Institute for Software Integrated Systems Vanderbilt University Reachability Analysis for High-Index Linear Differential Algebraic Equations (DAEs) https://github.com/verivital/daev/ 17 th International Conference on Formal Modeling and Analysis of Timed Systems (FORMATS’19), August 27, 2019 Hoang-Dung Tran, Luan Viet Nguyen, Nathaniel Hamilton, Weiming Xiang & Taylor T. Johnson VeriVITAL -The Verification and Validation for Intelligent and Trustworthy Autonomy Laboratory (http://www.verivital.com) Electrical Engineering and Computer Science (EECS)
Motivation: Mass Dampers 2 [Intro to Structural Motion Control, Connor 2003]
Motivation Index-2 semi-discretized Stoke System (fluids) Index-3 DAE system electrical generator (power) Index-2 interconnected rotating masses Index-3 damped mass-spring system (earthquake) (IRM) system (automotive) ▪ Most existing cyber-physical systems (CPS) verification techniques only focus on physical behaviors as ordinary differential equations (ODEs), or hybrid variants thereof (hybrid automata, etc.) ▪ Many CPS domains naturally model systems as DAEs instead of ODEs ▪ Mechatronics, robotics, electrical circuits, earthquake engineering, water distribution networks / fluid dynamics (certain problems), process/chemical engineering, … 3
DAE Modeling Intuition ▪ Consider an RLC (resistor, inductor, capacitor) circuit ▪ Kirchhoff's current law (KCL) and voltage law (KVL) => algebraic constraints + ODEs for transient behavior ▪ KCL: conservation of current: 𝑗 𝐹 = 𝑗 𝑆 = 𝑗 𝐷 = 𝑗 𝑀 ▪ KVL: conservation of energy: 𝑊 𝑆 + 𝑊 𝐷 + 𝑊 𝑀 + 𝑊 𝐹 = 0 ▪ Ohm’s laws: C ሶ 𝑊 𝐷 = 𝑗 𝑑 L ሶ 𝑊 𝑀 = 𝑗 𝑀 𝑊 𝑆 = 𝑆 𝑗 𝑆 4
ሶ ሶ DAE Modeling Intuition ▪ Replace equal currents ( 𝑗 𝑆 to 𝑗 𝐹 , 𝑗 𝐷 to 𝑗 𝑀 ), don’t have to, but reduces dimensionality for fewer state variables 1 𝑊 𝐷 = 𝐷 𝑗 𝑀 1 𝑊 𝑀 = 𝑀 𝑗 𝐹 0 = 𝑊 𝑆 + 𝑆𝑗 𝐹 0 = 𝑊 𝐹 + 𝑊 𝑆 + 𝑊 𝐷 + 𝑊 𝑀 𝑊 𝐷 (𝑢) 0 = 𝑗 𝑀 − 𝑗 𝐹 𝑊 𝑀 (𝑢) ▪ Now a DAE system with: 𝑊 𝑆 (𝑢) 𝑦 𝑢 = 𝑗 𝑀 (𝑢) 𝑗 𝐹 (𝑢) 5
ሶ ሶ DAE Modeling Intuition 1 𝑊 𝐷 = 𝐷 𝑗 𝑀 1 𝑊 𝑀 = 𝑀 𝑗 𝐹 ▪ Linear DAE system: 0 = 𝑊 𝑆 + 𝑆𝑗 𝐹 0 = 𝑊 𝐹 + 𝑊 𝑆 + 𝑊 𝐷 + 𝑊 𝑀 𝑒𝑦 1 0 = 𝑗 𝑀 − 𝑗 𝐹 𝑒𝑢 = ሶ 𝑦 = 𝐵𝑦 0 0 0 0 𝐷 1 0 = 𝐶𝑦 + 𝐸𝑨 0 0 0 0 𝐵 = 𝑀 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 𝑊 𝐷 (𝑢) 0 0 1 0 𝑆 0 𝑊 𝑀 (𝑢) 𝐶 = 𝑊 𝑆 (𝑢) 1 1 1 0 0 𝑦 𝑢 = 𝑨 𝑢 = 𝑊 𝐹 (𝑢) 𝐸 = 1 , 𝑗 𝑀 (𝑢) 0 0 0 1 −1 0 𝑗 𝐹 (𝑢) 6
Motivation Index-2 semi-discretized Stoke System (fluids) Index-3 DAE system electrical generator (power) Index-2 interconnected rotating masses Index-3 damped mass-spring system (earthquake) (IRM) system (automotive) ▪ Most existing cyber-physical systems (CPS) verification techniques only focus on ODE dynamics, or hybrid variants thereof (hybrid automata, etc.) ▪ Verifying DAE systems is more complex than ODE systems ▪ No existing works (to our knowledge) on verifying high-index (>1) DAEs ▪ Scalability: state- space explosion / “curse of dimensionality” ▪ How to verify safety of systems with DAE dynamics? 7
Linear DAE Systems Linear DAE System: 𝑭 ሶ 𝑦 𝒖 = 𝑩𝒚 𝒖 + 𝑪𝒗 𝒖 ▪ ▪ 𝑦 𝑢 ∈ R 𝑜 is the state vector ▪ 𝑣 𝑢 ∈ R 𝑛 is the s input vector ▪ 𝐹, 𝐵 ∈ R 𝑜×𝑜 and 𝐶 ∈ R 𝑜×𝑛 are the DAEs matrices, where 𝐹 is singular (non- invertible) ▪ Index of a DAE : typically (can depend on initial conditions) the minimum number of times to differentiate DAEs wrt 𝑢 to get ODEs (“ index reduction ”), where ODEs are called index-0, can typically evaluate rank(E) to check Example: Index-2 interconnected rotating masses (IRM) system ▪ Where 𝐾 1 = 1, 𝐾 2 = 2, 𝑁 2 𝑢 + 𝑁 3 𝑢 = 0, 𝑨 1 𝑢 = 𝑨 2 (𝑢) 8
Linear DAE Systems Index-2 interconnected rotating masses (IRM) system ▪ Reachable sets computed using daev: https://github.com/verivital/daev 9
ሶ ሶ Our Approach 1. Decoupling + Mar arz Dec ecoupli ling DAE AEs = ODEs ODE AC: : Alg Algebraic Con Const straints ts 𝐹 ሶ 𝑦 = 𝐵𝑦 + 𝐶𝑣 𝑦 1 = 𝑂 1 𝑦 1 + 𝐶𝑣 𝑦 𝑗 = 𝑂 𝑗 𝑦 𝑗 + 𝑁 𝑗 𝑣 2. Consistency Checking ▪ Define a consistent space for the initial state and input ▪ Guarantee a solution for the DAE system 3. Construct reachable set for the decoupled system ▪ Using Star-sets and Simulation 4. Construct reachable set for original DAE system 5. Perform safety verification & falsification using computed reachable set 10
ሶ ሶ Index-1 Decoupling Definition (Tractability index). Assume that the DAE system 𝐹 ሶ ▪ 𝑦 𝑢 = 𝐵𝑦 𝑢 + 𝐶𝑣(𝑢) is solvable , i.e., the matrix pair ( 𝐹, 𝐵 ) is regular . A matrix chain is defined by: 𝐹 0 = 𝐹, 𝐵 0 = 𝐵 2 = 𝑅 𝑘 , 𝑄 𝑘 , 𝑘 ≥ 0 , where 𝐹 𝐹 𝑘+1 = 𝐹 𝑘 − 𝐵 𝑘 𝑅 𝑘 , 𝐵 𝑘+1 = 𝐵 𝑘 𝑃 𝑘 𝑅 𝑘 = 0, 𝑅 𝑘 𝑘 = 𝐽 𝑜 − 𝑅 𝑘 Where ∃ index 𝜈 s.t. 𝐹 𝜈 is non-singular and ∀𝑘 ∈ 0, 𝜈 − 1 , 𝐹 𝑘 is singular 𝜈 is called the tractability index A matrix pair ( 𝐹, 𝐵 ) is regular if det 𝑡𝐹 − 𝐵 ≠ 0 Lemma 1 (Index-1 DAE decoupling). An index-1 DAE system can be ▪ decoupled using the matrix chain defined as follows: Δ 1 : 𝑦 1 𝑢 = 𝑂 1 𝑦 1 (𝑢) + 𝑁 1 𝑣(𝑢) , ODE subsystems Δ 2 : 𝑦 2 𝑢 = 𝑂 2 𝑦 1 (𝑢) + 𝑁 2 𝑣(𝑢) , AC subsystems 𝑦 𝑢 = 𝑦 1 𝑢 + 𝑦 2 (𝑢) −1 𝐵 0 , 𝑁 1 = 𝑄 0 𝐹 1 −1 𝐶 𝑦 1 𝑢 = 𝑄 0 𝑦 𝑢 , 𝑂 1 = 𝑄 0 𝐹 1 −1 𝐵 0 , 𝑁 2 = 𝑅 0 𝐹 1 −1 𝐶 𝑦 2 𝑢 = 𝑅 0 𝑦 𝑢 , 𝑂 2 = 𝑅 0 𝐹 1 11
ሶ ሶ ሶ Index-2 Decoupling Lemma 2 (Index-2 DAE decoupling). An index-2 DAE system can be ▪ decoupled using the matrix chain defined as follows: Δ 1 : 𝑦 1 𝑢 = 𝑂 1 𝑦 1 (𝑢) + 𝑁 1 𝑣(𝑢) , ODE subsystems Δ 2 : 𝑦 2 𝑢 = 𝑂 2 𝑦 1 (𝑢) + 𝑁 2 𝑣(𝑢) , AC subsystems 1 Δ 3 : 𝑦 3 𝑢 = 𝑂 3 𝑦 1 𝑢 + 𝑁 3 𝑣 𝑢 + 𝑀 3 ሶ 𝑦 2 𝑢 , AC subsystems 2 𝑦 𝑢 = 𝑦 1 𝑢 + 𝑦 2 𝑢 + 𝑦 3 𝑢 −1 𝐵 2 , 𝑁 1 = 𝑄 0 𝑄 −1 𝐶 𝑦 1 𝑢 = 𝑄 0 𝑄 1 𝑦 𝑢 , 𝑂 1 = 𝑄 0 𝑄 1 𝐹 2 1 𝐹 2 −1 𝐵 2 , 𝑁 2 = 𝑄 0 𝑅 1 𝐹 2 −1 𝐶 𝑦 2 𝑢 = 𝑄 0 𝑅 1 𝑦 𝑢 , 𝑂 2 = 𝑄 0 𝑅 1 𝐹 2 −1 𝐵 2 , 𝑁 3 = 𝑅 0 𝑄 −1 𝐶, 𝑀 3 = 𝑅 0 𝑅 1 𝑦 3 𝑢 = 𝑅 0 𝑦 𝑢 , 𝑂 3 = 𝑅 0 𝑄 1 𝐹 2 1 𝐹 2 ▪ Intuition: basically taking derivatives wrt 𝑢 of the algebraic constraint subsystems to get ODEs ▪ Scalability issue: increasing dimensionality, more state variables being introduced 12
ሶ ሶ ሶ ሶ Index-3 Decoupling Lemma 3 (Index-3 DAE decoupling). An index-3 DAE system can be ▪ decoupled using the matrix chain defined as follows: Δ 1 : 𝑦 1 𝑢 = 𝑂 1 𝑦 1 (𝑢) + 𝑁 1 𝑣(𝑢) , ODE subsystems Δ 2 : 𝑦 2 𝑢 = 𝑂 2 𝑦 1 (𝑢) + 𝑁 2 𝑣(𝑢) , AC subsystems 1 Δ 3 : 𝑦 3 𝑢 = 𝑂 3 𝑦 1 𝑢 + 𝑁 3 𝑣 𝑢 + 𝑀 3 ሶ 𝑦 2 𝑢 , AC subsystems 2 Δ 4 : 𝑦 4 𝑢 = 𝑂 4 𝑦 1 𝑢 + 𝑁 4 𝑣 𝑢 + 𝑀 4 ሶ 𝑦 3 𝑢 + 𝑎 4 ሶ 𝑦 2 𝑢 , AC subsystems 3 𝑦 𝑢 = 𝑦 1 𝑢 + 𝑦 2 𝑢 + 𝑦 3 𝑢 + 𝑦 4 𝑢 −1 𝐵 3 , 𝑁 1 = 𝑄 0 𝑄 −1 𝐶 𝑦 1 𝑢 = 𝑄 0 𝑄 1 𝑄 2 𝑦 𝑢 , 𝑂 1 = 𝑄 0 𝑄 1 𝑄 2 𝐹 3 1 𝑄 2 𝐹 3 −1 𝐵 3 , 𝑁 2 = 𝑄 0 𝑄 −1 𝐶 𝑦 2 𝑢 = 𝑄 0 𝑄 1 𝑅 2 𝑦 𝑢 , 𝑂 2 = 𝑄 0 𝑄 1 𝑅 2 𝐹 3 1 𝑅 2 𝐹 3 −1 𝐵 3 , 𝑁 3 = 𝑄 0 𝑅 1 𝑄 2 𝐹 3 −1 𝐶, 𝑀 3 = 𝑄 0 𝑅 1 𝑅 2 𝑦 3 𝑢 = 𝑄 0 𝑅 1 𝑦 𝑢 , 𝑂 3 = 𝑄 0 𝑅 1 𝑄 2 𝐹 3 −1 𝐵 3 , 𝑁 4 = 𝑅 0 𝑄 −1 𝐶, 𝑀 4 = 𝑅 0 𝑅 1 , 𝑎 4 = 𝑅 0 𝑄 𝑦 4 𝑢 = 𝑅 0 𝑦 𝑢 , 𝑂 3 = 𝑅 0 𝑄 1 𝑄 2 𝐹 3 1 𝑄 2 𝐹 3 1 𝑅 2 13
Admissible Projectors Why is it needed? ▪ 14
Example: Decoupling for IRM System Consistent initial set of states ▪ IRM can be decoupled into one ODE and two AC subsystems ▪ 15
ሶ Consistency Checking ▪ To guarantee a solution for the DAE system, the initial states and inputs must satisfy the following conditions Index-1 DAE: 𝑦 2 0 = 𝑂 2 𝑦 1 (0) + 𝑁 2 𝑣(0) Index-2 DAE: 𝑦 2 0 = 𝑂 2 𝑦 1 0 + 𝑁 2 𝑣 0 𝑦 3 0 = 𝑂 3 𝑦 1 0 + 𝑁 3 𝑣 0 + 𝑀 3 𝑦 2 0 Index-3 DAE: 𝑦 2 0 = 𝑂 2 𝑦 1 0 + 𝑁 2 𝑣 0 𝑦 3 0 = 𝑂 3 𝑦 1 0 + 𝑁 3 𝑣 0 + 𝑀 3 ሶ 𝑦 2 0 𝑦 4 0 = 𝑂 4 𝑦 1 0 + 𝑁 4 𝑣 0 + 𝑀 4 ሶ 𝑦 3 0 + 𝑎 4 ሶ 𝑦 2 0 ▪ Where input 𝑣(𝑢) is smooth such that: ሶ 𝑣 𝑢 = 𝐵 𝑣 𝑣 𝑢 , 𝑣 0 = 𝑣 0 ∈ U 0 ▪ 𝐵 𝑣 ∈ R 𝑛×𝑜 : user-defined input matrix ▪ 𝑉 0 : the set of initial inputs 16
Recommend
More recommend
