A hybrid automaton is a formal model for a mixed discrete-continuous system. We classify hybrid automata acoording to what questions about their behavior can be answered algorithmically. The classification reveals structure on mixed discrete-continuous state spaces that was previously studied on purely discrete state spaces only. In particular, various classes of hybrid automata induce finitary trace equivalence (or similarity, or bisimilarity) relations on an uncountable state space, thus permitting the application of various model-checking techniques that were originally developed for finite-state systems.

A hybrid system is a dynamical system whose behavior exhibits both discrete and continuous change. A hybrid automaton is a mathematical model for hybrid systems, which combines, in a single formalism, automaton transitions for capturing discrete change with differential equations for capturing continuous change. HyTech is a symbolic model checker for linear hybrid automata, a subclass of hybrid automata that can be analyzed automatically by computing with polyhedral state sets. A key feature of HyTech is its ability to perform parametric analysis, i.e. to determine the values of design parameters for which a linear hybrid automaton satisfies a temporal-logic requirement. 1 Introduction A hybrid system typically consists of a collection of digital programs that interact with each other and with an analog environment. Examples of hybrid systems include manufacturing controllers, automotive and flight controllers, medical equipment, micro-electromechanical systems, and robots. When thes...

We introduce event-recording automata. An event-recording automaton is a timed automaton that contains, for every event a, a clock that records the time of the last occurrence of a. The class of event-recording automata is, on one hand, expressive enough to model (finite) timed transition systems and, on the other hand, determinizable and closed under all boolean operations. As a result, the language inclusion problem is decidable for event-recording automata. We present a translation from timed transition systems to event-recording automata, which leads to an algorithm for checking if two timed transition systems have the same set of timed behaviors. We also consider event-predicting automata, which contain clocks that predict the time of the next occurrence of an event. The class of event-clock automata, which contain both event-recording and event-predicting clocks, is a suitable specification language for real-time properties. We provide an algorithm for checking if a timed automa...

. In this paper we apply the tool Uppaal 1 to an automatic analysis of a version of the Philips Audio Control Protocol with two senders and bus collision handling. This case study is significantly larger than the real-time/hybrid systems previously analysed by automatic tools. During the case study the tool Uppaal was extended with a new feature, committed locations, allowing efficient modelling of broadcast communication. 1 Introduction During the last few years a number of tools for automatic verification of hybrid and real-time systems have emerged [DY95, HHWT95, BLL + 95, HRP94]. These tools have by now reached a state, where they are mature enough for application on realistic case--studies; a claim we hope to substantiate in this paper. We present an application of our tool Uppaal to an automatic analysis of a version of the Philips Audio Control Protocol with two senders and the consequently caused problem of bus collision. The case study is comprehensive compared with prev...

This paper describes a methodology for the speci cation and analysis of distributed real-time systems using the toolset called PARAGON. PARAGON is based on the Communicating Shared Resources paradigm, which allows a real-time system to be modeled as a set of communicating processes that compete for shared resources. PARAGON supports both visual and textual languages for describing real-time systems. It o ers automatic analysis based on state space exploration as well as user-directed simulation. Our experience with using PARAGON in several case studies resulted in a methodology that includes design patterns and abstraction heuristics, as well as an overall process. This paper brie y overviews the communicating shared resource paradigm and its toolset PARAGON, including the textual and visual speci cation languages. The paper then describes our methodology with special emphasis on heuristics that can be used in PARAGON to reduce the state space. To illustrate the methodology, we use examples from a real-life system case study.

This paper describes an approach for modeling real-time systems using dynamic priorities. The advantage of the technique is that it drastically reduces the state space sizes of the systems in question while preserving properties of their functional behavior. We demonstrate the utility of our approachby formally modeling and verifying aspects of the widely-used SCSI-2 bus-protocol. It turns out that the state space of this model is about an order of magnitude smaller than the one resulting from traditional real-time semantics.

Abstract. Conformance control for ATM cells is based on a real-time reactive algorithm which delivers a value depending on inputs from the network. This value must always agree with a well de ned theoretical value. We present here the correctness proof of the algorithm standardized for the ATM transfer capability called ABR. The proof turned out akey argument during the standardization process of ABR. 1

Abstract. Hybrid systems combine discrete event and continuous time dynamics and can serve as models of large scale systems. We provide an overview of modeling, analysis, and controller synthesis techniques for

Clock Difference Diagrams (CDDs), a BDD-like data structure for model checking of timed automata, were presented in 1999. After the original article the work on them seems to have stopped, although there are still important open questions. The proposed algorithm relied on the traditionally used data structure (DBMs) for most operations. CDDs definition required that repeated subtrees were aliased, but no clear algorithm was presented for producing such compact representation, which seems costly to achieve. Also, since then, case studies have increased in size. In this article we revisit CDDs by introducing RCDDs, a variation that does not require maximum aliasing. We present the complete set of operations required to perform forward reachability analysis with no need for DBMs. By employing a fully RCDD-based algorithm our experiments show a consistent reduction of time requirements in case studies from the current literature, sometimes up to more than 40%.

A polygonal differential inclusion system (SPDI) is a non-deterministic planar hybrid system which can be represented by piecewise constant differential inclusions. In this thesis we are concerned with several theoretical and practical questions related to SPDIs such as reachability analysis and phase portrait construction. First we show that the reachability question for SPDIs is indeed decidable. Our procedure is not based on the computation of the reach-set but rather on the computation of the limit of individual trajectories. A key idea is the use of edge-to-edge one-dimensional affine Poincaré maps, the fix-points of which are easily computed. By taking advantage of this information, cycles can be accelerated in most cases. The above reachability algorithm has been implemented in a tool called SPeeDI. We next build the phase portrait of such systems. In particular, we identify the viability kernels of simple cycles. Such kernels are the set of starting points of trajectories that can keep rotating in the cycles forever. We also introduce the notion of controllability kernel of simple cycles as the set of points such that any two points of the set are reachable from each other via trajectories that remain on the set. We give non-iterative algorithms to compute both kernels. We obtain the SPDI phase portrait computing all the viability and controllability kernels. We finally study the decidability of the reachability problem for other 2-dimensional hybrid systems. We introduce hierarchical piecewise constant derivative systems (HPCDs) and 2-dimensional manifolds with piecewise constant derivative systems. We show that the reachability problem for the above two classes of systems is as hard as the reachability problem for piecewise affine maps that is known to be an open problem. We also show that the reachability question for slight extensions of HPCDs are undecidable.