https://ojs.dagstuhl.de/index.php/lites/gateway/plugin/WebFeedGatewayPlugin/atomLeibniz Transactions on Embedded Systems2022-12-07T09:12:42+01:00Michael Wagner (LITES Editorial Office)lites-office@dagstuhl.deOpen Journal Systems<span>LITES publishes original articles on all aspects of embedded computer systems according to the principles of OpenAccess.</span>https://ojs.dagstuhl.de/index.php/lites/article/view/lites-v008-i002-a000Introduction to the Special Issue on Distributed Hybrid Systems2022-12-07T09:12:43+01:00Alessandro AbateUli FahrenbergMartin Fränzle
<p>This special issue contains seven papers within the broad subject of Distributed Hybrid Systems, that is, systems combining hybrid discrete-continuous state spaces with elements of concurrency and logical or spatial distribution. It follows up on several workshops on the same theme which were held between 2017 and 2019 and organized by the editors of this volume.<br>The first of these workshops was held in Aalborg, Denmark, in August 2017 and associated with the MFCS conference. It featured invited talks by Alessandro Abate, Martin Fränzle, Kim G. Larsen, Martin Raussen, and Rafael Wisniewski. The second workshop was held in Palaiseau, France, in July 2018, with invited talks by Luc Jaulin, Thao Dang, Lisbeth Fajstrup, Emmanuel Ledinot, and André Platzer. The third workshop was held in Amsterdam, The Netherlands, in August 2019, associated with the CONCUR conference. It featured a special theme on distributed robotics and had invited talks by Majid Zamani, Hervé de Forges, and Xavier Urbain.<br>The vision and purpose of the DHS workshops was to connect researchers working in real-time systems, hybrid systems, control theory, formal verification, distributed computing, and concurrency theory, in order to advance the subject of distributed hybrid systems. Such systems are abundant and often safety-critical, but ensuring their correct functioning can in general be challenging. The investigation of their dynamics by analysis tools from the aforementioned domains remains fragmentary, providing the rationale behind the workshops: it was conceived that convergence and interaction of theories, methods, and tools from these different areas was needed in order to advance the subject.</p>
2022-12-07T00:00:00+01:00Copyright (c) 2022 Alessandro Abate, Uli Fahrenberg, Martin Fränzlehttps://ojs.dagstuhl.de/index.php/lites/article/view/lites-v008-i002-a001Safety Verification of Networked Control Systems by Complex Zonotopes2022-12-07T09:12:46+01:00Arvind AdimoolamThao Dang
<p>Networked control systems (NCS) are widely used in real world applications because of their advantages, such as remote operability and reduced installation costs. However, they are prone to various inaccuracies in execution like delays, packet dropouts, inaccurate sensing and quantization errors. To ensure safety of NCS, their models have to be verified under the consideration of aforementioned uncertainties. In this paper, we tackle the problem of verifying safety of models of NCS under uncertain sampling time, inaccurate output measurement or estimation, and unknown disturbance input. Unbounded-time safety verification requires approximation of reachable sets by invariants, whose computation involves set operations. For uncertain linear dynamics, two important set operations for invariant computation are linear transformation and Minkowski sum operations. Zonotopes have the advantage that linear transformation and Minkowski sum operations can be efficiently approximated. However, they can not encode directions of convergence of trajectories along complex eigenvectors, which is closely related to encoding invariants. Therefore, we extend zonotopes to the complex valued domain by a representation called complex zonotope, which can capture contraction along complex eigenvectors for determining invariants. We prove a related mathematical result that in case of accurate feedback sampling, a complex zonotope will represent an invariant for a stable NCS. In addition, we propose an algorithm to verify the general case based on complex zonotopes, when there is uncertainty in sampling time and in input. We demonstrate the efficiency of our algorithm on benchmark examples and compare it with a state-of-the-art verification tool.</p>
2022-12-07T00:00:00+01:00Copyright (c) 2022 Arvind Adimoolam and Thao Danghttps://ojs.dagstuhl.de/index.php/lites/article/view/lites-v008-i002-a002Swarms of Mobile Robots: Towards Versatility with Safety2022-12-07T09:12:47+01:00Pierre CourtieuLionel RiegSébastien TixeuilXavier Urbain
<p>We present Pactole, a formal framework to design and prove the correctness of protocols (or the impossibility of their existence) that target mobile robotic swarms. Unlike previous approaches, our methodology unifies in a single formalism the execution model, the problem specification, the protocol, and its proof of correctness. The Pactole framework makes use of the Coq proof assistant, and is specially targeted at protocol designers and problem specifiers, so that a common unambiguous language is used from the very early stages of protocol development. We stress the underlying framework design principles to enable high expressivity and modularity, and provide concrete examples about how the Pactole framework can be used to tackle actual problems, some previously addressed by the Distributed Computing community, but also new problems, while being certified correct.</p>
2022-12-07T00:00:00+01:00Copyright (c) 2022 Pierre Courtieu, Lionel Rieg, Sébastien Tixeuil, and Xavier Urbainhttps://ojs.dagstuhl.de/index.php/lites/article/view/lites-v008-i002-a003Higher-Dimensional Timed and Hybrid Automata2022-12-07T09:12:46+01:00Uli Fahrenberg
<p>We introduce a new formalism of higher-dimensional timed automata, based on Pratt and van Glabbeek’s higher-dimensional automata and Alur and Dill’s timed automata. We prove that their reachability is PSPACE-complete and can be decided using zone-based algorithms. We also extend the setting to higher-dimensional hybrid automata.<br />The interest of our formalism is in modeling systems which exhibit both real-time behavior and concurrency. Other existing formalisms for real-time modeling identify concurrency and interleaving, which, as we shall argue, is problematic.</p>
2022-12-07T00:00:00+01:00Copyright (c) 2022 Uli Fahrenberghttps://ojs.dagstuhl.de/index.php/lites/article/view/lites-v008-i002-a004A Hybrid Programming Language for Formal Modeling and Verification of Hybrid Systems2022-12-07T09:12:48+01:00Eduard KamburjanStefan MitschReiner Hähnle
<p>Designing and modeling complex cyber-physical systems (CPS) faces the double challenge of combined discrete-continuous dynamics and concurrent behavior. Existing formal modeling and verification languages for CPS expose the underlying proof search technology. They lack high-level structuring elements and are not efficiently executable. The ensuing modeling gap renders formal CPS models hard to understand and to validate. We propose a high-level programming-based approach to formal modeling and verification of hybrid systems as a hybrid extension of an Active Objects language. Well-structured hybrid active programs and requirements allow automatic, reachability-preserving translation into differential dynamic logic, a logic for hybrid (discrete-continuous) programs. Verification is achieved by discharging the resulting formulas with the theorem prover KeYmaera X. We demonstrate the usability of our approach with case studies.</p>
2022-12-07T00:00:00+01:00Copyright (c) 2022 Eduard Kamburjan, Stefan Mitsch, and Reiner Hähnlehttps://ojs.dagstuhl.de/index.php/lites/article/view/lites-v008-i002-a005Bayesian Hybrid Automata: A Formal Model of Justified Belief in Interacting Hybrid Systems Subject to Imprecise Observation2022-12-07T09:12:44+01:00Paul KrögerMartin Fränzle
<p>Hybrid discrete-continuous system dynamics arises when discrete actions, e.g. by a decision algorithm, meet continuous behaviour, e.g. due to physical processes and continuous control. A natural domain of such systems are emerging smart technologies which add elements of intelligence, co-operation, and adaptivity to physical entities, enabling them to interact with each other and with humans as systems of (human-)cyber-physical systems or (H)CPSes.<br />Various flavours of hybrid automata have been suggested as a means to formally analyse CPS dynamics. In a previous article, we demonstrated that all these variants of hybrid automata provide inaccurate, in the sense of either overly pessimistic or overly optimistic, verdicts for engineered systems operating under imprecise observation of their environment due to, e.g., measurement error. We suggested a revised formal model, called Bayesian hybrid automata, that is able to represent state tracking and estimation in hybrid systems and thereby enhances precision of verdicts obtained from the model in comparison to traditional model variants.<br />In this article, we present an extended definition of Bayesian hybrid automata which incorporates a new class of guard and invariant functions that allow to evaluate traditional guards and invariants over probability distributions. The resulting framework allows to model observers with knowledge about the control strategy of an observed agent but with imprecise estimates of the data on which the control decisions are based.</p>
2022-12-07T00:00:00+01:00Copyright (c) 2022 Paul Kröger and Martin Fränzlehttps://ojs.dagstuhl.de/index.php/lites/article/view/lites-v008-i002-a006From Dissipativity Theory to Compositional Construction of Control Barrier Certificates2022-12-07T09:12:45+01:00Ameneh NejatiMajid Zamani
<p>This paper proposes a compositional framework based on dissipativity approaches to construct control barrier certificates for networks of continuous-time stochastic hybrid systems. The proposed scheme leverages the structure of the interconnection topology and a notion of so-called control storage certificates to construct control barrier certificates compositionally. By utilizing those certificates, one can compositionally synthesize state-feedback controllers for interconnected systems enforcing safety specifications over a finite-time horizon. In particular, we leverage dissipativity-type compositionality conditions to construct control barrier certificates for interconnected systems based on corresponding control storage certificates computed for subsystems. Using those constructed control barrier certificates, one can quantify upper bounds on probabilities that interconnected systems reach certain unsafe regions in finite-time horizons. We employ a systematic technique based on the sum-of-squares optimization program to search for storage certificates of subsystems together with their corresponding safety controllers. We demonstrate our proposed results by applying them to a temperature regulation in a circular building containing 1000 rooms. To show the applicability of our approaches to dense networks, we also apply our proposed techniques to a fully-interconnected network.</p>
2022-12-07T00:00:00+01:00Copyright (c) 2022 Ameneh Nejati and Majid Zamanihttps://ojs.dagstuhl.de/index.php/lites/article/view/lites-v008-i002-a007Real-Time Verification for Distributed Cyber-Physical Systems2022-12-07T09:12:43+01:00Hoang-Dung TranLuan Viet NguyenPatrick MusauWeiming XiangTaylor T. Johnson
<p>Safety-critical distributed cyber-physical systems (CPSs) have been found in a wide range of applications. Notably, they have displayed a great deal of utility in intelligent transportation, where autonomous vehicles communicate and cooperate with each other via a high-speed communication network. Such systems require an ability to identify maneuvers in real-time that cause dangerous circumstances and ensure the implementation always meets safety-critical requirements. In this paper, we propose a real-time decentralized reachability approach for safety verification of a distributed multi-agent CPS with the underlying assumption that all agents are time-synchronized with a low degree of error. In the proposed approach, each agent periodically computes its local reachable set and exchanges this reachable set with the other agents with the goal of verifying the system safety. Our method, implemented in Java, takes advantages of the timing information and the reachable set information that are available in the exchanged messages to reason about the safety of the whole system in a decentralized manner. Any particular agent can also perform local safety verification tasks based on their local clocks by analyzing the messages it receives. We applied the proposed method to verify, in real-time, the safety properties of a group of quadcopters performing a distributed search mission.</p>
2022-12-07T00:00:00+01:00Copyright (c) 2022 Hoang-Dung Tran, Luan Viet Nguyen, Patrick Musau, Weiming Xiang, and Taylor T. Johnson