@inproceedings{4450, abstract = {Hybrid systems model discrete programs that are embedded in continuous environments. Model-checking tools are available for the analysis of linear hybrid systems, whose continuous variables are bounded by piecewise-linear trajectories. Most embedded programs, however, operate in nonlinear environments. We present, analyze, and apply two algorithms for translating nonlinear hybrid systems into linear hybrid systems. The clock translation replaces nonlinear variables by clock variables; the rate translation approximates nonlinear variables by piecewise-linear envelopes. Both translations are sound for reachability; that is, if we establish a safety property of the translated linear system, we may conclude that the original nonlinear system satisfies the property. The clock translation is also complete for reachability; that is, the original system and the translated system satisfy the same safety properties. The two translations apply to incomparable classes of nonlinear hybrid systems. From the clock translation we obtain a new decidability result for hybrid systems. With the help of Hytech, a symbolic model checker for linear hybrid systems, we automatically verify a nonlinear railroad gate control program using the clock translation, and a nonlinear temperature control program using the rate translation.}, author = {Henzinger, Thomas A and Ho, Pei}, booktitle = {7th International Conference on Computer Aided Verification}, isbn = {9783540494133}, location = {Liege, Belgium}, pages = {225 -- 238}, publisher = {Springer}, title = {{Algorithmic analysis of nonlinear hybrid systems}}, doi = {10.1007/3-540-60045-0_53}, volume = {939}, year = {1995}, } @inproceedings{4448, abstract = {We report on several abstract interpretation strategies that are designed to improve the performance of HyTech, a symbolic model checker for linear hybrid systems. We (1) simultaneously compute the target region from different directions, (2) conservatively approximate the target region by dropping constraints, and (3) iteratively refine the approximation until sufficient precision is obtained. We consider the standard abstract convex-hull operator and a novel abstract extrapolation operator.}, author = {Henzinger, Thomas A and Ho, Pei}, booktitle = {3rd International Hybrid Systems Workshop}, editor = {Panos, Antsaklis and Kohn, Wolf and Nerode, Anil and Sastry, Shankar}, isbn = {9783540604723}, location = {Ithaca, NY, United States of America}, pages = {252 -- 264}, publisher = {Springer}, title = {{A note on abstract-interpretation strategies for hybrid automata}}, doi = {10.1007/3-540-60472-3_13}, volume = {999}, year = {1995}, } @inproceedings{4447, abstract = {This paper is addressed to potential users of HyTech, the Cornell Hybrid Technology Tool, an automatic tool for analyzing hybrid systems. We review the formal technologies that have been incorporated into HyTech, and we illustrate the use of HyTech with three nontrivial case studies.}, author = {Henzinger, Thomas A and Ho, Pei}, booktitle = {4th International Hybrid Systems Workshop}, editor = {Panos, Antsaklis and Kohn, Wolf and Nerode, Anil and Sastry, Shankar}, isbn = {9783540683346}, location = { New Brunswick, NJ, United States of America}, pages = {265 -- 293}, publisher = {Springer}, title = {{HyTech: The Cornell Hybrid Technology Tool}}, doi = {10.1007/3-540-60472-3_14}, volume = {999}, year = {1995}, } @inproceedings{4497, abstract = {HyTech is a tool for the automated analysis of embedded systems. This document, designed for the first-time user of HyTech, guides the reader through the underlying system model, and through the input language for describing and analyzing systems. The guide gives several examples of usage, and some hints for gaining maximal computational efficiency from the tool. The version of HyTech described in this guide was released in August 1995, and is available through anonymous ftp from ftp.cs.cornell.edu in the directory pub/tah/HyTech, and through the World-Wide Web via HyTech's home page http:/www.cs.cornell.edu/Info/People/tah/hytech.html.}, author = {Henzinger, Thomas A and Ho, Pei and Wong Toi, Howard}, booktitle = {1st International Workshop on Tools and Algorithms for the Construction and Analysis of Systems}, isbn = {9783540606307}, location = {Aarhus, Denmark}, pages = {41 -- 71}, publisher = {Springer}, title = {{A user guide to HyTech}}, doi = {10.1007/3-540-60630-0_3}, volume = {1019}, year = {1995}, } @inproceedings{4499, abstract = {We describe a new implementation of HYTECH, a symbolic model checker for hybrid systems. Given a parametric description of an embedded system as a collection of communicating automata, HYTECH automatically computes the conditions on the parameters under which the system satisfies its safety and timing requirements. While the original HYTECH prototype was based on the symbolic algebra tool Mathematica, the new implementation is written in C++ and builds on geometric algorithms instead of formula manipulation. The new HYTECH offers a cleaner and more expressive input language, greater portability, superior performance (typically two to three orders of magnitude), and new features such as diagnostic error-trace generation. We illustrate the effectiveness of the new implementation by applying HYTECH to the automatic parametric analysis of the generic railroad crossing benchmark problem and to an active structure control algorithm}, author = {Henzinger, Thomas A and Ho, Pei and Wong Toi, Howard}, booktitle = {Proceedings 16th IEEE Real-Time Systems Symposium}, isbn = {0818673370}, location = {Pisa, Italy}, pages = {56 -- 65}, publisher = {IEEE}, title = {{HyTech: The next generation}}, doi = {10.1109/REAL.1995.495196 }, year = {1995}, } @inproceedings{4498, abstract = {We present algorithms for computing similarity relations of labeled graphs. Similarity relations have applications for the refinement and verification of reactive systems. For finite graphs, we present an O(mn) algorithm for computing the similarity relation of a graph with n vertices and m edges (assuming m⩾n). For effectively presented infinite graphs, we present a symbolic similarity-checking procedure that terminates if a finite similarity relation exists. We show that 2D rectangular automata, which model discrete reactive systems with continuous environments, define effectively presented infinite graphs with finite similarity relations. It follows that the refinement problem and the ∀CTL* model-checking problem are decidable for 2D rectangular automata}, author = {Henzinger, Monika H and Henzinger, Thomas A and Kopke, Peter}, booktitle = {Proceedings of IEEE 36th Annual Foundations of Computer Science}, isbn = {0818671831}, issn = {0272-5428}, location = {Milwaukee, WI, United States of America}, pages = {453 -- 462}, publisher = {IEEE}, title = {{Computing simulations on finite and infinite graphs}}, doi = {10.1109/SFCS.1995.492576}, year = {1995}, } @inproceedings{4502, abstract = {Hybrid automata model systems with both digital and analog components, such as embedded control programs. Many verification tasks for such programs can be expressed as reachability problems for hybrid automata. By improving on previous decidability and undecidability results, we identify the precise boundary between decidability and undecidability of the reachability problem for hybrid automata. On the positive side, we give an (optimal) PSPACE reachability algorithm for the case of initialized rectangular automata, where all analog variables follow trajectories within piecewise-linear envelopes and are reinitialized whenever the envelope changes. Our algorithm is based on the construction of a timed automaton that contains all reachability information about a given initialized rectangular automaton. The translation has practical significance for verification, because it guarantees the termination of symbolic procedures for the reachability analysis of initialized rectangular automata. The translation also preserves the omega-languages of initialized rectangular automata with bounded nondeterminism. On the negative side, we show that several slight generalizations of initialized rectangular automata lead to an undecidable reachability problem. In particular, we prove that the reachability problem is undecidable for timed automata augmented with a single stopwatch.}, author = {Henzinger, Thomas A and Kopke, Peter and Puri, Anuj and Varaiya, P.}, booktitle = {Proceedings of the 27th annual ACM symposium on Theory of computing}, isbn = {9780897917186}, location = {Las Vegas, NV, United States of America}, pages = {373 -- 382}, publisher = {ACM}, title = {{What's decidable about hybrid automata?}}, doi = {10.1145/225058.225162}, year = {1995}, } @inproceedings{4500, abstract = {We investigate the expressive power of timing restrictions on labeled transition systems. In particular, we show how constraints on clock variables together with a uniform liveness condition—the divergence of time—can express Büchi, Muller, Streett, Rabin, and weak and strong fairness conditions on a given labeled transition system. We then consider the effect, on both timed and time-abstract expressiveness, of varying the following parameters: time domain (discrete or dense), number of clocks, number of states, and size of constants used in timing restrictions.}, author = {Henzinger, Thomas A and Kopke, Peter and Wong Toi, Howard}, booktitle = {22nd International Colloquium on Automata, Languages and Programming }, isbn = {9783540600848}, location = {Szeged, Hungary}, pages = {417 -- 428}, publisher = {Springer}, title = {{The expressive power of clocks}}, doi = {10.1007/3-540-60084-1_93}, volume = {944}, year = {1995}, } @inproceedings{4518, abstract = {The analysis, verification, and control of hybrid automata with finite bisimulations can be reduced to finite-state problems. We advocate a time-abstract, phase-based methodology for checking if a given hybrid automaton has a finite bisimulation. First, we factor the automaton into two components, a boolean automaton with a discrete dynamics on the finite state space B m and a euclidean automaton with a continuous dynamics on the infinite state space n . Second, we investigate the phase portrait of the euclidean component. In this fashion, we obtain new decidability results for hybrid systems as well as new, uniform proofs of known decidability results.}, author = {Henzinger, Thomas A}, booktitle = {22nd International Colloquium on Automata, Languages and Programming }, isbn = {9783540600848}, location = {Szeged, Hungary}, pages = {324 -- 335}, publisher = {Springer}, title = {{Hybrid automata with finite bisimulations}}, doi = {10.1007/3-540-60084-1_85}, volume = {944}, year = {1995}, } @inproceedings{4587, abstract = {We argue that the standard constraints on liveness conditions in nonblocking trace models—machine closure for closed systems, and receptiveness for open systems—are unnecessarily weak and complex, and that liveness should, instead, be specified by augmenting transition systems with acceptance conditions that satisfy a locality constraint. First, locality implies machine closure and receptiveness, and thus permits the composition and modular verification of live transition systems. Second, while machine closure and receptiveness are based on infinite games, locality is based on repeated finite games, and thus easier to check. Third, no expressive power is lost by the restriction to local liveness conditions. We illustrate the appeal of local liveness using the model of Fair Reactive Systems, a nonblocking trace model of communicating processes.}, author = {Alur, Rajeev and Henzinger, Thomas A}, booktitle = {7th International Conference on Computer Aided Verification}, isbn = {978-3-540-60045-9}, location = {Liege, Belgium}, pages = {166 -- 179}, publisher = {Springer}, title = {{Local liveness for compositional modeling of fair reactive systems}}, doi = {10.1007/3-540-60045-0_49}, volume = {939}, year = {1995}, } @article{4613, abstract = {We present a general framework for the formal specification and algorithmic analysis of hybrid systems. A hybrid system consists of a discrete program with an analog environment. We model hybrid systems as finite automata equipped with variables that evolve continuously with time according to dynamical laws. For verification purposes, we restrict ourselves to linear hybrid systems, where all variables follow piecewise-linear trajectories. We provide decidability and undecidability results for classes of linear hybrid systems, and we show that standard program-analysis techniques can be adapted to linear hybrid systems. In particular, we consider symbolic model-checking and minimization procedures that are based on the reachability analysis of an infinite state space. The procedures iteratively compute state sets that are definable as unions of convex polyhedra in multidimensional real space. We also present approximation techniques for dealing with systems for which the iterative procedures do not converge.}, author = {Alur, Rajeev and Courcoubetis, Costas and Halbwachs, Nicolas and Henzinger, Thomas A and Ho, Pei and Nicollin, Xavier and Olivero, Alfredo and Sifakis, Joseph and Yovine, Sergio}, issn = {0304-3975}, journal = {Theoretical Computer Science}, number = {1}, pages = {3 -- 34}, publisher = {Elsevier}, title = {{The algorithmic analysis of hybrid systems}}, doi = {10.1016/0304-3975(94)00202-T}, volume = {138}, year = {1995}, } @article{6162, abstract = {The tra-1 gene is the terminal global selector of somatic sex in Caenorhabditis elegans: High tra-1 activity elicits female somatic development while low tra-1 activity elicits male development. Previous genetic studies defined a cascade of negatively interacting genes that regulates tra-1 activity in response to the primary sex-determining signal. Here, we investigate the last step in this regulatory cascade, by studying rare gain-of-function (gf) mutations of tra-1 that direct female somatic development irrespective of the upstream sex-determining signal. These mutations appear to abolish negative regulation of tra-1 in male tissues. We identify the lesions associated with 29 of these mutations and find that all affect a short stretch of amino acid residues present in both protein products of the tra-1 gene. Twenty-six alleles are associated with single nonconservative amino acid substitutions. Two alleles affect tra-1 RNA splicing and generate messages that omit part or all of the exon encoding this short stretch. These results suggest that sexual regulation of tra-1 is achieved post-translationally, by an inhibitory protein-protein interaction. The amino acid stretch altered by the tra-1(gf) mutations may define a site of interaction for negative regulators of tra-1. The stretch includes a potential phosphorylation site for glycogen synthase kinase 3 and may be conserved in the human gene GLI3, a homolog of tra-1 identified previously.}, author = {de Bono, Mario and Zarkower, D. and Hodgkin, J.}, issn = {08909369}, journal = {Genes and Development}, number = {2}, pages = {155--167}, publisher = {CSH Press}, title = {{Dominant feminizing mutations implicate protein-protein interactions as the main mode of regulation of the nematode sex-determining gene tra-1}}, doi = {10.1101/gad.9.2.155}, volume = {9}, year = {1995}, }