Modeling and Analysis of Hybrid Systems - SS 2013

First Exam
Monday, July 29, 2013

Forename and surname: Matriculation number:

n
Sign here:

tio
• Do not open the exam until we give the start signal.

• Please place your student identity card on your desk for identification purposes.

• The duration of the exam is 120 minutes.

• Use a blue or black (permanent) pen only.

lu
• Please write your name and matriculation number on each page of this exam.

• Please write clear and legible answers.

• Please use a separate sheet for each task. If you need more sheets, indicate this by a
hand signal.
So

• Please clearly cross out parts you do not wish to be evaluated.

• If you have problems understanding a task, indicate this by a hand signal.

• You are not allowed to use auxiliary material except for a pen. In particular, switch
off your electronic devices! Cheating disqualifies from the exam.

Task: 1.) 2.) 3.) 4.) 5.) 6.) Total

Maximum score: 6 11 7 9 9 8 50
Reached score:

Good luck!
Name: Student number:

Task 1. Hybrid System Modeling (3 + 2 + 1 points)

Assume a bouncing ball with vertical movement. Let

• x [m] denote the ball’s height (distance from the ground),

dx
• v= dt
[ ms ] its velocity and
dv
• g= dt
= −9.8 [ sm2 ] the acceleration due to gravity.

First, the ball raises with decreasing velocity until it starts to fall. When it hits the ground,
it bounces and starts to raise again. We model the bouncing as a discrete event, inversing

n
the sign of the velocity and reducing its absolute value by 50%.

(1) Please define the missing components of the following hybrid automaton to model the
bouncing ball:

x = 10 ∧ v = 10 ẋ =
v̇ =
l0

tio
(2) Is the above automaton Zeno-free? Explain your answer!
lu
(3) Is the above automaton a linear hybrid automaton? Justify your answer!

Solution:

(1) The missing components are as follows:

So

l0
x = 10 ∧ v = 10 ẋ = v x=0∧v <0
v̇ = −g v := −0.5v
x≥0

(2) No. Since the ball loses the half of its kinetic energy upon bouncing, the time between two
successive bounces converges to 0 when time proceeds. Thus all paths of this automaton
are time-convergent. Those paths that contain infinitely many discrete steps, for example
the path having only time steps of maximal durations, are Zeno paths.

(3) Our model is not a linear hybrid automaton, because its behaviour is not linear: the
derivative of x is not constant.
Name: Student number:

Task 2. Timed Automata (4 + (5 + 2) points)

(1) Please define the operational semantics of timed automata by formalizing the rules for
time evolution and discrete transitions.

(2) Assume the following timed automaton T :

x=0 `0 x=1
ẋ = 1 x := 0

n
We want to check whether T satisfies the TCTL formula EGEF ≤1 (x = 1).

(i) How many abstract states are generated by the state space abstraction? Explain!

Solution:

(1)
system? Why?

ν |= g
tio
(ii) Which of the abstract states have a self-loop in the corresponding region transition

(l, a, (g, R), l0 ) ∈ Edge

ν 0 = reset R in ν ν 0 |= Inv(l0 ) Rule Discrete
lu
a
(l, ν) → (l0 , ν 0 )

t > 0 ν 0 = ν + t ν 0 |= Inv(l)
t
Rule Time
(l, ν) → (l, ν 0 )
So

(2) (i) By the transformation of the TCTL formula to a CTL formula a new clock z is
introduced with cz = 1 the maximal constant to which z is compared to in the CTL
formula (T is only extended with the new clock z but z is not compared to any
value in the extension). The largest constant to which x is compared to in the CTL
formula or in the automaton is also cx = 1.
Note that the automaton has a single location. Therefore, the abstraction defines
two states (l0 , ν) and (l0 , ν 0 ) to be equivalent if
• either ν(x) > cx ∧ ν 0 (x) > cx or

bν(x)c = bν 0 (x)c ∧ (frac(ν(x)) = 0 iff frac(ν 0 (x)) = 0)

• either ν(z) > cz ∧ ν 0 (z) > cz or

bν(z)c = bν 0 (z)c ∧ (frac(ν(z)) = 0 iff frac(ν 0 (z)) = 0)

Name: Student number:

• if ν(x), ν 0 (x) ≤ cx and ν(z), ν 0 (z) ≤ cz then

frac(ν(x)) < frac(ν(z)) iff frac(ν 0 (x)) < frac(ν 0 (z)) ,

frac(ν(x)) > frac(ν(z)) iff frac(ν 0 (x)) > frac(ν 0 (z)) ,
frac(ν(x)) = frac(ν(z)) iff frac(ν 0 (x)) = frac(ν 0 (z)).

Therefore, the state space will define the following 18 abstract states:
z

15 16 17 18 1 : x=0∧z =0
2 : 0<x<1∧z =0

n
1 11 12 13 14
3 : x=1∧z =0
4 : x>1∧z =0
5 6 7 8 9 10 5 : x=0∧0<z <1
6 : 0<x<1∧0<z <1∧x<z

0 1
0
2

tio
3
1
4 x
7
8
9
10
11
12
13
14
15
:
:
:
:
:
:
:
:
:
0<x<1∧0<z <1∧x=z
0<x<1∧0<z <1∧x>z
x=1∧0<z <1
x>1∧0<z <1
x=0∧z =1
0<x<1∧z =1
x=1∧z =1
x>1∧z =1
x=0∧z >1
lu
16 : 0<x<1∧z >1
17 : x=1∧z >1
18 : x>1∧z >1

(ii) Only state 18 has a self-loop for two reasons: Firstly, the discrete transition changes
the abstract state from one satisfying x = 1 to another one with x = 0, therefore
there are no self-loops representing discrete steps (if there would be one than the
So

system would be Zeno). Secondly, in order to avoid abstract paths that represent
only time-convergent paths, no time-step-representing self-loops are added to the
states 1-17. However, there is a self-loop on state 18 to represent infinite stay in
the upper-unbounded region.
Name: Student number:

Task 3. Rectangular Automata (2 + 1 + 4 points)

(1) Please explain the differences between rectangular automata and timed automata.

(2) When is a rectangular automaton initialized ?

(3) Please transform the following initialized rectangular automaton into an initialized sin-
gular automaton. You may skip irrelevant parts of the result like unreachable locations,
invariant components that are satisfied by all states reachable in the given location, etc.

`0 `1
x=0 x≥2

n
ẋ ∈ [1, 2] ẋ ∈ [−2, 0]
x := 0
x ∈ [0, 4]

Solution:

tio
(1) In a rectangular automaton, the derivative of a variable can be defined by an interval,
however, all variable derivatives in a timed automaton should be 1. For a discrete transi-
tion, a rectangular automaton may reset a variable nondeterministically to a value from
an interval, however, a timed automaton can only reset a variable to value 0.

(2) We call a rectangular automaton initialized, if for each discrete transition e and each
variable x the following holds: if the derivative of x in the source location of e differs
from the derivative of x in the target location of e, then x is reset by e.
lu
(3)

xu ≥ 2
xl := 0, xu := 0
So

`0 `00 `1
xl = 0 ẋl = 1 xu = 4 ẋl = 1 true ẋl = −2
xu = 0 ẋu = 2 xu := 4 ẋu = 0 xl := 0, xu := 0 ẋu = 0

xu ≤ 4 xl ≤ 4
Name: Student number:

Task 4. Linear Hybrid Automata (3 + 3 + 3 points)

(1) Is the bounded reachability problem decidable for linear hybrid automata (with linear
behavior)? Prove your answer!

(2) Which state set representation did we use for linear hybrid automata? How can the
operations for union, intersection, membership and test for emptiness be computed for
that representation?

(3) Assume the following linear hybrid automaton A:

x≥2

n
`0 x := 0 `1

x=0 ẋ = 1 ...
y=0 ẏ = −1

x ≤ 3 ... y ≤ 3

tio
Let I be the representation of the initial state set {(l0 , ν) ∈ Σ | ν(x) = ν(y) = 0}.
Compute the forward time closure Tl0+ (I) (or hIi%l0 in the notation of the lecture notes).
Don’t forget to reduce the result using quantifier elimination.

Solution:
lu
(1) Yes, the bounded reachability problem is decidable on linear hybrid automata, because
paths of bounded length can be encoded in linear real arithmetic, which is a decidable
logic.

(2) Assume that the linear hybrid automaton A has N locations `1 , . . . , `N . We may represent
the a state set of A by N tuples h`1 , ϕ1 i, . . . , h`N , ϕN i such that ϕ1 , . . . , ϕN are linear
real arithmetic formulas. For two state set representations S1 = {h`1 , ϕ1 i, . . . , h`N , ϕN i}
So

and S2 = {h`1 , ψ1 i, . . . , h`N , ψN i}, and a state s = h`i , νi of A, the operations can be
computed as follows:

• S1 ∪ S2 = {h`1 , ϕ1 ∨ ψ1 i, . . . , h`N , ϕN ∨ ψN i},

• S1 ∩ S2 = {h`1 , ϕ1 ∧ ψ1 i, . . . , h`N , ϕN ∧ ψN i},
• s ∈ S1 if and only if ν |= ϕi , and
• S1 = ∅ if and only if all ϕ1 are unsatisfiable.

(3) We represent the initial set as I = h`0 , x = 0 ∧ y = 0i. Therefore

T`+
0
(I) = h`0 , ∃x0 .∃y 0 .∃t.(t ≥ 0 ∧ x0 = 0 ∧ y 0 = 0 ∧ x = x0 + t ∧ y = y 0 − t ∧ x ≤ 3)i
= h`0 , x + y = 0 ∧ x ≥ 0 ∧ x ≤ 3i .
Name: Student number:

Task 5. Reachability Analysis (5 + 4 points)

(1) Please complete the following table with the information whether for the given subclasses
of hybrid automata the reachability and bounded reachability problems are decidable or
not!
Automata subclass Is the reachability Is the bounded reach-
problem decidable? ability problem decid-
able?
Timed automata
Initialized rectangular automata
Rectangular automata

n
Linear hybrid automata
General hybrid automata

(2) Please specify in pseudo-code the general (i.e., representation-independent) algorithm for

Solution:

(1)

Automata subclass
tio
forward reachability computation (i.e., to compute the set of states reachable from a given
initial state set). Use I to represent the set of initial states, Reach(R) to represent the
set of states reachable in one step from R, and the notations for standard set operations.

Is the reachability Is the bounded reach-

lu
problem decidable? ability problem decid-
able?
Timed automata Yes Yes
Initialized rectangular automata Yes Yes
Rectangular automata No Yes
Linear hybrid automata No Yes
So

General hybrid automata No No

(2)

Input: the initial state set I.

Algorithm:
Rnew := I;
R := ∅;
while (Rnew 6= ∅){
R := R ∪ Rnew ;
Rnew := Reach(Rnew )\R;
}
Output: the reachable state set R
Name: Student number:

Task 6. Convex Polytopes (1 + 2 + 2 + 3 points)

(1) What is the difference between polyhedra and polytopes?

(2) Please describe the two representations that we discussed in the lecture for polytopes.

(3) How can we compute the convex hull of the union of two polytopes in those representa-
tions?

(4) Using polytopes to represent state sets, in the approximation of a flow pipe segment we
used bloating. What is it and what do we need it for?

n
Solution:

(1) Polyhedra can be unbounded. Polytopes are bounded polyhedra.

spaces. tio
(2) Polytopes can be represented in two ways.

• V-polytopes - A polytope P is represented by the convex hull of finitely many points.

• H-polytopes - A polytope P is represented by an intersection of finitely many half-

(3) If both of the polytopes are V-polytopes, say P1 : {v1 , . . . , vn } and P2 : {u1 , . . . , um },
then the convex hull of their union can be represented by the V-polytope conv(P1 ∪ P2 ) :
{v1 , . . . , vn , u1 , . . . , um }. If at least one of the polytopes is not a V-polytope, we may
converse it into a V-polytope and use the previous method to compute their convex hull.
lu
(4) To compute a polytope over-approximation of a flow pipe segment, say from time t1 to
t2 , we first compute the reachable sets R1 and R2 at time t1 and t2 respectively, and
compute a convex hull of R1 ∪ R2 which is a polytope P . However, the convex hull P
does not include some non-linear trajectories from R1 to R2 , therefore we need to bloat
P to P + such that all trajectories are included in P + .
So