Hybrid System Verification Synchronous Workshop 2003 A New Verification Algorithm for Planar Differential Inclusions Gordon Pace University of Malta December 2003
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Hyb
rid
Syste
m V
eri
ficati
on
Synchronous Workshop 2003
A New Verification Algorithm for
Planar Differential Inclusions
Gordon Pace
University of Malta
December 2003
Hyb
rid
Syste
m V
eri
ficati
on
Synchronous Workshop 2003
Scientific Models
• Discrete systems– CSs’ favourite domain– What I should be talking about here …
• Continuous systems– Engineers’ domain– Differential equations
• Hybrid Systems
Hyb
rid
Syste
m V
eri
ficati
on
Synchronous Workshop 2003
A Hybrid System
• Typical example: A heated room with a a thermostat.
• Room temperature T continuous variable,• State of heater (on or off) is a discrete
variable,• Different (continuous/differential) equations
regulate room temperature depending whether heater is on or off.
Hyb
rid
Syste
m V
eri
ficati
on
Synchronous Workshop 2003
The Heated Room: Required Parameters
• Dynamics in different (discrete) states;
• When to switch from one state to another;
• Whether any continuous variables are reset discontinuously when switching from one state to another.
Hyb
rid
Syste
m V
eri
ficati
on
Synchronous Workshop 2003
The Heated Room:Typical questions
• Reachability questions: Can the room temperature rise over 5% above the thermostat setting?
• ‘Qualitative’ system behaviour: Given a loop (a sequence of discrete states) what continuous behaviour is possible within that loop?
Hyb
rid
Syste
m V
eri
ficati
on
Synchronous Workshop 2003
Hybrid Automata
On Off
Hyb
rid
Syste
m V
eri
ficati
on
Synchronous Workshop 2003
On Off
Label
Dynamics
Invariant
Guard Reset
Hybrid Automata
Hyb
rid
Syste
m V
eri
ficati
on
Synchronous Workshop 2003
Verification of Hybrid Automata
• Undecidable in general.
• Even (good) testing is difficult!
• Most complete approaches look at sub-problems eg limiting differential equations, limiting number of continuous variables.
Hyb
rid
Syste
m V
eri
ficati
on
Synchronous Workshop 2003
Swimmer in a whirlpool
Hyb
rid
Syste
m V
eri
ficati
on
Synchronous Workshop 2003
Swimmer in a whirlpool
Hyb
rid
Syste
m V
eri
ficati
on
Synchronous Workshop 2003
Swimmer in a whirlpool
Hyb
rid
Syste
m V
eri
ficati
on
Synchronous Workshop 2003
Swimmer in a whirlpool
Hyb
rid
Syste
m V
eri
ficati
on
Synchronous Workshop 2003
Swimmer in a whirlpool
Hyb
rid
Syste
m V
eri
ficati
on
Synchronous Workshop 2003
Swimmer in a whirlpool
Hyb
rid
Syste
m V
eri
ficati
on
Synchronous Workshop 2003
Swimmer in a whirlpool
Hyb
rid
Syste
m V
eri
ficati
on
Synchronous Workshop 2003
Swimmer in a whirlpool
Hyb
rid
Syste
m V
eri
ficati
on
Synchronous Workshop 2003
Swimmer in a whirlpool
Hyb
rid
Syste
m V
eri
ficati
on
Synchronous Workshop 2003
Swimmer in a whirlpool
Hyb
rid
Syste
m V
eri
ficati
on
Synchronous Workshop 2003
Swimmer in a whirlpool
Hyb
rid
Syste
m V
eri
ficati
on
Synchronous Workshop 2003
Polygonal Differential Inclusion Systems (SPDIs)
• A partition of the plane into convex polygons
• Constant differential inclusion for each region describing allowable dynamics
Hyb
rid
Syste
m V
eri
ficati
on
Synchronous Workshop 2003
Swimmer SPDI
Hyb
rid
Syste
m V
eri
ficati
on
Synchronous Workshop 2003
Swimmer SPDI
Arrows:System dynamics
Polygons:Discrete states
(Transformed) coordinates:
two continuous states
Hyb
rid
Syste
m V
eri
ficati
on
Synchronous Workshop 2003
Swimmer SPDI
Arrows:System dynamics
Polygons:Discrete states
Position on line:one continuous state
Hyb
rid
Syste
m V
eri
ficati
on
Synchronous Workshop 2003
Swimmer SPDI
Hyb
rid
Syste
m V
eri
ficati
on
Synchronous Workshop 2003
Swimmer SPDI
Hyb
rid
Syste
m V
eri
ficati
on
Synchronous Workshop 2003
Some undecidable extensions
• Three or more dimensions
• Variant differential inclusions
• SPDIs with arbitrary resets
Hyb
rid
Syste
m V
eri
ficati
on
Synchronous Workshop 2003
Some observations (1)
• Position on edges can be described as a single real number.
• Starting from a position s on an edge and ending at t on another edge, the linear inclusion limits guarantees:
t 2 [1 s + 2, 1 s + 2]• Similarly if we went through a number of
edges in between.
Hyb
rid
Syste
m V
eri
ficati
on
Synchronous Workshop 2003
Result:
• Given a loop of region edges, we can compute the reachable polygon without iterating.
• We can compute the effect of following an abstract trace:
e1…ei(ei+1…ej)*ej+1…ek(ek+1…el)* … en
Hyb
rid
Syste
m V
eri
ficati
on
Synchronous Workshop 2003
Some observations (2)
• For any self-crossing path through an SPDI, there exists a non-self-crossing one with the same start and end points.
• A path which follows a loop (a number of times), leaves it and goes through the loop again, can be replaced by one which enters the loop only once.
Hyb
rid
Syste
m V
eri
ficati
on
Synchronous Workshop 2003
Result:
• Any path through an abstract trace which is ‘too long’ also belongs to a shorter abstract path:
e1…ei(ei+1…ej)*ej+1…ek(ek+1…el)* … en
• Only a finite number of paths need be explored to check reachability.
Hyb
rid
Syste
m V
eri
ficati
on
Synchronous Workshop 2003
Summary
• We can (non-iteratively) calculate the effect of following an abstract path.
• A finite number of abstract paths cover all possible concrete paths from one edge to another.
• These abstract paths can be calculated.
Hyb
rid
Syste
m V
eri
ficati
on
Synchronous Workshop 2003
Summary
• We can (non-iteratively) calculate the effect of following an abstract path.
• A finite number of abstract paths cover all possible concrete paths from one edge to another.
• These abstract paths can be calculated.
We have an algorithm to
decide SPDI reachability
Hyb
rid
Syste
m V
eri
ficati
on
Synchronous Workshop 2003
Summary
• We can (non-iteratively) calculate the effect of following an abstract path.
• A finite number of abstract paths cover all possible concrete paths from one edge to another.
• These abstract paths can be calculated.
But it does not guarantee shortest
counter-example
unless exhaustive search is performed
Hyb
rid
Syste
m V
eri
ficati
on
Synchronous Workshop 2003
Forward model checking
[
Termination Condition:
Hyb
rid
Syste
m V
eri
ficati
on
Synchronous Workshop 2003
SPDI model checking
[ [
Termination Condition:[ [
Hyb
rid
Syste
m V
eri
ficati
on
Synchronous Workshop 2003
SPDI model checking
[ [
Termination Condition:[ [
This follows loops (non-iteratively) in one
step
Hyb
rid
Syste
m V
eri
ficati
on
Synchronous Workshop 2003
SPDI model checking
[ [
Termination Condition:[ [
This is the invariance kernel of the SPDI
Hyb
rid
Syste
m V
eri
ficati
on
Synchronous Workshop 2003
Invariance kernel of a loop
• The greatest set of points such that every trajectory starting in such points must remain in the set forever.
• Can be calculated using a non-iterative algorithm.
• The set is the union of all invariance kernels.
Hyb
rid
Syste
m V
eri
ficati
on
Synchronous Workshop 2003
Invariance kernel of a loop
• The greatest set of points such that every trajectory starting in such points must remain in the set forever.
• Can be calculated using a non-iterative algorithm.
• The set is the union of all invariance kernels.
BFS algorithm which guarantees
shortest abstract counter-example
Hyb
rid
Syste
m V
eri
ficati
on
Synchronous Workshop 2003
Invariance kernel of a loop
• The greatest set of points such that every trajectory starting in such points must remain in the set forever.
• Can be calculated using a non-iterative algorithm.
• The set is the union of all invariance kernels.
Allows us to apply standard
model-checking verification optimisations
to SPDI verification
Hyb
rid
Syste
m V
eri
ficati
on
Synchronous Workshop 2003
Future work
• Implementation of the new algorithm and standard optimisations
• Case studies and safe approximation generators
• How can this be applied to discrete systems with one continuous variable and differential inclusion transitions?
Hyb
rid
Syste
m V
eri
ficati
on
Synchronous Workshop 2003
x 2 [min{c1, 1 x + 2}, max{c1, 1 s + 2}]
Related Documents
