The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.
-
date post
15-Jan-2016 -
Category
Documents
-
view
214 -
download
0
Transcript of The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.
![Page 1: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/1.jpg)
The Symbolic Approach to
Hybrid Systems
Tom Henzinger
University of California, Berkeley
![Page 2: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/2.jpg)
Discrete (transition) system
![Page 3: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/3.jpg)
Discrete (transition) system
Continuous (dynamical) system
Q = Rn
![Page 4: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/4.jpg)
Discrete (transition) system
Continuous (dynamical) system
Hybrid system
jumps flows
Q = Rn
![Page 5: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/5.jpg)
Discrete (transition) system
Continuous (dynamical) system
Hybrid system
jumps flows
Q = Rn
-nondeterministic -time abstract
![Page 6: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/6.jpg)
A Thermostat
States
x R temperatureh { on, off } heat
![Page 7: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/7.jpg)
A Thermostat
States
x R temperatureh { on, off } heat
Flows
f1 Y h = on x' = K(H-x) f2 Y h = off x' = -Kx
invariants
![Page 8: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/8.jpg)
A Thermostat
States
x R temperatureh { on, off } heat
Flows
f1 Y h = on x' = K(H-x) f2 Y h = off x' = -Kx
Jumps
j1 Y h = on h := off j2 Y h = off h := on
guards
![Page 9: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/9.jpg)
j1 j2
h = on
h = off
f1
f2
x
![Page 10: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/10.jpg)
A Thermostat
States
x R temperatureh { on, off } heatt R timer
Flows
f1 Y h = on t U x' = K(H-x); t' := 1 f2 Y h = off t U x' = -Kx; t' := 1
Jumps
j1 Y h = on t L h := off; t' := 0 j2 Y h = off t L h := on; t' := 0
![Page 11: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/11.jpg)
A Thermostat
States
x R temperatureh { on, off } heatt R timer
Flows
f1 Y h = on t U x' = K(H-x); t' = 1 f2 Y h = off t U x' = -Kx; t' = 1
Jumps
j1 Y h = on t L h := off; t := 0 j2 Y h = off t L h := on; t := 0
![Page 12: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/12.jpg)
A Thermostat
States
x R temperatureh { on, off } heatt R timer
Flows
f1 Y h = on t U x' = K(H-x); t' = 1 f2 Y h = off t U x' = -Kx; t' = 1
Jumps
j1 Y h = on t L h := off; t := 0 j2 Y h = off t L h := on; t := 0
![Page 13: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/13.jpg)
x
t
x
tL U
h = on
h = off
f1
![Page 14: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/14.jpg)
x
t
x
tL U
h = on
h = off
j1
f1
![Page 15: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/15.jpg)
x
t
x
tL U
h = on
h = off
j1
f1
f2
![Page 16: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/16.jpg)
x
t
x
tL U
h = on
h = off
j1
j2
f1
f2
![Page 17: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/17.jpg)
x
t
x
tL U
h = on
h = off
j1
j2
f1
f2
![Page 18: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/18.jpg)
x
tL U
h = off
Step 1: Discretize
f2
![Page 19: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/19.jpg)
Transition System
Q set of states set of actions post: Q 2Q successor function
![Page 20: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/20.jpg)
Transition System
Q set of states set of actions post: Q 2Q successor function
Thermostat
Q = R2 { on, off } = { f1, f2, j1, j2 }
post ( x, t, on, j1) ={ (x, 0, off) } if t L
if t < L
{
![Page 21: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/21.jpg)
Transition System
Q set of states set of actions post: Q 2Q successor function
Thermostat
Q = R2 { on, off } = { f1, f2, j1, j2 }
post ( x, t, on, j1) =
post ( x, t, on, f1) =
{ (x, 0, off) } if t L if t
< L
{
{infinite set if t < U { (x, 0, on) }
if t = U if t > U
![Page 22: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/22.jpg)
x
t
x
tL U
h = on
h = off
R
Step 2: Lift
![Page 23: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/23.jpg)
x
t
x
tL U
h = on
h = off
R
post(R,f2)
Step 2: Lift
![Page 24: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/24.jpg)
x
t
x
tL U
h = on
h = off
R
post(R,f2)
post( post(R,f2), j2)
Step 2: Lift
![Page 25: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/25.jpg)
Lifted Transition System
Q post: 2Q 2Q post(R,) = qQ post(q,)
![Page 26: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/26.jpg)
Lifted Transition System
Q post: 2Q 2Q post(R,) = qQ post(q,) pre: 2Q 2Q pre(R,) = qQ pre(q,)
![Page 27: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/27.jpg)
x
t
x
tL U
h = on
h = offR
![Page 28: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/28.jpg)
x
t
x
tL U
h = on
h = offR
pre(R,f2)
![Page 29: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/29.jpg)
x
t
x
tL U
h = on
h = offR
pre(R,f2)
pre( pre(R,f2), j2)
![Page 30: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/30.jpg)
x
t
x
tL U
h = on
h = off
Step 3: Observe
0 < x < 1
3 < x < 4
2 < x < 3
1 < x < 2
![Page 31: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/31.jpg)
Observed Transition System
Q pre, post: 2Q 2Q A = { a1, a2, a3, … } set of observations
Q
a3a2
a1
![Page 32: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/32.jpg)
Observed Transition System
Q pre, post: 2Q 2Q A set of observations
Thermostat
A = { on, off } [ { x = c, c < x < c+1 | c Z }
![Page 33: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/33.jpg)
Symbolic Transition System
Q pre, post A = { R1, R2, … }
set of regions Ri Q
1. A
2. pre, post: computable
3. Å : 2 \ : 2 computable
: 2 { t, f }
Region algebra:
![Page 34: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/34.jpg)
Symbolic Transition System
1. Local computation: Region Operations
Compute pre, post, Å , \ , and on regions in .
2. Global computation: Symbolic Semi-Algorithms
Starting from the observations in A, compute new regions in by applying the operations pre, post, Å , \ , and .
![Page 35: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/35.jpg)
Region Algebra
If -Q is the valuations for a set X:Vals of typed variables, -the effect of transitions can be expressed using Ops on Vals, -the first-order theory FO(Vals,Ops) admits quantifier elimination,
then the quantifier-free fragment ZO(Vals,Ops) is a region algebra.
This is because each pre and post operation is a quantifier elimination:
pre(R(X)) = (X) (Trans(X,X) R(X))
![Page 36: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/36.jpg)
Q = Bm Rn
Invariants and guards: boolean and linear constraints, e.g. a
(3x1 + x2 7)
Flows: rectangular differential inclusions, e.g. x'1 [1,2] Jumps: boolean and linear constraints, e.g. x2 := 2x1 + x2 +1
Example: Polyhedral Hybrid Automata
![Page 37: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/37.jpg)
Q = Bm Rn
Invariants and guards: boolean and linear constraints, e.g. a
(3x1 + x2 7)
Flows: rectangular differential inclusions, e.g. x'1 [1,2] Jumps: boolean and linear constraints, e.g. x2 := 2x1 + x2 +1
A = set of boolean valuations and integral polyhedra in Rn
Example: Polyhedral Hybrid Automata
![Page 38: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/38.jpg)
Q = Bm Rn
Invariants and guards: boolean and linear constraints, e.g. a
(3x1 + x2 7)
Flows: rectangular differential inclusions, e.g. x'1 [1,2] Jumps: boolean and linear constraints, e.g. x2 := 2x1 + x2 +1
A = set of boolean valuations and integral polyhedra in Rn
= set of boolean valuations and rational polyhedra in Rn x = … ZO(Q,,+)
Example: Polyhedral Hybrid Automata
![Page 39: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/39.jpg)
FO(Q,,+) admits quantifier elimination, hence ZO(Q,,+) is a region algebra.
Jump j: Y x1 x2 x2 := 2x1-1
pre( 1 x1 x2 2, j ) = ( x1, x2) (x1 x2 x1 = x1 x2 = 2x1-1 1 x1 x2 2)
Example: Polyhedral Hybrid Automata
![Page 40: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/40.jpg)
Jump j: Y x1 x2 x2 := 2x1-1
pre( 1 x1 x2 2, j ) = ( x1, x2) (x1 x2 x1 = x1 x2 = 2x1-1 1 x1 x2 2) = x1 x2 1 x1 2x1-1 2
= x1 x2 1 x1 3/2
Example: Polyhedral Hybrid Automata
FO(Q,,+) admits quantifier elimination, hence ZO(Q,,+) is a region algebra.
![Page 41: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/41.jpg)
x1
x2
R
![Page 42: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/42.jpg)
x1
x2
R
pre(R,j)
![Page 43: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/43.jpg)
Flow f: Y x1 x2 x'1 [1,2]; x'2 = 1
pre( 1 x1 x2 2, f ) = ( 1 k1 2) ( 0)
(1 x1+k1 x2+ 2 ( 0 ) (x1+k1 x2+))
Example: Polyhedral Hybrid Automata
![Page 44: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/44.jpg)
Flow f: Y x1 x2 x'1 [1,2]; x'2 = 1
pre( 1 x1 x2 2, f ) = ( 1 k1 2) ( 0)
(1 x1+k1 x2+ 2 ( 0 ) (x1+k1 x2+)) = ( 0) ( d1 2) (1 x1+d1 x2+ 2 x1 x2 x1+d1 x2+)
convex guards
Example: Polyhedral Hybrid Automata
![Page 45: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/45.jpg)
Flow f: Y x1 x2 x'1 [1,2]; x'2 = 1
pre( 1 x1 x2 2, f ) = ( 1 k1 2) ( 0)
(1 x1+k1 x2+ 2 ( 0 ) (x1+k1 x2+)) = ( 0) ( d1 2) (1 x1+d1 x2+ 2 x1 x2 x1+d1 x2+) = ( 0) (x1 x2 1 x1+2 1 x2+ 2) = x1 x2 x2 2 2x2 x1+3 convex guards
Example: Polyhedral Hybrid Automata
![Page 46: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/46.jpg)
x1
x2
R
pre(R,f)
f
![Page 47: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/47.jpg)
x
y
![Page 48: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/48.jpg)
far
x’[-50,-40]x 1000
near
x’[-50,-30]x 0
pastx’[30,50]
x 100
x = 1000
x = 0x = 100 x : [2000,)
app!
exit!
app
exit
train
x: initialized rectangular variable
![Page 49: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/49.jpg)
upy’ = 9
open
y’ = 0raise
lower
gate
y: uninitialized singular variable
y 90
y = 90
downy’ = -9
closedy’ = 0
y 0
y = 0
raise? lower? raise?
lower?
![Page 50: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/50.jpg)
t’ = 1t
t := 0
app?
lower!
t’ = 1t
t := 0
exit?
raise!
app exit
idle
controller
raiselower
t: clock variable : design parameter
![Page 51: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/51.jpg)
Properties
Safety: ( x 10 loc[gate] = closed )
“on all trajectories, always”
For which values of is this true?
![Page 52: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/52.jpg)
Safety: ( x 10 loc[gate] = closed )
Liveness: ( loc[gate] = open )
“on all trajectories, eventually”
Properties
![Page 53: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/53.jpg)
Safety: ( x 10 loc[gate] = closed )
Liveness: ( loc[gate] = open )
Real time: z := 0. ( z’ = 1 ( loc[gate] = open z
60 ))
clock variable
Properties
![Page 54: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/54.jpg)
Safety: ( x 10 loc[gate] = closed )
Liveness: ( loc[gate] = open )
Real time: z := 0. ( z’ = 1 ( loc[gate] = open
z 60 ))
Nonzeno: z := 0. ( z’ = 1 ( z = 1 ))
“on some trajectory, eventually”
Properties
![Page 55: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/55.jpg)
A Zeno System
yx
leftx’ = 1y’ = -2y 5
rightx’ = -2y’ = 1x 5
y = 5
x = 5
![Page 56: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/56.jpg)
yx
leftx’ = 1y’ = -2y 5
rightx’ = -2y’ = 1x 5
y = 5
x = 5
x
y
t
A Zeno System
![Page 57: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/57.jpg)
Model Checker
Model Property
Condition under which the model satisfies the property, or error trajectory
Collection of polyhedral
hybrid automata
Safety or liveness or real time or
nonzeno
HyTech
![Page 58: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/58.jpg)
Model Checking for Safety
Bm Rn
initial states
unsafe states
?
![Page 59: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/59.jpg)
initial states
unsafe states
Bm Rn
Model Checking for Safety
![Page 60: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/60.jpg)
initial states
unsafe states
Bm Rn
Model Checking for Safety
![Page 61: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/61.jpg)
initial states
unsafe states
unsafe parameter values
Bm Rn
Model Checking for Safety
![Page 62: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/62.jpg)
initial states
unsafe states
unsafe parameter values
This is guaranteed to terminate if all variables are initialized (e.g. clocks).
Bm Rn
Model Checking for Safety
![Page 63: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/63.jpg)
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =Hy T ech : sy mb o lic mo d el ch eck er fo r emb ed d ed sy stemsVersio n 1 .0 4 1 0 /1 5 /9 6F o r mo re in fo : email: h y tech @eecs.b erk eley.ed u h ttp ://www.eecs.b erk eley.ed u /~ tah /Hy T ech= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = S ettin g o u tp u t lev el to 1C h eck in g au to mato n g ate WAR NING: lo cn erro r o f au to mato n g ate h as n o o u tg o in g tran sitio n sC h eck in g au to mato n co n tro llerC h eck in g au to mato n trainC o mp o sin g au to mata * *Iteratio n : 0Usin g th is n ewly reach ed list = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =L o catio n : far.id le.o p en y = 9 0 & x > = 1 0 0 0Iteratio n : 1Usin g th is n ewly reach ed list = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =L o catio n : n ear.ab o u t_ to _ lo wer.o p en y = 9 0 & t < = alp h a & x + 3 0 t < = 1 0 0 0 & x + 5 0 t > = 1 0 0 0 & x > = 0Iteratio n : 2Usin g th is n ewly reach ed list = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =L o catio n : p ast.ab o u t_ to _ lo wer.o p en y = 9 0 & t < = alp h a & x > = 0 & 5 0 t > = x + 1 0 0 0 & 3 0 t < = x + 1 0 0 0 & x < = 1 0 0L o catio n : n ear.ab o u t_ to _ lo wer.erro r y = 9 0 & t < = alp h a & x < = 1 0 & x + 5 0 t > = 1 0 0 0 & x > = 0 & x + 3 0 t < = 1 0 0 0L o catio n : n ear.id le.d o wn t < = alp h a & x > = 0 & 9 x + 4 5 0 t > = 5 0 y + 4 5 0 0 & y < = 9 0 & 3 x + 9 0 t < = 1 0 y + 2 1 0 0 & y > = 0 & t> = 0Iteratio n : 3Usin g th is n ewly reach ed list = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =L o catio n : p ast.ab o u t_ to _ lo wer.erro r y = 9 0 & t < = alp h a & x > = 0 & 5 0 t > = x + 1 0 0 0 & 3 0 t < = x + 1 0 0 0 & x < = 1 0 0L o catio n : p ast.id le.d o wn t < = alp h a & x < = 1 0 0 & 4 5 0 t > = 9 x + 5 0 y + 4 5 0 0 & y < = 9 0 & t > = 2 0 & 3 x + 1 0 y > = 9 0 0 & 9 0 t< = 3 x + 1 0 y + 2 1 0 0| t < = alp h a & y > = 0 & x > = 0 & 9 0 t < = 3 x + 1 0 y + 2 1 0 0 & 9 x + 5 0 y < = 4 5 0 0 & 3 t < = 1 0 0 & 4 5 0 t> = 9 x + 5 0 y + 4 5 0 0 & x < = 1 0 0L o catio n : n ear.id le.erro r t < = alp h a & y < = 9 0 & x > = 0 & 3 x + 9 0 t < = 1 0 y + 2 1 0 0 & 4 5 t > = 5 y + 4 4 1 & x < = 1 0 & y > = 0L o catio n : n ear.id le.clo sed y = 0 & t < = alp h a & t > = 0 & x > = 0 & x + 3 0 t < = 7 0 0L o catio n : far.ab o u t_ to _ raise.o p en y = 9 0 & x > = 1 0 0 0 & alp h a > = 2 2 & x + 5 0 t > = 2 0 0 0 & t > = 0 & t < = alp h aIteratio n : 4Usin g th is n ewly reach ed list = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =L o catio n : p ast.id le.erro r t < = alp h a & y > = 8 7 & 9 t < = y + 2 1 3 & 3 x + 1 0 y > = 9 0 0 & 9 0 t < = 3 x + 1 0 y + 2 1 0 0 & x < = 1 0 0 &3 t > = 6 0 & y < = 9 0| t < = alp h a & 9 t > = y + 9 0 & x > = 0 & y < = 9 0 & y > = 0 & 9 0 t < = 3 x + 1 0 y + 2 1 0 0 & x < = 1 0 0 & 9 t< = y + 2 1 3 & 3 t < = 1 0 0| t < = alp h a & 9 t < = y + 2 1 0 & y < = 9 0 & x > = 0 & 4 5 t > = 5 y + 4 4 1 & y > = 0 & x < = 1 0 0L o catio n : p ast.id le.clo sed y = 0 & t < = alp h a & 3 0 t < = x + 7 0 0 & x < = 1 0 0 & x > = 0 & 3 t > = 3 0| y = 0 & t < = alp h a & t > = 0 & x > = 0 & 3 t < = 7 0 & x < = 1 0 0L o catio n : far.ab o u t_ to _ raise.erro r y = 9 0 & x > = 1 0 0 0 & alp h a > = 2 2 & x + 5 0 t > = 2 0 0 0 & t > = 0 & t < = alp h aL o catio n : far.ab o u t_ to _ raise.d o wn x + 5 0 t > = 2 0 0 0 & 9 alp h a > = y + 9 t + 1 0 8 & t > = 0 & y + 9 t < = 9 0 & alp h a > = 2 0 & y > = 0 & y + 9 t> = 6 0| x + 5 0 t > = 2 0 0 0 & 9 alp h a > = y + 9 t + 1 0 8 & y > = 0 & t > = 0 & y + 9 t < = 7 2Iteratio n : 5Usin g th is n ewly reach ed list = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =L o catio n : n ear.ab o u t_ to _ lo wer.erro r y = 9 0 & alp h a > = 2 2 & x > = 0 & x + 5 0 t > = 1 0 0 0 & x + 3 0 t < = 1 0 0 0 & t < = alp h aL o catio n : far.ab o u t_ to _ raise.erro r x + 5 0 t > = 2 0 0 0 & y < = 9 0 & t > = 0 & 4 5 alp h a > = 5 y + 4 4 1 & 5 t < = 5 alp h a & y > = 0 & x > = 1 0 0 0L o catio n : far.ab o u t_ to _ raise.clo sed y = 0 & t < = alp h a & x + 5 0 t > = 2 0 0 0 & t > = 0 & x > = 1 0 0 0| y = 0 & alp h a > = 1 2 & t > = 0 & x + 5 0 t > = 2 0 0 0 & t < = alp h a & x > = 1 0 0 0L o catio n : far.id le.u p y < = 9 0 & 9 x + 5 0 y + 4 5 0 t > = 1 8 0 0 0 & t < = 1 0 & alp h a > = t + 1 2 & 9 x + 5 0 y + 9 0 0 t > = 2 1 0 0 0 & y +9 t > = 6 0 & y > = 0 & alp h a > = 2 0 & t > = 0| alp h a > = t + 1 2 & 9 x + 5 0 y + 4 5 0 t > = 1 8 0 0 0 & y > = 0 & t > = 0 & t < = 8 & y < = 9 0Iteratio n : 6Usin g th is n ewly reach ed list = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =L o catio n : n ear.ab o u t_ to _ lo wer.erro r t < = alp h a & y > = 0 & x > = 0 & alp h a > = 2 0 & x + 5 0 t > = 1 0 0 0 & x + 3 0 t < = 1 0 0 0 & y < = 9 0L o catio n : n ear.ab o u t_ to _ lo wer.clo sed y = 0 & alp h a > = 2 0 & x + 5 0 t > = 1 0 0 0 & x > = 0 & t < = alp h a & x + 3 0 t < = 1 0 0 0L o catio n : n ear.ab o u t_ to _ lo wer.u p x = 1 0 0 0 & y = 9 0 & t = 0 & alp h a > = 2 2L o catio n : far.id le.u p t < = alp h a & 9 x + 5 0 y + 4 5 0 t > = 1 8 0 0 0 & y > = 0 & t > = 0 & y < = 9 0 & x > = 1 0 0 0| alp h a > = 1 2 & 9 x + 5 0 y + 4 5 0 t > = 1 8 0 0 0 & t > = 0 & y > = 0 & t < = alp h a & y < = 9 0 & x > = 1 0 0 0Iteratio n : 7Usin g th is n ewly reach ed list = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =L o catio n : p ast.ab o u t_ to _ lo wer.erro r t < = alp h a & y > = 0 & 5 0 t > = x + 1 0 0 0 & x > = 0 & 3 0 t < = x + 1 0 0 0 & y < = 9 0 & x < = 1 0 0L o catio n : p ast.ab o u t_ to _ lo wer.clo sed y = 0 & t < = alp h a & x > = 0 & 3 0 t < = x + 1 0 0 0 & x < = 1 0 0 & 1 5 0 t > = 3 x + 3 0 0 0L o catio n : n ear.ab o u t_ to _ lo wer.u p y + 9 alp h a > = 9 t + 1 8 0 & y < = 9 0 & x + 3 0 t < = 1 0 0 0 & x + 5 0 t > = 1 0 0 0 & 9 t < = y| y < = 9 0 & x + 3 0 t < = 1 0 0 0 & alp h a > = 1 2 & x + 5 0 t > = 1 0 0 0 & y + 9 alp h a > = 9 t + 1 8 0 & 9 t < = yL o catio n : n ear.id le.clo sed y = 0 & x > = 0 & x + 3 0 t < = 1 0 0 0 & t < = alp h a & 3 alp h a > = 6 0 & 3 t > = 0Iteratio n : 8Usin g th is n ewly reach ed list = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =L o catio n : p ast.id le.clo sed y = 0 & t < = alp h a & 3 0 t < = x + 1 0 0 0 & x < = 1 0 0 & x > = 0 & 3 t > = 6 0| y = 0 & t < = alp h a & alp h a > = 2 0 & x > = 0 & x < = 1 0 0 & t > = 0 & 3 t < = 1 0 0L o catio n : n ear.id le.d o wn y > = 0 & t > = 0 & 3 x + 1 8 0 t < = 1 0 y + 3 0 0 0 & x + 3 0 t < = 1 0 0 0 & 3 x + 1 8 0 t < = 1 0 y + 9 0 alp h a + 1 2 0 0 & t < = 1 0 & 9 x + 4 5 0 t > = 5 0 y + 4 5 0 0 & alp h a > = t + 1 0 & y < = 9 0| y > = 0 & 3 x + 1 8 0 t < = 1 0 y + 9 0 alp h a + 1 2 0 0 & t > = 0 & x + 3 0 t < = 1 0 0 0 & 3 x + 1 8 0 t < = 1 0 y + 3 0 0 0 & t < = 1 0 & y < = 9 0 & 9 x + 4 5 0 t > = 5 0 y + 4 5 0 0 & alp h a > = t + 1 0 & alp h a > = 1 2Iteratio n : 9Usin g th is n ewly reach ed list = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =L o catio n : n ear.id le.clo sed y = 0 & t > = 0 & alp h a > = t + 1 0 & x + 6 0 t < = 3 0 alp h a + 4 0 0 & t < = 1 0 & x + 6 0 t < = 1 0 0 0 & x > = 0| y = 0 & x + 6 0 t < = 3 0 alp h a + 4 0 0 & t > = 0 & alp h a > = 1 2 & x + 6 0 t < = 1 0 0 0 & alp h a > = t + 1 0 & x> = 0 & t < = 1 0Nu mb er o f iteratio n s req u ired fo r reach ab ility : 1 0 C o n d itio n s u n d er wh ich sy stem v io lates safety req u iremen t 5 alp h a > = 4 9 = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =Max memo ry u sed = 1 0 7 2 k ilo b y tes = 1 .0 5 MB T ime sp en t = 0 .2 6 u + 0 .0 4 s = 0 .3 0 sec to tal= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =H y T ech : sy m b o lic m o d el ch eck er fo r em b ed d ed sy stem sV ersio n 1 .0 4 1 0 /1 5 /9 6F o r m o re in fo : em ail: h y tech @eecs.b erk eley.ed u h ttp ://w w w .eecs.b erk eley.ed u /~ tah /H y T ech= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = S ettin g o u tp u t lev el to 1C h eck in g au to m ato n g ate WA R N IN G : lo cn erro r o f au to m ato n g ate h as n o o u tg o in g tran sitio n sC h eck in g au to m ato n co n tro llerC h eck in g au to m ato n trainC o m p o sin g au to m ata * *Iteratio n : 0U sin g th is n ew ly reach ed list = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =L o catio n : far.id le.o p en y = 9 0 & x > = 1 0 0 0Iteratio n : 1U sin g th is n ew ly reach ed list = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =L o catio n : n ear.ab o u t_ to _ lo w er.o p en y = 9 0 & t < = alp h a & x + 3 0 t < = 1 0 0 0 & x + 5 0 t > = 1 0 0 0 & x > = 0Iteratio n : 2U sin g th is n ew ly reach ed list = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =L o catio n : p ast.ab o u t_ to _ lo w er.o p en y = 9 0 & t < = alp h a & x > = 0 & 5 0 t > = x + 1 0 0 0 & 3 0 t < = x + 1 0 0 0 & x < = 1 0 0L o catio n : n ear.ab o u t_ to _ lo w er.erro r y = 9 0 & t < = alp h a & x < = 1 0 & x + 5 0 t > = 1 0 0 0 & x > = 0 & x + 3 0 t < = 1 0 0 0L o catio n : n ear.id le.d o w n t < = alp h a & x > = 0 & 9 x + 4 5 0 t > = 5 0 y + 4 5 0 0 & y < = 9 0 & 3 x + 9 0 t < = 1 0 y + 2 1 0 0 & y > = 0 & t > = 0Iteratio n : 3U sin g th is n ew ly reach ed list = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =L o catio n : p ast.ab o u t_ to _ lo w er.erro r y = 9 0 & t < = alp h a & x > = 0 & 5 0 t > = x + 1 0 0 0 & 3 0 t < = x + 1 0 0 0 & x < = 1 0 0L o catio n : p ast.id le.d o w n t < = alp h a & x < = 1 0 0 & 4 5 0 t > = 9 x + 5 0 y + 4 5 0 0 & y < = 9 0 & t > = 2 0 & 3 x + 1 0 y > = 9 0 0 & 9 0 t < = 3 x +1 0 y + 2 1 0 0| t < = alp h a & y > = 0 & x > = 0 & 9 0 t < = 3 x + 1 0 y + 2 1 0 0 & 9 x + 5 0 y < = 4 5 0 0 & 3 t < = 1 0 0 & 4 5 0 t > = 9 x +5 0 y + 4 5 0 0 & x < = 1 0 0L o catio n : n ear.id le.erro r t < = alp h a & y < = 9 0 & x > = 0 & 3 x + 9 0 t < = 1 0 y + 2 1 0 0 & 4 5 t > = 5 y + 4 4 1 & x < = 1 0 & y > = 0L o catio n : n ear.id le.clo sed y = 0 & t < = alp h a & t > = 0 & x > = 0 & x + 3 0 t < = 7 0 0L o catio n : far.ab o u t_ to _ raise.o p en y = 9 0 & x > = 1 0 0 0 & alp h a > = 2 2 & x + 5 0 t > = 2 0 0 0 & t > = 0 & t < = alp h aIteratio n : 4U sin g th is n ew ly reach ed list = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =L o catio n : p ast.id le.erro r t < = alp h a & y > = 8 7 & 9 t < = y + 2 1 3 & 3 x + 1 0 y > = 9 0 0 & 9 0 t < = 3 x + 1 0 y + 2 1 0 0 & x < = 1 0 0 & 3 t > =6 0 & y < = 9 0| t < = alp h a & 9 t > = y + 9 0 & x > = 0 & y < = 9 0 & y > = 0 & 9 0 t < = 3 x + 1 0 y + 2 1 0 0 & x < = 1 0 0 & 9 t < = y +2 1 3 & 3 t < = 1 0 0| t < = alp h a & 9 t < = y + 2 1 0 & y < = 9 0 & x > = 0 & 4 5 t > = 5 y + 4 4 1 & y > = 0 & x < = 1 0 0L o catio n : p ast.id le.clo sed y = 0 & t < = alp h a & 3 0 t < = x + 7 0 0 & x < = 1 0 0 & x > = 0 & 3 t > = 3 0| y = 0 & t < = alp h a & t > = 0 & x > = 0 & 3 t < = 7 0 & x < = 1 0 0L o catio n : far.ab o u t_ to _ raise.erro r y = 9 0 & x > = 1 0 0 0 & alp h a > = 2 2 & x + 5 0 t > = 2 0 0 0 & t > = 0 & t < = alp h aL o catio n : far.ab o u t_ to _ raise.d o w n x + 5 0 t > = 2 0 0 0 & 9 alp h a > = y + 9 t + 1 0 8 & t > = 0 & y + 9 t < = 9 0 & alp h a > = 2 0 & y > = 0 & y + 9 t > = 6 0| x + 5 0 t > = 2 0 0 0 & 9 alp h a > = y + 9 t + 1 0 8 & y > = 0 & t > = 0 & y + 9 t < = 7 2Iteratio n : 5U sin g th is n ew ly reach ed list = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =L o catio n : n ear.ab o u t_ to _ lo w er.erro r y = 9 0 & alp h a > = 2 2 & x > = 0 & x + 5 0 t > = 1 0 0 0 & x + 3 0 t < = 1 0 0 0 & t < = alp h aL o catio n : far.ab o u t_ to _ raise.erro r x + 5 0 t > = 2 0 0 0 & y < = 9 0 & t > = 0 & 4 5 alp h a > = 5 y + 4 4 1 & 5 t < = 5 alp h a & y > = 0 & x > = 1 0 0 0L o catio n : far.ab o u t_ to _ raise.clo sed y = 0 & t < = alp h a & x + 5 0 t > = 2 0 0 0 & t > = 0 & x > = 1 0 0 0| y = 0 & alp h a > = 1 2 & t > = 0 & x + 5 0 t > = 2 0 0 0 & t < = alp h a & x > = 1 0 0 0L o catio n : far.id le.u p y < = 9 0 & 9 x + 5 0 y + 4 5 0 t > = 1 8 0 0 0 & t < = 1 0 & alp h a > = t + 1 2 & 9 x + 5 0 y + 9 0 0 t > = 2 1 0 0 0 & y + 9 t > =6 0 & y > = 0 & alp h a > = 2 0 & t > = 0| alp h a > = t + 1 2 & 9 x + 5 0 y + 4 5 0 t > = 1 8 0 0 0 & y > = 0 & t > = 0 & t < = 8 & y < = 9 0Iteratio n : 6U sin g th is n ew ly reach ed list = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =L o catio n : n ear.ab o u t_ to _ lo w er.erro r t < = alp h a & y > = 0 & x > = 0 & alp h a > = 2 0 & x + 5 0 t > = 1 0 0 0 & x + 3 0 t < = 1 0 0 0 & y < = 9 0L o catio n : n ear.ab o u t_ to _ lo w er.clo sed y = 0 & alp h a > = 2 0 & x + 5 0 t > = 1 0 0 0 & x > = 0 & t < = alp h a & x + 3 0 t < = 1 0 0 0L o catio n : n ear.ab o u t_ to _ lo w er.u p x = 1 0 0 0 & y = 9 0 & t = 0 & alp h a > = 2 2L o catio n : far.id le.u p t < = alp h a & 9 x + 5 0 y + 4 5 0 t > = 1 8 0 0 0 & y > = 0 & t > = 0 & y < = 9 0 & x > = 1 0 0 0| alp h a > = 1 2 & 9 x + 5 0 y + 4 5 0 t > = 1 8 0 0 0 & t > = 0 & y > = 0 & t < = alp h a & y < = 9 0 & x > = 1 0 0 0Iteratio n : 7U sin g th is n ew ly reach ed list = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =L o catio n : p ast.ab o u t_ to _ lo w er.erro r t < = alp h a & y > = 0 & 5 0 t > = x + 1 0 0 0 & x > = 0 & 3 0 t < = x + 1 0 0 0 & y < = 9 0 & x < = 1 0 0L o catio n : p ast.ab o u t_ to _ lo w er.clo sed y = 0 & t < = alp h a & x > = 0 & 3 0 t < = x + 1 0 0 0 & x < = 1 0 0 & 1 5 0 t > = 3 x + 3 0 0 0L o catio n : n ear.ab o u t_ to _ lo w er.u p y + 9 alp h a > = 9 t + 1 8 0 & y < = 9 0 & x + 3 0 t < = 1 0 0 0 & x + 5 0 t > = 1 0 0 0 & 9 t < = y| y < = 9 0 & x + 3 0 t < = 1 0 0 0 & alp h a > = 1 2 & x + 5 0 t > = 1 0 0 0 & y + 9 alp h a > = 9 t + 1 8 0 & 9 t < = yL o catio n : n ear.id le.clo sed y = 0 & x > = 0 & x + 3 0 t < = 1 0 0 0 & t < = alp h a & 3 alp h a > = 6 0 & 3 t > = 0Iteratio n : 8U sin g th is n ew ly reach ed list = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =L o catio n : p ast.id le.clo sed y = 0 & t < = alp h a & 3 0 t < = x + 1 0 0 0 & x < = 1 0 0 & x > = 0 & 3 t > = 6 0| y = 0 & t < = alp h a & alp h a > = 2 0 & x > = 0 & x < = 1 0 0 & t > = 0 & 3 t < = 1 0 0L o catio n : n ear.id le.d o w n y > = 0 & t > = 0 & 3 x + 1 8 0 t < = 1 0 y + 3 0 0 0 & x + 3 0 t < = 1 0 0 0 & 3 x + 1 8 0 t < = 1 0 y + 9 0 alp h a + 1 2 0 0 & t < =1 0 & 9 x + 4 5 0 t > = 5 0 y + 4 5 0 0 & alp h a > = t + 1 0 & y < = 9 0| y > = 0 & 3 x + 1 8 0 t < = 1 0 y + 9 0 alp h a + 1 2 0 0 & t > = 0 & x + 3 0 t < = 1 0 0 0 & 3 x + 1 8 0 t < = 1 0 y + 3 0 0 0 & t < =1 0 & y < = 9 0 & 9 x + 4 5 0 t > = 5 0 y + 4 5 0 0 & alp h a > = t + 1 0 & alp h a > = 1 2Iteratio n : 9U sin g th is n ew ly reach ed list = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =L o catio n : n ear.id le.clo sed y = 0 & t > = 0 & alp h a > = t + 1 0 & x + 6 0 t < = 3 0 alp h a + 4 0 0 & t < = 1 0 & x + 6 0 t < = 1 0 0 0 & x > = 0| y = 0 & x + 6 0 t < = 3 0 alp h a + 4 0 0 & t > = 0 & alp h a > = 1 2 & x + 6 0 t < = 1 0 0 0 & alp h a > = t + 1 0 & x > = 0 &t < = 1 0N u m b er o f iteratio n s req u ired fo r reach ab ility : 1 0 C o n d itio n s u n d er w h ich sy stem v io lates safety req u irem en t 5 alp h a > = 4 9 = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =Max m em o ry u sed = 1 0 7 2 k ilo b y tes = 1 .0 5 MB T im e sp en t = 0 .2 6 u + 0 .0 4 s = 0 .3 0 sec to tal= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
The Result
hytech-out.cgi
![Page 64: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/64.jpg)
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =Hy T ech : sy mb o lic mo d el ch eck er fo r emb ed d ed sy stemsVersio n 1 .0 4 1 0 /1 5 /9 6F o r mo re in fo : email: h y tech @eecs.b erk eley.ed u h ttp ://www.eecs.b erk eley.ed u /~ tah /Hy T ech= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = S ettin g o u tp u t lev el to 1C h eck in g au to mato n g ate WAR NING: lo cn erro r o f au to mato n g ate h as n o o u tg o in g tran sitio n sC h eck in g au to mato n co n tro llerC h eck in g au to mato n trainC o mp o sin g au to mata * *Iteratio n : 0Usin g th is n ewly reach ed list = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =L o catio n : far.id le.o p en y = 9 0 & x > = 1 0 0 0Iteratio n : 1Usin g th is n ewly reach ed list = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =L o catio n : n ear.ab o u t_ to _ lo wer.o p en y = 9 0 & t < = alp h a & x + 3 0 t < = 1 0 0 0 & x + 5 0 t > = 1 0 0 0 & x > = 0Iteratio n : 2Usin g th is n ewly reach ed list = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =L o catio n : p ast.ab o u t_ to _ lo wer.o p en y = 9 0 & t < = alp h a & x > = 0 & 5 0 t > = x + 1 0 0 0 & 3 0 t < = x + 1 0 0 0 & x < = 1 0 0L o catio n : n ear.ab o u t_ to _ lo wer.erro r y = 9 0 & t < = alp h a & x < = 1 0 & x + 5 0 t > = 1 0 0 0 & x > = 0 & x + 3 0 t < = 1 0 0 0L o catio n : n ear.id le.d o wn t < = alp h a & x > = 0 & 9 x + 4 5 0 t > = 5 0 y + 4 5 0 0 & y < = 9 0 & 3 x + 9 0 t < = 1 0 y + 2 1 0 0 & y > = 0 & t> = 0Iteratio n : 3Usin g th is n ewly reach ed list = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =L o catio n : p ast.ab o u t_ to _ lo wer.erro r y = 9 0 & t < = alp h a & x > = 0 & 5 0 t > = x + 1 0 0 0 & 3 0 t < = x + 1 0 0 0 & x < = 1 0 0L o catio n : p ast.id le.d o wn t < = alp h a & x < = 1 0 0 & 4 5 0 t > = 9 x + 5 0 y + 4 5 0 0 & y < = 9 0 & t > = 2 0 & 3 x + 1 0 y > = 9 0 0 & 9 0 t< = 3 x + 1 0 y + 2 1 0 0| t < = alp h a & y > = 0 & x > = 0 & 9 0 t < = 3 x + 1 0 y + 2 1 0 0 & 9 x + 5 0 y < = 4 5 0 0 & 3 t < = 1 0 0 & 4 5 0 t> = 9 x + 5 0 y + 4 5 0 0 & x < = 1 0 0L o catio n : n ear.id le.erro r t < = alp h a & y < = 9 0 & x > = 0 & 3 x + 9 0 t < = 1 0 y + 2 1 0 0 & 4 5 t > = 5 y + 4 4 1 & x < = 1 0 & y > = 0L o catio n : n ear.id le.clo sed y = 0 & t < = alp h a & t > = 0 & x > = 0 & x + 3 0 t < = 7 0 0L o catio n : far.ab o u t_ to _ raise.o p en y = 9 0 & x > = 1 0 0 0 & alp h a > = 2 2 & x + 5 0 t > = 2 0 0 0 & t > = 0 & t < = alp h aIteratio n : 4Usin g th is n ewly reach ed list = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =L o catio n : p ast.id le.erro r t < = alp h a & y > = 8 7 & 9 t < = y + 2 1 3 & 3 x + 1 0 y > = 9 0 0 & 9 0 t < = 3 x + 1 0 y + 2 1 0 0 & x < = 1 0 0 &3 t > = 6 0 & y < = 9 0| t < = alp h a & 9 t > = y + 9 0 & x > = 0 & y < = 9 0 & y > = 0 & 9 0 t < = 3 x + 1 0 y + 2 1 0 0 & x < = 1 0 0 & 9 t< = y + 2 1 3 & 3 t < = 1 0 0| t < = alp h a & 9 t < = y + 2 1 0 & y < = 9 0 & x > = 0 & 4 5 t > = 5 y + 4 4 1 & y > = 0 & x < = 1 0 0L o catio n : p ast.id le.clo sed y = 0 & t < = alp h a & 3 0 t < = x + 7 0 0 & x < = 1 0 0 & x > = 0 & 3 t > = 3 0| y = 0 & t < = alp h a & t > = 0 & x > = 0 & 3 t < = 7 0 & x < = 1 0 0L o catio n : far.ab o u t_ to _ raise.erro r y = 9 0 & x > = 1 0 0 0 & alp h a > = 2 2 & x + 5 0 t > = 2 0 0 0 & t > = 0 & t < = alp h aL o catio n : far.ab o u t_ to _ raise.d o wn x + 5 0 t > = 2 0 0 0 & 9 alp h a > = y + 9 t + 1 0 8 & t > = 0 & y + 9 t < = 9 0 & alp h a > = 2 0 & y > = 0 & y + 9 t> = 6 0| x + 5 0 t > = 2 0 0 0 & 9 alp h a > = y + 9 t + 1 0 8 & y > = 0 & t > = 0 & y + 9 t < = 7 2Iteratio n : 5Usin g th is n ewly reach ed list = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =L o catio n : n ear.ab o u t_ to _ lo wer.erro r y = 9 0 & alp h a > = 2 2 & x > = 0 & x + 5 0 t > = 1 0 0 0 & x + 3 0 t < = 1 0 0 0 & t < = alp h aL o catio n : far.ab o u t_ to _ raise.erro r x + 5 0 t > = 2 0 0 0 & y < = 9 0 & t > = 0 & 4 5 alp h a > = 5 y + 4 4 1 & 5 t < = 5 alp h a & y > = 0 & x > = 1 0 0 0L o catio n : far.ab o u t_ to _ raise.clo sed y = 0 & t < = alp h a & x + 5 0 t > = 2 0 0 0 & t > = 0 & x > = 1 0 0 0| y = 0 & alp h a > = 1 2 & t > = 0 & x + 5 0 t > = 2 0 0 0 & t < = alp h a & x > = 1 0 0 0L o catio n : far.id le.u p y < = 9 0 & 9 x + 5 0 y + 4 5 0 t > = 1 8 0 0 0 & t < = 1 0 & alp h a > = t + 1 2 & 9 x + 5 0 y + 9 0 0 t > = 2 1 0 0 0 & y +9 t > = 6 0 & y > = 0 & alp h a > = 2 0 & t > = 0| alp h a > = t + 1 2 & 9 x + 5 0 y + 4 5 0 t > = 1 8 0 0 0 & y > = 0 & t > = 0 & t < = 8 & y < = 9 0Iteratio n : 6Usin g th is n ewly reach ed list = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =L o catio n : n ear.ab o u t_ to _ lo wer.erro r t < = alp h a & y > = 0 & x > = 0 & alp h a > = 2 0 & x + 5 0 t > = 1 0 0 0 & x + 3 0 t < = 1 0 0 0 & y < = 9 0L o catio n : n ear.ab o u t_ to _ lo wer.clo sed y = 0 & alp h a > = 2 0 & x + 5 0 t > = 1 0 0 0 & x > = 0 & t < = alp h a & x + 3 0 t < = 1 0 0 0L o catio n : n ear.ab o u t_ to _ lo wer.u p x = 1 0 0 0 & y = 9 0 & t = 0 & alp h a > = 2 2L o catio n : far.id le.u p t < = alp h a & 9 x + 5 0 y + 4 5 0 t > = 1 8 0 0 0 & y > = 0 & t > = 0 & y < = 9 0 & x > = 1 0 0 0| alp h a > = 1 2 & 9 x + 5 0 y + 4 5 0 t > = 1 8 0 0 0 & t > = 0 & y > = 0 & t < = alp h a & y < = 9 0 & x > = 1 0 0 0Iteratio n : 7Usin g th is n ewly reach ed list = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =L o catio n : p ast.ab o u t_ to _ lo wer.erro r t < = alp h a & y > = 0 & 5 0 t > = x + 1 0 0 0 & x > = 0 & 3 0 t < = x + 1 0 0 0 & y < = 9 0 & x < = 1 0 0L o catio n : p ast.ab o u t_ to _ lo wer.clo sed y = 0 & t < = alp h a & x > = 0 & 3 0 t < = x + 1 0 0 0 & x < = 1 0 0 & 1 5 0 t > = 3 x + 3 0 0 0L o catio n : n ear.ab o u t_ to _ lo wer.u p y + 9 alp h a > = 9 t + 1 8 0 & y < = 9 0 & x + 3 0 t < = 1 0 0 0 & x + 5 0 t > = 1 0 0 0 & 9 t < = y| y < = 9 0 & x + 3 0 t < = 1 0 0 0 & alp h a > = 1 2 & x + 5 0 t > = 1 0 0 0 & y + 9 alp h a > = 9 t + 1 8 0 & 9 t < = yL o catio n : n ear.id le.clo sed y = 0 & x > = 0 & x + 3 0 t < = 1 0 0 0 & t < = alp h a & 3 alp h a > = 6 0 & 3 t > = 0Iteratio n : 8Usin g th is n ewly reach ed list = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =L o catio n : p ast.id le.clo sed y = 0 & t < = alp h a & 3 0 t < = x + 1 0 0 0 & x < = 1 0 0 & x > = 0 & 3 t > = 6 0| y = 0 & t < = alp h a & alp h a > = 2 0 & x > = 0 & x < = 1 0 0 & t > = 0 & 3 t < = 1 0 0L o catio n : n ear.id le.d o wn y > = 0 & t > = 0 & 3 x + 1 8 0 t < = 1 0 y + 3 0 0 0 & x + 3 0 t < = 1 0 0 0 & 3 x + 1 8 0 t < = 1 0 y + 9 0 alp h a + 1 2 0 0 & t < = 1 0 & 9 x + 4 5 0 t > = 5 0 y + 4 5 0 0 & alp h a > = t + 1 0 & y < = 9 0| y > = 0 & 3 x + 1 8 0 t < = 1 0 y + 9 0 alp h a + 1 2 0 0 & t > = 0 & x + 3 0 t < = 1 0 0 0 & 3 x + 1 8 0 t < = 1 0 y + 3 0 0 0 & t < = 1 0 & y < = 9 0 & 9 x + 4 5 0 t > = 5 0 y + 4 5 0 0 & alp h a > = t + 1 0 & alp h a > = 1 2Iteratio n : 9Usin g th is n ewly reach ed list = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =L o catio n : n ear.id le.clo sed y = 0 & t > = 0 & alp h a > = t + 1 0 & x + 6 0 t < = 3 0 alp h a + 4 0 0 & t < = 1 0 & x + 6 0 t < = 1 0 0 0 & x > = 0| y = 0 & x + 6 0 t < = 3 0 alp h a + 4 0 0 & t > = 0 & alp h a > = 1 2 & x + 6 0 t < = 1 0 0 0 & alp h a > = t + 1 0 & x> = 0 & t < = 1 0Nu mb er o f iteratio n s req u ired fo r reach ab ility : 1 0 C o n d itio n s u n d er wh ich sy stem v io lates safety req u iremen t 5 alp h a > = 4 9 = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =Max memo ry u sed = 1 0 7 2 k ilo b y tes = 1 .0 5 MB T ime sp en t = 0 .2 6 u + 0 .0 4 s = 0 .3 0 sec to tal= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
Applications of HyTech and Derivations: polyhedral overapproximation of dynamics
-automotive engine control [Wong-Toi et al.] -chemical plant control [Preussig et al.] -flight control [Honeywell; Rockwell-Collins]
-air traffic control [Tomlin et al.] -robot control [Corbett et al.]
Successor Tools:
1. More expressive region algebras, e.g. FO(R,,+,) still permits quantifier elimination [Pappas et al.]
2. More robust approximations, e.g. ellipsoid instead of polyhedral regions [Varaiya et al.]
3. Abstract region operations, e.g. interval numerical methods [HyperTech]; also [Krogh et al.][Maler et al.]
![Page 65: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/65.jpg)
Symbolic Semi-Algorithms
Starting from the observations in A, compute new regions in by applying the operations pre, post, Å , \ , and .
Termination?
![Page 66: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/66.jpg)
Four Verification Questions
V1: Reachability bIs an invariant always true? unsafe
![Page 67: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/67.jpg)
Four Verification Questions
V1: Reachability bIs an invariant always true? unsafe
V2: Repeated Reachability b Linear temporal logic (LTL)
Liveness unfair
![Page 68: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/68.jpg)
Four Verification Questions
V1: Reachability bIs an invariant always true? unsafe
V2: Repeated Reachability b Linear temporal logic (LTL)
Liveness unfair
V3: Nested Reachability (b b1 b2)Half branching temporal logic (CTL, CTL)
![Page 69: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/69.jpg)
Four Verification Questions
V1: Reachability bIs an invariant always true? unsafe
V2: Repeated Reachability b Linear temporal logic (LTL)
Liveness unfair
V3: Nested Reachability (b b1 b2)Half branching temporal logic (CTL, CTL)
V4: Negated Reachability (b c)Full branching temporal logic (CTL)
Nonzenoness (tick tick)
![Page 70: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/70.jpg)
V1: Symbolic Reachability
a b
Given a,bA, is there a trajectory from a to b?
ab
initial states unsafe states
![Page 71: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/71.jpg)
V1: Symbolic Reachability
a b
Given a,bA, is there a trajectory from a to b?
ab
pre(b) = pre(b,)
b [ pre(b)
![Page 72: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/72.jpg)
V1: Symbolic Reachability
a b
Given a,bA, is there a trajectory from a to b?
abb
[ pre(b)
b [ pre(b) [ pre2(b)
![Page 73: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/73.jpg)
V1: Symbolic Reachability
a b
Given a,bA, is there a trajectory from a to b?
ab
. . .
bb
[ pre(b)
b [ pre(b) [ pre2(b)
![Page 74: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/74.jpg)
a
V1: Symbolic Reachability
a b
Given a,bA, is there a trajectory from a to b?
b
. . .
bb
[ pre(b)
b [ pre(b) [ pre2(b)
![Page 75: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/75.jpg)
a
V1: Symbolic Reachability
a b
Given a,bA, is there a trajectory from a to b?
b
. . .
b
1. pre, [ , 2. Å a
b [ pre(b)
b [ pre(b) [ pre2(b)
![Page 76: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/76.jpg)
V2: Symbolic Repeated Reachability
a b
Given a,bA, is there an infinite trajectory from a that visits b infinitely often?
b
a
![Page 77: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/77.jpg)
V2: Symbolic Repeated Reachability
a b
Given a,bA, is there an infinite trajectory from a that visits b infinitely often?
b
a
R1 = pre(b)
. . .pre(b)
pre(b) [ pre2(b)
![Page 78: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/78.jpg)
V2: Symbolic Repeated Reachability
a b
Given a,bA, is there an infinite trajectory from a that visits b infinitely often?
b
a
R1 = pre(b)
![Page 79: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/79.jpg)
V2: Symbolic Repeated Reachability
a b
Given a,bA, is there an infinite trajectory from a that visits b infinitely often?
b
a R2 = pre(bR1)
R1 = pre(b)
![Page 80: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/80.jpg)
V2: Symbolic Repeated Reachability
a b
Given a,bA, is there an infinite trajectory from a that visits b infinitely often?
b
a R2 = pre(bR1)
R1 = pre(b)
R3 = pre(bR2)
![Page 81: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/81.jpg)
V2: Symbolic Repeated Reachability
a b
Given a,bA, is there an infinite trajectory from a that visits b infinitely often?
b
a
... b
![Page 82: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/82.jpg)
V2: Symbolic Repeated Reachability
a b
Given a,bA, is there an infinite trajectory from a that visits b infinitely often?
b
a
... b
![Page 83: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/83.jpg)
V2: Symbolic Repeated Reachability
a b
Given a,bA, is there an infinite trajectory from a that visits b infinitely often?
b
a
... b
1. pre, [ , 2. Å a, Å b
![Page 84: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/84.jpg)
V3: Symbolic Nested Reachability
a (b b1 b2)
b1
b2
b
a
![Page 85: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/85.jpg)
V3: Symbolic Nested Reachability
a (b b1 b2)
b1
b2
b1
b
a
![Page 86: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/86.jpg)
V3: Symbolic Nested Reachability
a (b b1 b2)
b1
b2
b1
b2
b
a
![Page 87: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/87.jpg)
V3: Symbolic Nested Reachability
a (b b1 b2)
b1
b2
b1
b2
b
a
![Page 88: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/88.jpg)
V3: Symbolic Nested Reachability
a (b b1 b2)
b1
b2
b1
b2
b
a
(b b1 b2)
![Page 89: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/89.jpg)
V3: Symbolic Nested Reachability
a (b b1 b2)
b1
b2
b1
b2
b
a
(b b1 b2)
![Page 90: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/90.jpg)
V3: Symbolic Nested Reachability
a (b b1 b2)
b1
b2
b1
b2
b
a
(b b1 b2)
1. pre, [ , 2. Å
![Page 91: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/91.jpg)
V4: Symbolic Negated Reachability
a (b c)
Given a,b,cA, can every trajectory from a to b be extended to c?
ab
c
![Page 92: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/92.jpg)
V4: Symbolic Negated Reachability
a (b c)
Given a,b,cA, can every trajectory from a to b be extended to c?
ab
c
c
![Page 93: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/93.jpg)
V4: Symbolic Negated Reachability
a (b c)
Given a,b,cA, can every trajectory from a to b be extended to c?
ab
c
c
b c
![Page 94: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/94.jpg)
V4: Symbolic Negated Reachability
a (b c)
Given a,b,cA, can every trajectory from a to b be extended to c?
ab
c
c
(b c)
![Page 95: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/95.jpg)
V4: Symbolic Negated Reachability
a (b c)
Given a,b,cA, can every trajectory from a to b be extended to c?
ab
c
c
(b c)
a (b c)
![Page 96: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/96.jpg)
V4: Symbolic Negated Reachability
a (b c)
Given a,b,cA, can every trajectory from a to b be extended to c?
ab
c
c
(b c)
1. pre, [ , 2. Å 3. \
![Page 97: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/97.jpg)
Four Symbolic Semi-Algorithms
A1: Close A under pre
0 := A for i=1,2,3,… do i := i-1 [ { pre(R) | Ri }
[ { R1 Å R2 | R1,R2i } [ { R1\ R2 | R1,R2i }
until i = i-1
![Page 98: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/98.jpg)
Four Symbolic Semi-Algorithms
A1: Close A under pre
A2: Close A under pre, Å a
0 := A for i=1,2,3,… do i := i-1 [ { pre(R) | Ri }
[ { R Å a | Ri Æ a2A} [ { R1\ R2 | until i = i-1
![Page 99: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/99.jpg)
Four Symbolic Semi-Algorithms
A1: Close A under pre
A2: Close A under pre, Å a
A3: Close A under pre, Å
0 := A for i=1,2,3,… do i := i-1 [ { pre(R) | Ri }
[ { R1 Å R2 | R1,R2i } [ { R1\ R2 | R1,R2i }
until i = i-1
![Page 100: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/100.jpg)
Four Symbolic Semi-Algorithms
A1: Close A under pre
A2: Close A under pre, Å a
A3: Close A under pre, Å
A4: Close A under pre, Å , \
0 := A for i=1,2,3,… do i := i-1 [ { pre(R) | Ri }
[ { R1 Å R2 | R1,R2i } [ { R1\ R2 | R1,R2i }
until i = i-1
![Page 101: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/101.jpg)
Four Symbolic Semi-Algorithms
A1: Close A under pre
A2: Close A under pre, Å a
A3: Close A under pre, Å
A4: Close A under pre, Å , \
Ak terminates (1 k 4) symbolic model checking of Vk
terminates.
![Page 102: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/102.jpg)
Four State Equivalences
E1: Reach Equivalence
q1 1 q2 iff if aA can be reached from q1 in d steps, then a can be reached from q2 in d steps, and vice versa.
![Page 103: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/103.jpg)
Four State Equivalences
E1: Reach Equivalence
E2: Trace Equivalence
q1 2 q2 iff if every finite trace from q1 is a
finite trace from q2, and vice versa.
![Page 104: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/104.jpg)
a
a
b
b
a
a
b
b
a
a
![Page 105: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/105.jpg)
a
a
b
b
a
a
b
b
a
a 1
![Page 106: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/106.jpg)
a
a
b
b
a
a
b
b
a
a 1
2
![Page 107: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/107.jpg)
a
a
b
b
a
a
b
b
a
a 1
2
pre(a Å pre(a))
![Page 108: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/108.jpg)
Four State Equivalences
E1: Reach Equivalence
E2: Trace Equivalence
E3: Similarity q1 3 q2 iff if q1 simulates q2,
and vice versa.
![Page 109: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/109.jpg)
q1 is simulated by q2
iff
there is a simulation relation S such that
1. S(q1,q2)
2. if S(p,q) then
a. (8 a2A) (p2 a iff q2 a)
b. (8 p') ( if p2 pre(p') then (9 q') (q2 pre(q') Æ S(p',q')))
![Page 110: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/110.jpg)
a
b
a
b
a
a
a
a
b
a
a
![Page 111: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/111.jpg)
a
b
a
b
a
a
a
a
b
a 2
a
![Page 112: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/112.jpg)
a
b
a
b
a
a
a
a
b
a 2
3
a
![Page 113: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/113.jpg)
a
b
a
b
a
a
a
a
b
a 2
3
a
pre(pre(a) Å pre(b))
![Page 114: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/114.jpg)
Four State Equivalences
E1: Reach Equivalence
E2: Trace Equivalence
E3: Similarity
E4: Bisimilarity
q1 4 q2 iff if q1 simulates q2 via a symmetric simulation relation (this is called a bisimulation relation).
![Page 115: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/115.jpg)
a
b
a
b
a
a
a b
a
a
![Page 116: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/116.jpg)
a
b
a
b
a
a
a b
a 3
a
![Page 117: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/117.jpg)
a
b
a
b
a
a
a b
a 3
4
a
![Page 118: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/118.jpg)
a
b
a
b
a
a
a b
a 3
4
a
: pre(: pre(a))
![Page 119: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/119.jpg)
Specification Logics:
V1 Reachability (Safety)V2 Linear Temporal Logic (Liveness) V3 Existential/Universal Branching Temporal
Logic V4 Branching Temporal Logic (Nonzenoness)
State Equivalences:
E1 Reach EquivalenceE2 Trace EquivalenceE3 SimilarityE4 Bisimilarity
Symbolic Semi-Algorithms:
A1 Closure under preA2 Closure under pre, Å a
A3 Closure under pre, ÅA4 Closure under pre, Å , \
![Page 120: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/120.jpg)
Ak Vk
Ek
model checks
induces
Symbolic Semi-
Algorithm
State Equivalence
k = 1,2,3,4
Specification Logic
computes
![Page 121: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/121.jpg)
Ak Vk
Ek
model checks
induces
Symbolic Semi-
Algorithm
State Equivalence
k = 1,2,3,4
q1 k q2 iff for all formulas of Vk, q1 ² iff q2 ² If Ek has finite index, then Vk can be model-checked on finite quotient.
Specification Logic
computes
![Page 122: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/122.jpg)
Ak Vk
Ek
model checks
induces
Symbolic Semi-
Algorithm
State Equivalence
k = 1,2,3,4
q1 k q2 iff for all formulas of Vk, q1 ² iff q2 ² If Ek has finite index, then Vk can be model-checked on finite quotient.
All regions definable by formulas of Vk are generated by Ak.
Ak terminates iff symbolic model checking terminates for all formulas of Vk.
Specification Logic
computes
![Page 123: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/123.jpg)
Ak Vk
Ek
model checks
computes induces
Symbolic Semi-
Algorithm
State Equivalence
k = 1,2,3,4
q1 k q2 iff for all regions R computed by Ak, q1R iff q2RAk terminates iff Ek has finite index.
q1 k q2 iff for all formulas of Vk, q1 ² iff q2 ² If Ek has finite index, then Vk can be model-checked on finite quotient.
All regions definable by formulas of Vk are generated by Ak.
Ak terminates iff symbolic model checking terminates for all formulas of Vk.
Specification Logic
![Page 124: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/124.jpg)
Four Classes of Symbolic Transition Systems
STS1: pre closure terminates Finite reach equiv Safety () decidable
Well-structured transition systems of Abdulla, Finkel et al.
STS2: (pre, Å a) closure terminates Finite trace equiv Liveness (LTL) decidable
Initialized rectangular hybrid automata
STS3: (pre, Å ) closure terminates Finite similarity Existential/universal branching (CTL, CTL) decidable
2D initialized rectangular hybrid automata
STS4: (pre, Å , \ ) closure terminates Finite bisimilarity Nonzenoness (CTL) decidable
Initialized singular (e.g. timed) hybrid automata
![Page 125: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/125.jpg)
Four Classes of Symbolic Transition Systems
STS1: pre closure terminates Finite reach equiv Safety () decidable
Well-structured transition systems of Abdulla, Finkel et al.
STS2: (pre, Å a) closure terminates Finite trace equiv Liveness (LTL) decidable
Initialized rectangular hybrid automata
STS3: (pre, Å ) closure terminates Finite similarity Existential/universal branching (CTL, CTL) decidable
2D initialized rectangular hybrid automata
STS4: (pre, Å , \ ) closure terminates Finite bisimilarity Nonzenoness (CTL) decidable
Initialized singular hybrid automata
![Page 126: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/126.jpg)
Example: Singular Hybrid Automata
Q = Bm Rn
Invariants and guards: integral bounds, e.g. x1 < 7 1
x2 2
Flows: constant slopes, e.g. x'1 = 1; x'2 = 2 Jumps: integral assignments, e.g. x1 := 0; x2 := 5A = { xi = c, c < xi < c+1 | 1 i n, c N, c < cmax }
![Page 127: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/127.jpg)
(cmax,cmax)
(0,0) x1
x2
![Page 128: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/128.jpg)
(cmax,cmax)
(0,0) x1
x2
3<x1<4 x2=4
x1=3 x2=3
1<x1<2 2<x2<3
![Page 129: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/129.jpg)
Example: Singular Hybrid Automata
Q = Bm Rn
Invariants and guards: integral bounds, e.g. x1 < 7 1
x2 2
Flows: constant slopes, e.g. x'1 = 1; x'2 = 2 Jumps: integral assignments, e.g. x1 := 0; x2 := 5A = { xi = c, c < xi < c+1 | 1 i n, c N, c < cmax }
Initialized: assignment when slope changes.
![Page 130: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/130.jpg)
Special Case: Timed Automata
Q = Bm Rn
Invariants and guards: integral bounds, e.g. x1 < 7 1
x2 2
Flows: clocks, e.g. x'1 = 1; x'2 = 1 Jumps: integral assignments, e.g. x1 := 0; x2 := 5A = { xi = c, c < xi < c+1 | 1 i n, c N, c < cmax }
Always initialized.
![Page 131: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/131.jpg)
f: x1' = 1; x2' = 1 j1: x1 := 0 j2: x2 := 0f
j2j1
![Page 132: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/132.jpg)
f: x1' = 1; x2' = 1 j1: x1 := 0 j2: x2 := 0f
j2j1
![Page 133: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/133.jpg)
f: x1' = 1; x2' = 1 j1: x1 := 0 j2: x2 := 0f
j2j1
![Page 134: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/134.jpg)
f: x1' = 1; x2' = 1 j1: x1 := 0 j2: x2 := 0f
j2j1
pre(R,f)
R
![Page 135: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/135.jpg)
f: x1' = 1; x2' = 1 j1: x1 := 0 j2: x2 := 0f
j2j1
![Page 136: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/136.jpg)
(cmax,cmax)
(0,0) x1
x2
f: x1' = 1; x2' = 1 j1: x1 := 0 j2: x2 := 0f
j2j1
Finite bisimulation.
![Page 137: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/137.jpg)
f: x1' = 1; x2' = 2 j1: x1 := 0 j2: x2 := 0f
j2j1
![Page 138: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/138.jpg)
f: x1' = 1; x2' = 2 j1: x1 := 0 j2: x2 := 0f
j2j1
pre(R,f)
R
![Page 139: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/139.jpg)
f: x1' = 1; x2' = 2 j1: x1 := 0 j2: x2 := 0f
j2j1
pre(R',j2)
R'
![Page 140: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/140.jpg)
f: x1' = 1; x2' = 2 j1: x1 := 0 j2: x2 := 0f
j2j1 R"
pre(R",j)
![Page 141: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/141.jpg)
(cmax,cmax)
(0,0) x1
x2
f: x1' = 1; x2' = 2 j1: x1 := 0 j2: x2 := 0
j2j1
Finite bisimulation.
f
![Page 142: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/142.jpg)
f: x1' = 1; x2' = 2 j1: x1 := 0 j2: x2 := 0f
j2j1
Observation, invariant, or guard:
x1>x2
![Page 143: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/143.jpg)
f: x1' = 1; x2' = 2 j1: x1 := 0 j2: x2 := 0f
j2j1
Observation, invariant, or guard:
x1>x2
![Page 144: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/144.jpg)
f: x1' = 1; x2' = 2 j1: x1 := 0 j2: x2 := 0f
j2j1
Observation, invariant, or guard:
x1>x2
R
pre(R,f)
![Page 145: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/145.jpg)
f: x1' = 1; x2' = 2 j1: x1 := 0 j2: x2 := 0f
j2j1
Observation, invariant, or guard:
x1>x2
R'
pre(R,j2)
![Page 146: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/146.jpg)
f: x1' = 1; x2' = 2 j1: x1 := 0 j2: x2 := 0f
j2j1
Observation, invariant, or guard:
x1>x2
![Page 147: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/147.jpg)
f: x1' = 1; x2' = 2 j1: x1 := 0 j2: x2 := 0f
j2j1
Observation, invariant, or guard:
x1>x2
![Page 148: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/148.jpg)
f: x1' = 1; x2' = 2 j1: x1 := 0 j2: x2 := 0f
j2j1
Infinite bisimulation.
Observation, invariant, or guard:
x1>x2
![Page 149: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/149.jpg)
Example: Rectangular Hybrid Automata
Q = Bm Rn
Invariants and guards: integral bounds, e.g. x1 < 7 1
x2 2
Flows: bounded slopes, e.g. x'1 [1,2]; x'2 = 1 Jumps: integral assignments, e.g. x1 := 0; x2 := 5A = { xi = c, c < xi < c+1 | 1 i n, c N, c < cmax }
Initialized: assignment when slope bounds change.
![Page 150: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/150.jpg)
j2j1
f: x1'[1,2]; x2'[1,2] j1: x1 := 0 j2: x2 := 0
f
![Page 151: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/151.jpg)
j2j1
pre(R,f)
R
f: x1'[1,2]; x2'[1,2] j1: x1 := 0 j2: x2 := 0
f
![Page 152: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/152.jpg)
f: x1'[1,2]; x2'[1,2] j1: x1 := 0 j2: x2 := 0
f
j2j1
pre(R',f)R'
![Page 153: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/153.jpg)
f: x1'[1,2]; x2'[1,2] j1: x1 := 0 j2: x2 := 0
j2j1
R" pre(R",j1)
f
![Page 154: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/154.jpg)
f: x1'[1,2]; x2'[1,2] j1: x1 := 0 j2: x2 := 0
j2j1
f
R3
pre(R3,j2)
![Page 155: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/155.jpg)
f: x1'[1,2]; x2'[1,2] j1: x1 := 0 j2: x2 := 0
j2j1
f
![Page 156: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/156.jpg)
f: x1'[1,2]; x2'[1,2] j1: x1 := 0 j2: x2 := 0
j2j1
f
Infinite bisimulation.
![Page 157: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/157.jpg)
j2j1
pre(R,f)
R
f: x1'[1,2]; x2'[1,2] j1: x1 := 0 j2: x2 := 0
f
pre(R,f)
![Page 158: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/158.jpg)
j2j1
f: x1'[1,2]; x2'[1,2] j1: x1 := 0 j2: x2 := 0
f
![Page 159: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/159.jpg)
j2j1
f: x1'[1,2]; x2'[1,2] j1: x1 := 0 j2: x2 := 0
f
![Page 160: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/160.jpg)
j2j1
f: x1'[1,2]; x2'[1,2] j1: x1 := 0 j2: x2 := 0
f
![Page 161: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/161.jpg)
j2j1
f: x1'[1,2]; x2'[1,2] j1: x1 := 0 j2: x2 := 0
f
![Page 162: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/162.jpg)
j2j1
f: x1'[1,2]; x2'[1,2] j1: x1 := 0 j2: x2 := 0
f
![Page 163: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/163.jpg)
j2j1
f: x1'[1,2]; x2'[1,2] j1: x1 := 0 j2: x2 := 0
f
![Page 164: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/164.jpg)
j2j1
f: x1'[1,2]; x2'[1,2] j1: x1 := 0 j2: x2 := 0
f
![Page 165: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/165.jpg)
j2j1
f: x1'[1,2]; x2'[1,2] j1: x1 := 0 j2: x2 := 0
f
![Page 166: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/166.jpg)
j2j1
f: x1'[1,2]; x2'[1,2] j1: x1 := 0 j2: x2 := 0
f
![Page 167: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/167.jpg)
j2j1
f: x1'[1,2]; x2'[1,2] j1: x1 := 0 j2: x2 := 0
f
![Page 168: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/168.jpg)
f: x1'[1,2]; x2'[1,2] j1: x1 := 0 j2: x2 := 0
j2j1
f
![Page 169: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/169.jpg)
(cmax,cmax)
(0,0) x1
x2
j2j1
Finite simulation.
f: x1'[1,2]; x2'[1,2] j1: x1 := 0 j2: x2 := 0
f
![Page 170: The Symbolic Approach to Hybrid Systems Tom Henzinger University of California, Berkeley.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d5e5503460f94a3d0db/html5/thumbnails/170.jpg)
Summary
1. Separate local (region algebra) from global (symbolic semi-algorithms) concerns
2. Appeal to quantifier elimination for the computability of region operations
(e.g. polyhedral hybrid systems)
3. Appeal to finite abstractions for the termination of symbolic semi-algorithms (e.g. rectangular hybrid systems)