Predicate abstraction has emerged to be a powerful technique for extracting finite-state models from infinite-state discrete programs. This paper presents algorithms and tools for reachability analysis of hybrid systems by combining the notion of predicate abstraction with recent techniques for approximating the set of reachable states of linear systems using polyhedra. Given a hybrid system and a set of user-defined predicates, we consider the finite discrete quotient whose states correspond to all possible truth assignments to the input predicates. The tool performs an on-the-fly exploration of the abstract system by using weakest preconditions to compute abstract transitions corresponding to the discrete switches and conservative polyhedral approximations to compute abstract transitions corresponding to continuous flows. Compared to tools such as Checkmate and d/dt, this approach requires significantly less computational resources as the emphasis is shifted from computing the reachable set to searching in the abstract quotient. We demonstrate the feasibility of the proposed technique by analyzing a parametric timing-based mutual exclusion protocol and safety of a simple controller for vehicle coordination.

The DARPA MoBIES Automotive Vehicle-Vehicle Open Experi- mental Platform [14] defines a longitudinal controller for the leader car of a platoon moving in an Intelligent Vehicle Highway System (IVHS) autonomously. The challenge is to verify that cars using this longitu- dinal controller provide a safe (that is, collision-free) ride. This report presents the process of verifying this particular controller using our CHARON [2] toolkit. In particular, it involves modeling and simula- tion of the system in CHARON, and verifying the controller using our predicate abstraction technique for hybrid systems [3].

Abstract. While traditionally the environment considered by an autonomous mechatronic systems only consists of the measurable, surrounding physical world, today advanced mechatronic systems also include the context established by the information technology. This trend makes mechatronic systems possible which consist of cooperating agents which optimize and reconfigure the system behavior by adjusting their local behavior and cooperation structure to better serve their current goals depending on the experienced mechanical and information environment. The MECHATRONIC UML approach enables the componentwise development of such self-optimizing mechatronic systems by providing a notion for hybrid components and support for modular verification of the safe online-reconfiguration. In this paper, we present an extension to the formerly presented solution which overcomes the restriction that only purely reactive behavior with restricted time constraints can be verified. We present how model checking can be employed to also verify the safe modular reconfiguration for systems which include components with complex time constraints and proactive behavior. 1

Today, complex, networked, self-adaptive mechatronic systems which integrate advanced control engineering and software engineering concepts within a single software system are envisioned. These systems adapt their structures at runtime to react to detected environmental changes, to change their system goals, or to react to a change of the system structure. To enable the development of such systems, an integration of object-oriented modeling techniques such as UML and control theory approaches such as functional block modeling is required. Thereby, the successful visual modeling concepts of control engineering should be preserved, as otherwise wide acceptance in industry, which is mainly dominated by control engineers, is very unlikely. In this paper, we present such a visual integration for UML 2.0 components, Statecharts, and block diagrams developed within the MECHATRONIC UML approach. It permits to graphically model reconfiguration between several pre-defined configurations with statecharts and instance diagrams as well as to specify the flexible assembly of control configuration if needed by means of visual reconfiguration rules.

Contents 1 Introduction 3 2 Charon Models of Hybrid Systems 5 2.1 Agents and Architectural Hierarchy . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 2.2 Modes and Behavioral Hierarchy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 3 Charon Toolkit 10 3.1 CHARON Visual Speci cations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 3.2 Charon Control Panel and Textual Editor . . . . . . . . . . . . . . . . . . . . . . . 11 3.3 Charon Visual Simulator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 4 Charon Language Reference 17 4.1 The Charon language . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 4.1.1 General notes on syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 4.1.2 Variables and channels. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 4.1.3 Expressions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 4.1.4 Modes . . . . . . . . .

We collaborate in a research program aimed at creating a rigorous framework, experimental infrastructure, and computational environment for understanding, experimenting with, manipulating, and modifying a diverse set of fundamental biological processes at multiple scales and spatio-temporal modes. The novelty of our research is based on an approach that (i) requires coevolu- # The work reported in this paper was supported by grants from NSF's Qubic program, DARPA, HHMI biomedical support research grant, the US Department of Energy, the US Air Force, National Institutes of Health, and New York State O#ce of Science, Technology & Academic Research.

Recent advances in communication, computation, and embedded technologies support the development of cooperative multivehicle systems [1]. For the purposes of this article, we adopt the following definition of cooperative behavior [2]: “Given some task specified by a designer, a multiple-robot system displays cooperative behavior if, due to some underlying mechanism, for instance, the ‘mechanism of cooperation, ’ there is an increase in the total utility of the system. ” The development of cooperative multivehicle systems is motivated by the recognition that, by distributing computer power and other resources, teams of mobile agents can perform many tasks more efficiently and robustly than an individual robot. For example, teams of robots can complete tasks

The proliferation of embedded computing and wireless communication technologies are opening up tremendous possibilities for designing systems with unprecedented capabilities, in fields ranging from air and ground transportation, to law enforcement and homeland security, manufacturing, medical devices, environmental control, and energy management. The shift from human-controlled systems to highly automated systems in safety-critical applications places an enormous burden on the certification of new systems, as new types of failure modes are potentially introduced. Unfortunately, as the complexity of such systems increases at a fast pace, our ability to analyze and precisely predict and understand their behavior is still very limited. The consequence of this is that the verification of most complex systems depends on extensive testing campaigns, which can increase the certification costs to unacceptable levels, while at the same time failing to cover exhaustively all possible failure modes. We believe that the solution to this problem involves the careful integration of complexity-reducing modelling and design techniques, and of powerful new verification algorithms into the design process. Therefore, our approach to improving verification capabilities in the design of hybrid control systems involves two thrusts: 1. Dramatically reducing the complexity of embedded and hybrid systems by exploiting the