Co-simulation of Physical Model and Self-Adaptive Predictive Controller Using Hybrid Automata Imane Lamrani, Ayan Banerjee, Sandeep Gupta. iMPACT Lab CISDE, Arizona State University.
Introduction Safety-critical cyber-physical system (CPS) design and implementation has seen a new revolution of self-adaptation capabilities. Self-adaptive predictive control (SAP) systems adjust their behavior in response to the continuously changing execution environment in order to achieve improved control. For example, medical devices adopt self-adaptation control theory to deliver more accurate, personalized treatment to patients. CPS verification techniques should be equipped with self-adaptation capabilities. One of the versatile tool used for CPS verification is reachability analysis.
Numerical Simulation VS Reachability Analysis Numerical simulation is used to test the correct behavior of a system. Advantage: Prove that system is unsafe (by producing a trajectory that hits the unsafe set) Disadvantage: The trajectory that hits the unsafe set may have been overlooked. Missed trajectory
Numerical Simulation VS Reachability Analysis Reachability analysis determines the set of states that a system can possibly visit starting from a set of initial states. If the reachable set does not intersect with unsafe states, then safety of the system is guaranteed. Reachability analysis over hybrid automata provides a higher level of safety verification rigor.
Example CPS: Artificial Pancreas (AP) Glucose-meter value 𝐶 Blood glucose monitoring control algorithm Insulin Input/Output Infusion rate Operation 𝐽 𝑢 Traces
ሶ ሶ ሶ ሶ ሶ ሶ ሶ ሶ ሶ Example CPS: Hybrid automata of AP Bas asal Braking G ≥ 120 𝑌 = −𝑙 2 X t + 𝑙 3 ( I(t) - 𝐽 𝑐 ) 𝑌 = −𝑙 2 X t + 𝑙 3 ( I(t) - 𝐽 𝑐 ) 𝐻 = −X t 𝐻(𝑢) + 𝑙 1 (𝐻 𝑐 - 𝐻(𝑢)) 𝐻 = −X t 𝐻(𝑢) + 𝑙 1 (𝐻 𝑐 - 𝐻(𝑢)) G ≤ 120 𝐽 = −𝑙 4 𝐽(𝑢) + 𝑙 5 (𝐻 𝑢 − 𝑙 6 ) 𝐽 = −𝑙 4 𝐽 𝑢 + 𝑙 5 𝐻 𝑢 − 𝑙 6 𝐽 𝑢 = 5 𝐽 𝑢 = 0.5 𝐻 + 44.75 Control Modes : Basal, Breaking, & Correction bolus. G ≥ 180 G ≥ 120 Variables X: Interstitial insulin concentration G: Blood glucose concentration Cor orrection Bolus 𝑌 = −𝑙 2 X t + 𝑙 3 ( I(t) - 𝐽 𝑐 ) I: Plasma insulin concentration 𝐻 = −X t 𝐻(𝑢) + 𝑙 1 (𝐻 𝑐 - 𝐻(𝑢)) Flow Equation : ሶ 𝑌 () = ….; Guard Condition : G ≥ 120 ; 𝐽 = −𝑙 4 𝐽 𝑢 + 𝑙 5 𝐻 𝑢 − 𝑙 6 Reset condition : Insulin infusion rate 𝐽 𝑢 =…; 𝐽 𝑢 = 50 Patient specific parameters : k1, …, k6
Self-adaptive Predictive Control (SAP) Different conditions including disturbances or systemic changes may cause tremendous changes in the parameters of the predictive model describing the dynamics of the system. SAP: Adjusting controller parameters in response to these changes to regulate the system and achieve improved control. Reachability analysis over hybrid automata provides a higher level of safety verification rigor. Existing hybrid automata tools do not support modeling of run-time self- adaption of predicates
Self Adaptive Control Systems The controller modifies itself in response to changes in the dynamics and characteristics of the system being controlled. Change dynamics values detection Update controller parameters output control signal Physical Controller Environment
Self-adaptive Predictive Control (SAP) A predictive model of the physical environment is used to estimate the values the system dynamics. The predictive control algorithm computes control signal based on dynamics predicted values. Change dynamics values detection Update predictive model parameters Physical output control signal Physical environment Predictive Environment predictive Controller model
Example: SAP Artificial Pancreas
Problem Statement Propose a co-simulation framework that strives to: Support modeling of predictive control systems using hybrid automata , and runtime self-adaption of hybrid automata based on new configurations from other modeling tools such as Simulink. Provide an alternative modeling technique for devices with self- adaptive predictive control. Verify the safety of self-adaptive predictive control devices by checking whether the sets of reachable states of the system intersects with the unsafe set. The co-simulation framework is defined as the time synchronized simulation of: The SAP controller discrete decision making module, The physical model update method, and The physical system evolution.
Related Work An approach to validate behavioral properties of decentral-ized self-adaptive systems. The self-adaptive system is modeled with timed automata and required properties are specified using timed-computation tree logic. Verification is done through Uppaal. Formal verification approach of adaptive real-time systems to verify tasks schedulability to prevent missed task deadlines when adjustement are performed. Tasks can be described in the model as long as their behavior can be modeled using task automata. Main assumption: 1- Adaptation scenarios have to be predefined. 2- An environment model should be available since it specifies the failure events that have to be tested. 3- Proper test selection must be defined since exhaustive testing of systems is not feasible. Not applicable to SAP control systems where configuration functions are linear combination between the parameters of the predictive model and the changing conditions of the environment.
Related Work Another work introduced a configuration language to specify reconfiguration requirements and events in temporal logic while the system behavior is depicted in the hybrid automata model. Reconfiguration mechanism is limited to a constant function which can not be applied to predictive self-adaptive control system. Exact computation of reachable sets is still considered a difficult task and becomes even more complicated for time-varying systems. Union of short-term simulations on a set of initial conditions has been proposed as an approach to compute overapproximation of reachable sets for time-varying systems.
Co-simulation Framework Change Detection : The change detection method compares the expected value of the model parameters and the vector of unbiased parameter estimates computed. Self-adaptation : Adapts the predictive model accordingly by re-estimating the changing parameters of the model using the more recent data Simultaneously running only.
Co-simulation Framework HA supervisor (Python Script) : Generates initial predictive model in SpaceEx's Calls SpaceEx executable to run system model with the configuration file that specifies initial states, sampling time... SpaceEx the reachable states computed in an output file o 1 .txt. Generate a new predictive model with new parameter settings once a change is detected. Calls SpaceEx executable le to run the new Simultaneously running model file. Repeat previous steps until termination criterion is satisfied. The final reach set of the self- adaptive control system is a union of all reachable states o 1 .txt,…, o n .txt obtained with all controller configurations generated at runtime.
Example: Co-simulation for AP Change Detection : The change detection detects changes in the behavior of the human body using recent blood glucose measurements. These changes physically correspond to significant change in glucose levels Self-adaptation : Patient predictive model Re-estimate the changing parameters of the model using the more recent data only. It applies Fisher Information and Cramer Rao bound.
Example: Co-simulation for AP
Conclusions & Future Work We have investigated the problem of safety verification of self-adaptive control systems. We proposed a novel approach to model and verify the safety of self-adaptive predictive control systems via reachability analysis and co-simulation. The proposed method is considered a run-time verification of the self-adaptive systems using reachability analysis. Issue: Selection of an accurate termination criteria for the safety analysis. Future work: Investigate the correctness of the computed reach set for predictive self- adaptive systems.
Questions & Answers
Recommend
More recommend
