Modeling and Analysis of Hybrid Systems Erika brahm RWTH Aachen - - PowerPoint PPT Presentation

Modeling and Analysis of Hybrid Systems

Erika Ábrahám

RWTH Aachen University, Germany

Beijing, September 2013

Contents

1 Modeling 2 Reachability analysis 3 Counterexample generation

Erika Ábrahám - Modeling and Analysis of Hybrid Systems 1 / 28

Contents

1 Modeling 2 Reachability analysis 3 Counterexample generation

Erika Ábrahám - Modeling and Analysis of Hybrid Systems 2 / 28

Modeling with hybrid automata

Thermostat example

ℓon ˙ x = K(h − x) x ≤ 23 ℓoff ˙ x = −Kx x ≥ 17 x = 20 x ≥ 22 x ≤ 18

Erika Ábrahám - Modeling and Analysis of Hybrid Systems 3 / 28

Some interesting subclasses of hybrid automata

subclass derivatives conditions bounded unbounded reachability reachability timed automata ˙ x = 1 x ∼ c decidable decidable initialized ˙ x ∈ [c1, c2] x ∼ [c1, c2] decidable decidable rectangular automata reset by derivative change linear hybrid automata I ˙ x = c x ∼ glinear( x) decidable undecidable linear hybrid automata II ˙ x = flinear( x) x ∼ glinear( x) undecidable undecidable general hybrid automata ˙ x = f( x) x ∼ g( x) undecidable undecidable [Henzinger et al., 1998]

Erika Ábrahám - Modeling and Analysis of Hybrid Systems 4 / 28

Contents

1 Modeling 2 Reachability analysis 3 Counterexample generation

Erika Ábrahám - Modeling and Analysis of Hybrid Systems 5 / 28

Some tools

Uppaal [Behrmann et al., 2004] HyTech [Henzinger et al., 1997] PHAVer [Frehse, 2005] SpaceEx [Frehse et al., 2011] d/dt [Asarin et al., 2002] Ellipsoidal toolbox [Kurzhanski et al., 2006] MATISSE [Girard et al., 2007] Multi-Parametric Toolbox [Kvasnica et al., 2004] Flow∗ [Chen et al., 2012]

Erika Ábrahám - Modeling and Analysis of Hybrid Systems 6 / 28

The two most popular techniques for reachability analysis

Given: hybrid automaton + set of unsafe states Abstraction Iterative forward/backward search

Erika Ábrahám - Modeling and Analysis of Hybrid Systems 7 / 28

Iterative forward search

Erika Ábrahám - Modeling and Analysis of Hybrid Systems 8 / 28

Iterative forward search

We need a (possibly over-approximative) state set representation and

• perations on them like intersection, union, linear transformation and

Minkowski sum.

Erika Ábrahám - Modeling and Analysis of Hybrid Systems 8 / 28

Iterative forward search

We need a (possibly over-approximative) state set representation and

• perations on them like intersection, union, linear transformation and

Minkowski sum. The representation is crucial for the representation size, efficiency and accuracy.

Erika Ábrahám - Modeling and Analysis of Hybrid Systems 8 / 28

Iterative forward search

We need a (possibly over-approximative) state set representation and

• perations on them like intersection, union, linear transformation and

Minkowski sum. The representation is crucial for the representation size, efficiency and accuracy.

Erika Ábrahám - Modeling and Analysis of Hybrid Systems 8 / 28

Minkowski sum

x1 x2 1 2 3 1 2 3 P

⊕

x1 x2 1 2 3 1 2 3 Q

=

x1 x2 1 2 3 1 2 3 P ⊕ Q

P ⊕ Q = {p + q | p ∈ P and q ∈ Q}

Erika Ábrahám - Modeling and Analysis of Hybrid Systems 9 / 28

Most well-known state set representations

Geometric objects: hyperrectangles [Moore et al., 2009]

• riented rectangular hulls [Stursberg et al., 2003]

convex polyhedra [Ziegler, 1995] [Chen at el, 2011]

• rthogonal polyhedra [Bournez et al., 1999]

template polyhedra [Sankaranarayanan et al., 2008] ellipsoids [Kurzhanski et al., 2000] zonotopes [Girard, 2005]) Other symbolic representations: support functions [Le Guernic et al., 2009] Taylor models [Berz and Makino, 1998, 2009] [Chen et al., 2012]

Erika Ábrahám - Modeling and Analysis of Hybrid Systems 10 / 28

Example: Polytopes

Erika Ábrahám - Modeling and Analysis of Hybrid Systems 11 / 28

Example: Polytopes

Halfspace: set of points satisfying l · x ≤ z

Erika Ábrahám - Modeling and Analysis of Hybrid Systems 11 / 28

Example: Polytopes

Halfspace: set of points satisfying l · x ≤ z

l1 Erika Ábrahám - Modeling and Analysis of Hybrid Systems 11 / 28

Example: Polytopes

Halfspace: set of points satisfying l · x ≤ z Polyhedron: an intersection of finitely many halfspaces

l1 Erika Ábrahám - Modeling and Analysis of Hybrid Systems 11 / 28

Example: Polytopes

Halfspace: set of points satisfying l · x ≤ z Polyhedron: an intersection of finitely many halfspaces

l1 l2 l3 Erika Ábrahám - Modeling and Analysis of Hybrid Systems 11 / 28

Example: Polytopes

Halfspace: set of points satisfying l · x ≤ z Polyhedron: an intersection of finitely many halfspaces Polytope: a bounded polyhedron

l1 l2 l3 Erika Ábrahám - Modeling and Analysis of Hybrid Systems 11 / 28

Example: Polytopes

Halfspace: set of points satisfying l · x ≤ z Polyhedron: an intersection of finitely many halfspaces Polytope: a bounded polyhedron

l1 l2 l3 l4 Erika Ábrahám - Modeling and Analysis of Hybrid Systems 11 / 28

Example: Polytopes

Halfspace: set of points satisfying l · x ≤ z Polyhedron: an intersection of finitely many halfspaces Polytope: a bounded polyhedron

Erika Ábrahám - Modeling and Analysis of Hybrid Systems 11 / 28

Example: Polytopes

Halfspace: set of points satisfying l · x ≤ z Polyhedron: an intersection of finitely many halfspaces Polytope: a bounded polyhedron representation union intersection Minkowski sum V-representation by vertices easy hard easy H-representation by facets hard easy hard

Erika Ábrahám - Modeling and Analysis of Hybrid Systems 11 / 28

Linear hybrid automata I: Time evolution

Erika Ábrahám - Modeling and Analysis of Hybrid Systems 12 / 28

Linear hybrid automata I: Time evolution

x1 x2 P

Erika Ábrahám - Modeling and Analysis of Hybrid Systems 12 / 28

Linear hybrid automata I: Time evolution

x1 x2 P ˙ x1 ˙ x2 Q

Erika Ábrahám - Modeling and Analysis of Hybrid Systems 12 / 28

Linear hybrid automata I: Time evolution

x1 x2 P ˙ x1 ˙ x2 cone(Q)

Erika Ábrahám - Modeling and Analysis of Hybrid Systems 12 / 28

Linear hybrid automata I: Time evolution

x1 x2 P ˙ x1 ˙ x2 cone(Q)

Erika Ábrahám - Modeling and Analysis of Hybrid Systems 12 / 28

Linear hybrid automata I: Time evolution

x1 x2 P ˙ x1 ˙ x2 cone(Q) x1 x2

Erika Ábrahám - Modeling and Analysis of Hybrid Systems 12 / 28

Linear hybrid automata I: Time evolution

x1 x2 P ˙ x1 ˙ x2 cone(Q) x1 x2 P ⊕ cone(Q)

Erika Ábrahám - Modeling and Analysis of Hybrid Systems 12 / 28

Linear hybrid automata I: Time evolution

x1 x2 P ˙ x1 ˙ x2 cone(Q) x1 x2 P ⊕ cone(Q)

Erika Ábrahám - Modeling and Analysis of Hybrid Systems 12 / 28

Linear hybrid automata I: Time evolution

x1 x2 P ˙ x1 ˙ x2 cone(Q) x1 x2 P ⊕ cone(Q)

Erika Ábrahám - Modeling and Analysis of Hybrid Systems 12 / 28

Linear hybrid automata I: Time evolution

x1 x2 P ˙ x1 ˙ x2 cone(Q) x1 x2 P ⊕ cone(Q)

Erika Ábrahám - Modeling and Analysis of Hybrid Systems 12 / 28

Linear hybrid automata I: Time evolution

x1 x2 P ˙ x1 ˙ x2 cone(Q) x1 x2 (P ⊕ cone(Q)) ∩ Inv(ℓ)

Erika Ábrahám - Modeling and Analysis of Hybrid Systems 12 / 28

Linear hybrid automata I: Discrete steps (jumps)

ℓ x1 x2

Erika Ábrahám - Modeling and Analysis of Hybrid Systems 13 / 28

Linear hybrid automata I: Discrete steps (jumps)

ℓ x1 x2 5 4

Erika Ábrahám - Modeling and Analysis of Hybrid Systems 13 / 28

Linear hybrid automata I: Discrete steps (jumps)

ℓ x1 x2 5 4 ℓ′ x1 x2

Erika Ábrahám - Modeling and Analysis of Hybrid Systems 13 / 28

Linear hybrid automata I: Discrete steps (jumps)

ℓ x1 x2 5 4 ℓ′ x1 x2

Erika Ábrahám - Modeling and Analysis of Hybrid Systems 13 / 28

Linear hybrid automata I: Discrete steps (jumps)

ℓ x1 x2 5 4 ℓ′ x1 x2 2 4

Erika Ábrahám - Modeling and Analysis of Hybrid Systems 13 / 28

Linear hybrid automata I: Discrete steps (jumps)

ℓ x1 x2 5 4 ℓ′ x1 x2 2 4

Erika Ábrahám - Modeling and Analysis of Hybrid Systems 13 / 28

Linear hybrid automata I: Discrete steps (jumps)

ℓ x1 x2 5 4 ℓ′ x1 x2 2 4 Computed via projection and Minkowski sum.

Erika Ábrahám - Modeling and Analysis of Hybrid Systems 13 / 28

Linear hybrid automata II: Time evolution

Erika Ábrahám - Modeling and Analysis of Hybrid Systems 14 / 28

Linear hybrid automata II: Time evolution

Assume ˙ x = Ax + Bu

Erika Ábrahám - Modeling and Analysis of Hybrid Systems 14 / 28

Linear hybrid automata II: Time evolution

Assume ˙ x = Ax + Bu

R[0,δ] R[δ,2δ] R[2δ,3δ]

Erika Ábrahám - Modeling and Analysis of Hybrid Systems 14 / 28

Linear hybrid automata II: Time evolution

Assume ˙ x = Ax + Bu Compute Ω0, Ω1, . . . such that R[iδ,(i+1)δ] ⊆ Ωi

R[0,δ] R[δ,2δ] R[2δ,3δ] Ω0 Ω1 Ω2

Erika Ábrahám - Modeling and Analysis of Hybrid Systems 14 / 28

Linear hybrid automata II: Time evolution

Assume ˙ x = Ax + Bu Compute Ω0, Ω1, . . . such that R[iδ,(i+1)δ] ⊆ Ωi

The first flowpipe segment:

Erika Ábrahám - Modeling and Analysis of Hybrid Systems 14 / 28

Linear hybrid automata II: Time evolution

Assume ˙ x = Ax + Bu Compute Ω0, Ω1, . . . such that R[iδ,(i+1)δ] ⊆ Ωi

The first flowpipe segment:

Erika Ábrahám - Modeling and Analysis of Hybrid Systems 14 / 28

Linear hybrid automata II: Time evolution

Assume ˙ x = Ax + Bu Compute Ω0, Ω1, . . . such that R[iδ,(i+1)δ] ⊆ Ωi

The first flowpipe segment: t δ 2δ

V0

Erika Ábrahám - Modeling and Analysis of Hybrid Systems 14 / 28

Linear hybrid automata II: Time evolution

Assume ˙ x = Ax + Bu Compute Ω0, Ω1, . . . such that R[iδ,(i+1)δ] ⊆ Ωi

The first flowpipe segment: t δ 2δ

V0 eAδV0

Erika Ábrahám - Modeling and Analysis of Hybrid Systems 14 / 28

Linear hybrid automata II: Time evolution

Assume ˙ x = Ax + Bu Compute Ω0, Ω1, . . . such that R[iδ,(i+1)δ] ⊆ Ωi

The first flowpipe segment: t δ 2δ

V0 eAδV0

Erika Ábrahám - Modeling and Analysis of Hybrid Systems 14 / 28

Linear hybrid automata II: Time evolution

Assume ˙ x = Ax + Bu Compute Ω0, Ω1, . . . such that R[iδ,(i+1)δ] ⊆ Ωi

The first flowpipe segment: t δ 2δ

V0 eAδV0

Erika Ábrahám - Modeling and Analysis of Hybrid Systems 14 / 28

Linear hybrid automata II: Time evolution

Assume ˙ x = Ax + Bu Compute Ω0, Ω1, . . . such that R[iδ,(i+1)δ] ⊆ Ωi

The first flowpipe segment: t δ 2δ

V0 eAδV0

Erika Ábrahám - Modeling and Analysis of Hybrid Systems 14 / 28

Linear hybrid automata II: Time evolution

Assume ˙ x = Ax + Bu Compute Ω0, Ω1, . . . such that R[iδ,(i+1)δ] ⊆ Ωi

The first flowpipe segment: t δ 2δ

V0 eAδV0

Erika Ábrahám - Modeling and Analysis of Hybrid Systems 14 / 28

Linear hybrid automata II: Time evolution

Assume ˙ x = Ax + Bu Compute Ω0, Ω1, . . . such that R[iδ,(i+1)δ] ⊆ Ωi

The first flowpipe segment: t δ 2δ

V0 eAδV0

Erika Ábrahám - Modeling and Analysis of Hybrid Systems 14 / 28

Linear hybrid automata II: Time evolution

Assume ˙ x = Ax + Bu Compute Ω0, Ω1, . . . such that R[iδ,(i+1)δ] ⊆ Ωi

The first flowpipe segment: t δ 2δ

V0 eAδV0

Erika Ábrahám - Modeling and Analysis of Hybrid Systems 14 / 28

Linear hybrid automata II: Time evolution

Assume ˙ x = Ax + Bu Compute Ω0, Ω1, . . . such that R[iδ,(i+1)δ] ⊆ Ωi

The first flowpipe segment: t δ 2δ

V0 eAδV0

Erika Ábrahám - Modeling and Analysis of Hybrid Systems 14 / 28

Linear hybrid automata II: Time evolution

Assume ˙ x = Ax + Bu Compute Ω0, Ω1, . . . such that R[iδ,(i+1)δ] ⊆ Ωi

The first flowpipe segment: t δ 2δ

V0 eAδV0

Ω0

Erika Ábrahám - Modeling and Analysis of Hybrid Systems 14 / 28

Linear hybrid automata II: Time evolution

Assume ˙ x = Ax + Bu Compute Ω0, Ω1, . . . such that R[iδ,(i+1)δ] ⊆ Ωi

The first flowpipe segment: t δ 2δ

Ω0

Erika Ábrahám - Modeling and Analysis of Hybrid Systems 14 / 28

Linear hybrid automata II: Time evolution

Assume ˙ x = Ax + Bu Compute Ω0, Ω1, . . . such that R[iδ,(i+1)δ] ⊆ Ωi

The first flowpipe segment: The remaining ones: t δ 2δ

Ω0

Erika Ábrahám - Modeling and Analysis of Hybrid Systems 14 / 28

Linear hybrid automata II: Time evolution

Assume ˙ x = Ax + Bu Compute Ω0, Ω1, . . . such that R[iδ,(i+1)δ] ⊆ Ωi

The first flowpipe segment: The remaining ones: t δ 2δ

Ω0 eAδΩ0

Erika Ábrahám - Modeling and Analysis of Hybrid Systems 14 / 28

Linear hybrid automata II: Time evolution

Assume ˙ x = Ax + Bu Compute Ω0, Ω1, . . . such that R[iδ,(i+1)δ] ⊆ Ωi

The first flowpipe segment: The remaining ones: t δ 2δ

Ω0 eAδΩ0

Erika Ábrahám - Modeling and Analysis of Hybrid Systems 14 / 28

Linear hybrid automata II: Time evolution

Assume ˙ x = Ax + Bu Compute Ω0, Ω1, . . . such that R[iδ,(i+1)δ] ⊆ Ωi

The first flowpipe segment: The remaining ones: t δ 2δ

Ω0 eAδΩ0

Erika Ábrahám - Modeling and Analysis of Hybrid Systems 14 / 28

Linear hybrid automata II: Time evolution

Assume ˙ x = Ax + Bu Compute Ω0, Ω1, . . . such that R[iδ,(i+1)δ] ⊆ Ωi

The first flowpipe segment: The remaining ones: t δ 2δ

Ω0

Erika Ábrahám - Modeling and Analysis of Hybrid Systems 14 / 28

Linear hybrid automata II: Time evolution

Assume ˙ x = Ax + Bu Compute Ω0, Ω1, . . . such that R[iδ,(i+1)δ] ⊆ Ωi

The first flowpipe segment: The remaining ones: t δ 2δ

Ω0 eAδΩ0 ⊕ V

Erika Ábrahám - Modeling and Analysis of Hybrid Systems 14 / 28

Linear hybrid automata II: Discrete steps (jumps)

Ω0 Ω1 Ω2 Ω3

Erika Ábrahám - Modeling and Analysis of Hybrid Systems 15 / 28

Linear hybrid automata II: Discrete steps (jumps)

Ω0 Ω1 Ω2 Ω3

Erika Ábrahám - Modeling and Analysis of Hybrid Systems 15 / 28

Linear hybrid automata II: Discrete steps (jumps)

Ω0 Ω1 Ω2 Ω3

Erika Ábrahám - Modeling and Analysis of Hybrid Systems 15 / 28

Linear hybrid automata II: Discrete steps (jumps)

Ω′

1

Ω′

2

Ω′

3

Erika Ábrahám - Modeling and Analysis of Hybrid Systems 15 / 28

Linear hybrid automata II: Discrete steps (jumps)

Π1 Π2 Π3 Ω′

1

Ω′

2

Ω′

3

Erika Ábrahám - Modeling and Analysis of Hybrid Systems 15 / 28

Linear hybrid automata II: Discrete steps (jumps)

Π1 Π2 Π3 Ω′

1

Ω′

2

Ω′

3

V1

Erika Ábrahám - Modeling and Analysis of Hybrid Systems 15 / 28

Linear hybrid automata II: The global picture

Erika Ábrahám - Modeling and Analysis of Hybrid Systems 16 / 28

Linear hybrid automata II: The global picture

Erika Ábrahám - Modeling and Analysis of Hybrid Systems 16 / 28

Linear hybrid automata II: The global picture

Erika Ábrahám - Modeling and Analysis of Hybrid Systems 16 / 28

Linear hybrid automata II: The global picture

Erika Ábrahám - Modeling and Analysis of Hybrid Systems 16 / 28

Linear hybrid automata II: The global picture

Erika Ábrahám - Modeling and Analysis of Hybrid Systems 16 / 28

Linear hybrid automata II: The global picture

Erika Ábrahám - Modeling and Analysis of Hybrid Systems 16 / 28

Linear hybrid automata II: The global picture

Erika Ábrahám - Modeling and Analysis of Hybrid Systems 16 / 28

Our contribution: Taylor model representation of state sets

Erika Ábrahám - Modeling and Analysis of Hybrid Systems 17 / 28

Fetch the tool

http://systems.cs.colorado.edu/research/cyberphysical/taylormodels/

Erika Ábrahám - Modeling and Analysis of Hybrid Systems 18 / 28

Contents

1 Modeling 2 Reachability analysis 3 Counterexample generation

Erika Ábrahám - Modeling and Analysis of Hybrid Systems 19 / 28

Counterexamples for hybrid automata

Only a few approaches are available, mostly for rectangular automata Possible techniques?

Erika Ábrahám - Modeling and Analysis of Hybrid Systems 20 / 28

Simulation-based approach

Identify timed traces as possible counterexamples l0

[t0,t′

0],e0

− → l1

[t1,t′

1],e1

− → . . . Validate them using simulation

Erika Ábrahám - Modeling and Analysis of Hybrid Systems 21 / 28

Extracting the path length

• n

. . . ∧ ˙ tr=0 t≤22

• ff

. . . ∧ ˙ tr=0 t≥18 t≥21 ∧ tr ≤maxtr−1 ∧ tr′=tr+1 t≤19 ∧ tr ≤maxtr−1 ∧ tr′=tr+1 t=20∧ tr=0

• n

. . . ∧ ˙ tr=0 t≤22 ∧ tr ≤maxtr

• ff

. . . ∧ ˙ tr=0 t≥18 ∧ tr ≤maxtr t≥21 ∧ tr′=tr+1 t≤19 ∧ tr′=tr+1 t=20∧ tr=0 Erika Ábrahám - Modeling and Analysis of Hybrid Systems 22 / 28

Naive trace encoding

• n0

. . . ∧

i∈{1,2,3} ˙

tri = 0 t ≤ 22

• ff1

. . . ∧

i∈{1,2,3} ˙

tri = 0 t ≥ 18

• n2

. . . ∧

i∈{1,2,3} ˙

tri = 0 t ≤ 22

• ff3

. . . ∧

i∈{1,2,3} ˙

tri = 0 t ≥ 18 t ≥ 21 ∧ tr′

1 = 0

t ≤ 1 9 ∧ t r

′ 2

= 1 t ≥ 21 ∧ tr′

3 = 0

t = 20

Erika Ábrahám - Modeling and Analysis of Hybrid Systems 23 / 28

Getting time information

• n0

t ≤ 22 ˙ t = 1 ∧ ˙ timer = 1∧

• i∈{1,...,3}

˙ tstampi = 0

• ff1

t ≥ 18 ˙ t = 1 ∧ ˙ timer = 1∧

• i∈{1,...,3}

˙ tstampi = 0

• n2

t ≤ 22 ˙ t = 1 ∧ ˙ timer = 1∧

• i∈{1,...,3}

˙ tstampi = 0

• ff3

t ≥ 18 ˙ t = 1 ∧ ˙ timer = 1∧

• i∈{1,...,n}

˙ tstampi = 0 t ≥ 21 ∧ tstamp′

1 = timer

∧timer′ = 0 t ≤ 1 9 ∧ t s t a m p′

2 = timer

∧ t i m e r′ = t ≥ 21 ∧ tstamp′

3 = timer

∧timer′ = 0 t = 20 ∧ timer = 0∧

• i∈{1,...,n} tstampi = 0

Erika Ábrahám - Modeling and Analysis of Hybrid Systems 24 / 28

The search tree

(l0, P0) 3 (l1, P1) 3 (l2, P2) 2 (l4, P4) 0 (l3, P3) 0 (l5, P5) 1 (l6, P6) 0 (l7, P7) 0

Erika Ábrahám - Modeling and Analysis of Hybrid Systems 25 / 28

Simulation-based validation

Domain contraction Linear ODEs: time successor computations closed to exact Non-liner ODEs: numerical methods Problems: invariants, hit equality guards Search heuristics Validity metrics

100 200 300 400 500 600 700 800 900 1000 10 20 30 40 50 60 70 80 Temperatures of Coffee and Room

Time (s) Temperature (C)

Coffee - Exact Room - Exact Coffee - Euler Room - Euler Coffee - RK2 Room - RK2 Coffee - RK4 Room - RK4

100 200 300 400 500 600 700 800 900 1000 0.02 0.04 0.06 0.08 0.1 0.12 0.14

Approximation Error of Temperatures Time (s) Relative Approximation Error (%)

Coffee - Euler Room - Euler Coffee - RK2 Room - RK2 Coffee - RK4 Room - RK4

Euler RK2, RK4 Coffee Room Coffee, Room Euler RK2, RK4 Exact RK2, RK4 Euler Exact Coffee Room

Erika Ábrahám - Modeling and Analysis of Hybrid Systems 26 / 28

Under-approximative reachability analysis

Erika Ábrahám - Modeling and Analysis of Hybrid Systems 27 / 28

Provably correct counterexamples using Ariadne

Erika Ábrahám - Modeling and Analysis of Hybrid Systems 28 / 28