Results 1 
8 of
8
TimeAware Relational Abstractions for Hybrid Systems
"... Hybrid Systems model both discrete switches and continuous dynamics and are suitable to represent embedded systems where discrete controllers interact with a physical plant. Relational abstraction is a new approach for verifying hybrid systems. In relational abstraction, the continuous dynamics in e ..."
Abstract

Cited by 4 (1 self)
 Add to MetaCart
Hybrid Systems model both discrete switches and continuous dynamics and are suitable to represent embedded systems where discrete controllers interact with a physical plant. Relational abstraction is a new approach for verifying hybrid systems. In relational abstraction, the continuous dynamics in each location of the hybrid system is abstracted by a binary relation that relates the current value of the continuous variables with all future values of the variables that are reachable after a time elapse (continuous) transition. The abstract system is an infinitestate system, which can be verified using kinduction or abstract interpretation. Existing techniques for computing relational abstractions are timeagnostic: they do not construct any relationship between the state variables and the time elapsed during the continuous evolution. Timeagnostic abstractions cannot verify timing properties. We present a technique to compute a timeaware relational abstraction for verifying (timingrelated) safety properties of cyberphysical systems. We show the effectiveness of the new abstraction on several case studies on which the previous techniques fail.
Proving and Explaining the Unfeasibility of Message Sequence Charts for Hybrid Systems
"... Abstract—Networks of Hybrid Automata are a clean modelling framework for complex systems with discrete and continuous dynamics. Message Sequence Charts (MSCs) are a consolidated languagetodescribedesiredbehaviorsofanetworkofinteracting components. Techniques to analyze the feasibility of an MSC over ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
(Show Context)
Abstract—Networks of Hybrid Automata are a clean modelling framework for complex systems with discrete and continuous dynamics. Message Sequence Charts (MSCs) are a consolidated languagetodescribedesiredbehaviorsofanetworkofinteracting components. Techniques to analyze the feasibility of an MSC over a given HA network are based on specialized bounded model checking techniques, and focus on efficiently constructing traces of the network that witness the MSC behavior. Unfortunately, these techniques are unable to deal with the “unfeasibility ” of the MSC, i.e. that no trace of the network satisfies the MSC. In this paper, we tackle the problem of MSC unfeasibility: first, we propose specialized techniques to prove that an MSC can not be satisfied by any trace of a given HA network; second, we show how to explain why an MSC is unfeasible. The approach is cast in an SMTbased verification framework, usingalocaltimesemantics,wherethetimescalesoftheautomata in the network are synchronized upon shared events. In order to prove unfeasibility, we generalize kinduction to deal with the structure of the MSC, so that the simple path condition is localized to each fragment of the MSC. The explanations are provided as formulas in the variables representing the time points of the events of the MSCs, and are generated using unsatisfiable core extraction and interpolation. An experimental evaluation demonstrates the effectiveness of the approach in proving unfeasibility, and the adequacy of the automatically generated explanations. I.
References
"... Abstract. Bounded Model Checking (BMC) is a successful method for falsification of erroneous systems. Initially, BMC was applied to circuits and other propositional systems. But in the meantime it could be extended to systems that are embedded in more complex domains, e.g., timed automata or linear ..."
Abstract
 Add to MetaCart
Abstract. Bounded Model Checking (BMC) is a successful method for falsification of erroneous systems. Initially, BMC was applied to circuits and other propositional systems. But in the meantime it could be extended to systems that are embedded in more complex domains, e.g., timed automata or linear hybrid systems. Generally, BMC works by describing counterexamples of a fixed length in a decidable logic, and are checked for satisfiability by a suitable solver. In an earlier paper [ ÁBKS05] we have analyzed how BMC of linear hybrid systems can be accelerated already by appropriate encoding of counterexamples as formulas and by selective conflict learning. But this acceleration comes at the cost of high memory requirements due to excessive learning. In this paper we introduce parametric data structures for the internal solver that, taking advantage of the symmetry of BMC problems, remarkably reduce the memory requirements of the solver without decreasing
Memoryaware Bounded Model Checking for Linear Hybrid Systems ⋆
"... Abstract. Bounded Model Checking (BMC) is a successful method for refuting properties of erroneous systems. Initially applied to discrete systems only, BMC could be extended to more complex domains like linear hybrid automata. The increasing complexity coming along with these complex models, but als ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract. Bounded Model Checking (BMC) is a successful method for refuting properties of erroneous systems. Initially applied to discrete systems only, BMC could be extended to more complex domains like linear hybrid automata. The increasing complexity coming along with these complex models, but also recent optimizations of SATbased BMC, like excessive conflict learning, reveal a memory explosion problem especially for deep counterexamples. In this paper we introduce parametric data types for the internal solver structure that, taking advantage of the symmetry of BMC problems, remarkably reduce the memory requirements of the solver. 1
VerificationIntegrated Falsification of NonDeterministic Hybrid Systems
, 2006
"... Abstract This paper provides a method for coupling safety verification algorithms for nondeterministic (and, in general, nonlinear) hybrid systems with the ability of finding concrete counterexamples, i.e., withfalsification. Such a tight integration of verification with falsification has the adv ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract This paper provides a method for coupling safety verification algorithms for nondeterministic (and, in general, nonlinear) hybrid systems with the ability of finding concrete counterexamples, i.e., withfalsification. Such a tight integration of verification with falsification has the advantage that verification attempts guide the search for concrete counterexamples, and endless attempts to verify unsafe systems or to find counterexamples in safe systems can often be avoided.
Memoryaware Bounded Model Checking for LinearHybrid Systems
"... Abstract. Bounded Model Checking (BMC) is a successful method forrefuting properties of erroneous systems. Initially applied to discrete systems only, BMC could be extended to more complex domains like linearhybrid automata. The increasing complexity coming along with these complex models, but also ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract. Bounded Model Checking (BMC) is a successful method forrefuting properties of erroneous systems. Initially applied to discrete systems only, BMC could be extended to more complex domains like linearhybrid automata. The increasing complexity coming along with these complex models, but also recent optimizations of SATbased BMC, like excessive conflict learning, reveal a memory explosion problem especially for deep counterexamples. In this paper we introduce parametric data typesfor the internal solver structure that, taking advantage of the symmetry of BMC problems, remarkably reduce the memory requirements of the solver. 1 Introduction Bounded model checking (BMC) [5, 6] is a successful refutation method which wasstudied and applied very intensively in the last years. Starting with the initial states of a system, the BMC algorithm considers computations with increasing length k = 0, 1,.... For each k, the algorithm checks whether there exists a counterexample of thegiven length, i.e., if there is a computation that starts in an initial state and that leads to a state violating the system specification in k steps.Basically, BMC can be applied to all kinds of systems for that reachability within a bounded number of steps can be expressed in a decidable logic. For example, for discrete systems firstorder predicate logic is used, whereas the analysis of linear hybrid automata [8] requires firstorder logic formulas over (R, +, <, 0, 1) [7].In this work we focus on checking safety properties of linear hybrid automata, whereby the violation of a safety property is expressed by stating that the last, i.e., the kth, stateof the computation does not fulfill the specification. The corresponding formula must be checked for satisfiability: The formula is satisfiable if and only if the specificationcan be violated by a computation of length
Bounded Model Checking with Parametric Data Structures
"... Bounded Model Checking (BMC) is a successful refutation method to detect errors in not only circuits and other binary systems but also in systems with more complex domains like timed automata or linear hybrid automata. Counterexamples of a fixed length are described by formulas in a decidable logic, ..."
Abstract
 Add to MetaCart
(Show Context)
Bounded Model Checking (BMC) is a successful refutation method to detect errors in not only circuits and other binary systems but also in systems with more complex domains like timed automata or linear hybrid automata. Counterexamples of a fixed length are described by formulas in a decidable logic, and checked for satisfiability by a suitable solver. In an earlier paper we analyzed how BMC of linear hybrid automata can be accelerated already by appropriate encoding of counterexamples as formulas and by selective conflict learning. In this paper we introduce parametric datatypes for the internal solver structure that, taking advantage of the symmetry of BMC problems, remarkably reduce the memory requirements of the solver.