Sergio Yovine

The Algorithmic Analysis of Hybrid Systems

We present a general framework for the formal specification and algorithmic analysis of hybrid systems. A hybrid system consists of a discrete program with an analog environment. We model hybrid systems as finite automata equipped with variables that evolve continuously with time according to dynamical laws. For verification purposes, we restrict ourselves to linear hybrid systems, where all variables follow piecewise-linear trajectories. We provide decidability and undecidability results for classes of linear hybrid systems, and we show that standard program-analysis techniques can be adapted to linear hybrid systems. In particular, we consider symbolic model-checking and minimization procedures that are based on the reachability analysis of an infinite state space. The procedures iteratively compute state sets that are definable as unions of convex polyhedra in multidimensional real space. We also present approximation techniques for dealing with systems for which the iterative procedures do not converge.

Symbolic model checking for real-time systems

Finite-state programs over real-numbered time in a guarded-command language with real-valued clocks are described. Model checking answers the question of which states of a real-time program satisfy a branching-time specification. An algorithm that computes this set of states symbolically as a fixpoint of a functional on state predicates, without constructing the state space, is given.<<ETX>>

A New Class of Decidable Hybrid Systems

One of the most important analysis problems of hybrid systems is the reachability problem. State of the art computational tools perform reachability computation for timed automata, multirate automata, and rectangular automata. In this paper, we extend the decidability frontier for classes of linear hybrid systems, which are introduced as hybrid systems with linear vector fields in each discrete location. This result is achieved by showing that any such hybrid system admits a finite bisimulation, and by providing an algorithm that computes it using decision methods from mathematical logic.

Symbolic Reachability Computation for Families of Linear Vector Fields

The control paradigm of physical processes being supervised by digital programs has lead to the development of a theory of hybrid systems combining finite state automata with differential equations. One of the most important problems in the verification of hybrid systems is the reachability problem. Even though the computation of reachable spaces for finite state machines is well developed, computing the reachable space of a differential equation is difficult. In this paper, we present the first known families of linear differential equations with a decidable reachability problem. This is achieved by posing the reachability computation as a quantifier elimination problem in the decidable theory of the reals. We illustrate the applicability of our approach by performing computations using the packages Redlog and Qepcad. Such symbolic computations can be incorporated in computer-aided verification tools for purely discrete systems, resulting in verification tools for hybrid systems with linear differential equations.

From ATP to timed graphs and hybrid systems

The paper presents results of ongoing work aiming at the unification of some behavioral description formalisms for timed systems. We propose for the algebra of timed processes ATP a very general semantics in terms of a time domain. It is then shown how ATP can be translated into a variant of timed graphs. This result allows the application of existing model-checking techniques to ATP. Finally, we propose a notion of hybrid systems as a generalization of timed graphs. Such systems can evolve, either by executing a discrete transition, or by performing some “continuous” transformation. The formalisms studied admit the same class of models: time deterministic and time continuous, possibly infinitely branching transition systems labeled by actions or durations.

Reducing the number of clock variables of timed automata

We propose a method for reducing the number of clocks of a timed automaton by combining two algorithms. The first one consists in detecting active clocks, that is, those clocks whose values are relevant for the evolution of the system. The second one detects sets of clocks that are always equal. We implemented the algorithms and applied them to several case studies. These experimental results show that an appropriate encoding of the state space, based on the output of the algorithms, leads to a considerable reduction of the memory space allowing a more eficient Verification.

Compiling real-time specifications into extended automata

A method for the implementation and analysis of real-time systems, based on the compilation of specification extended automata is proposed. The method is illustrated for a simple specification language that can be viewed as the extension of a language for the description of systems of communicating processes, by adding timeout and watchdog constructs. The main result is that such a language can be compiled into timed automata, which are extended automata with timers. Timers are special state variables that can be set to zero by transitions, and whose values measure the time elapsed since their last reset. Timed automata do not make any assumption about the nature of time and adopt an event-driven execution mode. Their complexity does not depend on the values of the parameters of timeouts and watchdogs used in specifications. These features allow the application on timed automata of efficient code generation and analysis techniques. In particular, it is shown how symbolic model-checking of real-time properties can be directly applied to this model. >

Two examples of verification of multirate timed automata with Kronos

Multirate timed automata are an extension of timed automata where each clock has its own speed varying between a lower and an upper bound that may change from one control location to another. This formalism is well-suited for specifying hybrid systems where the dynamics of the continuous variables are defined or can be approximated by giving the minimal and maximal rate of change. To avoid the difficulties inherent in the verification of multirate timed automata, we follow an approach that consists of first transforming the multirate timed automata into timed automata and then applying the symbolic techniques implemented in KRONOS. We show the practical interest of this approach analyzing two examples recently proposed in the literature and considered to be realistic case studies: a manufacturing plant and the Philips audio control protocol.

Integration Graphs: A Class of Decidable Hybrid Systems

Integration Graphs are a computational model developed in the attempt to identify simple Hybrid Systems with decidable analysis problems. We start with the class of constant slope hybrid systems (cshs), in which the right hand side of all differential equations is an integer constant. We refer to continuous variables whose right hand side constants are always 1 as timers. All other continuous variables are called integrators. The first result shown in the paper is that simple questions such as reachability of a given state are undecidable for even this simple class of systems.

A framework for scheduler synthesis

We present a framework integrating specification and scheduler generation for real time systems. In a first step, the system, which can include arbitrarily designed tasks (cyclic or sporadic, with or without precedence constraints, any number of resources and CPUs) is specified as a timed Petri net. In a second step, our tool generates the most general non preemptive online scheduler for the specification, using a controller synthesis technique.