A hybrid automaton is a formal model for a mixed discrete-continuous system. We classify hybrid automata acoording to what questions about their behavior can be answered algorithmically. The classification reveals structure on mixed discrete-continuous state spaces that was previously studied on purely discrete state spaces only. In particular, various classes of hybrid automata induce finitary trace equivalence (or similarity, or bisimilarity) relations on an uncountable state space, thus permitting the application of various model-checking techniques that were originally developed for finite-state systems.

. Model-checking is a method of verifying concurrent systems in which a state-transition graph model of the system behavior is compared with a temporal logic formula. This paper extends model-checking for the branching-time logic CTL to the analysis of real-time systems, whose correctness depends on the magnitudes of the timing delays. For specifications, we extend the syntax of CTL to allow quantitative temporal operators such as 93!5 , meaning "possibly within 5 time units." The formulas of the resulting logic, Timed CTL (TCTL), are interpreted over continuous computation trees, trees in which paths are maps from the set of nonnegative reals to system states. To model finitestate systems we introduce timed graphs --- state-transition graphs annotated with timing constraints. As our main result, we develop an algorithm for model-checking, for determining the truth of a TCTL-formula with respect to a timed graph. We argue that choosing a dense domain instead of a discrete domain to mo...

. We introduce a temporal logic for the specification of real-time systems. Our logic, TPTL, employs a novel quantifier construct for referencing time: the freeze quantifier binds a variable to the time of the local temporal context. TPTL is both a natural language for specification and a suitable formalism for verification. We present a tableau-based decision procedure and a model checking algorithm for TPTL. Several generalizations of TPTL are shown to be highly undecidable. 1 Introduction Linear temporal logic is a widely accepted language for specifying properties of reactive systems and their behavior over time [Pnu77, OL82, MP92]. The tableau-based satisfiability algorithm for its propositional version, PTL, forms the basis for the automatic verification and synthesis of finite-state systems [LP84, MW84]. PTL is interpreted over models that abstract away from the actual times at which events occur, retaining only temporal ordering information about the states of a system. The a...

The theory of the natural numbers with linear order and monadic predicates underlies propositional linear temporal logic. To study temporal logics that are suitable for reasoning about real-time systems, we combine this classical theory of in nite state sequences with a theory of discrete time, via a monotonic function that maps every state to its time. The resulting theory of timed state sequences is shown to be decidable, albeit nonelementary, and its expressive power is characterized by! -regular sets. Several more expressive variants are proved to be highly undecidable. This framework allows us to classify a wide variety of real-time logics according to their complexity and expressiveness. Indeed, it follows that most formalisms proposed in the literature cannot be decided. We are, however, able to identify two elementary real-time temporal logics as expressively complete fragments of the theory of timed state sequences, and we present tableau-based decision procedures for checking validity. Consequently, these two formalisms are well-suited for the speci cation and veri cation of real-time systems.

The most natural, compositional, way of modeling real-time systems uses a dense domain for time. The satis ability of timing constraints that are capable of expressing punctuality in this model, however, is known to be undecidable. We introduce a temporal language that can constrain the time difference between events only with finite, yet arbitrary, precision and show the resulting logic to be EXPSPACE-complete. This result allows us to develop an algorithm for the verification of timing properties of real-time systems with a dense semantics.

Abstract not found

. Real-time systems operate in "real," continuous time and state changes may occur at any real-numbered time point. Yet many verification methods are based on the assumption that states are observed at integer time points only. What can we conclude if a real-time system has been shown "correct" for integral observations? Integer time verification techniques suffice if the problem of whether all real-numbered behaviors of a system satisfy a property can be reduced to the question of whether the integral observations satisfy a (possibly modified) property. We show that this reduction is possible for a large and important class of systems and properties: the class of systems includes all systems that can be modeled as timed transition systems; the class of properties includes time-bounded invariance and time-bounded response. 1 Introduction Over the past few years, we have seen a proliferation of formal methodologies for software and hardware design that emphasize the treatm...

This paper addresses the design of reactive real-time embedded systems. Such systems are often heterogeneous in implementation technologies and design styles, for example by combining hardware ASICs with embedded software. The concurrent design process for such embedded systems involves solving the specification, validation, and synthesis problems. We review the variety of approaches to these problems that have been taken.

. Hybrid systems are modeled as phase transition systems with sampling semantics. By identifying a set of important events it is ensured that all significant state changes are observed, thus correcting previous drawbacks of the sampling computations semantics. A proof rule for verifying properties of hybrid systems is presented and illustrated on several examples. Keywords: Temporal logic, real-time, specification, verification, hybrid systems, statecharts, proof rules, phase transition system, sampling semantics, important events. 1 Introduction Hybrid systems are reactive systems that intermix discrete and continuous components. Typical examples are digital controllers that interact with continuously changing physical environments. A formal model for hybrid systems was proposed in [MMP92], based on the notion of phase transition systems (PTS). Two types of semantics were considered in [MMP92]. The first semantics, to which we refer here as the super dense semantics, is based on hyb...

In this paper we describe the ForSpec Temporal Logic (FTL), the new temporal property-specification logic of ForSpec, Intel's new formal specification language. The key features of FTL are as follows: it is a linear temporal logic, based on Pnueli's LTL, it is based on a rich set of logical and arithmetical operations on bit vectors to describe state properties, it enables the user to define temporal connectives over time windows, it enables the user to define regular events, which are regular sequences of Boolean events, and then relate such events via special connectives, it enables the user to express properties about the past, and it includes constructs that enable the user to model multiple clock and reset signals, which is useful in the verification of hardware design.