Weak Singular Hybrid Automata

The framework of Hybrid automata, introduced by Alur, Courcourbetis, Henzinger, and Ho, provides a formal modeling and analysis environment to analyze the interaction between the discrete and the continuous parts of cyber-physical systems. Hybrid automata can be considered as generalizations of finite state automata augmented with a finite set of real-valued variables whose dynamics in each state is governed by a system of ordinary differential equations. Moreover, the discrete transitions of hybrid automata are guarded by constraints over the values of these real-valued variables, and enable discontinuous jumps in the evolution of these variables. Singular hybrid automata are a subclass of hybrid automata where dynamics is specified by state-dependent constant vectors. Henzinger, Kopke, Puri, and Varaiya showed that for even very restricted subclasses of singular hybrid automata, the fundamental verification questions, like reachability and schedulability, are undecidable. In this paper we present \emph{weak singular hybrid automata} (WSHA), a previously unexplored subclass of singular hybrid automata, and show the decidability (and the exact complexity) of various verification questions for this class including reachability (NP-Complete) and LTL model-checking (PSPACE-Complete). We further show that extending WSHA with a single unrestricted clock or extending WSHA with unrestricted variable updates lead to undecidability of reachability problem

Verification and Optimization of a PLC Control Schedule

We report on the use of the SPIN model checker for both the verification of a process control program and the derivation of optimal control schedules. This work was carried out as part of a case study for the EC VHS project (Verification of Hybrid Systems), in which the program for a Programmable Logic Controller (PLC) of an experimental chemical plant had to be designed and verified. The intention of our approach was to see how much could be achieved here using the standard model checking environment of SPIN/Promela. As the symbolic calculations of real-time model checkers can be quite expensive it is interesting to try and exploit the efficiency of established non-real-time model checkers like SPIN in those cases where promising work-arounds seem to exist. In our case we handled the relevant real-time properties of the PLC controller using a time-abstraction technique; for the scheduling we implemented in Promela a so-called variable time advance procedure. For this case study these techniques proved sufficient to verify the design of the controller and derive (time-)optimal schedules with reasonable time and space requirements

Is lazy abstraction a decision procedure for broadcast protocols?

Lazy abstraction builds up an abstract reachability tree by locally refining abstractions in order to eliminate spurious counterexamples in smaller and smaller subtrees. The method has proven useful to verify systems code. It is still open how good the method is as a decision procedure, i.e., whether the method terminates for already known decidable verification problems. In this paper, we answer the question positively for broadcast protocols and other infinite-state models in the class of so-called well-structured systems. This extends an existing result on systems with a finite bisimulation quotient

Towards Efficient Exact Synthesis for Linear Hybrid Systems

We study the problem of automatically computing the controllable region of a Linear Hybrid Automaton, with respect to a safety objective. We describe the techniques that are needed to effectively and efficiently implement a recently-proposed solution procedure, based on polyhedral abstractions of the state space. Supporting experimental results are presented, based on an implementation of the proposed techniques on top of the tool PHAVer.Comment: In Proceedings GandALF 2011, arXiv:1106.081

Practical Automated Partial Verification of Multi-Paradigm Real-Time Models

This article introduces a fully automated verification technique that permits to analyze real-time systems described using a continuous notion of time and a mixture of operational (i.e., automata-based) and descriptive (i.e., logic-based) formalisms. The technique relies on the reduction, under reasonable assumptions, of the continuous-time verification problem to its discrete-time counterpart. This reconciles in a viable and effective way the dense/discrete and operational/descriptive dichotomies that are often encountered in practice when it comes to specifying and analyzing complex critical systems. The article investigates the applicability of the technique through a significant example centered on a communication protocol. More precisely, concurrent runs of the protocol are formalized by parallel instances of a Timed Automaton, while the synchronization rules between these instances are specified through Metric Temporal Logic formulas, thus creating a multi-paradigm model. Verification tests run on this model using a bounded validity checker implementing the technique show consistent results and interesting performances.Comment: 33 pages; fixed a few typos and added data to Table

A Logical Characterization of Timed (non-)Regular Languages

CLTLoc (Constraint LTL over clocks) is a quantifier-free extension of LTL allowing variables behaving like clocks over real numbers. CLTLoc is in PSPACE [9] and its satisfiability can polynomially be reduced to a SMT problem, allowing a feasible implementation of a decision procedure. We used CLTLoc to capture the semantics of metric temporal logics over continuous time, such as Metric Interval Temporal Logic (MITL), resulting in the first successful implementation of a tool for checking MITL satisfiability [7]. In this paper, we assess the expressive power of CLTLoc, by comparing it with various temporal formalisms over dense time.When interpreted over timed words, CLTLoc is equivalent to Timed Automata. We also define a monadic theory of orders, extending the one introduced by Kamp, which is expressively equivalent to CLTLoc. We investigate a decidable extension with an arithmetical next operator, which allows the expression of timed non-ω-regular languages

Abstraction and Verification of Properties of a Real-Time Java

International audienceWe present a tool for analysing resource sharing conflicts in multithreaded Java programs. Java programs are translated to timed automata models verified afterwards by the Uppaal model checker. Analysed programs are annotated with timing information indicating the execution duration of a particular statement. Based on the timing information, the analysis of execution paths is performed, which gives an answer whether resource sharing conflicts are possible in a multithreaded Java program. If the analysis succeeds, resource locks may be eliminated from the Java program

Enhanced Operational Semantics in Systems Biology

We are faced with a great challenge: the cross-fertilization between the fields of formal methods for concurrency, in the computer science domain, and systems biology in the biological realm