We present a general framework for the formal specification and algorithmic analysis of hybrid systems. A hybrid system consists of a discrete program with an analog environment. We model hybrid systems as nite automata equipped with variables that evolve continuously with time according to dynamical laws. For verification purposes, we restrict ourselves to linear hybrid systems, where all variables follow piecewise-linear trajectories. We provide decidability and undecidability results for classes of linear hybrid systems, and we show that standard program-analysis techniques can be adapted to linear hybrid systems. In particular, we consider symbolic model-checking and minimization procedures that are based on the reachability analysis of an infinite state space. The procedures iteratively compute state sets that are definable as unions of convex polyhedra in multidimensional real space. We also present approximation techniques for dealing with systems for which the iterative procedures do not converge.

We introduce the framework of hybrid automata as a model and specification language for hybrid systems. Hybrid automata can be viewed as a generalization of timed automata, in which the behavior of variables is governed in each state by a set of differential equations. We show that many of the examples considered in the workshop can be defined by hybrid automata. While the reachability problem is undecidable even for very restricted classes of hybrid automata, we present two semidecision procedures for verifying safety properties of piecewise-linear hybrid automata, in which all variables change at constant rates. The two procedures are based, respectively, on minimizing and computing fixpoints on generally infinite state spaces. We show that if the procedures terminate, then they give correct answers. We then demonstrate that for many of the typical workshop examples, the procedures do terminate and thus provide an automatic way for verifying their properties. 1 Introduction More and...

We propose a framework for the formal speci cation and veri cation of timed and hybrid systems. For timed systems we propose a speci cation language that refers to time only through age functions which measure the length of the most recent timeinterval in which agiven formula has been continuously true. We then consider hybrid systems, which are systems consisting of a non-trivial mixture of discrete and continuous components, such as a digital controller that controls acontinuous environment. The proposed framework extends the temporal logic approach which has proven useful for the formal analysis of discrete systems such as reactive programs. The new framework consists of a semantic model for hybrid time, the notion of phase transition systems, which extends the formalism of discrete transition systems, an extended version of Statecharts for the speci cation of hybrid behaviors, and an extended version of temporal logic that enables reasoning about continuous change.

We propose a method for the implementation and analysis of real-time systems, based on the compilation of specifications into extended automata. Such a method has been already adopted for the so called "synchronous" real-time programming languages.

Introduction The paper presents a model for hybrid systems, that is, systems that combine discrete and continuous components. Such systems are usually reactive real-time systems used to control an environment evolving over time. A main assumption is that a run of a hybrid system is a sequence of two-phase steps. The first phase of a step corresponds to a continuous state transformation usually described in terms of some parameter representing the time elapsed during this phase. In the second phase the state is submitted to a discrete change taking zero time. To illustrate this assumption, consider a temperature regulator commanding a heater so as to maintain the temperature ` of a room between two given bounds ` min and ` max . A run of such a system is a sequence of steps determined by the alternating state changes of the heater from ON to OFF<F26.

this paper, we show how to apply state-minimization techniques to verification algorithms for real-time systems. We use timed automata as a representation of real-time systems [11, 2]. A timed automaton provides a way of annotating a state-transition graph of the system with timing constraints. It operates with a finite-state control and a finite number of fictitious time-measuring elements called

. Integration Graphs are a computational model developed in the attempt to identify simple Hybrid Systems with decidable analysis problems. We start with the class of constant slope hybrid systems (cshs), in which the right hand side of all differential equations is an integer constant. We refer to continuous variables whose right hand side constants are always 1 as timers. All other continuous variables are called integrators. The first result shown in the paper is that simple questions such as reachability of a given state are undecidable for even this simple class of systems. To restrict the model even further, we impose the requirement that no test that refers to integrators may appear within a loop in the graph. This restricted class of cshs is called integration graphs . The main results of the paper are that the reachability problem of integration graphs is decidable for two special cases: The case of a single timer and the case of a single test involving integrators. The expres...

A general automaton model for timing-based systems is presented and is used as the context for developing a variety of simulation proof techniques for such systems. As a first step, a comprehensive overview of simulation techniques for simple untimed automata is given. In particular, soundness and completeness results for (1) refinements, (2) forward and backward simulations, (3) forward-backward and backward-forward simulations, and (4) history and prophecy relations are given. History and prophecy relations are new and are abstractions of the history variables of Owicki and Gries and the prophecy variables of Abadi and Lamport, respectively. As a subsequent step, it is shown how most of the results for untimed automata can be carried over to the setting of timed automata. In fact, many of the results for the timed case are obtained as consequences of the analogous results for the untimed case.

This paper shows that real-time systems described in a reasonable subset of ET-LOTOS can be verified with Kronos by compiling them into timed automata. We illustrate the practical interest of our approach with a case study: the Tick-Tock protocol

this paper, an algebra of timed processes with real--valued clocks is presented, which serves as a formal description language for real--time communicating systems. We show that requirements such as "a process will never reach an undesired state" can be verified by solving a simple class of constraint systems on the clock--variables. A complete method for reachability analysis associated with the language is developed, and implemented as an automatic verification tool based on constraint--solving techniques. Finally as examples, we study and verify the safety--properties of Fischer's mutual exclusion protocol and a railway crossing controller.