## Discrete Abstractions of Hybrid Systems (2000)

### Cached

### Download Links

Citations: | 221 - 27 self |

### BibTeX

@MISC{Alur00discreteabstractions,

author = {Rajeev Alur and Thomas A. Henzinger and Gerardo Lafferriere and et al.},

title = { Discrete Abstractions of Hybrid Systems},

year = {2000}

}

### OpenURL

### Abstract

### Citations

2117 | A theory of timed automata
- Alur, Dill
- 1994
(Show Context)
Citation Context ...ow that the classes of hybrid systems that can be abstracted fall in two classes. In the first class, the continuous behavior of the hybrid system must be restricted, as in the case of timed automata =-=[6]-=-, fixed slope automata [4], multirate automata [5, 26], and rectangular automata [18, 32]. In the second class, the discrete behavior of the hybrid system must be restricted, as in the case of order-m... |

1983 |
Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints
- Cousot, Cousot
- 1977
(Show Context)
Citation Context ...abstraction can be found, one may be content with a sufficient abstraction, where checking the desired property on the abstracted system is sufficient for checking the property on the original system =-=[20]-=-. In this paper, we focus on equivalent discrete abstractions of hybrid systems along with the classes of properties they preserve. We show that there are many interesting classes of hybrid systems wh... |

837 |
Design and synthesis of synchronization skeletons using branching-time temporal logic
- Clarke, Emerson
- 1982
(Show Context)
Citation Context ...essarily a bisimulation. Computation Tree Logic (CTL) is a temporal logic, which contrary to LTL, contains existential quantifiers that range over trajectories. Definition 2.8 (Computation Tree Logic =-=[19, 69]-=-). The formulas of Computation Tree Logic (CTL) are defined inductively as follows: ffl Propositions Every propositionsis a formula. ffl Formulas If OE 1 and OE 2 are formulas, then the following are ... |

646 | The algorithmic analysis of hybrid systems
- Alur, Courcoubetis, et al.
- 1995
(Show Context)
Citation Context ...rid systems that can be abstracted fall in two classes. In the first class, the continuous behavior of the hybrid system must be restricted, as in the case of timed automata [6], fixed slope automata =-=[4]-=-, multirate automata [5, 26], and rectangular automata [18, 32]. In the second class, the discrete behavior of the hybrid system must be restricted, as in the case of order-minimal hybrid systems [19,... |

385 | Hybrid automata: an algorithmic approach to the specification and verification of hybrid systems
- Alur, Courcoubetis, et al.
- 1993
(Show Context)
Citation Context ...rid systems that can be abstracted fall into two classes. In the first class, the continuous behavior of the hybrid system must be restricted, as in the case of timed automata [5], multirate automata =-=[4], -=-[58], and rectangular automata [37], [68]. In the second class, the discrete behavior of the hybrid system must be restricted, as in the case of order-minimal hybrid systems [44]–[46]. In this paper... |

251 | The tool kronos
- Daws, Olivero, et al.
- 1996
(Show Context)
Citation Context ...ctively define a very tight boundary between decidable and undecidable hybrid systems. We do not focus on complexity issues or the implementation of these algorithms by verification tools like Kronos =-=[13]-=-, Cospan [8], Upaal [24], and HyTech [17]. More specifically, in Section 2, we review the notion of language equivalence and bisimulations of transition systems, along with the temporal logics whose p... |

143 |
Characterizing finite Kripke structures in propositional temporal logic
- Brown, Clarke, et al.
- 1988
(Show Context)
Citation Context ...ich can be expressed in CTL but not in LTL (such as the requirement ) [26]. The following theorem shows that bisimulations preserve CTL properties. Theorem 2.10 (Bisimulation preserves CTL properties =-=[15]-=-): Let be a transition system and let be a bisimulation of . Then satisfies the CTL formula if and only if the bisimulation quotient satisfies . Therefore, CTL model checking for can be performed equi... |

105 | Models for Hybrid Systems
- Kohn, Nerode
- 1993
(Show Context)
Citation Context ...sts of synthesizing controllers for hybrid systems in order to meet a given specification. Both directions have received large attention in the hybrid systems community, and the reader is referred to =-=[3, 11, 23, 25, 33, 42, 55, 73]-=- for expositions to much of the research in the field. In this paper, we are interested in the formal analysis of hybrid systems. The formal analysis of large scale, hybrid systems is typically a very... |

87 |
Model-checking in dense real time
- Alur, Courcoibetis, et al.
(Show Context)
Citation Context ...lence relation ��B is a finite bisimulation. Therefore, CTL model checking (Problem 2.10) is decidable for timed automata. The proof of the above result along with complexity analysis can be found=-= in [6, 3]-=-. As a corollary of Theorem 4.3 we obtain that the reachability problem for timed automata is also decidable. Furthermore, since bisimulations are finer partitions than language equivalence properties... |

87 |
Semianalytic and subanalytic sets
- Bierstone, Milman
- 1988
(Show Context)
Citation Context ...ts in this theory, we need the notions of semianalytic and subanalytic sets. We provide below an informal definition of these notions. For precise definitions and properties the reader is referred to =-=[11]. We -=-say that a bounded subset S of R n is semianalytic in R n if for every x 2 R n there exists a neighborhood U of x such that U " S is a boolean combination of sets of the form fx : f(x) ! 0g and f... |

79 | Effective Synthesis of Switching Controllers for Linear Systems
- Asarin, Bournez, et al.
- 2000
(Show Context)
Citation Context ...f synthesizing controllers for hybrid systems in order to meet a given specification. Both directions have received large attention in the hybrid systems community, and the reader is referred to [3], =-=[11]-=-, [23], [25], [33], [42], [55], and [73] for expositions to much of the research in the field. In this paper, we are interested in the formal analysis of hybrid systems. The formal analysis of large-s... |

79 | Reachability analysis via face lifting
- Dang, Maler
- 1998
(Show Context)
Citation Context ...s are restricted. In cases where discrete abstractions with equivalent properties cannot be constructed, abstractions whose properties are sufficient to check can be useful. This approach is taken in =-=[18, 21, 34, 30, 60, 61, 63, 67, 70]-=-, where reachable sets of differential equations are over- or under-approximated. This line of work often allows us to verify instances of hybrid systems even if they belong to undecidable classes. Th... |

78 |
The algorithmic analysis of hybrid systems. Theoretical Computer Science 138:3–34
- Alur, Courcoubetis, et al.
- 1995
(Show Context)
Citation Context ...sts of synthesizing controllers for hybrid systems in order to meet a given specification. Both directions have received large attention in the hybrid systems community, and the reader is referred to =-=[3]-=-, [11], [23], [25], [33], [42], [55], and [73] for expositions to much of the research in the field. In this paper, we are interested in the formal analysis of hybrid systems. The formal analysis of l... |

63 |
and Halbwachs, N.: Minimal model generation
- Bouajjani, Fernandez
- 1990
(Show Context)
Citation Context ...t, and the algorithm returns a finite partition of the state space which is the coarsest bisimulation (i.e., the bisimulation with the fewest equivalence classes). Algorithm 2 (Bisimulation Algorithm =-=[14, 41]) initiall-=-y Q= B := f[[]] js2 \Pig; while there exist P; P 0 2 Q= B such that ; ( P " P re(P 0 ) ( P do P 1 := P " P re(P 0 ); P 2 = P n P re(P 0 ); Q= B := (Q= B n fPg) [ fP 1 ; P 2 g end while; retu... |

54 |
Abstract interpretation: A uni ed lattice model for static analysis of programs by construction or approximation of xpoints
- Cousot, Cousot
- 1977
(Show Context)
Citation Context ...lent abstraction can be found, one may becontent with a su cient abstraction, where checking the desired property on the abstracted system is su cient for checking the property on the original system =-=[20]-=-. In this paper, we focus on equivalent discrete abstractions of hybrid systems along with the classes of properties they preserve. We show that there are many interesting classes of hybrid systems wh... |

44 |
e.a.: Modular Specification of Hybrid Systems
- Alur, Grosu
(Show Context)
Citation Context ... automated highway systems [40], [50], [79], air-traffic management systems [49], [51], [74], embedded automotive controllers [12], [59], manufacturing systems [64], chemical processes [28], robotics =-=[6]-=-, [71], real-time communication networks, and real-time circuits Manuscript received October 1, 1999; revised April 14, 2000. This work was supported by DARPA under Grant F33615-98-C-3614, by DARPA/NA... |

43 | Timing analysis in COSPAN
- Alur, Kurshan
(Show Context)
Citation Context ...e a very tight boundary between decidable and undecidable hybrid systems. We do not focus on complexity issues or the implementation of these algorithms by verification tools like Kronos [13], Cospan =-=[8]-=-, Upaal [24], and HyTech [17]. More specifically, in Section 2, we review the notion of language equivalence and bisimulations of transition systems, along with the temporal logics whose properties th... |

40 | Automotive engine control and hybrid systems: Challenges and opportunities
- Balluchi, Benvenutti, et al.
- 2000
(Show Context)
Citation Context ... been used as mathematical models for many important applications, such as automated highway systems [40], [50], [79], air-traffic management systems [49], [51], [74], embedded automotive controllers =-=[12]-=-, [59], manufacturing systems [64], chemical processes [28], robotics [6], [71], real-time communication networks, and real-time circuits Manuscript received October 1, 1999; revised April 14, 2000. T... |

36 |
Semianalytic and subanalytic sets,” Inst
- Bierstone, Milman
- 1988
(Show Context)
Citation Context ...n this structure, we need the notions of semianalytic and subanalytic sets. We provide below an informal definition of these notions. For precise definitions and properties, the reader is referred to =-=[13]-=-. We say that a subset of is semianalytic in if for every there exists a neighborhood of such that is a Boolean combination of sets of the form and , where is an analytic function on . Roughly speakin... |

36 |
Hierarchical hybrid control systems: A lattice theoretic formulation
- Caines, Wei
- 1998
(Show Context)
Citation Context ...imulations. A detailed exposition to the use of various logics in hybrid systems can be found in [23]. Similar concepts and constructions, but from a hierarchical control perspective, can be found in =-=[16] a-=-nd [61]–[63]. There are immediate obstacles due to undecidability. For example, in [37], it was shown that checking reachability (whether a certain region of the state space can be reached) is undec... |

30 |
A Theory of Timed Automata, Theoret
- Alur, Dill
- 1994
(Show Context)
Citation Context ... limit, we show that hybrid systems that can be abstracted fall into two classes. In the first class, the continuous behavior of the hybrid system must be restricted, as in the case of timed automata =-=[5]-=-, multirate automata [4], [58], and rectangular automata [37], [68]. In the second class, the discrete behavior of the hybrid system must be restricted, as in the case of order-minimal hybrid systems ... |

27 |
Veri of Polyhedral-Invariant Hybrid Automata Using Polygonal Flow Pipe Approximations",F.W
- Chutinan, Krogh
- 1999
(Show Context)
Citation Context ...s are restricted. In cases where discrete abstractions with equivalent properties cannot be constructed, abstractions whose properties are sufficient to check can be useful. This approach is taken in =-=[18]-=-, [21], [30] [34], [60], [61], [63], [67], and [70], where reachable sets of differential equations are over- or underapproximated. This line of work often allows us to verify instances of hybrid syst... |

23 |
Linear Systems
- Antsaklis, Michel
- 1997
(Show Context)
Citation Context ...er S 0018-9219(00)06460-4. 0018–9219/00$10.00 © 2000 IEEE [53]. Their wide applicability has inspired a great deal of research from both control theory and theoretical computer science [1], [2], [7=-=], [9]-=-, [10], [29], [31], [52], [75]. Many of the above motivating applications are safety critical and require guarantees of safe operation. Consequently, much research focuses on formal analysis and desig... |

17 |
Timing analysis
- Alur, Kurshan
- 1996
(Show Context)
Citation Context ...oundary between decidable and undecidable questions about hybrid systems. We do not focus on complexity issues or the implementation of these algorithms by verification tools like KRONOS [24], COSPAN =-=[8]-=-, UPAAL [48], and HYTECH [35]. It should be noted that, in practice, the algorithms implemented by the above tools work directly on the original system and do not construct an equivalent finite abstra... |

14 | Deciding reachability for planar multipolynomial systems
- Cerans, Viksna
- 1996
(Show Context)
Citation Context ... definable in this structure. Since the restriction of on is definable, the operator corresponding to is definable. This leads to the following corollary of Theorem 5.4, which generalizes to sults in =-=[17]-=-, [43], and [47]. the planar reCorollary 5.5: Let be a hybrid system for which all relevant sets (guards, invariants, initial conditions) are finitely subanalytic and all vector fields are diagonaliza... |

14 | Topologies, continuity and bisimulations
- Davoren
- 1999
(Show Context)
Citation Context ...low piecewise constant set valued maps, which can be used to overapproximate, arbitrarily closely, useful reset maps like the identity map. A more detailed analysis of set valued maps can be found in =-=[22]-=-. This restriction on the discrete dynamics along with the powerful structure of o-minimal structures, allows us to prove the following theorem without violating the results of Section 3.3. Even thoug... |

7 |
Modular speci cation of hybrid systems in charon
- Alur, Groshu, et al.
- 2000
(Show Context)
Citation Context ...ons, such as automated highway systems [40, 50, 79], air tra c management systems [49, 51, 74], embedded automotive controllers [12, 59], manufacturing systems [64], chemical processes [28], robotics =-=[6, 71]-=-, real-time communication networks, and realtime circuits [53]. Their wide applicability has inspired a great deal of research from both control theory and theoretical computer science [1,2,7,9,10,29,... |

7 |
Characterizing ¯nite Kripke structures in propositional temporal logic
- Browne, Clarke, et al.
- 1988
(Show Context)
Citation Context ... can be expressed in CTL but not in LTL (such as the requirement 9382 )[26].The following theorem shows that bisimulations preserve CTL properties. Theorem 2.10 (Bisimulation preserves CTL properties =-=[15]-=-). Let T be a transition system and let B be a bisimulation of T . Then T satis es the CTL formula if and only if the bisimulation quotient T= B satis es . Therefore, CTL model checking for T can be p... |

5 |
Effective controller synthesis of switching controllers for linear systems
- Asarin, Bournez, et al.
- 2000
(Show Context)
Citation Context ...sts of synthesizing controllers for hybrid systems in order to meet a given specification. Both directions have received large attention in the hybrid systems community, and the reader is referred to =-=[3, 11, 23, 25, 33, 42, 55, 73]-=- for expositions to much of the research in the field. In this paper, we are interested in the formal analysis of hybrid systems. The formal analysis of large scale, hybrid systems is typically a very... |

4 |
Veri cation of polyhedral-invariant hybrid automata using polygonal ow pipe approximations
- Chutinan, Krogh
- 1999
(Show Context)
Citation Context ...mics are restricted. In cases where discrete abstractions with equivalent properties cannot be constructed, abstractions whose properties are su cient to check can be useful. This approach istaken in =-=[18, 21, 34, 30, 60, 61, 63, 67, 70]-=-, where reachable sets of di erential equations are over- or under-approximated. This line of work often allows us to verify instances of hybrid systems even if they belong to undecidable classes. The... |

2 |
Systems IV
- Hybrid
- 1997
(Show Context)
Citation Context ...0018-9219(00)06460-4. 0018–9219/00$10.00 © 2000 IEEE [53]. Their wide applicability has inspired a great deal of research from both control theory and theoretical computer science [1], [2], [7], [9=-=], [10]-=-, [29], [31], [52], [75]. Many of the above motivating applications are safety critical and require guarantees of safe operation. Consequently, much research focuses on formal analysis and design of h... |

1 |
Minimal model generation,” in CAV 90: Computer-Aided Verification
- Bouajjani, Fernandez, et al.
- 1990
(Show Context)
Citation Context ...t, and the algorithm returns a finite partition of the state space which is the coarsest bisimulation (i.e., the bisimulation with the fewest equivalence classes). Algorithm 2 (Bisimulation Algorithm =-=[14]-=-, [41]) initially ; while there exist such that do ; end while; return Therefore, in order to show that CTL model checking can be decided for a transition system , it suffices to show that the bisimul... |

1 |
Hybrid control in automotive applications
- Balluchi, Benvenuti, et al.
(Show Context)
Citation Context ...ems have been used as mathematical models for many important applications, such as automated highway systems [40, 50, 79], air traffic management systems [49, 51, 74], embedded automotive controllers =-=[12, 59]-=-, manufacturing systems [64], chemical processes [28], robotics [6, 71], real-time communication networks, and realtime circuits [53]. Their wide applicability has inspired a great deal of research fr... |