Models, Over-approximations and Robustness Eugenio Moggi DIBRIS, - PowerPoint PPT Presentation

Overview HS TTS Reach Robust End Bib HS Ex. Models, Over-approximations and Robustness Eugenio Moggi DIBRIS, Genova Univ. Rennes, 2020-05-14 E.Moggi Rennes, p. 1

Overview HS TTS Reach Robust End Bib HS Ex. Context 1 Systems : natural (Science) or man-made (Engineering) expensive to observe or design/build/test 2 Mathematical Models of Systems to predict the behavior of a system to analyze the model (of a system) before building the system 3 Computer-aided Analysis of Mathematical Models enabling technology to predict/test/verify models ✲ syntax/representation semantics/model ✲ Computer-aided Analysis Mathematical Models Languages for CPS ✲ describe models of CPS modeling language ML E.Moggi Rennes, p. 2

Overview HS TTS Reach Robust End Bib HS Ex. Different views of the Real numbers Maths: the usual real numbers x : R Physics: x ± ǫ with error ǫ > 0, or interval [ x l , x u ]: IR Computer Science: finite representation, eg floating-point (FP) number ˜ x : F finite approximation , eg FP interval [˜ x l , ˜ x u ]: IF � Cauchy seq. of rationals Q Computable/ metric space Approximable ≃ shrinking seq. of intervals IQ partial order ✲ R f R f continuous implies ∩ ∩ [ f ]( I ) ∆ = f ( I ) Scott continuous IR dcpo ( ≤ reverse incl.) ❄ ❄ induced Scott topology [ f ] ✲ IR IR E.Moggi Rennes, p. 3

Overview HS TTS Reach Robust End Bib HS Ex. Some Peculiarities of CPS (aka Hybrid Systems) Time T matters (in concurrency causal order suffices) State Space S uncountable , exact representation impossible Imprecisions/inaccuracies can be anywhere What can one do with computers? ✲ compute over-approximation of A ([ analysis of e : ML [ e ] ]) e model description [ [ e ] ] semantics (of e ) A analysis. E.Moggi Rennes, p. 4

Overview HS TTS Reach Robust End Bib HS Ex. Summary 1 Hybrid Sys. (HS [GST09]) vs Topological TS (TTS [Cui07]) 2 Safe Reachability and Closed Sets states reachable in finite time vs in finite steps, avoid hybrid time domains and hybrid arcs ([GST09] pag 39) asymptotically reachable states and safe over-approximations 3 Robustness of HS Analysis and Continuity robustness wrt over-approx. and Scott continuous maps, avoid notion of ( τ, ǫ )-close hybrid arcs ([GST09] pag 46) Study of Dynamical Systems via Domain Theory ([Eda95]) E.Moggi Rennes, p. 5

Overview HS TTS Reach Robust End Bib HS Ex. Hybrid Systems (HS) Definition (HS [GST09] pag 30) A hybrid system on a Banach space S [eg R n ] is H = ( F , G ) with F flow and G jump relation, ie F , G : Rel ( | S | , | S | ) ≃ Set ( | S | , P ( | S | )) Define new HS from a given HS H = ( F , G ) on S closure of H is HS H ⊆ c ( H ) = H ∆ = ( F , G ) on S ∆ = ( F ′ , G ′ ) on T × S st H with clock is HS t ( H ) F ′ = { (( t , s ) , (1 , v )) | t : T ∧ ( s , v ): F } G ′ = { (( t , s ) , ( t , s ′ )) | t : T ∧ ( s , s ′ ): G } E.Moggi Rennes, p. 6

Overview HS TTS Reach Robust End Bib HS Ex. Topological Transition Systems (TTS) Definition (TTS [Cui07]) Given a topological space S topological transition system = transition relation ✲ ⊆ | S × S | timed TTS = timed transition relation ✲ ⊆ | S × T + × S | , where T + = [0 , + ∞ ) ✲ induced by HS H = ( F , G ), s d ✲ s ′ ∆ TTTS ⇐ ⇒ H H jump d = 0 and s ′ ∈ G ( s ) or (cf. hybrid arc) flow d > 0 and ∃ h : Top ([0 , d ] , S ) st s = h (0), s ′ = h ( d ) and ∀ t : (0 , d ) . ˙ h ( t ) ∈ F ( h ( t )) with ˙ h : Top ((0 , d ) , S ) ✲ s ′ d ✲ s ′ , ie forget time from TTTS ∆ TTS s ⇐ ⇒∃ d . s E.Moggi Rennes, p. 7

Overview HS TTS Reach Robust End Bib HS Ex. Complete lattices and Monotonic maps [CC92] The poset-enriched category Po obj X : Po complete lattice, ie poset st any S ⊆ | X | has a sup ⊔ S arr f : Po ( X , Y ) monotonic, and ≤ pointwise order on Po ( X , Y ) as setting for approximations (abstr. inter.) and reachability maps. Given a topological space S , define the complete lattices P ( S ) = subsets of S ordered by reverse inclusion ⊑ , ie smaller is better, sups are given by intersection ✛ C ( S ) = closed subsets of S ordered by ⊑ , C ( S ) ✲ P ( S ) ⊤ ⊂ = P ( S 2 ) 2 ∼ H ( S ) ∆ = P (2 × S 2 ), ie complete lattice of HS on S H c ( S ) ∆ = C ( S 2 ) 2 , ie complete lattice of closed HS on S ✲ H c ( S ) ✲ H ( T × S ) c : H ( S ) t : H ( S ) E.Moggi Rennes, p. 8

Overview HS TTS Reach Robust End Bib HS Ex. Naive vs Safe Reachability Define S: Po ( H ( S ) , P ( S )) and T , Rf: Po ( H ( S ) × P ( S ) , P ( S )) S( F , G ) = { s |∃ s ′ . sGs ′ ∨ s ′ Gs ∨ sFs ′ } , the support of ( F , G ) ✲ s ′ } , ie states reachable in one transition T( H , S ) = { s ′ | s H Rf( H , I ) = smallest S : P ( S ) st I ⊆ S and T( H , S ) ⊆ S , ie states reachable from I in finitely many transitions Theorem S( H ) ⊆ S( H ) ⊆ C ∆ = S( H ) = S( H ) and I ⊆ C = ⇒ Rf( H , I ) ⊆ C Problem (under-approximation) Rf( H , I ) ⊂ state reachable from I in finite time, eg Zeno HS H B E.Moggi Rennes, p. 9

Overview HS TTS Reach Robust End Bib HS Ex. Naive vs Safe Reachability Define S: Po ( H ( S ) , P ( S )) and T , Rf: Po ( H ( S ) × P ( S ) , P ( S )) S( F , G ) = { s |∃ s ′ . sGs ′ ∨ s ′ Gs ∨ sFs ′ } , the support of ( F , G ) ✲ s ′ } , ie states reachable in one transition T( H , S ) = { s ′ | s H Rf( H , I ) = smallest S : P ( S ) st I ⊆ S and T( H , S ) ⊆ S , ie states reachable from I in finitely many transitions Due to imprecision a set S is indistinguishable from its closure S Define Rs: Po ( H ( S ) × P ( S ) , C ( S )) Rs( H , I ) = smallest C : C ( S ) st I ⊆ C an T( H , C ) ⊆ C , ie safe approximation of states reachable from I in finite time Theorem Rf( H , I ) ⊆ Rs( H , I ) = Rs( H , I ) ⊆ Rs( H , I ) and ⇒ Rs( H , I ) ⊆ C where C ∆ I ⊆ C = = S( H ) E.Moggi Rennes, p. 10

Overview HS TTS Reach Robust End Bib HS Ex. Naive vs Safe Reachability Define S: Po ( H ( S ) , P ( S )) and T , Rf: Po ( H ( S ) × P ( S ) , P ( S )) S( F , G ) = { s |∃ s ′ . sGs ′ ∨ s ′ Gs ∨ sFs ′ } , the support of ( F , G ) ✲ s ′ } , ie states reachable in one transition T( H , S ) = { s ′ | s H Rf( H , I ) = smallest S : P ( S ) st I ⊆ S and T( H , S ) ⊆ S , ie states reachable from I in finitely many transitions Define Rs: Po ( H ( S ) × P ( S ) , C ( S )) Rs( H , I ) = smallest C : C ( S ) st I ⊆ C an T( H , C ) ⊆ C , ie safe approximation of states reachable from I in finite time Problem (over-approximation) Rs( H , I ) ⊃ state reachable from I in finite time, for a HS H D E.Moggi Rennes, p. 11

Overview HS TTS Reach Robust End Bib HS Ex. Robustness and Scott Continuity Let S 1 and S 2 be metric spaces Definition (Robustness) ∆ A : Po ( C ( S 1 ) , C ( S 2 )) robust ⇐ ⇒∀ X . ∀ ǫ > 0 . ∃ δ > 0 . A ( X δ ) ⊆ A ( X ) ǫ ∆ where X δ = { y |∃ x : X . d i ( x , y ) < δ } : C ( S i ) δ -fattening of X : C ( S i ). R The HS H δσ ([GST09] pag 49) is like a fattening of H . Q Robustness rely on a quantitative notion, the metric d , can one replace d with a qualitative notion? A Robustness amounts to continuity wrt a topology on C ( S ) between the Scott topology and Upper Vietoris topology! E.Moggi Rennes, p. 12

Overview HS TTS Reach Robust End Bib HS Ex. Robustness and Scott Continuity Let S 1 and S 2 be metric spaces Definition (Robustness) ∆ A : Po ( C ( S 1 ) , C ( S 2 )) robust ⇐ ⇒∀ X . ∀ ǫ > 0 . ∃ δ > 0 . A ( X δ ) ⊆ A ( X ) ǫ ∆ where X δ = { y |∃ x : X . d i ( x , y ) < δ } : C ( S i ) δ -fattening of X : C ( S i ). Theorem ([Eda95] Prop 3.2 & 3.3) If S i are compact (metric spaces) and A : Po ( C ( S 1 ) , C ( S 2 )) , then Upper Vietoris top. = Scott top., and thus A robust ⇐ ⇒ A Scott continuous C ( S i ) are ω -continuous lattices bounded & closed = ⇒ compact, only in finite dim. Banach spaces E.Moggi Rennes, p. 13

Overview HS TTS Reach Robust End Bib HS Ex. Complete lattices and Scott continuous maps The poset-enriched sub-category Cpo of Po obj X : Cpo complete lattice arr f : Cpo ( X , Y ) Scott continuous , ie f monotonic and f ( ⊔ D ) = ⊔ f ( D ) whenever D ⊆ | X | directed X finite lattice = ⇒ Cpo ( X , Y ) = Po ( X , Y ). Theorem (BCA) Cpo ( X , Y ) ⊂ ✲ Po ( X , Y ) preserves sups, and its right-adjoint gives the best cont. approx. f � : Cpo ( X , Y ) of f : Po ( X , Y ) . If robustness=Scott continuity, f � gives best robust approx. If f : Po ( X , Y ) & g : Po ( Y , Z ), then g � ◦ f � ≤ ( g ◦ f ) � E.Moggi Rennes, p. 14

Overview HS TTS Reach Robust End Bib HS Ex. Robustness of Safe Reachability Let H 0 : H c ( S ) compact, also S 0 = S( H 0 ): C ( S ) is compact H ( H 0 ) complete lattice of HS included in H 0 C ( S 0 ) continuous lattice of compact subsets included in S 0 H c ( H 0 ) continuous lattice of compact HS included in H 0 S 0 and H 0 as hard constrains on non-determinism If H : H ( H 0 ), then H ⊆ H : H c ( H 0 ) and Rs( H , − ): Po ( C ( S ) , C ( S )) restricts to Rs H : Po ( C ( S 0 ) , C ( S 0 )) Rs � H : Cpo ( C ( S 0 ) , C ( S 0 )) robust wrt I : C ( S 0 ) (but not wrt H ) Inclusions: Rs H ( I ) ⊆ Rs � H ( I ). E.Moggi Rennes, p. 15