Rectangular hybrid automata model digital control programs of analog plant environments. We study rectangular hybrid automata where the plant state evolves continuously in real-numbered time, and the controller samples the plant state and changes the control state discretely, only at the integer points in time. We prove that rectangular hybrid automata have nite bisimilarity quotients when all control transitions happen at integer times, even if the constraints on the derivatives of the variables vary between control states. This is in contrast with the conventional model where control transitions may happen at any real time, and already the reachability problem is undecidable. Based on the nite bisimilarity quotients, we give an exponential algorithm for the symbolic sampling-controller synthesis of rectangular automata. We show our algorithm to be optimal by proving the problem to be EXPTIME-hard. We also show that rectangular automata form a maximal class of systems for which the sampling-controller synthesis problem can be solved algorithmically.

March 1, 2002 Rodney G. Downey Department of Mathematics, Victoria University P.O. Box 600, Wellington, New Zealand downey@math.vuw.ac.nz Michael R. Fellows, Bruce M. Kapron and Michael T. Hallett Department of Computer Science, University of Victoria Victoria, British Columbia V8W 3P6 Canada contact author: mfellows@csr.uvic.ca H. Todd Wareham Department of Computer Science Memorial University of Newfoundland St. Johns, Newfoundland A1C 5S7 Canada harold@odie.cs.mun.ca Summary The theory of parameterized computational complexity introduced in [DF1-3] appears to be of wide applicability in the study of the complexity of concrete problems [ADF,BFH,DEF,FHW,FK]. We believe the theory may be of particular importance to practical applications of logic formalisms in programming language design and in system specification. The reason for this relevance is that while many computational problems in logic are extremely intractable generally, realistic applications often involve a "hidden parameter" according to which the computational problem may be feasible according to the more sensitive criteria of fixed-parameter tractability that is the central issue in parameterized computational complexity. We illustrate how this theory may apply to problems in logic, programming languages and linguistics by describing some examples of both tractability and intractability results in these areas. It is our strong expectation that these results are just the tip of the iceberg of interesting applications of parameterized complexity theory to logic and linguistics. The main results described in this abstract are as follows. (1) The problem of determining whether a word x can be derived in k steps in a context-sensitive grammar G (Short CSL Derivation) is complete for the paramet...

. We present a technique for automatically verifying linear-time temporal logic safety properties of programs written in ESTEREL, a formally-defined language for programming reactive systems. In our approach, linear-time temporal logic safety properties are first translated into ESTEREL programs that model these properties. Using the ESTEREL compiler, the translations are compiled in parallel with the ESTEREL program to be verified. A trivial reachability analysis of the output of the compiler then indicates whether or not the safety property is satisfied by the program. We describe two real-world software problems --- ESTEREL versions of two features of the AT&T 5ESS R fl switching system --- and one well-known benchmark problem --- the generalized railroad crossing problem --- that we have verified using our technique and associated tool set. 1 Introduction The ESTEREL programming language [5] is a formally-defined, high-level language designed specifically for progra...

. The paper deals with the proof method of verification by finitary abstraction (vfa), which presents a feasible approach to the verification of the temporal properties of (potentially infinite-state) reactive systems. The method consists of a two-step process by which, in a first step, the system and its temporal specification are jointly abstracted into a finite-state system and a finite-state specification. The second step uses model checking to establish the validity of the abstracted property over the abstracted system. The vfa method can be considered as a viable alternative to verification by temporal deduction which, up to now, has been the main method generally applicable for verification of infinite-state systems. The paper presents a general recipe for the joint abstraction, which is shown to be sound , where soundness means that validity over the abstract system implies validity over the concrete (original) system. To make the method applicable for the verification of liven...

Abstract. In this paper we show how to translate bounded-length verification problems for timed automata into formulae in difference logic, a propositional logic enriched with timing constraints. We describe the principles of a satisfiability checker specialized for this logic that we have implemented and report some preliminary experimental results. 1

; F.3.1 [Logics and Meanings of Programs]: Specifying,Verifying and Reasoning about Programs---logics of programs General Terms: Theory, Verification Additional Key Words and Phrases: Model checking, quantitative analysis, temporal logic A preliminary version of this paper appeared in ICALP'99: Proceedings of the 26th International Colloquium on Automata, Languages, and Programming, Lecture Notes in Computer Science, vol. 1644, pp. 159-168, Springer-Verlag, 1999. This work was partially supported by NSF CAREER award CCR97-34115, by DARPA/NASA grant NAG2-1214, by SRC contract 99-TJ-688, and by an Alfred P. Sloan Faculty Fellowship. Authors' addresses: R. Alur and S. La Torre: Dept. of Computer and Information Science, University of Pennsylvania, 200 South 33rd St., Philadelphia, PA 19104, email: falur,latorreg@cis.upenn.edu; K. Etessami and D. Peled: Bell Labs, 700 Mountain Ave., Murray Hill, NJ 079

. A finite representation of the prime event structure corresponding to the behaviour of a program is suggested. The algorithm of linear complexity using this representation for model checking of the formulas of Discrete Event Structure Logic without past modalities is given. A method of building finite representations of event structures in an efficient way by applying partial order reductions is provided. 1 Introduction Model checking is one of the most successful methods of automatic verification of program properties. A model-checking algorithm decides whether a finite-state concurrent system satisfies its specification, given as a formula of a temporal logic [3, 10]. Behaviour of a concurrent system can be modeled in two ways. In the interleaving semantics, the meaning of a program is an execution tree, temporal-logic assertions are interpreted over paths of this tree. In partial-order semantics (or event structure semantics), behaviour is an event structure, where the ordering r...

Abstract not found

. The interleaving model is both adequate and sufficiently abstract to allow for the practical specification and verification of many properties of concurrent systems. We incorporate real time into this model by defining the abstract notion of a real-time transition system as a conservative extension of traditional transition systems: qualitative fairness requirements are replaced (and superseded) by quantitative lower-bound and upper-bound real-time requirements for transitions. We present proof rules to establish lower and upper real-time bounds for response properties of real-time transition systems. This proof system can be used to verify bounded-invariance and bounded-response properties, such as timely termination of shared-variables multi-process systems, whose semantics is defined in terms of real-time transition systems. 1 This research was supported in part by an IBM graduate fellowship, by the National Science Foundation grants CCR-89-11512 and CCR-89-13641, by the Defense...

An Asynchronous Buchi Automaton is a collection of concurrently executing automata, able to perform operations that are shared between one or more of their concurrent components. These automata can be used to specify properties of distributed protocols. In this paper, an efficient method for verifying that a protocol satisfies its Asynchronous Buchi Automaton specification is presented. In order to alleviate a potential state space explosion while verifying a protocol, a state reduction technique is used. The construction results in a reduced state space that contains at least one representative sequence for each equivalence class of infinite sequences. This guarantees that the full state space contains an accepting execution if and only if the reduced state space contains one. This method can also be used to check for the emptyness of an Asynchronous Buchi Automaton. Thus, it can be used to check the validity of specification languages that can be translated into such automata, such a...