A Uniform Approach to Three-ValuedSemantics for µ-Calculus on Abstractions of
Hybrid Automata(Haifa Verification Conference 2008)
K. Bauer, R. Gentilini, and K. Schneider
University of Kaiserslautern
October 28, 2008
Motivation
General Framework
SpecializationsMay/Must AbstractionsDBB-Abstractions
Conclusions
Overview
1. Preliminaries and Motivation
2. Generic Semantics for Lµ on Abstractions of HybridAutomata
I Generic Preservation Result
3. SpecializationsI May-/Must AbstractionsI DBB AbstractionsI Monotonicity Issues
4. Conclusions and Future Work
, A Uniform Approach to Three-Valued Semantics for µ-Calculus on Abstractions of Hybrid Automata
K. Bauer, R. Gentilini, and K. Schneider
Motivation
General Framework
SpecializationsMay/Must AbstractionsDBB-Abstractions
Conclusions
Hybrid Automata (HA)
A hybrid automaton consists of
I Graph with finitely many locations
I Finitely many continuous variables changing valuewithin a location according to differential rules
I Initial Conditions, Location invariants,guards and resets for discrete transitions
Example: (Heating controller)
off on
I Heating is off: temperature x falls with x = −0.1I Heating is on: temperature x rises with x = 5
, A Uniform Approach to Three-Valued Semantics for µ-Calculus on Abstractions of Hybrid Automata
K. Bauer, R. Gentilini, and K. Schneider
Motivation
General Framework
SpecializationsMay/Must AbstractionsDBB-Abstractions
Conclusions
Hybrid Automata (HA)
A hybrid automaton consists of
I Graph with finitely many locations
I Finitely many continuous variables changing valuewithin a location according to differential rules
I Initial Conditions, Location invariants,guards and resets for discrete transitions
Example: (Heating controller)
x = −0.1off
x = 5on
I Heating is off: temperature x falls with x = −0.1I Heating is on: temperature x rises with x = 5
, A Uniform Approach to Three-Valued Semantics for µ-Calculus on Abstractions of Hybrid Automata
K. Bauer, R. Gentilini, and K. Schneider
Motivation
General Framework
SpecializationsMay/Must AbstractionsDBB-Abstractions
Conclusions
Hybrid Automata (HA)
A hybrid automaton consists of
I Graph with finitely many locations
I Finitely many continuous variables changing valuewithin a location according to differential rules
I Initial Conditions, Location invariants,guards and resets for discrete transitions
Example: (Heating controller)
x > 18x = −0.1
offx = 20
x < 24x = 5
on
x > 22, x′ = x
x < 20, x′ = x
I Heating is off: temperature x falls with x = −0.1I Heating is on: temperature x rises with x = 5
, A Uniform Approach to Three-Valued Semantics for µ-Calculus on Abstractions of Hybrid Automata
K. Bauer, R. Gentilini, and K. Schneider
Motivation
General Framework
SpecializationsMay/Must AbstractionsDBB-Abstractions
Conclusions
Hybrid Automata (HA)
A hybrid automaton consists of
I Graph with finitely many locations
I Finitely many continuous variables changing valuewithin a location according to differential rules
I Initial Conditions, Location invariants,guards and resets for discrete transitions
Example: (Heating controller)
x > 18x = −0.1
offx = 20
x < 24x = 5
on
x > 22, x′ = x
x < 20, x′ = x
I Heating is off: temperature x falls with x = −0.1I Heating is on: temperature x rises with x = 5
, A Uniform Approach to Three-Valued Semantics for µ-Calculus on Abstractions of Hybrid Automata
K. Bauer, R. Gentilini, and K. Schneider
Motivation
General Framework
SpecializationsMay/Must AbstractionsDBB-Abstractions
Conclusions
Decidability Results
Problem: (Decidability vs Expressiveness)
I In general, hybrid automata are undecidable w.r.t.reachability
I Decidability results only exist, when discrete and/orcontinuous dynamics are highly restricted
Example:
ITimed automata are de-cidable
xi = 1 xi = 1
x′i = xi
x′i ∈ [ai, bi]
I
Adding skewed clocksmakes timed automataundecidable
xi = ci,l xi = ci,l
x′i = xi
x′i ∈ [ai, bi]
⇒ Approximative techniques are needed
, A Uniform Approach to Three-Valued Semantics for µ-Calculus on Abstractions of Hybrid Automata
K. Bauer, R. Gentilini, and K. Schneider
Motivation
General Framework
SpecializationsMay/Must AbstractionsDBB-Abstractions
Conclusions
Decidability Results
Problem: (Decidability vs Expressiveness)
I In general, hybrid automata are undecidable w.r.t.reachability
I Decidability results only exist, when discrete and/orcontinuous dynamics are highly restricted
Example:
ITimed automata are de-cidable
xi = 1 xi = 1
x′i = xi
x′i ∈ [ai, bi]
I
Adding skewed clocksmakes timed automataundecidable
xi = ci,l xi = ci,l
x′i = xi
x′i ∈ [ai, bi]
⇒ Approximative techniques are needed
, A Uniform Approach to Three-Valued Semantics for µ-Calculus on Abstractions of Hybrid Automata
K. Bauer, R. Gentilini, and K. Schneider
Motivation
General Framework
SpecializationsMay/Must AbstractionsDBB-Abstractions
Conclusions
Decidability Results
Problem: (Decidability vs Expressiveness)
I In general, hybrid automata are undecidable w.r.t.reachability
I Decidability results only exist, when discrete and/orcontinuous dynamics are highly restricted
Example:
ITimed automata are de-cidable
xi = 1 xi = 1
x′i = xi
x′i ∈ [ai, bi]
I
Adding skewed clocksmakes timed automataundecidable
xi = ci,l xi = ci,l
x′i = xi
x′i ∈ [ai, bi]
⇒ Approximative techniques are needed
, A Uniform Approach to Three-Valued Semantics for µ-Calculus on Abstractions of Hybrid Automata
K. Bauer, R. Gentilini, and K. Schneider
Motivation
General Framework
SpecializationsMay/Must AbstractionsDBB-Abstractions
Conclusions
Decidability Results
Problem: (Decidability vs Expressiveness)
I In general, hybrid automata are undecidable w.r.t.reachability
I Decidability results only exist, when discrete and/orcontinuous dynamics are highly restricted
Example:
ITimed automata are de-cidable
xi = 1 xi = 1
x′i = xi
x′i ∈ [ai, bi]
I
Adding skewed clocksmakes timed automataundecidable
xi = ci,l xi = ci,l
x′i = xi
x′i ∈ [ai, bi]
⇒ Approximative techniques are needed
, A Uniform Approach to Three-Valued Semantics for µ-Calculus on Abstractions of Hybrid Automata
K. Bauer, R. Gentilini, and K. Schneider
Motivation
General Framework
SpecializationsMay/Must AbstractionsDBB-Abstractions
Conclusions
Goal and Perspective
Goal:Developing a framework for the automated reasoning onhybrid automata outside the decidability realm, featuring:
I combined overapprox./underapprox. analysis⇒ safety certication + counterexamples
I ability to both prove and disprove reactive systemproperties expressed in Lµ.
Method:
I Three-valued generic semantics for Lµ ‘adaptable’ toproper abstraction frameworks
I Specialization of the generic semantics to differenttypes of abstractions providing over-/underapprox.
I DBB abstractionsI Modal abstractions
, A Uniform Approach to Three-Valued Semantics for µ-Calculus on Abstractions of Hybrid Automata
K. Bauer, R. Gentilini, and K. Schneider
Motivation
General Framework
SpecializationsMay/Must AbstractionsDBB-Abstractions
Conclusions
Goal and Perspective
Goal:Developing a framework for the automated reasoning onhybrid automata outside the decidability realm, featuring:
I combined overapprox./underapprox. analysis⇒ safety certication + counterexamples
I ability to both prove and disprove reactive systemproperties expressed in Lµ.
Method:
I Three-valued generic semantics for Lµ ‘adaptable’ toproper abstraction frameworks
I Specialization of the generic semantics to differenttypes of abstractions providing over-/underapprox.
I DBB abstractionsI Modal abstractions
, A Uniform Approach to Three-Valued Semantics for µ-Calculus on Abstractions of Hybrid Automata
K. Bauer, R. Gentilini, and K. Schneider
Motivation
General Framework
SpecializationsMay/Must AbstractionsDBB-Abstractions
Conclusions
3-Valued Lµ on HA-Abstractions
I A = 〈R,R0,δ→, e→〉 abstraction of H encoding over-
and underapproximation of the runs in H
I AP finite set of atomic propositions
I R a partition w.r.t. lAP : Q→ 2AP
Definition: (Lµ for generic HA-Abstractions)
I φ ∈ AP : JφK(r) ={
1 φ ∈ lAP (r)0 φ /∈ lAP (r)
I J¬φK := ¬3 JφKJφ ∨ ψK := JφK ∨3 JψK, Jφ ∧ ψK := JφK ∧3 JψK
I Parametrized modal operatorsF ∈ {〈δ〉φ, 〈e〉φ, [δ]φ, [e]φ,E(φUψ), A(φUψ)}:
I JFK(r) = 1⇒ ∀ x ∈ r : JFKH(x) = 1I JFK(r) = 0⇒ ∀ x ∈ r : JFKH(x) = 0
, A Uniform Approach to Three-Valued Semantics for µ-Calculus on Abstractions of Hybrid Automata
K. Bauer, R. Gentilini, and K. Schneider
Motivation
General Framework
SpecializationsMay/Must AbstractionsDBB-Abstractions
Conclusions
3-Valued Lµ on HA-Abstractions
I A = 〈R,R0,δ→, e→〉 abstraction of H encoding over-
and underapproximation of the runs in H
I AP finite set of atomic propositions
I R a partition w.r.t. lAP : Q→ 2AP
Definition: (Lµ for generic HA-Abstractions)
I φ ∈ AP : JφK(r) ={
1 φ ∈ lAP (r)0 φ /∈ lAP (r)
I J¬φK := ¬3 JφKJφ ∨ ψK := JφK ∨3 JψK, Jφ ∧ ψK := JφK ∧3 JψK
I Parametrized modal operatorsF ∈ {〈δ〉φ, 〈e〉φ, [δ]φ, [e]φ,E(φUψ), A(φUψ)}:
I JFK(r) = 1⇒ ∀ x ∈ r : JFKH(x) = 1I JFK(r) = 0⇒ ∀ x ∈ r : JFKH(x) = 0
, A Uniform Approach to Three-Valued Semantics for µ-Calculus on Abstractions of Hybrid Automata
K. Bauer, R. Gentilini, and K. Schneider
Motivation
General Framework
SpecializationsMay/Must AbstractionsDBB-Abstractions
Conclusions
3-Valued Lµ on HA-Abstractions
I A = 〈R,R0,δ→, e→〉 abstraction of H encoding over-
and underapproximation of the runs in H
I AP finite set of atomic propositions
I R a partition w.r.t. lAP : Q→ 2AP
Definition: (Lµ for generic HA Abstractions)
I Fixpoints: Let σ ∈ {µ, ν}JσZ.φK := JapxkσZ.φK satisfying
I k is the smallest index withJapxk(σZ.φ)K = Japxk+1(σZ.φ)K
A � φ :⇔ ∀r ∈ R0 : JφK(r) = 1A 2 φ :⇔ ∃r ∈ R0 : JφK(r) = 0
, A Uniform Approach to Three-Valued Semantics for µ-Calculus on Abstractions of Hybrid Automata
K. Bauer, R. Gentilini, and K. Schneider
Motivation
General Framework
SpecializationsMay/Must AbstractionsDBB-Abstractions
Conclusions
Preservation Results
Theorem: (Preservation)Let H be a hybrid automaton and A be an abstraction ofH. Then for all φ ∈ Lµ:
I JφK(r) = 1⇒ ∀ x ∈ r : JφKH(x) = 1I JφK(r) = 0⇒ ∀ x ∈ r : JφKH(x) = 0
Proof: (Sketch)By structural induction:
I boolean operators: obvious
I modal operators: by assumption
I fixpoint operators:JσZ.φK = Japxk(σZ.φ)K for some k ∈ N⇒ structural induction + monotonicity of fixpointsyield the claim
, A Uniform Approach to Three-Valued Semantics for µ-Calculus on Abstractions of Hybrid Automata
K. Bauer, R. Gentilini, and K. Schneider
Motivation
General Framework
SpecializationsMay/Must AbstractionsDBB-Abstractions
Conclusions
Preservation Results
Theorem: (Preservation)Let H be a hybrid automaton and A be an abstraction ofH. Then for all φ ∈ Lµ:
I JφK(r) = 1⇒ ∀ x ∈ r : JφKH(x) = 1I JφK(r) = 0⇒ ∀ x ∈ r : JφKH(x) = 0
Proof: (Sketch)By structural induction:
I boolean operators: obvious
I modal operators: by assumption
I fixpoint operators:JσZ.φK = Japxk(σZ.φ)K for some k ∈ N⇒ structural induction + monotonicity of fixpointsyield the claim
, A Uniform Approach to Three-Valued Semantics for µ-Calculus on Abstractions of Hybrid Automata
K. Bauer, R. Gentilini, and K. Schneider
Motivation
General Framework
SpecializationsMay/Must AbstractionsDBB-Abstractions
Conclusions
May/Must Abstractions
General Idea:Adapt ideas for may/must transitions from discrete systems
may must
Definition:Let A = 〈R,R0,
δ→, e→〉 be an abstraction. Then,
I All transitions in A are may-transitions
I rδ→must r
′ if all x ∈ r have a direct succ. x x′ ∈ r′I r
e→must r′ if all x ∈ r have a succ. x
e→ x′ ∈ r′
Lemma:Amust ≤S TH ≤S A∗
(A∗ uses the transitive closureδ∗→ of
δ→)
, A Uniform Approach to Three-Valued Semantics for µ-Calculus on Abstractions of Hybrid Automata
K. Bauer, R. Gentilini, and K. Schneider
Motivation
General Framework
SpecializationsMay/Must AbstractionsDBB-Abstractions
Conclusions
May/Must Abstractions
General Idea:Adapt ideas for may/must transitions from discrete systems
may must
Definition:Let A = 〈R,R0,
δ→, e→〉 be an abstraction. Then,
I All transitions in A are may-transitions
I rδ→must r
′ if all x ∈ r have a direct succ. x x′ ∈ r′I r
e→must r′ if all x ∈ r have a succ. x
e→ x′ ∈ r′
Lemma:Amust ≤S TH ≤S A∗
(A∗ uses the transitive closureδ∗→ of
δ→)
, A Uniform Approach to Three-Valued Semantics for µ-Calculus on Abstractions of Hybrid Automata
K. Bauer, R. Gentilini, and K. Schneider
Motivation
General Framework
SpecializationsMay/Must AbstractionsDBB-Abstractions
Conclusions
Semantics Completion on May/Must Abs.
Semantics Completion of 3-valued Lµ on May/MustAbstractions:
Definition:Let A be a may/must abstraction. Then:
I J〈δ〉φK(r) =
1 ∃r δ→must r
′ : r′ satisfies φ
0 @r δ∗→ r′ : r′ satisfies φ⊥ else
I J〈e〉φK(r) =
1 ∃r e→must r
′ : r′ satisfies φ
0 @r e→ r′ : r′ satisfies φ⊥ else
I a ∈ {e, δ}: J[a]φK = J¬(〈a〉¬φ)K
, A Uniform Approach to Three-Valued Semantics for µ-Calculus on Abstractions of Hybrid Automata
K. Bauer, R. Gentilini, and K. Schneider
Motivation
General Framework
SpecializationsMay/Must AbstractionsDBB-Abstractions
Conclusions
Semantics Completion on May/Must Abs.
Semantics Completion of 3-valued Lµ on May/MustAbstractions:
Definition:Let A be a may/must abstraction. Then:
I JE(φUψ)K(r) =
1 ∃r must r
′ satisfying φUψ0 ∀ may-paths φUψ can be
disproven⊥ else
I JA(φUψ)K(r) =
1 all may-paths satisfy φUψ0 ∃r must r
′ not satisfyingφUψ
⊥ else
, A Uniform Approach to Three-Valued Semantics for µ-Calculus on Abstractions of Hybrid Automata
K. Bauer, R. Gentilini, and K. Schneider
Motivation
General Framework
SpecializationsMay/Must AbstractionsDBB-Abstractions
Conclusions
Preservation for May/Must Abs.
Corollary: (Preservation)Let H be a hybrid automaton and A be a may/mustabstraction of H. Then for all φ ∈ Lµ:
I A � φ⇒ H � φ
I A 2 φ⇒ H 2 φ
Remark:May/must abstractions do not provide monotonicity results
, A Uniform Approach to Three-Valued Semantics for µ-Calculus on Abstractions of Hybrid Automata
K. Bauer, R. Gentilini, and K. Schneider
Motivation
General Framework
SpecializationsMay/Must AbstractionsDBB-Abstractions
Conclusions
Example: Heating Controller
x > 18x = −0.1
offx = 20
x < 24x = 5
on
x > 22, x′ = x
x < 20, x′ = x
µ-calculus formula: φ := µZ.(on× [22, 24]) ∨ ♦Z
Abstraction:(20,24)
off
δmust
20off
δmust(19.5,20)off
δmust
δ
(18,19.5]off
δmust
δmust
[22,24)on
emust
[19,22)on δmust
emuste
δmust
(18,19)on δmust
e
δmust
, A Uniform Approach to Three-Valued Semantics for µ-Calculus on Abstractions of Hybrid Automata
K. Bauer, R. Gentilini, and K. Schneider
Motivation
General Framework
SpecializationsMay/Must AbstractionsDBB-Abstractions
Conclusions
Example: Heating Controller
x > 18x = −0.1
offx = 20
x < 24x = 5
on
x > 22, x′ = x
x < 20, x′ = x
µ-calculus formula: φ := µZ.(on× [22, 24]) ∨ ♦Z
Abstraction:(20,24)
off
δmust
20off
δmust(19.5,20)off
δmust
δ
(18,19.5]off
δmust
δmust
[22,24)on
emust
[19,22)on δmust
emuste
δmust
(18,19)on δmust
e
δmust
, A Uniform Approach to Three-Valued Semantics for µ-Calculus on Abstractions of Hybrid Automata
K. Bauer, R. Gentilini, and K. Schneider
Motivation
General Framework
SpecializationsMay/Must AbstractionsDBB-Abstractions
Conclusions
Example: Heating Controller
x > 18x = −0.1
offx = 20
x < 24x = 5
on
x > 22, x′ = x
x < 20, x′ = x
µ-calculus formula: φ := µZ.(on× [22, 24]) ∨ ♦Z
Abstraction:A �3 φ = 1⇒ H � φ = 1
(20,24)off
δmust
20off
δmust(19.5,20)off
δmust
δ
(18,19.5]off
δmust
δmust
[22,24)on
emust
[19,22)on δmust
emuste
δmust
(18,19)on δmust
e
δmust
, A Uniform Approach to Three-Valued Semantics for µ-Calculus on Abstractions of Hybrid Automata
K. Bauer, R. Gentilini, and K. Schneider
Motivation
General Framework
SpecializationsMay/Must AbstractionsDBB-Abstractions
Conclusions
Example: Heating Controller
x > 18x = −0.1
offx = 20
x < 24x = 5
on
x > 22, x′ = x
x < 20, x′ = x
µ-calculus formula: φ := µZ.(on× [22, 24]) ∨ ♦Z
Refinement:(20,24)
off
δmust
20off
δmust(19.5,20)off
δmust
δ
(18,19.5]off
δmust
δmust
[22,24)on
emust
[19.7,22)on δmust
e
δmust
[19,19.7)on δmust
ee
δmust
(18,19)on δmust
e
δmust
, A Uniform Approach to Three-Valued Semantics for µ-Calculus on Abstractions of Hybrid Automata
K. Bauer, R. Gentilini, and K. Schneider
Motivation
General Framework
SpecializationsMay/Must AbstractionsDBB-Abstractions
Conclusions
Example: Heating Controller
x > 18x = −0.1
offx = 20
x < 24x = 5
on
x > 22, x′ = x
x < 20, x′ = x
µ-calculus formula: φ := µZ.(on× [22, 24]) ∨ ♦Z
Refinement:A �3 φ =⊥ (20,24)
off
δmust
20off
δmust(19.5,20)off
δmust
δ
(18,19.5]off
δmust
δmust
[22,24)on
emust
[19.7,22)on δmust
e
δmust
[19,19.7)on δmust
ee
δmust
(18,19)on δmust
e
δmust
, A Uniform Approach to Three-Valued Semantics for µ-Calculus on Abstractions of Hybrid Automata
K. Bauer, R. Gentilini, and K. Schneider
Motivation
General Framework
SpecializationsMay/Must AbstractionsDBB-Abstractions
Conclusions
DBB-Abstractions
Definition: (Discrete Bounded Bisimulation)Let H be a hybrid automaton with state space Q. Let Pbe a partition of Q.
≡0∈ Q×Q is the max. relation on Q s.t. for all p ≡0 q:
I [p]P = [q]P and p ∈ Q0 iff q ∈ Q0
I ∀p δ→ p′∃q′ : p′ ≡0 q′ ∧ q
δ→ q′
∀q δ→ p′∃p′ : p′ ≡0 q′ ∧ p
δ→ p′[p]0 [p′]0
δmust
, A Uniform Approach to Three-Valued Semantics for µ-Calculus on Abstractions of Hybrid Automata
K. Bauer, R. Gentilini, and K. Schneider
Motivation
General Framework
SpecializationsMay/Must AbstractionsDBB-Abstractions
Conclusions
DBB-Abstractions
Definition: (Discrete Bounded Bisimulation)Let H be a hybrid automaton with state space Q. Let Pbe a partition of Q.
≡n∈ Q×Q is the max. relation on Q s.t. for all p ≡n q:
I p ≡n−1 q
I ∀p δ→ p′∃q′ : p′ ≡n q′ ∧ qδ→ q′
∀q δ→ p′∃p′ : p′ ≡n q′ ∧ pδ→ p′
[p]n [p′]nδmust
I ∀p e→ p′∃q′ : p′ ≡n−1 q′ ∧ q e→ q′
∀q e→ q′∃p′ : p′ ≡n−1 q′ ∧ p e→ p′
[p]n [p′]n[p′]n−1
emay
emust
The relation ≡n is called n-DBB equivalence.
, A Uniform Approach to Three-Valued Semantics for µ-Calculus on Abstractions of Hybrid Automata
K. Bauer, R. Gentilini, and K. Schneider
Motivation
General Framework
SpecializationsMay/Must AbstractionsDBB-Abstractions
Conclusions
Semantics Completion on DBB-Abs.
Semantics Completion of three-valued Lµ:
Definition:Let H≡n be an n-DBB abstraction. Then:
I J〈δ〉φK≡n([x]≡n) = 1 iff
I ∃[x]≡nδ→ [x′]≡n : [x′]≡n satisfies φ
J〈δ〉φK≡n([x]≡n) = 0 iff
I @[x]≡nδ∗→ [x′]≡n : [x′]≡n satisfies φ
J〈δ〉φK≡n([x]≡n) =⊥ else
I J[δ]φK≡n = J¬(〈δ〉¬φ)K≡n
, A Uniform Approach to Three-Valued Semantics for µ-Calculus on Abstractions of Hybrid Automata
K. Bauer, R. Gentilini, and K. Schneider
Motivation
General Framework
SpecializationsMay/Must AbstractionsDBB-Abstractions
Conclusions
Semantics Completion on DBB-Abs.
Semantics Completion of three-valued Lµ:
Definition:Let H≡n be an n-DBB abstraction. Then:
I J〈e〉φK≡n([x]≡n) = 1 iff
I ∃[x]≡ne→ [x′]≡n : [x′]≡n−1 satisfies φ
J〈e〉φK≡n([x]≡n) = 0 iff
I @[x]≡ne→ [x′]≡n : [x′]≡n−1 satisfies φ
J〈e〉φK≡n([x]≡n) =⊥ else
I J[e]φK≡n = J¬(〈e〉¬φ)K≡n
, A Uniform Approach to Three-Valued Semantics for µ-Calculus on Abstractions of Hybrid Automata
K. Bauer, R. Gentilini, and K. Schneider
Motivation
General Framework
SpecializationsMay/Must AbstractionsDBB-Abstractions
Conclusions
Semantics Completion on DBB-Abs.
Semantics Completion of three-valued Lµ:
Definition:Let H≡n be an n-DBB abstraction. Then:
I For JE(φUψ)K≡n:JE(φUψ)K≡n([x]≡n) = 1 iff
I ∃[x]≡nδ∗
[x′]≡n satisfying φUψ in H≡nor
I ∃[x]≡nδ∗
[x′]≡ne→ [x′′]≡n satisfying φ on the first
part and [x′′]≡n−1 satisfying E(φUψ)JE(φUψ)K≡n([x]≡n) = 0 iff
I ∀ paths in H≡n φUψ can be disproven
JE(φUψ)K≡n([x]≡n) =⊥ otherwise
, A Uniform Approach to Three-Valued Semantics for µ-Calculus on Abstractions of Hybrid Automata
K. Bauer, R. Gentilini, and K. Schneider
Motivation
General Framework
SpecializationsMay/Must AbstractionsDBB-Abstractions
Conclusions
Semantics Completion on DBB-Abs.
Semantics Completion of three-valued Lµ:
Definition:Let H≡n be an n-DBB abstraction. Then:
I For JA(φUψ)K≡n:JA(φUψ)K≡n([x]≡n) = 1 iff
I all paths in H≡n starting in [x]≡n satisfy φUψ
JA(φUψ)K≡n([x]≡n) = 0 iff
I ∃[x]≡nδ∗
[x′]≡n not satisfying φUψ in H≡n or
I ∃[x]≡nδ∗
[x′]≡ne→ [x′′]≡n satisfying φ on the first
part and [x′′]≡n−1 not satisfying AφUψ
JA(φUψ)K≡n([x]≡n) =⊥ otherwise
, A Uniform Approach to Three-Valued Semantics for µ-Calculus on Abstractions of Hybrid Automata
K. Bauer, R. Gentilini, and K. Schneider
Motivation
General Framework
SpecializationsMay/Must AbstractionsDBB-Abstractions
Conclusions
Preservation Results for DBB-Abs.
Corollary: (Preservation)Let H be a hybrid automaton and H≡n be an n-DBBabstraction of H. Then for all φ ∈ Lµ:
I H≡n � φ⇒ H � φ
I H≡n 2 φ⇒ H 2 φ
Theorem: (Monotonicity)Let H≡n and H≡k, n > k, be DBB abstractions. Then forall φ ∈ Lµ and all x in the state space of H:
I JφK≡k([x]≡k) = 1⇒ JφK≡n([x]≡n) = 1I JφK≡k([x]≡k) = 0⇒ JφK≡n([x]≡n) = 0
, A Uniform Approach to Three-Valued Semantics for µ-Calculus on Abstractions of Hybrid Automata
K. Bauer, R. Gentilini, and K. Schneider
Motivation
General Framework
SpecializationsMay/Must AbstractionsDBB-Abstractions
Conclusions
Preservation Results for DBB-Abs.
Corollary: (Preservation)Let H be a hybrid automaton and H≡n be an n-DBBabstraction of H. Then for all φ ∈ Lµ:
I H≡n � φ⇒ H � φ
I H≡n 2 φ⇒ H 2 φ
Theorem: (Monotonicity)Let H≡n and H≡k, n > k, be DBB abstractions. Then forall φ ∈ Lµ and all x in the state space of H:
I JφK≡k([x]≡k) = 1⇒ JφK≡n([x]≡n) = 1I JφK≡k([x]≡k) = 0⇒ JφK≡n([x]≡n) = 0
, A Uniform Approach to Three-Valued Semantics for µ-Calculus on Abstractions of Hybrid Automata
K. Bauer, R. Gentilini, and K. Schneider
Motivation
General Framework
SpecializationsMay/Must AbstractionsDBB-Abstractions
Conclusions
Example: Waterlevel Controller
y ≤ 10x = 1y = 1shut
x1 ≥ 0x = −1y = −2
open
x = 0
y = 10
µ-calculus formula:φ = µZ.r ∨ ♦Zr = shut× [0, 6]× {10}
1-DBB Abstraction:
10 xr2
6
y
r1
r4
r3
shut
10 x6s1 s2
s5
y open
r2 r3δ s5δ s2e
e
r4
ee
, A Uniform Approach to Three-Valued Semantics for µ-Calculus on Abstractions of Hybrid Automata
K. Bauer, R. Gentilini, and K. Schneider
Motivation
General Framework
SpecializationsMay/Must AbstractionsDBB-Abstractions
Conclusions
Example: Waterlevel Controller
y ≤ 10x = 1y = 1shut
x1 ≥ 0x = −1y = −2
open
x = 0
y = 10
µ-calculus formula:φ = µZ.r ∨ ♦Zr = shut× [0, 6]× {10}
1-DBB Abstraction: A �3 φ =⊥10 x
r26
y
r1
r4
r3
shut
10 x6s1 s2
s5
y open
r2 r3δ s5e s2δ
e
r4
ee
, A Uniform Approach to Three-Valued Semantics for µ-Calculus on Abstractions of Hybrid Automata
K. Bauer, R. Gentilini, and K. Schneider
Motivation
General Framework
SpecializationsMay/Must AbstractionsDBB-Abstractions
Conclusions
Example: Waterlevel Controller
y ≤ 10x = 1y = 1shut
x1 ≥ 0x = −1y = −2
open
x = 0
y = 10
µ-calculus formula:φ = µZ.r ∨ ♦Zr = shut× [0, 6]× {10}
2-DBB Abstraction:
x
y
r1
r4
r3
r2
r6
r5
r7
shut
x
x
t1t2 t3 t4
t5
t6t7
t8
open
r7 r4δ r6δ t8e t5δ t4δ
e
t3
δ
t2t6 δt7 δr5 er3 δr2 δ
e
e
, A Uniform Approach to Three-Valued Semantics for µ-Calculus on Abstractions of Hybrid Automata
K. Bauer, R. Gentilini, and K. Schneider
Motivation
General Framework
SpecializationsMay/Must AbstractionsDBB-Abstractions
Conclusions
Example: Waterlevel Controller
y ≤ 10x = 1y = 1shut
x1 ≥ 0x = −1y = −2
open
x = 0
y = 10
µ-calculus formula:φ = µZ.r ∨ ♦Zr = shut× [0, 6]× {10}
2-DBB Abstraction: A �3 φ = 0⇒ H � φ = 0
x
y
r1
r4
r3
r2
r6
r5
r7
shut
x
x
t1t2 t3 t4
t5
t6t7
t8
open
r7 r4δ r6δ t8e t5δ t4δ
e
t3
δ
t2t6 δt7 δr5 er3 δr2 δ
e
e
, A Uniform Approach to Three-Valued Semantics for µ-Calculus on Abstractions of Hybrid Automata
K. Bauer, R. Gentilini, and K. Schneider
Motivation
General Framework
SpecializationsMay/Must AbstractionsDBB-Abstractions
Conclusions
Conclusions and Future Work
Conclusions:
I A parametrized three-valued interpretation of Lµ hasbeen developed
I Preservation results have been proved⇒ Safety certification + counterexamples
I Different applications for the general framework havebeen provided:
I May/must abstractionsI DBB abstractions
Future Work
I Development of a three-valued model-checking toolfor hybrid automata
I Property driven abstraction refinementsI ...
, A Uniform Approach to Three-Valued Semantics for µ-Calculus on Abstractions of Hybrid Automata
K. Bauer, R. Gentilini, and K. Schneider
Motivation
General Framework
SpecializationsMay/Must AbstractionsDBB-Abstractions
Conclusions
, A Uniform Approach to Three-Valued Semantics for µ-Calculus on Abstractions of Hybrid Automata
K. Bauer, R. Gentilini, and K. Schneider
Motivation
General Framework
SpecializationsMay/Must AbstractionsDBB-Abstractions
Conclusions
The U-Operator on Hybrid Automata
Discrete time frameworks: U-Operator redundant
I E(φUψ) = µZ.ψ ∨ φ ∧ ♦ZI A(φUψ) = µZ.ψ ∨ φ ∧�Z
Continuous time frameworks: U-operator not redundant
Example:
x = 1x = 0
φ := E(x < 2)U(x = 3)
ψ := µZ.(x = 3) ∨ (x < 2) ∧ ♦Z
Lemma:In the setting of hybrid automata the language Lµ with thetemporal operators E(φUψ) and A(φUψ) is strictly moreexpressive than Lµ without these operators.
, A Uniform Approach to Three-Valued Semantics for µ-Calculus on Abstractions of Hybrid Automata
K. Bauer, R. Gentilini, and K. Schneider
Motivation
General Framework
SpecializationsMay/Must AbstractionsDBB-Abstractions
Conclusions
The U-Operator on Hybrid Automata
Discrete time frameworks: U-Operator redundant
I E(φUψ) = µZ.ψ ∨ φ ∧ ♦ZI A(φUψ) = µZ.ψ ∨ φ ∧�Z
Continuous time frameworks: U-operator not redundant
Example:
x = 1x = 0
φ := E(x < 2)U(x = 3)ψ := µZ.(x = 3) ∨ (x < 2) ∧ ♦Z
x
0 1 2 3
Lemma:In the setting of hybrid automata the language Lµ with thetemporal operators E(φUψ) and A(φUψ) is strictly moreexpressive than Lµ without these operators.
, A Uniform Approach to Three-Valued Semantics for µ-Calculus on Abstractions of Hybrid Automata
K. Bauer, R. Gentilini, and K. Schneider
Motivation
General Framework
SpecializationsMay/Must AbstractionsDBB-Abstractions
Conclusions
The U-Operator on Hybrid Automata
Discrete time frameworks: U-Operator redundant
I E(φUψ) = µZ.ψ ∨ φ ∧ ♦ZI A(φUψ) = µZ.ψ ∨ φ ∧�Z
Continuous time frameworks: U-operator not redundant
Example:
x = 1x = 0
φ := E(x < 2)U(x = 3)
ψ := µZ.(x = 3) ∨ (x < 2) ∧ ♦Z
x
0 1 2 3
Lemma:In the setting of hybrid automata the language Lµ with thetemporal operators E(φUψ) and A(φUψ) is strictly moreexpressive than Lµ without these operators.
, A Uniform Approach to Three-Valued Semantics for µ-Calculus on Abstractions of Hybrid Automata
K. Bauer, R. Gentilini, and K. Schneider
Motivation
General Framework
SpecializationsMay/Must AbstractionsDBB-Abstractions
Conclusions
The U-Operator on Hybrid Automata
Discrete time frameworks: U-Operator redundant
I E(φUψ) = µZ.ψ ∨ φ ∧ ♦ZI A(φUψ) = µZ.ψ ∨ φ ∧�Z
Continuous time frameworks: U-operator not redundant
Example:
x = 1x = 0
φ := E(x < 2)U(x = 3)ψ := µZ.(x = 3) ∨ (x < 2) ∧ ♦Z
x
0 1 2 3
Lemma:In the setting of hybrid automata the language Lµ with thetemporal operators E(φUψ) and A(φUψ) is strictly moreexpressive than Lµ without these operators.
, A Uniform Approach to Three-Valued Semantics for µ-Calculus on Abstractions of Hybrid Automata
K. Bauer, R. Gentilini, and K. Schneider
Motivation
General Framework
SpecializationsMay/Must AbstractionsDBB-Abstractions
Conclusions
The U-Operator on Hybrid Automata
Discrete time frameworks: U-Operator redundant
I E(φUψ) = µZ.ψ ∨ φ ∧ ♦ZI A(φUψ) = µZ.ψ ∨ φ ∧�Z
Continuous time frameworks: U-operator not redundant
Example:
x = 1x = 0
φ := E(x < 2)U(x = 3)ψ := µZ.(x = 3) ∨ (x < 2) ∧ ♦Z
x
0 1 2 3
Lemma:In the setting of hybrid automata the language Lµ with thetemporal operators E(φUψ) and A(φUψ) is strictly moreexpressive than Lµ without these operators.
, A Uniform Approach to Three-Valued Semantics for µ-Calculus on Abstractions of Hybrid Automata
K. Bauer, R. Gentilini, and K. Schneider
Motivation
General Framework
SpecializationsMay/Must AbstractionsDBB-Abstractions
Conclusions
Redundancy of U on Abstractions
Let the modal operator 〈δ〉 satisfy:
I J〈δ〉φK(r) = 1⇔ a direct successor of r satisfies φ (*)
Theorem: (Redundancy)Let H be a hybrid automaton and A be an abstraction ofH satisfying (*). Then for all φ, ψ ∈ Lµ:
1. A � µZ.ψ ∨ φ ∧ ♦Z ⇒ H � E(φUψ)A 2 µZ.ψ ∨ φ ∧ ♦Z ⇒ H 2 E(φUψ)
2. A � µZ.ψ ∨ φ ∧�Z ⇒ H � A(φUψ)A 2 µZ.ψ ∨ φ ∧�Z ⇒ H 2 A(φUψ)
Corollary:
I For may/must abstractions the U-operator isredundant
I For DBB-abstractions the U-operator is redundant
, A Uniform Approach to Three-Valued Semantics for µ-Calculus on Abstractions of Hybrid Automata
K. Bauer, R. Gentilini, and K. Schneider
Motivation
General Framework
SpecializationsMay/Must AbstractionsDBB-Abstractions
Conclusions
Redundancy of U on Abstractions
Let the modal operator 〈δ〉 satisfy:
I J〈δ〉φK(r) = 1⇔ a direct successor of r satisfies φ (*)
Theorem: (Redundancy)Let H be a hybrid automaton and A be an abstraction ofH satisfying (*). Then for all φ, ψ ∈ Lµ:
1. A � µZ.ψ ∨ φ ∧ ♦Z ⇒ H � E(φUψ)A 2 µZ.ψ ∨ φ ∧ ♦Z ⇒ H 2 E(φUψ)
2. A � µZ.ψ ∨ φ ∧�Z ⇒ H � A(φUψ)A 2 µZ.ψ ∨ φ ∧�Z ⇒ H 2 A(φUψ)
Corollary:
I For may/must abstractions the U-operator isredundant
I For DBB-abstractions the U-operator is redundant
, A Uniform Approach to Three-Valued Semantics for µ-Calculus on Abstractions of Hybrid Automata
K. Bauer, R. Gentilini, and K. Schneider
Top Related