Abstract
Hybrid system is a dynamic system that involves continuous, discrete behaviors, and the interactions between continuous physical components and discrete controllers. In this paper a hybrid modeling language (called HML) for hybrid systems is extended with templates to achieve code reuse. For the formal analysis of the corresponding hybrid system models in this modeling language, these models are translated into SMT (satisfiability modulo theories) formulas as the input to an SMT solver dReal which retains the capability of bounded reachability analysis for non-linear hybrid systems. Moreover, dReal can produce data for potential traces of hybrid systems, thus it can be employed to simulate on hybrid systems. In this paper the simulation and reachability analysis are integrated in a prototype tool (open source). We present a case study for an inverted pendulum with PID (Proportional-Integral-Derivative) controllers and a rod reactor system for temperature control, both are verified to demonstrate the efficiency of the prototype tool. We conclude that, this modeling language is capable of modeling and verification of hybrid systems based on simulation and bounded reachability analysis.

















Similar content being viewed by others
Notes
https://github.com/fanghuixing/HML. The main task of this tool is translating HML models into SMT formulas which can be checked w.r.t. the satisfiability of properties based on dReal. The syntax of HML was expressed and encoded based on Terence Parr’s tool ANTLRv4. The checking result was stored in a JSON file which consists of the states of the corresponding hybrid system. The JSON file was analyzed and filtered, then sent to JfreeChart for graphical demonstration of system states and behaviors
References
Alur R, Courcoubetis C, Henzinger TA, Ho PH (1993) Hybrid Automata: An Algorithmic Approach to the Specification and Analysis of Hybrid Systems. In: Hybrid Systems, LNCS, vol 736. doi:10.1007/3-540-57318-6_30. Springer, pp 209–229
Åström KJ, Hägglund T (2006) Advanced PID control. ISA-The Instrumentation, Systems, and Automation Society, Research Triangle Park, NC 27709
Baeten JCM, Weijland WP (1990) Process Algebra. Cambridge University Press
Barrett C, Stump A, Tinelli C (2010) The SMT-LIB Standard: Version 2.0. Tech. rep., Department of Computer Science, The University of Iowa, available at www.SMT-LIB.org
Berz M (1999) Modern Map Methods in Particle Beam Physics. ADV IMAG ELECT PHYS, vol 108. Elsevier
Berz M, Makino K (1998) Verified Integration of ODEs and Flows Using Differential Algebraic Methods on High-Order Taylor Models. Reliab Comput 4(4):361–369
Bruttomesso R, Pek E, Sharygina N, Tsitovich A (2010) The OpenSMT Solver. In: Proceedings of TACAS, LNCS, vol 6015. Springer, Berlin, pp 150–153
Chang WD, Shih SP (2010) PID Controller Design of Nonlinear Systems Using an Improved Particle Swarm Optimization Approach. Commun Nonlinear Sci 15(11):3632–3639
Chen X, Ábrahám E, Sankaranarayanan S (2013) Flow*: An Analyzer for Non-linear Hybrid Systems. In: Proceedings of CAV, LNCS, vol 8044. Springer, pp 258–263
Chen X, Schupp S, Makhlouf I, Ábrahám E, Frehse G, Kowalewski S (2015) A Benchmark Suite for Hybrid Systems Reachability Analysis. In: NASA Formal Methods, LNCS, vol 9058. Springer, pp 408–414
Cuijpers PJL, Reniers MA (2005) Hybrid Process Algebra. J Logic Algebr Progr 62(2):191–245
Frehse G (2008) PHAVer: Algorithmic Verification of Hybrid Systems Past HyTech. Int J Softw Tools Technol Transfer 10(3):263–279
Frehse G, Han Z, Krogh B (2004) Assume-Guarantee Reasoning for Hybrid I/O-Automata by Over-Approximation of Continuous Interaction. In: Proceedings of CDC. IEEE, pp 479–484
Frehse G, Le Guernic C, Donzé A, Cotton S, Ray R, Lebeltel O, Ripado R, Girard A, Dang T, Maler O (2011) SpaceEx: Scalable Verification of Hybrid Systems. In: Proceedings of CAV, LNCS, vol 6806. Springer, pp 379–395
Fritzson P, Engelson V (1998) Modelica–A Unified Object-Oriented Language for System Modeling and Simulation. In: Proceedings of ECOOP, LNCS, vol 1445. Springer, pp 67–90
Gao S, Avigad J, Clarke EM (2012) Delta-Decidability Over the Reals. In: Proceedings of LICS. IEEE, pp 305–314
Gao S, Kong S, Clarke EM (2013a) dReal: An SMT Solver for Nonlinear Theories Over the Reals. In: Proceedings of CADE. Springer, pp 208–214
Gao S, Kong S, Clarke EM (2013b) Satisfiability Modulo ODEs. In: Proceedings of FMCAD. IEEE, pp 105–112
Granvilliers L, Benhamou F (2006) Algorithm 852: RealPaver: An Interval Solver Using Constraint Satisfaction Techniques. ACM T Math Software 32(1):138–156
Guernic CL, Girard A (2010) Reachability Analysis of Linear Systems Using Support Functions. Nonlinear Analysis: Hybrid Systems 4(2):250–262
Guo X, Hernndez-Lerma O (2009) Continuous-time markov decision processes. Stochastic Modelling and Applied Probability, vol 62. Springer, Berlin, pp 9–18
Harel D (1987) Statecharts: A Visual Formalism for Complex Systems. Sci Comput Program 8(87):231–274
He J (1994) From CSP to Hybrid Systems. In: A Classical Mind, Essays in Honour of C.A.R. Hoare, Prentice Hall International, pp 171–189
He J (2013) Hybrid Relation Calculus. In: Proceedings of ICECCS. IEEE, p 2
Henzinger TA (1996) The Theory of Hybrid Automata. In: Proceedings of LICS. IEEE, pp 278–292
Henzinger TA, Ho PH, Wong-Toi H (1997) HyTech : A Model Checker for Hybrid Systems. Int J Softw Tools Technol Transfer 1(1–2):110–122
Henzinger TA, Kopke PW, Puri A, Varaiya P (1998) What’s Decidable about Hybrid Automata? Journal of Computer and System Sciences 57:94–124
Hoare CAR (1985) Communicating Sequential Processes. Prentice Hall
Ko KI (1991) Complexity Theory of Real Functions. Birkhauser Boston Inc., Cambridge
Kong S, Gao S, Chen W, Clarke E (2015) dReach: Delta-Reachability Analysis for Hybrid Systems. In: Proceedings of TACAS, Springer-Verlag, LNCS, vol 9035, pp 200–205
Lynch N, Segala R, Vaandrager F, Weinberg H (1996) Hybrid I/O Automata. In: Hybrid Systems III, LNCS, vol 1066. Springer, pp 496–510
Lynch N, Segala R, Vaandrager F (2001) Hybrid I/O Automata Revisited. In: Proceedings of HSCC, LNCS, vol 2034. Springer, pp 403–417
Maler O, Manna Z, Pnueli A (1992) From Timed to Hybrid Systems. In: Real-Time: Theory in Practice, LNCS, vol 600. Springer, Berlin, pp 447–484
MathWorks (2015a) Simulink
MathWorks (2015b) Stateflow
Nieuwenhuis R, Oliveras A, Tinelli C (2006) Solving SAT and SAT Modulo Theories: From an Abstract Davis-Putnam-Logemann-Loveland Procedure to DPLL(T). J ACM 53(6):937–977
Phan PA, Gale TJ (2008) Direct Adaptive Fuzzy Control with A Self-Structuring Algorithm. Fuzzy Set Syst 159(8):871–899
Platzer A (2010) Logical Analysis of Hybrid Systems - Proving Theorems for Complex Dynamics. Springer
Von Mohrenschildt M (2001) Symbolic Verification of Hybrid Systems: An Algebraic Approach. Eur J Control 7(5):541–556
Weihrauch K (2000) Computable Analysis: An Introduction. Springer
Yi J, Yubazaki N (2000) Stabilization Fuzzy Control of Inverted Pendulum Systems. Artif Intell Eng 14(2):153–163
Zhou C, Wang J, Ravn AP (1996) A Formal Description of Hybrid Systems. In: Hybrid Systems III, LNCS, vol 1066. Springer, pp 511–530
Acknowledgments
This work was partly supported by the Danish National Research Foundation and the National Natural Science Foundation of China (Grant No. 61361136002) for the Danish-Chinese Center for Cyber Physical Systems. It was also supported by National Natural Science Foundation of China (Grant No. 61321064), Shanghai Collaborative Innovation Center of Trustworthy Software for Internet of Things (No. ZF1213) and Shanghai Minhang Talent Project.
Author information
Authors and Affiliations
Corresponding author
Appendices
Appendix A: Definitions Related to Computable Functions
Some basic definitions that are related to this paper are reviewed here. For more details, see [29, 40].
Definition 5
(Names) A name of \(v \in \mathbb {R}\) is any function \(\gamma _{v} : \mathbb {N} \rightarrow \mathbb {D}\) satisfying
where, \(\mathbb {D}\) is the set of all dyadic rationals (numbers of the form \(\frac {\varphi }{2^{\psi }}\) for an integer φ and natural number ψ).
For multi-dimensional name of \(\mathbf {v} \in \mathbb {R}^{n}\), \(\gamma _{\mathbf {v}} = \langle \gamma _{\mathbf {v}_{1}},..., \gamma _{\mathbf {v}_{n}} \rangle \). The name of v is a sequence of dyadic rationals converging to it.
Definition 6
(Computable Reals) A real number \(v \in \mathbb {R}\) is computable if there exists a name γ v of v that is a computable function.
A real function is computable if its value can be approximated for arbitrary precision by a function-oracle Turing machine.
Definition 7
(Computable Functions) Let \(V \subseteq \mathbb {R}^{n}\), function \(f: V \rightarrow \mathbb {R}\) is computable if there exists a function-oracle Turing machine F-OTM f calculating a rational number \(\mathcal {Q}_{f}^{\gamma _{\mathbf {v}}}(i)\) for \(i \in \mathbb {N}\) and γ v satisfying \(|\mathcal {Q}_{f}^{\gamma _{\mathbf {v}}}(i) - f(\mathbf {v})| < 2^{-i}\).
A function-oracle Turing machine F-OTM is an ordinary Turing machine except that F-OTM have an additional tape for query and two additional states (query and answer states, respectively).
When F-OTM enters the query state, the oracle γ replaces the current string v by γ(v) in the query tape, then the tape head returns to the first cell of the query tape, and the state of the machine is reset to the answer state.
For “types” of functions, informally, integer and rational numbers are Type-0 objects, a real number can be considered as a Type-1 function that maps a Type-0 object to type-0 object. Type-2 functions are those functions that map from Type-1 functions to Type-1 (or Type-0) functions. Thus, a function as \(f:\mathbb {R} \rightarrow \mathbb {R}\) is a Type-2 function.
Appendix B: Sample SMT Formulas
Here, we present one sample SMT formulas that are encoded (with maximum unrolling depth 0) for our HML model. In the following list of SMT formulas, there are some important parts should be explained:
-
Logic. In line 1, set--logic is a keyword of SMT standard language. (set-logic L) tells the solver (dReal) what logic L is being used for satisfiability checking of the SMT formulas. Here, QF_NRA_ODE is the logic implemented in dReal for non-linear differential equations.
-
Variable. (declare-fun position () Real) declares a variable named position with data type Real.
-
Differential equation. (define-ode flow_n F) defines a differential equation, number n is an index for this equation, F is the formula representing the concrete form of the equation, for example line 16 defines a simultaneous differential equation. E.g., SMT formula (= d/dt[clock] 1) can be considered as a differential equation \(\frac {\mathtt {d clock}}{\mathtt {dt}} = 1\) for variable clock.
-
Assert. The assert command (assert F) instructs the SMT solver to assume that the formula F is true.
-
Check. The check command (check-sat) tells the SMT solver to do the checking of the satisfiability of the SMT formulas.
-
Property. The properties that users want to check can be added as normal assert commands.
-
Exit. The exit command (exit) returns success and the SMT solver dReal terminates.

Rights and permissions
About this article
Cite this article
Fang, H., Zhu, H. & He, J. SMT-Based Symbolic Encoding and Formal Analysis of HML Models. Mobile Netw Appl 21, 35–52 (2016). https://doi.org/10.1007/s11036-015-0671-7
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11036-015-0671-7