verification and synthesis of hybrid systems

1

Verification and Synthesis of Hybrid Systems

Thao Dang

October 10, 2000

2

Plan

1- Algorithmic Verification of Hybrid Systems

2- Reachability Analysis of Continuous Systems

3- Safety Verification of Hybrid Systems

4- Safety Controller Synthesis for Hybrid Systems

5- Implementation

3

Plan


2- Reachability Analysis of Continuous Systems



5- Implementation

4

Hybrid systems

• Hybrid systems: systems which combine continuous-time dynamics and discrete-event dynamics

Continuous processes Digital controllers,

switches, gears..(e.g., chemical reactions)

• Arisen virtually everywhere (due to the increasing use of computers)

5

Analysis of Hybrid Systems

• Formal verification: prove that the system satisfies a given property• Controller synthesis: design controllers so that the controlled system satisfies a desired property

• We concentrate on invariance properties: all trajectories of the system stay in a subset of the state space

• Hybrid systems are difficult to analyze No existing general method

6

Illustrative Example: A Thermostat

on

x x

off

max x

4 x x

min x

• Verification problem: prove that the temperature x[a,b]

• Characterize all behaviors Reachability Analysis

7

The Thermostat Example (cont’d)

• Two-phase behavior

• Non-deterministic behavior

• Set of initial states

x

t

max

min

0

0

How to characterize and represent “tubes” of trajectories of continuous dynamics in order to treat discrete transitions??

How to characterize and represent “tubes” of trajectories of continuous dynamics in order to treat discrete transitions??

8

Algorithmic Analysis of Hybrid Systems

• Exact symbolic methods applicable for restricted classes of hybrid systems

• Our objective: verification method for general hybrid systems in any dimension

9

Algorithmic Verification of Hybrid Systems

approximate reachability techniques represent reachable sets by orthogonal polyhedra

What do we need?? a reachability technique which

is applicable for arbitrary continuous systems can be extended to hybrid systems

10

Approximations by Orthogonal Polyhedra

Non-convex orthogonal polyhedra (unions of hyperrectangles)

Motivations canonical representation, efficient manipulation in any dimension easy extension to hybrid systems termination can be guaranteed

Over-approximation Under-approximation

11

Plan

1- Approach to Algorithmic Verification of Hybrid Systems

2- Reachability Analysis of Continuous Systems Abstract Reachability Algorithm Algorithm for Linear Continuous Systems Algorithm for Non-Linear Continuous Systems



5- Implementation

12

Plan





5- Implementation

13

Reachability Analysis of Continuous Systems

Problem

Find an orthogonal polyhedron over-approximating the reachable set from F

x(0)F, set of initial states

Lipschitzisf);(fsystemcontinuousA xx

14

[0,r](F)

Successor Operator

r(F)

F

Reachable set from F: (F) = [0,)(F)

15

Abstract Algorithm for Calculating (F)

P0 := F ;repeat k = 0, 1, 2 .. Pk+1 := Pk [0,r](Pk) ;until Pk+1 = Pk

Use orthogonal polyhedra to

• represent Pk

• approximate [0,r]

r : time step

16

Plan





5- Implementation

17

Reachability of Linear Continuous Systems

;AsystemlinearA xx

F is a convex polyhedron: F = conv{v1,..,vm}

r(F) = eArF

F

vir(vi)=eArvi

F is the set of initial states

r(F) = conv{r(v1),.., r(vm)}

18

Over-Approximating the Reachable Set

[0,2r] (F) P2 = G1G2

X2

P2

[0,r](F) G1

P1=G1

[r,2r](F) G2

X1

X2

G2

X0=F

r(v2)

X1= r(X0)

v1

v2

r(v1) X1X1

X0

C1=conv{X1,X0}

C1Cb1

Extension to under-approximationsExtension to under-approximations

19

Example

5.00.00.0

0.00.10.4

0.00.40.1

A

]1.0,05.0[]15.0,1.0[]05.0,025.0[F,Axx

20

Extension to Linear Systems with Uncertain Input

setcompactandconvexa,Uinput);t()t(A)t( uuxx

Computation of r(F) [Varaiya 98]

U),t(λmaxarg)t( i*i uuu

i(r)i

F yi*(r)yi

r(F)

Bloating amount

u1

u2

(Maximum Principle)

21

Example

]005.0,005.0[]5.0,5.0[]005.0,005.0[]5.0,5.0[UsetInput

]1,1[]2,0[]1,1[]2,0[FsetInitial

0400

1000

0008

0010

A,A

uxx [Kurzhanski and Valyi 97]

Advantage: time-efficiency Advantage: time-efficiency

22

Plan





5- Implementation

23

Principle of the Reachability Technique

yF

x

Lipschitzisf);(fsystemcontinuousA xx

‘Face lifting’ technique, inspired by [Greenstreet 96]

x(0)F, set of initial states

Continuity of trajectories compute from the boundary of F

The initial set F is a convex polyhedron

The boundary of F: union of its faces

24

N(e)

H(e)

Over-Approximating [0,r](F)

Step 1: rough approximation N(F)

F

e

fe : projection of f on the outward normal to face e

ef̂ : maximum of fe over the neighborhood N(e) of e

ef̂

H’(e)

r

e1N(F)

Step 2: more accurate approximation

25

Computation Procedure

• Decompose F into non-overlapping hyper-rectangles

• Apply the lifting operation to each hyper-rectangle (faces on the boundary of F)

• Make the union of the new hyper-rectangles

F

26

Example: Airplane Safety [Lygeros et al. 98]

)anglepitch(,u);thrust(T,Tu

um

cxa

x

xcosg

m

)cx1(xax

m

uxsing

m

xax

anglepathflight:x;velocity:x

maxmin2maxmin1

21L

1

221L2

12

21D

1

21

P = [Vmin,Vmax][min,max]

27

Plan





5- Implementation

28

Hybrid Systems

Hybrid automata• continuous dynamics: linear with uncertain input, non-linear• staying and switching conditions: convex polyhedra• reset functions : affine of the form Rqq’ (x) = Dqq’x + Jqq’

q0 u x x 1 A

q1

) ( R : / G01 01x x x

0 Hx 1 Hx) ( f0x x

) ( R : / G10 10x x x

switching conditionreset function

discrete state

staying condition

continuous dynamics

29

Reachability of Hybrid Automata

The state (q, x) of the system can change in two ways:• continuous evolution: q remains constant, and x changes continuously according to the diff. eq. at q• discrete evolution (by making a transition): q changes, and x changes according to the reset function.

Reachability analysis• continuous-successors • discrete-successors approximations by orthogonal polyhedra

30

Over-approximating Continuous-Successors

• Use the reachability algorithms for continuous systems• Take into account the staying conditions

Hq

F[0,r](F)P

31

Fg FGqq’

Over-approximating Discrete-Successors

Rqq’(b)

Hq’

F

qq’(q, F) = (q’, Rqq’(F Gqq’) Hq’)

b Gqq’

Fg

32

q0

15 . 0 x1

q1

02 . 0 x1

q0

15 . 0 x1 Example

2 3

3 2A ;

0 3

6. 0 0A1 0q0 x x1 A

q1

15 . 0 x1

15 . 0 x1 02 . 0 x1 x x0 A

02 . 0 x1

33

Plan





5- Implementation

34

Switching Controller Synthesis: Introduction

q1 q2

q3

f1

f2

f3

q x

Mode selection

Plant

Discrete Switching Controller

q3

12 Gx

21 Gx

31 Gx23 Gx

3 Hx

2 Hx1 Hx) ( f1x x ) ( f2x x

) ( f3x x

q1 q2

35

The Safety Synthesis Problem

Given a hybrid automaton A and a set F How to restrict the guards and the staying conditions of A so that all trajectories of the resulting automaton A* stay in F

Solution: Compute the maximal invariant set (set of ‘winning’ states)

36

Operator

Given F={(q, Fq) | qQ}, (F) consists of states from which all trajectories

• stay indefinitely in F without switching OR

• stay in F for some time and then make a transition to another discrete state and still in F

Gqq’Fq’

Fq

x1

x2

x3

37

Calculation of the Maximal Invariant Set

P0 := F ; repeat k = 1, 2, .. Pk+1 := Pk (Pk) ; until Pk+1 = Pk

P* = Pk ;

P* : maximal invariant setA* : H* =H P*, G* =G P*

38

Effective Approximate Synthesis Algorithm

• Use our reachability techniques for hybrid automata to approximate (F)

• Under-approximations

Effective approximate synthesis algorithm for hybrid systems with linear continuous dynamics

To approximate the maximal invariant set:

39

F0 F1

G10

G01

05.00.2

5.005.0A0

05.05.0

0.205.0A1

68.0,35.035.0,65.0F

G10F0F1F0

G01F1

G01=[-0.2,-0.01]

[-0.2,-0.01]

G10=[0.01,0.32]

[-0.01,0.1]

40

Plan





5- Implementation

41

The tool d/dt

Three types of automatic analysis for hybrid systems with linear differential inclusions

Reachability Analysis: compute an over-approximation of the reachable set from a given initial set

Safety Verification: check whether the system reaches a set of bad states

Safety Controller Synthesis: synthesize a switching controller so that the controlled system always remains inside a given set

42

Implementation

OpenGL LEDA

Interface Verification AlgorithmsController Synthesis Algorithms

Numerical IntegrationCVODE

Geometric Algorithms

Qhull, Polka,Cubes

Orthogonal Approximations

d/dt

43

The tool d/dt

44

Conclusions

Generality of Systems Complexity of continuous and discrete dynamics High dimensional systems

Variety of Problems Safety Verification and Synthesis

Applications collision avoidance (4 continuous variables, 1 discrete state) double pendulum (3 continuous variables, 7 discrete states) freezing system (6 continuous variables, 9 discrete states)

45

Perspectives

• More efficient analysis techniques- Combining with analytic/qualitative methods- Adapting existing techniques for discrete/timed systems

• More classes of problems - more properties to verify, more synthesis criteria - controller synthesis for more general systems, e.g linear diff. games vuxx CBA

• Tool - more interactive analysis, simulation features - experimentation: real-life problems

46

Related Work

Reachability Analysis• Polygonal Projections [Greenstreet and Mitchell 99]• Ellipsoidal Techniques [Kurzhanski and Varaiya 00]• Approximations via Parallelotopes [Kostoukova 99]

Verification• CheckMate [Chutinan and Krogh 99]• HyperTech [Henzinger et al. 00]• VeriShift [Botchkarev and Tripakis 00]• Symbolic Method [Lafferriere, Pappas, and Yovine 99]

Synthesis• Synthesis for timed automata [Asarin, Maler, Pnueli, and Sifakis 98]• Hamilton Jacobi Partial Diff. Eq. [Lygeros, Tomlin, and Sastry 98]• Computer Algebra [Shakernia, Pappas, and Sastry 00]

47

FinMerci

verification and synthesis of hybrid systems

Documents

general hybrid systems

hybrid systems termination

hybrid systemsapproximations

state space hybrid systems

arbitrary continuous

continuous dynamics

verification method

continuoustime dynamics