scispace - formally typeset

Book ChapterDOI

Acceleration of Affine Hybrid Transformations

03 Nov 2014-Vol. 8837, pp 31-46

TL;DR: An original method for accelerating the control cycles of linear hybrid automata to compute their unbounded repeated effect, by analyzing the data transformations that label these cycles, by reasoning about the geometrical features of the corresponding system of linear constraints.
Abstract: This work addresses the computation of the set of reachable configurations of linear hybrid automata. The approach relies on symbolic state-space exploration, using acceleration in order to speed up the computation and to make it terminate for a broad class of systems. Our contribution is an original method for accelerating the control cycles of linear hybrid automata, i.e., to compute their unbounded repeated effect. The idea consists in analyzing the data transformations that label these cycles, by reasoning about the geometrical features of the corresponding system of linear constraints. This approach is complete over Multiple Counters Systems (MCS), and is able to accelerate hybrid transformations that are out of scope of existing techniques.
Topics: Hybrid automaton (60%), Affine transformation (54%), Computation (50%)

Summary (4 min read)

1 Introduction

  • Hybrid automata [14] are a powerful formalism for modeling systems that combine discrete and continuous features, in particular those depending on physical processes that involve undiscretized time.
  • Accelerating a cyclic path, which corresponds to a loop in a program, amounts to computing in one step all the configurations that can be reached by iterating this cycle arbitrarily many times [2].
  • The transformations undergone by variables along control paths of linear hybrid automata3 correspond to Linear Hybrid Relations (LHR), the acceleration of which is studied in [5, 6].
  • The results of [5] nevertheless suffer from two weaknesses.
  • First, when this acceleration method is applied to purely integer transformations, which can be seen as a particular case of LHR, it is not able to handle all instances covered by an acceleration procedure that has been specifically developed for such transformations [2, 3].

2.1 Algebra Basics

  • Rn that satisfy a given finite conjunction of equality constraints forms an affine space.
  • The affine space of smallest dimension that contains a given set is unique, and known as the affine hull of this set.
  • For each constraint in this set, there exists at least one point that saturates this constraint, and that satisfies all the other ones without saturating them.

2.2 Linear Hybrid Relations

  • The authors refer the reader to [5, 6, 14] for further details and formal definitions.
  • The current configuration can change in two ways.
  • The first one (time step) is to let time elapse, in which case the control location remains constant, and the variable values evolve according to the invariant and evolution law of this location.
  • Those are expressed as linear constraints over respectively the variable values, and their first time derivative.
  • For the sake of simplicity, the authors assume that all inequality constraints that appear in LHR are non-strict, i.e., that stands for ≤m, and that LHR are characterized by their pair (P, q).

2.3 Representation of Convex Polyhedra

  • In the following sections, the authors study the effect and repeated effect of LHR on sets.
  • Following the discussion in Section 2.1, the authors consider w.l.o.g.
  • Otherwise, the initial node q0 is an additional special node in which all constraints are considered to be saturated (yielding an empty affine hull).
  • The procedure ends upon reaching a node labeled by equality constraints satisfied by v, which then represents the component to which v belongs.
  • This data structure has been generalized to non-convex polyhedra in [4, 13].

2.4 Cycle Acceleration

  • The cycle acceleration problem consists in checking, within a symbolic representation system, whether the image of any representable set by unbounded iterations of a given data transformation is representable as well.
  • One also needs an algorithm for computing symbolically the image of represented sets by iterable transformations.
  • This decision does not have to be precise: a sufficient criterion can be used provided that it handles practically relevant transformations.
  • In the next section, the authors recall two iterability criteria, one developed for linear transformations over integer variables and one for linear hybrid relations, and show that they can be combined into a criterion that has a broader scope.

3.1 Discrete and Hybrid Periodic Transformations

  • Over the domain Zn, it has been established that transformations of the form x 7→.
  • This criterion can be decided using only integer arithmetic, and a suitable value of p can be computed whenever one exists [2, 3].
  • A natural idea is therefore to study hybrid transformations that have a periodic behavior, but with a period that may be greater than one.
  • The iterability criterion obtained for linear integer transformations straightforwardly extends to AHT.
  • If A2p = Ap, this simplifies into θkp(v) = Apv+ ∑2p−1 i=0 A iΠ+(k−2) ∑2p−1 i=p A iΠ.

3.2 Detecting Affine Hybrid Transformations

  • Ax+Π, and of computing the corresponding matrix A and convex polyhedron Π. Ax, where A ∈ Qn×n is identical for each point, and then adding a constant convex polyhedron Π to the result.
  • Let us assume that this polyhedron has at least one vertex, i.e., a geometrical component of dimension 0.
  • The same reasoning applied to other vertices will yield the same matrix A. Recall that the constraints defining θ are expressed over the variables x and x′, the value of which is respectively considered before and after applying the transformation.
  • The reduction consists in performing a linear variable change operation onto the largest number of distinct variables that are not statically constrained.
  • Finally, note that the acceleration method for AHT discussed in this section is able to successfully process all linear integer transformations that are handled by [2, 3].

4.1 Principles

  • Affine hybrid transformations θ have the property that the authors can compute from their set of constraints a value p ∈ N>0 such that θp has an ultimately periodic behavior.
  • This sufficient condition for iterability is not at all necessary: A possible acceleration procedure thus consists in computing such a value p by inspecting the geometrical components of Θ, computing p as the least common multiple of their detected periodicities pi, and then checking whether θ p reduces to a periodic transformation that is iterable within 〈R,Z,+,≤〉.
  • This inspection does not necessarily have to be carried out for all geometrical components:.
  • In Section 4.2, the authors establish a connection between the acceleration technique presented in this paper and the one proposed for MCS in [5], by showing that the periodicities that are captured by the graph analysis method can also be detected by the inspection of geometrical components.
  • This problem is addressed in Section 4.3.

4.2 Multiple Counters Systems

  • Let us briefly describe the method introduced in [5] for computing the periodicity of a MCS θ.
  • Since the constraint represented by σ can be saturated, there exist values v,v′ ∈ Let S′ denote the set of constraints of θ that are necessarily saturated when S is saturated, i.e., that are saturated by every v and v′ that saturate S. The set S′ contains only constraints that are either saturated for all v,v′ ∈.
  • Recall that these simple cycles are all of depth ±k.
  • Akx preserves the values of the variables in X and assigns the value 0 to the other variables.
  • The inspection of such components may produce matrices A that do not yield a periodicity pi, or yield a spurious one.

4.3 Checking Periodicity

  • Such cycles correspond to periodic constraints, which are captured in θ′.
  • The transformation θp therefore satisfies two properties.
  • (1) The second property states that, in compositions of constraints of θp, periodic constraints do not need to be repeated at more than one place.
  • This is illustrated in Section 5.1 below.
  • In practical applications, these conditions can be decided by operations over CPDD representations of the transformations, as discussed in Section 2.3.

5.1 Periodic LHR

  • Note that the affine hulls α2 and α3 produce the same matrix A, which hints at the property that θ is affine.
  • Checking whether θ is affine, also known as Second step.
  • Checking the candidate period, also known as Ax+Π. Alternative second step.
  • Alternatively, the authors may avoid computing Π and directly use the technique of Section 4.3 for checking that the candidate periodicity p = 3 is valid.
  • The reflexive and transitive closure of θ3k can be obtained by quantification over k.

5.2 Linear Hybrid Automaton

  • The effect of the cycle in H, starting from the leftmost location and preceding each transition by the passage of time, is described by the LHR θH below.
  • The variable x has been eliminated using the reductions of [5] since, after the first iteration, the cycle starts and ends with x = 0.
  • Following the approach of Section 4.3 confirms that θ2H is periodic.
  • Note that the computation of θ∗H was out of scope of the techniques of [5, 6], which cannot handle periodicities greater than one.

6 Conclusions

  • This paper introduces an original method for accelerating the data transformations that label control cycles of linear hybrid automata.
  • Given such a transformation θ, the idea consists in constructing a convex polyhedron from its linear constraints, and then inspecting the geometrical components of this polyhedron in order to compute a value p such that θp is periodic.
  • This method is able to accelerate all transformations that can be handled by the specialized algorithms developed in [3, 5, 6, 11], in particular Multiple Counters Systems, to which the reachability analysis of timed automata can be reduced.
  • Compared with those solutions, their method has the advantage of being closed under linear changes of coordinates, which naturally do not affect the geometrical features of polyhedra.
  • In all their case studies, considering the minimal non-empty components for which a non-trivial matrix A can be extracted turned out to be sufficient, but the authors do not know whether this property holds in all cases.

Did you find this useful? Give us your feedback

Content maybe subject to copyright    Report

Acceleration of Affine Hybrid Transformations
?
Bernard Boigelot
1
, Fr´ed´eric Herbreteau
2
, and Isabelle Mainz
1
1
Institut Montefiore, B28, Univ. Li`ege, Belgium
{boigelot,mainz}@montefiore.ulg.ac.be
2
Univ. Bordeaux & CNRS, LaBRI, UMR 5800, Talence, France
fh@labri.fr
Abstract. This work addresses the computation of the set of reachable
configurations of linear hybrid automata. The approach relies on sym-
bolic state-space exploration, using acceleration in order to speed up the
computation and to make it terminate for a broad class of systems. Our
contribution is an original method for accelerating the control cycles of
linear hybrid automata, i.e., to compute their unbounded repeated effect.
The idea consists in analyzing the data transformations that label these
cycles, by reasoning about the geometrical features of the corresponding
system of linear constraints. This approach is complete over Multiple
Counters Systems (MCS), and is able to accelerate hybrid transforma-
tions that are out of scope of existing techniques.
1 Introduction
Hybrid automata [14] are a powerful formalism for modeling systems that com-
bine discrete and continuous features, in particular those depending on phys-
ical processes that involve undiscretized time. Linear hybrid automata are a
restricted form of hybrid automata that are amenable to automated analysis of
some of their properties, while not sacrificing too much expressive power, which
remains sufficient for modeling precisely enough a large range of systems.
This work addresses the general problem of analyzing reachability proper-
ties of linear hybrid automata, by computing an exact representation of their
set of reachable configurations. Since this set is generally infinite, both because
variables of hybrid automata are unbounded and take their value over a dense
domain, this computation has to be performed symbolically, representing the
manipulated sets with the help of dedicated data structures. Moreover, since
linear hybrid automata are Turing complete, the computation of their reacha-
bility set cannot be guaranteed to terminate in all cases. A possible workaround
would be to introduce approximations, such as widening operators [12], in order
to force termination. We make a different choice and aim at an exact compu-
tation algorithm without guarantee of termination, trying to make it powerful
enough for handling a relevant subclass of systems.
?
This work is supported in part by the grant 2.4545.11 of the Belgian Fund for
Scientific Research (F.R.S.-FNRS).

Computing the reachability set of a system can be achieved by forward sym-
bolic state-space exploration: At each step, one propagates reachability informa-
tion from the current set of reachable configurations in order to make it bigger.
The procedure terminates upon reaching a fixed point. For hybrid automata,
an exploration step corresponds to letting time elapse in the current control
location, or to following a transition from one location to another.
This approach is not sufficient for analyzing all interesting case studies. One
reason is that some linear hybrid automata have configurations that are only
reached after an unbounded number of exploration steps; a typical example is
the leaking gas burner studied in [15]. This problem is tackled by acceleration
techniques, aimed at computing in finite time sets of configurations that are
reached after following arbitrarily long control paths. For instance, accelerating
a cyclic path, which corresponds to a loop in a program, amounts to computing
in one step all the configurations that can be reached by iterating this cycle
arbitrarily many times [2].
In order to be able to perform cycle acceleration with linear hybrid automata,
one first needs a symbolic representation system that is expressive enough for
the sets of values produced by unbounded loop iterations, as well as a formalism
for describing the data transformations labeling control paths. The main prob-
lems are then to decide whether the effect of unbounded iterations of such a
path can be computed over symbolically represented sets, and to carry out this
computation.
Solutions to these problems have been proposed in earlier work: Sets of reach-
able data values can be expressed in the first-order logic hR, Z, +, ≤i, which gen-
eralizes Presburger arithmetic to mixed integer and real variables, and for which
usable data structures have been developed [7]. The transformations undergone
by variables along control paths of linear hybrid automata
3
correspond to Linear
Hybrid Relations (LHR), the acceleration of which is studied in [5, 6].
The cycle acceleration method proposed in [5] is able to handle a broad class
of LHR, in particular all Multiple Counters Systems (MCS) [11]. This subclass
of LHR is relevant in practice since it has been established that accelerating
arbitrary control paths of timed automata [1], reduces to the same problem over
MCS. It is actually proved in [5] that acceleration of MCS makes it possible to
compute symbolically the reachability set of timed automata with a guarantee
of termination.
The results of [5] nevertheless suffer from two weaknesses. First, when this
acceleration method is applied to purely integer transformations, which can be
seen as a particular case of LHR, it is not able to handle all instances covered by
an acceleration procedure that has been specifically developed for such transfor-
mations [2, 3]. Second, the method is sensitive to the coordinate system used for
expressing data values. For instance, even though all MCS can be accelerated,
the same property does not hold for LHR obtained after applying linear variable
change operations to MCS.
3
The results of [5, 6] actually consider the slightly smaller class of strongly linear
hybrid automata but their extension to linear hybrid automata is immediate.
2

The goal of this work is to broaden substantially the scope of cycle accelera-
tion of linear hybrid relations, by developing a new approach that does not have
these weaknesses. For purely integer transformations, an obvious solution would
be to detect whether the considered LHR belongs to this class, and then branch
to a specific acceleration algorithm. This approach would not improve the state
of the art, and we propose instead a solution that is not only able to handle
all integer transformations that can be accelerated by the specialized algorithm
of [3], but also combinations of such discrete transformations with simple con-
tinuous ones. After studying the properties of this solution, we then generalize
it into a method that becomes powerful enough for handling all transformations
extracted from MCS, as well as their transformations by arbitrary linear variable
change operations.
2 Preliminaries
2.1 Algebra Basics
A linear constraint over variables x R
n
, with n 0, is a constraint of the
form a.x#b, with a Q
n
, b Q and # {<, , =, , >}. This constraint is
strict if # {<, >}, and non-strict otherwise. It is an inequality constraint if
# {<, , , >}, and an equality constraint otherwise. A constraint a.x#b is
said to be saturated by a value v R
n
if this value satisfies a.v = b.
The set of points x R
n
that satisfy a given finite conjunction of equality
constraints forms an affine space. An affine space S R
n
can be expressed in
the form S = A R
m
+ b, where 0 m n, A Q
n×m
is a matrix with rank m,
and b Q
n
. The value m then corresponds to the dimension of S. The affine
space of smallest dimension that contains a given set is unique, and known as
the affine hull of this set.
The set of solutions of a finite conjunction of linear constraints forms a convex
polyhedron, the dimension of which is defined as the dimension of its affine hull.
Within R
n
, a convex polyhedron of dimension n can be represented by a finite
canonical conjunction of constraints, i.e., a set of constraints that is uniquely
determined by the polyhedron. For each constraint in this set, there exists at
least one point that saturates this constraint, and that satisfies all the other
ones without saturating them. Convex polyhedra of dimension m < n can be
expressed as A Π + b, where A Q
n×m
, b Q
n
, and Π R
m
is a polyhedron
of dimension m that is represented canonically. In order to simplify notations,
we sometimes denote a set {v} as v, and write S
1
+ S
2
to mean {v
1
+ v
2
| v
1
S
1
v
2
S
2
}.
2.2 Linear Hybrid Relations
A Linear Hybrid Automaton (LHA) is composed of a finite control graph ex-
tended with a given number n of variables x
1
, x
2
, . . . , x
n
that take their values
in R. These variables can be grouped into a vector x whose domain is R
n
. We
3

refer the reader to [5, 6, 14] for further details and formal definitions. An example
is given in Figure 2.
A configuration of a LHA is a pair (`, v) where ` is a control location and
v assigns a value to each variable. The current configuration can change in
two ways. The first one (time step) is to let time elapse, in which case the
control location remains constant, and the variable values evolve according to
the invariant and evolution law of this location. Those are expressed as linear
constraints over respectively the variable values, and their first time derivative.
The second mechanism (transition step) is to follow a transition, which moves
the control location and applies a discrete transformation to the variable values.
This transformation is defined by linear constraints involving the initial and final
values of the variables, taken across the transition.
The semantics of LHA is defined as follows. A configuration c
2
is reachable
from a configuration c
1
if there exists a finite sequence of time and transition
steps that leads from c
1
to c
2
. A reachable configuration is one that is reachable
from a designated initial set.
It has been shown in [6] that every finite control path of a LHA induces a
transformation over its variables that can be characterized as follows.
Definition 1. A Linear Hybrid Relation (LHR) is a relation
θ =
(x, x
0
) R
n
× R
n
P
x
x
0
q
,
where P Z
m×2n
, q Z
m
, {<, ≤}
m
, and m 0.
We write θ = (P, q, ) to denote a relation of this form. Given a path in a
LHA moving from a location ` to a location `
0
, one can compute P and q such
that two values v, v
0
R
n
satisfy the LHR (P, q, ) iff (`
0
, v
0
) is reachable from
(`, v) by following the time and transition steps corresponding to this path.
In this work, for the sake of simplicity, we assume that all inequality con-
straints that appear in LHR are non-strict, i.e., that stands for
m
, and that
LHR are characterized by their pair (P, q). All results in this paper can straight-
forwardly be extended to the more general setting of mixed strict and non-strict
constraints.
Let θ be a LHR. Following [5], we call a constraint of this LHR static if it
involves only either x or x
0
. For a set S R
n
, its image θ(S) by θ is given
by {x
0
R
n
| x S : (x, x
0
) θ}. This can alternatively be expressed as
θ(S) = (θ (S × R
n
))|
[n+1,2n]
, where U |
I
denotes the projection of the elements
of U onto the vector components belonging to I. Given two LHR θ
1
and θ
2
, their
composition θ
2
θ
1
is the LHR θ such that θ(S) = θ
2
(θ
1
(S)) for all sets S. Note
that we have θ
2
θ
1
= ((θ
1
× R
n
) (R
n
× θ
2
))|
[1,n][2n+1,3n]
. Finally, for every
k, the result of composing k 1 times a LHR θ with itself is denoted θ
k
, with
θ
0
corresponding to the identity relation.
4

2.3 Representation of Convex Polyhedra
In the following sections, we study the effect and repeated effect of LHR on sets.
The image θ(v) of a point v R
n
by a LHR θ is the set of points v
0
such that
(v, v
0
) satisfies the linear constraints of θ, that is, a convex polyhedron. We now
study some topological properties of such polyhedra.
Following the discussion in Section 2.1, we consider w.l.o.g. a convex poly-
hedron Π R
n
of dimension n, defined by its canonical set of inequality con-
straints. As explained in [4, 13], such a polyhedron induces a finite equivalence
relation
Π
on the points of R
n
: One has v
Π
v
0
iff these two points saturate
identical subsets of constraints of Π. The equivalence classes of
Π
correspond
to the geometrical components of Π. For each geometrical component C, its
affine hull aff(C) matches the constraints of Π saturated by C, and its dimen-
sion is defined as the one of this affine hull. The geometrical components of Π
are linked together by an incidence partial order
Π
: One has C
1
Π
C
2
iff
aff(C
1
) aff(C
2
), i.e., iff the constraints saturated in C
1
are a superset of those
saturated in C
2
.
Those properties lead to a data structure for representing symbolically con-
vex polyhedra: A Convex Polyhedron Decision Diagram (CPDD) representing a
polyhedron Π is a directed acyclic graph in which:
The nodes correspond to the geometrical components of Π, and are labeled
by the constraints of Π that they saturate, written as equalities (in other
words, by the affine hull of their geometrical component).
If Π admits a unique minimal component with respect to the incidence order
Π
, then the node q
0
associated to this component is marked as initial.
Otherwise, the initial node q
0
is an additional special node in which all
constraints are considered to be saturated (yielding an empty affine hull).
The edges follow the incidence relation, removing those that are redundant
by transitivity. An edge from q
1
to q
2
is labeled by the constraints that are
saturated in q
1
and not in q
2
, written as strict inequalities.
An example of CPDD is given in Figure 1. This data structure actually pro-
vides a simple procedure for locating the geometrical component of Π to which
a given point v R
n
belongs: Starting from the initial node, one follows edges
labeled by inequality constraints that are satisfied by v. The procedure ends
upon reaching a node labeled by equality constraints satisfied by v, which then
represents the component to which v belongs. If several paths can be followed
from a given node, one of them can be chosen arbitrarily without the need for
backtracking.
This procedure illustrates an essential property of convex polyhedra: The
points contained in a geometrical component are exactly those that saturate the
constraints associated to this component, and that do not saturate the other
constraints. This property will be exploited in order to establish a key result in
Section 4.
It is worth mentioning that CPDD nodes do not correspond to all possible
combinations of saturated linear constraints, but only to those that are associ-
ated to geometrical components. For instance, the CPDD depicted in Figure 1
5

Citations
More filters

Book ChapterDOI
Bernard Boigelot1, Isabelle Mainz1Institutions (1)
07 Oct 2018
TL;DR: An original data structure, the Decomposed Convex Polyhedron (DCP), is introduced that is closed under intersection and linear transformations, and allows to check inclusion, equality, and emptiness.
Abstract: This work is aimed at developing an efficient data structure for representing symbolically convex polyhedra. We introduce an original data structure, the Decomposed Convex Polyhedron (DCP), that is closed under intersection and linear transformations, and allows to check inclusion, equality, and emptiness. The main feature of DCPs lies in their ability to represent concisely polyhedra that can be expressed as combinations of simpler sets, which can overcome combinatorial explosion in high dimensional spaces. DCPs also have the advantage of being reducible into a canonical form, which makes them efficient for representing simple sets constructed by long sequences of manipulations, such as those handled by state-space exploration tools. Their practical efficiency has been evaluated with the help of a prototype implementation, with promising results.

1 citations


Cites background or methods from "Acceleration of Affine Hybrid Trans..."

  • ...Our motivation for studying convex polyhedra is to use them for representing the reachable sets produced during symbolic state-space exploration of linear hybrid systems and temporal automata [18, 9, 7, 1]....

    [...]

  • ...The former drawback is alleviated by the Implicit Real Vector Automaton (IRVA) [14] and the Convex Polyhedron Decision Diagram (CPDD)[7], in which parts of the decision graph are encoded by more efficient algebraic structures....

    [...]

  • ...Intuitively, a CPDD can be understood as a compact representation of a deterministic finite automaton accepting the points of a convex polyhedron [8, 7]....

    [...]

  • ...A Convex Polyhedron Decision Diagram (CPDD) [7] representing a convex polyhedron P is a directed acyclic graph (Q,T, q0) such that:...

    [...]


Book ChapterDOI
Jérôme Leroux1Institutions (1)
23 Jun 2021
Abstract: Vector addition systems with states (VASS for short), or equivalently Petri nets are one of the most popular formal methods for the representation and the analysis of parallel processes. The central algorithmic problem is reachability: whether from a given initial configuration there exists a sequence of valid execution steps that reaches a given final configuration. This paper provides an overview of results about the reachability problem for VASS related to Presburger arithmetic, by presenting 1) a simple algorithm for deciding the reachability problem based on invariants definable in Presburger arithmetic, 2) the class of flat VASS for computing reachability sets in Presburger arithmetic, and 3) complexity results about the reachability problem for flat VASS.

References
More filters

Journal ArticleDOI
Rajeev Alur1, David L. Dill1Institutions (1)
Abstract: Alur, R. and D.L. Dill, A theory of timed automata, Theoretical Computer Science 126 (1994) 183-235. We propose timed (j&e) automata to model the behavior of real-time systems over time. Our definition provides a simple, and yet powerful, way to annotate state-transition graphs with timing constraints using finitely many real-valued clocks. A timed automaton accepts timed words-infinite sequences in which a real-valued time of occurrence is associated with each symbol. We study timed automata from the perspective of formal language theory: we consider closure properties, decision problems, and subclasses. We consider both nondeterministic and deterministic transition structures, and both Biichi and Muller acceptance conditions. We show that nondeterministic timed automata are closed under union and intersection, but not under complementation, whereas deterministic timed Muller automata are closed under all Boolean operations. The main construction of the paper is an (PSPACE) algorithm for checking the emptiness of the language of a (nondeterministic) timed automaton. We also prove that the universality problem and the language inclusion problem are solvable only for the deterministic automata: both problems are undecidable (II i-hard) in the nondeterministic case and PSPACE-complete in the deterministic case. Finally, we discuss the application of this theory to automatic verification of real-time requirements of finite-state systems.

6,845 citations


Proceedings ArticleDOI
01 Jan 1977
Abstract: A program denotes computations in some universe of objects. Abstract interpretation of programs consists in using that denotation to describe computations in another universe of abstract objects, so that the results of abstract execution give some information on the actual computations. An intuitive example (which we borrow from Sintzoff [72]) is the rule of signs. The text -1515 * 17 may be understood to denote computations on the abstract universe {(+), (-), (±)} where the semantics of arithmetic operators is defined by the rule of signs. The abstract execution -1515 * 17 → -(+) * (+) → (-) * (+) → (-), proves that -1515 * 17 is a negative number. Abstract interpretation is concerned by a particular underlying structure of the usual universe of computations (the sign, in our example). It gives a summary of some facets of the actual executions of a program. In general this summary is simple to obtain but inaccurate (e.g. -1515 + 17 → -(+) + (+) → (-) + (+) → (±)). Despite its fundamentally incomplete results abstract interpretation allows the programmer or the compiler to answer questions which do not need full knowledge of program executions or which tolerate an imprecise answer, (e.g. partial correctness proofs of programs ignoring the termination problems, type checking, program optimizations which are not carried in the absence of certainty about their feasibility, …).

6,524 citations


"Acceleration of Affine Hybrid Trans..." refers background in this paper

  • ...A possible workaround would be to introduce approximations, such as widening operators [12], in order to force termination....

    [...]


Proceedings ArticleDOI
Thomas A. Henzinger1Institutions (1)
27 Jul 1996
TL;DR: The goal is to demonstrate that concepts from the theory of discrete concurrent systems can give insights into partly continuous systems, and that methods for the verification of finite-state systems can be used to analyze certain systems with uncountable state spaces.
Abstract: We summarize several recent results about hybrid automata. Our goal is to demonstrate that concepts from the theory of discrete concurrent systems can give insights into partly continuous systems, and that methods for the verification of finite-state systems can be used to analyze certain systems with uncountable state spaces.

1,841 citations


Journal ArticleDOI
TL;DR: The first section introduces the running example, of leakage in a gas burner, and defines and axiomatises the proposed calculus as an extension of interval temporal logic.
Abstract: The purpose of the calculus of durations is to reason about designs and requirements for time-critical systems, without explicit mention of absolute time. Its distinctive feature is reasoning about integrals of the durations of different states within any given interval. The first section introduces the running example, of leakage in a gas burner. The second section defines and axiomatises the proposed calculus as an extension of interval temporal logic. The third section applies it to the problem described in the introduction. The fourth section briefly surveys alternative calculi.

800 citations


"Acceleration of Affine Hybrid Trans..." refers background in this paper

  • ...One reason is that some linear hybrid automata have configurations that are only reached after an unbounded number of exploration steps; a typical example is the leaking gas burner studied in [15]....

    [...]


Book ChapterDOI
Hubert Comon1, Yan Jurski1Institutions (1)
28 Jun 1998
TL;DR: It is shown that the set of possible counter values which can be reached after any number of iterations of a loop is definable in the additive theory of ℕ (or ℤ or ℝ depending on the type of the counters).
Abstract: We consider automata with counters whose values are updated according to signals sent by the environment. A transition can be fired only if the values of the counters satisfy some guards (the guards of the transition). We consider guards of the form yi#yj + ci,j where yi is either xi or xi, the values of the counter i respectively after and before the transition, and # is any relational symbol in {=,≤,≥,>,<}. We show that the set of possible counter values which can be reached after any number of iterations of a loop is definable in the additive theory of ℕ (or ℤ or ℝ depending on the type of the counters). This result can be used for the safety analysis of multiple counters automata.

229 citations


"Acceleration of Affine Hybrid Trans..." refers methods in this paper

  • ...This method is able to accelerate all transformations that can be handled by the specialized algorithms developed in [3, 5, 6, 11], in particular Multiple Counters Systems, to which the reachability analysis of timed automata can be reduced....

    [...]

  • ...Furthermore, our approach is not limited to handling MCS, unlike the acceleration method developed in [11]....

    [...]

  • ...The cycle acceleration method proposed in [5] is able to handle a broad class of LHR, in particular all Multiple Counters Systems (MCS) [11]....

    [...]

  • ...This approach shares similarities with the solution proposed in [5] for accelerating Multiple Counters Systems (MCS) [11], which are a subclass of LHR in which all constraints are of the form zi#zj + c, with zi, zj ∈ {x1, ....

    [...]


Network Information
Related Papers (5)
Performance
Metrics
No. of citations received by the Paper in previous years
YearCitations
20211
20181