Algorithmic Verification of Stability of Hybrid Systems Pavithra - PowerPoint PPT Presentation

Algorithmic Verification of Stability of Hybrid Systems Pavithra Prabhakar Kansas State University Mysore Park Workshop Joint work with Miriam Garcia Soto (IMDEA Software Institute, Madrid) February 4, 2016 1

Cyber-Physical Systems (CPS) Systems in which software "cyber" interacts with the "physical" world Medical Devices Automotive Robotics Aeronautics Process control Hybrid Systems Plant x = f ( x, u ) ˙ Systems with mixed discrete- y = h ( x ) continuous behaviors y u Control u = g ( y ) 2

Hybrid Systems 3

Air traffic collision avoidance protocol Minimum separation The aircraft maintain a minimum distance between them always √ 3 r a r k � k b O k x � y k  p c = x + λ d = y + λ e c √ ( r ω ) 2 = | | 2 x 0 := x , d 0 := d | | x − c | | = | d | 3 r ω := ∗ collision detection & negotiation free entry x = ( x 1 , x 2 ): position of the airplane d = ( d 1 , d 2 ): velocity of the airplane | | x − c | | ≤ r reach inner circle  ˙      x 1 0 0 1 0 x 1 ω := − ω parallel to its x 2 ˙ 0 0 0 1 x 2       initial direction  = ˙       0 0 0 − ! d 1 d 1 exit circ      ˙ 0 0 ! 0 d 2 d 2 x + λ 2 d = x 0 + λ 1 d 0 ω : the angular velocity ω := 0 4

Automatic Gear Box & Cruise Control Cruise controller K r R e ( τ ) d τ T r Gear box + v ref T v v = f p ( v, T ) ˙ + e + K r e p = g ( v ) − Velocity v reaches v ref even in the presence of disturbances 5

Stability 6

Stability Stability is a fundamental property in control system design ✤ It captures the notion that small perturbations in the initial state or input result in only small deviations from the nominal behavior Cruise control Robotic arm Bipedal robot walking ✤ Set-point stability ✤ Stability of the periodic orbit 7

Stability ✤ Small perturbations in the initial state lead to small deviations in the system behavior 8

Lyapunov and asymptotic stability y � x � τ δ Lyapunov Stable y Lyapunov Stability x A system is Lyapunov stable with respect to a trajectory τ if Unstable ∀ ✏ > 0 , ∃ � > 0 , ∀ ⌧ 0 | ⌧ (0) − ⌧ 0 (0) | < � ⇒ ∀ t ≥ 0 | ⌧ ( t ) − ⌧ 0 ( t ) | < ✏ y Asymptotic Stability x Asymptotic stability in addition requires convergence to the reference trajectory Asymptotically Stable 9

Challenges in Stability Verification for Hybrid Systems 10

Stability analysis Linear dynamical systems y y Stability can be determined by eigen values analysis x x Stable Stable Linear hybrid systems y y Eigen value analysis does not suffice for switched linear system x x Stable Unstable

Current techniques for Stability Verification 12

Lyapunov’s second method Lyapunov function: Template based automated search ✤ Continuously differentiable ✤ Choose a template V : R n → R + ✤ Polynomial with coefficients as parameters ✤ Positive definite ✤ Encode (a relaxation) of the constraints as a sum-of- square programming problem V ( x ) ≥ 0 ∀ x ✤ Use existing tools for SOS ✤ Decreases along any trajectory ∂ V ( x ) ∂ x F ( x ) ≤ 0 ∀ x Shortcomings: ✤ Success depends crucially on the choice of the template V ✤ The current methods provide no insight into the reason for the failure, when a template fails to prove stability ✤ No guidance regarding the choice of the next template A CEGAR framework x y 13

Counter-example guided abstraction refinement 14

Abstraction 1 2 3 1 2 3 4 5 6 4 5 6 8 9 7 9 7 8 Safety Analysis ✤ Every trajectory corresponds to a path in the graph ✤ Absence of a path from green to red node implies safety 15

Abstraction 1 2 3 1 2 3 4 5 6 4 5 6 8 9 7 9 7 8 ✤ The above system is safe Safety Analysis ✤ The abstract graph has a counter-example ✤ Every trajectory corresponds to a path in the graph ✤ Absence of a path from green to red node implies safety ✤ Right abstractions are hard to find! 16

Refinement 1 2 3 1 2 3 4 5 6 4 5 6 8 9 7 9 7 8 ✤ The above system is safe Safety Analysis ✤ The abstract graph has a counter-example ✤ Every trajectory corresponds to a path in the graph ✤ Absence of a path from green to red node implies safety ✤ Right abstractions are hard to find! ✤ Refine by analyzing the abstract counter-example 17

Counter-example guided abstraction refinement Property Concrete Abstract Yes System System Property ✤ CEGAR for discrete systems Abstract Model-Check satisfied [Kurshan et al. 93, Clarke et al. 00, No Ball et al. 02] Abstraction Abstract Relation Counter-example ✤ CEGAR for hybrid systems safety verification [Alur et al 03, Clarke et No Yes Property al 03, Prabhakar et al 13] Refine Validate Analysis violated Results Template based search CEGAR framework ✤ Systematically iterate over the abstract ✤ Success depends crucially on the choice of the template systems ✤ Returns a counter-example in the case ✤ No insight into the reason for the failure, when a template fails to prove stability that the abstraction fails ✤ The counter-example can be used to ✤ No guidance regarding the choice of the next template guide the choice of the next abstraction 18

What are the ingredients for CEGAR? 19

CEGAR questions ✤ What pre-orders preserve stability? ✤ How do we construct abstractions/refinement? 20

Simulations and Bisimulations Simulation between T 1 and T 2 is a binary relation R ⊆ S 1 × S 2 s 1 s 2 R s 1 s 2 R R ∆ 2 Σ 2 Σ 1 ∆ 1 R R s 0 s 0 s 0 s 0 2 1 2 1 Every path of the first system has a matching path in the second system ✤ Bisimulations preserve several discrete-time properties [Timed automata, ✤ Multi-rate automata, O-minimal automata] 21

Stability is not bisimulation invariant! y ( x, y + xy ) ( x 0 , y + x 0 y ) y ( x, y ) ( x 0 , y ) x x Lyapunov Stable Unstable (0 , y ) , t 7! ( t, y ) (0 , y ) , t 7! ( t, y + yt ) Preorders for reasoning about stability of hybrid systems.Pavithra Prabhakar, Geir Dullerud and Mahesh Viswanathan. 22 15th ACM International Conference on Hybrid Systems: Computation and Control (HSCC), 2012. Honorable mention best paper award.

Uniformly continuous (bi)-simulations R is a uniformly continuous simulation from T 1 to T 2 if 1. R is a simulation and ✏ 2. R is uniformly continuous. R δ x ∀ ✏ > 0, ∃ � > 0 such that ∀ x ∈ Dom ( R ), R ( B � ( x )) ⊆ B ✏ ( R ( x )) Theorem Let R be a uniformly continuous simulation from T 1 to T 2 , and be consistent with τ 1 and τ 2 . T 2 is stable with respect to τ 2 implies T 1 is stable with respect to τ 1 ✤ Continuous simulations suffice for stability with respect to an equilibrium point ✤ Classical stability analysis techniques —- Lyapunov’s second method and Linearization —- are instances of stability analysis based on uniformly continuous simulations Preorders for reasoning about stability of hybrid systems with inputs. Pavithra Prabhakar, Jun Liu and Richard Murray. 23 International conference on Embedded Software (EMSOFT), 2013. Invited paper at the 50th Allerton conference.

Abstraction based Analysis ✤ What pre-orders preserve stability? ✤ How do we construct abstractions? 24

Piecewise Constant Derivative System γ C ✏ B ✏ 0 δ A D 0 F E ∃ � > 0 , ∀ ✏ ∈ (0 , � ] ∀ ✏ > 0 , ∃ � > 0 , [( ⌧ (0) ∈ B � (0)) ⇒ ∀ t ( ⌧ ( t ) ∈ B ✏ (0))] ✤ Special structure in a small neighborhood ✤ Homogenous linear constraints matter 25

PCD examples Lyapunov stable but Both Lyapunov stable and Unstable Not asymptotically stable asymptotically stable Theorem Verifying Lyapunov/Asymptotic Stability is undecidable in 5 dimensions for PCDs, but is decidable in 2 dimension for a more general class of systems. 26

Predicate abstraction p 2 p 1 p 3 w 1 p 2 p 1 w 2 w 6 C B A D p 3 p 6 p 4 E F w 3 w 5 p 6 p 4 p 5 p 5 w 4 p 1 p 2 Weights capture information w ( e ) = | d 2 | about distance to the origin | d 1 | d 2 along the executions d 1 27

Weighted Graph Construction p 2 p 2 p 2 p 2 p 2 p 3 p 1 p 3 p 1 p 3 p 3 p 3 p 1 p 1 p 1 p 4 p 4 p 4 p 4 p 4 p 2 p 2 p 2 1 1 1/2 1 2 1 p 1 p 1 p 1 p 3 p 3 p 3 1 1 1 1 1/2 2 p 4 p 4 p 4 28

A remark on weight computation z | ~ | ~ p 1 b | b + ~ c | p 2 | ~ a | | ~ c | a + ~ ~ b d 2 d 1 ~ a x w ( e ) = | d 2 | | d 1 | y sup | v 2 | | v 1 | t ≥ 0 , v 1 ∈ f 1 , v 2 ∈ f 2 , v 2 = v 1 + ϕ t a → ~ a → ↵~ ~ b implies ↵~ b 29

Soundness of Abstraction Theorem The piecewise constant derivative system is Lyapunov stable if ✤ there are no edges with infinite weights and ✤ the weighted graph does not contain any cycles with product of weights on the edges greater than 1 Abstraction based model-checking of stability of hybrid systems. P. Prabhakar, M. G. Soto. CAV’13 30