Verification of Hybrid Systems - univ-orleans.fr · 1 Verification of Hybrid Systems Antoine Girard...
Transcript of Verification of Hybrid Systems - univ-orleans.fr · 1 Verification of Hybrid Systems Antoine Girard...
![Page 1: Verification of Hybrid Systems - univ-orleans.fr · 1 Verification of Hybrid Systems Antoine Girard Université Grenoble 1, Laboratoire Jean Kuntzmann - with work from Thao Dang,](https://reader030.fdocuments.us/reader030/viewer/2022040710/5e104b0b1223cb4a427a6e72/html5/thumbnails/1.jpg)
1
Verification of Hybrid Systems
Antoine Girard
Université Grenoble 1, Laboratoire Jean Kuntzmann
- with work from Thao Dang, Goran Frehse and Colas Le Guernic -
Ecole des JDMACS, 19 mars, 2009
![Page 2: Verification of Hybrid Systems - univ-orleans.fr · 1 Verification of Hybrid Systems Antoine Girard Université Grenoble 1, Laboratoire Jean Kuntzmann - with work from Thao Dang,](https://reader030.fdocuments.us/reader030/viewer/2022040710/5e104b0b1223cb4a427a6e72/html5/thumbnails/2.jpg)
2
Acknowledgments
● Organizers: Luc Jaulin, Nacim Ramdani.
● Collaborators:
– Thao Dang,
– Goran Frehse,
– Colas Le Guernic.
● Special thanks to Goran Frehse for putting up
together the first version of the slides.
![Page 3: Verification of Hybrid Systems - univ-orleans.fr · 1 Verification of Hybrid Systems Antoine Girard Université Grenoble 1, Laboratoire Jean Kuntzmann - with work from Thao Dang,](https://reader030.fdocuments.us/reader030/viewer/2022040710/5e104b0b1223cb4a427a6e72/html5/thumbnails/3.jpg)
3
Boeing & Tupolew Collision
● Überlingen, July 1, 2002
● 21:33:03
– Alarm from Traffic Collision
Avoidance System (TCAS)
B757-200 TU154M
!
![Page 4: Verification of Hybrid Systems - univ-orleans.fr · 1 Verification of Hybrid Systems Antoine Girard Université Grenoble 1, Laboratoire Jean Kuntzmann - with work from Thao Dang,](https://reader030.fdocuments.us/reader030/viewer/2022040710/5e104b0b1223cb4a427a6e72/html5/thumbnails/4.jpg)
4
Boeing & Tupolew Collision
● Überlingen, July 1, 2002
● 21:33:03
– Alarm from Traffic Collision
Avoidance System (TCAS)
● 21:34:49
– Human air traffic controller
command
B757-200 TU154M
!
![Page 5: Verification of Hybrid Systems - univ-orleans.fr · 1 Verification of Hybrid Systems Antoine Girard Université Grenoble 1, Laboratoire Jean Kuntzmann - with work from Thao Dang,](https://reader030.fdocuments.us/reader030/viewer/2022040710/5e104b0b1223cb4a427a6e72/html5/thumbnails/5.jpg)
5
Boeing & Tupolew Collision
● Überlingen, July 1, 2002
● 21:33:03
– Alarm from Traffic Collision
Avoidance System (TCAS)
● 21:34:49
– Human air traffic controller
command
● 21:34:56
– TCAS recommendation
B757-200 TU154M
!
![Page 6: Verification of Hybrid Systems - univ-orleans.fr · 1 Verification of Hybrid Systems Antoine Girard Université Grenoble 1, Laboratoire Jean Kuntzmann - with work from Thao Dang,](https://reader030.fdocuments.us/reader030/viewer/2022040710/5e104b0b1223cb4a427a6e72/html5/thumbnails/6.jpg)
6
Boeing & Tupolew Collision
● Überlingen, July 1, 2002
● 21:33:03
– Alarm from Traffic Collision
Avoidance System (TCAS)
● 21:34:49
– Human air traffic controller
command
● 21:34:56
– TCAS recommendation
● 21:35:32
– Collision
B757-200 TU154M
!
![Page 7: Verification of Hybrid Systems - univ-orleans.fr · 1 Verification of Hybrid Systems Antoine Girard Université Grenoble 1, Laboratoire Jean Kuntzmann - with work from Thao Dang,](https://reader030.fdocuments.us/reader030/viewer/2022040710/5e104b0b1223cb4a427a6e72/html5/thumbnails/7.jpg)
7
Boeing & Tupolew Collision
● Überlingen, July 1, 2002
● 21:33:03
– Alarm from Traffic Collision
Avoidance System (TCAS)
● 21:34:49
– Human air traffic controller
command
● 21:34:56
– TCAS recommendation
● 21:35:32
– Collision
B757-200 TU154M
!Official Inquiry Recommendation:
“pilots are to obey and
follow TCAS advisories,
regardless of whether
contrary instruction is given”
Requires high confidence design
2
![Page 8: Verification of Hybrid Systems - univ-orleans.fr · 1 Verification of Hybrid Systems Antoine Girard Université Grenoble 1, Laboratoire Jean Kuntzmann - with work from Thao Dang,](https://reader030.fdocuments.us/reader030/viewer/2022040710/5e104b0b1223cb4a427a6e72/html5/thumbnails/8.jpg)
8
Incorrect /
Unknown
Revise
Design
Formal Verification
Model of
System
Formal
Specification
Correct
TCAS verified
in part[Livadas, Lygeros,
Lynch, ’00]
Verification
(algorithmic)
![Page 9: Verification of Hybrid Systems - univ-orleans.fr · 1 Verification of Hybrid Systems Antoine Girard Université Grenoble 1, Laboratoire Jean Kuntzmann - with work from Thao Dang,](https://reader030.fdocuments.us/reader030/viewer/2022040710/5e104b0b1223cb4a427a6e72/html5/thumbnails/9.jpg)
9
Join Maneuver [Tomlin et al.]
● Traffic Coordination Problem
– join paths at different speed
● Goals
– avoid collision
– join with sufficient separation
![Page 10: Verification of Hybrid Systems - univ-orleans.fr · 1 Verification of Hybrid Systems Antoine Girard Université Grenoble 1, Laboratoire Jean Kuntzmann - with work from Thao Dang,](https://reader030.fdocuments.us/reader030/viewer/2022040710/5e104b0b1223cb4a427a6e72/html5/thumbnails/10.jpg)
10
Join Maneuver [Tomlin et al.]
● Traffic Coordination Problem
– join paths at different speed
● Goals
– avoid collision
– join with sufficient separation
● Models
– Environment: Planes
– Software: Controller
• switches fast/slow
● Specification
– keep min. distance
disturbances
![Page 11: Verification of Hybrid Systems - univ-orleans.fr · 1 Verification of Hybrid Systems Antoine Girard Université Grenoble 1, Laboratoire Jean Kuntzmann - with work from Thao Dang,](https://reader030.fdocuments.us/reader030/viewer/2022040710/5e104b0b1223cb4a427a6e72/html5/thumbnails/11.jpg)
11
Formal Verification
● Characteristics
– mathematical rigor (sound proofs & algorithms)
– exhaustive
● In this talk: Reachability Analysis
initial states
run (trajectory)forbidden states
reachable states
= states on any run
![Page 12: Verification of Hybrid Systems - univ-orleans.fr · 1 Verification of Hybrid Systems Antoine Girard Université Grenoble 1, Laboratoire Jean Kuntzmann - with work from Thao Dang,](https://reader030.fdocuments.us/reader030/viewer/2022040710/5e104b0b1223cb4a427a6e72/html5/thumbnails/12.jpg)
12
Join Maneuver [Tomlin et al.]
time
reachable states
yellow plane
reachable states
blue plane
![Page 13: Verification of Hybrid Systems - univ-orleans.fr · 1 Verification of Hybrid Systems Antoine Girard Université Grenoble 1, Laboratoire Jean Kuntzmann - with work from Thao Dang,](https://reader030.fdocuments.us/reader030/viewer/2022040710/5e104b0b1223cb4a427a6e72/html5/thumbnails/13.jpg)
13
Join Maneuver [Tomlin et al.]
time
Possible collision!
reachable states
yellow plane
reachable states
blue plane
![Page 14: Verification of Hybrid Systems - univ-orleans.fr · 1 Verification of Hybrid Systems Antoine Girard Université Grenoble 1, Laboratoire Jean Kuntzmann - with work from Thao Dang,](https://reader030.fdocuments.us/reader030/viewer/2022040710/5e104b0b1223cb4a427a6e72/html5/thumbnails/14.jpg)
14
Formal Verification
● Key Problems
– computable (decidable) only for simple dynamics
– computationally expensive
– representation of / computation with continuous sets
![Page 15: Verification of Hybrid Systems - univ-orleans.fr · 1 Verification of Hybrid Systems Antoine Girard Université Grenoble 1, Laboratoire Jean Kuntzmann - with work from Thao Dang,](https://reader030.fdocuments.us/reader030/viewer/2022040710/5e104b0b1223cb4a427a6e72/html5/thumbnails/15.jpg)
15
Formal Verification
● Fighting complexity with overapproximations
– simplify dynamics
– set representations
– set computations
● Overapproximations should be
– conservative
– easy to derive and compute with
– accurate (not too many false positives)
![Page 16: Verification of Hybrid Systems - univ-orleans.fr · 1 Verification of Hybrid Systems Antoine Girard Université Grenoble 1, Laboratoire Jean Kuntzmann - with work from Thao Dang,](https://reader030.fdocuments.us/reader030/viewer/2022040710/5e104b0b1223cb4a427a6e72/html5/thumbnails/16.jpg)
16
Outline
I. Hybrid Automata and Reachability
II. Reachability for Simple Dynamics
a) Linear Hybrid Automata
b) Piecewise Affine Hybrid Systems
III. Application to Complex Dynamics via Hybridization
![Page 17: Verification of Hybrid Systems - univ-orleans.fr · 1 Verification of Hybrid Systems Antoine Girard Université Grenoble 1, Laboratoire Jean Kuntzmann - with work from Thao Dang,](https://reader030.fdocuments.us/reader030/viewer/2022040710/5e104b0b1223cb4a427a6e72/html5/thumbnails/17.jpg)
17
Incorrect /
Unknown
Revise
Design
Formal Verification
Model of
System
Formal
Specification
Correct
Verification
(algorithmic)
![Page 18: Verification of Hybrid Systems - univ-orleans.fr · 1 Verification of Hybrid Systems Antoine Girard Université Grenoble 1, Laboratoire Jean Kuntzmann - with work from Thao Dang,](https://reader030.fdocuments.us/reader030/viewer/2022040710/5e104b0b1223cb4a427a6e72/html5/thumbnails/18.jpg)
18
Formal Verification
Model of
Physics
Model of
Software
Model of System
continuous dynamics discrete dynamics
![Page 19: Verification of Hybrid Systems - univ-orleans.fr · 1 Verification of Hybrid Systems Antoine Girard Université Grenoble 1, Laboratoire Jean Kuntzmann - with work from Thao Dang,](https://reader030.fdocuments.us/reader030/viewer/2022040710/5e104b0b1223cb4a427a6e72/html5/thumbnails/19.jpg)
19
Modeling Hybrid Systems
● Example: Bouncing Ball
– ball with mass m and position x in free fall
– bounces when it hits the ground at x = 0
– initially at position x0 and at rest
x
0
Fg
![Page 20: Verification of Hybrid Systems - univ-orleans.fr · 1 Verification of Hybrid Systems Antoine Girard Université Grenoble 1, Laboratoire Jean Kuntzmann - with work from Thao Dang,](https://reader030.fdocuments.us/reader030/viewer/2022040710/5e104b0b1223cb4a427a6e72/html5/thumbnails/20.jpg)
20
● Condition for Free Fall
– ball above ground:
● First Principles (physical laws)
Part I – Free Fall
x
0
Fg
![Page 21: Verification of Hybrid Systems - univ-orleans.fr · 1 Verification of Hybrid Systems Antoine Girard Université Grenoble 1, Laboratoire Jean Kuntzmann - with work from Thao Dang,](https://reader030.fdocuments.us/reader030/viewer/2022040710/5e104b0b1223cb4a427a6e72/html5/thumbnails/21.jpg)
21
● Obtaining 1st Order ODE System
Part I – Free Fall
x
0
Fg
![Page 22: Verification of Hybrid Systems - univ-orleans.fr · 1 Verification of Hybrid Systems Antoine Girard Université Grenoble 1, Laboratoire Jean Kuntzmann - with work from Thao Dang,](https://reader030.fdocuments.us/reader030/viewer/2022040710/5e104b0b1223cb4a427a6e72/html5/thumbnails/22.jpg)
22
Part II – Bouncing
● Conditions for “Bouncing”
● Action for “Bouncing”
![Page 23: Verification of Hybrid Systems - univ-orleans.fr · 1 Verification of Hybrid Systems Antoine Girard Université Grenoble 1, Laboratoire Jean Kuntzmann - with work from Thao Dang,](https://reader030.fdocuments.us/reader030/viewer/2022040710/5e104b0b1223cb4a427a6e72/html5/thumbnails/23.jpg)
23
Combining Part I and II
● Free Fall
● Bouncing
continuous dynamics
discrete dynamics
![Page 24: Verification of Hybrid Systems - univ-orleans.fr · 1 Verification of Hybrid Systems Antoine Girard Université Grenoble 1, Laboratoire Jean Kuntzmann - with work from Thao Dang,](https://reader030.fdocuments.us/reader030/viewer/2022040710/5e104b0b1223cb4a427a6e72/html5/thumbnails/24.jpg)
24
Hybrid Automaton Model
freefall
flow
location
invariant
discrete transition
guard
label
reset
initial conditions
![Page 25: Verification of Hybrid Systems - univ-orleans.fr · 1 Verification of Hybrid Systems Antoine Girard Université Grenoble 1, Laboratoire Jean Kuntzmann - with work from Thao Dang,](https://reader030.fdocuments.us/reader030/viewer/2022040710/5e104b0b1223cb4a427a6e72/html5/thumbnails/25.jpg)
25
Hybrid Automata
● Defining Inhabited State Space:
– Locations
– Variables
• Valuation:
• State:
– Initial states
– Invariant
![Page 26: Verification of Hybrid Systems - univ-orleans.fr · 1 Verification of Hybrid Systems Antoine Girard Université Grenoble 1, Laboratoire Jean Kuntzmann - with work from Thao Dang,](https://reader030.fdocuments.us/reader030/viewer/2022040710/5e104b0b1223cb4a427a6e72/html5/thumbnails/26.jpg)
26
Hybrid Automata – Discrete Dynamics
● Defining Discrete Dynamics: Trans
● Semantics: Discrete Transition
– can jump from (l,x) to (l’, x’) if x 2 G and x’ 2 R(x)
G
R
(l,x)
(l’,R(x))
![Page 27: Verification of Hybrid Systems - univ-orleans.fr · 1 Verification of Hybrid Systems Antoine Girard Université Grenoble 1, Laboratoire Jean Kuntzmann - with work from Thao Dang,](https://reader030.fdocuments.us/reader030/viewer/2022040710/5e104b0b1223cb4a427a6e72/html5/thumbnails/27.jpg)
27
Hybrid Automata – Cont. Dynamics
● Defining Continuous Dynamics: Flow
– for each location l differential inclusion
● Semantics: Time Elapse
– change state along x(t) as time elapses
– x(t) must be in invariant Inv
–
![Page 28: Verification of Hybrid Systems - univ-orleans.fr · 1 Verification of Hybrid Systems Antoine Girard Université Grenoble 1, Laboratoire Jean Kuntzmann - with work from Thao Dang,](https://reader030.fdocuments.us/reader030/viewer/2022040710/5e104b0b1223cb4a427a6e72/html5/thumbnails/28.jpg)
28
Hybrid Automata – Cont. Dynamics
● Bouncing Ball:
– Flow:
![Page 29: Verification of Hybrid Systems - univ-orleans.fr · 1 Verification of Hybrid Systems Antoine Girard Université Grenoble 1, Laboratoire Jean Kuntzmann - with work from Thao Dang,](https://reader030.fdocuments.us/reader030/viewer/2022040710/5e104b0b1223cb4a427a6e72/html5/thumbnails/29.jpg)
29
Hybrid Automata - Semantics
● Run
– sequence of discrete transitions and time elapse
● Execution
– run that starts in the initial states
x0(t)
x1(t)
x2(t)
![Page 30: Verification of Hybrid Systems - univ-orleans.fr · 1 Verification of Hybrid Systems Antoine Girard Université Grenoble 1, Laboratoire Jean Kuntzmann - with work from Thao Dang,](https://reader030.fdocuments.us/reader030/viewer/2022040710/5e104b0b1223cb4a427a6e72/html5/thumbnails/30.jpg)
30
Execution of Bouncing Ball
time t
position x
x0(t)
x1(t)
x2(t)x3(t)
x4(t)
±0 ±1 ±2 ±3 ±4
x0
0
…
time t
velocity v
v0(t)v1(t)
v2(t)v3(t)
v4(t)
±0 ±1 ±2 ±3 ±4
v0
0
…
![Page 31: Verification of Hybrid Systems - univ-orleans.fr · 1 Verification of Hybrid Systems Antoine Girard Université Grenoble 1, Laboratoire Jean Kuntzmann - with work from Thao Dang,](https://reader030.fdocuments.us/reader030/viewer/2022040710/5e104b0b1223cb4a427a6e72/html5/thumbnails/31.jpg)
31
Execution of Bouncing Ball
● State-Space View (infinite time range)
position x
velocity v
discrete transition
x0
0
x0(t)
x1(t)
x2(t)
![Page 32: Verification of Hybrid Systems - univ-orleans.fr · 1 Verification of Hybrid Systems Antoine Girard Université Grenoble 1, Laboratoire Jean Kuntzmann - with work from Thao Dang,](https://reader030.fdocuments.us/reader030/viewer/2022040710/5e104b0b1223cb4a427a6e72/html5/thumbnails/32.jpg)
32
Incorrect /
Unknown
Revise
Design
Formal Verification
Model of
System
Formal
Specification
Correct
Verification
(Reachability)
![Page 33: Verification of Hybrid Systems - univ-orleans.fr · 1 Verification of Hybrid Systems Antoine Girard Université Grenoble 1, Laboratoire Jean Kuntzmann - with work from Thao Dang,](https://reader030.fdocuments.us/reader030/viewer/2022040710/5e104b0b1223cb4a427a6e72/html5/thumbnails/33.jpg)
33
Computing Reachable States
● Reachable states: Reach(S)
– any state encountered in a run starting in S
position x
velocity v0
S
![Page 34: Verification of Hybrid Systems - univ-orleans.fr · 1 Verification of Hybrid Systems Antoine Girard Université Grenoble 1, Laboratoire Jean Kuntzmann - with work from Thao Dang,](https://reader030.fdocuments.us/reader030/viewer/2022040710/5e104b0b1223cb4a427a6e72/html5/thumbnails/34.jpg)
34
● Compute successor states
0
R0
Computing Reachable States
R1=Postc(R0)
R2=Postd(R1)
R3=Postc(R2)
![Page 35: Verification of Hybrid Systems - univ-orleans.fr · 1 Verification of Hybrid Systems Antoine Girard Université Grenoble 1, Laboratoire Jean Kuntzmann - with work from Thao Dang,](https://reader030.fdocuments.us/reader030/viewer/2022040710/5e104b0b1223cb4a427a6e72/html5/thumbnails/35.jpg)
35
Computing Reachable States
● Fixpoint computation
● Problems
– in general termination not guaranteed
– time-elapse very hard to compute with sets
![Page 36: Verification of Hybrid Systems - univ-orleans.fr · 1 Verification of Hybrid Systems Antoine Girard Université Grenoble 1, Laboratoire Jean Kuntzmann - with work from Thao Dang,](https://reader030.fdocuments.us/reader030/viewer/2022040710/5e104b0b1223cb4a427a6e72/html5/thumbnails/36.jpg)
36
Chapter Summary
● Why should we care?
– Reachability Analysis is a set-based computation that can
answer many interesting questions about a system (safety,
bounded liveness,…)
● What’s the problem?
– The hardest part is computing time elapse.
– Explicit solutions only for very simple dynamics.
● What’s the solution?
– First study simple dynamics.
– Then apply these techniques to complex dynamics.
![Page 37: Verification of Hybrid Systems - univ-orleans.fr · 1 Verification of Hybrid Systems Antoine Girard Université Grenoble 1, Laboratoire Jean Kuntzmann - with work from Thao Dang,](https://reader030.fdocuments.us/reader030/viewer/2022040710/5e104b0b1223cb4a427a6e72/html5/thumbnails/37.jpg)
37
Outline
I. Hybrid Automata and Reachability
II. Reachability for Simple Dynamics
a) Linear Hybrid Automata
b) Piecewise Affine Hybrid Systems
III. Application to Complex Dynamics via Hybridization
![Page 38: Verification of Hybrid Systems - univ-orleans.fr · 1 Verification of Hybrid Systems Antoine Girard Université Grenoble 1, Laboratoire Jean Kuntzmann - with work from Thao Dang,](https://reader030.fdocuments.us/reader030/viewer/2022040710/5e104b0b1223cb4a427a6e72/html5/thumbnails/38.jpg)
38
In this Chapter…
● A very simple class of hybrid systems
● Exact computation of discrete transitions and time
elapse
– Note: Reachability (and pretty much everything else) is
nonetheless undecidable.
● A case study
![Page 39: Verification of Hybrid Systems - univ-orleans.fr · 1 Verification of Hybrid Systems Antoine Girard Université Grenoble 1, Laboratoire Jean Kuntzmann - with work from Thao Dang,](https://reader030.fdocuments.us/reader030/viewer/2022040710/5e104b0b1223cb4a427a6e72/html5/thumbnails/39.jpg)
39
Linear Hybrid Automata
● Continuous Dynamics
= convex polyhedron over derivatives
![Page 40: Verification of Hybrid Systems - univ-orleans.fr · 1 Verification of Hybrid Systems Antoine Girard Université Grenoble 1, Laboratoire Jean Kuntzmann - with work from Thao Dang,](https://reader030.fdocuments.us/reader030/viewer/2022040710/5e104b0b1223cb4a427a6e72/html5/thumbnails/40.jpg)
40
Linear Hybrid Automata
● Discrete Dynamics
= convex polyhedron over x and x’
![Page 41: Verification of Hybrid Systems - univ-orleans.fr · 1 Verification of Hybrid Systems Antoine Girard Université Grenoble 1, Laboratoire Jean Kuntzmann - with work from Thao Dang,](https://reader030.fdocuments.us/reader030/viewer/2022040710/5e104b0b1223cb4a427a6e72/html5/thumbnails/41.jpg)
41
Linear Hybrid Automata
● Invariants, Initial States
= convex polyhedron over x
![Page 42: Verification of Hybrid Systems - univ-orleans.fr · 1 Verification of Hybrid Systems Antoine Girard Université Grenoble 1, Laboratoire Jean Kuntzmann - with work from Thao Dang,](https://reader030.fdocuments.us/reader030/viewer/2022040710/5e104b0b1223cb4a427a6e72/html5/thumbnails/42.jpg)
42
Reachability with LHA
● Compute discrete successor states Postd(S)
– all x’ for which exists x 2 S s.t.
• x 2 G
• x’ 2 R(x) Å Inv
● Operations:
– existential quantification
– intersection
– standard operations on convex polyhedra
![Page 43: Verification of Hybrid Systems - univ-orleans.fr · 1 Verification of Hybrid Systems Antoine Girard Université Grenoble 1, Laboratoire Jean Kuntzmann - with work from Thao Dang,](https://reader030.fdocuments.us/reader030/viewer/2022040710/5e104b0b1223cb4a427a6e72/html5/thumbnails/43.jpg)
43
Reachability with LHA
● Compute time elapse states Postc(S)
● Theorem [Alur et al.]
– Time elapse along arbitrary trajectory iff time elapse along
straight line (convex invariant).
– time elapse along straight line can be computed as projection
along cone [Halbwachs et al.]
Inv
![Page 44: Verification of Hybrid Systems - univ-orleans.fr · 1 Verification of Hybrid Systems Antoine Girard Université Grenoble 1, Laboratoire Jean Kuntzmann - with work from Thao Dang,](https://reader030.fdocuments.us/reader030/viewer/2022040710/5e104b0b1223cb4a427a6e72/html5/thumbnails/44.jpg)
44
Reachability with LHA [Halbwachs, Henzinger, 93-97]
invariant
initial states
9
derivatives
successors
projection cone
1. get projection
cone2. time elapse by
projection 3. compute
successors of
transitions
![Page 45: Verification of Hybrid Systems - univ-orleans.fr · 1 Verification of Hybrid Systems Antoine Girard Université Grenoble 1, Laboratoire Jean Kuntzmann - with work from Thao Dang,](https://reader030.fdocuments.us/reader030/viewer/2022040710/5e104b0b1223cb4a427a6e72/html5/thumbnails/45.jpg)
45
Multi-Product Batch Plant
85
![Page 46: Verification of Hybrid Systems - univ-orleans.fr · 1 Verification of Hybrid Systems Antoine Girard Université Grenoble 1, Laboratoire Jean Kuntzmann - with work from Thao Dang,](https://reader030.fdocuments.us/reader030/viewer/2022040710/5e104b0b1223cb4a427a6e72/html5/thumbnails/46.jpg)
46
Multi-Product Batch Plant
● Cascade mixing process
– 3 educts via 3 reactors
2 products
● Verification Goals
– Invariants
• overflow
• product tanks never empty
– Filling sequence
● Design of verified
controller
LIS11
M
LIS22
QIS22
LIS32
LIS31
M
LIS23
QIS23
M
LIS21
QIS21
LIS13
LIS12
![Page 47: Verification of Hybrid Systems - univ-orleans.fr · 1 Verification of Hybrid Systems Antoine Girard Université Grenoble 1, Laboratoire Jean Kuntzmann - with work from Thao Dang,](https://reader030.fdocuments.us/reader030/viewer/2022040710/5e104b0b1223cb4a427a6e72/html5/thumbnails/47.jpg)
47
Switched Buffer Network
● Buffers s1,…,sn
– store material continuous level x1,…,xn
● Channels
– transport material from buffer to buffer continuous throughput v(s,s’),
nondeterministic inside interval
● Switching
– activate/deactivate channels
discretely
x
vin
vout
x=xM
x=0
Buffer
![Page 48: Verification of Hybrid Systems - univ-orleans.fr · 1 Verification of Hybrid Systems Antoine Girard Université Grenoble 1, Laboratoire Jean Kuntzmann - with work from Thao Dang,](https://reader030.fdocuments.us/reader030/viewer/2022040710/5e104b0b1223cb4a427a6e72/html5/thumbnails/48.jpg)
48
Continuous Dynamics
● Stationary throughput
– v [a,b]
● Source buffer empty
– throughput may seize, v [0,b]
– inflow of source = outflow of source
● Target buffer full
– throughput may seize, v [0,b]
– inflow of target = outflow of target
![Page 49: Verification of Hybrid Systems - univ-orleans.fr · 1 Verification of Hybrid Systems Antoine Girard Université Grenoble 1, Laboratoire Jean Kuntzmann - with work from Thao Dang,](https://reader030.fdocuments.us/reader030/viewer/2022040710/5e104b0b1223cb4a427a6e72/html5/thumbnails/49.jpg)
49
Buffer Automaton Model
– tank levels = cont. variables xi
– incoming flow vin(s)=s’ v(s’,s)
– outgoing flow vout(s)=s’ v(s,s’)
![Page 50: Verification of Hybrid Systems - univ-orleans.fr · 1 Verification of Hybrid Systems Antoine Girard Université Grenoble 1, Laboratoire Jean Kuntzmann - with work from Thao Dang,](https://reader030.fdocuments.us/reader030/viewer/2022040710/5e104b0b1223cb4a427a6e72/html5/thumbnails/50.jpg)
50
Channel Automaton Model
– throughput = algebraic variable (will be projected away)
this case study:
omit saturation
![Page 51: Verification of Hybrid Systems - univ-orleans.fr · 1 Verification of Hybrid Systems Antoine Girard Université Grenoble 1, Laboratoire Jean Kuntzmann - with work from Thao Dang,](https://reader030.fdocuments.us/reader030/viewer/2022040710/5e104b0b1223cb4a427a6e72/html5/thumbnails/51.jpg)
51
Production Schedule
– uses 3 reactors in parallel
– transfers of batches from one tank to another
– formally a control strategy: locations cont. variables locations
![Page 52: Verification of Hybrid Systems - univ-orleans.fr · 1 Verification of Hybrid Systems Antoine Girard Université Grenoble 1, Laboratoire Jean Kuntzmann - with work from Thao Dang,](https://reader030.fdocuments.us/reader030/viewer/2022040710/5e104b0b1223cb4a427a6e72/html5/thumbnails/52.jpg)
52
Verification with PHAVer
● Controller automaton model
– 78 locations
– ASAP transitions
● Controller + Plant
– 266 locations, 823 transitions
(~150 reachable)
● Reachability over infinite time
– 120s—1243s, 260—600MB
– computation cost increases
with nondeterminism
(intervals for throughputs,
initial states)
Controller Controlled Plant
![Page 53: Verification of Hybrid Systems - univ-orleans.fr · 1 Verification of Hybrid Systems Antoine Girard Université Grenoble 1, Laboratoire Jean Kuntzmann - with work from Thao Dang,](https://reader030.fdocuments.us/reader030/viewer/2022040710/5e104b0b1223cb4a427a6e72/html5/thumbnails/53.jpg)
53
Verification with PHAVer
![Page 54: Verification of Hybrid Systems - univ-orleans.fr · 1 Verification of Hybrid Systems Antoine Girard Université Grenoble 1, Laboratoire Jean Kuntzmann - with work from Thao Dang,](https://reader030.fdocuments.us/reader030/viewer/2022040710/5e104b0b1223cb4a427a6e72/html5/thumbnails/54.jpg)
54
Outline
I. Hybrid Automata and Reachability
II. Reachability for Simple Dynamics
a) Linear Hybrid Automata
b) Piecewise Affine Hybrid Systems
III. Application to Complex Dynamics via Hybridization
![Page 55: Verification of Hybrid Systems - univ-orleans.fr · 1 Verification of Hybrid Systems Antoine Girard Université Grenoble 1, Laboratoire Jean Kuntzmann - with work from Thao Dang,](https://reader030.fdocuments.us/reader030/viewer/2022040710/5e104b0b1223cb4a427a6e72/html5/thumbnails/55.jpg)
55
In this Chapter…
● Another class of (not quite so) simple dynamics
– but things are getting serious (no explicit solution for sets)
● Exact Computation time elapse only at discrete
points in time
– used to overapproximate continuous time
● Efficient data structures
![Page 56: Verification of Hybrid Systems - univ-orleans.fr · 1 Verification of Hybrid Systems Antoine Girard Université Grenoble 1, Laboratoire Jean Kuntzmann - with work from Thao Dang,](https://reader030.fdocuments.us/reader030/viewer/2022040710/5e104b0b1223cb4a427a6e72/html5/thumbnails/56.jpg)
56
Piecewise Affine Hybrid Systems
● Affine dynamics
– Flow:
– For time elapse it’s enough to look at a single location.
![Page 57: Verification of Hybrid Systems - univ-orleans.fr · 1 Verification of Hybrid Systems Antoine Girard Université Grenoble 1, Laboratoire Jean Kuntzmann - with work from Thao Dang,](https://reader030.fdocuments.us/reader030/viewer/2022040710/5e104b0b1223cb4a427a6e72/html5/thumbnails/57.jpg)
57
Linear Dynamics
● Let’s begin with “autonomous” part of the dynamics:
● Known solutions:
– analytic solution in continuous time
– explicit solution at discrete points in time
(up to arbitrary accuracy)
● Approach for Reachability:
– Compute reachable states over finite time: Reach[0,T](XIni)
– Use time-discretization, but with care!
![Page 58: Verification of Hybrid Systems - univ-orleans.fr · 1 Verification of Hybrid Systems Antoine Girard Université Grenoble 1, Laboratoire Jean Kuntzmann - with work from Thao Dang,](https://reader030.fdocuments.us/reader030/viewer/2022040710/5e104b0b1223cb4a427a6e72/html5/thumbnails/58.jpg)
58
Time-Discretization for an Initial Point
● Analytic solution:
● Explicit solution in discretized time (recursive):
2± 3±±0
x0x1
x2
x3
t
x(t)
multiplication with const. matrix eA±
= linear transform
![Page 59: Verification of Hybrid Systems - univ-orleans.fr · 1 Verification of Hybrid Systems Antoine Girard Université Grenoble 1, Laboratoire Jean Kuntzmann - with work from Thao Dang,](https://reader030.fdocuments.us/reader030/viewer/2022040710/5e104b0b1223cb4a427a6e72/html5/thumbnails/59.jpg)
59
Time-Discretization for an Initial Set
● Explicit solution in
discretized time
● Acceptable solution for purely continuous systems
– x(t) is in ²(±)-neighborhood of some Xk
● Unacceptable for hybrid systems
– discrete transitions might ―fire‖ between sampling times
– if transitions are ―missed,‖ x(t) not in ²(±)-neighborhood
2± 3±±0
X0
X1
X2
X3
t
Reach[0,3±](XIni)
![Page 60: Verification of Hybrid Systems - univ-orleans.fr · 1 Verification of Hybrid Systems Antoine Girard Université Grenoble 1, Laboratoire Jean Kuntzmann - with work from Thao Dang,](https://reader030.fdocuments.us/reader030/viewer/2022040710/5e104b0b1223cb4a427a6e72/html5/thumbnails/60.jpg)
60
0.0
0.2
0.4
0.6
0.8
1.0
1.2
-2.0
-1.5
-1.0
-0.5 0.
00.5
1.0
1.5
Bouncing Ball
– In other examples this error might not be as obvious…
X90 = ;
![Page 61: Verification of Hybrid Systems - univ-orleans.fr · 1 Verification of Hybrid Systems Antoine Girard Université Grenoble 1, Laboratoire Jean Kuntzmann - with work from Thao Dang,](https://reader030.fdocuments.us/reader030/viewer/2022040710/5e104b0b1223cb4a427a6e72/html5/thumbnails/61.jpg)
61
● Goal:
– Compute sequence k over bounded time [0,N±] such that:
● Approach:
– Refine k by recurrence:
– Condition for 0:
Reachability by Time-Discretization
2± 3±±0 t
Reach[0,3±](XIni)
0
1
2
![Page 62: Verification of Hybrid Systems - univ-orleans.fr · 1 Verification of Hybrid Systems Antoine Girard Université Grenoble 1, Laboratoire Jean Kuntzmann - with work from Thao Dang,](https://reader030.fdocuments.us/reader030/viewer/2022040710/5e104b0b1223cb4a427a6e72/html5/thumbnails/62.jpg)
62
Time-Discretization with Convex Hull
● Overapproximating Reach[0,±]:
0X
1X
)( 0],0[ XReach ),( 10 XXConv )),(( 10 XXConvBloat
![Page 63: Verification of Hybrid Systems - univ-orleans.fr · 1 Verification of Hybrid Systems Antoine Girard Université Grenoble 1, Laboratoire Jean Kuntzmann - with work from Thao Dang,](https://reader030.fdocuments.us/reader030/viewer/2022040710/5e104b0b1223cb4a427a6e72/html5/thumbnails/63.jpg)
63
Time-Discretization with Convex Hull
● Bouncing Ball:
0
X0
X1
X0
X1
0
![Page 64: Verification of Hybrid Systems - univ-orleans.fr · 1 Verification of Hybrid Systems Antoine Girard Université Grenoble 1, Laboratoire Jean Kuntzmann - with work from Thao Dang,](https://reader030.fdocuments.us/reader030/viewer/2022040710/5e104b0b1223cb4a427a6e72/html5/thumbnails/64.jpg)
64
Nondeterministic Affine Dynamics
● Let’s include the effect of inputs:
– variables x1,…,xn, inputs u1,…,up
● Input u models nondeterminism
![Page 65: Verification of Hybrid Systems - univ-orleans.fr · 1 Verification of Hybrid Systems Antoine Girard Université Grenoble 1, Laboratoire Jean Kuntzmann - with work from Thao Dang,](https://reader030.fdocuments.us/reader030/viewer/2022040710/5e104b0b1223cb4a427a6e72/html5/thumbnails/65.jpg)
65
Nondeterministic Affine Dynamics
● Analytic Solution
2± 3±±0 t
Reach[0,3±](XIni)
influence of inputs
autonomous
dynamics
influence of
inputs
![Page 66: Verification of Hybrid Systems - univ-orleans.fr · 1 Verification of Hybrid Systems Antoine Girard Université Grenoble 1, Laboratoire Jean Kuntzmann - with work from Thao Dang,](https://reader030.fdocuments.us/reader030/viewer/2022040710/5e104b0b1223cb4a427a6e72/html5/thumbnails/66.jpg)
66
Nondeterministic Affine Dynamics
● How far can the input “push” the system in ± time?
● Minkowski Sum:
![Page 67: Verification of Hybrid Systems - univ-orleans.fr · 1 Verification of Hybrid Systems Antoine Girard Université Grenoble 1, Laboratoire Jean Kuntzmann - with work from Thao Dang,](https://reader030.fdocuments.us/reader030/viewer/2022040710/5e104b0b1223cb4a427a6e72/html5/thumbnails/67.jpg)
67
Nondeterministic Affine Dynamics
2± 3±±0 t
0
1
![Page 68: Verification of Hybrid Systems - univ-orleans.fr · 1 Verification of Hybrid Systems Antoine Girard Université Grenoble 1, Laboratoire Jean Kuntzmann - with work from Thao Dang,](https://reader030.fdocuments.us/reader030/viewer/2022040710/5e104b0b1223cb4a427a6e72/html5/thumbnails/68.jpg)
68
Implementing Reachability
● Find representation for continuous sets with
– linear transformation ( k+1 = © k )
– Minkowski Sum
– intersection (with guards)
![Page 69: Verification of Hybrid Systems - univ-orleans.fr · 1 Verification of Hybrid Systems Antoine Girard Université Grenoble 1, Laboratoire Jean Kuntzmann - with work from Thao Dang,](https://reader030.fdocuments.us/reader030/viewer/2022040710/5e104b0b1223cb4a427a6e72/html5/thumbnails/69.jpg)
69
Polyhedra
● Finite conjunction of linear constraints
![Page 70: Verification of Hybrid Systems - univ-orleans.fr · 1 Verification of Hybrid Systems Antoine Girard Université Grenoble 1, Laboratoire Jean Kuntzmann - with work from Thao Dang,](https://reader030.fdocuments.us/reader030/viewer/2022040710/5e104b0b1223cb4a427a6e72/html5/thumbnails/70.jpg)
70
Operations on Polyhedra
● Linear Transformation
– transform matrix
– O(n3)
● Minkowski Sum
– need to compute vertices
– O(exp(n))
● Intersection
– join lists of constraints
– O(1)
![Page 71: Verification of Hybrid Systems - univ-orleans.fr · 1 Verification of Hybrid Systems Antoine Girard Université Grenoble 1, Laboratoire Jean Kuntzmann - with work from Thao Dang,](https://reader030.fdocuments.us/reader030/viewer/2022040710/5e104b0b1223cb4a427a6e72/html5/thumbnails/71.jpg)
71
Zonotopes
● Central symmetric polyhedron
generators
center
center generators
zonotope
(2 dimensional)
![Page 72: Verification of Hybrid Systems - univ-orleans.fr · 1 Verification of Hybrid Systems Antoine Girard Université Grenoble 1, Laboratoire Jean Kuntzmann - with work from Thao Dang,](https://reader030.fdocuments.us/reader030/viewer/2022040710/5e104b0b1223cb4a427a6e72/html5/thumbnails/72.jpg)
72
Operations on Zonotopes
● Linear Transformation
– transform generators
– O(mn2)
● Minkowski Sum
– join lists of generators
– O(n)
● Intersection
– Problem: intersection of zonotopes is not a zonotope
– overapproximate
![Page 73: Verification of Hybrid Systems - univ-orleans.fr · 1 Verification of Hybrid Systems Antoine Girard Université Grenoble 1, Laboratoire Jean Kuntzmann - with work from Thao Dang,](https://reader030.fdocuments.us/reader030/viewer/2022040710/5e104b0b1223cb4a427a6e72/html5/thumbnails/73.jpg)
73
Ellipsoids
● Quadratic form
– matrix or generator representation
![Page 74: Verification of Hybrid Systems - univ-orleans.fr · 1 Verification of Hybrid Systems Antoine Girard Université Grenoble 1, Laboratoire Jean Kuntzmann - with work from Thao Dang,](https://reader030.fdocuments.us/reader030/viewer/2022040710/5e104b0b1223cb4a427a6e72/html5/thumbnails/74.jpg)
74
Operations on Ellipsoids
● Linear Transformation
– transform generators
– O(n2)
● Minkowski Sum
– Problem: result is not an ellipsoid
– overapproximate
● Intersection
– Problem: intersection of ellipsoids is not an ellipsoid
– overapproximate
![Page 75: Verification of Hybrid Systems - univ-orleans.fr · 1 Verification of Hybrid Systems Antoine Girard Université Grenoble 1, Laboratoire Jean Kuntzmann - with work from Thao Dang,](https://reader030.fdocuments.us/reader030/viewer/2022040710/5e104b0b1223cb4a427a6e72/html5/thumbnails/75.jpg)
75
Implementing Reachability
● Complexity of 1 Step of Time Elapse:
– Polyhedra: O(exp(n))
– Zonotopes: O(mn2)
● Problem: With each iteration, i get more complex
– Minkowski sum increases number of
• Polyhedra: constraints
• Zonotopes: generators
![Page 76: Verification of Hybrid Systems - univ-orleans.fr · 1 Verification of Hybrid Systems Antoine Girard Université Grenoble 1, Laboratoire Jean Kuntzmann - with work from Thao Dang,](https://reader030.fdocuments.us/reader030/viewer/2022040710/5e104b0b1223cb4a427a6e72/html5/thumbnails/76.jpg)
76
Wrapping Effect
● Fight complexity by overapproximation
● Overapproximated Sequence
– accumulation of approximations ! Wrapping Effect
– exponential increase in approximation error!
![Page 77: Verification of Hybrid Systems - univ-orleans.fr · 1 Verification of Hybrid Systems Antoine Girard Université Grenoble 1, Laboratoire Jean Kuntzmann - with work from Thao Dang,](https://reader030.fdocuments.us/reader030/viewer/2022040710/5e104b0b1223cb4a427a6e72/html5/thumbnails/77.jpg)
77
Wrapping Effect
● Exact vs. overapproximation
– dimension 5 for 600 time steps
– overapproximation with 100 generators
![Page 78: Verification of Hybrid Systems - univ-orleans.fr · 1 Verification of Hybrid Systems Antoine Girard Université Grenoble 1, Laboratoire Jean Kuntzmann - with work from Thao Dang,](https://reader030.fdocuments.us/reader030/viewer/2022040710/5e104b0b1223cb4a427a6e72/html5/thumbnails/78.jpg)
78
Wrapping Effect
● How does error accumulate?
– linear transformation (scaling error up ! exp)
– V is added (adding some more error)
![Page 79: Verification of Hybrid Systems - univ-orleans.fr · 1 Verification of Hybrid Systems Antoine Girard Université Grenoble 1, Laboratoire Jean Kuntzmann - with work from Thao Dang,](https://reader030.fdocuments.us/reader030/viewer/2022040710/5e104b0b1223cb4a427a6e72/html5/thumbnails/79.jpg)
79
Wrapping Effect
![Page 80: Verification of Hybrid Systems - univ-orleans.fr · 1 Verification of Hybrid Systems Antoine Girard Université Grenoble 1, Laboratoire Jean Kuntzmann - with work from Thao Dang,](https://reader030.fdocuments.us/reader030/viewer/2022040710/5e104b0b1223cb4a427a6e72/html5/thumbnails/80.jpg)
80
Wrapping Effect
![Page 81: Verification of Hybrid Systems - univ-orleans.fr · 1 Verification of Hybrid Systems Antoine Girard Université Grenoble 1, Laboratoire Jean Kuntzmann - with work from Thao Dang,](https://reader030.fdocuments.us/reader030/viewer/2022040710/5e104b0b1223cb4a427a6e72/html5/thumbnails/81.jpg)
81
Wrapping Effect
![Page 82: Verification of Hybrid Systems - univ-orleans.fr · 1 Verification of Hybrid Systems Antoine Girard Université Grenoble 1, Laboratoire Jean Kuntzmann - with work from Thao Dang,](https://reader030.fdocuments.us/reader030/viewer/2022040710/5e104b0b1223cb4a427a6e72/html5/thumbnails/82.jpg)
82
Wrapping Effect
not even
touching!
![Page 83: Verification of Hybrid Systems - univ-orleans.fr · 1 Verification of Hybrid Systems Antoine Girard Université Grenoble 1, Laboratoire Jean Kuntzmann - with work from Thao Dang,](https://reader030.fdocuments.us/reader030/viewer/2022040710/5e104b0b1223cb4a427a6e72/html5/thumbnails/83.jpg)
83
Fighting the Wrapping Effect
● Separate transformations and Minkowski sums:
● 4 Sequences:
![Page 84: Verification of Hybrid Systems - univ-orleans.fr · 1 Verification of Hybrid Systems Antoine Girard Université Grenoble 1, Laboratoire Jean Kuntzmann - with work from Thao Dang,](https://reader030.fdocuments.us/reader030/viewer/2022040710/5e104b0b1223cb4a427a6e72/html5/thumbnails/84.jpg)
84
4-Sequence Algorithm
● Only transformations in Rk and Vk
– complexity independent of k
– no overapproximation necessary
● Only Minkowski sum in Sk and k
– growing number of generators, but no longer transformed
– O(Nn3) instead of O(N2n3)
![Page 85: Verification of Hybrid Systems - univ-orleans.fr · 1 Verification of Hybrid Systems Antoine Girard Université Grenoble 1, Laboratoire Jean Kuntzmann - with work from Thao Dang,](https://reader030.fdocuments.us/reader030/viewer/2022040710/5e104b0b1223cb4a427a6e72/html5/thumbnails/85.jpg)
85
4-Sequence Algorithm
● Use overapproximation with
– bounding box, octagonal, etc.
● No accumulation of error:
![Page 86: Verification of Hybrid Systems - univ-orleans.fr · 1 Verification of Hybrid Systems Antoine Girard Université Grenoble 1, Laboratoire Jean Kuntzmann - with work from Thao Dang,](https://reader030.fdocuments.us/reader030/viewer/2022040710/5e104b0b1223cb4a427a6e72/html5/thumbnails/86.jpg)
86
Fighting the Wrapping Effect
● Exact vs. overapproximation
– dimension 5 for 600 time steps
– overapproximation with bounding box
![Page 87: Verification of Hybrid Systems - univ-orleans.fr · 1 Verification of Hybrid Systems Antoine Girard Université Grenoble 1, Laboratoire Jean Kuntzmann - with work from Thao Dang,](https://reader030.fdocuments.us/reader030/viewer/2022040710/5e104b0b1223cb4a427a6e72/html5/thumbnails/87.jpg)
87
Experimental Results
● Time and memory for 100 steps
4-Sequence Zonotopes
4-Sequence Box
Zonotope, 20 Gen.
4-Sequence Zonotopes
4-Sequence Box
Zonotope, 20 Gen.
![Page 88: Verification of Hybrid Systems - univ-orleans.fr · 1 Verification of Hybrid Systems Antoine Girard Université Grenoble 1, Laboratoire Jean Kuntzmann - with work from Thao Dang,](https://reader030.fdocuments.us/reader030/viewer/2022040710/5e104b0b1223cb4a427a6e72/html5/thumbnails/88.jpg)
88
Outline
I. Hybrid Automata and Reachability
II. Reachability for Simple Dynamics
a) Linear Hybrid Automata
b) Piecewise Affine Hybrid Systems
III. Application to Complex Dynamics via Hybridization
![Page 89: Verification of Hybrid Systems - univ-orleans.fr · 1 Verification of Hybrid Systems Antoine Girard Université Grenoble 1, Laboratoire Jean Kuntzmann - with work from Thao Dang,](https://reader030.fdocuments.us/reader030/viewer/2022040710/5e104b0b1223cb4a427a6e72/html5/thumbnails/89.jpg)
89
In this Chapter…
● Complex nonlinear dynamics
– and how to overapproximate them with simpler dynamics
![Page 90: Verification of Hybrid Systems - univ-orleans.fr · 1 Verification of Hybrid Systems Antoine Girard Université Grenoble 1, Laboratoire Jean Kuntzmann - with work from Thao Dang,](https://reader030.fdocuments.us/reader030/viewer/2022040710/5e104b0b1223cb4a427a6e72/html5/thumbnails/90.jpg)
90
Hybridization
● Goal: Overapproximation of H with
– simpler dynamics
– approximation error · ²
● Observation:
– approximation error depends on size of invariant in each location
● Approach:
– split locations until all invariants small enough
– overapproximate dynamics in each location
![Page 91: Verification of Hybrid Systems - univ-orleans.fr · 1 Verification of Hybrid Systems Antoine Girard Université Grenoble 1, Laboratoire Jean Kuntzmann - with work from Thao Dang,](https://reader030.fdocuments.us/reader030/viewer/2022040710/5e104b0b1223cb4a427a6e72/html5/thumbnails/91.jpg)
91
Splitting Locations
● same behavior as before if
– ¿-transitions don’t change variables and are unobservable
– Inv1 [ Inv2 = Inv (and some details)
¿¿
![Page 92: Verification of Hybrid Systems - univ-orleans.fr · 1 Verification of Hybrid Systems Antoine Girard Université Grenoble 1, Laboratoire Jean Kuntzmann - with work from Thao Dang,](https://reader030.fdocuments.us/reader030/viewer/2022040710/5e104b0b1223cb4a427a6e72/html5/thumbnails/92.jpg)
92
Overapproximating Dynamics
● same or more behavior as before if
![Page 93: Verification of Hybrid Systems - univ-orleans.fr · 1 Verification of Hybrid Systems Antoine Girard Université Grenoble 1, Laboratoire Jean Kuntzmann - with work from Thao Dang,](https://reader030.fdocuments.us/reader030/viewer/2022040710/5e104b0b1223cb4a427a6e72/html5/thumbnails/93.jpg)
93
Some Approximation Results
● Reachable set of the hybridization overapproximatesthe reachable set of H
● On bounded time interval [0,T] the approximation error is in O(² exp(T))
– approximation diverges on an unbounded time interval…
● Unless the system has a global attractor
– accumulation of approximation error is compensated by
contraction of the dynamics.
– reachable set on unbounded time interval can be approximated
arbitrarily close
![Page 94: Verification of Hybrid Systems - univ-orleans.fr · 1 Verification of Hybrid Systems Antoine Girard Université Grenoble 1, Laboratoire Jean Kuntzmann - with work from Thao Dang,](https://reader030.fdocuments.us/reader030/viewer/2022040710/5e104b0b1223cb4a427a6e72/html5/thumbnails/94.jpg)
94
● By definition x 2 Inv(l):
– overapproximation
● If B,Inv polyhedra
– C polyhedron
– O(exp(n))
From Affine to LHA-Dynamics
![Page 95: Verification of Hybrid Systems - univ-orleans.fr · 1 Verification of Hybrid Systems Antoine Girard Université Grenoble 1, Laboratoire Jean Kuntzmann - with work from Thao Dang,](https://reader030.fdocuments.us/reader030/viewer/2022040710/5e104b0b1223cb4a427a6e72/html5/thumbnails/95.jpg)
95
From Affine to LHA-Dynamics
![Page 96: Verification of Hybrid Systems - univ-orleans.fr · 1 Verification of Hybrid Systems Antoine Girard Université Grenoble 1, Laboratoire Jean Kuntzmann - with work from Thao Dang,](https://reader030.fdocuments.us/reader030/viewer/2022040710/5e104b0b1223cb4a427a6e72/html5/thumbnails/96.jpg)
96
Hybridization with LHA
● Bouncing Ball Dynamics
– dynamics of x are affine (depend on v).
● Invariant: x ¸ 0
– no restriction on v
– entire invariant reachable
![Page 97: Verification of Hybrid Systems - univ-orleans.fr · 1 Verification of Hybrid Systems Antoine Girard Université Grenoble 1, Laboratoire Jean Kuntzmann - with work from Thao Dang,](https://reader030.fdocuments.us/reader030/viewer/2022040710/5e104b0b1223cb4a427a6e72/html5/thumbnails/97.jpg)
97
Hybridization with LHA
● Bouncing Ball Dynamics
● Split v–axis in K parts
– on bounded subset v 2 [-2,2]
● Arbitrary accuracy for small enough K
![Page 98: Verification of Hybrid Systems - univ-orleans.fr · 1 Verification of Hybrid Systems Antoine Girard Université Grenoble 1, Laboratoire Jean Kuntzmann - with work from Thao Dang,](https://reader030.fdocuments.us/reader030/viewer/2022040710/5e104b0b1223cb4a427a6e72/html5/thumbnails/98.jpg)
98
0.0
0.2
0.4
0.6
0.8
1.0
1.2
-2.0
-1.5
-1.0
-0.5 0
.00.5
1.0
1.5
Hybridization with LHA
● Bouncing Ball – Reachable states for K=64:
![Page 99: Verification of Hybrid Systems - univ-orleans.fr · 1 Verification of Hybrid Systems Antoine Girard Université Grenoble 1, Laboratoire Jean Kuntzmann - with work from Thao Dang,](https://reader030.fdocuments.us/reader030/viewer/2022040710/5e104b0b1223cb4a427a6e72/html5/thumbnails/99.jpg)
99
Tunnel Diode Oscillator
● What are good parameters?
– startup conditions
– parameter variations
– disturbances
Tunnel
Diode
6
Vd
inLCLL
LCdCC
VRIVI
IVIV
+
+
1
1 )(
![Page 100: Verification of Hybrid Systems - univ-orleans.fr · 1 Verification of Hybrid Systems Antoine Girard Université Grenoble 1, Laboratoire Jean Kuntzmann - with work from Thao Dang,](https://reader030.fdocuments.us/reader030/viewer/2022040710/5e104b0b1223cb4a427a6e72/html5/thumbnails/100.jpg)
100
Tunnel Diode Oscillator
R=0.20 Oscillation
VC
[V]
IL
[mA]
Time [µs]
initial states
6
![Page 101: Verification of Hybrid Systems - univ-orleans.fr · 1 Verification of Hybrid Systems Antoine Girard Université Grenoble 1, Laboratoire Jean Kuntzmann - with work from Thao Dang,](https://reader030.fdocuments.us/reader030/viewer/2022040710/5e104b0b1223cb4a427a6e72/html5/thumbnails/101.jpg)
101
Tunnel Diode Oscillator
R=0.24 Stable equilibrium
VC
[V]
IL
[mA]
Time [µs]
initial states
6
![Page 102: Verification of Hybrid Systems - univ-orleans.fr · 1 Verification of Hybrid Systems Antoine Girard Université Grenoble 1, Laboratoire Jean Kuntzmann - with work from Thao Dang,](https://reader030.fdocuments.us/reader030/viewer/2022040710/5e104b0b1223cb4a427a6e72/html5/thumbnails/102.jpg)
102
VC
[V]
IL
[mA]
inLCLL
LCdCC
VRIVI
IVIV
+
+
1
1 )(
Tunnel Diode Oscillator
Tunn
el
Diode
• Oscillation
• Jitter
• …
Reachability Analysis
Formal Model
Analog/Mixed Signal Circuit
Guaranteed Safety Property
![Page 103: Verification of Hybrid Systems - univ-orleans.fr · 1 Verification of Hybrid Systems Antoine Girard Université Grenoble 1, Laboratoire Jean Kuntzmann - with work from Thao Dang,](https://reader030.fdocuments.us/reader030/viewer/2022040710/5e104b0b1223cb4a427a6e72/html5/thumbnails/103.jpg)
103
Reachability Analysis
1. Hybridization
– Partition State Space
(on the fly)
– Switching between
Hybrid System
VC
[V]
IL
[mA]
9
![Page 104: Verification of Hybrid Systems - univ-orleans.fr · 1 Verification of Hybrid Systems Antoine Girard Université Grenoble 1, Laboratoire Jean Kuntzmann - with work from Thao Dang,](https://reader030.fdocuments.us/reader030/viewer/2022040710/5e104b0b1223cb4a427a6e72/html5/thumbnails/104.jpg)
104
Reachability Analysis
1. Hybridization
– Partition State Space
(on the fly)
– Switching between
Hybrid System
2. Overapproximation
– Linear Hybrid Automata
Polyhedral enclosure
of actual trajectories
IL
[mA]
VC
[V]
vector field
9
![Page 105: Verification of Hybrid Systems - univ-orleans.fr · 1 Verification of Hybrid Systems Antoine Girard Université Grenoble 1, Laboratoire Jean Kuntzmann - with work from Thao Dang,](https://reader030.fdocuments.us/reader030/viewer/2022040710/5e104b0b1223cb4a427a6e72/html5/thumbnails/105.jpg)
105
Reachability Analysis
● Efficiency through
– adapting partitions to
dynamics
– overapproximation of
complex polyhedra with
simplified polyhedra
● Good performance
– Reachability with high
accuracy in 72s, 127MBV
C[V]
IL
[mA]
Partition dependingon dynamics
10
![Page 106: Verification of Hybrid Systems - univ-orleans.fr · 1 Verification of Hybrid Systems Antoine Girard Université Grenoble 1, Laboratoire Jean Kuntzmann - with work from Thao Dang,](https://reader030.fdocuments.us/reader030/viewer/2022040710/5e104b0b1223cb4a427a6e72/html5/thumbnails/106.jpg)
106
Bibliography
● Hybrid Systems Theory
– Rajeev Alur, Costas Courcoubetis, Nicolas Halbwachs, Thomas A. Henzinger, Pei-Hsin
Ho, Xavier Nicollin, Alfredo Olivero, Joseph Sifakis, and Sergio Yovine. The algorithmic
analysis of hybrid systems. Theoretical Computer Science 138:3-34, 1995
– Thomas A. Henzinger. The theory of hybrid automata. Proceedings of the 11th Annual
Symposium on Logic in Computer Science (LICS), IEEE Computer Society Press,
1996, pp. 278-292
● Linear Hybrid Automata
– Thomas A. Henzinger, Pei-Hsin Ho, and Howard Wong-Toi, HyTech: The next
generation. RTSS’95
– Goran Frehse. PHAVer: Algorithmic Verification of Hybrid Systems past HyTech.
HSCC’05
![Page 107: Verification of Hybrid Systems - univ-orleans.fr · 1 Verification of Hybrid Systems Antoine Girard Université Grenoble 1, Laboratoire Jean Kuntzmann - with work from Thao Dang,](https://reader030.fdocuments.us/reader030/viewer/2022040710/5e104b0b1223cb4a427a6e72/html5/thumbnails/107.jpg)
107
Bibliography
● Affine Dynamics
– E. Asarin, O. Bournez, T. Dang, and O. Maler. Approximate Reachability Analysis of
Piecewise-Linear Dynamical Systems. HSCC’00
– A. Girard, C. Le Guernic, and O. Maler. Efficient computation of reachable sets of linear
time-invariant systems with inputs. HSCC’06
● Hybridization and Nonlinear Dynamics
– Thomas A. Henzinger, Pei-Hsin Ho, and Howard Wong-Toi. Algorithmic analysis of
nonlinear hybrid systems. IEEE Transactions on Automatic Control 43:540-554, 1998
– E. Asarin, T. Dang, and A. Girard. Hybridization methods for the analysis of nonlinear
systems. Acta Informatica, 43(7):451-476, 2007
![Page 108: Verification of Hybrid Systems - univ-orleans.fr · 1 Verification of Hybrid Systems Antoine Girard Université Grenoble 1, Laboratoire Jean Kuntzmann - with work from Thao Dang,](https://reader030.fdocuments.us/reader030/viewer/2022040710/5e104b0b1223cb4a427a6e72/html5/thumbnails/108.jpg)
108
Verification Tools for Hybrid Systems
● HyTech: LHA
– http://embedded.eecs.berkeley.edu/research/hytech/
● PHAVer: LHA + affine dynamics
– http://www-verimag.imag.fr/~frehse/
● d/dt: affine dynamics + controller synthesis
– http://www-verimag.imag.fr/~tdang/Tool-ddt/ddt.html
● Matisse Toolbox: zonotopes
– http://www.seas.upenn.edu/~agirard/Software/MATISSE/
● HSOLVER: nonlinear systems
– http://hsolver.sourceforge.net/