Abstract
Different stochastic extensions of hybrid automata have been proposed in the past, with unclear expressivity relations between them. In previous work, we related these modelling languages with regard to two alternative (composed and decomposed) approaches to extend hybrid automata with stochastic choices of discrete events and their time points. This paper presents the so-called CAMELS classification, which additionally distinguishes between lazy and eager modelling. The former does not restrict how delays are chosen and performs resampling in case no discrete event is possible at the scheduled jump time. The latter guarantees that discrete events are only scheduled at times when they are enabled. We further distinguish between an eager predictive specification, which uses precomputations of all possible delays, and an eager non-predictive specification, which samples enabling durations instead of global delays. These distictions result in five model classes which we compare regarding their expressivity, and discuss how available modelling formalisms for stochastic hybrid automata from the literature can be categorized within the CAMELS classification.
Camel refers to a bet made with Joost-Pieter at a dinner at QEST23 in Antwerp.
This work is supported by the DFG grant 471367371.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Abate, A., et al.: Arch-comp23 category report: stochastic models. In: Proceedings of 10th International Workshop on Applied Verification of Continuous and Hybrid Systems. EPiC Series in Computing, vol. 96, pp. 126–150. EasyChair (2023). https://doi.org/10.29007/k7s6
Abate, A., et al.: Arch-comp22 category report: stochastic models. In: Proceedings of the 9th International Workshop on Applied Verification of Continuous and Hybrid Systems. EPiC Series in Computing, vol. 90, pp. 113–141. EasyChair (2022). https://doi.org/10.29007/lsvc
Abate, A., Katoen, J., Lygeros, J., Prandini, M.: Approximate model checking of stochastic hybrid systems. Eur. J. Control. 16(6), 624–641 (2010). https://doi.org/10.3166/EJC.16.624-641
Abate, A., Katoen, J., Mereacre, A.: Quantitative automata model checking of autonomous stochastic hybrid systems. In: Proceedings of the 14th ACM International Conference on Hybrid Systems: Computation and Control, pp. 83–92. ACM (2011). https://doi.org/10.1145/1967701.1967715
Abate, A., Prandini, M., Lygeros, J., Sastry, S.: Probabilistic reachability and safety for controlled discrete time stochastic hybrid systems. Automatica 44(11), 2724–2734 (2008). https://doi.org/10.1016/j.automatica.2008.03.027
Ábrahám, E., Becker, B., Dehnert, C., Jansen, N., Katoen, J.-P., Wimmer, R.: Counterexample generation for discrete-time Markov models: an introductory survey. In: Bernardo, M., Damiani, F., Hähnle, R., Johnsen, E.B., Schaefer, I. (eds.) SFM 2014. LNCS, vol. 8483, pp. 65–121. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-07317-0_3
Ábrahám, E., Jansen, N., Wimmer, R., Katoen, J., Becker, B.: DTMC model checking by SCC reduction. In: Proceedings of the 7th International Conference on Quantitative Evaluation of Systems (QEST’10), pp. 37–46. IEEE Computer Society (2010). https://doi.org/10.1109/QEST.2010.13
Bertrand, N., et al.: Stochastic timed automata. Logical Meth. Comput. Sci. 10(4) (2014). https://doi.org/10.2168/LMCS-10(4:6)2014
Bujorianu, M.L., Lygeros, J.: Reachability questions in piecewise deterministic Markov processes. In: Maler, O., Pnueli, A. (eds.) HSCC 2003. LNCS, vol. 2623, pp. 126–140. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36580-X_12
Davis, M.H.: Markov Models & Optimization, 1st edn. Routledge (1993). https://doi.org/10.1201/9780203748039
Dehnert, C., Jansen, N., Wimmer, R., Ábrahám, E., Katoen, J.-P.: Fast debugging of PRISM models. In: Cassez, F., Raskin, J.-F. (eds.) ATVA 2014. LNCS, vol. 8837, pp. 146–162. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-11936-6_11
Dehnert, C., et al.: PROPhESY: a PRObabilistic ParamEter SYnthesis tool. In: Kroening, D., Păsăreanu, C.S. (eds.) CAV 2015. LNCS, vol. 9206, pp. 214–231. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-21690-4_13
Delicaris, J., Schupp, S., Ábrahám, E., Remke, A.: Maximizing reachability probabilities in rectangular automata with random clocks. In: David, C., Sun, M. (eds.) TASE 2023. LNCS, vol. 13931, pp. 164–182. Springer, Cham (2023). https://doi.org/10.1007/978-3-031-35257-7_10
Eisentraut, C., Hermanns, H., Zhang, L.: On probabilistic automata in continuous time. In: Proceedings of the 25th Annual IEEE Symposium on Logic in Computer Science, pp. 342–351 (2010). https://doi.org/10.1109/LICS.2010.41
Ghosh, M.K., Arapostathis, A., Marcus, S.I.: Ergodic control of switching diffusions. SIAM J. Control. Optim. 35(6), 1952–1988 (1997). https://doi.org/10.1137/S0363012996299302
Guck, D., Hatefi, H., Hermanns, H., Katoen, J.-P., Timmer, M.: Modelling, reduction and analysis of Markov automata. In: Joshi, K., Siegle, M., Stoelinga, M., D’Argenio, P.R. (eds.) QEST 2013. LNCS, vol. 8054, pp. 55–71. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40196-1_5
Hahn, E.M., Hartmanns, A., Hermanns, H., Katoen, J.: A compositional modelling and analysis framework for stochastic hybrid systems. Formal Meth. Syst. Des. 43(2), 191–232 (2013). https://doi.org/10.1007/s10703-012-0167-z
Hensel, C., Junges, S., Katoen, J.P., Quatmann, T., Volk, M.: The probabilistic model checker storm. Int. J. Softw. Tools Technol. Transfer 24(4), 589–610 (2022). https://doi.org/10.1007/s10009-021-00633-z
Henzinger, T.A.: The theory of hybrid automata. In: Inan, M.K., Kurshan, R.P. (eds.) Verification of Digital and Hybrid Systems, pp. 265–292. Springer, Heidelberg (2000). https://doi.org/10.1007/978-3-642-59615-5_13,https://doi.org/10/dpjwvs
Henzinger, T.A., Kopke, P.W., Puri, A., Varaiya, P.: What’s decidable about hybrid automata? J. Comput. Syst. Sci. 57(1), 94–124 (1998). https://doi.org/10.1006/jcss.1998.1581
Jansen, N., Ábrahám, E., Katelaan, J., Wimmer, R., Katoen, J.-P., Becker, B.: Hierarchical counterexamples for discrete-time Markov Chains. In: Bultan, T., Hsiung, P.-A. (eds.) ATVA 2011. LNCS, vol. 6996, pp. 443–452. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-24372-1_33
Jansen, N., Ábrahám, E., Volk, M., Wimmer, R., Katoen, J.-P., Becker, B.: The COMICS tool – computing minimal counterexamples for DTMCs. In: Chakraborty, S., Mukund, M. (eds.) ATVA 2012. LNCS, pp. 349–353. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-33386-6_27
Jansen, N., et al.: Symbolic counterexample generation for discrete-time Markov Chains. In: Păsăreanu, C.S., Salaün, G. (eds.) FACS 2012. LNCS, vol. 7684, pp. 134–151. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-35861-6_9
Jansen, N., Corzilius, F., Volk, M., Wimmer, R., Ábrahám, E., Katoen, J.-P., Becker, B.: Accelerating parametric probabilistic verification. In: Norman, G., Sanders, W. (eds.) QEST 2014. LNCS, vol. 8657, pp. 404–420. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-10696-0_31
Jansen, N., et al.: Symbolic counterexample generation for large discrete-time Markov chains. Sci. Comput. Program. 91, 90–114 (2014). https://doi.org/10.1016/J.SCICO.2014.02.001
Junges, S., et al.: Parameter synthesis for Markov models: covering the parameter space. Formal Meth. Syst. Des. 62(1), 181–259 (2024). https://doi.org/10.1007/S10703-023-00442-X
Klenke, A.: Probability Theory: A Comprehensive Course. Springer, Heidelberg (2014). https://doi.org/10.1007/978-1-4471-5361-0_1
Klink, D., Remke, A., Haverkort, B.R., Katoen, J.P.: Time-bounded reachability in tree-structured QBDs by abstraction. Perform. Eval. 68(2), 105–125 (2011). https://doi.org/10.1016/j.peva.2010.04.002
Lygeros, J., Prandini, M.: Stochastic hybrid systems: a powerful framework for complex, large scale applications. Eur. J. Control. 16(6), 583–594 (2010). https://doi.org/10.3166/ejc.16.583-594
Pathak, S., Ábrahám, E., Jansen, N., Tacchella, A., Katoen, J.-P.: A greedy approach for the efficient repair of stochastic models. In: Havelund, K., Holzmann, G., Joshi, R. (eds.) NFM 2015. LNCS, vol. 9058, pp. 295–309. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-17524-9_21
Pilch, C., Schupp, S., Remke, A.: Optimizing reachability probabilities for a restricted class of stochastic hybrid automata via flowpipe-construction. In: Abate, A., Marin, A. (eds.) QEST 2021. LNCS, vol. 12846, pp. 435–456. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-85172-9_23
Pola, G., Bujorianu, M., Lygeros, J., Benedetto, M.D.D.: Stochastic hybrid models: An overview. In: Proceedings of the IFAC Conference on Analysis and Design of Hybrid Systems. IFAC Proceedings Volumes, vol. 36, pp. 45–50. Elsevier (2003). https://doi.org/10.1016/S1474-6670(17)36405-4
Quatmann, T., et al.: Counterexamples for expected rewards. In: Bjørner, N., de Boer, F. (eds.) FM 2015. LNCS, vol. 9109, pp. 435–452. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-19249-9_27
Remke, A., Haverkort, B.R., Cloth, L.: Model checking infinite-state Markov chains. In: Halbwachs, N., Zuck, L.D. (eds.) TACAS 2005. LNCS, vol. 3440, pp. 237–252. Springer, Heidelberg (2005). https://doi.org/10.1007/978-3-540-31980-1_16
Remke, A., Haverkort, B.R., Cloth, L.: CSL model checking algorithms for QBDs. Theoret. Comput. Sci. 382(1), 24–41 (2007). https://doi.org/10.1016/J.TCS.2007.05.007
Shmarov, F., Zuliani, P.: ProbReach: verified probabilistic \(\delta \)-reachability for stochastic hybrid systems. In: Proc. of the 18th ACM International Conference on Hybrid Systems: Computation and Control. HSCC ’15, pp. 134–139. ACM (2015). https://doi.org/10.1145/2728606.2728625
da Silva, C., Schupp, S., Remke, A.: Optimizing reachability probabilities for a restricted class of stochastic hybrid automata via flowpipe-construction. Trans. Model. Comput. Simul. (2023). https://doi.org/10.1145/3607197
Soudjani, S.E.Z., Abate, A.: Adaptive and sequential gridding procedures for the abstraction and verification of stochastic processes. SIAM J. Appl. Dyn. Syst. 12, 921–956 (2013). https://doi.org/10.1137/120871456
Sproston, J.: Decidable model checking of probabilistic hybrid automata. In: Joseph, M. (ed.) FTRTFT 2000. LNCS, vol. 1926, pp. 31–45. Springer, Heidelberg (2000). https://doi.org/10.1007/3-540-45352-0_5
Timmer, M., Katoen, J.-P., van de Pol, J., Stoelinga, M.I.A.: Efficient modelling and generation of Markov automata. In: Koutny, M., Ulidowski, I. (eds.) CONCUR 2012. LNCS, vol. 7454, pp. 364–379. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-32940-1_26
Willemsen, L., Remke, A., Ábrahám, E.: Comparing two approaches to include stochasticity in hybrid automata. In: Jansen, N., Tribastone, M. (eds.) QEST 2023. LNCS, vol. 14287, pp. 238–254. Springer, Cham (2023). https://doi.org/10.1007/978-3-031-43835-6_17
Wimmer, R., Jansen, N., Ábrahám, E., Becker, B., Katoen, J.-P.: Minimal critical subsystems for discrete-time Markov models. In: Flanagan, C., König, B. (eds.) TACAS 2012. LNCS, vol. 7214, pp. 299–314. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-28756-5_21
Wimmer, R., Jansen, N., Ábrahám, E., Katoen, J., Becker, B.: Minimal counterexamples for linear-time probabilistic verification. Theoret. Comput. Sci. 549, 61–100 (2014). https://doi.org/10.1016/J.TCS.2014.06.020
Wimmer, R., Jansen, N., Vorpahl, A., Ábrahám, E., Katoen, J.-P., Becker, B.: High-level counterexamples for probabilistic automata. In: Joshi, K., Siegle, M., Stoelinga, M., D’Argenio, P.R. (eds.) QEST 2013. LNCS, vol. 8054, pp. 39–54. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40196-1_4
Wimmer, R., Jansen, N., Vorpahl, A., Ábrahám, E., Katoen, J., Becker, B.: High-level counterexamples for probabilistic automata. Logical Meth. Comput. Sci. 11(1) (2015). https://doi.org/10.2168/LMCS-11(1:15)2015
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
A Example (De-)composed Scheduling
A Example (De-)composed Scheduling
Example 1
(Composed Scheduling). In this example the hybrid automaton \(\mathcal {H}\) of Fig. 5 is extended with the different composed scheduling specifications. For all examples, we assume that the discrete stochastic kernel \(\varPsi _d\) is specified such that it specifies a discrete uniform distribution over the labels of regular jumps.
Figure 5(b) shows a The CHA \(\mathcal {C}^{\mathcal {L}}=(\mathcal {H},(\varPsi _c^1,\varPsi _d))\) with lazy specification. We specify the continuous stochastic kernel \( \varPsi _c^1 \), such that in state \(\sigma \) it characterises the probability distribution \( \exp (\frac{1}{100}+\frac{\sigma .x}{100} ) \) if \(\sigma .\ell \) equals \( \ell _0 \) and \( \exp (\frac{1}{100}) \) otherwise. Thus, it is not taken into account that for states in which \(x<3\) no jump is enabled and we might schedule a delay leading to a state in which \(x<3\). In such cases the resampling jump is scheduled with probability 1.
An example initial path can be constructed as follows: In the initial state \(\sigma _0=(\ell _0,x=0)\) at global time \(t:=0\) we assume that a delay of \(\mathcal {R}=2\) is sampled according to \({\text {Dist}}^{\varPsi _c}_{\sigma _{0}}\). This leads to a time step of length 2 and to state \((\ell _0,x=2)\) at global time \(t:=2\). In this state neither the jump to location \(\ell _1\) nor the one to location \(\ell _2\) is enabled, which is why the resampling jump is scheduled with probability 1 leading to state \(\sigma _1=(\ell _0,x=2)\). Next a delay is sampled again according to \({\text {Dist}}^{\varPsi _c^1}_{\sigma _{1}}\) which we assume to be \(\mathcal {R}=5\). Thus a time step of 5 is scheduled leading to state \((\ell _0,x=7)\) at global time \(t:=7\). In this state both regular jumps are enabled and both scheduled with the same probability.
In Fig. 5(c) a CHA \(\mathcal {C}^{\mathcal {E}_P}=(\mathcal {H},(\varPsi _c^2,\varPsi _d))\) with eager predictive specification is depicted. For each state \(\sigma \), the set of possible delays \(T_{\textit{in}}(\sigma )\) is computed as follows before the stochastic kernel \( \varPsi _c^2 \) is defined.
Using these computations, \(\varPsi _c^2\) is specified such that it characterises for each state \(\sigma \) a probability distribution \(\mathcal {U}({\text {max}}(0,3-\sigma .x),100)\) if \(\sigma .\ell \) equals \(\ell _0\) and a probability distribution \(\exp (\frac{1}{100})\) otherwise. Thus, it holds that for each state \(\sigma \), \({\text {Dom}}({\text {Dist}}^{\varPsi _c^2}_{\sigma _{1}})\subseteq T_{\textit{in}}(\sigma )\), which ensures that only such delays are sampled after which at least one regular jump is enabled.
Not only for a CHA with eager predictive specification, resampling jumps are scheduled with a probability of 0 but also in a CHA \(\mathcal {C}^{\mathcal {E}_N}=(\mathcal {H},(\varPsi _c^3,\varPsi _d))\) with composed scheduling and eager non-predictive specification, which is depicted in Fig. 5(d). Here, a stopwatch \( c\) is added, which keeps track of how long at least one regular jump has been enabled since the last jump. The stopwatch \(c\) is running in location \(\ell _0\) if \( x\ge 3 \), because in these states at least one regular jump ins enabled. As there are no regular jumps in locations \(\ell _1\) and \(\ell _2\) \(c\) evolves with rate 0 in both locations.
For this example \( \varPsi _c^3 \) is defined such that it characterises for each state \(\sigma \) the probability distribution \( \exp (\frac{1}{100}+\frac{\sigma .x}{100}) \). Starting at global time \(t:=0\) in the initial state \( \sigma _0=(\ell _0,x=0) \) we assume that an enabling delay of \(\mathcal {R}=3\) is sampled according to \({\text {Dist}}^{\varPsi _c^3}_{\sigma _{0}}\). Since \( c\) reaches a value of 3 at time \(t:=6\), a time step of this length is performed leading to state \(\sigma _0'=(\ell _0,x=6)\). After taking a jump to location \(\ell _1\) or \(\ell _2\) with the same probability, a new enabling delay is randomly chosen. Note that \(c\) evolves with rate of 0 when being in location \(\ell _1\) or \(\ell _2\). Thus, no jump will be scheduled regardless of chosen enabling delay.
Example 2
Decomposed Scheduling The HA \(\mathcal {H}\) of Fig. 5(a) is extended with different specifications of decomposed scheduling in Fig. 5(e-f). In the following, \(\mathcal {R}=(x_1,x_2)\) denotes the current realisations of the random variables.
In Fig. 5(e) a DHA \(\mathcal {D}^{\mathcal {L}}=(\mathcal {H},\varPsi ^1=(\varPsi ^1_1, \varPsi ^1_2))\) with lazy specification is shown. For this example we assume that \(\varPsi _1 \) characterises \( \exp (\frac{1}{100}+ \frac{\sigma .x}{100})\) and \(\varPsi _2 \) characterises \(\mathcal {U}(0,100+\sigma .x)\), where \(\sigma \in \varSigma \) is the current state of the automaton. Due to the specification of the kernels, it might happen that the winner of the stochastic race does not correspond to an enabled regular jump. Let now \(\mathcal {R}=(5,3)\) be the realisations for the random variables \(X_1\) and \(X_2\) sampled in the initial state \(\sigma _0=(\ell _0,x=0)\). In this case \(X_2\) wins the stochastic race, which leads to a time step of length 3 to state \((\ell _0,x=3)\) with \(\mathcal {R}=(2,0)\). However, the regular jump labelled with \(a_2\) is not enabled in this state, which is why the resampling jump labelled with \(a_2\) is scheduled with probability 1. Now, \(X_2\) is sampled in state \((\ell _0,x=3)\) resulting for this example in \(\mathcal {R}=(2,20)\). Thus, \(X_1\) wins the race-condition and a delay of 2 is scheduled, leading to state \((\ell _0,x=5)\) with \(\mathcal {R}=(0,18)\). In this state, the regular jump associated with \(a_1\) is enabled. Hence, the system moves to \(\sigma _2=(\ell _1,x=5)\) and \(X_1\) is resampled according to the distribution \({\text {Dist}}^{\varPsi ^1_1}_{\sigma _{2}}\).
Figure 5(f) shows, a DHA \(\mathcal {D}^{\mathcal {E}_N}=(\mathcal {H},\varPsi ^2=(\varPsi _1^2,\varPsi _2^2))\) with eager non-predictive specification. Two stopwatches \( c_{1}, c_{2} \) are added, which track how long a regular jump associated with \(a_1\) resp. \(a_2\) has been enabled since the last scheduling of a \(a_1\)- resp. \(a_2\)-labelled jump. For our example, both stopwatches evolve with a rate of 0 when being in location \(\ell _1\) or \(\ell _2\), in location \(\ell _0\) the stopwatches evolve according to the following derivatives:
Initially \(X_1\) and \(X_2 \) are sampled according to the probability distributions characterised by \(\varPsi ^2_1\) and \(\varPsi ^2_2\) in the initial state \((\ell _0,x=0)\) at global time \(t:=0\). Lets assume this results in \(\mathcal {R}=(5,3)\). Due to the given dynamics in \(\ell _0\), \(c_{1}\) reaches a value of \( \mathcal {R}[1]=5 \) at global time \(t:=8\) and \( c_{2} \) reaches a value of \( \mathcal {R}[2]=3 \) at global time \(t:=9\). Hence, \(X_1\) wins the race-condition and a delay of 8 is scheduled leading to state \((\ell _0, x=8)\) with \(\mathcal {R}=(0,1)\). Because \(X_1\) won the race, the jump to location \(\ell _1\) is scheduled and \(X_1\) is resampled according to the distribution characterised by \(\varPsi ^2_2\) in \((\ell _1,x=8)\).
Rights and permissions
Copyright information
© 2025 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this chapter
Cite this chapter
Willemsen, L., Remke, A., Ábrahám, E. (2025). (de-)Composed And More: Eager and Lazy Specifications (CAMELS) for Stochastic Hybrid Systems. In: Jansen, N., et al. Principles of Verification: Cycling the Probabilistic Landscape . Lecture Notes in Computer Science, vol 15262. Springer, Cham. https://doi.org/10.1007/978-3-031-75778-5_15
Download citation
DOI: https://doi.org/10.1007/978-3-031-75778-5_15
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-75777-8
Online ISBN: 978-3-031-75778-5
eBook Packages: Computer ScienceComputer Science (R0)