## HYTECH: The next generation (1995)

### Cached

### Download Links

- [www.eecs.berkeley.edu]
- [www-cad.eecs.berkeley.edu]
- [maui.theoinf.tu-ilmenau.de]
- [www-cad.eecs.berkeley.edu]
- DBLP

### Other Repositories/Bibliography

Venue: | In Proceedings of the 16th IEEE Real-Time Systems Symposium |

Citations: | 102 - 7 self |

### BibTeX

@INPROCEEDINGS{Henzinger95hytech:the,

author = {Thomas A. Henzinger and Pei-hsin Ho and Howard Wong-toi},

title = {HYTECH: The next generation},

booktitle = {In Proceedings of the 16th IEEE Real-Time Systems Symposium},

year = {1995},

pages = {56--65},

publisher = {IEEE Computer Society press}

}

### OpenURL

### Abstract

Abstract. We describe a new implementation of HyTech 1,asymbolic model checker for hybrid systems. Given a parametric description of an embedded system as a collection of communicating automata, HyTech automatically computes the conditions on the parameters under which the system satis es its safety and timing requirements. While the original HyTech prototype was based on the symbolic algebra tool Mathematica, the new implementation is written in C ++ and builds on geometric algorithms instead of formula manipulation. The new HyTech o ers a cleaner and more expressive input language, greater portability, superior performance (typically two to three orders of magnitude), and new features such as diagnostic error-trace generation. We illustrate the e ectiveness of the new implementation by applying HyTech to the automatic parametric analysis of the generic railroad crossing benchmark problem [HJL93] and to an active structure control algorithm [ECB94]. 1

### Citations

1977 | A theory of timed automata - Alur, Dill - 1994 |

598 | The algorithmic analysis of hybrid systems - Alur, Courcoubetis, et al. - 1995 |

575 | Automatic discovery of linear restraints among variables of a program - Cousot, Halbwachs - 1978 |

471 | Symbolic model checking for real-time systems - Henzinger, Nicollin, et al. - 1994 |

361 | Hybrid automata: An algorithmic approach to the specification and verification of hybrid systems
- Alur, Courcoubetis, et al.
- 1993
(Show Context)
Citation Context ...mma10; \Gamma9] gs0 g = 90 lower raise lower open closed Figure 2: Gate automaton 2 Linear Hybrid Automata We model embedded systems as the parallel composition of coordinating linear hybrid automata =-=[ACHH93]-=-. Informally, a linear hybrid automaton consists of a finite set X of real-valued variables and a labeled multigraph (V; E). The edges E represent discrete events, each labeled with conditions on the ... |

267 | What’s decidable about hybrid automata
- Henzinger, Kopke, et al.
- 1998
(Show Context)
Citation Context ...hese iteration schemes are semi-decision procedures; there is no guarantee of termination. However, it has been shown that for a large class of hybrid systems, the initialized rectangular automata of =-=[HKPV95]-=-, termination is guaranteed after a simple preprocessing step. 2.4 Parametric analysis A system description often contains parameters. The system is incorrect for parameter values for which there exis... |

266 | Automatic symbolic verification of embedded systems
- Alur, Henzinger, et al.
- 1996
(Show Context)
Citation Context ...and only if ff is greater than or equal to 20, from which we deduce correctness for ff strictly less than 20. 3 HYTECH There have been three generations of HyTech. The earliest prototype we developed =-=[AHH93]-=- was written entirely in Mathematica. Regions are represented as symbolic expressions denoting state predicates. The definition of a successor region uses existential quantification over the reals, wh... |

205 | L.: An old-fashioned recipe for real time
- Abadi, Lamport
- 1994
(Show Context)
Citation Context ...execution abandoned after 48 hrs Figure 5: Comparative performance locations and up to 7 variables. Second, we synthesized timing parameters for the correctness of Fischer's mutual exclusion protocol =-=[AL92]-=- with perfect clocks. We provide data for analyzing various numbers of concurrent processes contending for a resource. Third, we synthesize a critical upper bound on the controller's response time for... |

202 |
The Concurrency Workbench: A semantics-based tool for the verification of finite-state systems
- Cleaveland, Parrow, et al.
- 1993
(Show Context)
Citation Context ...tate machines subject to timed enabling conditions. A translation technique from Modechart into Temporal CCS is provided. The Temporal CCS description is then verified using the Concurrency Workbench =-=[CPS93]. "send ys10 Sy-=-nch xs Synch 0 xp y := 0 "receive y = 0 y = 0 #calc ys5 Synch xp y = 5 #send ys10 ys5 read SC 0 y := 0 write SC 1 y := 0 ts135 ! "calc ys45 "receive 0 y = 0 #update y := 0 y := 0 y = 10... |

142 | A user guide to HYTECH
- Henzinger, Ho, et al.
- 1995
(Show Context)
Citation Context ...s. In Section 2, we give a brief review of the hybrid automaton model and corresponding analysis techniques. In Section 3, we present the new implementation of HyTech. For more detail, the user guide =-=[HHWT95]-=- may be consulted. In Section 4, we include two case studies that, previously, have not been formalized using hybrid automata. Neither one of these case studies was designed by us, and both were publi... |

105 | Algorithmic analysis of nonlinear hybrid systems - Henzinger, Ho, et al. - 1998 |

96 | Parametric real-time reasoning - Alur, Henzinger, et al. - 1993 |

94 | The generalized railroad crossing — a case study in formal verification of real-time systems
- Heitmeyer, Lynch
- 1994
(Show Context)
Citation Context ...niques, including modecharts [JS88], process algebras [GL90], Alur-Dill timed automata [ACD + 92], machine-assisted theorem proving [Sha93], model checking [WM93], and Lynch-Vaandrager timed automata =-=[HL94]-=-. Using linear hybrid automata, we provide the first automatic synthesis of critical timing constraints, namely, the maximal amount of time the controller can wait before commanding the gate to lower.... |

80 | Hytech: The cornell hybrid technology tool
- Henzinger, Ho
- 1995
(Show Context)
Citation Context ...hrough the action associated with a discrete event, or while time elapses, through the continuous activity associated with a control mode. Our automata are more expressive than those of the prototype =-=[HH95a]-=- in that we allow more general instantaneous actions (arbitrary linear conditions on old and new variable values), more general continuous activities (arbitrary linear conditions on slopes), and urgen... |

79 | P.: Verification of Linear Hybrid Systems by Means of Convex Approximations
- Halbwachs, Proy, et al.
- 1994
(Show Context)
Citation Context ...-time systems. Three examples of tools for the symbolic analysis of timed automata are Kronos [DY95], Veriti [DWT95], and Uppaal [LPY95]. Another verification tool for linear hybrid automata is Polka =-=[HRP94]-=-, which focuses on abstract-interpretation techniques. In Section 2, we give a brief review of the hybrid automaton model and corresponding analysis techniques. In Section 3, we present the new implem... |

66 | Compositional and symbolic modelchecking of real-time systems
- Larsen, Pettersson, et al.
- 1995
(Show Context)
Citation Context ...ow comparable to automatic verifiers for more specialized types of real-time systems. Three examples of tools for the symbolic analysis of timed automata are Kronos [DY95], Veriti [DWT95], and Uppaal =-=[LPY95]-=-. Another verification tool for linear hybrid automata is Polka [HRP94], which focuses on abstract-interpretation techniques. In Section 2, we give a brief review of the hybrid automaton model and cor... |

58 | Two examples of verification of multirate timed automata with Kronos
- Daws, Yovine
- 1995
(Show Context)
Citation Context ...ity, the performance of HyTech is now comparable to automatic verifiers for more specialized types of real-time systems. Three examples of tools for the symbolic analysis of timed automata are Kronos =-=[DY95]-=-, Veriti [DWT95], and Uppaal [LPY95]. Another verification tool for linear hybrid automata is Polka [HRP94], which focuses on abstract-interpretation techniques. In Section 2, we give a brief review o... |

58 | Delay analysis in synchronous programs
- Halbwachs
- 1993
(Show Context)
Citation Context ...onization labels are used to define the parallel composition of automata. In the gate automaton, syn(open; lowering) = lower . In the graphical representation, �� A is omitted. The polyhedral libr=-=ary [Hal93]-=- supports only nonstrict linear inequalities. This limitation imposes two restrictions on the automata that can be analyzed by the current implementation of HyTech. First, we require that each urgent ... |

57 | An implementation of three algorithms for timing verification based on automata emptiness - Alur, Courcoubetis, et al. - 1992 |

49 | Verification of an audio control protocol
- Bosscher, Polak, et al.
- 1994
(Show Context)
Citation Context ...H95a, HH95b, HH95c, HWT95]. Our results show a verification-time improvement of roughly two to three orders of magnitude. For example, using our new implementation, the Philips audio control protocol =-=[BPV94]-=- can be analyzed in 19 seconds as opposed to 5.0 hours [HWT95]. 2 Indeed, without sacrificing generality, the performance of HyTech is now comparable to automatic verifiers for more specialized types ... |

49 | DA: A method for verifying properties of modechart specifications
- Jahanian, Stuart
- 1988
(Show Context)
Citation Context ...[LS85], was posed in [HJL93] as a challenge benchmark for formal methods for real-time systems. Solutions to the problem have been formally verified using a number of techniques, including modecharts =-=[JS88]-=-, process algebras [GL90], Alur-Dill timed automata [ACD + 92], machine-assisted theorem proving [Sha93], model checking [WM93], and Lynch-Vaandrager timed automata [HL94]. Using linear hybrid automat... |

45 | Automated analysis of an audio control protocol
- Ho, Wong-Toi
- 1995
(Show Context)
Citation Context ...me improvement of roughly two to three orders of magnitude. For example, using our new implementation, the Philips audio control protocol [BPV94] can be analyzed in 19 seconds as opposed to 5.0 hours =-=[HWT95]-=-. 2 Indeed, without sacrificing generality, the performance of HyTech is now comparable to automatic verifiers for more specialized types of real-time systems. Three examples of tools for the symbolic... |

44 | A benchmark for comparing different approaches for specifying and verifying real-time systems
- Heitmeyer, Jeffords, et al.
- 1993
(Show Context)
Citation Context ...diagnostic error-trace generation. We illustrate the effectiveness of the new implementation by applying HyTech to the automatic parametric analysis of the generic railroad crossing benchmark problem =-=[HJL93]-=- and to an active structure control algorithm [ECB94]. 1 Introduction There has been increasing use of embedded software and hardware for controlling physical systems in real time. Many of these embed... |

31 |
Verification of real-time systems by successive over and under approximation
- Dill, Wong-Toi
- 1995
(Show Context)
Citation Context ...mance of HyTech is now comparable to automatic verifiers for more specialized types of real-time systems. Three examples of tools for the symbolic analysis of timed automata are Kronos [DY95], Veriti =-=[DWT95]-=-, and Uppaal [LPY95]. Another verification tool for linear hybrid automata is Polka [HRP94], which focuses on abstract-interpretation techniques. In Section 2, we give a brief review of the hybrid aut... |

29 |
Algorithm for Discovering the Set of All the Solutions of a Linear Programming Problem
- Chernikova
- 1968
(Show Context)
Citation Context ...eal space, instead of Mathematica formulas. Polyhedra provide a uniform representation that is implemented, entirely in C ++ , using standard data structures and geometric algorithms for manipulation =-=[Che68]. For exam-=-ple, for computing the set of states that can be reached by a time delay, we compute the "shadow" of a polyhedron (which is easy) instead of eliminating an existential quantifier from a Math... |

29 | Verification of Real-Time Systems Using PVS
- Shankar
- 1993
(Show Context)
Citation Context ...ns to the problem have been formally verified using a number of techniques, including modecharts [JS88], process algebras [GL90], Alur-Dill timed automata [ACD + 92], machine-assisted theorem proving =-=[Sha93]-=-, model checking [WM93], and Lynch-Vaandrager timed automata [HL94]. Using linear hybrid automata, we provide the first automatic synthesis of critical timing constraints, namely, the maximal amount o... |

26 | A note on abstract interpretation strategies for hybrid automata - Henzinger, Ho - 1995 |

24 |
Automatic symbolic veri cation of embedded systems
- Alur, Henzinger
- 1996
(Show Context)
Citation Context ...n) if and only if is greater than or equal to 20, from which we deduce correctness for strictly less than 20. 3 HYTECH There have been three generations of HyTech. The earliest prototype we developed =-=[AHH93]-=- was written entirely in Mathematica. Regions are represented as symbolic expressions denoting state predicates. The de nition of a successor region uses existential quanti cation over the reals, whic... |

18 |
Ste en. The Concurrency Workbench: A Semantics-Based Tool for the Veri cation of Concurrent Systems
- Cleaveland, Parrow, et al.
- 1993
(Show Context)
Citation Context ...state machines subject to timed enabling conditions. A translation technique from Modechart into Temporal CCS is provided. The Temporal CCS description is then veri ed using the Concurrency Workbench =-=[CPS93]-=-. 14sSynchxs Synch0 read SS 1 write SS 0 #receivey =10! y 10y := 0 ASAP y := 0 xp y 5 y =5! y := 0 read SC 0 ASAP ! y := 0 #send 4.2.1 System description y =0^t 135 #update y =0 20y ^ y 25 ! y =5 read... |

15 |
Analyzing safety and fault tolerance using timed Petri nets
- LEVESON, STOLZY
- 1985
(Show Context)
Citation Context ...e studies was designed by us, and both were published at the last symposium in this series [HL94, ECB94]. The generic railroad crossing (GRC) problem, which is derived from the train-gate crossing of =-=[LS85]-=-, was posed in [HJL93] as a challenge benchmark for formal methods for real-time systems. Solutions to the problem have been formally verified using a number of techniques, including modecharts [JS88]... |

14 |
Verifying an intelligent structural control system: A case study
- Elseaidy, Cleaveland, et al.
- 1994
(Show Context)
Citation Context ...effectiveness of the new implementation by applying HyTech to the automatic parametric analysis of the generic railroad crossing benchmark problem [HJL93] and to an active structure control algorithm =-=[ECB94]-=-. 1 Introduction There has been increasing use of embedded software and hardware for controlling physical systems in real time. Many of these embedded controllers occur in safety-critical applications... |

12 |
Veri cation of an audio control protocol
- Bosscher, Polak, et al.
- 1994
(Show Context)
Citation Context ... HH95a, HH95b, HH95c, HWT95]. Our results show averi cation-time improvement of roughly two to three orders of magnitude. For example, using our new implementation, the Philips audio control protocol =-=[BPV94]-=- can be analyzed in 19 seconds as opposed to 5.0 hours [HWT95]. 2 Indeed, without sacri cing generality, the performance of HyTech is now comparable to automatic veri ers for more specialized types of... |

10 | A proof system for communicating shared resources - Gerber, Lee - 1990 |

10 |
Veri cation of linear hybrid systems by means of convex approximations
- Halbwachs, Proy, et al.
- 1994
(Show Context)
Citation Context ...l-time systems. Three examples of tools for the symbolic analysis of timed automata are Kronos [DY95], Veriti [DWT95], and Uppaal [LPY95]. Another veri cation tool for linear hybrid automata is Polka =-=[HRP94]-=-, which focuses on abstract-interpretation techniques. In Section 2, we give a brief review of the hybrid automaton model and corresponding analysis techniques. In Section 3, we present the new implem... |

7 |
A benchmark for comparing di#erent approaches for specifying and verifying real-time systems
- Heitmeyer, Jeords, et al.
- 1993
(Show Context)
Citation Context ... diagnostic error-trace generation. We illustrate the e ectiveness of the new implementation by applying HyTech to the automatic parametric analysis of the generic railroad crossing benchmark problem =-=[HJL93]-=- and to an active structure control algorithm [ECB94]. 1 Introduction There has been increasing use of embedded software and hardware for controlling physical systems in real time. Many of these embed... |

6 |
Veri cation of Real-Time Systems by Successive over and under Approximation
- Dill, Wong-Toi
- 1995
(Show Context)
Citation Context ...rmance of HyTech is now comparable to automatic veri ers for more specialized types of real-time systems. Three examples of tools for the symbolic analysis of timed automata are Kronos [DY95], Veriti =-=[DWT95]-=-, and Uppaal [LPY95]. Another veri cation tool for linear hybrid automata is Polka [HRP94], which focuses on abstract-interpretation techniques. In Section 2, we give a brief review of the hybrid auto... |

6 |
Two Examples of Veri cation of Multirate Timed Automata with
- Daws, Yovine
- 1995
(Show Context)
Citation Context ...lity, the performance of HyTech is now comparable to automatic veri ers for more specialized types of real-time systems. Three examples of tools for the symbolic analysis of timed automata are Kronos =-=[DY95]-=-, Veriti [DWT95], and Uppaal [LPY95]. Another veri cation tool for linear hybrid automata is Polka [HRP94], which focuses on abstract-interpretation techniques. In Section 2, we give a brief review of... |

4 |
Veri cation of Real-Time Systems Using PVS
- Shankar
- 1993
(Show Context)
Citation Context ...ons to the problem have been formally veri ed using a number of techniques, including modecharts [JS88], process algebras [GL90], Alur-Dill timed automata [ACD + 92], machine-assisted theorem proving =-=[Sha93]-=-, model checking [WM93], and Lynch-Vaandrager timed automata [HL94]. Using linear hybrid automata, we provide the rst automatic synthesis of critical timing constraints, namely, the maximal amount of ... |

1 |
A verifier for distributed real-time systems with bounded integer variables
- Wang, Mok
- 1993
(Show Context)
Citation Context ...een formally verified using a number of techniques, including modecharts [JS88], process algebras [GL90], Alur-Dill timed automata [ACD + 92], machine-assisted theorem proving [Sha93], model checking =-=[WM93]-=-, and Lynch-Vaandrager timed automata [HL94]. Using linear hybrid automata, we provide the first automatic synthesis of critical timing constraints, namely, the maximal amount of time the controller c... |

1 |
A veri er for distributed real-time systems with bounded integer variables
- Wang, Mok
- 1993
(Show Context)
Citation Context ...been formally veri ed using a number of techniques, including modecharts [JS88], process algebras [GL90], Alur-Dill timed automata [ACD + 92], machine-assisted theorem proving [Sha93], model checking =-=[WM93]-=-, and Lynch-Vaandrager timed automata [HL94]. Using linear hybrid automata, we provide the rst automatic synthesis of critical timing constraints, namely, the maximal amount of time the controller can... |