@phdthesis{4428, abstract = {Hybrid systems are real-time systems that react to both discrete and continuous activities (such as analog signals, time, temperature, and speed). Typical examples of hybrid systems are embedded systems, timing-based communication protocols, and digital circuits at the transistor level. Due to the rapid development of microprocessor technology, hybrid systems directly control much of what we depend on in our daily lives. Consequently, the formal specification and verification of hybrid systems has become an active area of research. This dissertation presents the first general framework for the formal specification and verification of hybrid systems, as well as the first hybrid-system analysis tool--HyTech. The framework consists of a graphical finite-state-machine-like language for modeling hybrid systems, a temporal logic for modeling the requirements of hybrid systems, and a computer procedure that verifies modeled hybrid systems against modeled requirements. The tool HyTech is the implementation of the framework using C++ and Mathematica. More specifically, our hybrid-system modeling language, Hybrid Automata, is an extension of timed automata with discrete and continuous variables whose dynamics are governed by differential equations. Our requirement modeling language, ICTL, is a branching-time temporal logic, and is an extension of TCTL with stop-watch variables. Our verification procedure is a symbolic model-checking procedure that verifies linear hybrid automata against ICTL formulas. To make HyTech more efficient and effective, we use model-checking strategies and abstract operators that can expedite the verification process. To enable HyTech to verify nonlinear hybrid automata, we introduce two translations from nonlinear hybrid automata to linear hybrid automata. We have applied HyTech to analyze more than 30 hybrid-system benchmarks. In this dissertation, we present the application of HyTech to three nontrivial hybrid systems taken from the literature.}, author = {Ho, Pei}, pages = {1 -- 188}, publisher = {Cornell University}, title = {{Automatic analysis of hybrid systems}}, year = {1995}, } @inproceedings{4447, abstract = {This paper is addressed to potential users of HyTech, the Cornell Hybrid Technology Tool, an automatic tool for analyzing hybrid systems. We review the formal technologies that have been incorporated into HyTech, and we illustrate the use of HyTech with three nontrivial case studies.}, author = {Henzinger, Thomas A and Ho, Pei}, booktitle = {4th International Hybrid Systems Workshop}, editor = {Panos, Antsaklis and Kohn, Wolf and Nerode, Anil and Sastry, Shankar}, isbn = {9783540683346}, location = { New Brunswick, NJ, United States of America}, pages = {265 -- 293}, publisher = {Springer}, title = {{HyTech: The Cornell Hybrid Technology Tool}}, doi = {10.1007/3-540-60472-3_14}, volume = {999}, year = {1995}, } @inproceedings{4448, abstract = {We report on several abstract interpretation strategies that are designed to improve the performance of HyTech, a symbolic model checker for linear hybrid systems. We (1) simultaneously compute the target region from different directions, (2) conservatively approximate the target region by dropping constraints, and (3) iteratively refine the approximation until sufficient precision is obtained. We consider the standard abstract convex-hull operator and a novel abstract extrapolation operator.}, author = {Henzinger, Thomas A and Ho, Pei}, booktitle = {3rd International Hybrid Systems Workshop}, editor = {Panos, Antsaklis and Kohn, Wolf and Nerode, Anil and Sastry, Shankar}, isbn = {9783540604723}, location = {Ithaca, NY, United States of America}, pages = {252 -- 264}, publisher = {Springer}, title = {{A note on abstract-interpretation strategies for hybrid automata}}, doi = {10.1007/3-540-60472-3_13}, volume = {999}, year = {1995}, } @inproceedings{4450, abstract = {Hybrid systems model discrete programs that are embedded in continuous environments. Model-checking tools are available for the analysis of linear hybrid systems, whose continuous variables are bounded by piecewise-linear trajectories. Most embedded programs, however, operate in nonlinear environments. We present, analyze, and apply two algorithms for translating nonlinear hybrid systems into linear hybrid systems. The clock translation replaces nonlinear variables by clock variables; the rate translation approximates nonlinear variables by piecewise-linear envelopes. Both translations are sound for reachability; that is, if we establish a safety property of the translated linear system, we may conclude that the original nonlinear system satisfies the property. The clock translation is also complete for reachability; that is, the original system and the translated system satisfy the same safety properties. The two translations apply to incomparable classes of nonlinear hybrid systems. From the clock translation we obtain a new decidability result for hybrid systems. With the help of Hytech, a symbolic model checker for linear hybrid systems, we automatically verify a nonlinear railroad gate control program using the clock translation, and a nonlinear temperature control program using the rate translation.}, author = {Henzinger, Thomas A and Ho, Pei}, booktitle = {7th International Conference on Computer Aided Verification}, isbn = {9783540494133}, location = {Liege, Belgium}, pages = {225 -- 238}, publisher = {Springer}, title = {{Algorithmic analysis of nonlinear hybrid systems}}, doi = {10.1007/3-540-60045-0_53}, volume = {939}, year = {1995}, } @inproceedings{4497, abstract = {HyTech is a tool for the automated analysis of embedded systems. This document, designed for the first-time user of HyTech, guides the reader through the underlying system model, and through the input language for describing and analyzing systems. The guide gives several examples of usage, and some hints for gaining maximal computational efficiency from the tool. The version of HyTech described in this guide was released in August 1995, and is available through anonymous ftp from ftp.cs.cornell.edu in the directory pub/tah/HyTech, and through the World-Wide Web via HyTech's home page http:/www.cs.cornell.edu/Info/People/tah/hytech.html.}, author = {Henzinger, Thomas A and Ho, Pei and Wong Toi, Howard}, booktitle = {1st International Workshop on Tools and Algorithms for the Construction and Analysis of Systems}, isbn = {9783540606307}, location = {Aarhus, Denmark}, pages = {41 -- 71}, publisher = {Springer}, title = {{A user guide to HyTech}}, doi = {10.1007/3-540-60630-0_3}, volume = {1019}, year = {1995}, } @inproceedings{4498, abstract = {We present algorithms for computing similarity relations of labeled graphs. Similarity relations have applications for the refinement and verification of reactive systems. For finite graphs, we present an O(mn) algorithm for computing the similarity relation of a graph with n vertices and m edges (assuming m⩾n). For effectively presented infinite graphs, we present a symbolic similarity-checking procedure that terminates if a finite similarity relation exists. We show that 2D rectangular automata, which model discrete reactive systems with continuous environments, define effectively presented infinite graphs with finite similarity relations. It follows that the refinement problem and the ∀CTL* model-checking problem are decidable for 2D rectangular automata}, author = {Henzinger, Monika H and Henzinger, Thomas A and Kopke, Peter}, booktitle = {Proceedings of IEEE 36th Annual Foundations of Computer Science}, isbn = {0818671831}, issn = {0272-5428}, location = {Milwaukee, WI, United States of America}, pages = {453 -- 462}, publisher = {IEEE}, title = {{Computing simulations on finite and infinite graphs}}, doi = {10.1109/SFCS.1995.492576}, year = {1995}, } @inproceedings{4499, abstract = {We describe a new implementation of HYTECH, a symbolic model checker for hybrid systems. Given a parametric description of an embedded system as a collection of communicating automata, HYTECH automatically computes the conditions on the parameters under which the system satisfies its safety and timing requirements. While the original HYTECH prototype was based on the symbolic algebra tool Mathematica, the new implementation is written in C++ and builds on geometric algorithms instead of formula manipulation. The new HYTECH offers a cleaner and more expressive input language, greater portability, superior performance (typically two to three orders of magnitude), and new features such as diagnostic error-trace generation. We illustrate the effectiveness of the new implementation by applying HYTECH to the automatic parametric analysis of the generic railroad crossing benchmark problem and to an active structure control algorithm}, author = {Henzinger, Thomas A and Ho, Pei and Wong Toi, Howard}, booktitle = {Proceedings 16th IEEE Real-Time Systems Symposium}, isbn = {0818673370}, location = {Pisa, Italy}, pages = {56 -- 65}, publisher = {IEEE}, title = {{HyTech: The next generation}}, doi = {10.1109/REAL.1995.495196 }, year = {1995}, } @inproceedings{4500, abstract = {We investigate the expressive power of timing restrictions on labeled transition systems. In particular, we show how constraints on clock variables together with a uniform liveness condition—the divergence of time—can express Büchi, Muller, Streett, Rabin, and weak and strong fairness conditions on a given labeled transition system. We then consider the effect, on both timed and time-abstract expressiveness, of varying the following parameters: time domain (discrete or dense), number of clocks, number of states, and size of constants used in timing restrictions.}, author = {Henzinger, Thomas A and Kopke, Peter and Wong Toi, Howard}, booktitle = {22nd International Colloquium on Automata, Languages and Programming }, isbn = {9783540600848}, location = {Szeged, Hungary}, pages = {417 -- 428}, publisher = {Springer}, title = {{The expressive power of clocks}}, doi = {10.1007/3-540-60084-1_93}, volume = {944}, year = {1995}, } @inproceedings{4502, abstract = {Hybrid automata model systems with both digital and analog components, such as embedded control programs. Many verification tasks for such programs can be expressed as reachability problems for hybrid automata. By improving on previous decidability and undecidability results, we identify the precise boundary between decidability and undecidability of the reachability problem for hybrid automata. On the positive side, we give an (optimal) PSPACE reachability algorithm for the case of initialized rectangular automata, where all analog variables follow trajectories within piecewise-linear envelopes and are reinitialized whenever the envelope changes. Our algorithm is based on the construction of a timed automaton that contains all reachability information about a given initialized rectangular automaton. The translation has practical significance for verification, because it guarantees the termination of symbolic procedures for the reachability analysis of initialized rectangular automata. The translation also preserves the omega-languages of initialized rectangular automata with bounded nondeterminism. On the negative side, we show that several slight generalizations of initialized rectangular automata lead to an undecidable reachability problem. In particular, we prove that the reachability problem is undecidable for timed automata augmented with a single stopwatch.}, author = {Henzinger, Thomas A and Kopke, Peter and Puri, Anuj and Varaiya, P.}, booktitle = {Proceedings of the 27th annual ACM symposium on Theory of computing}, isbn = {9780897917186}, location = {Las Vegas, NV, United States of America}, pages = {373 -- 382}, publisher = {ACM}, title = {{What's decidable about hybrid automata?}}, doi = {10.1145/225058.225162}, year = {1995}, } @inproceedings{4518, abstract = {The analysis, verification, and control of hybrid automata with finite bisimulations can be reduced to finite-state problems. We advocate a time-abstract, phase-based methodology for checking if a given hybrid automaton has a finite bisimulation. First, we factor the automaton into two components, a boolean automaton with a discrete dynamics on the finite state space B m and a euclidean automaton with a continuous dynamics on the infinite state space n . Second, we investigate the phase portrait of the euclidean component. In this fashion, we obtain new decidability results for hybrid systems as well as new, uniform proofs of known decidability results.}, author = {Henzinger, Thomas A}, booktitle = {22nd International Colloquium on Automata, Languages and Programming }, isbn = {9783540600848}, location = {Szeged, Hungary}, pages = {324 -- 335}, publisher = {Springer}, title = {{Hybrid automata with finite bisimulations}}, doi = {10.1007/3-540-60084-1_85}, volume = {944}, year = {1995}, } @inproceedings{4587, abstract = {We argue that the standard constraints on liveness conditions in nonblocking trace models—machine closure for closed systems, and receptiveness for open systems—are unnecessarily weak and complex, and that liveness should, instead, be specified by augmenting transition systems with acceptance conditions that satisfy a locality constraint. First, locality implies machine closure and receptiveness, and thus permits the composition and modular verification of live transition systems. Second, while machine closure and receptiveness are based on infinite games, locality is based on repeated finite games, and thus easier to check. Third, no expressive power is lost by the restriction to local liveness conditions. We illustrate the appeal of local liveness using the model of Fair Reactive Systems, a nonblocking trace model of communicating processes.}, author = {Alur, Rajeev and Henzinger, Thomas A}, booktitle = {7th International Conference on Computer Aided Verification}, isbn = {978-3-540-60045-9}, location = {Liege, Belgium}, pages = {166 -- 179}, publisher = {Springer}, title = {{Local liveness for compositional modeling of fair reactive systems}}, doi = {10.1007/3-540-60045-0_49}, volume = {939}, year = {1995}, } @article{4613, abstract = {We present a general framework for the formal specification and algorithmic analysis of hybrid systems. A hybrid system consists of a discrete program with an analog environment. We model hybrid systems as finite automata equipped with variables that evolve continuously with time according to dynamical laws. For verification purposes, we restrict ourselves to linear hybrid systems, where all variables follow piecewise-linear trajectories. We provide decidability and undecidability results for classes of linear hybrid systems, and we show that standard program-analysis techniques can be adapted to linear hybrid systems. In particular, we consider symbolic model-checking and minimization procedures that are based on the reachability analysis of an infinite state space. The procedures iteratively compute state sets that are definable as unions of convex polyhedra in multidimensional real space. We also present approximation techniques for dealing with systems for which the iterative procedures do not converge.}, author = {Alur, Rajeev and Courcoubetis, Costas and Halbwachs, Nicolas and Henzinger, Thomas A and Ho, Pei and Nicollin, Xavier and Olivero, Alfredo and Sifakis, Joseph and Yovine, Sergio}, issn = {0304-3975}, journal = {Theoretical Computer Science}, number = {1}, pages = {3 -- 34}, publisher = {Elsevier}, title = {{The algorithmic analysis of hybrid systems}}, doi = {10.1016/0304-3975(94)00202-T}, volume = {138}, year = {1995}, }