lecture 3. reachability analysis - cis.upenn.edualur/talks/hl3.pdf · symbolic reachability...
TRANSCRIPT
![Page 1: Lecture 3. Reachability Analysis - cis.upenn.edualur/Talks/hl3.pdf · Symbolic Reachability Analysis " Timed Automata (Kronos, ... We focus on checking invariants of a single state](https://reader031.vdocuments.mx/reader031/viewer/2022020316/5b8a0d017f8b9a770a8eeaee/html5/thumbnails/1.jpg)
Lecture 3. Reachability Analysis
![Page 2: Lecture 3. Reachability Analysis - cis.upenn.edualur/Talks/hl3.pdf · Symbolic Reachability Analysis " Timed Automata (Kronos, ... We focus on checking invariants of a single state](https://reader031.vdocuments.mx/reader031/viewer/2022020316/5b8a0d017f8b9a770a8eeaee/html5/thumbnails/2.jpg)
Talk Outline
! Symbolic Reachability Analysis" Timed Automata (Kronos, Uppaal)" Linear Hybrid Automata (HyTech)" Polyhedral Flow-pipe Approximations (CheckMate)
" Orthogonal polyhedra (d/dt)
![Page 3: Lecture 3. Reachability Analysis - cis.upenn.edualur/Talks/hl3.pdf · Symbolic Reachability Analysis " Timed Automata (Kronos, ... We focus on checking invariants of a single state](https://reader031.vdocuments.mx/reader031/viewer/2022020316/5b8a0d017f8b9a770a8eeaee/html5/thumbnails/3.jpg)
Model Checker
AdvantagesAutomated formal verification, Effective debugging tool
Moderate industrial successIn-house groups: Intel, Microsoft, Lucent, Motorola…Commercial model checkers: FormalCheck by Cadence
ObstaclesScalability is still a problem (about 100 state vars)Effective use requires great expertise
model
temporalproperty
yes
error-trace
![Page 4: Lecture 3. Reachability Analysis - cis.upenn.edualur/Talks/hl3.pdf · Symbolic Reachability Analysis " Timed Automata (Kronos, ... We focus on checking invariants of a single state](https://reader031.vdocuments.mx/reader031/viewer/2022020316/5b8a0d017f8b9a770a8eeaee/html5/thumbnails/4.jpg)
Components of a Model Checker
" Modeling languageConcurrency, non-determinism, simple data types
" Requirements languageInvariants, deadlocks, temporal logics
" Search algorithms Enumerative vs symbolic + many optimizations
" Debugging feedback
We focus on checking invariants of a single state machine
![Page 5: Lecture 3. Reachability Analysis - cis.upenn.edualur/Talks/hl3.pdf · Symbolic Reachability Analysis " Timed Automata (Kronos, ... We focus on checking invariants of a single state](https://reader031.vdocuments.mx/reader031/viewer/2022020316/5b8a0d017f8b9a770a8eeaee/html5/thumbnails/5.jpg)
Reachability ProblemModel variables X ={x1, … xn}
Each var is of finite type, say, booleanInitialization: I(X) condition over XUpdate: T(X,X’)
How new vars X’ are related to old vars X as a result of executing one step of the program
Target set: F(X)Computational problem:
Can F be satisfied starting with I by repeatedly applying T ?Graph Search problem
![Page 6: Lecture 3. Reachability Analysis - cis.upenn.edualur/Talks/hl3.pdf · Symbolic Reachability Analysis " Timed Automata (Kronos, ... We focus on checking invariants of a single state](https://reader031.vdocuments.mx/reader031/viewer/2022020316/5b8a0d017f8b9a770a8eeaee/html5/thumbnails/6.jpg)
Symbolic SolutionData type: region to represent state-setsR:=I(X)Repeat
If R intersects T report “yes”Else if R contains Post(R) report “no”Else R := R union Post(R)
Post(R): Set of successors of states in RTermination may or may not be guaranteed
![Page 7: Lecture 3. Reachability Analysis - cis.upenn.edualur/Talks/hl3.pdf · Symbolic Reachability Analysis " Timed Automata (Kronos, ... We focus on checking invariants of a single state](https://reader031.vdocuments.mx/reader031/viewer/2022020316/5b8a0d017f8b9a770a8eeaee/html5/thumbnails/7.jpg)
Symbolic Representations
" Necessary operations on RegionsUnionIntersectionNegationProjectionRenamingEquality/containment testEmptiness test
"Different choices for different classesBDDs for boolean variables in hardware verificationSize of representation as opposed to number of states
![Page 8: Lecture 3. Reachability Analysis - cis.upenn.edualur/Talks/hl3.pdf · Symbolic Reachability Analysis " Timed Automata (Kronos, ... We focus on checking invariants of a single state](https://reader031.vdocuments.mx/reader031/viewer/2022020316/5b8a0d017f8b9a770a8eeaee/html5/thumbnails/8.jpg)
Ordered Binary Decision Diagrams
Popular representations for Boolean functions
Key properties:Canonical!Size depends on choice of ordering of variablesOperations such as union/intersection are efficient
a
bc
d
0
00
0
0
1
1
1 11
Function: (a and b) or (c and d)
Like a decision graphNo redundant nodesNo isomorphic subgraphsVariables tested in fixed order
![Page 9: Lecture 3. Reachability Analysis - cis.upenn.edualur/Talks/hl3.pdf · Symbolic Reachability Analysis " Timed Automata (Kronos, ... We focus on checking invariants of a single state](https://reader031.vdocuments.mx/reader031/viewer/2022020316/5b8a0d017f8b9a770a8eeaee/html5/thumbnails/9.jpg)
Example: Cache consistency: Gigamax
Real design of a distributed multiprocessor
Similar successes: IEEE Futurebus+ standard, network RFCs
Deadlock found using SMV
M P
UICUIC
UIC
M P
Global bus
Cluster bus
Read-shared/read-owned/write-invalid/write-shared/…
![Page 10: Lecture 3. Reachability Analysis - cis.upenn.edualur/Talks/hl3.pdf · Symbolic Reachability Analysis " Timed Automata (Kronos, ... We focus on checking invariants of a single state](https://reader031.vdocuments.mx/reader031/viewer/2022020316/5b8a0d017f8b9a770a8eeaee/html5/thumbnails/10.jpg)
Reachability for Hybrid Systems
" Same algorithm works in principle" What’s a suitable representation of regions?
Region: subset of Rk
Main problem: handling continuous dynamics
" Precise solutions available for restricted continuous dynamics
Timed automataLinear hybrid automata
" Even for linear systems, over-approximations of reachable set needed
![Page 11: Lecture 3. Reachability Analysis - cis.upenn.edualur/Talks/hl3.pdf · Symbolic Reachability Analysis " Timed Automata (Kronos, ... We focus on checking invariants of a single state](https://reader031.vdocuments.mx/reader031/viewer/2022020316/5b8a0d017f8b9a770a8eeaee/html5/thumbnails/11.jpg)
Talk Outline
# Symbolic Reachability Analysis! Timed Automata (Kronos, Uppaal)" Linear Hybrid Automata (HyTech)" Polyhedral Flow-pipe Approximations (CheckMate)
" Orthogonal polyhedra (d/dt)
![Page 12: Lecture 3. Reachability Analysis - cis.upenn.edualur/Talks/hl3.pdf · Symbolic Reachability Analysis " Timed Automata (Kronos, ... We focus on checking invariants of a single state](https://reader031.vdocuments.mx/reader031/viewer/2022020316/5b8a0d017f8b9a770a8eeaee/html5/thumbnails/12.jpg)
Timed Automata
" Only continuous variables are timers" Invariants and Guards: x<const, x>=const" Actions: x:=0" Reachability is decidable" Clustering of regions into zones desirable in
practice" Tools: Uppaal, Kronos, RED …" Symbolic representation: matrices" Techniques to construct timed abstractions of
general hybrid systems
![Page 13: Lecture 3. Reachability Analysis - cis.upenn.edualur/Talks/hl3.pdf · Symbolic Reachability Analysis " Timed Automata (Kronos, ... We focus on checking invariants of a single state](https://reader031.vdocuments.mx/reader031/viewer/2022020316/5b8a0d017f8b9a770a8eeaee/html5/thumbnails/13.jpg)
ZonesSymbolic computation
State(n, x=3.2, y=2.5 )
x
y
x
y
Symbolic state (set)(n, )
Zone:conjunction ofx-y<=n, x<=>n
3y4,1x1 ≤≤≤≤
![Page 14: Lecture 3. Reachability Analysis - cis.upenn.edualur/Talks/hl3.pdf · Symbolic Reachability Analysis " Timed Automata (Kronos, ... We focus on checking invariants of a single state](https://reader031.vdocuments.mx/reader031/viewer/2022020316/5b8a0d017f8b9a770a8eeaee/html5/thumbnails/14.jpg)
Symbolic Transitions
n
m
x>3
y:=0
x
ydelays to
x
y
x
yconjuncts to
x
y
projects to
1<=x<=41<=y<=3
1<=x, 1<=y-2<=x-y<=3
3<x, 1<=y-2<=x-y<=3
3<x, y=0
Thus (n,1<=x<=4,1<=y<=3) ==> (m,3<x, y=0)
![Page 15: Lecture 3. Reachability Analysis - cis.upenn.edualur/Talks/hl3.pdf · Symbolic Reachability Analysis " Timed Automata (Kronos, ... We focus on checking invariants of a single state](https://reader031.vdocuments.mx/reader031/viewer/2022020316/5b8a0d017f8b9a770a8eeaee/html5/thumbnails/15.jpg)
x<=1y-x<=2z-y<=2z<=9
x<=1y-x<=2z-y<=2z<=9
x<=1y-x<=2y<=3z-y<=2z<=7
x<=1y-x<=2y<=3z-y<=2z<=7
D1
D2
When are two sets of constraints equivalent?x x
0 y
z
1 2
29
ShortestPath
Closure
ShortestPath
Closure
0 y
z
1 2
25
0
x
y
z
1 2
27
0
x
y
z
1 2
25
3
3 3
Graph
Graph
Canonical Data-structures for ZonesDifference Bounded Matrices
![Page 16: Lecture 3. Reachability Analysis - cis.upenn.edualur/Talks/hl3.pdf · Symbolic Reachability Analysis " Timed Automata (Kronos, ... We focus on checking invariants of a single state](https://reader031.vdocuments.mx/reader031/viewer/2022020316/5b8a0d017f8b9a770a8eeaee/html5/thumbnails/16.jpg)
Difference Bounds Matrices
" Matrix representation of constraints (bounds on a single clock or difference betn 2 clocks)
" Reduced form obtained by running all-pairs shortest path algorithm
" Reduced DBM is canonical " Operations such as reset, time-successor,
inclusion, intersection are efficient" Popular choice in timed-automata-based tools
![Page 17: Lecture 3. Reachability Analysis - cis.upenn.edualur/Talks/hl3.pdf · Symbolic Reachability Analysis " Timed Automata (Kronos, ... We focus on checking invariants of a single state](https://reader031.vdocuments.mx/reader031/viewer/2022020316/5b8a0d017f8b9a770a8eeaee/html5/thumbnails/17.jpg)
Talk Outline
# Symbolic Reachability Analysis# Timed Automata (Kronos, Uppaal)! Linear Hybrid Automata (HyTech)" Polyhedral Flow-pipe Approximations (CheckMate)
" Orthogonal polyhedra (d/dt)
![Page 18: Lecture 3. Reachability Analysis - cis.upenn.edualur/Talks/hl3.pdf · Symbolic Reachability Analysis " Timed Automata (Kronos, ... We focus on checking invariants of a single state](https://reader031.vdocuments.mx/reader031/viewer/2022020316/5b8a0d017f8b9a770a8eeaee/html5/thumbnails/18.jpg)
Linear Hybrid Automata
" Invariants and guards: linear (Ax <= b)" Actions: linear transforms (x:= Ax)" Dynamics: time-invarint, state-independent
specified by a convex polytope constraining ratesE.g. 2 < x <= 3, x = y
" Tools: HyTech" Symbolic representation: Polyhedra" Methodology: abstract dynamics by differential
inclusions bounding rates
![Page 19: Lecture 3. Reachability Analysis - cis.upenn.edualur/Talks/hl3.pdf · Symbolic Reachability Analysis " Timed Automata (Kronos, ... We focus on checking invariants of a single state](https://reader031.vdocuments.mx/reader031/viewer/2022020316/5b8a0d017f8b9a770a8eeaee/html5/thumbnails/19.jpg)
Example LHAGate for a railroad controller
Openh = 90dh = 0
loweringh >= 0
-10<dh < 9
raisingh <= 90
8< dh <10
closedh = 0dh = 0
h = 90 lower
lower
raise
raise
h = 90 h = 0
![Page 20: Lecture 3. Reachability Analysis - cis.upenn.edualur/Talks/hl3.pdf · Symbolic Reachability Analysis " Timed Automata (Kronos, ... We focus on checking invariants of a single state](https://reader031.vdocuments.mx/reader031/viewer/2022020316/5b8a0d017f8b9a770a8eeaee/html5/thumbnails/20.jpg)
Reachability ComputationBasic element: (location l, polyhedron p)Set of visited states: a list of (l,p) pairsKey steps:• Compute “discrete” successors of (l,p)• Compute “continuous” successor of (l,p)• Check if p intersects with “bad” region• Check if newly found p is covered by already
visited polyhedra p1,…, pk (expensive!)
![Page 21: Lecture 3. Reachability Analysis - cis.upenn.edualur/Talks/hl3.pdf · Symbolic Reachability Analysis " Timed Automata (Kronos, ... We focus on checking invariants of a single state](https://reader031.vdocuments.mx/reader031/viewer/2022020316/5b8a0d017f8b9a770a8eeaee/html5/thumbnails/21.jpg)
Computing Discrete Successors
Discrete successor of (l,p)• Intersect p with g (result r is a polyhedron)• Apply linear transformation a to r (result r’ is a
polyhedron)• Successor is (l’,r’)
l l’g(x)-> x := a(x)
![Page 22: Lecture 3. Reachability Analysis - cis.upenn.edualur/Talks/hl3.pdf · Symbolic Reachability Analysis " Timed Automata (Kronos, ... We focus on checking invariants of a single state](https://reader031.vdocuments.mx/reader031/viewer/2022020316/5b8a0d017f8b9a770a8eeaee/html5/thumbnails/22.jpg)
Computing Time Successor
x
y
x
y
(3,2)
(1,4)
Rate Polytope
(1,4)
(3,2)p
Reach(p)
• Thm: If initial set p, invariant I, and rate constraint r, are polyhedra, then set of reachable states is a polyhedron (and computable)
• Basically, apply extremal rates to vertices of p
![Page 23: Lecture 3. Reachability Analysis - cis.upenn.edualur/Talks/hl3.pdf · Symbolic Reachability Analysis " Timed Automata (Kronos, ... We focus on checking invariants of a single state](https://reader031.vdocuments.mx/reader031/viewer/2022020316/5b8a0d017f8b9a770a8eeaee/html5/thumbnails/23.jpg)
Linear Phase-portrait Approximation
x
xdot
Fk(x)
range of x for mode=k
valid trajectory for H
xo
approximating “polydedron” Pk
valid trajectory for A
minP
maxP
minX maxX
![Page 24: Lecture 3. Reachability Analysis - cis.upenn.edualur/Talks/hl3.pdf · Symbolic Reachability Analysis " Timed Automata (Kronos, ... We focus on checking invariants of a single state](https://reader031.vdocuments.mx/reader031/viewer/2022020316/5b8a0d017f8b9a770a8eeaee/html5/thumbnails/24.jpg)
Improving Linear Phase-Portrait Approximations: Mode Splitting
x
xdot
Fk(x)
valid trajectory for H
xo
minX1maxX2X’
maxP2
minP2
Pk2
mk2mk1
Pk1
minP1
maxP1
![Page 25: Lecture 3. Reachability Analysis - cis.upenn.edualur/Talks/hl3.pdf · Symbolic Reachability Analysis " Timed Automata (Kronos, ... We focus on checking invariants of a single state](https://reader031.vdocuments.mx/reader031/viewer/2022020316/5b8a0d017f8b9a770a8eeaee/html5/thumbnails/25.jpg)
Computing Approximation
xdot1
xdot2 Fk(Xk)Pk
n1
n2
n3
n4
In general find Pk by solving the following optimization problem in a set of face-normal directions:
Problem: How to choose the ni.
max niT xdot
x, xdot
s.t. xdot ∈ Fk(x)x ∈ Xk
![Page 26: Lecture 3. Reachability Analysis - cis.upenn.edualur/Talks/hl3.pdf · Symbolic Reachability Analysis " Timed Automata (Kronos, ... We focus on checking invariants of a single state](https://reader031.vdocuments.mx/reader031/viewer/2022020316/5b8a0d017f8b9a770a8eeaee/html5/thumbnails/26.jpg)
Linear Phase-Portrait Approximations
• guaranteed conservative approximations• refinement introduces more discrete states • for bounded hybrid automata, arbitrarily
close approximation can be attained using mode splitting
• sufficient to use rectangular phase-portrait approximations (ni
T = [0…1…0])
![Page 27: Lecture 3. Reachability Analysis - cis.upenn.edualur/Talks/hl3.pdf · Symbolic Reachability Analysis " Timed Automata (Kronos, ... We focus on checking invariants of a single state](https://reader031.vdocuments.mx/reader031/viewer/2022020316/5b8a0d017f8b9a770a8eeaee/html5/thumbnails/27.jpg)
Summary: Linear Hybrid Automata
" HyTech implements this strategy" Core computation: manipulation of polyhedra
" Bottlenecks" proliferation of polyhedra (unions)" computing with higher dimensional polyhedra
" Many applications (active structure control, Philips audio control protocol, steam boiler…)
![Page 28: Lecture 3. Reachability Analysis - cis.upenn.edualur/Talks/hl3.pdf · Symbolic Reachability Analysis " Timed Automata (Kronos, ... We focus on checking invariants of a single state](https://reader031.vdocuments.mx/reader031/viewer/2022020316/5b8a0d017f8b9a770a8eeaee/html5/thumbnails/28.jpg)
Talk Outline
# Symbolic Reachability Analysis# Timed Automata (Kronos, Uppaal)# Linear Hybrid Automata (HyTech)! Polyhedral Flow-pipe Approximations (CheckMate)
" Orthogonal polyhedra (d/dt)
![Page 29: Lecture 3. Reachability Analysis - cis.upenn.edualur/Talks/hl3.pdf · Symbolic Reachability Analysis " Timed Automata (Kronos, ... We focus on checking invariants of a single state](https://reader031.vdocuments.mx/reader031/viewer/2022020316/5b8a0d017f8b9a770a8eeaee/html5/thumbnails/29.jpg)
Approximating Reachability
Given a continuous dynamic system,
and a set of initial states, X0 ,conservatively approximate Reach[0,t](Xo,F).
x = F(x),
![Page 30: Lecture 3. Reachability Analysis - cis.upenn.edualur/Talks/hl3.pdf · Symbolic Reachability Analysis " Timed Automata (Kronos, ... We focus on checking invariants of a single state](https://reader031.vdocuments.mx/reader031/viewer/2022020316/5b8a0d017f8b9a770a8eeaee/html5/thumbnails/30.jpg)
Polyhedral Flow Pipe Approximations
A. Chutinan and B. H. Krogh, Computing polyhedral approximations to dynamic flow pipes, IEEE CDC, 1998
X0
t1
t2
t3t4
t5 t6 t7
t8
t9• divide R[0,T](X0) into [tk,tk+1] segments
• enclose each segment with a convex polytope
• RM[0,T](X0) = union of polytopes
![Page 31: Lecture 3. Reachability Analysis - cis.upenn.edualur/Talks/hl3.pdf · Symbolic Reachability Analysis " Timed Automata (Kronos, ... We focus on checking invariants of a single state](https://reader031.vdocuments.mx/reader031/viewer/2022020316/5b8a0d017f8b9a770a8eeaee/html5/thumbnails/31.jpg)
Wrapping Hyperplanes Around a Set
S
c4
c3
c2c1Step 1:Choose normal vectors, c1,...,cm
![Page 32: Lecture 3. Reachability Analysis - cis.upenn.edualur/Talks/hl3.pdf · Symbolic Reachability Analysis " Timed Automata (Kronos, ... We focus on checking invariants of a single state](https://reader031.vdocuments.mx/reader031/viewer/2022020316/5b8a0d017f8b9a770a8eeaee/html5/thumbnails/32.jpg)
S
c4
c3
c2c1
Step 2:Compute optimal d in Cx ≤ d, CT = [c1
... cm]:
di = max ciTx
x∈ S
Wrapping Hyperplanes Around a Set
![Page 33: Lecture 3. Reachability Analysis - cis.upenn.edualur/Talks/hl3.pdf · Symbolic Reachability Analysis " Timed Automata (Kronos, ... We focus on checking invariants of a single state](https://reader031.vdocuments.mx/reader031/viewer/2022020316/5b8a0d017f8b9a770a8eeaee/html5/thumbnails/33.jpg)
Wrapping a Flow Pipe Segment
Given normal vectors ci, we wrap R[tk,tk+1](X0) in a polytope by solving for each i
Optimization problem is solved by embedding simulation into objective function computation
di = max ciTx(t,x0)
xo,t
s.t. x0∈ X0t ∈ [tk,tk+1]
![Page 34: Lecture 3. Reachability Analysis - cis.upenn.edualur/Talks/hl3.pdf · Symbolic Reachability Analysis " Timed Automata (Kronos, ... We focus on checking invariants of a single state](https://reader031.vdocuments.mx/reader031/viewer/2022020316/5b8a0d017f8b9a770a8eeaee/html5/thumbnails/34.jpg)
Flow Pipe Segment Approximation
Vertices(X0) at tk
Vertices(X0) at tk+1
Step 1.a. Simulate trajectories from each vertex of X0.
Step 2.Solve optimization for di
flow pipe segment approximated by { x | ci
Tx ≤ di, ∀ i }
b. Take the convex hulland identify outwardnormal vectors.
![Page 35: Lecture 3. Reachability Analysis - cis.upenn.edualur/Talks/hl3.pdf · Symbolic Reachability Analysis " Timed Automata (Kronos, ... We focus on checking invariants of a single state](https://reader031.vdocuments.mx/reader031/viewer/2022020316/5b8a0d017f8b9a770a8eeaee/html5/thumbnails/35.jpg)
Improvements for Linear Systems
• x = Ax ⇒ x(t, x0) = eAtx0• No longer need to embed simulation
into optimization• Flow pipe segment computation
depends only on time step ∆t• A segment can be obtained by
applying eAt to another segment of the same ∆t
)(ˆ)(ˆ0],0[0],[ XReXR t
Atttt ∆∆+ =
![Page 36: Lecture 3. Reachability Analysis - cis.upenn.edualur/Talks/hl3.pdf · Symbolic Reachability Analysis " Timed Automata (Kronos, ... We focus on checking invariants of a single state](https://reader031.vdocuments.mx/reader031/viewer/2022020316/5b8a0d017f8b9a770a8eeaee/html5/thumbnails/36.jpg)
Example 1: Van der Pol Equation
X x x0 1 20 8 1 0= ≤ ≤ ={ . , }
&
& . ( )x xx x x x
1 2
2 12
2 10 2 1== − − −
Van der Pol Equation
Uniform time step∆tk = 0.5
Initial Set
−2 −1.5 −1 −0.5 0 0.5 1 1.5−2
−1.5
−1
−0.5
0
0.5
1
1.5
x1
x 2
X0
![Page 37: Lecture 3. Reachability Analysis - cis.upenn.edualur/Talks/hl3.pdf · Symbolic Reachability Analysis " Timed Automata (Kronos, ... We focus on checking invariants of a single state](https://reader031.vdocuments.mx/reader031/viewer/2022020316/5b8a0d017f8b9a770a8eeaee/html5/thumbnails/37.jpg)
Example 2: Linear System
A =− − −
0 1 00 0 11 2 2
111
211
221
121
, , , and
Vertices for X0
Uniform time step∆tk = 0.1
![Page 38: Lecture 3. Reachability Analysis - cis.upenn.edualur/Talks/hl3.pdf · Symbolic Reachability Analysis " Timed Automata (Kronos, ... We focus on checking invariants of a single state](https://reader031.vdocuments.mx/reader031/viewer/2022020316/5b8a0d017f8b9a770a8eeaee/html5/thumbnails/38.jpg)
Summary: Flow Pipe Approximation
• Applies in arbitrary dimensions• Approximation error doesn't grow
with time• Estimation error (Hausdorff
distance) can be made arbitrarily small with ∆t < δ and size of X0 < δ
• Integrated into a complete verification tool (CheckMate)
![Page 39: Lecture 3. Reachability Analysis - cis.upenn.edualur/Talks/hl3.pdf · Symbolic Reachability Analysis " Timed Automata (Kronos, ... We focus on checking invariants of a single state](https://reader031.vdocuments.mx/reader031/viewer/2022020316/5b8a0d017f8b9a770a8eeaee/html5/thumbnails/39.jpg)
Talk Outline
# Symbolic Reachability Analysis# Timed Automata (Kronos, Uppaal)# Linear Hybrid Automata (HyTech)# Polyhedral Flow-pipe Approximations (CheckMate)
! Orthogonal Polyhedra (d/dt)
![Page 40: Lecture 3. Reachability Analysis - cis.upenn.edualur/Talks/hl3.pdf · Symbolic Reachability Analysis " Timed Automata (Kronos, ... We focus on checking invariants of a single state](https://reader031.vdocuments.mx/reader031/viewer/2022020316/5b8a0d017f8b9a770a8eeaee/html5/thumbnails/40.jpg)
Approximations by Orthogonal Polyhedra
Non-convex orthogonal polyhedra (unions of hyperrectangles)
Motivations$ canonical representation, efficient manipulation in any
dimension ⇒ easy extension to hybrid systems$ termination can be guaranteed
Over-approximation Under-approximation
![Page 41: Lecture 3. Reachability Analysis - cis.upenn.edualur/Talks/hl3.pdf · Symbolic Reachability Analysis " Timed Automata (Kronos, ... We focus on checking invariants of a single state](https://reader031.vdocuments.mx/reader031/viewer/2022020316/5b8a0d017f8b9a770a8eeaee/html5/thumbnails/41.jpg)
Reachability Analysis of Continuous Systems
Problem
Find an orthogonal polyhedron over-approximating thereachable set from F
x(0)∈ F, set of initial states
Lipschitzisf);(fsystemcontinuousA xx =&
![Page 42: Lecture 3. Reachability Analysis - cis.upenn.edualur/Talks/hl3.pdf · Symbolic Reachability Analysis " Timed Automata (Kronos, ... We focus on checking invariants of a single state](https://reader031.vdocuments.mx/reader031/viewer/2022020316/5b8a0d017f8b9a770a8eeaee/html5/thumbnails/42.jpg)
δ[0,r](F)
Successor Operator
δr(F)
F
Reachable set from F: δ(F) = δ[0,∞)(F)
![Page 43: Lecture 3. Reachability Analysis - cis.upenn.edualur/Talks/hl3.pdf · Symbolic Reachability Analysis " Timed Automata (Kronos, ... We focus on checking invariants of a single state](https://reader031.vdocuments.mx/reader031/viewer/2022020316/5b8a0d017f8b9a770a8eeaee/html5/thumbnails/43.jpg)
Algorithm for Calculating δδδδ(F)
P0 := F ;repeat k = 0, 1, 2 ..
Pk+1 := Pk ∪∪∪∪ δ [0,r](Pk) ;until Pk+1 = Pk
Use orthogonal polyhedra to
• represent Pk
• approximate δ[0,r]
r : time step
![Page 44: Lecture 3. Reachability Analysis - cis.upenn.edualur/Talks/hl3.pdf · Symbolic Reachability Analysis " Timed Automata (Kronos, ... We focus on checking invariants of a single state](https://reader031.vdocuments.mx/reader031/viewer/2022020316/5b8a0d017f8b9a770a8eeaee/html5/thumbnails/44.jpg)
Reachability of Linear Continuous Systems;AsystemlinearA xx =&
F is a convex polyhedron: F = conv{v1,..,vm}
δr(F) = eAr F
F
vi δr(vi)=eAr vi
F is the set of initial states
δr(F) = conv{δr(v1),.., δr(vm)}
![Page 45: Lecture 3. Reachability Analysis - cis.upenn.edualur/Talks/hl3.pdf · Symbolic Reachability Analysis " Timed Automata (Kronos, ... We focus on checking invariants of a single state](https://reader031.vdocuments.mx/reader031/viewer/2022020316/5b8a0d017f8b9a770a8eeaee/html5/thumbnails/45.jpg)
Over-Approximating the Reachable Set
δ[0,2r] (F) ⊆ P2 = G1∪ G2
X2
P2
δ[0,r](F) ⊆ G1
P1=G1
δ[r,2r](F) ⊆ G2
X1
X2
G2
X0=F
δr(v2)
X1= δr(X0)
v1
v2
δr(v1) X1 X1
X0
C1=conv{X1,X0}
C1Cb1
ε
Extension to under-approximationsExtension to under-approximations
![Page 46: Lecture 3. Reachability Analysis - cis.upenn.edualur/Talks/hl3.pdf · Symbolic Reachability Analysis " Timed Automata (Kronos, ... We focus on checking invariants of a single state](https://reader031.vdocuments.mx/reader031/viewer/2022020316/5b8a0d017f8b9a770a8eeaee/html5/thumbnails/46.jpg)
Example
=
××==
5.00.00.00.00.10.40.00.40.1
A
]1.0,05.0[]15.0,1.0[]05.0,025.0[F,Axx&
![Page 47: Lecture 3. Reachability Analysis - cis.upenn.edualur/Talks/hl3.pdf · Symbolic Reachability Analysis " Timed Automata (Kronos, ... We focus on checking invariants of a single state](https://reader031.vdocuments.mx/reader031/viewer/2022020316/5b8a0d017f8b9a770a8eeaee/html5/thumbnails/47.jpg)
Nonlinear Systems
yFx
Lipschitzisf);(fsystemcontinuousA xx =&
% ‘Face lifting’ technique, inspired by [Greenstreet 96]
x(0)∈ F, set of initial states
• Continuity of trajectories ⇒compute from the boundary of F
• The initial set F is a convex polyhedronThe boundary of F: union of its faces
![Page 48: Lecture 3. Reachability Analysis - cis.upenn.edualur/Talks/hl3.pdf · Symbolic Reachability Analysis " Timed Automata (Kronos, ... We focus on checking invariants of a single state](https://reader031.vdocuments.mx/reader031/viewer/2022020316/5b8a0d017f8b9a770a8eeaee/html5/thumbnails/48.jpg)
N(e)
H(e)
Over-Approximating δδδδ[0,r](F)Step 1: rough approximation N(F)
F
e
fe : projection of f on the outward normal to face eef̂ : maximum of fe over the neighborhood N(e) of e
ef̂
H’(e)
r
e1N(F)
Step 2: more accurate approximation
![Page 49: Lecture 3. Reachability Analysis - cis.upenn.edualur/Talks/hl3.pdf · Symbolic Reachability Analysis " Timed Automata (Kronos, ... We focus on checking invariants of a single state](https://reader031.vdocuments.mx/reader031/viewer/2022020316/5b8a0d017f8b9a770a8eeaee/html5/thumbnails/49.jpg)
Computation Procedure
• Decompose F into non-overlapping hyper-rectangles
• Apply the lifting operation to each hyper-rectangle (faces on the boundary of F)
• Make the union of the new hyper-rectangles
F
![Page 50: Lecture 3. Reachability Analysis - cis.upenn.edualur/Talks/hl3.pdf · Symbolic Reachability Analysis " Timed Automata (Kronos, ... We focus on checking invariants of a single state](https://reader031.vdocuments.mx/reader031/viewer/2022020316/5b8a0d017f8b9a770a8eeaee/html5/thumbnails/50.jpg)
Example: Collision Avoidance
[ ] [ ] )anglepitch(,u);thrust(T,Tu
umcxa
xxcosg
m)cx1(xax
muxsing
mxax
anglepathflight:x;velocity:x
maxmin2maxmin1
21L
1
221L2
12
21D
1
21
ΘΘ==
+−−=+−= &&
P = [Vmin,Vmax]×[γmin,γmax]
![Page 51: Lecture 3. Reachability Analysis - cis.upenn.edualur/Talks/hl3.pdf · Symbolic Reachability Analysis " Timed Automata (Kronos, ... We focus on checking invariants of a single state](https://reader031.vdocuments.mx/reader031/viewer/2022020316/5b8a0d017f8b9a770a8eeaee/html5/thumbnails/51.jpg)
d/dt SummaryTechniques generalize to
Hybrid SystemsDynamics with uncertain inputsController synthesis problems
Tool available from Verimag
Applications& collision avoidance (4 continuous variables, 1 discrete state)& double pendulum (3 continuous variables, 7 discrete states)& freezing system (6 continuous variables, 9 discrete states)