Information 2019, 10(11), 340; https://doi.org/10.3390/info10110340

Article
Approximate Completed Trace Equivalence of ILAHSs Based on SAS Solving
by Honghui He 1,2,3,4 , Jinzhao Wu 1,2,3,* and Juxia Xiong 1,2,3
1
Chengdu Institute of Computer Application, Chinese Academy of Sciences, Chengdu 610041, China
2
University of Chinese Academy of Sciences, Beijing 100049, China
3
Guangxi Key Laboratory of Hybrid Computation and IC Design Analysis, Guangxi University for Nationalities, Nanning 530006, China
4
School of Computer Software, Henan University, Kaifeng 475001, China
*
Author to whom correspondence should be addressed.
Received: 6 September 2019 / Accepted: 23 October 2019 / Published: 1 November 2019

## Abstract

:
The ILAHS (inhomogeneous linear algebraic hybrid system) is a kind of classic hybrid system. For the purpose of optimizing the design of ILAHS, one important strategy is to introduce equivalence to reduce the states. Recent advances in the hybrid system indicate that approximate trace equivalence can further simplify the design of ILAHS. To address this issue, the paper first introduces the trajectory metric $d t r j$ for measuring the deviation of two hybrid systems’ behaviors. Given a deviation $ε ≥ 0$, the original ILAHS of $H 1$ can be transformed to the approximate ILAHS of $H 2$, then in trace equivalence semantics, $H 2$ is further reduced to $H 3$ with the same functions, and hence $H 1$ is $ε$-approximate trace equivalent to $H 3$. In particular, $ε = 0$ is a traditional trace equivalence. We implement an approach based on RealRootClassification to determine the approximation between the ILAHSs. The paper also shows that the existing approaches are only special cases of our method. Finally, we illustrate the effectiveness and practicality of our method on an example.
Keywords:
approximate equivalence; hybrid system; inhomogeneous linear algebraic hybrid systems; RealRootClassification

## 1. Introduction

In the real world, there exist many systems exhibiting a hybrid discrete–continuous behavior, and the notion of hybrid automaton  was introduced to model these hybrid systems. For example, embedded systems are often modeled as hybrid systems due to their involvement of both digital control software and analog plants, which physical process is often specified in the form of differential equations. Infinite states (or state explosion) due to the continuous behavior of the system are among the most challenging problems in verifying hybrid systems. In the traditional functional analysis domain, an efficient classical technique to tackle state explosion is equivalence [2,3]. In brief, the systems with the same functional behaviors are called equivalence. Functional equivalence simplifies the system by removing the duplicate branches. The papers by Glabbeek [2,3] proposed fourteen kinds of linear time-branching time equivalence relations, and the completed trace equivalence is a basic state-space equivalence relation, which can be used to further reduce the states of hybrid systems [4,5].
However, traditional equivalence techniques are based on absolute precision, which only gives the answer “yes” or “no”, not how much simulation. There is an example that illustrates that it is meaningful to introduce the deviation analysis to equivalence. Considering a microwave oven, if the microwave oven is required to heat to 100 $∘$C within 60 s but does so within 60.5 s (this is very common in life), and if a 0.5 s deviation is allowable, then the two systems are equivalent, or the two states can be merged. Otherwise, the two systems are not equivalent, or the two states cannot be merged. Especially in safety-critical cases, any deviation greater than zero seconds can be viewed as the presence of a bug. In reality, the parameters of hybrid systems are obtained by all kinds of measurements, which generally have a small number of errors. Since errors are inevitable, approximation analysis between the original system and the approximate system is very significant for the given permission precision.
In order to achieve this goal, this paper proceeds by defining two types of metrics, state metric $d s t a$ and trajectory metric $d t r j$, to check how much a hybrid system $H 1$ conforms to another hybrid system $H 2$. The $d s t a$ measures the distance of the states, while the $d t r j$ specifies the deviation of the system behaviors. Given a deviation $ε ≥ 0$, the original ILAHS of $H 1$ can be transformed to the approximate ILAHS of $H 2$. Then in trace equivalence semantics, $H 2$ is further reduced to $H 3$ with the same functions, and hence $H 1$ is $ε$-approximate trace equivalent to $H 3$. In particular, $ε = 0$ is a traditional trace equivalence. At last, the decision problem that $H 1$ is $ε$-approximate to $H 2$ can be reduced to semi-algebraic system solving (SAS solving) [6,7,8,9,10,11].
There are several choices for metrics, such as bisimulation metrics [12,13], Lyapunov-like functions , directed metrics , and pseudo-ultrametrics , most of which are required to satisfy intricate properties of simulation or bisimulation relations. In contrast, state metric $d s t a$ and trajectory metric $d t r j$ in this paper are based on Euclidean distance, which is an intuitive metric.
In this paper, we focus on a specific class of hybrid systems, namely, inhomogeneous linear algebraic hybrid systems (ILAHSs for short). It is well known that the most important analysis question for hybrid systems is the problem of reachability, which is computationally hard and undecidable for the general case and intractable even for the simplest subclasses . So it is doomed to be impossible to find a universal approach for this question without any simplifications or restrictions. ILAHSs, which are ubiquitous in reality, are a kind of classical hybrid systems with some simplifications.
Note that our approximation technology differs from those proposed in the papers [16,17,18,19,20], which aim to construct an approximately reachable set. Most of the differential equations of hybrid systems, as we all know, cannot be solved analytically, and, therefore, the exact reachable set cannot be computed symbolically, so many papers developed a variety of methods that over-approximate or under-approximate the reachable set using varieties of set representations such as polyhedra , zonotopes , level sets, or ellipsoids . Our approximation technology is, however, to identify the approximate behavior equivalence among the hybrid systems. So far, there exist few papers focused on the approximation analysis of the ILAHS’ behavior equivalence [4,5,24]. Unfortunately, their methods are based on Matrix Jordan Standard Type, which only apply to special cases and cannot deal with the infinite trajectory condition, whereas our method can solve this problem.
The main contributions of this paper are as follows. First, we propose a new method for identifying equivalence, which applies to more general ILAHS. Second, not only is the finite trajectory condition defined, but the infinite trajectory condition is also defined. Third, compared to existing approaches, our method is based on Euclidean distance, which is an intuitive metric.
The remainder of this paper is organized as follows. Section 2 recalls the preliminaries of our method, including hybrid system, inhomogeneous linear algebraic hybrid systems, SAS, and so on. We define the approximate completed trace equivalence of ILAHS in Section 3. Section 4 presents a case study. Conclusions are given in Section 5.

## 2. Preliminaries

In this section, we recall some concepts used throughout the paper. We first clarify some notation conventions. We use bold uppercase letters such as $A$ to denote matrices and $A T , A ˜$ denote the transpose and approximate matrix of $A$, respectively. We use $b → = ( b 1 , … , b n )$ to denote vectors. We denote $( x ^ 1 , x ^ 2 , … , x ^ n )$ as an assignment of variables $x → = ( x 1 , … , x n )$.
Hybrid automata, first proposed by Rajeev Alur et al. , are a mathematical model to describe a system containing continuous and discrete components. Many other models for hybrid systems can be found in [26,27,28,29]. In this paper, we adopt the model proposed in  as our modeling framework. A hybrid system can then be defined as:
Definition 1
(Hybrid System). A hybrid system $H : L , V , T , F , ℓ 0 , Θ$ consists of the following components:
• L: a finite set of locations (or modes).
• V: a set of real-valued system variables. The hybrid state space is denoted by $Σ = L × R | V |$, a state is denoted by $( ℓ , s → ) ∈ Σ$, and $s → ∈ R | V |$ is a continuous state of the variables over the real numbers.
• $T ⊆ L × L × 2 V × ( V ′ ↦ V )$: a set of discrete transitions. A discrete transition $τ = ℓ 1 , ℓ 2 , ρ τ , α τ$ consists of the pre- and post-locations of the transition $ℓ 1 , ℓ 2$, a guard $ρ τ$, which is a boolean function of the variables V, and an action $α τ$, which is an assignment over the variables V and $V ′$. V denotes the current-state variables, and $V ′$ denotes the next-state variables.
• $F : L ↦ ( V ↦ V )$: continuous evolution, a map that maps each location $ℓ ∈ L$ to a differential rule $F ( ℓ )$, of the form $v ˙ i = f i ( v → )$. The differential rule $F ( ℓ )$ specifies how the system variables evolve at the location ℓ, which is also known as a vector field or a flow field.
• $I : L ↦ 2 V$: a map that maps each location $ℓ ∈ L$ to a location condition (location invariant) that is an assertion over V.
• $ℓ 0 ∈ L$: the initial location.
• Θ: an assertion specifying the initial condition.
The behaviors of hybrid systems are expressed as trajectories.
Definition 2
(Trajectory). A trajectory of a hybrid system $H$ is an (in)finite sequence of states $ℓ , v → ^ ∈ L × R | V |$ of the form
$ℓ 0 , v → ^ 0 , ℓ 1 , v → ^ 1 , ℓ 2 , v → ^ 2 , … ,$
such that,
Initiation:$v → ^ 0 ⊧ Θ$ specifies an initial state. Furthermore, for each consecutive state pair $( ℓ i , v → ^ i ) , ( ℓ i + 1 , v → ^ i + 1 )$, one of the two evolution conditions below is satisfied:
Discrete evolution:There exists a transition $τ : ℓ 1 , ℓ 2 , ρ τ , α τ ∈ T$ such that τ is enabled, i.e., $ρ τ ( v → ^ i )$ = true and $v → ^ i + 1 = α τ ( v → ^ i )$.
Continuous evolution: $ℓ i = ℓ i + 1 = ℓ$, and there exists a time interval $δ > 0$, $v → ^ i ⟶ δ v → ^ i + 1$, along with a smooth (continuous and differentiable to all orders) function $g : [ 0 , δ ] ↦ R | V |$ such that g evolves from $v → ^ i$ to $v → ^ i + 1$ according to the differential rule at location ℓ, while satisfying the location condition $I ( ℓ )$. Formally,
1.
$g ( 0 ) = v → ^ i , g ( δ ) = v → ^ i + 1$ and $∀ t ∈ [ 0 , δ ] , g ( t ) ⊧ I ( ℓ )$;
2.
$∀ t ∈ [ 0 , δ ] , g ( t ) , g ˙ ( t ) ⊧ F ( ℓ )$.
A state $ℓ , v → ^$ is reachable if it appears in some trajectory of $H$. The set of all reachable states of $H$ is denoted by Reach($H$).
With some restrictions, a hybrid system can be specialized into an inhomogeneous linear algebraic hybrid system, which is ubiquitous in reality [4,5,24].
Definition 3
(Inhomogeneous linear algebraic hybrid system, ILAHS). ILAHS is a kind of hybrid system with simplifications: for continuous evolution, $F ( ℓ ) : v ′ → = A v →$, where $v ′ → ⟶ δ v →$.
Example 1
(A thermostat). Consider a room being heated by a radiator controlled by a thermostat, one of the typical introductory examples of hybrid systems. This system has both a continuous state and two discrete states. The continuous state is the temperature in the room $x ∈ R$. The discrete states, $L = { o n , o f f }$, reflect whether the radiator is on or off. The evolution of x is governed by a differential equation, while the evolution of L is through jumps. It is very convenient to compactly describe such hybrid systems by mixing the differential equation with the directed graph notation (shown in Figure 1).
Computers are used as control systems for a wide variety of industrial and consumer devices. However, the working principle of computers is fundamentally discrete rather than continuous. When the time x is discretized, the general hybrid system (Figure 1) can be turned into an ILAHS(Figure 2), where
$L = { o n , o f f } , V = { x } , T = { o n , α 1 , o f f , o f f , α 2 , o n } , α 1 , 2 = { x ′ = x } , F ( o n ) = { x ′ = ( 1 + K . h . Δ t ) x } , F ( o f f ) = { x ′ = ( 1 − K . Δ t ) x } .$
The ILAHS’ behaviors are expressed as trajectories. For instance, we assume that $m = 15$, $m o n = 20$, $M = 32$, $M o f f = 30$, $Δ t = 0.1$, $K = 0.2$, and $h = 5$. If the initial temperature of the room is C, then one possible trajectory is as follows (Figure 3):
$off , 25 → off , 24.5 → off , 24.01 → … → on , 15.09 → on , 16.60 → …$
Definition 4
(Metric). For a set X, a metric on X is a function $d X : X × X ↦ R +$ such that
1.
for all $x , y ∈ X , d X ( x , y ) = 0$ if and only if $x = y$;
2.
$d X ( x , y ) = d X ( y , x )$, for all $x , y ∈ X$; and
3.
$d X ( x , z ) ≤ d X ( x , y ) + d X ( y , z )$ for all $x , y , z ∈ X$.
Note that the condition (1) expresses that $d X ( x , y ) = 0$ implies $x = y$. If $d X ( x , y ) = 0$ does not necessarily mean that $x = y$, the metric is called a pseudo-metric .
Definition 5
(Trace Equivalence). $δ ∈ A c t ∗$ is a trace of a process p, if there exists a process q, such that $p ⟶ δ q$. Let $T ( p )$ denote the set of traces of p. Two processes p and q are trace equivalent if $T ( p ) = T ( q )$. In trace semantics, two processes are identified iff they are trace equivalent.
Trace semantics is based on the idea that two processes are to be identified if they allow the same set of observations, where an observation simply consists of a sequence of actions performed by the process in succession (Figure 4). More details can be found in the paper .
However, $A c t$ consists of abstract actions, which are unable to express the exchange details of the data stream. In 2008, Sankaranarayanan et al.  defined a hybrid system program model with polynomial equations that took the place of abstract actions and opened up a new method of hybrid system design and verification based on polynomial algebra. For example, the transition $ℓ 0 ⟶ α ℓ 1$ with $α ≡ ( x − 1 ) 2 + ( x ′ − 2 ) 2 + ( y ′ − 3 ) 2 = 0$ indicates the relation $( ℓ 0 , s 0 ) , ( ℓ 1 , s 1 ) | s 0 = ( 1 , y ) ∧ s 1 = ( 2 , 3 ) , y ∈ R$, the variable x refers to the current state, and $x ′$ to the next state of a transition.
Definition 6
(Completed Trace Equivalence). $δ ∈ A c t ∗$ is a completed trace of a process p, if there exists a process q, such that $p ⟶ δ q$ and $I ( q ) = ∅$. Let $C T ( p )$ denote the set of completed traces of p. Two processes p and q are completed trace equivalent if $T ( p ) = T ( q )$ and $C T ( p ) = C T ( q )$. In completed trace semantics, two processes are identified iff they are completed trace equivalent (Figure 5).
Obviously, the trace equivalence can be regarded as a simpler version of the completed trace equivalence.
Definition 7
(Semi-Algebraic System). A semi-algebraic system (SAS for short) is a conjunctive polynomial formula of the following form:
$p 1 ( u → , x → ) = 0 , … , p r ( u → , x → ) = 0 , g 1 ( u → , x → ) ≤ 0 , … , g k ( u → , x → ) ≤ 0 , g k + 1 ( u → , x → ) > 0 , … , g l ( u → , x → ) > 0 , h 1 ( u → , x → ) ≠ 0 , … , h m ( u → , x → ) ≠ 0 ,$
where $r ≥ 1 , l ≥ k ≥ 0 , m ≥ 0 , u → = ( u 1 , … , u t ) , x → = ( x 1 , … , x r )$, and $p i , g i , h i$ are all in $Q [ u → , x → ] ∖ Q$. An SAS is usually denoted by a quadruple $[ P , G 1 , G 2 , H ]$, where $P = [ p 1 , … , p r ] , G 1 = [ g 1 , … , g k ] , G 2 = [ g k + 1 , … , g l ]$ and $H = [ h 1 , … , h m ]$. An SAS is called parametric if $t ≠ 0$, otherwise it is constant.
For $S A S$, what we are concerned about is the real solutions of the equations ($P$) under the constraints ($G 1 , G 2 , H$). More specifically, assuming S is a constant $S A S$, the interesting questions are how to compute the number of real solutions of S, and if the number is finite, how to compute these real solutions. Assuming S is parametric $S A S$, the interesting problem is the so-called real solution classification, which is to determine the condition on the parameters such that the system has the prescribed number of distinct real solutions, which is possibly infinite.
To address this issue, Yang et al.  first defined the key concept of border polynomial(BP), based on which an algorithm is proposed. For more details, please refer to [7,8,9,10,11]. This algorithm has been improved and implemented by Xia as the Maple package DISCOVERER . Since 2009, the main functions of DISCOVERER have been integrated into the RegularChains library of Maple. Since then, the implementation has been improved by Chen et al. [32,33,34]. Thus, the experiment in this paper requires a version of Maple higher than Maple 13.
Example 2.
Prove that $f ≥ 0$ under the constraints $a ≥ 0 , b ≥ 0 , c ≥ 0 , a b c − 1 = 0$, i.e.,
$a ≥ 0 b ≥ 0 c ≥ 0 a b c − 1 = 0 ⊧ f ≥ 0 .$
In other words,
$a ≥ 0 b ≥ 0 c ≥ 0 has no solution a b c − 1 = 0 f < 0$
where $f = 2 b 4 c 4 + 2 b 3 c 4 a + 2 b 4 c 3 a + 2 a 3 c 3 b 2 + 2 a 4 c 3 b + 2 a 3 c 4 b + 2 a 4 c 4 + 2 a 3 b 4 c + 2 a 4 b 4 + 2 a 3 b 3 c 2 + 2 a 4 b 3 c − 3 b 5 c 4 a 6 3 b 4 c 4 a 4 − 3 b 5 c 3 a 4 − 3 b 4 c 3 a 5 − 3 b 4 c 5 a 3 − 3 b 3 c 5 a 4 − 3 b 3 c 4 a 5 .$
In order to prove (4) with Maple, we first start Maple and load two relative packages of RegularChains as follows.
•     > with (RegularChains):
•     > with (ParametricSystemTools):
•     > with (SemiAlgebraicSetTools):
• Then we define an order of the unknowns:
•     > R:= PolynomialRing ([a, b, c]):
• Then, by calling
•     >RealRootClassification ([abc-1], [a,b,c], [-f], [ ], 2, 0, R):
we will know at once that the inequality holds.

## 3. $ε$-Approximate Completed Trace Equivalence of ILAHS

In this section, we define $ε$-approximate completed trace equivalence of ILAHS and propose the discriminant conditions based on SAS. Assuming $H$ is an ILAHS and $T$ is a trajectory of $H$,
$ℓ 0 , v → ^ 00 ⟶ A 0 ℓ 0 , v → ^ 01 ⟶ A 0 ⋯ ℓ 0 , v → ^ 0 m 0 ⟶ l a b 01 ℓ 1 , v → ^ 10 , … , ⟶ A n ℓ n , v → ^ n 0 , … .$
$A i$ is an original (or theoretical) transition matrix, $l a b 01$ is discrete evolution, for simplicity, $l a b 01 : v i ′ = v i$, and so on. $A ˜ i$ is an approximate (or actual) matrix with respect to $A i$, so we have another trajectory,
$ℓ 0 , v → ^ ˜ 00 ⟶ A ˜ 0 ℓ 0 , v → ^ ˜ 01 ⟶ A ˜ 0 ⋯ ℓ 0 , v → ^ ˜ 0 m 0 ⟶ l a b 01 ℓ 1 , v → ^ ˜ 10 , … , ⟶ A ˜ n ℓ n , v → ^ ˜ n 0 , … .$
If a given derivation $ε$ is allowable, we aim to check whether two trajectories are identical; if every trajectory of two ILAHSs is identical, the two hybrid systems are identical with respect to derivation $ε$.
To measure the behavior of the hybrid system, this paper defines two types of metrics based on the Euclidean metric: the state metric $d s t a$ and the trajectory metric $d t r j$. $d s t a$ measures the distance of states, while $d t r j$ specifies the similarity of two systems’ behaviors.
Definition 8
(State Metric). State metric $d s t a$ is Euclidean metric: $R n × R n → [ 0 , 1 ]$ such that
$d s t a l , v → ^ , l ′ , v → ^ ˜ = 1 i f l ≠ l ′ , d e v → ^ , v → ^ ˜ i f l = l ′ , where d e v → ^ , v → ^ ˜ = ∑ i = 1 n ( v ^ i − v ^ ˜ i ) 2 1 + ∑ i = 1 n ( v ^ i − v ^ ˜ i ) 2 .$
If $l = l ′$, $d s t a l , v → ^ , l ′ , v → ^ ˜$ can be abbreviated as $d s t a v → ^ , v → ^ ˜$.
Definition 9
(Trajectory Metric). Trajectory metric $d t r j$ is defined as the minimum distance of relevant states, i.e.,
$d t r j ( T 1 , T 2 ) = min d s t a l , v → ^ i , l , v → ^ i ˜ .$
Definition 10
($ε$-Approximate States). Given a deviation ε, $l , v → ^$ is ε-approximate to $l ′ , v → ^ ˜$ iff $d s t a l , v → ^ , l ′ , v → ^ ˜ ≤ ε$.
Definition 11
($ε$-Approximate Trajectories). Given a deviation ε and two trajectories $T 1$ and $T 2$, $T 1$ is ε-approximate to $T 2$ iff $d t r j ( T 1 , T 2 ) ≤ ε$.
Definition 12
($ε$-Approximate Completed Trace Equivalence of ILAHS). Given a deviation ε, if all completed traces of two ILAHSs are ε-approximate trajectories, then the two ILAHSs are ε-approximate completed trace equivalence.
In Figure 6, $H 1$ is an original ILAHS, given a deviation $ε$, $H 1$ and $H 3$ are completed trace equivalence, in the semantics of completed trace equivalence, $H 3$ is identical to $H 1$.
Obviously, $H 3$ involves fewer states than $H 1$; in other words, by approximate completed trace equivalence, the research on hybrid systems can be simplified.
Since there exist two categories of trajectories in completed trace equivalence (Figure 6), the infinite trajectory $( a 2 b 2 c 2 ) ∗$ and the finite trajectory $a 2$, there are two corresponding decision conditions, the finite trajectory condition and the infinite trajectory condition. For simplicity, assume discrete evolution such as $l a b 01 : v i ′ = v i$.
Definition 13
(Finite Trajectory Condition). For a finite trajectory $T 1$
$ℓ 0 , v → ^ 00 ⟶ A 0 ℓ 0 , v → ^ 01 ⟶ A 0 ⋯ ℓ 0 , v → ^ 0 m 0 ⟶ l a b 01 ℓ 1 , v → ^ 10 , … , ⟶ A n ℓ n , v → ^ n m n .$
such that
$v → ^ 00 ∈ Θ v → = v → ^ 00 v → ˜ = v → ^ 00 v → ′ = ( A 0 m 0 A 1 m 1 … A i m i ) v → have no solution for every 0 ≤ i ≤ n . v → ˜ ′ = ( A ˜ 0 m 0 A ˜ 1 m 1 … A ˜ i m i ) v → ˜ d s t a ( v → ′ , v → ˜ ′ ) > ε$
The infinite trajectory condition is defined by the inductive method.
Definition 14
(Infinite Trajectory Condition). For an infinite trajectory $T 2$
$ℓ 0 , v → ^ 00 ⟶ A 0 ℓ 0 , v → ^ 01 ⟶ A 0 ⋯ ℓ 0 , v → ^ 0 m 0 ⟶ l a b 01 ℓ 1 , v → ^ 10 , … , ⟶ A n ℓ n , v → ^ n m n ⟶ l a b n 0 ℓ 0 , v → ^ 00 ′ ⟶ A 0 ⋯ ,$
such that
$I n i t i a t i o n : v → , v → ˜ ∈ Θ d s t a ( v → , v → ˜ ) > ε$
$C o n s e c u t i o n : v → ′ = ( A 0 m 0 A 1 m 1 … A i m i ) v → v → ˜ ′ = ( A ˜ 0 m 0 A ˜ 1 m 1 … A ˜ i m i ) v → ˜ d s t a ( v → ′ , v → ˜ ′ ) > ε$
for every $0 ≤ i ≤ n$, (8) and (9) have no solution.
The condition Initiation shows that the deviation of two states is initially less than $ε$; the condition Consecution shows that deviation less than $ε$ is preserved by the loop.
Complexity Analysis: Take (9) for example. Assuming $v → = { v 1 , v 2 , … v n }$, $d e g ( v i ) ≤ 2 , 1 ≤ i ≤ n$, our method consists of three main steps. In the first step, we transform the equations of (9) into triangular sets (i.e., equations in the triangular form) by Ritt–Wu’s method. By , the complexity of this step is $O ( ( 2 n ) ( 2 n ) O ( 1 ) ( 2 + 1 ) O ( 2 n ) 3 )$. The second step is to compute a border polynomial (BP) from the triangularized systems through resultant computation. By , the complexity of computing the BP is at most $( 2 n + 2 ) O ( ( 2 n ) 6 n + 2 n 2 ( 2 + 1 ) 2 n 3 )$. Finally, we use the PCAD(partial cylindrical algebraic decomposition) algorithm with the BP to obtain the real solution classification; the complexity of this step is at most $O ( 2 D 2 4 n + 8 )$, where $D = O ( ( 2 n ) 4 n 2 + 8 n 3 ( 2 + 1 ) 4 n 3 )$, the highest degree of BP.
A Special Case: The approaches proposed in papers [4,5,24] use the Frobenius norm to study approximate equivalence of real-time linear algebraic hybrid automaton. Their approaches can only apply to a class of special matrices. We now prove that their approaches are a special case of our approach.
We first introduce the conclusions in their papers [4,5,24].
For $A j$ and its approximate matrix $A ˜ j = A + δ A j$, which are $n × n$ nonsingular matrices, the eigenvalues of matrix A are $λ i ( i = 1 , … , n ) ∈ R$, and there exists an orthogonal matrix U:
$A k = U T λ k 1 ∗ ⋱ λ k n U , A k + δ A k = U T λ k 1 + δ λ k 1 ∗ ⋱ λ k n + δ λ k n U , A k A k − 1 … A 1 = U T λ 11 … λ k 1 ∗ ⋱ λ 1 n … λ k n U , ( A k + δ A k ) ( A k − 1 + δ A k − 1 ) … ( A 1 + δ A 1 ) = U T ( λ 11 + δ λ 11 ) … ( λ k 1 + δ λ k 1 ) ∗ ⋱ ( λ 1 n + δ λ 1 n ) … ( λ k n + δ λ k n ) U , δ A j = A ˜ j − A j , ∥ δ A j ∥ 2 = r j ∥ A j ∥ 2 , δ k = ( A k + δ A k ) ( A k − 1 + δ A k − 1 ) … ( A 1 + δ A 1 ) − A k A k − 1 … A 1 ≤ ( ( 1 + r 1 ) … ( 1 + r k ) − 1 ) ∥ A 1 ∥ 2 ⋯ ∥ A k ∥ 2 ≤ ( e r 1 + r 2 … + r k − 1 ) ∥ A 1 ∥ 2 ∥ A 2 ∥ 2 ⋯ ∥ A k ∥ 2 = W k .$
Then, for a deviation $ω$ and $W k ∥ A k A k − 1 … A 1 ∥ 2 ≤ ω$, if $A k A k − 1 … A 1$ are $ω$-approximate to $( A k + δ A k ) ( A k − 1 + δ A k − 1 ) … ( A 1 + δ A 1 )$, $∀ h ∈ N +$ and $1 ≤ h < k$, $A h A h − 1 … A 1$ are $ω$-approximate to $( A h + δ A h ) ( A h − 1 + δ A h − 1 ) … ( A 1 + δ A 1 )$.
This conclusion is equivalent to (11) ⊧ (13) for an existing constant $ε$.
Proof.
$∵ d s t a ( k ) ( v → ′ , v → ˜ ′ ) = ∥ ( A ˜ 1 A ˜ 2 … A ˜ k − A 1 A 2 … A k ) v → ^ 0 ∥ 2 = ∥ δ k v → ^ 0 ∥ 2 ≤ ∥ δ k ∥ 2 ∥ v → ^ 0 ∥ 2 ≤ W k ∥ v → ^ 0 ∥ 2 ≤ ω ∥ A k A k − 1 … A 1 ∥ 2 ∥ v → ^ 0 ∥ 2 = ε ,$
$v → ^ 0 ∈ Θ v → = v → ^ 0 v → ˜ = v → ^ 0 has no solution , v → ′ = ( A 1 A 2 … A k ) v → v → ˜ ′ = ( A ˜ 1 A ˜ 2 … A ˜ k ) v → ˜ d s t a ( k ) ( v → ′ , v → ˜ ′ ) > ε$
$a n d ∵ d s t a ( h ) ( v → ′ , v → ˜ ′ ) = ∥ ( A ˜ 1 A ˜ 2 … A ˜ h − A 1 A 2 … A h ) v → ^ 0 ∥ 2 = ∥ δ h v → ^ 0 ∥ 2 ≤ ∥ δ h ∥ 2 ∥ v → ^ 0 ∥ 2 ≤ ( ( 1 + r 1 ) ( 1 + r 2 ) … ( 1 + r h ) − 1 ) ∥ A 1 ∥ 2 ∥ A 2 ∥ 2 ⋯ ∥ A h ∥ 2 ∥ v → ^ 0 ∥ 2 ≤ ( ( 1 + r 1 ) ( 1 + r 2 ) … ( 1 + r h ) … ( 1 + r k ) − 1 ) ∥ A 1 ∥ 2 ∥ A 2 ∥ 2 ⋯ ∥ A k ∥ 2 ∥ v → ^ 0 ∥ 2 ≤ W k ∥ v → ^ 0 ∥ 2 ≤ ω ∥ A k A k − 1 … A 1 ∥ 2 ∥ v → ^ 0 ∥ 2 = ε ,$
i.e., for every $1 ≤ h < k$,
$v → ^ 0 ∈ Θ v → = v → ^ 0 v → ˜ = v → ^ 0 has no solution , v → ′ = ( A 1 A 2 … A h ) v → v → ˜ ′ = ( A ˜ 1 A ˜ 2 … A ˜ h ) v → ˜ d s t a ( h ) ( v → ′ , v → ˜ ′ ) > ε$
in other words, (11) ⊧ (13). □

## 4. Experiments

In this section, we present an example to demonstrate the application of our method to simplify the ILAHS in approximate completed trace equivalence semantics. Figure 7 is a boiler feed-water control system, which has both continuous and discrete states and can be modeled as a hybrid system. For simplicity, we assume that there exist nine discrete locations that are divided according to the combination of fuel supply (low, high) and outdoor temperature (low, medium, high). $r s 0$ is the initial location of the system, which does not involve continuous evolution and directly jumps to a different location by $τ i$. The continuous variables $X = ( x 1 , x 2 ) T$; $x 1$ and $x 2$ stand for water level and water supply, respectively. The fuel supply and outdoor temperature have an effect on $x 1$ and $x 2$, and the regulation rules of $x 1$ and $x 2$ conform to their respective differential equations at different locations $r s i ′ ( i = 1 , … , 8 )$. The initial state of the system $X 0 = ( 100 , 10 ) T$, and for $τ i$, the discrete transition program $α i : x 1 ′ = x 1 ∧ x 2 ′ = x 2$, labeled by $l a b$. Assuming the duration time at every location $r s i ′ ( i = 1 , … , 8 )$ is 10 s and the discrete time of continuous evolution is 5 s, Figure 8 is the corresponding ILAHS.
$f 1 , f 4 : X ′ = 111 100 2 5 0 151 100 X f 8 , f 5 : X ′ = 109 100 2 5 0 149 100 X f 2 : X ′ = 111 100 11 111 0 1 X f 3 : X ′ = 1 − 51 151 0 100 151 X f 6 : X ′ = 100 109 9 109 0 1 X f 7 : X ′ = 1 − 49 149 0 100 149 X$
The original invariant set is
$I n v ( r s 1 ′ ) : { ( 100 ≤ x 1 ≤ 133.69 ) ∧ ( 10 ≤ x 2 ≤ 22.801 ) } , I n v ( r s 2 ′ ) : { ( 112.801 ≤ x 1 ≤ 133.69 ) ∧ ( x 2 = 22.801 ) } , I n v ( r s 3 ′ ) : { ( 100 ≤ x 1 ≤ 112.801 ) ∧ ( 10 ≤ x 2 ≤ 22.801 ) } , I n v ( r s 4 ′ ) : { ( 100 ≤ x 1 ≤ 133.69 ) ∧ ( 10 ≤ x 2 ≤ 22.801 ) } , I n v ( r s 5 ′ ) : { ( 100 ≤ x 1 ≤ 129.13 ) ∧ ( 10 ≤ x 2 ≤ 22.201 ) } , I n v ( r s 6 ′ ) : { ( 112.801 ≤ x 1 ≤ 129.13 ) ∧ ( x 2 = 22.201 ) } , I n v ( r s 7 ′ ) : { ( 100 ≤ x 1 ≤ 112.201 ) ∧ ( 10 ≤ x 2 ≤ 22.201 ) } , I n v ( r s 8 ′ ) : { ( 100 ≤ x 1 ≤ 129.13 ) ∧ ( 10 ≤ x 2 ≤ 22.201 ) } .$
Assume Figure 9 is the approximate ILAHS, where
$f ˜ 1 , f ˜ 4 , f ˜ 5 , f ˜ 8 : X ˜ ′ = 11 10 2 5 0 3 2 X , f ˜ 2 , f ˜ 6 : X ˜ ′ = 10 11 1 11 0 1 X , f ˜ 3 , f ˜ 7 : X ˜ ′ = 1 − 1 3 0 2 3 X .$
The approximate invariant set is
$I n v ( r s 1 ′ ) ˜ , I n v ( r s 4 ′ ) ˜ : { ( 100 ≤ x 1 ≤ 131.4 ) ∧ ( 10 ≤ x 2 ≤ 22.5 ) } , I n v ( r s 5 ′ ) ˜ , I n v ( r s 8 ′ ) ˜ : { ( 100 ≤ x 1 ≤ 131.4 ) ∧ ( 10 ≤ x 2 ≤ 22.5 ) } , I n v ( r s 2 ′ ) ˜ , I n v ( r s 6 ′ ) ˜ : { ( 112.5 ≤ x 1 ≤ 131.4 ) ∧ ( x 2 = 22.5 ) } , I n v ( r s 3 ′ ) ˜ , I n v ( r s 7 ′ ) ˜ : { ( 100 ≤ x 1 ≤ 112.5 ) ∧ ( 10 ≤ x 2 ≤ 22.5 ) } .$
The approximate discrete transition program is $α ˜ i : x 1 ′ = x 1 ∧ x 2 ′ = x 2$, labeled by $l a b$.
Given an error derivation $ε = 0.1$, $H 1$ is $ε$-approximate completed trace equivalent to $H 3$ (Figure 9), i.e., in the semantics of completed trace equivalence, $H 1$ is identical to $H 3$, which involves fewer states. Therefore, the original hybrid automaton (Figure 7) can be reduced to an equivalent but simpler hybrid automaton (Figure 10), and the design of the hybrid system is optimized with the theory of approximate completed trace equivalence.

## 5. Conclusions

With some restrictions, a general hybrid system can be specialized into an inhomogeneous linear algebraic hybrid system (ILAHS), which is ubiquitous in reality. Since errors are inevitable in engineering technology, it is meaningful to introduce deviation to the analysis of hybrid systems. Given an error derivation, this paper first proposes the theory of approximate completed trace equivalence. Then we come up with a new approach (based on SAS solving) to approximate completed trace equivalence, and the computation complexity is also analyzed. Finally, a case study is presented to illustrate the practicality of our method. Compared to the well-established approaches in this field, our method applies to more general ILAHS. Moreover, this technology is promising for solving parametric approximate completed trace equivalence. We will address this issue in future work.

## Author Contributions

Conceptualization, investigation, supervision, and writing, H.H.; review and editing, J.X.; review, J.W.

## Funding

This work was partly supported by the National Natural Science Foundation of China under Grant No. 61772006, the Science and Technology Program of Guangxi under Grant No. AB17129012, the Science and Technology Major Project of Guangxi under Grant No. AA17204096, the Special Fund for Scientific and Technological Bases and Talents of Guangxi under Grant No. AD16380076, and the Special Fund for Bagui Scholars of Guangxi.

## Conflicts of Interest

We declare that we do not have any commercial or associative interest that represents a conflict of interest in connection with the work submitted.

## References

1. Henzinger, T.A. The theory of hybrid automata. In Verification of Digital and Hybrid Systems; Springer: Berlin, Germany, 2000; pp. 265–292. [Google Scholar]
2. van Glabbeek, R.J. The linear time-branching time spectrum. In Proceedings of the 1st International Conference on Concurrency Theory (CONCUR ’90), Amsterdam, The Netherlands, 27–30 August 1990; pp. 278–297. [Google Scholar]
3. van Glabbeek, R.J. The linear time-branching time spectrum II. In Proceedings of the 4th International Conference on Concurrency Theory (CONCUR’93), Hildesheim, Germany, 23–26 August 1993; pp. 66–81. [Google Scholar]
4. Yang, H.; Wu, J.; Zhang, Z.; Liu, Y. Approximate completed trace equivalence of three dimensional t-model nonlinear algebraic hybrid systems. Appl. Math. Inf. Sci. 2013, 7, 1693–1697. [Google Scholar] [CrossRef]
5. Yang, H.; Wu, J.; Zhang, Z. Approximate completed trace equivalence of homogeneous linear algebraic hybrid systems. J. Converg. Inf. Technol. 2013, 8, 520–527. [Google Scholar]
6. Yang, L.; Hou, X.; Xia, B. A complete discrimination system for polynomials. Sci. China Ser. E Technol. Sci. 1996, 39, 628–646. [Google Scholar]
7. Chen, Y.; Xia, B.; Yang, L.; Zhan, N. Generating polynomial invariants with DISCOVERER and QEPCAD. In Formal Methods and Hybrid Real-Time Systems; Springer: Berlin, Germany, 2007; pp. 67–82. [Google Scholar]
8. Xia, B.; Yang, L. An algorithm for isolating the real solutions of semi-algebraic systems. J. Symb. Comput. 2002, 34, 461–477. [Google Scholar] [CrossRef]
9. Xia, B.; Zhang, T. Real solution isolation using interval arithmetic. Comput. Math. Appl. 2006, 52, 853–860. [Google Scholar] [CrossRef]
10. Yang, L. Recent advances on determining the number of real roots of parametric polynomials. J. Symb. Comput. 1999, 28, 225–242. [Google Scholar] [CrossRef]
11. Yang, L.; Hou, X.; Xia, B. A complete algorithm for automated discovering of a class of inequality-type theorems. Sci. China Ser. F Inf. Sci. 2001, 44, 33–49. [Google Scholar] [CrossRef]
12. Girard, A.; Zheng, G. Verification of safety and liveness properties of metric transition systems. ACM Trans. Embed. Comput. Syst. (TECS) 2012, 11, 1–23. [Google Scholar] [CrossRef]
13. Girard, A.; Pappas, G.J. Approximation metrics for discrete and continuous systems. IEEE Trans. Autom. Control. 2007, 52, 782–798. [Google Scholar] [CrossRef]
14. Alfaro, L.D.; Faella, M.; Stoelinga, M. Linear and branching system metrics. IEEE Trans. Softw. Eng. 2008, 35, 258–273. [Google Scholar] [CrossRef]
15. Cao, Y.; Sun, S.X.; Wang, H.; Chen, G. A behavioral distance for fuzzy-transition systems. IEEE Trans. Fuzzy Syst. 2013, 21, 735–747. [Google Scholar] [CrossRef]
16. Fan, C.; Kapinski, J.; Jin, X.; Mitra, S. Locally optimal reach set over-approximation for nonlinear systems. In Proceedings of the 2016 International Conference Embedded Software, Pittsburgh, PA, USA, 2–7 October 2016; pp. 1–10. [Google Scholar]
17. Kendra, L.; Meeko, O. Finite state approximation for verification of partially observable stochastic hybrid systems. In Proceedings of the 18th International Conference on Hybrid Systems: Computation and Control, Seattle, WA, USA, 14–16 April 2015; pp. 159–168. [Google Scholar]
18. Yang, Y.; Wang, Y.; Wu, Q.M.J.; Lin, X.; Liu, M. Progressive learning machine: A new approach for general hybrid system approximation. IEEE Trans. Neural Netw. Learn. Syst. 2015, 26, 1855–1874. [Google Scholar] [CrossRef] [PubMed]
19. Fan, C.; Qi, B.; Mitra, S.; Viswanathan, M.; Duggirala, P.S. Automatic reachability analysis for nonlinear hybrid models with C2E2. In Proceedings of the 28th International Conference Comput. Aided Verification, Toronto, ON, Canada, 17–23 July 2016; pp. 531–538. [Google Scholar]
20. Xiang, W.; Tran, H.D.; Johnson, T.T. Output reachable set estimation for switched linear systems and its application in safety verification. IEEE Trans. Autom. Control 2017, 62, 5380–5387. [Google Scholar] [CrossRef]
21. Bemporad, A.; Torrisi, F.D.; Morari, M. Optimization-based verification and stability characterization of piecewise affine and hybrid systems. In Proceedings of the 3rd International Conference on Hybrid Systems: Computation and Control (HSCC 2000), Pittsburgh, PA, USA, 23–25 March 2000; pp. 45–58. [Google Scholar]
22. Girard, A. Reachability of uncertain linear systems using zonotopes. In Proceedings of the 8th International Conference on Hybrid Systems: Computation and Control (HSCC 2005), Zurich, Switzerland, 9–11 March 2005; pp. 291–305. [Google Scholar]
23. Kurzhanski, A.B.; Varaiya, P. Ellipsoidal techniques for reachability analysis: Internal approximation. Syst. Control Lett. 2000, 41, 201–211. [Google Scholar] [CrossRef]
24. Yang, H. Over approximate flow pipeline volume algorithm for three variables real-time linear algebraic hybrid automaton. In Proceedings of the 7th International Conference on Management, Education, Information and Control (MEICI 2017), Shenyang, China, 15–17 September 2017; Available online: https://download.atlantis-press.com/article/25885913.pdf (accessed on 25 October 2019). [Google Scholar]
25. Alur, R.; Courcoubetis, C.; Halbwachs, N.; Henzinger, T.A.; Ho, P.-H. Hybrid Automata: An Algorithmic Approach to the Specification and Verification of Hybrid Systems; Springer: Berlin, Germany, 1993; pp. 209–229. [Google Scholar]
26. Alur, R.; Courcoubetis, C.; Halbwachs, N.; Henzinger, T.A.; Ho, P.-H.; Nicollin, X.; Olivero, A.; Sifakis, J.; Yovine, S. The algorithmic analysis of hybrid systems. Theor. Comput. Sci. 1995, 138, 3–34. [Google Scholar] [CrossRef]
27. Maler, O.; Manna, Z.; Pnueli, A. From timed to hybrid systems. In Proceedings of the REX Workshop 1991, Mook, The Netherlands, 3–7 June 1991; pp. 447–484. [Google Scholar]
28. Alur, R.; Henzinger, T.A. Modularity for timed and hybrid systems. In Proceedings of the 8th International Conference on Concurrency Theory (CONCUR ’97), Warsaw, Poland, 1–4 July 1997; pp. 74–88. [Google Scholar]
29. Lygeros, J.; Tomlin, C.; Sastry, S. Controllers for reachability specifications for hybrid systems. Automatica 1999, 35, 349–370. [Google Scholar] [CrossRef]
30. Sankaranarayanan, S.; Sipma, H.B.; Manna, Z. Constructing invariants for hybrid systems. Form. Methods Syst. Des. 2008, 32, 25–55. [Google Scholar] [CrossRef]
31. Xia, B. Discoverer: A tool for solving semi-algebraic systems. ACM Commun. Comput. Algebra 2007, 41, 102–103. [Google Scholar] [CrossRef]
32. Chen, C.; Davenport, J.H.; Lemaire, F.; Maza, M.M.; Xia, B.; Xiao, R.; Xie, Y. Computing the real solutions of polynomial systems with the regular chains library in maple. ACM Commun. Comput. Algebra 2011, 45, 166–168. [Google Scholar] [CrossRef]
33. Chen, C.; Davenport, J.H.; May, J.P.; Maza, M.M.; Xia, B.; Xiao, R. Triangular decomposition of semi-algebraic systems. J. Symb. Comput. 2013, 49, 3–26. [Google Scholar] [CrossRef]
34. Chen, C.; Davenport, J.H.; Maza, M.M.; Xia, B.; Xiao, R. Computing with semi-algebraic sets: Relaxation techniques and effective boundaries. J. Symb. Comput. 2013, 52, 72–96. [Google Scholar] [CrossRef]
35. Gallo, G.; Mishra, B. Efficient Algorithms and Bounds for Wu-Ritt Characteristic Sets. In Proceedings of the MEGA’90, Livorno, Italy, 17–21 April 1990; pp. 119–142. [Google Scholar]
Figure 1. Automaton of a thermostat.
Figure 1. Automaton of a thermostat.
Figure 2. Inhomogeneous linear algebraic hybrid system (ILAHS) of a thermostat.
Figure 2. Inhomogeneous linear algebraic hybrid system (ILAHS) of a thermostat.
Figure 3. An ILAHS trajectory.
Figure 3. An ILAHS trajectory.
Figure 4. A trace equivalence example.
Figure 4. A trace equivalence example.
Figure 5. A completed trace equivalence example.
Figure 5. A completed trace equivalence example.
Figure 6. An approximate completed trace equivalence example.
Figure 6. An approximate completed trace equivalence example.
Figure 7. Automaton of feed-water control system.
Figure 7. Automaton of feed-water control system.
Figure 8. ILAHS of feed-water control system.
Figure 8. ILAHS of feed-water control system.
Figure 9. Approximate ILAHS.
Figure 9. Approximate ILAHS.
Figure 10. Reduced automaton.
Figure 10. Reduced automaton.