Results 1  10
of
482
A theory of timed automata
, 1999
"... Model checking is emerging as a practical tool for automated debugging of complex reactive systems such as embedded controllers and network protocols (see [23] for a survey). Traditional techniques for model checking do not admit an explicit modeling of time, and are thus, unsuitable for analysis of ..."
Abstract

Cited by 1975 (31 self)
 Add to MetaCart
Model checking is emerging as a practical tool for automated debugging of complex reactive systems such as embedded controllers and network protocols (see [23] for a survey). Traditional techniques for model checking do not admit an explicit modeling of time, and are thus, unsuitable for analysis of realtime systems whose correctness depends on relative magnitudes of different delays. Consequently, timed automata [7] were introduced as a formal notation to model the behavior of realtime systems. Its definition provides a simple way to annotate statetransition graphs with timing constraints using finitely many realvalued clock variables. Automated analysis of timed automata relies on the construction of a finite quotient of the infinite space of clock valuations. Over the years, the formalism has been extensively studied leading to many results establishing connections to circuits and logic, and much progress has been made in developing verification algorithms, heuristics, and tools. This paper provides a survey of the theory of timed automata, and their role in specification and verification of realtime systems.
The Theory of Hybrid Automata
, 1996
"... A hybrid automaton is a formal model for a mixed discretecontinuous system. We classify hybrid automata acoording to what questions about their behavior can be answered algorithmically. The classification reveals structure on mixed discretecontinuous state spaces that was previously studied on pur ..."
Abstract

Cited by 483 (9 self)
 Add to MetaCart
A hybrid automaton is a formal model for a mixed discretecontinuous system. We classify hybrid automata acoording to what questions about their behavior can be answered algorithmically. The classification reveals structure on mixed discretecontinuous state spaces that was previously studied on purely discrete state spaces only. In particular, various classes of hybrid automata induce finitary trace equivalence (or similarity, or bisimilarity) relations on an uncountable state space, thus permitting the application of various modelchecking techniques that were originally developed for finitestate systems.
HyTech: A Model Checker for Hybrid Systems
 Software Tools for Technology Transfer
, 1997
"... A hybrid system is a dynamical system whose behavior exhibits both discrete and continuous change. A hybrid automaton is a mathematical model for hybrid systems, which combines, in a single formalism, automaton transitions for capturing discrete change with differential equations for capturing conti ..."
Abstract

Cited by 356 (6 self)
 Add to MetaCart
A hybrid system is a dynamical system whose behavior exhibits both discrete and continuous change. A hybrid automaton is a mathematical model for hybrid systems, which combines, in a single formalism, automaton transitions for capturing discrete change with differential equations for capturing continuous change. HyTech is a symbolic model checker for linear hybrid automata, a subclass of hybrid automata that can be analyzed automatically by computing with polyhedral state sets. A key feature of HyTech is its ability to perform parametric analysis, i.e. to determine the values of design parameters for which a linear hybrid automaton satisfies a temporallogic requirement. 1 Introduction A hybrid system typically consists of a collection of digital programs that interact with each other and with an analog environment. Examples of hybrid systems include manufacturing controllers, automotive and flight controllers, medical equipment, microelectromechanical systems, and robots. When thes...
Reachability Analysis of Pushdown Automata: Application to ModelChecking
, 1997
"... We apply the symbolic analysis principle to pushdown systems. We represent (possibly infinite) sets of configurations of such systems by means of finitestate automata. In order to reason in a uniform way about analysis problems involving both existential and universal path quantification (like mode ..."
Abstract

Cited by 292 (36 self)
 Add to MetaCart
We apply the symbolic analysis principle to pushdown systems. We represent (possibly infinite) sets of configurations of such systems by means of finitestate automata. In order to reason in a uniform way about analysis problems involving both existential and universal path quantification (like modelchecking for branchingtime logics), we consider the more general class of alternating pushdown systems and use alternating finitestate automata as a representation structure for their sets of configurations. We give a simple and natural procedure to compute sets of predecessors for this representation structure. We apply this procedure and the automatatheoretic approach to modelchecking to define new modelchecking algorithms for pushdown systems and both linear and branchingtime properties. From these results we derive upper bounds for several modelchecking problems, and we also provide matching lower bounds, using reductions based on some techniques introduced by Walukiewicz.
What's Decidable about Hybrid Automata?
 Journal of Computer and System Sciences
, 1995
"... . Hybrid automata model systems with both digital and analog components, such as embedded control programs. Many verification tasks for such programs can be expressed as reachability problems for hybrid automata. By improving on previous decidability and undecidability results, we identify a boundar ..."
Abstract

Cited by 266 (14 self)
 Add to MetaCart
. Hybrid automata model systems with both digital and analog components, such as embedded control programs. Many verification tasks for such programs can be expressed as reachability problems for hybrid automata. By improving on previous decidability and undecidability results, we identify a boundary between decidability and undecidability for the reachability problem of hybrid automata. On the positive side, we give an (optimal) PSPACE reachability algorithm for the case of initialized rectangular automata, where all analog variables follow independent trajectories within piecewiselinear envelopes and are reinitialized whenever the envelope changes. Our algorithm is based on the construction of a timed automaton that contains all reachability information about a given initialized rectangular automaton. The translation has practical significance for verification, because it guarantees the termination of symbolic procedures for the reachability analysis of initialized rectangular autom...
Automatic Symbolic Verification of Embedded Systems
, 1996
"... We present a modelchecking procedure and its implementation for the automatic verification of embedded systems. The system components are described as Hybrid Automata  communicating machines with finite control and realvalued variables that represent continuous environment parameters such as tim ..."
Abstract

Cited by 264 (24 self)
 Add to MetaCart
We present a modelchecking procedure and its implementation for the automatic verification of embedded systems. The system components are described as Hybrid Automata  communicating machines with finite control and realvalued variables that represent continuous environment parameters such as time, pressure, and temperature. The system requirements are specified in a temporal logic with stop watches, and verified by symbolic fixpoint computation. The verification procedure  implemented in the Cornell Hybrid Technology Tool, HyTech  applies to hybrid automata whose continuous dynamics is governed by linear constraints on the variables and their derivatives. We illustrate the method and the tool by checking safety, liveness, timebounded, and duration requirements of digital controllers, schedulers, and distributed algorithms.
Conflict Resolution for Air Traffic Management: A Study in Multiagent Hybrid Systems
 IEEE Transactions on Automatic Control
, 1998
"... Air Traffic Management (ATM) of the future allows for the possibility of free flight, in which aircraft choose their own optimal routes, altitudes, and velocities. The safe resolution of trajectory conflicts between aircraft is necessary to the success of such a distributed control system. In this p ..."
Abstract

Cited by 201 (47 self)
 Add to MetaCart
Air Traffic Management (ATM) of the future allows for the possibility of free flight, in which aircraft choose their own optimal routes, altitudes, and velocities. The safe resolution of trajectory conflicts between aircraft is necessary to the success of such a distributed control system. In this paper, we present a method to synthesize provably safe conflict resolution maneuvers. The method models the aircraft and the maneuver as a hybrid control system and calculates the maximal set of safe initial conditions for each aircraft so that separation is assured in the presence of uncertainties in the actions of the other aircraft. Examples of maneuvers using both speed and heading changes are worked out in detail. Index TermsAir traffic management, conflict resolution, hybrid systems, verification. I.
A formal analysis and taxonomy of task allocation in multirobot systems
 Int’l. J. of Robotics Research
"... Despite more than a decade of experimental work in multirobot systems, important theoretical aspects of multirobot coordination mechanisms have, to date, been largely untreated. To address this issue, we focus on the problem of multirobot task allocation (MRTA). Most work on MRTA has been ad hoc ..."
Abstract

Cited by 182 (4 self)
 Add to MetaCart
Despite more than a decade of experimental work in multirobot systems, important theoretical aspects of multirobot coordination mechanisms have, to date, been largely untreated. To address this issue, we focus on the problem of multirobot task allocation (MRTA). Most work on MRTA has been ad hoc and empirical, with many coordination architectures having been proposed and validated in a proofofconcept fashion, but infrequently analyzed. With the goal of bringing objective grounding to this important area of research, we present a formal study of MRTA problems. A domainindependent taxonomy of MRTA problems is given, and it is shown how many such problems can be viewed as instances of other, wellstudied, optimization problems. We demonstrate how relevant theory from operations research and combinatorial optimization can be used for analysis and greater understanding of existing approaches to task allocation, and to show how the same theory can be used in the synthesis of new approaches. KEY WORDS—task allocation, multirobot systems, coordination, utility 1.
Boolean and Cartesian Abstraction for Model Checking C Programs
, 2001
"... The problem of model checking a specification in form of a C program with recursive procedures and many thousands of lines of code has not been addressed before. In this paper, we show how we attack this problem using an abstraction that is formalized with the Cartesian abstraction. It is implemente ..."
Abstract

Cited by 160 (14 self)
 Add to MetaCart
The problem of model checking a specification in form of a C program with recursive procedures and many thousands of lines of code has not been addressed before. In this paper, we show how we attack this problem using an abstraction that is formalized with the Cartesian abstraction. It is implemented through a sourcetosource transformation into a `Boolean' C program; we give an algorithm to compute the transformation with a cost that is exponential in its theoretical worstcase complexity but feasible in practice.