, Probabilistic reachability and safety for controlled discrete time stochastic hybrid systems, Automatica, vol.44, issue.11, pp.2724-2734, 2008.
, The B-book: assigning programs to meanings, 2005.
, Formalizing hybrid systems with event-b, International Conference on Abstract State Machines, Alloy, B, VDM, and Z, pp.178-193, 2012.
, Model checking via reachability testing for timed automata, International Conference on Tools and Algorithms for the Construction and Analysis of Systems, pp.263-280, 1998.
, The key platform for verification and analysis of java programs, Working Conference on Verified Software: Theories, Tools, and Experiments, pp.55-71, 2014.
, Asymptotic optimization of a nonlinear hybrid system governed by a markov decision process, SIAM Journal on Control and Optimization, vol.35, issue.6, pp.2070-2085, 1997.
, Hybrid automata: An algorithmic approach to the specification and verification of hybrid systems, Hybrid systems, pp.209-229, 1993.
, Compositional modeling and refinement for hierarchical hybrid systems, The Journal of Logic and Algebraic Programming, vol.68, issue.1-2, pp.105-128, 2006.
, Discrete abstractions of hybrid systems, Proceedings of the IEEE, vol.88, issue.7, pp.971-984, 2000.
, Computer-controlled systems: theory and design. Courier Corporation, 2013.
, Continuous action systems as a model for hybrid systems, Nord. J. Comput, vol.8, issue.1, pp.2-21, 2001.
, Refinement calculus: a systematic introduction, 1998.
, Trace refinement of action systems, 1994.
, A brief history of process algebra, Theoretical Computer Science, vol.335, issue.2-3, pp.131-146, 2005.
, Core hybrid event-b i: single hybrid event-b machines, Science of Computer Programming, vol.105, pp.92-123, 2015.
, Verification of object-oriented software: The KeY approach, 2007.
, Contracts for system design, 2012.
URL : https://hal.archives-ouvertes.fr/hal-00757488
, The synchronous languages 12 years later, Proceedings of the IEEE, vol.91, issue.1, pp.64-83, 2003.
, Compositional Contract Abstraction for System Design, INRIA, 2014.
URL : https://hal.archives-ouvertes.fr/hal-00938854
, The esterel synchronous programming language: Design, semantics, implementation. Science of computer programming, vol.19, pp.87-152, 1992.
URL : https://hal.archives-ouvertes.fr/inria-00075711
, Interactive theorem proving and program development: Coq'Art: the calculus of inductive constructions, 2013.
URL : https://hal.archives-ouvertes.fr/hal-00344237
, Why3: Shepherd your herd of provers, Boogie 2011: First International Workshop on Intermediate Verification Languages, pp.53-64, 2011.
URL : https://hal.archives-ouvertes.fr/hal-00790310
, A hybrid, dynamic logic for hybrid-dynamic information flow, 2018.
, Formally verified differential dynamic logic, Proceedings of the 6th ACM SIGPLAN Conference on Certified Programs and Proofs, pp.208-221, 2017.
, Zélus: A synchronous language with odes, Proceedings of the 16th international conference on Hybrid systems: computation and control, pp.113-118, 2013.
, Process algebraic approach to hybrid systems. IFAC Proceedings Volumes, vol.38, pp.325-330, 2005.
, Behavioural hybrid process calculus, 2005.
, Extended stochastic hybrid systems and their reachability problem, International Workshop on Hybrid Systems: Computation and Control, pp.234-249, 2004.
, Bisimulation for general stochastic hybrid systems, International Workshop on Hybrid Systems: Computation and Control, pp.198-214, 2005.
, A calculus of durations, Information processing letters, vol.40, issue.5, pp.269-276, 1991.
, A formal description of hybrid systems, International Hybrid Systems Workshop, pp.511-530, 1995.
, Mars: A toolchain for modelling, analysis and verification of hybrid systems, Provably Correct Systems, pp.39-58, 2017.
, Another look at ltl model checking. Formal Methods in System Design, vol.10, pp.47-71, 1997.
, Orna Grumberg, and Doron Peled. Model checking, 1999.
, The calculus of constructions. Information and computation, vol.76, pp.95-120, 1988.
URL : https://hal.archives-ouvertes.fr/inria-00076024
, Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints, Proceedings of the 4th ACM SIGACT-SIGPLAN symposium on Principles of programming languages, pp.238-252, 1977.
, The astrée analyzer, European Symposium on Programming, pp.21-30, 2005.
, Z3: An efficient smt solver, International conference on Tools and Algorithms for the Construction and Analysis of Systems, pp.337-340, 2008.
, Systematic simulation using sensitivity analysis, International Workshop on Hybrid Systems: Computation and Control, pp.174-189
, , 2007.
, Compositional semantics and analysis of hierarchical block diagrams, International Symposium on Model Checking Software, pp.38-56, 2016.
, Benchmarks for hybrid systems verification, Hybrid Systems: Computation and Control, pp.326-341, 2004.
, Why3-where programs meet provers, European Symposium on Programming, pp.125-128, 2013.
, Measurability and safety verification for stochastic hybrid systems, Proceedings of the 14th international conference on Hybrid systems: computation and control, pp.43-52, 2011.
, Phaver: Algorithmic verification of hybrid systems past hytech, International workshop on hybrid systems: computation and control, pp.258-273
, , 2005.
, Bellerophon: Tactical theorem proving for hybrid systems, International Conference on Interactive Theorem Proving, pp.207-224, 2017.
, Keymaerax: An axiomatic tactical theorem prover for hybrid systems, International Conference on Automated Deduction, pp.527-538, 2015.
, A logic of proofs for differential dynamic logic, 2016.
, ?-complete decision procedures for satisfiability over the reals, International Joint Conference on Automated Reasoning, pp.286-300, 2012.
, Delta-decidability over the reals, Logic in Computer Science (LICS), 2012 27th Annual IEEE Symposium on, pp.305-314, 2012.
, dreal: An smt solver for nonlinear theories over the reals, International Conference on Automated Deduction, pp.208-214, 2013.
, Satisfiability modulo odes, Formal Methods in Computer-Aided Design (FMCAD), pp.105-112, 2013.
, Signal: A declarative language for synchronous programming of real-time systems, Conference on Functional Programming Languages and Computer Architecture, pp.257-277, 1987.
URL : https://hal.archives-ouvertes.fr/inria-00075791
, Approximate bisimulation: A bridge between computer science and control theory, European Journal of Control, vol.17, issue.5-6, pp.568-578, 2011.
URL : https://hal.archives-ouvertes.fr/hal-00765660
, A computer-checked proof of the four colour theorem, 2005.
, Compositional hoare-style reasoning about hybrid csp in the duration calculus, International Symposium on Dependable Software Engineering: Theories, Tools, and Applications, pp.110-127, 2017.
, A compositional modelling and analysis framework for stochastic hybrid systems, Formal Methods in System Design, vol.43, issue.2, pp.191-232, 2013.
, The synchronous data flow programming language lustre, Proceedings of the IEEE, vol.79, issue.9, pp.1305-1320, 1991.
, Verification of linear hybrid systems by means of convex approximations, International Static Analysis Symposium, pp.223-237, 1994.
, Reachability analysis of large-scale affine systems using low-dimensional polytopes, Hybrid Systems: Computation and Control, pp.287-301, 2006.
, Dynamic logic. In Handbook of philosophical logic, pp.99-217, 2001.
, A benchmark for comparing different approaches for specifying and verifying real-time systems, 1993.
, The theory of hybrid automata, Verification of Digital and Hybrid Systems, pp.265-292, 2000.
, Hytech: the next generation, Real-Time Systems Symposium, 1995. Proceedings., 16th IEEE, pp.56-65, 1995.
, Hytech: A model checker for hybrid systems, International Journal on Software Tools for Technology Transfer, vol.1, issue.1-2, pp.110-122, 1997.
, Communicating sequential processes, Communications of the ACM, vol.21, issue.8, pp.666-677, 1978.
, Algebraic calculi for hybrid systems, BoD-Books on Demand, 2009.
, Introduction to automata theory, languages, and computation, vol.32, pp.60-65, 2001.
, Towards a theory of stochastic hybrid systems, International Workshop on Hybrid Systems: Computation and Control, pp.160-173, 2000.
, Modelling in event-b. system and software engineering, 2008.
, dtl 2: Differential temporal dynamic logic with nested temporalities for hybrid systems, International Joint Conference on Automated Reasoning, pp.292-306, 2014.
, Modelling and analysis of a collision avoidance protocol using spin and uppaal, BRICS Report Series, vol.3, issue.24, 1996.
, From csp to hybrid systems, A classical mind, pp.171-189, 1994.
, Formal verification of an os kernel, Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles, pp.207-220, 2009.
, Hybrid systems in tla+, Hybrid Systems, pp.77-102, 1993.
, The temporal logic of actions, ACM Transactions on Programming Languages and Systems (TOPLAS), vol.16, issue.3, pp.872-923, 1994.
, Specifying systems: the TLA+ language and tools for hardware and software engineers, 2002.
, Uppaal in a nutshell, International journal on software tools for technology transfer, vol.1, issue.1-2, pp.134-152, 1997.
, The compcert verified compiler. Documentation and user's manual, 2012.
URL : https://hal.archives-ouvertes.fr/hal-01399482
, A calculus for hybrid csp, Asian Symposium on Programming Languages and Systems, pp.1-15, 2010.
, Differential refinement logic, LICS. ACM, 2016.
, Compositional proofs in differential dynamic logic, 2017.
URL : https://hal.archives-ouvertes.fr/hal-01615140
, Hybrid i/o automata. Information and computation, vol.185, pp.105-157, 2003.
, Specification and analysis of distributed objectbased stochastic hybrid systems, International Workshop on Hybrid Systems: Computation and Control, pp.460-475, 2006.
, The keymaera x proof ide-concepts on usability in hybrid systems theorem proving, 2017.
, Refactoring, refinement, and reasoning, International Symposium on Formal Methods, pp.481-496, 2014.
, Verified traffic networks: component-based verification of cyber-physical flow systems, 2015 IEEE 18th International Conference on Intelligent Transportation Systems, pp.757-764, 2015.
, A component-based approach to hybrid systems safety verification, LNCS, vol.9681, pp.441-456
, , 2016.
, Change and delay contracts for hybrid system component verification, International Conference on Fundamental Approaches to Software Engineering, pp.134-151, 2017.
, Test coverage for continuous and hybrid systems, International Conference on Computer Aided Verification, pp.449-462, 2007.
, Verification of java programs using symbolic execution and invariant generation, International SPIN Workshop on Model Checking of Software, pp.164-181, 2004.
, Isabelle: A generic theorem prover, vol.828, 1994.
, Extending hybrid csp with probability and stochasticity, International Symposium on Dependable Software Engineering: Theories, Tools, and Applications, pp.87-102, 2015.
, Cheat sheet of rules in keymaera
, Differential dynamic logic for verifying parametric hybrid systems, International Conference on Automated Reasoning with Analytic Tableaux and Related Methods, pp.216-232, 2007.
, A temporal dynamic logic for verifying hybrid system invariants, International Symposium on Logical Foundations of Computer Science, pp.457-471
, , 2007.
, Differential dynamic logic for hybrid systems, J. Autom. Reas, vol.41, issue.2, pp.143-189, 2008.
, Logical Analysis of Hybrid Systems: Proving Theorems for Complex Dynamics, 2010.
, Quantified differential dynamic logic for distributed hybrid systems, International Workshop on Computer Science Logic, pp.469-483, 2010.
, Stochastic differential dynamic logic for stochastic hybrid programs, International Conference on Automated Deduction, pp.446-460, 2011.
, The complete proof theory of hybrid systems, LICS, pp.541-550, 2012.
, Logics of dynamical systems, LICS, pp.13-24, 2012.
, A uniform substitution calculus for differential dynamic logic, International Conference on Automated Deduction, pp.467-481, 2015.
, Computing differential invariants of hybrid systems as fixedpoints, International Conference on Computer Aided Verification, pp.176-189, 2008.
, Keymaera: A hybrid theorem prover for hybrid systems (system description), International Joint Conference on Automated Reasoning, pp.171-178, 2008.
, European Train Control System: A case study in formal verification, LNCS, vol.5885, pp.246-265, 2009.
, The temporal logic of programs, Foundations of Computer Science, 1977., 18th Annual Symposium on, pp.46-57, 1977.
, Dynamic logic, Studies in Logic and the Foundations of Mathematics, vol.104, pp.251-261, 1982.
, Playing hybrid games with keymaera, International Joint Conference on Automated Reasoning, pp.439-453, 2012.
, Specifying and verifying requirements of real-time systems, IEEE Transactions on Software Engineering, vol.19, issue.1, pp.41-55, 1993.
, Towards verification of hybrid systems in a foundational proof assistant, Formal Methods and Models for Codesign (MEMOCODE), 2015 ACM/IEEE International Conference on, pp.248-257, 2015.
, Modular deductive verification of sampled-data systems, Proceedings of the 13th International Conference on Embedded Software, p.17, 2016.
, Linear hybrid action systems, Nordic Journal of Computing, vol.8, issue.1, pp.159-177, 2001.
, Action systems with continuous behaviour, International Hybrid Systems Workshop, pp.304-323, 1997.
, Hybrid action systems, Theoretical Computer Science, vol.290, issue.1, pp.937-973, 2003.
, Refinement and continuous behaviour, International Workshop on Hybrid Systems: Computation and Control, pp.223-237, 1999.
, Contract-based integration of cyber-physical analyses, Embedded Software (EMSOFT), 2014 International Conference on, pp.1-10, 2014.
, Architectural abstractions for hybrid programs, Proceedings of the 18th International ACM SIGSOFT Symposium on Component-Based Software Engineering, pp.65-74, 2015.
, Taming dr. frankenstein: Contract-based design for cyber-physical systems, European journal of control, vol.18, issue.3, pp.217-238, 2012.
, Constructing invariants for hybrid systems, International Workshop on Hybrid Systems: Computation and Control, pp.539-554, 2004.
, Decidable model checking of probabilistic hybrid automata, International Symposium on Formal Techniques in Real-Time and Fault-Tolerant Systems, pp.31-45, 2000.
, A decision method for elementary algebra and geometry, Quantifier elimination and cylindrical algebraic decomposition, pp.24-84, 1951.
, An assume/guarantee based compositional calculus for hybrid csp, International Conference on Theory and Applications of Models of Computation, pp.72-83, 2012.
, A compositional modelling and verification framework for stochastic hybrid systems, Formal Aspects of Computing, vol.29, issue.4, pp.751-775, 2017.
, An improved hhl prover: an interactive theorem prover for hybrid systems, International Conference on Formal Engineering Methods, pp.382-399, 2015.
, The mathematica, 1999.
, Approximate bisimulation and discretization of hybrid csp, International Symposium on Formal Methods, pp.702-720, 2016.
, Synthesizing systemc code from delay hybrid csp, Asian Symposium on Programming Languages and Systems, pp.21-41, 2017.
, Safety verification for probabilistic hybrid systems, International Conference on Computer Aided Verification, pp.196-211, 2010.
, Formal verification of a descent guidance control program of a lunar lander, International Symposium on Formal Methods, pp.733-748, 2014.
, Formal verification of simulink/stateflow diagrams, International Symposium on Automated Technology for Verification and Analysis, pp.464-481, 2015.
, Verifying simulink diagrams via a hybrid hoare logic prover, Proceedings of the Eleventh ACM International Conference on Embedded Software, 2013.
, Bayesian statistical model checking with application to simulink/stateflow verification, Proceedings of the 13th ACM international conference on Hybrid systems: computation and control, pp.243-252, 2010.
, /* Guarantees */ ((wl1 >= 3 & 7 >= wl1) /* the water-level stay in the desired range */ & wl1=(fin-fout1)*(t-tctrl1)+wlm1)
, Assumptions from the second water-level controller */ /* value of fout2 according to the measured water-level *
, /* Guarantees */ ((wl2 >= 3 & 7 >= wl2) /* the water-level stay in the desired range */ & wl2=(fout1-fout2)*(t-tctrl2)+wlm2)
, /* Initial value */ & wlm1 >= 3 & 7 >= wlm1 /* initial assumption on the measured water-level */ /* initial assumption on the relation between the measured water-level and inlet flow *
,
, /* Initial values */ & wlm2 >= 3 & 7 >= wlm2 /* initial assumption on the measured water-level */ /* initial assumption on the relation between the measured water-level and inlet flow
,
, /* assumption that the measured water-level is in the range, vol.3
, / */ & wl1=(fin-fout1)*(t-tctrl1)+wlm1 -> [ /* Behavior, vol.3
, } /* behavior of the water-level */ ++ {wl1' = fin -fout1
, /* behavior of the second water-level controller */ {?tctrl2 + delta2 >= t, vol.2, p.2
, } /* behavior of the second water-level */ ++ {wl2' = fout1 -fout2
, /* assumption that the measured water-level is in the range, vol.3
, /* the first water-level is in the range, vol.3
, } /* behavior of the second water-level controller */ ++ {?tctrl2 + delta2 >= t, vol.2, p.2
, } /* parallel composition of two water-levels */ ++ {wl1' = fin -fout1, wl2' = fout1 -fout2
,
, 5->fin=0)&(3.5>=wlm1->fin=1)&(wlm1>3.5&6.5>wlm1->fin=0|fin= master, closeId, andL(-1) ; andL(-5) ; andL(-4) ; andL(-5) ; andL(-6)
,
,
, <( master, boxAnd(1) ; andR(1)