Hybrid Sys Slides

Prof.
Pallab Dasgupta
Dept. of Computer Science & Engineering
Indian Institute of Technology, Kharagpur
Formal Analysis of Hybrid Systems
Indian Institute of Technology Kharagpur Pallab Dasgupta
A Model for Hybrid System
A hybrid systemH= (Loc, Var, Lab, Edg, Act, Inv) Consists of six components:
1. A finite set Locof vertices called locations.
2. A finite set Var of real valued variables.
We write Vfor the set of valuations. A valuation is a function that assigns a real-value
(x) R to each variable x Var.
A state is a pair (, ) consisting of a location Loc and a valuation V.
3. A finite set Labof synchronizationlabels.
Lab necessarily contains the stutter label , i.e. Lab.
4. A finite set Edgof edges called transitions.
Each transition e = (, a,, ) consists of :
A source location Loc,
A target location Loc,
A synchronization label a Lab
A transition relation V
2
For each location Locthere is a set Con Var of controlled variables and a
stutter transition of the form (, , ID
con
, ), where (, ) Id
con
iff for all
variables x Var, either x Conor (x) = (x).
The transition e is enabled in a state (, ) if for some valuation V, ( , )
. The state (, ) is then said to be a transition successor of (, ).
Indian Institute of Technology Kharagpur Pallab Dasgupta 4
5. A labeling function Actthat assigns to each location Loc a set of activities.
Each activity is a function from the nonnegative reals R
0
to V.
The activities of each location are time-invariant.
6. A labeling function Invthat assigns to each location Loc an invariant Inv() V.
The system may stay at a location only if the location invariant is true; that is,
some discrete transition must be taken before the invariant becomes false.
The hybrid system His time-deterministicif for every location Loc and every
valuation V, there is at most one activity f Act() with f(0) =. The activity f,
then, is denoted by
[].
The runs of a hybrid system
The state of a hybrid system can change in two ways:
By a discreteand instantaneoustransition that changes both the control location and the
values of the variables according the transition relation;
By a timedelaythat changes only the values of the variables according to the activities of
the current location.
A run of the hybrid system H, then, is a finite or infinite sequence
of states
i
=(
i
,
i
) nonnegative reals t
i
R
0
and activities f Act(
i
), such that for all
i 0:
1. f
i
(0) =
i
2. For all 0 t t
i
, f
i
(t) Inv(
i
)
3. The state
i+1
is a transition successor of the state
The state
i
is called a time successor of the state
I
;
The state
i+1
is called a successorof
i
.
We write [H] for the set of runs of the hybrid systemH.
6
.... :
2
2
1
1
t
f 2
t
f 1
0
t
0
f 0

The runs of a hybrid system
)) ( , (
'
i i i i
t f =
Hybrid systems as transition systems
With the hybrid system H, we associate the labeled transition system
H
=(, Lab"
R
0
,), when the steprelationis the union of the following two:
The transition-step relations
a
, for a Lab,
The time-step relations
t
, for t R
0
7
( ) ( ) ( )
( ) ( )
' '
' ' '
, ,
, , , , ,

a
Inv Edg a

( ) ( ) ( ) ( )
( ) ( ) ( ) t f
Inv t f t t 0 0 f Act f
a
, ,
.
' '

=
The stutter transitions ensure that the transition system
H
is reflexive. For all states ,
, , , Where =(, v) and for all t R
0
,
It follows that for every hybrid systems, the set of runs is closed under prefixes,
suffixes, stuttering, and fusion [HNSY94].
For time-deterministic hybrid systems, Time can progress by the amount t R
0
from
the state (, v) if this is permitted by the invariant of location ; that is :
We can rewrite the time-step rule for time-deterministic systems as :
8
( )
' '
, ,
a ' ' t ' ' t
f
lab. a iff Act f
[ ]( ) [ ]( ) ( )

Inv t v t t v tcp
' '
. t 0 iff
[ ]( )
( ) [ ]( ) ( ) t v v
t v tcp
t
, ,
Hybrid systems as transition systems
Example: Thermostat
When the heater is off, the temperature:
When the heater is on:
The resulting time-deterministic hybrid system is shown below:
( )
Kt
e t x

=
( ) ( )
Kt Kt
e 1 h e t x

+ =
The Parallel composition of hybrid systems
Let H
1
=(Loc
1
Var, Lab
1
, Edg
1
, Act
1
, Inv
1
) and H
2
=(Loc
2
Var, Lab
2
, Edg
2
, Act
2
, Inv
2
) be two
hybrid systems over a common set Var of variables.
Let it be so that whenever H
1
performs a discrete transition with the synchronization
label a Lab
1
Lab
2
, then so does H
2
.
The product H
1
xH
2
is the hybrid system (Loc
1
xLoc
1
, Var, Lab
1
ULab
2
, Edg, Act, Inv)
such that:
((
1
,
2
), a, , (
1
,
2

) Edg iff
1) (
1
, a
1
,
1
,
1
) Edg
1
and (
2
, a
2
,
2
,
2
) Edg
2
2) Either a
1
=a
2
=a; or a
1
Lab
2
and a
2
= ; or a
1
= and a
2
Lab
1,
3) =
1

2
;
Act(
1
,
2
) = Act
1
(
1
) Act
2
(
2
)
Inv(
1
,
2
) = Inv
1
(
1
) Inv
2
(
2
)
10
It follows that all runs of the product system are runs of both component systems:
The product of two time-deterministic hybrid systems is also time-deterministic.
11
[ ] [ ] [ ] [ ]
2 2 Loc 2 1 1 1 Loc 2 1
H H H and H H H
The Parallel composition of hybrid systems
Linear Hybrid Systems
A linear termover the set Var of variables is linear combination of the variables in Var
with integer coefficients.
A linear formula over Var is a boolean combination of inequalities between linear terms
over Var.
The time-deterministic hybrid system H =(Loc Var, Lab, Edg, Act, Inv) is linear if its
activities, invariants, and transition relations can be defined by linear expressions over
the set Var of variables:
1. For all locations Loc , the activities Act() are defined by a set of differential equations of
the form , one for each variable x Var , where k
x
is an integer constant: for all
valuation v V, variables x Var , and nonnegative reals t R
0
.
12
x
k x =
.
[ ]( ) ( ) t v
x
+ =
x
k x v t

2. For all location Loc the invariant Inv() is defined by a linear formula over Var.
3. For all transitions e Edgthe transition relation is defined by a guarded set of
nondeterministic assignments.
Here, the guard is a linear formula, and both interval boundaries
x
and
x
are linear terms
for each variable x Var :
13
( ) ( ) v iff Inv v
[ ] { }. Var x | , : =
x x
x
( ) ( ) ( ) ( ) ( )
x x
v x v' Var.v x v iff v v ' ,
Linear Hybrid Systems
Special cases of linear hybrid systems
If Act(.x) =0 for each location Locthen xis a discretevariable. A discretesystem
is a linear hybrid system all of whose variables are discrete.
A discrete variable x is a proposition if (e, x) {0, 1} for each transition e Edg. A
finite-statesystemis a linear hybrid system all of whose variables are proposition.
If Act(.x) =1 for each location and (e, x) {0, x} for each transition e, then xis a
clock. Thus:
1) The value of a clock increases uniformly with time, and
2) A discrete transition either resets a clock to 0, or leaves it unchanged.
A timedautomationis a linear hybrid system all of whose variables are propositions
or clocks, and the linear expressions are boolean combinations of inequalities of a
particular form.
14
If there is a nonzero integer constant k such that Act(, x) =kfor each location
and (e, x) {0, x} for each transition e, then xis a skewed clock. A multiratetimed
systemis a linear hybrid system all of whose variables are propositions and skewed
clocks. An n-ratetimed system is a multirate timed system whose skewed clocks
proceed at n different rates.
If Act(, x) {0, 1} for each location and (e, x) {0, x} for each transition e, then xis
an integrator. It is basically a clock that is typically used to measure accumulated
durations. An integrator systemis linear hybrid system all of whose variables are
propositions and integrators.
15
Special cases of linear hybrid systems
Examples of Linear Hybrid Systems
16
A Water-level monitor:
A leaking gas burner:
17
A temperature control system:
18
A game of billiards:
19
Game of billiards, movement of the grey ball:
Example
Sample program:
int i=0
do {
assert( i <= 10);
i = i+2;
} while (i < 5);
L1
L2
L3
L4
L5
Error
i=0;
[i>10]
[i10]
i=i+2;
[i<5]
[i5]
Control Flow Graph (CFG):
Concrete Interpretation Sample program:
int i=0
do {
assert( i <= 10);
i = i+2;
} while (i < 5);
L1
L2
L3
L4
L5
Error
i=0;
[i>10]
[i10]
i=i+2;
[i<5]
[i5]
Philosophy:
Collect the set of possible values of i until
a fixed point is reached
Int
{0}
{0}
{2}
Iteration-1
L1
L2
L3
L4
L5
Error
i=0;
[i>10]
[i10]
i=i+2;
[i<5]
[i5]
Int
{0,2}
{0,2}
{2,4}
Iteration-2
L1
L2
L3
L4
L5
Error
i=0;
[i>10]
[i10]
i=i+2;
[i<5]
[i5]
Int
{0,2,4}
{0,2,4}
{2,4,6}
{6}
Iteration-3
Abstract Interpretation
Sample program:
int i=0
do {
assert( i <= 10);
i = i+2;
} while (i < 5);
L1
L2
L3
L4
L5
Error
i=0;
[i>10]
[i10]
i=i+2;
[i<5]
[i5]
Philosophy:
Use an abstract domain instead of value sets
Example: We may use value intervals instead of
value sets
[min, max]
[0,0]
[0,0]
[2,2]
[ ]
Iteration-1
L1
L2
L3
L4
L5
Error
i=0;
[i>10]
[i10]
i=i+2;
[i<5]
[i5]
[min, max]
[0,2]
[0,2]
[2,4]
[ ]
Iteration-2
L1
L2
L3
L4
L5
Error
i=0;
[i>10]
[i10]
i=i+2;
[i<5]
[i5]
[min, max]
[0,4]
[0,4]
[2,6]
[5,6]
Iteration-3
Actually, the value 5 is not possible her
The Reachability Problem for Linear Hybrid Systems
Let and are two states of a hybrid system H.
The state is reachable from the state , written * if there is a run of Hthat
starts in and ends in .
The reachability question asks, then, if * f or two given states and of a
hybrid system H.
The verification of invariance properties is equivalent to the reachability question: a set
R of states is an invariant of the hybrid system Hiff no state in - R is reachable
from an initial state of H.
24
A decidability result
A linear hybrid system is simpleif all linear atoms in location invariabts and transition
guards are of the form x k or k x, for a variable xVar and an integer constant k.
For multirate timed systems the simplicity condition prohibits the comparison of
skewed clocks with different rates.
Theorem 3.1: The reachability problem is decidable for simple multirate timed
systems.
25
Two Undecidability results
Theorem 3.2: The reachability problem is undecidable for 2-rate timed systems.
Theorem 3.3: The reachability problem is undecidable for simple integrator systems.
26
The verification of Linear Hybrid Systems
Forward Analysis: Preliminary Definitions
Given a location Locand a set of valuations P V, the forward time closure of Pat is the
set of valuations that are reachable from some valuation v P.
Thus for all valuation v , There exist a valuation v Pand a nonnegative real
tR
0
such that (, v)

(, v )
Given transition e= (, a, , ) and a set of valuation P V, the post condition post
e
[P] of Pwith
respect to eis the set of valuations that are reachable from some valuation v Pby executing the
transition e;
Thus for all valuations v post
e
[P], there exists a valuation v P such that (, v)
a
(, v)
27
P
[ ]( ) [ ]( ) t t v P v v v' tcp P v . R t V, v iff '
0

P
[ ] ( ) ' v' v, P V.v v iff P post v
e


A set of states is called a region.
Given a set P V of valuations, by (, P) we denote the region
{(, v) | v P}.
We write (, v) (, P) iff v P.
For a region ,
28
( )

R ,
Loc
R

=
( )
R ,
Loc
R
=
[ ]
( )
[ ] ( )

R R
Edge e
e
' ,
post , ' post
=
=

The verif. of Lin. Hyb. Sys.: Forward Analysis
A symbolic run of the linear hybrid system His a finite or infinite sequence
: (
0
, P
0
) (
1
, P
1
) (
i
, P
i
)
of regions such that for all i 0, there exists of transitions e
i
from
i
to
i +1
and
The symbolic run a represents the set of all runs of the form
such that (
i
, v
i
) (
i
, P
i
) for all i 0.
[ ]
i
i e i
P post P
=
+1
( ) ( ) ... , ,
1 0
1 1 0 0
t t
v v

Given a region I the reachable region of I is the
set of all states that are reachable from states in I:
Proposition 4.1: Let be a region of the linear
hybrid system H. The reachable region
is the least fixpoint of the equation.
or equivalently, for all locations Loc , the set R
of valuations
is the least fixpoint of the set of equations:
.
30
( ) * I
( ) * ' . ' * I iff I
( )

I I
Loc
,
=
( ) ( )

R I
Loc
, *

=
[ ] X post I X =

( )
[ ]

'
, '
X post I X
e
Edg e =
=

Lemma 4.1: For all linear hybrid systems H, if P V is a linear
set of valuations, then for all locations Loc and transitions
e Edg, both and post
e
[P] are linear sets of valuations.
By Lemma 4.1, if Ris a linear region, then so are both and
post
e
[R]
31
P

R

Example, Forward Analysis: The leaking gas
burner
. . . Contd.
Recap:
Let I be the set of initial states defined by the linear formula
The set of reachable states is characterized by the least fixpoint of the two
equations
which can be iteratively computed as
33
( ) 0 1 = = = = = z y x pc
I
( ) * I
[ ]
1
2 ) 1 , 2 ( 1
0 post z y x = = = =
( )
[ ]
2
1 2 , 1 2
post false =
[ ]

1 , 2 ) 1 , 2 ( 1 , 1 , 1
=
i i i
post
[ ]
2
1 , 1 ) 1 , 2 ( 1 , 2 , 2

=
i i i
post
Example, Forward Analysis: The leaking gas

burner
Backward Analysis
Given a location Locand a set of valuation P V the backward time closure P
of
P at is the set of valuations from which it is possible to reach some valuation v P
by letting time progress:
Thus for all valuations v P
, there exist a valuation v P and a nonnegative real

t R
0
such that (,v)
t
(,v) .
Given a transition e =(, a, , ) and a set of valuation P V, the precondition pre
e
[P] of
P with respect to e is the set of valuation from which it is possible to reach a valuation
v P by executing the transition e:
34
[ ]( ) [ ]( ) t v tcp P v t v v R v iff P v
0
' ' . '

[ ] ( ) ' v , v' P V.v v iff P pre v

e
Thus, for all valuation vPre
e
[P], there exists a valuation v P such that
(,v)
a
(,v)
The backward time closure and the precondition can be naturally extended to regions:
for R =
Loc
(, R
),
Given a region R , the initial region (* R) of R is the set of all states from
which a state in R is reachable:
Notice that R (* R).
35
( ) R R
Loc

=

[ ]
( )
[ ] ( ) R pre R pre
e
Edg e

,
, ' =
=
( ) ' * R. ' iff R *
Proposition 4.2 Let R =
Loc
(, R
) be a region of the linear hybrid system

H. The initial region I =
Loc
(, I
) is the list fixpoint of the equation.

Or equivalently, for all locations Loc , the set I
of valuations is the
least fixpoint of the set.
Lemma 4.2 For all linear hybrid systems H, if P V is a linear set of
valuations, then for all locations Loc and transitions eEdg, both P
and pre
e
[P] are linear sets of valuations.
36
[ ] X pre R X =

( )
[ ]

X pre R X
e
Edg e
'
' , =
=


Example: Backward analysis
The region R defined by the linear formula
Should be not reachable from the set I of initial states defined by the linear formula
The set (* R) of states from which it is possible to reach a state in R is characterized
by the least fixpoint of the two equations.
Which can be iteratively computed as:
37
( ) y z 20 60 y
R
> =
( ) 0 z y x 1 pc
I
= = = = =
( )
( )
[ ]
1
2 2 1 1
pre y z 20 60 y
,
> =

( )
( )
[ ]
2
1 1 2 2
pre y z 20 60 y
,
> =

( )
[ ]
1
1 i 2 2 1 i 1
pre

=
, , ,

( )
[ ]
2
1 i 1 1 2 i 2
pre

=
, , ,

The verif. of Lin. Hyb. Sys.: Approximate Analysis
We compute upper approximations of the sets
of states which are reachable from the initial states I (forward analysis)
of states from which the region Ris reachable (backward analysis)
For forward analysis, the set X
of reachable states at location is given by proposition

4.1 as:
Two problems arise in the practical resolution of such a system:
Handling disjunctions of systems of linear inequalities; for instance there is no easy way
for deciding if a union of polyhedra is included into another.
The fixpoint computation may involve infinite iteration.
38
( ) * I
( ) R *
( )
[ ]

'
, '
X post I X
e
Edg e =
=

An approximate solution to these problems is provided by abstract interpretation
techniques.
Union of polyhedra is approximated by their convex hull. Let denote the convex hull
operator:
The system of equations becomes:
To enforce the convergence of iterations, we apply Cousot's widening technique.
39
( ) [ ] { } 1 , 0 , ' ' , | ' 1 ' + = P x P x x x P P
( )
[ ]

'
' ,
X post I X
e
Edg e =
=

The idea is to extrapolate the limit of a sequence of polyhedra in such a way that an
upper approximation of the limit be always reached in a finite number of iterations.
We define a widening operator, noted , on polyhedra, such that:
For each pair (P, P) of polyhedra, P P P P
For each infinite increasing sequence (P
0
, P
1
,.. P
n
,.) of polyhedra, the sequence
defined by Q
0
= P
0
, Q
n+1
= Q
n
P
n+1
is not strictly increasing (i.e., remains constant
after a finite number of terms).
40

The widening operator is used as follows:
1. Choose, in each loop of the graph of the hybrid system, at least one location, and call
them widening location (So, removing these locations would cut each loop in the
graph).
2. Let be the n-th step computation at location ; that is,
3. Instead, for each widening location and each step n 1, compute
41
( )
( )
1
=
n n
X F X
( )
( )
( )
( )
[ ]

1
'
, '
1
=
=
n
e
Edg e
n
X post I X F
( ) ( )
( )
1 1

=
n n n
X X X

Approximation Operators:
42
Example, Approximate Analysis: The leaking gas
burner
With I defined by
I
= (pc= 1 x= y= z= 0), we have with
and (choosing location 1 as the only widening location):
43
( )
2 1
* X X I =
( )
( ) 2 1 i X X
n
i i
, , lim = =
( ) ( )
( )
( )
( )
[ ]
1
1 n
2 1 2
1 n
1
n
1
X post 0 z y x X X

= = = =
,

( )
( )
( )
[ ]
2
n
1 2 1
n
2
X post X
,
=

Analysis of Leaking Gas Burner
44
Source: [Gonnord, Halbwachs, LNCS 4134] Combining widening and acceleration in linear relation analysis.
Step-1: Leaking location reached with {t=l=0}, and as time elapses we get the
polyhedron {0 t = l 10} (Region (1) in Fig. 2.a)
45
Step-2: Non-leaking location is reached with {0 t = l 10}. As time elapses, we
get {0 l 10, t l }. (Region (2) in Fig. 2.b)
46
Step-3: We go back to leaking location with {0 l 10, t l+50 }, (Region (3) in Fig. 2.c)
Convex hull with {t = l =0 } gives {0 l 10, t 6l }, (Region (4) in Fig. 2.c)
47
Step-3 (contd): Time passage yields {0 l 20, t l, t 6l 50 }. Now standard
widening yields {0 l t, t 6l 50 }. (Region (5) in Fig. 2.c)
Minimization
We extend the next relation to regions:
We write for the reflexive transitive closure of
Let be a partition of the state space . A region R is stable if for all R
The partition is a bisimulation if every region R is stable.
48
' R', R, , iff R R '

*

{ } ' . ' R R implies R R
Or Equivalently
[ ] [ ] R pre R implies R pre R '


The partition respects the region R
F
if for every region R , R R
F
or R R
F
=
Our objective is to construct the coarsest bisimulation that respects a given region R
F
,
provided there is a finite bisimulation that respects R
F
.
The function split[](R) splits the region R into subsets that are more stable with
respect to :
49
[ ]( )
{ }
{ } [ ]
{ }
, ' " ' . " if ' , '
otherwise
:
R R R R pre R R R R R
R
R split
=
=

Minimization
The minimization procedure returns YES iff I R
F
.
State-space minimization:
50
*
Minimization
Model Checking
Timed computation tree logic:
Let Cbe a set of clocks not in Var; that is C Var = .
A state predicate is a linear formula over the set Var Cof variables.
The formulas of TCTL, then, are defined by the following grammar, where is a state
predicate and z C.
The formal is closed if all occurrences of a clock z Care within the scope of a reset
quantifier z.
51
::= | |
1

2
| z. |
1
u
2
|
1
u
2
Timed Computation Tree Logic
The closed formulas of TCTL are interpreted over the state space
of a linear hybrid system H.
A state satisfies the TCTL-formula
1
u
2
if there exists a run
of H from to a state satisfying
2
such that
1

2
continuously holds along the run.
A state satisfies the TCTL-formula
1
u
2
if every divergent
run of H from leads to a state satisfying
2
such that
1

2
continuously holds from to .
Clocks can be used to express timing constraints.
E.g. z. (trueu ( z 5)) asserts that there is a run on
which is satisfied within 5 time units.
52
Standard abbreviations:
1. trueu
2. trueu
3.
4.
5.
<5
z. ( (z< 5))
53
Let be a run of the linear hybrid system H, with
i
=(
i
,
i
) for all
i 0:
A position of is a pair (i, t) consisting of a nonnegative integer i and a
nonnegative real t t
i
.
The position of are ordered lexicographically; that is , (i, t) (j, t) iff i < j, or i = j
and t t.
For all positions =(i, t) of ,
The state () at the position of is (
i
,
[v
i
](t)), and
The time
() at the position of is t+
j<i
t
j
A clock valuation is function from Cto R
0
.
By + twe denote the clock valuation such that (z) = (z) + tfor all
clocks z C.
By [z := 0] we denote the valuation such that (z) = 0 and (z ) =
(z) for all clocks z z.
An extended state (, ) consists of a state and a clock valuation .
54
...
1 0
1 0
t t
=
The extended state(, ) satisfies the TCTL-formula ,denoted (, ) if:
55
Let be a closed formula of TCTL. We write if (, ) for all clock
valuations .
The Linear hybrid system Hsatisfies , denoted H , if all states of Hsatisfy .
The model-checking algorithm
The Characteristic set of is the set of states that satisfy .
Given a closed TCTL-formula , a model-checking algorithm computes
the characteristic set
Definition of binary next or single step until operator :
Given two regions R, R , the region R R is the set of states that have
a successor R such that all states between and are contained in R
R :
I.e., ( ,) (R R) iff:
I.e., the operator is a single-step until operator.
For a linear formula , we extend the tcp operator such that
56
( ) ( ) ( ) ( ) ( ) ( ) ' ' , . ' ' , ' , , , ' ' , ' R R t v t t 0 v v R t R v
t 0
+

[ ][ ]( ) [ ]( ) ( ) ( ) ' . ' 0 iff tcp

Inv t v t t t v
For a state = (, v) we write [] for the function
[v], and for a region

R =
Loc
(,R
) we write.
Now, for two regions R, R , we define the region RR as
Lemma 4.3: For all linear hybrid systems H, if R and R are two linear regions of H,
then so is R R.
57
[ ][ ]( ) [ ][ ]( ) t v R tcp iff t R tcp

( ) [ ]( ) [ ] [ ][ ]( ) ( ) t R R tcp R pre t R t iff R R

0
' ' . '

Let Rand R be the characteristic sets of the two TCTL-formulas and ,
respectively. The characteristic set of the formula u can be iteratively computed
as
i
R
i
with
R
0
= R, and
For all i 0, R
i+1
= R
i
(R R
i
)
To check if the TCTL-formula is an invariant of H, we check if the set of initial states
is contained in the characteristic set of the formula . This characteristic set can
be iteratively computed as
i
R
i
with
R
0
= , and
for all i 0, R
i+1
= R
i
(true R
i
)
The real-time response property asserting that a given event occurs within a certain
time bound is expressed in TCTL by a formula of the form
c
, whose
characteristic set can be iteratively computed as
i
R
i
[z : = 0] with
R
0
= z > c, and
For all i 0, R
i+1
= R
i
((R) R
i
),
where R = and z C
58
Example: the temperature control system
System requirement: Maintain the temperature of the coolant between
m
and
M
.
If temperature rises to
M
and cannot decrease because no rod is available, a complete
shutdown is required.
Will the system ever reach the shutdown state?
59
TCTL formula stating that state 3 (shutdown) is always unreachable:
(pc =0
M
x
1
T x
2
T ) (pc= 3)
60
Example: the temperature control system
Thank you very much!!

Hybrid Sys Slides

Загружено:

Сведения о документе

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Hybrid Sys Slides

Загружено:

Авторское право:

Доступные форматы

Prof.

Indian Institute of Technology Kharagpur Pallab Dasgupta

Indian Institute of Technology Kharagpur Pallab Dasgupta

The verif. of Lin. Hyb. Sys.: Forward Analysis

Example, Forward Analysis: The leaking gas

, there exist a valuation v P and a nonnegative real

[ ] ( ) ' v , v' P V.v v iff P pre v

) be a region of the linear hybrid system

) is the list fixpoint of the equation.

Indian Institute of Technology Kharagpur Pallab Dasgupta

of reachable states at location is given by proposition

( ) [ ] { } 1 , 0 , ' ' , | ' 1 ' + = P x P x x x P P

The verif. of Lin. Hyb. Sys.: Approximate Analysis

The verif. of Lin. Hyb. Sys.: Approximate Analysis

' R', R, , iff R R '

Indian Institute of Technology Kharagpur Pallab Dasgupta

[v], and for a region

( ) [ ]( ) [ ] [ ][ ]( ) ( ) t R R tcp R pre t R t iff R R

Вам также может понравиться