions (but possibly only partial functions). We also use some elementary notions from general topology; =-=[59]-=- is a useful text, and [58] and [60] develop the general topology of relations/set-valued maps. Recall that a topology on a set is abstractly defined as a family of subsets of that contains and and is... |

379 |
den Dries. Tame topology and o-minimal structures, volume 248
- van
- 1998
(Show Context)
Citation Context ...condition on first-order definability, but its core content is a topological finiteness property: every set first-order definable in an o-minimal structure has only finitely many connected components =-=[86]-=-. The class of o-minimal structures over is quite rich. It includes the structure of as a real closed field; the quantifier-free first-order formulas in the language are Boolean combinations of equali... |

327 | Automatic symbolic verification of embedded systems
- Alur, Henzinger, et al.
- 1996
(Show Context)
Citation Context ...f states of interest for the particular system. The transition alphabet for includes symbols for and for . It follows from the definition that and . The definition here is equivalent to that in [19], =-=[21], -=-and [31]. Close relatives of these LTS models include the integration graphs of [67]; the generalized Kripke structures of [26]; and the phase transition systems of [12]–[14]. The latter include a d... |

327 | Discrete abstractions of hybrid systems
- Alur, Henzinger, et al.
- 2000
(Show Context)
Citation Context ...ed by has the property encoded by . The logic LTL, along with the so-called branching or state-based temporal logics such as computation tree logic (CTL) or(CTL ), are discussed in this special issue =-=[31]-=-. The syntactic primitives and the corresponding semantic constructs of the latter temporal logics allow one to express behavioral properties of some execution sequences, as well as all execution sequ... |

326 | Model-Checking in Dense Real-Time
- Alur, Courcoubetis, et al.
(Show Context)
Citation Context ...n uncountable set where is a finite set of control modes and . One of the key insights in the hybrid systems literature, dating back to [12], [13], and [18] and earlier work on (real-) timed automata =-=[53], is-=- that both sorts of system dynamics—continuous evolution according to differential equations and discrete switches or resets of state—can be uniformly and faithfully represented as binary transiti... |

268 | u The tool KRONOS
- Daws, Ohvero, et al.
- 1995
(Show Context)
Citation Context ...linear differential equations, where the state sets are represented as special kinds of convex polyhedra, and applies this technology to a class of synthesis problems. The model checking tools KRONOS =-=[91]-=-, COSPAN [92], and UPPAAL [93], all for the restricted DAVOREN AND NERODE: LOGICS FOR HYBRID SYSTEMS 1005sclass of timed automata, represent convex data regions in by integer-valued matrices, with ope... |

267 | Semantical Considerations on Floyd-Hoare Logic
- Pratt
- 1976
(Show Context)
Citation Context ...models, indicated by boxes with solid outlines, the propositional -calculus L [33], [36], [37] is the most expressive. Among the “nontemporal” modal logics, there is propositional dynamic logic (P=-=DL) [75]-=-, [76], and modal logics for reasoning about the knowledge of an agent or process in a distributed system [74]. Boxes with broken outlines indicate logics that require some extension or adaption of LT... |

256 |
On the calculus of relations.
- Tarski
- 1941
(Show Context)
Citation Context ... corresponds to the implication connective in the sense that iff . The algebraic theory of relations and their operators on sets was developed in the 1940s and 1950s in the work of Tarski and Jónsson=-= [81]-=-, [82]. In terms of that work, the algebra is a Boolean algebra with operators, which is closed under [and hence also ] for each . In more modern terms, is a modal algebra [33], [51], the smallest of ... |

244 | W.: UPPAAL: A tool suite for automatic verification of real-time systems.
- Bengtsson, Larsen, et al.
- 1996
(Show Context)
Citation Context ... where the state sets are represented as special kinds of convex polyhedra, and applies this technology to a class of synthesis problems. The model checking tools KRONOS [91], COSPAN [92], and UPPAAL =-=[93]-=-, all for the restricted DAVOREN AND NERODE: LOGICS FOR HYBRID SYSTEMS 1005sclass of timed automata, represent convex data regions in by integer-valued matrices, with operations performed using standa... |

243 |
Automata-Theoretic Techniques for Modal Logics of Programs.
- Vardi, Wolper
- 1984
(Show Context)
Citation Context ...equences are formed from the composition of the component transition relations. Automata-theoretic approaches to formal methods are intimately related to logic-based work using linear temporal logics =-=[64]-=-, [65] and overlap significantly with DES control theory [40], [66]. The common focus is on the behavior of an abstract machine as characterized by an automaton formal language of finite or infinite w... |

242 | On the Synthesis of Discrete Controllers for Timed Systems
- Maler, Pnueli, et al.
(Show Context)
Citation Context ...rid automaton over state space and , with reset maps indexed by events , and for , a supervisor can override and disable a reset at states . Earlier work on controller synthesis for timed automata in =-=[98]-=- is along the same general lines. In work on controller synthesis in this special issue, [41] considers a class of control problems in which one starts with a complete hybrid automaton , and the synth... |

230 | On the combinatorial and algebraic complexity of quantifier elimination’,
- Basu, Pollack, et al.
- 1996
(Show Context)
Citation Context ...akes as input an L sentence , and if it terminates, it returns for the least such that Note that termination is not problematic for PML sentences. Applying the best available algorithm by Basu et al. =-=[87] (-=-which significantly improves the version of Collins’ cylindrical algebraic decomposition currently implemented in the computer algebra tool REDLOG [88]), the number of arithmetical operations requir... |

229 | PVS: Combining Specification, Proof Checking, and Model Checking.
- Owre, Rajan, et al.
- 1996
(Show Context)
Citation Context ...ith proof systems for LTL-based logics. In related work, envisaged for discrete systems but more generally applicable, the general-purpose verification environment prototype verification system (PVS) =-=[96]-=- is used to give an integration of model checking and theorem proving; this is achieved by encoding the propositional -calculus within the (classical) simply typed higher order logic on which PVS is b... |

219 |
Logics of Time and Computation
- Goldblatt
(Show Context)
Citation Context ...state, and the formal semantics are such that means every state in satisfies the property expressed by . In this paper, following [23] and [32], we will look to the larger family of modal logics [33]�=-=��[35], wh-=-ich includes all the standard temporal logics, and in particular, to the richly expressive “parent logic” called the propositional modal - calculus (L ) [33], [36], [37]. The -calculus is well kno... |

202 | Perspectives and results on the stability and stabilizability of hybrid systems
- DeCarlo, Branicky, et al.
(Show Context)
Citation Context ...tance since their introduction in [18] and [19]. The same model or generalizations of it are used in several other papers in this special issue [31], [41]–[43], and the switched systems considered i=-=n [44] are-=- close relatives. A (basic) hybrid automaton is a closed system with a “built-in” control structure determining when and how the system switches between its various discrete modes, where the conti... |

196 |
Temporal and Modal Logic. Handbook of Theoretical Computer
- Emerson
- 1990
(Show Context)
Citation Context ...es are formed from the composition of the component transition relations. Automata-theoretic approaches to formal methods are intimately related to logic-based work using linear temporal logics [64], =-=[65]-=- and overlap significantly with DES control theory [40], [66]. The common focus is on the behavior of an abstract machine as characterized by an automaton formal language of finite or infinite words o... |

168 | Hybrid I/O automata.
- Lynch, Segala, et al.
- 2003
(Show Context)
Citation Context ...or reactive hybrid systems, whose behavior is influenced by that of an external en1012 PROCEEDINGS OF THE IEEE, VOL. 88, NO. 9, SEPTEMBER 2000 vironment, are hybrid I/O automata (HIOA), introduced in =-=[27]-=- and used in this issue in [43], and hybrid reactive modules [70]. The state space for both these models is essentially of the form S = X U V , where X , U and V are the valuation spaces of internal o... |

164 |
Geometric Theory of Dynamical Systems
- Palis, Melo
- 1982
(Show Context)
Citation Context ... all , and . Under additional assumptions—for example, is compact and is continuously differentiable—the time domain of the solutions may be extended to all of , and the system has a global flow w=-=ith [61]-=-. For our purposes, it suffices to know that a flow is continuous in both arguments separately and satisfies the flow laws: and for all and , i.e., it respects as an additive group. A semiflow is just... |

152 | Tableau methods for modal and temporal logics
- Goré
- 1999
(Show Context)
Citation Context ...hey do not readily lend themselves to automated proof search or to the construction of counter-examples. Other types of deductive systems such as tableaux systems or Gentzen-style proof systems [34], =-=[56]-=-, which produce labeled tree or graph-style proofs, are better suited to these tasks. 988 PROCEEDINGS OF THE IEEE, VOL. 88, NO. 7, JULY 2000sA number of the logics developed for hybrid and real-time s... |

151 |
The algebra of topology
- McKinsey, Tarski
- 1944
(Show Context)
Citation Context ...f PML or L to include an additional “plain” or “unlabeled” box modality , and its dual diamond , with .Atopological LTS model is an LTS model in which is a topological space. From Tarski and M=-=cKinsey [84]-=-, the axioms for the box modality of the well-studied modal logic S4 correspond exactly to the Kuratowski axioms for the topological interior operator , and dually the S4 diamond corresponds to the to... |

145 |
Characterizing correctness properties of parallel programs using fixpoints’,
- Emerson, Clarke
- 1980
(Show Context)
Citation Context ...rview of Modal and Temporal Logics The well-known temporal logics such as LTL or CTL, first formulated for program and hardware verification in the late 1970s and early 1980s in landmark papers [71], =-=[72]-=-, belong to a larger and older family of modal logics. Modal logic was originally the province of philosophers interested in analyzing the concepts of necessity and possibility. Symbolic modal logics ... |

126 | A game theoretic approach to controller design for hybrid systems
- Tomlin, Lygeros, et al.
- 2000
(Show Context)
Citation Context ...s possible DAVOREN AND NERODE: LOGICS FOR HYBRID SYSTEMS 1007sto -evolve from for some time, while remaining within , and then switch and still be in . The controller synthesis problems considered in =-=[42] a-=-re more complex—their hybrid automata have continuous control and disturbance inputs, and the task is to construct a feedback control map (with both discrete and continuous values), which restricts ... |

119 | O-minimal hybrid systems
- Lafferriere, Pappas, et al.
- 2000
(Show Context)
Citation Context ...restricted class of timed automata [24] and 1004 PROCEEDINGS OF THE IEEE, VOL. 88, NO. 7, JULY 2000ssome extensions, and on the other, for the mathematically richer class of o-minimal hybrid automata =-=[85]-=-, whose component flows , sets and , and resets in are all first-order definable in an o-minimal (modeltheoretic) structure expanding the reals as an ordered Abelian group, but subject to the further ... |

110 | Effective synthesis of switching controllers for linear systems
- Asarin, Bournez, et al.
- 2000
(Show Context)
Citation Context ...n as hybrid automata, which have gained wide acceptance since their introduction in [18] and [19]. The same model or generalizations of it are used in several other papers in this special issue [31], =-=[41]–[43-=-], and the switched systems considered in [44] are close relatives. A (basic) hybrid automaton is a closed system with a “built-in” control structure determining when and how the system switches b... |

110 |
Models for hybrid systems: Automata, topologies, controllability, observability
- Nerode, Kohn
- 1993
(Show Context)
Citation Context ...th each control action symbol a set of input vectors ; the plant is then governed by the differential inclusion , where , as in the generalized hybrid automata considered in [31]. Developing ideas in =-=[46]-=-, our interest here is more in the other side. A set-valued AD map determines a family of possibly overlapping plant event regions indexed by . When is total [dom ], such a family defines a finite cov... |

108 | The general topology of dynamical systems - Akin - 1993 |

108 | A new class of decidable hybrid systems.
- LAFFERRIERE, PAPPAS, et al.
- 1999
(Show Context)
Citation Context ... input data of the flows for and the specification sets and are all semialgebraic. Our explicit semialgebraic description of the set is an example of the output of quantifier elimination. By applying =-=[89]-=-, this sort of procedure can also be used when the continuous dynamics are given by certain classes of linear differential equations whose flows contain some exponential terms but for which the flow p... |

100 |
The algorithmic analysis of hybrid systems, Theoret
- Alur, Courcoubetis, et al.
- 1995
(Show Context)
Citation Context ...one [25]. B. Overview: Mathematical Models As our basic mathematical model, we take a class of systems known as hybrid automata, which have gained wide acceptance since their introduction in [18] and =-=[19]. -=-The same model or generalizations of it are used in several other papers in this special issue [31], [41]–[43], and the switched systems considered in [44] are close relatives. A (basic) hybrid auto... |

96 | Temporal Verification of Reactive Systems
- Manna, Pnueli
- 1995
(Show Context)
Citation Context ...l development in the body of the paper. In structuring our exposition, we draw on a paradigm framework for logic-based formal methods set out in the influential work of Manna and Pnueli in [12]--[14],=-=[30]-=-, and widely used in the field; the functional parts of the framework are illustrated in the lower grey box in Figure 1. In [13], the framework is applied first to discrete reactive systems, then to r... |

85 | Verifying Hybrid Systems,
- Manna, Pnueli
- 1993
(Show Context)
Citation Context ...ions. Formal methods for the analysis of discrete systems fall roughly into three overlapping camps, which have carried over to hybrid discrete+continuous systems. These are: . logic-based approaches =-=[12]-=---[23]; . automata-theoretic approaches [18],[20],[24]--[28]; and . process algebra approaches [28],[29]. with the reference lists intended as representative samples. Our focus is on logic-based appro... |

77 | An extended duration calculus for hybrid real-time systems. - Chaochen, Ravn, et al. - 1993 |

77 |
Modular feedback logic for discrete event systems.
- Ramadge, Wonham
- 1987
(Show Context)
Citation Context ...he control theory of purely discrete systems, it was essentially Fig. 1. Paradigm framework for logic-based formal methods. rediscovered under the name modular feedback logic by Ramadge and Wonham in =-=[39]-=- as a formalism for stating and solving supervisory control problems for discrete event systems (DESs) [40]. We return to an introductory discussion of the logics and computational approaches to deter... |

74 | Supervisory control of hybrid systems.
- Koutsoukos, Antsaklis, et al.
- 2000
(Show Context)
Citation Context ...ion (or differential inclusion). In contrast, the supervisory control perspective on hybrid systems retains a clear separation between plant and control; the theory is developed in this special issue =-=[45]-=- and adapts DES control theory to the hybrid setting. A hybrid control 986 PROCEEDINGS OF THE IEEE, VOL. 88, NO. 7, JULY 2000ssystem consists of a finite control automaton operating in a closed feedba... |

72 |
A semantical analysis of modal logic I: normal propositional calculi, Zeitschrift für Mathematische Logik und Grundlagen der Mathematik
- Kripke
- 1963
(Show Context)
Citation Context ...philosophers interested in analyzing the concepts of necessity and possibility. Symbolic modal logics first appeared in 1912 in the work of Lewis, and modern approaches derive from the work of Kripke =-=[73] in the -=-early 1960s, who gave a formal semantics over models with a single “accessibility” relation between states referred to as “possible worlds;” these structures are known as Kripke models, and LT... |

57 | Hybrid systems in TLA+.
- Lamport
- 1993
(Show Context)
Citation Context ...freedom, eventuality, and fairness along infinite trajectories; qualitative ordering of events along trajectories; and quantitative timing properties of hybrid or realtime trajectories [12],[13],[15],=-=[16]-=-,[20],[21]. From the perspective of control and systems theory, the classical concerns center on notions of stability and of robustnesssof systems. For example, one basic notion of stabilitysis the pr... |

56 | Robust timed automata.
- Henzinger, Jagadeesan
- 1997
(Show Context)
Citation Context ...d for hybrid and switched dynamical systems (stability is surveyed in this issue in [44]), there has been little work to date on integrating these concerns within a framework for formal methods [25], =-=[47]-=-. There is perhaps good reason for this. Coming as they do from computer science, formal methods traditionally lie in the realm of discrete mathematics, while these notions from control theory lie squ... |

53 | A classification of symbolic transition systems
- Henzinger, Majumdar, et al.
(Show Context)
Citation Context ...ermined by finite computation whether distinct representations are semantically equal. This requires that there be an effectively representable and decidable modal algebra for such that (see [20] and =-=[38]).-=- Of the o-minimal structures over , the richest known to have the required effectiveness and decidability is . By the famous Tarski–Seidenberg results, there is an algorithm that transforms any firs... |

50 | Models for reactivity
- Manna, Pnueli
- 1993
(Show Context)
Citation Context ... + , interpreted as the delay between the successive states s i and s i+1 under the transition s i a M i -# s i+1 . A timed trace (#, #) is defined similarly. Logics such as Metric Temporal Logic MTL =-=[13]-=- are obtained by extending LTL with (integer endpoint) interval-bounded versions of the until, always and sometimesstemporal operators, and formulas are interpreted over timed execution sequences or t... |

47 |
A theory of timed automata, Theoret
- Alur, Dill
- 1994
(Show Context)
Citation Context ...es of LTS models, all of which have a finite bisimulation quotient. As surveyed in [31], finite bisimulation results have been established, on the one hand, for the restricted class of timed automata =-=[24]-=- and 1004 PROCEEDINGS OF THE IEEE, VOL. 88, NO. 7, JULY 2000ssome extensions, and on the other, for the mathematically richer class of o-minimal hybrid automata [85], whose component flows , sets and ... |

41 | Linear Systems. - Antsaklis, Michel - 2006 |

41 |
Topological spaces, including a treatment of multi-valued functions, vector spaces and convexity,
- BERGE, KARREMAN
- 1963
(Show Context)
Citation Context ...ransition map and the output map are both single-valued functions (but possibly only partial functions). We also use some elementary notions from general topology; [59] is a useful text, and [58] and =-=[60]-=- develop the general topology of relations/set-valued maps. Recall that a topology on a set is abstractly defined as a family of subsets of that contains and and is closed under finite intersections a... |

40 | SHIFT: a formalism and a programming language for dynamic networks of hybrid automata.
- Deshpande, Gollu, et al.
- 1996
(Show Context)
Citation Context ...sorted or typed first-order logic), and formulas with two discrete variables and real-valued variables, defining the relations . The semantics of high-level hybrid programming languages such as SHIFT =-=[54]-=- and [55] can be given in terms of hybrid automata, and so admit a low-level formal description of this kind. Modal and temporal logics are best viewed as fundamentally second-order logics for reasoni... |

37 | Simulation of hybrid systems
- Branicky, Mattsson
- 1997
(Show Context)
Citation Context ... realization of a finite control automaton with the given I/O relation by taking itself as the internal states, defining by iff and , and taking as projection onto . The focus in [46], followed up in =-=[62]-=-, is on the finite topology generated from a finite cover by taking all (finite) unions and intersections. In particular, when each of the cover sets is open in the standard topology on , the resultin... |

36 |
Boolean algebras with operators, part I
- J'onsson, Tarski
- 1951
(Show Context)
Citation Context ...sponds to the implication connective in the sense that iff . The algebraic theory of relations and their operators on sets was developed in the 1940s and 1950s in the work of Tarski and Jónsson [81],=-= [82]-=-. In terms of that work, the algebra is a Boolean algebra with operators, which is closed under [and hence also ] for each . In more modern terms, is a modal algebra [33], [51], the smallest of all mo... |

31 |
A formal description of hybrid systems
- Chaochen, Ji, et al.
(Show Context)
Citation Context ... systems fall roughly into three overlapping camps, which have carried over to hybrid discrete+continuous systems: • logic-based approaches [12]–[23]; • automata-theoretic approaches [18], [20],=-= [24]–[28]; -=-• process algebra approaches [28], [29]; with the reference lists intended as representative samples. Our focus is on logic-based approaches, although in the course of this paper, we will briefly di... |

30 | Deductive verification of hybrid systems using STeP
- Manna, Sipma
- 1998
(Show Context)
Citation Context ...hnical development in the body of this paper. In structuring our exposition, we draw on a paradigm framework for logic-based formal methods set out in the influential work of Manna and Pnueli in [12]�=-=��[14]-=- and [30] and widely used in the field; the functional parts of the framework are illustrated in the lower gray box in Fig. 1. In [13], the framework is applied first to discrete reactive systems, the... |

29 | Modal logics and topological semantics for hybrid systems.
- Artemov, Davoren, et al.
- 1997
(Show Context)
Citation Context ...ind: “One thing an automata theorist must often envy a control theorist is the use of continuity” (p. 179). For hybrid automata theorists, it should go beyond envy. Developing ideas in [23], [46] =-=and [49]��-=-�[51], we argue that a common ground is to be found by adopting the language and viewpoint of general topology, and that natural and imposed topological and metric structure on the state spaces of sys... |

29 | A Unified Approach for Studying the Properties of Transition Systems. - Sifakis - 1982 |

25 | Constraint nets: a semantic model for hybrid systems - Zhang, Mackworth - 1995 |

18 |
Control of of infinite behavior of finite automata,”
- Thistle, Wonham
- 1994
(Show Context)
Citation Context ...n relations. Automata-theoretic approaches to formal methods are intimately related to logic-based work using linear temporal logics [64], [65] and overlap significantly with DES control theory [40], =-=[66]-=-. The common focus is on the behavior of an abstract machine as characterized by an automaton formal language of finite or infinite words over an alphabet, with words encoding the qualitative ordering... |

18 | Towards refining temporal specifications into hybrid systems
- Henzinger, Manna, et al.
- 1993
(Show Context)
Citation Context ...cs that require some extension or adaption of LTS models. These are topological modal logics [23], real-time extensions of temporal logics [20], [21], [53], [77], interval temporal logics [15], [28], =-=[78]-=-, [79], and alternating temporal logic (ATL) over game models [80]; the latter logic has an extension to an alternating -calculus, indicated by the broken line arrow. Since virtually all the work on l... |

18 |
Timing Analysis
- Alur, Kurshan
- 1996
(Show Context)
Citation Context ...ential equations, where the state sets are represented as special kinds of convex polyhedra, and applies this technology to a class of synthesis problems. The model checking tools KRONOS [91], COSPAN =-=[92]-=-, and UPPAAL [93], all for the restricted DAVOREN AND NERODE: LOGICS FOR HYBRID SYSTEMS 1005sclass of timed automata, represent convex data regions in by integer-valued matrices, with operations perfo... |

17 |
Modal Logics for Continuous Dynamics
- Davoren
- 1998
(Show Context)
Citation Context ...L, we can reason about some metric structure using modalities and for concrete -tolerance relations on metric spaces , and use these to formalize some notions of stability and robustness. In [23] and =-=[50], we s-=-how how modal logic also provides a means to represent a topology on the state space of an LTS or Kripke model. Formally, we extend the syntax of PML or L to include an additional “plain” or “un... |

15 | Synthesis of hybrid constraint-based controllers
- Zhang, Mackworth
- 1995
(Show Context)
Citation Context ...n sequences or timed traces. For example, is read “ holds until does, and that happens in between 3 and 17 time units.” A similar extension of LTL with time-bounded temporal operators is developed=-= in [83]-=-. The survey paper [77] examines the decidability and complexity of model checking for several variants of MTL with respect to LTS models of timed automata. 3) Interval Temporal Logics: Hybrid tempora... |

12 | Proving safety properties of hybrid systems
- Kapur, Henzinger, et al.
- 1994
(Show Context)
Citation Context ...t require some extension or adaption of LTS models. These are topological modal logics [23], real-time extensions of temporal logics [20], [21], [53], [77], interval temporal logics [15], [28], [78], =-=[79]-=-, and alternating temporal logic (ATL) over game models [80]; the latter logic has an extension to an alternating -calculus, indicated by the broken line arrow. Since virtually all the work on logic-b... |

10 |
Logics of Programs. Handbook of Theoretical Computer Science, v.B, Elsilver and The
- Kozen, Tiuryn
- 1990
(Show Context)
Citation Context ..., indicated by boxes with solid outlines, the propositional -calculus L [33], [36], [37] is the most expressive. Among the “nontemporal” modal logics, there is propositional dynamic logic (PDL) [7=-=5], [76]-=-, and modal logics for reasoning about the knowledge of an agent or process in a distributed system [74]. Boxes with broken outlines indicate logics that require some extension or adaption of LTS mode... |

10 |
A user guide to HyTech. In TACAS 95: Tools and Algorithms for the construction and analysis of systems
- Henzinger, Ho, et al.
- 1995
(Show Context)
Citation Context ...meets the bisimulation conditions for all of the relations of the model, but this does not pose a problem if one is not model checking infinitary fixed-point sentences. The model checking tool HYTECH =-=[90]-=- is designed for the restricted class of linear or polyhedral hybrid automata, all of whose real components are first-order definable by Boolean combinations of equalities and inequalities of linear t... |

8 | Compositional Specification and Structured Verification of Hybrid Systems in cTLA
- Herrmann, Graw, et al.
- 1998
(Show Context)
Citation Context ...d with some temporal operators to give a single formalism for both description of system components and specification of system properties; for example, temporal logics of actions TLA+ and cTLA [16], =-=[17]-=- and extended duration calculus EDC [15], [28]. For these, deductive verification is the only available approach. The bulk of the work on logics and formal methods for hybrid systems, as for discrete ... |

8 | Hybrid cc, hybrid automata and program verification
- Gupta, Jagadeesan, et al.
- 1996
(Show Context)
Citation Context ... typed first-order logic), and formulas with two discrete variables and real-valued variables, defining the relations . The semantics of high-level hybrid programming languages such as SHIFT [54] and =-=[55]-=- can be given in terms of hybrid automata, and so admit a low-level formal description of this kind. Modal and temporal logics are best viewed as fundamentally second-order logics for reasoning about ... |

7 |
Model checking and the Mu-calculus,” in Descriptive Complexity and Finite Models, ser
- Emerson
- 1997
(Show Context)
Citation Context ...amily of modal logics [33]–[35], which includes all the standard temporal logics, and in particular, to the richly expressive “parent logic” called the propositional modal - calculus (L ) [33], =-=[36], [37]-=-. The -calculus is well known in the hybrid system literature, notably from the work of Henzinger and coworkers [20], [21], [38]. In earlier work on the control theory of purely discrete systems, it w... |

7 |
A note on the completeness of Kozen’s axiomatization of the propositional µ-calculus, The Bulletin of Symbolic Logic 2
- Walukiewicz
- 1996
(Show Context)
Citation Context ... formula is valid, is EXPTIME complete [33]. More recently, the completeness of Kozen’s axiomatization has been established, namely, that if is valid, then . A drawback of the proof of this result i=-=n [94]-=- is that it does not extend in any modular fashion to axiomatic extensions, such as that for TopL , which adds the S4 axioms for (Section IV-H). In trying to establish that using a proof system for L ... |

6 |
Robustness issues for hybrid systems
- Horn, Ramadge
- 1995
(Show Context)
Citation Context ...obustness issues later in this paper; the idea there is that one has a nominal model of a system together with an uncertainty class characterizing how the true model might differ from the nominal one =-=[25]-=-. B. Overview: Mathematical Models As our basic mathematical model, we take a class of systems known as hybrid automata, which have gained wide acceptance since their introduction in [18] and [19]. Th... |

6 | Logic-based design and synthesis of controllers for hybrid systems
- Davoren, Moor
- 2000
(Show Context)
Citation Context ...e resolved using a suitable model checking tool. A more detailed account of this synthesis procedure is given in a separate paper [32], and an extension that directly addresses robustness is given in =-=[63]-=-. III. COMPUTATIONAL AND FORMAL LOGIC MODELS A. Labeled Transition Systems We now turn to a more detailed examination of abstract transition system models, which provide both a formal computational mo... |

5 | Logic for Applications (2nd ed - Nerode, Shore - 1997 |

5 |
Weispfenning V: Real quantifier elimination in practice. In: Algorithmic Algebra and Number Theory
- Dolzmann, Sturm
- 1999
(Show Context)
Citation Context ...ng the best available algorithm by Basu et al. [87] (which significantly improves the version of Collins’ cylindrical algebraic decomposition currently implemented in the computer algebra tool REDLO=-=G [88]-=-), the number of arithmetical operations required to perform this QElim procedure is bounded by , when the body of the argument formula is defined by a total of polynomials in variables, each of at mo... |

4 |
Verifying hybrid systems. Hybrid Systems,
- Manna, Pnueli
- 1992
(Show Context)
Citation Context ...ntial equations. Formal methods for the analysis of discrete systems fall roughly into three overlapping camps, which have carried over to hybrid discrete+continuous systems: • logic-based approache=-=s [12]–[23];-=- • automata-theoretic approaches [18], [20], [24]–[28]; • process algebra approaches [28], [29]; with the reference lists intended as representative samples. Our focus is on logic-based approach... |

3 | Specification and verification of hybrid dynamic systems with timed ∀-automata
- Zhang, Mackworth
- 1996
(Show Context)
Citation Context ...finition that and . The definition here is equivalent to that in [19], [21], and [31]. Close relatives of these LTS models include the integration graphs of [67]; the generalized Kripke structures of =-=[26]; -=-and the phase transition systems of [12]–[14]. The latter include a distinguished real-valued variable for global time, with the coordinate dynamics within any evolution, and the identity constraint... |

3 | Action Systems with Continuous Behaviour - Ronkko, Ravn - 1998 |

3 |
On hybrid systems and the modal -calculus
- Davoren
- 1999
(Show Context)
Citation Context ...Formal methods for the analysis of discrete systems fall roughly into three overlapping camps, which have carried over to hybrid discrete+continuous systems. These are: . logic-based approaches [12]--=-=[23]-=-; . automata-theoretic approaches [18],[20],[24]--[28]; and . process algebra approaches [28],[29]. with the reference lists intended as representative samples. Our focus is on logic-based approaches,... |

3 |
Modal and Temporal Logics", Handbook of Logic
- Stirling
- 1992
(Show Context)
Citation Context ...state, and the formal semantics are such that M # means every state in M satisfies the property expressed by #. In this paper, following [23],[32], we will look to the larger family of modal logics [=-=33]--[35], wh-=-ich includes all the standard temporal logics, and in particular, to the richly expressive "parent logic" called the propositional modals- calculus (L) [33],[36],[37]. The -calculus is well-... |

2 | Using modal logics for the formal analysis and synthesis of hybrid control systems
- Davoren
- 2000
(Show Context)
Citation Context ...required in the course of the construction, so those decisions could be resolved using a suitable model checking tool. A more detailed account of this synthesis procedure is given in a separate paper =-=[32]-=-, and an extension that directly addresses robustness is given in [63]. III. COMPUTATIONAL AND FORMAL LOGIC MODELS A. Labeled Transition Systems We now turn to a more detailed examination of abstract ... |

2 |
Modularity for timed and hybrid systems,” in CONCUR 97: Concurrency Theory
- Alur, Henzinger
- 1997
(Show Context)
Citation Context ...eactive hybrid systems, whose behavior is influenced by that of an external environment, are hybrid I/O automata (HIOA), introduced in [27] and used in this issue in [43], and hybrid reactive modules =-=[70]-=-. The state space for both these models is essentially of the form , where , and are the valuation spaces of internal or private variables, input or control interface variables, and output or external... |

2 | Logic for Applications. Graduate Texts in Computer Science - Nerode, Shore - 1997 |

1 |
Hybrid systems in TLA+,” in Hybrid Systems
- Lamport
- 1993
(Show Context)
Citation Context ...dom, eventuality, and fairness along infinite trajectories; qualitative ordering of events along trajectories; and quantitative timing properties of hybrid or real-time trajectories [12], [13], [15], =-=[16]-=-, [20], [21]. From the perspective of control and systems theory, the classical concerns center on notions of stability and of robustness of systems. For example, one basic notion of stability is the ... |

1 |
On hybrid systems and the modal "-calculus,” in Hybrid Systems
- Davoren
- 1999
(Show Context)
Citation Context ... equations. Formal methods for the analysis of discrete systems fall roughly into three overlapping camps, which have carried over to hybrid discrete+continuous systems: • logic-based approaches [12=-=]–[23]; • -=-automata-theoretic approaches [18], [20], [24]–[28]; • process algebra approaches [28], [29]; with the reference lists intended as representative samples. Our focus is on logic-based approaches, a... |

1 |
Modal and temporal logics,” in Handbook of Logic in Computer
- Stirling
- 1992
(Show Context)
Citation Context ...om a state, and the formal semantics are such that means every state in satisfies the property expressed by . In this paper, following [23] and [32], we will look to the larger family of modal logics =-=[33]–[35-=-], which includes all the standard temporal logics, and in particular, to the richly expressive “parent logic” called the propositional modal - calculus (L ) [33], [36], [37]. The -calculus is wel... |

1 |
Results on the propositional "-calculus,” Theoret
- Kozen
- 1983
(Show Context)
Citation Context ...rger family of modal logics [33]–[35], which includes all the standard temporal logics, and in particular, to the richly expressive “parent logic” called the propositional modal - calculus (L ) =-=[33], [36]-=-, [37]. The -calculus is well known in the hybrid system literature, notably from the work of Henzinger and coworkers [20], [21], [38]. In earlier work on the control theory of purely discrete systems... |

1 |
High-level modeling and analysis of the air traffic alert and collision avoidance system
- Livadas, Lygeros, et al.
- 2000
(Show Context)
Citation Context ...hybrid automata, which have gained wide acceptance since their introduction in [18] and [19]. The same model or generalizations of it are used in several other papers in this special issue [31], [41]�=-=��[43], an-=-d the switched systems considered in [44] are close relatives. A (basic) hybrid automaton is a closed system with a “built-in” control structure determining when and how the system switches betwee... |

1 |
continuity and bisimulations,” Theoret
- “Topologies
- 1999
(Show Context)
Citation Context ...“One thing an automata theorist must often envy a control theorist is the use of continuity” (p. 179). For hybrid automata theorists, it should go beyond envy. Developing ideas in [23], [46] and [=-=49]–[51]-=-, we argue that a common ground is to be found by adopting the language and viewpoint of general topology, and that natural and imposed topological and metric structure on the state spaces of system m... |

1 |
Decidable integration graphs,” in Hybrid Systems
- Kesten, Pnueli, et al.
- 1993
(Show Context)
Citation Context ...ymbols for and for . It follows from the definition that and . The definition here is equivalent to that in [19], [21], and [31]. Close relatives of these LTS models include the integration graphs of =-=[67]; -=-the generalized Kripke structures of [26]; and the phase transition systems of [12]–[14]. The latter include a distinguished real-valued variable for global time, with the coordinate dynamics within... |

1 |
A study in the modeling, verification and control of hybrid systems
- Cook
- 1999
(Show Context)
Citation Context ...ms consisting of a network of interacting subsystems in which the state is distributed; more recently, some of this work has been extended to timed and hybrid systems. The recent dissertation by Cook =-=[69]-=- is a substantial resource. In that work, a hybrid net model is given a formal representation as an LTS model, and property specification is given in the modal -calculus. 996 PROCEEDINGS OF THE IEEE, ... |

1 |
It’s about time: Real-time logics reviewed,” in CONCUR 97: Concurrency Theory, D. Sangiorgi and R. de Simone, Eds
- Henzinger
- 1998
(Show Context)
Citation Context ...]. Boxes with broken outlines indicate logics that require some extension or adaption of LTS models. These are topological modal logics [23], real-time extensions of temporal logics [20], [21], [53], =-=[77]-=-, interval temporal logics [15], [28], [78], [79], and alternating temporal logic (ATL) over game models [80]; the latter logic has an extension to an alternating -calculus, indicated by the broken li... |

1 |
et al. An update on STeP: Deductive-algorithmic verification of reactive systems
- Manna, Bjørner, et al.
- 1998
(Show Context)
Citation Context ... This is a cleaner -calculus analog of the invariance rule in LTL-based logics used for the verification of safety properties for hybrid automata in [12]–[14] and implemented in the verification too=-=l [95]-=-. In the course of our controller synthesis construction in Section II-D, we generate a list of PML formulas that are true in a model over the state space , using 1006 PROCEEDINGS OF THE IEEE, VOL. 88... |

1 |
Control synthesis of hybrid systems based on predicate invariance,” in Hybrid Systems
- Chen, Hanisch
- 1999
(Show Context)
Citation Context ...odularity is considered with respect to conjunction of predicates; working within L , a richer level of modularity is attainable. The construction in [39] is specifically adapted to hybrid systems in =-=[97]-=-, where the system model is essentially a hybrid automaton over state space and , with reset maps indexed by events , and for , a supervisor can override and disable a reset at states . Earlier work o... |

1 |
Controllers as fixedpoints of set-valued operators
- Nerode, Remmel, et al.
- 1995
(Show Context)
Citation Context ...o-place Reach operator, require reformulation to be expressible using modal operators. In earlier work in hybrid systems (with differing system models), fixed points of operators on sets were used in =-=[99]��-=-�[101] to characterize the viability kernel of a set of states as the largest subset invariant under hybrid trajectories and from which all hybrid trajectories are jump-infinite. In a separate develop... |

1 | Viability in hybrid systems,” Theoret - Kohn, Nerode, et al. - 1995 |

1 |
Viable control of hybrid systems,” in Hybrid Systems
- Deshpande, Varaiya
- 1995
(Show Context)
Citation Context ...ce Reach operator, require reformulation to be expressible using modal operators. In earlier work in hybrid systems (with differing system models), fixed points of operators on sets were used in [99]�=-=��[101]-=- to characterize the viability kernel of a set of states as the largest subset invariant under hybrid trajectories and from which all hybrid trajectories are jump-infinite. In a separate development, ... |

1 |
A formal desription of hybrid systems
- Chaochen, Ji, et al.
(Show Context)
Citation Context ...ll roughly into three overlapping camps, which have carried over to hybrid discrete+continuous systems. These are: . logic-based approaches [12]--[23]; . automata-theoretic approaches [18],[20],[24]--=-=[28]-=-; and . process algebra approaches [28],[29]. with the reference lists intended as representative samples. Our focus is on logic-based approaches, although in the course of the paper, we will briefly ... |

1 | Actions systems with continuous bevaviour - Ronkko, Ravn |