A Deductive Approach towards Reasoning about Algebraic Transition Systems

Algebraic transition systems are extended from labeled transition systems by allowing transitions labeled by algebraic equations for modeling more complex systems in detail. We present a deductive approach for specifying and verifying algebraic transition systems. We modify the standard dynamic logic by introducing algebraic equations into modalities. Algebraic transition systems are embedded in modalities of logic formulas which specify properties of algebraic transition systems. The semantics of modalities and formulas is defined with solutions of algebraic equations. A proof system for this logic is constructed to verify properties of algebraic transition systems. The proof system combines with inference rules decision procedures on the theory of polynomial ideals to reduce a proof-search problem to an algebraic computation problem. The proof system proves to be sound but inherently incomplete. Finally, a typical example illustrates that reasoning about algebraic transition systems with our approach is feasible

Hazard elimination using backwards reachability techniques in discrete and hybrid models

Thesis (Ph. D.)--Massachusetts Institute of Technology, Dept. of Aeronautics and Astronautics, February 2002.Includes bibliographical references (leaves 173-181).One of the most important steps in hazard analysis is determining whether a particular design can reach a hazardous state and, if it could, how to change the design to ensure that it does not. In most cases, this is done through testing or simulation or even less rigorous processes--none of which provide much confidence for complex systems. Because state spaces for software can be enormous (which is why testing is not an effective way to accomplish the goal), the innovative Hazard Automaton Reduction Algorithm (HARA) involves starting at a hypothetical unsafe state and using backwards reachability techniques to obtain enough information to determine how to design in order to ensure that state cannot be reached. State machine models are very powerful, but also present greater challenges in terms of reachability, including the backwards reachability needed to implement the Hazard Automaton Reduction Algorithm. The key to solving the backwards reachability problem lies in converting the state machine model into a controls state space formulation and creating a state transition matrix. Each successive step backward from the hazardous state then involves only one n by n matrix manipulation. Therefore, only a finite number of matrix manipulations is necessary to determine whether or not a state is reachable from another state, thus providing the same information that could be obtained from a complete backwards reachability graph of the state machine model. Unlike model checking, the computational cost does not increase as greatly with the number of backward states that need to be visited to obtain the information necessary to ensure that the design is safe or to redesign it to be safe. The functionality and optimality of this approach is proved in both discrete and hybrid cases.(cont.) The new approach of the Hazard Automaton Reduction Algorithm combined with backwards reachability controls techniques was demonstrated on a blackbox model of a real aircraft altitude switch. The algorithm is being implemented in a commercial specification language (SpecTRM-RL). SpecTRM-RL is formally extended to include continuous and hybrid models. An analysis of the safety of a medium term conflict detection algorithm (MTCD) for aircraft, that is being developed and tested by Eurocontrol for use in European Air Traffic Control, is performed. Attempts to validate such conflict detection algorithms is currently challenging researchers world wide. Model checking is unsatisfactory in general for this problem because of the lack of a termination guarantee in backwards reachability using model checking. The new state-space controls approach does not encounter this problem.by Natasha Anita Neogi.Ph.D

Controle supervisório modular de sistemas híbridos

Tese (doutorado) - Universidade Federal de Santa Catarina, Centro Tecnológico. Programa de Pós-Graduação em Engenharia Elétrica.A presente tese de doutorado introduz uma metodologia de s´ýntese modular de supervisores para sistemas h´ýbridos que assegura um comportamento nao bloqueante e minimamente restritivo para o sistema sob supervisao. Os sistemas h´ýbridos considerados possuem dinamicas cont´ýnuas e dinamicas a eventos discretos, sendo que a dinamica discreta ´e definida por eventos gerados quando vari´aveis do espa¸co de estado cont´ýnuo alcan¸cam uma superf´ýcie de limiar, for¸cando entao transi¸coes no estado discreto. A dinamica cont´ýnua ´e determinada em fun¸cao do estado discreto atual do sistema. O objetivo de supervisao consiste em restringir a selecao de dinamicas cont´ýnuas de forma que a seq¨uencia de eventos esteja contida em um conjunto de seq¨uencias permitidas (especifica¸cao de controle). Os supervisores sao projetados (separadamente) usando uma abordagem puramente discreta. Este trabalho contribui ainda para a consolida¸cao da abordagem monol´ýtica de s´ýntese de supervisores para sistemas h´ýbridos e estende resultados anteriores atrav´es da considera¸cao de linguagens marcadas. A introdu¸cao do conceito de supervisor marcador para sistemas h´ýbridos permite que a determina¸cao do que deve ser uma tarefa fique a cargo do supervisor (da especifica¸cao). Nesta tese estuda-se tamb´em os problemas que surgem quando o projeto de supervisores (seja na abordagem monol´ýtica ou na abordagem modular) ´e feito com base em uma aproxima¸cao para o comportamento l´ogico do sistema h´ýbrido. Estabelece-se uma condi¸cao sob a qual se pode garantir que um supervisor sintetizado com base em um modelo aproximado para a planta h´ýbrida ´e tamb´em uma solu¸cao para o problema original. Exemplos sao utilizados para ilustrar a metodologia proposta e provas matem´aticas sao apresentadas para comprovar os resultados obtidos

Deductive Verification of Hybrid Systems Using STeP

. We investigate the feasibility of computer-aided deductive verification of hybrid systems. Hybrid systems are modeled by phase transition systems, in which activities specify the bounds on the derivatives of the continuous variables. We present a method for invariant generation based on static analysis of the phase transition system. The invariants produced can be used as auxiliary properties in the verification of temporal properties. We show that in some cases the invariants thus produced suffice to prove the main safety property. 1 Introduction Deductive approaches to the verification of hybrid systems have been studied extensively. However this work has been mostly theoretical; few implementations exist to test the feasibility of these approaches on practical problems. Some exceptions are [26] and [6] where PVS is used to verify (part of) the steamboiler challenge problem [1]. On the other hand, algorithmic verification methods for hybrid systems, based on hybrid automata [2, 16..