A METHODOLOGY FOR ANALYZING THE DYNAMICS OF

HYBRID SYSTEMS
Jean Della Dora Sergio Yovine
LMC-IMAG VERIMAG
Domaine Universitaire Centre Equation
BP 53 2, Ave de Vignate
38041 Grenoble Cedex 9, France 38610 Gières, France
Jean.Della-Dora@imag.fr Sergio.Yovine@imag.fr

Keywords: Hybrid systems, symbolic/mumeric computa-

tion. 0
Heating
Draining T2
Abstract   
We discuss an algebraic and computational framework for for- 
mally analyzing hybrid systems that attempts to avoid numer- Cooling 1 Cooling 2
ical integration by resorting to (algebraically) finding prim- Draining T2 Draining T1
itives, and inverting and (numerically) evaluating functions
when needed. The goal of the paper is to start exploring a
   
little bit deeper into this idea to try to find out (a) a method-
ology, (b) algebraic and computational tools to support it, (c) 3 4
Unsafe Safe
classes of systems to which we can apply it in principle, and
(d) a framework in which we can reasonably apply it in prac-
tice (with today’s computational tools).
Figure 1: Hybrid automaton of the cooldown procedure.
1 Introduction
One of the main research issues in hybrid systems is reachabil- bit deeper into this idea to try to find out (a) a methodology, (b)
ity analysis, where the major difficulty lies in the computation algebraic and computational tools to support it, (c) classes of
of the reach-set of differential equations (or inclusions). In the systems to which we can apply it in principle, and (d) a frame-
last few years several techniques have been proposed which work in which we can reasonably apply it in practice (with to-
can be classified in two groups. The first group is composed of day’s computational tools).
purely symbolic methods based on (a) the existence of analytic
closed-form solutions of the differential equations, and (b) the 2 A motivating example
representation of the state space in a decidable theory of the


real numbers. Such techniques have been developed and ap- To motivate our approach we start by focusing our attention

 
 
(

plied for timed automata ( ) [1, 10], rectangular automata
, with , rational constants) [8] and several classes
on the analysis of the batch evaporator proposed in [11] as a
benchmark example. The problem consists in studying the be-
of hybrid automata with linear vector fields [13, 2]. The second havior of the system in the case of a cooling breakdown in the
group consists of methods that combine (a) numeric integration condenser. Such a failure would cause the temperature to rise if
of the differential equations (or inclusions), and (b) symbolic the evaporation process is continued. To avoid the temperature
representations (of approximations) of the state space, typically for being too high, the heating has to be turned off. But in the
using (unions of convex) polyhedra or ellipsoids [3, 4, 7, 12]. temperature decreases too much, the material in the evaporator
tank would crystallise and spoil the batch. The goal of the con-
In this paper we explore another analysis method which has
trol is to avoid both the triggering of the safety presure valve
actually been motivated and derived after attempting to give a
and the crystallisation. Thus, the time interval between the oc-
fully analytic solution to the batch evaporator benchmark de-
currence of the failure and the switching-off of the heating is
scribed in [11]. Roughly speaking, the method consists in re-
critical. The cooldown procedure is modeled by the hybrid au-
ducing the problem of studying the continuous dynamics in a
tomaton of Fig. 2. The problem consists in checking whether
location to finding primitives and inverses, and evaluating them
the location Unsafe is reachable. A detailed formal analy-
at the enabling constraint of a transition to check whether it is
sis of this problem is presented in [14]. Here we restrict our
possible and eventually compute the initial condition for the
study to a small part of it which is rich enough to illustrate and
next location. The goal of the paper is to start exploring a little
motivate our approach.
 "!
#$! % &'(
The system has three variables, namely, , the liquid height in the separation of variables. Certainly, the question that arises
tank , )
, and , the temperature of the liquid in tank . #+* is to what extent this approach can be generalized. In other
The constant )-,
corresponds to the temperature at which the words, what classes of systems of differential equations would
cooldown procedure is launched, and )-.
is the crystallisation be amenable to such an analysis.
temperature. The dynamics of the height of the liquid in tank
#! is modelled by the differential equation
Before going any further, let us take a look at the following very
simple but illustrative example borrowed from [15]. Consider
! &/0
!21 !
!435 (1)
the second order, linear, ordinary differential equation

s
 5
which admits an analytic solution It A (7)

!268729 ;
 :1
!=< >
/ 8! 7@?$A (2)
which models the linear pendulum. There is, indeed, a system-
atic way of solving this equation. It is as follows. Let us first

!B<C35 is the initial height and ! is some (determined)

cast the equation in the form of a system of equations, that is,

 u
where
positive real constant. (8)
#* u  /

The differential equation for the temperature when tank
being drained (at location 2) is
is
tA (9)

from where we obtain the identity

) &/ED 6 ) / G) F 9-HJILN K * M* (3) uu

J 5
I>t A (10)

N )GFPOQ) D
where is the (constant) environmental temperature, and that leads to the identification of the first integral
H K M* 68729 v *   6u
, , , and are some (positive) real constants. Since we


( A> I t A A9
know , we can try solving Eq. 2 by separating variables (11)
and then integrating
RQS ) RX
 H ILN M*K M*6Z729 68729 7
Eq. 11 can now be used to reduce the system from a second-
SUT8V E/ D 6 ) W / )-F 9 YX T8V J W
(4) order to a first-order one by taking

7*
J
w  ux ( 6 v * / (
9
tA A
where is the time when the transition from location 1 to
A
location 2 occurred, that is, when tank is empty, and # )-* W7 (12)

is the corresponding temperature. Both sides of Eq. 4 can be A A which can be solvedW by separating variables
integrated yielding an equation of the form
 R R

-) * / )-F dc Z6 7 *  729 (_y 7  z
( 6 v * W/ *
9
\D [B]_^a` ) A / ) Fb A
(5)
W
(13)

At A A
By inverting the expression we obtain ) as a function of 7 as which yields

) 6Z729  6 )_* / )GF 9@e'f$gihkj XYT8Vml XZn I )GF 

follows

A 
 *
(6)
7I v  ` ‚t( v* b (14)
By evaluating the right-hand side of Eq. 6 at 7 *f 1 *@< A t{_|}~2€B
the time at which tank #+* becomes empty, weAUget o the temper- v is a second constant of integration. By inverting
ature )  ) 6Z7 9 when the transition from location 2 to lo- where
A can express
as a function of 7 as follows
cation 4AUo takes place. AUo Thus, the crystallisation temperature is Eq. 14 we
‚ v
attained if and only if )-. 3 ) .
AUo
68729  ( * 6 6Z7 v 929
t ~2€B t I A
(15)
3 Systematizing the approach
In summary, the procedure we have applied to find the solution
The mathematical analysis carried out for the evaporator exam- esentially consists of four steps:
ple in the previous section is esentially decomposed into two

a differential equation of the form
dqp 6 +
 27 9

steps. The first one consists in reducing the problem to study
(with being
the temperature). This is indeed possible because the differ-
ential equations governing the dynamics of the other variables
of the system, (namely the liquid heights,) can be analytically

1. Identification of a first integral
2. Use the integral to reduce the order by one
3. Solve the remaining equation by explicit integration

step deals with the analysis of
Jrp 6 +
 27 9

solved and the closed-form solutions are invertible. The second
using the method of 4. Inverse the solution
The existence of a first integral is fundamental for decreasing
, which is, indeed, immediate if ƒ 
(as in Eq. 23)), that we
the dimension of the system of differential equations, thereby can evaluate (by eventually applying numerical methods).
reducing the problem to finding a primitive. This touches to
If we want to solve the problems of integration and inversion
the difficult questions of finding integrals, for which in general
algebraically, we have to resort to computer algebra techniques.
there is no systematic procedure, and that of how many of them
W.l.o.g. let us consider the problem of finding
do we need to find to actually reduce the problem to an explicit
R

6
9 
integration. We are certainly not going to go through this topic
here. It is worth to mention though that there are important p W6
9 (21)

p
classes of systems, such as integrable Hamiltonian systems, for
which the overall procedure could be applied [15]. Suppose that belongs to
We are left out then with the problem of dealing with items ‘ 6
9 “’•” 6
9 U–˜ ‘ 
™„U– š 5…›
(3) and (4) above, that is, solving one dimensional, non-
autonomous differential equations resorting to explicit integra-
– 6
9a— ” (22)

‘ 6
9
tion and inversion. We assume

r *
the field of rational fractions with coefficients in the field of ra-
 p

W 7 6 9„ƒ…6Z729 6
9 ‘

tional numbers. Then of course belongs also to , but, in
(16) general, its primitive does not, esentially because (a) the
W variables, and reduce the problem
in order to be able to separate
logarithms do not belong to 6 9
, and (b) the field of rational
numbers is not algebrically closed. A typical exemple is the
to solving R R

ƒ…6Z729 7  p W 6
9
following :

W
(17) R
 ‚ ( a
/ ‚ (

W/ ( œ ( [B]_^J
‚ $( ž (23)
4 A theoretical framework A I
Let us first recast the problem in the context of hybrid systems. Indeed, logarithms, exponentials, and algebraic numbers can-
Consider a location of a hybrid automaton with continuous dy-
of
‘ 6
9
not, in general, be avoided when finding primitives of elements
. We will not consider here the problem of algebraic
namics given by Eq. 16. Assume that the enabling condition of

†&
numbers and other more subtle problems related to the true na-
7  H
 ˆ ‡
a transition can be of one of the following forms: (i) or
ture of algebraic constructions. We will, however, show how
(ii) , for some constants
H . Notice that, even if
“timing” constraints of type (ii) do not explicitely occur in the logarithms and exponentials can be handled. For doing so, we
system, they may appear as a consequence of the methodology will use some notions of differential algebra.
explained above. This is indeed the case for the batch evapo- Ÿ
A differential field is a commutative field equipped with a
rator where we do need, for instance, to compute the times
 5 7U* Ÿ¡Ÿ
A
derivation operation satisfying
7
and , corresponding to the “spatial” constraints
M* AUo 5 , respectively.
and
A W\  
Z6 ¢ IL£ 9 ¢ I £ (24)
W 6Z¢ £ 9  W ¢ IW ¢ £
6
Š‰‹ 7 ‰ 9
We are interesting then in determining whether for a given ini-
W £ W W
(25)
tial configuration it is possible to take one of the out- ‘ 6
9
going transitions. By integrating both sides of Eq. 17 we obtain is an example of differential field with the standard

J&
Œ 68729 / Œ 6Z7 ‰ 9  6
9 / 6
‰ 9 derivation which can indeed be defined by just posing
(18) An element ¢  Ÿ is a constant if ¢  5 . ¢ is algebraic
.
W if it is
Π*
where is a primitive of ƒ and of  . Now, checking if the 
the root of some irreducible polynomial W  ” with* coefficients in Ÿ 
constraint
Ž
is satisfied reduces to deciding whether there ” 8
6 $
¢ 9 5 ¢ ¢ ¢ f £  for some £
. ¢ is an exponential if ¢ 
(i.e., ). is a logarithm if
exists 7 such that
Ÿ £ W some £ W Ÿ . A simple
¢ for
elementary extension of Ÿ W is the extension of Ÿ generated by
Π6Z729  6
9 / 6
‰ 9 Œ 687 ‰ 9 (19) an element ¢ which is either (1) a constant, (2) algebraic, (3)
I the logarithm of an element of Ÿ , or (4) the exponential of an
On the other hand, determining whether the constraint 7  of Ÿ .
H
element


reachable consists in deciding if there is an satisfying
is
‘
For instance, we can extend 6
9 by introducing the element

and defining
6
9  Œ 6 H 9 / Œ 6Z7 ‰ 9 I 6
Š‰ 9 (20) [B]_^


That is, from an algebraic point of view, the two questions are 6 [=]'^
9 
 W
(26)
basically the same. We could try to answer them by quantifier W‘

elimination techniques as in [13].Œ Here, however, we are in- We can also extend 6 9 by adding e¥¤ and defining

explicit expression of
in terms of 7 (and also of 7 in terms of 68e ¤ 9  e ¤

terested in doing it by inverting and , in order to get an
(27)
W

!  ( % I  !  / %6% I  9
Let us now come back to the problem of explicit integration. with
Consider as a simple example the problem of solving
R X R ¤
° ° v (33)
7
is an approximation of p 6
9 in the interval ! .
X< W ¤< W
(28) Consider now

‘
for known constants 7 ‰ 2
‰ . We can use the extension of 6
9
the equation
urp ! 6 u 9 w

! u ! u 687 ! 9  %@°
with [B]_^
to obtain the equation I (34)
v
for uM ! . The solution of Eq. 34 is
7 / 7 ‰P [B]_^
M/ [B]_^
‰ (29)
But now, in order to express
as a function of 7 we need to be u 6Z729  % 6 ( % I   9 ° ( % A °  e'j !B±§* nY² j X f XZ³Zn
able to “algebraically” invert [B]_^
. %I I %I A (35)

We can now impose the condition u 6Z7@!B±§*´9  6 % 

I 9° , by in-
‘ 6
9
Let’s come back to the introduction of the exponential : on
¦
verting Eq. 35 we obtain

6¦ 9  ¦ ‘
‘ 6 §
 ¦ 9 ( 
7 !=±µ*  7 ! I 6 ( %  9 ° [=]'^a` % I % b
we introduce a new element such that , by definition
, then by a trivial process we build the field ,
W
extension of 6 9 ¦
by . It’s generally enough for computer al-
I
(36)

c¨©c
gebra where we are looking for a primitive. But such a prim-

solution then ¦ ª«c where ª¬ ‘

itive is defined to up to a constant ; if
W
is another
. But we have to fixed this
constant when we are talking about the solution of the initial
value problem. Fixing a constant in differential algebra can be
done by an algebraic construction due to A.Robinson but this
kind of procedure is not implemented in the actual CAS.
As a conclusion we can say that these methods theoretically can
leads us to algebraic constructions for hybrid systems. But for
a practical viewpoint they look very heavy. In the next para-
graph we will present another metodology for overcomming
these difficulties.
5 A practical approach
Even though the theoretical framework discussed above gives
us means to, in principle, solve the problem, applying them
in practice is certainly not straightforward, specially because
inverting is hard even for relatively simple problems as the fol-
lowing example illustrates
R


 J

w
M/ [=]'^
(30)
I W
However, one way of using the formal framework without hav-
ing to pay the price of heavy computational procedures con-
sists in approximating the right-hand sides of differential equa-
tions by simple piece-wise linear functions that we know how
to evaluate and invert.
Let us again explain the idea with a simple but revealing exam-
ple. Consider, for instance, the equation

­ˆ

86 5‹9 
A (31)
*
whose solution is
68729  6 ®/ 729 f . For
ˆ¯ 5 , the function
p 6
9 d
can be approximated by a piece-wise linear function
A trigonometric problems. In ISSAC 2000, St. Andrews,
v
form ! & %@°  6 %  9 ° 9 , % ¯ 5 , for a given positive real number
as follows. Consider a partition of the positive real line of the
I
° . Now, the function
p ! 6
9 w
!

! bility analysis of piecewise-linear dynamical systems. In
I (32)
A study of the convergence of the approximation method and
its application on several examples is presented in [6, 17].
6 Concluding remarks
We have briefly discussed an algebraic and computational
framework for formally analyzing hybrid systems that attempts
to avoid numerical integration by resorting to (algebraically)
finding primitives, and inverting and (numerically) evaluating
functions when needed.
The methodology relies on the possibility of reducing the order
(or dimension) of the system. Certainly this cannot be taken for
granted, but there are important classes of systems for which it
is eventually possible.

¶
° 6
§ 729
The rest is esentially based upon the ability of solving
by separating variables. An useful outcome of this tech-

7
nique is that expressing the time variable as a function of the
space variable allows to determine the time required to get
to the guard of a transition from the initial condition. To some
extent, a somewhat similar idea has been sketched in [9, 16],
though not studied further, with the aim of approximating the
behavior of a hybrid system with non-linear continuous dynam-
ics, by substituting a continuous variable, and its associated
constraint, with a clock and a timing constraint.
The ideas presented in this paper are further developed in [5].
References
[1] R. Alur and D.L. Dill. A theory of timed automata. The-
oretical Computer Science, 126:183–235, 1994.
[2] H. Anai and V. Weispfenning. Deciding linear-
Scotland, 2000.
[3] E. Asarin, O. Bournez, T. Dang, and O. Maler. Reacha-
HSCC’00. LNCS 1790, Springer Verlag, 2000.
 [4] T. Dang and O. Maler. Reachability analysis via face lift-
ing. In HSCC’98. LNCS 1386, Springer Verlag, 1998.
[5] J. Della Dora, A. Maignan, M. Mirica-Ruse, and
S. Yovine. Hybrid computation. In ISSAC’01, Ontario,
Canada, July 2001.
[6] A. Girard and B. Legros. Résolution numérique des
équations différentielles par approximation affine par
morceaux. Mémoire ENSIMAG, June 2000.
[7] M. R. Greenstreet and I. Mitchell. Reachability analysis
using polygonal projections. In HSCC’99. LNCS 1569,
Springer-Verlag, 1999.

[8] T. A. Henzinger, P-H. Ho, and H. Wong-Toi. Hytech:

The next generation. In Proc. IEEE RTSS’95, Pisa, Italy,
December 1995.
[9] T.A. Henzinger, P.-H. Ho, and H. Wong-Toi. Algorith-
mic analysis of nonlinear hybrid systems. IEEE TAC,
43(4):540–554, 1998.
[10] T.A. Henzinger, X. Nicollin, J. Sifakis, and S. Yovine.
Symbolic model checking for real-time systems. Infor-
mation and Computation, 111(2):193–244, 1994.
[11] S. Kowalewski and O. Stursberg. The batch evaporator:
A benchmark example for safety analysis of processing
systems under logic control. In WODES’98. IEE, London,
1998.
[12] A.B. Kurzhanski and P. Varaiya. Ellipsoidal techniques
for reachability analysis. In HSCC’00. LNCS 1790,
Springer Verlag, 2000.
[13] G. Lafferriere, G. J. Pappas, and S. Yovine. A new class
of decidable hybrid systems. In HSCC’99. LNCS 1569,
Springer-Verlag, 1999.
[14] D. Renaudie. Modélisation des systèmes hybrides.
Mémoire de D.E.A, ENSIMAG, 2000.
[15] M. Tabor. Chaos and integrability in nonlinear dynamics:
an introduction. John Wiley, 1989.
[16] S. Yovine. A practical approach towards the integration
of different methods and tools for the analysis of hybrid
systems. PATH Technical Note 98-1. UC Berkeley, 1998.
[17] A. Yvart and E. Farcot. Résolution d’équations
différentielles ordinaires à l’aide d’approximation par
morceaux. Mémoire ENSIMAG, 2000.