Locally Optimal Reach Set Over-approximation for Nonlinear Systems - - PowerPoint PPT Presentation
Locally Optimal Reach Set Over-approximation for Nonlinear Systems EMSOFT 2016 Chuchu Fan Sayan Mitra Jim Kapinski Xiaoqing Jin How to check safety of an autonomous maneuver? $ gain overtake Given controller and separation
EMSOFT 2016 Chuchu Fan Sayan Mitra Jim Kapinski Xiaoqing Jin
EMSOFT 2016 ⋅ Locally optimal reachability ⋅ Chuchu Fan ⋅ UIUC
2
𝜕 𝑡$
reach threshold switch to left
switch to right gain threshold
abort
Given controller and separation requirement, check safety with respect to ranges of initial relative positions, speeds, road conditions.
EMSOFT 2016 ⋅ Locally optimal reachability ⋅ Chuchu Fan ⋅ UIUC
certificate
model, simulator, requirements
bug trace Verification Algorithms
Bug discovery → faster development Certificate → evidence for DO178C, ISO26262, etc. Challenge: models of complex control systems often do not have analytical solutions → Simulation ⇒ proofs?
3
EMSOFT 2016 ⋅ Locally optimal reachability ⋅ Chuchu Fan ⋅ UIUC
Consider nonlinear ODE 𝑦̇ = 𝑔 𝑦 , 𝑦 ∈ ℝ-
‒
Trajectory 𝜊 𝑦/, 𝑢 : state at time 𝑢 from initial state 𝑦/ ‒ Reachtube 𝜊(𝐶(𝑦/, 𝜀), 𝑈): all states reachable from initial set 𝐶(𝑦/, 𝜀) ⊆ ℝ- up to time 𝑈
Safety verification problem: given initial set
𝐶(𝑦/, 𝜀), unsafe set U, time bound 𝑈, decide 𝜊 𝐶(𝑦/, 𝜀), 𝑈 ∩ U = ∅?
4
Unsafe
𝜊 𝑒/, 𝑢
time Relative distance
𝑒/ 𝐶(𝑒/, 𝜀)
𝜊(𝐶(𝑦/, 𝜀), 𝑈)
EMSOFT 2016 ⋅ Locally optimal reachability ⋅ Chuchu Fan ⋅ UIUC
5
Given start and unsafe Compute finite cover of initial set Simulate from the center 𝑦/ of each cover Generalize simulation to reachtube so that reachtube contains all trajectories from the cover Check intersection/containment with 𝑉 Refine Union = over-approximation of reach set
Θ 𝑉
Key step: 𝜊 𝑦/, 𝑢 -> 𝜊 𝐶 𝑦/, 𝜀 , 𝑈
𝜊 𝑒/, 𝑢
time Relative distance
𝑒/ 𝐶(𝑒/, 𝜀)
𝜊(𝐶(𝑦/, 𝜀), 𝑈)
Grey tube: Unknown Green tube: Safe
Feedback Friday Presentation EMSOFT 2016 ⋅ Locally optimal reachability ⋅ Chuchu Fan ⋅ UIUC
6
Discrepancy formalizes generalization : Discrepancy is a continuous function 𝛾 that bounds the distance between neighboring trajectories
𝜊 𝑦B, 𝑢 − 𝜊(𝑦D, 𝑢) ≤ 𝛾 𝑦B − 𝑦D , 𝑢 ,
From a single simulation of 𝜊(𝑦B, 𝑢) and discrepancy 𝛾 we can over-approximate the reachtube
𝑦B 𝑦D
𝜊 𝑦D, 𝑢 𝜊 𝑦B, 𝑢
𝛾(‖𝑦B − 𝑦D‖, 𝑢)
Feedback Friday Presentation EMSOFT 2016 ⋅ Locally optimal reachability ⋅ Chuchu Fan ⋅ UIUC
7
If 𝑔(𝑦) has a Lipschitz constant 𝑀 :
∀𝑦, 𝑧 ∈ ℝ-, 𝑔 𝑦 − 𝑔 𝑧 ≤ 𝑀 𝑦 − 𝑧
Example: 𝑦̇ = −2𝑦, Lipschitz constant 𝑀 = 2 then a (bad) discrepancy function is
𝜊 𝑦B, 𝑢 − 𝜊(𝑦D, 𝑢) ≤ 𝑦B − 𝑦D 𝑓MN = 𝛾 𝑦B − 𝑦D , 𝑢
𝑦B 𝑦D
𝜊 𝑦D, 𝑢 𝜊 𝑦B, 𝑢
𝛾(‖𝑦B − 𝑦D‖, 𝑢)
Feedback Friday Presentation EMSOFT 2016 ⋅ Locally optimal reachability ⋅ Chuchu Fan ⋅ UIUC
8
𝑦̇ = −2𝑦, Lipschitz constant 𝑀 = 2, 𝜀 = 1
𝑦B 𝑦D
𝜊 𝑦D, 𝑢 𝜊 𝑦B, 𝑢
𝛾(‖𝑦B − 𝑦D‖, 𝑢)
Feedback Friday Presentation EMSOFT 2016 ⋅ Locally optimal reachability ⋅ Chuchu Fan ⋅ UIUC
𝛾(‖𝑦B − 𝑦D‖, 𝑢)
𝑦B 𝑦D
𝜊 𝑦D, 𝑢 𝜊 𝑦B, 𝑢
9
EMSOFT 2016 ⋅ Locally optimal reachability ⋅ Chuchu Fan ⋅ UIUC
Theorem [Sontag 10]: For any ⊆ ℝ-, if all trajectories starting from the line between any two initial states 𝑦B and 𝑦Dremains in then: 𝜊 𝑦B, 𝑢 − 𝜊 𝑦D, 𝑢 ≤ 𝑦B − 𝑦D 𝑓QN, where c = max
$∈ 𝜈 𝐾 𝑦
and 𝜈 𝐾 𝑦 is a matrix measure of Jacobian 𝐾 𝑦 =
XYZ $ X$[
is the Jacobian matrix of f This 𝑑 can be < 0, usually << Lipschitz constant
10
𝑦B 𝑦D
𝜊 𝑦D, 𝑢 𝜊 𝑦B, 𝑢
Example: 𝑤̇ 𝑥 ̇ = 𝑤D + 𝑥D −𝑤 Jacobian: 𝐾
𝑤 𝑥 = 2𝑤 2𝑥 −1
EMSOFT 2016 ⋅ Locally optimal reachability ⋅ Chuchu Fan ⋅ UIUC
𝜈 𝐵 = lim
N→/f
𝐽 + 𝑢𝐵 − 𝐽 𝑢 2-norm: 𝜈(𝐵) = 𝜇ij$
klkm D
11
𝐵 = max
$n/
𝐵𝑦 𝑦
𝐵 D =
𝜇ij$(𝐵o𝐵)
EMSOFT 2016 ⋅ Locally optimal reachability ⋅ Chuchu Fan ⋅ UIUC
Matrix measure [Desoer 72]:
𝜈 𝐵 = lim
N→/f
𝐽 + 𝑢𝐵 − 𝐽 𝑢 2-norm: 𝜈(𝐵) = 𝜇ij$
klkm D
12
For any matrix 𝐵 ∈ ℝ-×- Matrix norm
𝐵 = max
$n/
𝐵𝑦 𝑦
̶
𝐵 D = max 𝜇ij$(𝐵o𝐵)
$∈ 𝜈 𝐾 𝑦
①
≡ 𝑑 = max
$∈ lim N→/f
𝐽 + 𝑢𝐾 𝑦 − 𝐽 𝑢
②
min 𝑑 s.t. ∀𝐵 ∈ , 𝐾 , 𝑁𝐵 + 𝐵o𝑁 ≼ 2𝑑𝐽 𝑁 ≻ 0
From original problem to an SDP problem in the next slides
EMSOFT 2016 ⋅ Locally optimal reachability ⋅ Chuchu Fan ⋅ UIUC
Choosing ordinary matrix 2-norm, 𝜈 𝐾 𝑦
becomes: 𝜇ij$ 𝐾 𝑦 + 𝐾o 𝑦 2
[ATVA15]uses eigenvalue of center Jacobian matrix and perturbation bound to maximize this quantity over [CAV15] application to Powertrain verification problem [Jin 16] [CAV16] tool C2E2 implementing this algorithm
13
Feedback Friday Presentation EMSOFT 2016 ⋅ Locally optimal reachability ⋅ Chuchu Fan ⋅ UIUC
14
Under 2-norm, approximations are represented by spheres Using linear coordinate transformations of state, we can get tighter over-approximations with ellipsoids Under coordinate transformation 𝑄: matrix measure is 𝜈| 𝐵 = 𝜈(𝑄𝐵𝑄}B)
𝑦B 𝑦D
𝜊 𝑦D, 𝑢 𝜊 𝑦B, 𝑢
𝛾(‖𝑦B − 𝑦D‖, 𝑢)
Feedback Friday Presentation EMSOFT 2016 ⋅ Locally optimal reachability ⋅ Chuchu Fan ⋅ UIUC
15
Under 2-norm approximations are represented by spheres Using linear coordinate transformations of state, we can get tighter over-approximations with ellipsoids Under coordinate transformation 𝑄: matrix measure is 𝜈| 𝐵 = 𝜈(𝑄𝐵𝑄}B)
𝑦B 𝑦D
𝜊 𝑦D, 𝑢 𝜊 𝑦B, 𝑢
𝛾(‖𝑦B − 𝑦D‖, 𝑢) 𝑑 = max
$∈ 𝜈 𝐾 𝑦
① ≡ 𝑑 = max
$∈ lim N→/f
𝐽 + 𝑢𝐾 𝑦 − 𝐽 𝑢 ② ≡ 𝑑 = max
$∈ 𝜇ij$
𝑄𝐾 𝑦 𝑄}B + (𝑄}B)o𝐾 𝑦 𝑄o 2
③
Plug in definition
[Original problem] [Using coordinate transformation]
EMSOFT 2016 ⋅ Locally optimal reachability ⋅ Chuchu Fan ⋅ UIUC
𝑦B 𝑦D
𝜊 𝑦D, 𝑢 𝜊 𝑦B, 𝑢
is a compact set Each 𝐾•‚: → ℝ is continuous and has upper (𝑣•‚) and lower bounds (𝑚•‚) Compute interval matrix (, 𝐾) = [∗,∗] ⋯ [∗,∗] ⋮ [𝑚•‚, 𝑣•‚] ⋮ [∗,∗] ⋯ [∗,∗] For all 𝑦 ∈ , 𝐾 𝑦 ∈ (, 𝐾)
16
𝑑 = max
$∈ 𝜈 𝐾 𝑦
≡ 𝑑 = max
$∈ lim N→/f
𝐽 + 𝑢𝐾 𝑦 − 𝐽 𝑢 ≡ 𝑑 = max
$∈ 𝜇ij$
𝑄𝐾 𝑦 𝑄}B + (𝑄}B)o𝐾 𝑦 𝑄o 2
EMSOFT 2016 ⋅ Locally optimal reachability ⋅ Chuchu Fan ⋅ UIUC
𝑦B 𝑦D
𝜊 𝑦D, 𝑢 𝜊 𝑦B, 𝑢
is a compact Each 𝐾•‚: → ℝ is continuous and therefore has upper (𝑣•‚) and lower bounds (𝑚•‚) over (, 𝐾) = [∗,∗] ⋯ [∗,∗] ⋮ [𝑚•‚, 𝑣•‚] ⋮ [∗,∗] ⋯ [∗,∗]
17
𝑑 = max
$∈ 𝜈 𝐾 𝑦
①
≡ 𝑑 = max
$∈ lim N→/f
𝐽 + 𝑢𝐾 𝑦 − 𝐽 𝑢
②
≡ 𝑑 = max
$∈ 𝜇ij$
𝑄𝐾 𝑦 𝑄}B + (𝑄}B)o𝐾 𝑦 𝑄o 2
③
⇐ max
k∈ ,” 𝜇ij$
𝑄𝐵𝑄}B + (𝑄}B)o𝐵𝑄o 2
④ [Original problem] [Using coordinate transformation] [Bound 𝐾(𝑦) with interval matrix]
EMSOFT 2016 ⋅ Locally optimal reachability ⋅ Chuchu Fan ⋅ UIUC
18
max
k∈ ,” 𝜇ij$ |k|–—l(|–—)mk|m D
≡ min 𝑑 s.t. ∀𝐵 ∈ , 𝐾 𝑄𝐵𝑄}B + (𝑄}B)o𝐵𝑄o ≼ 2𝑑 𝐽 ≡ min 𝑑 s.t. ∀𝐵 ∈ , 𝐾 , 𝑁𝐵 + 𝐵o𝑁 ≼ 2𝑑𝐽 𝑄o 𝑄 𝑄o 𝑄 𝑄o 𝑄 𝑄o𝑄𝐵 + 𝐵𝑄o𝑄 ≼ 2𝑑𝐽
𝑁
𝑁
𝑑 = max
$∈ 𝜈 𝐾 𝑦
≡ 𝑑 = max
$∈ lim N→/f
𝐽 + 𝑢𝐾 𝑦 − 𝐽 𝑢 ≡ 𝑑 = max
$∈ 𝜇ij$
𝑄𝐾 𝑦 𝑄}B + (𝑄}B)o𝐾 𝑦 𝑄o 2 ⇐ max
k∈ ,” 𝜇ij$
𝑄𝐵𝑄}B + (𝑄}B)o𝐵𝑄o 2
𝑦B 𝑦D
𝜊 𝑦D, 𝑢 𝜊 𝑦B, 𝑢
𝑦B − 𝑦D ™𝑓QN
EMSOFT 2016 ⋅ Locally optimal reachability ⋅ Chuchu Fan ⋅ UIUC
OPT1: min 𝑑
𝑁𝐵 + 𝐵o𝑁 ≼ 2𝑑𝑁, ∀𝐵 ∈ (, 𝐾) 𝑁 ≻ 0
Gives smallest 𝑑 for any choice of M over D Not an ordinary SDP, infinite number of constraints!
19
𝑦B 𝑦D
𝜊 𝑦D, 𝑢 𝜊 𝑦B, 𝑢
𝑦B − 𝑦D ™𝑓QN
EMSOFT 2016 ⋅ Locally optimal reachability ⋅ Chuchu Fan ⋅ UIUC
20
(, 𝐾) = [∗,∗] ⋯ [∗,∗] ⋮ ⋱ ⋮ [∗,∗] ⋯ [∗,∗] = interval 𝐶, 𝐷 where 𝐶 = ∗ ⋯ ∗ ⋮ ⋱ ⋮ ∗ ⋯ ∗ , C = ∗ ⋯ ∗ ⋮ ⋱ ⋮ ∗ ⋯ ∗ For any interval matrix (, 𝐾)= interval 𝐶, 𝐷
, its
vertex matrices are:
𝒲 = 𝑊 ∈ ℝ-×- 𝑤•‚ = 𝑐•‚ ∨ 𝑤•‚ = 𝑑•‚}
OPT2: min 𝑑
∀𝑊 ∈ 𝒲, 𝑁𝑊 + 𝑊o𝑁 ≼ 2𝑑𝑁 𝑁 ≻ 0 Potentially 2-¢ of inequalities
OPT1: min 𝑑
𝑁𝐵 + 𝐵o𝑁 ≼ 2𝑑𝑁, ∀𝐵 ∈ (, 𝐾) 𝑁 ≻ 0
EMSOFT 2016 ⋅ Locally optimal reachability ⋅ Chuchu Fan ⋅ UIUC
21
For any interval matrix (, 𝐾)= interval 𝐶, 𝐷
,
its center matrix is CT , 𝐾
= ¤l¥
D
[∗,∗] ⋯ [∗,∗] ⋮ ⋱ ⋮ [∗,∗] ⋯ [∗,∗]
∗l∗ D
⋯
∗l∗ D
⋮ ⋱ ⋮
∗l∗ D
⋯
∗l∗ D
center matrix
Solve the optimization problem OPT3: min 𝑑’
𝑁CT , 𝐾 + CT , 𝐾
𝑁 ≻ 0
Compute error bound
𝜀 ≥ 𝐹o𝑁 + 𝑁𝐹 D, ∀𝐹 ∈ − CT() 𝑑 = 𝑑ª + 𝜀 𝜇«¬-(𝑁)
OPT1: min 𝑑
𝑁𝐵 + 𝐵o𝑁 ≼ 2𝑑𝑁, ∀𝐵 ∈ (, 𝐾) 𝑁 ≻ 0
Can be achieved conservatively in linear time
EMSOFT 2016 ⋅ Locally optimal reachability ⋅ Chuchu Fan ⋅ UIUC
̶ Compute error bound 𝜀 ≥ 𝐹o𝑁 + 𝑁𝐹 D, ∀𝐹 ∈ − CT() is equivalent to 𝜀 ≥ ℰ D, where ℰ = − CT
is also an interval matrix ̶ Interval matrix norm: = sup
k∈
𝐵 ̶ Theorem: for any interval matrix = interval 𝐶, 𝐷 , for 𝑞 = 1, ∞ ± =
¤l¥ D
+
¥}¤ D ±
22
EMSOFT 2016 ⋅ Locally optimal reachability ⋅ Chuchu Fan ⋅ UIUC
Upper-bounding with a single c for entire time horizon can be too conservative Compute piece-wise or local upper-bounds That is, M¬, 𝑑• for each time interval 𝑢•, 𝑢•lB in T
𝑦B ̇ = −𝑦D; 𝑦D ̇ = 𝑦B
D − 1 𝑦D + 𝑦B;
23
EMSOFT 2016 ⋅ Locally optimal reachability ⋅ Chuchu Fan ⋅ UIUC
𝑦/
upper-bounding matrix measure for all 𝑢 can be too conservative Compute piece-wise or local upper-bounds on the matrix measure Divide 0, 𝑈 into 𝑂 consecutive time intervals, and Compute exponent of discrepancy M¬, 𝑑• for each time interval 𝑢•, 𝑢•lB
24
𝜊 𝑦/, 𝑢
𝑢B 𝑢/ 𝑵𝟏, 𝒅𝟏 𝑢D 𝑵𝟐, 𝒅𝟐
EMSOFT 2016 ⋅ Locally optimal reachability ⋅ Chuchu Fan ⋅ UIUC
25
EMSOFT 2016 ⋅ Locally optimal reachability ⋅ Chuchu Fan ⋅ UIUC
𝑦B 𝑦D
𝜊 𝑦D, 𝑢 𝜊 𝑦B, 𝑢
Matrix perturbation theorem [Teschl, 99]: If 𝐵 and 𝐹 are 𝑜×𝑜 symmetric matrices, then
𝜇º 𝐵 + 𝐹 − 𝜇º 𝐵 ≤ 𝐹 D
Method [Fan 15]:
D, ∀𝑦 ∈
26
𝑒/
𝜈 𝐾 𝑦 ≤ 𝑑 min 𝑑
𝑁 ≻ 0 Let 𝑁 = 𝐽, 𝑑 can be computed without solving the optimization problem
EMSOFT 2016 ⋅ Locally optimal reachability ⋅ Chuchu Fan ⋅ UIUC
Methods Baseline algorithm Locally optimal algorithms Largest eigenvalue of center matrix and perturbation bound Vertex matrix Center matrix # optimization problems 1 convex problem with up to 2-¢ + 1 constraints 1 convex problem with up to 2 constraints Tightness of the discrepancy No local optimality guarantee Locally optimal Locally optimal for the center matrix
27
EMSOFT 2016 ⋅ Locally optimal reachability ⋅ Chuchu Fan ⋅ UIUC
0.1 1 10 100 1000 10000
Flow* Locally optimal Algorithm Baseline Algorithm Seconds
28
2 28 Dimension
EMSOFT 2016 ⋅ Locally optimal reachability ⋅ Chuchu Fan ⋅ UIUC
0.1 1 10 100 1000 10000 100000 1000000 10000000 100000000 1E+09 1E+10 0.1 100000000 1E+17 1E+26 1E+35 1E+44 1E+53 1E+62 Laub-Loomis Biology Model AS PolynomialHelicopter (L)
Flow* Locally optimal Algorithm Baseline Algorithm
29
EMSOFT 2016 ⋅ Locally optimal reachability ⋅ Chuchu Fan ⋅ UIUC
30
sx (blue): relative distance along road direction sy (green): relative distance
EMSOFT 2016 ⋅ Locally optimal reachability ⋅ Chuchu Fan ⋅ UIUC
31
EMSOFT 2016 ⋅ Locally optimal reachability ⋅ Chuchu Fan ⋅ UIUC
32
EMSOFT 2016 ⋅ Locally optimal reachability ⋅ Chuchu Fan ⋅ UIUC
Pictures links:
https://images.google.com/
References :
[Dahlquist 59] G. DAHLQUIST, Stability and error bounds in the numerical integrations of ordinary differential equations, Trans. Roy. Inst.
[Jin 16] Jin, Xiaoqing, et al. "Powertrain control verification benchmark." Proceedings of the 17th international conference on Hybrid systems: computation and control. ACM, 2014. [Sontag 10] E. D. Sontag, “Contractive systems with inputs,” in Perspectives in Mathematical System Theory, Control, and Signal Processing. Berlin, Germany: Springer-Verlag, 2010, pp. 217–228. [Fan 15 ] Fan, Chuchu, and Sayan Mitra. "Bounded verification with on-the-fly discrepancy computation." International Symposium on Automated Technology for Verification and Analysis. Springer International Publishing, 2015. [Fan 16] Fan, Chuchu, et al. "Automatic Reachability Analysis for Nonlinear Hybrid Models with C2E2." International Conference on Computer Aided Verification. Springer International Publishing, 2016.
33