Safety Analysis of Hybrid Systems with SpaceEx Goran Frehse, - PowerPoint PPT Presentation

Safety Analysis of Hybrid Systems with SpaceEx Goran Frehse, Alexandre Donzé, Scott Cotton, Rajarshi Ray, Olivier Lebeltel, Manish Goyal, Rodolfo Ripado, Thao Dang, Oded Maler Université Grenoble 1 Joseph Fourier / CNRS – Verimag, France Colas Le Guernic New York University CIMS Antoine Girard Laboratoire Jean Kuntzmann, France CMACS Seminar, Pittsburgh, PA, July 20, 2011 1

Outline SpaceEx Verification Platform SpaceEx Reachability Algorithm – Time Elapse Computation with Support Functions – Transition Successors Mixing Support Functions and Polyhedra – Fixpoint Algorithm: Clustering & Containment Examples 2

SpaceEx Verification Platform Platform for developing verification algorithms – Analysis Core (90kloc C++) – Model Editor – Web Interface Provides data structures, operators, infrastructure – proprietary polyhedra library – number type is templated (substitute your own) – interfaces to linear programming solvers (GLPK,PPL), Parma Polyhedra Library, ode solvers (CVODES) Open Source: spaceex.imag.fr 3

SpaceEx Model Editor Networks of Hybrid Automata –templates –hierarchy 4

SpaceEx Web Interface Browser-based GUI –2D/3D output –runs remotely 5

SpaceEx Reachability Algorithms Support Function Algo –many continuous variables –low discrete complexity PHAVer –constant dynamics (LHA) –formally sound and exact Simulation –nonlinear dynamics –based on CVODE 6

Hybrid Automata with Affine Dynamics linear differential equations can be highly nondeterministic: – additive “inputs” u , w� model continuous disturbances (noise etc.) – uncertain switching regions – uncertain switch result 7

Reachability of Hybrid Automata reachability is hard for continuous dynamics – complex, nonconvex sets even harder for hybrid dynamics – involves reachability of continuous dynamics – plus event detection over a dense domain approximations needed Key: find approximation that is Key: find approximation that is efficient but accurate for a large efficient but accurate for a large number of continuous variables number of continuous variables 8

Outline SpaceEx Verification Platform SpaceEx Approximation Algorithm – Time Elapse Computation with Support Functions – Transition Successors Mixing Support Functions and Polyhedra – Fixpoint Algorithm: Clustering & Containment Examples 9

Time Elapse with Affine Dynamics Affine Flow – nondeterministic affine differential equation: Solve with superposition principle – disregard inputs: “autonomous dynamics” – add inputs afterwards 10

Linear Dynamics “Autonomous” part of the dynamics: x ∈ � n x = Ax, ˙ Known solutions: – analytic solution in continuous time – explicit solution at discrete points in time (up to arbitrary accuracy) Approach for Reachability: – Compute reachable states over finite time: Reach [0,T] ( X Ini ) – Use time-discretization, but with care! 11

Time-Discretization for an Initial Point Analytic solution: e At x Ini x ( t ) = x ( t ) x 3 • with t = δk : x 2 x 1 e Aδ x ( δk ) x 0 x ( δ ( k + 1)) = 0 δ 2 δ 3 δ t Explicit solution in discretized time (recursive): x � = x Ini e Aδ x k x k �� = multiplication with const. matrix e Aδ = linear transform 12

Time-Discretization for an Initial Set X 3 Explicit solution in discretized time X 2 X 1 X 0 X � = X Ini Reach [0,3 δ ] ( X Ini ) e Aδ X k X k �� = 0 δ 2 δ 3 δ t Acceptable solution for purely continuous systems – x ( t ) is in ǫ ( δ ) -neighborhood of some X k Unacceptable for hybrid systems – discrete transitions might “fire” between sampling times – if transitions are “missed,” x ( t ) not in ǫ ( δ ) -neighborhood 13

Time Discretization for Hybrid Systems One can miss jumps – intersection with guard set jump not visible in discretization guard X 2 X 1 sets in flowpipe discretized time 14

Bouncing Ball X 90 = ∅ – In other examples this error might not be as obvious… 15

Reachability by Time-Discretization Goal: – Compute sequence Ω k over bounded time [0 , Nδ ] such that: Reach �� ,Nδ � ( X Ini ) ⊆ � � ∪ � � ∪ . . . ∪ � N Approach: – Refine Ω k by recurrence: Ω 2 e Aδ � k � k �� = Ω 1 Ω 0 – Condition for Ω  : Reach [0,3 δ ] ( X Ini ) Reach �� ,δ � ( X Ini ) ⊆ � � 0 δ 2 δ 3 δ t 16

Nondeterministic Affine Dynamics Let’s include the effect of inputs: – variables x  ,…, x n , inputs u  ,…, u p Input u models nondeterminism – disturbances etc. – can be used for overapproximating nonlinear dynamics ( U� = bounds of approximation error) 17

Nondeterministic Affine Dynamics Superposition Principle autonomous influence of dynamics inputs influence of inputs Reach [0,3 δ ] ( X Ini ) 0 δ 2 δ 3 δ t 18

Nondeterministic Affine Dynamics Set overapproximation of input influence – How far can the input “push” the system in δ time? – from Taylor series expansion (input influence set) (error bound) (matrix) Operators: A ⊕ B = { a + b | a ∈ A, b ∈ B } – Minkowski Sum: – Symmetric Bounding Box: – Linear Transform 19

Nondeterministic Affine Dynamics Recurrence equation with influence of inputs Ω 2 Still needed: Ω 1 – approximation of the Ω 0 initial time step with Ω 0 – called “approximation model” 0 δ 2 δ 3 δ t 20

Approximation Models – Prev. Work bloat last set with ∼ ∼ ∼ ∼ e || A || δ convex hull constraints + bloat with ∼ ∼ ∼ ∼ e || A || δ + convex hull Le Guernic, Girard, CAV 2009 Asarin, Dang et al., HSCC 2000 X 0 X δ X 0 X δ error large and uniform error large and uniform exponential cost efficient for high dimensions 21

New Approximation Model approximate set for each t t t t intersect forward and + bloat with ∼ ∼ e abs( A ) δ AX 0 ∼ ∼ backward approximations Ω t X t X 0 X δ X 0 X δ error small and non-uniform without inputs: exact at t t =0 =0 and t t = = δ δ thanks to math tricks t t =0 =0 t t = = δ δ 22

New Approximation Model ] with Ω Ω t Ω Ω for each t t t t : overapproximate Reach [ [ [ t [ t , , t , , t ] ] ] t t t t t t t linear interpolation between X 0 and X δ = e A δ X 0 error bound from Taylor approximation around t =�0 and around t =� δ Taylor approximation of inputs with error bound 23

New Approximation Model overapproximate Reach [ ] with convex hull [ 0 0 , , δ δ ] [ [ , , ] ] 0 0 δ δ of time instant approximations error terms: symmetric bounding boxes 24

New Approximation Model overapproximate Reach [ ] with convex hull [ 0 0 , , δ δ ] [ [ , , ] ] 0 0 δ δ of time instant approximations smaller overall error with math tricks – Taylor approx. of interpolation error – bound remainder with absolute value sum instead of matrix norm 25

New Approximation Model What Set Representation to Use? Polyhedra Operators Constraints Vertices Zonotopes Support F. Convex hull -- + -- ++ Linear transform +/- ++ ++ ++ -- -- ++ ++ Minkowski sum 26

Representing of Convex Sets Approximation with Supporting Halfspaces – given template directions = outer polyhedral approximation axis ( ± x i ) octagonal ( ± x i ± x j ) all directions ⇓ ⇓ ⇓ bounding box bounding polytope exact set 2n 2 facets 2n facets 27

Representation of Convex Sets Support Function – direction → position of supporting halfspace – exact set representation Implemented as function objects – applying an operator creates d new function object P 0 28

Computing with Support Functions Needed operations are simple – Linear Transform: – Minkowski sum: – Convex hull: Implement as function objects – can add more directions at any time C. Le Guernic, A.Girard. Reachability analysis of hybrid systems using support functions. CAV’09 29

New Approximation Model Efficiently computable with support functions chull of union ⇒ max intersection of axis aligned boxes ⇒ solution of pw linear function 30

New Approximation Model Efficiently computable with support functions solution for intersection of axis aligned boxes quadratic term – maximize piecewise quadratic scalar function for each template direction 31

New Approximation Model Error bounds for each template direction d d d d – used to choose time steps Error incurred with each application of time elapse operator – transition successor computation will void this bound for subsequent steps 32

Extension to Variable Time Steps Ω 2 x adapt to error Ω 1 Ω 0 X 0 0 t 1 t 2 t 3 t different time scale for each direction – new approximation model can interpolate cost: recompute matrix e Aδ – cache matrix 33

Intersection with Invariant Polyhedra Operators Zonotopes Support F. Constraints Vertices Convex hull -- + -- ++ +/- ++ ++ ++ Affine transform -- -- ++ ++ Minkowski sum Intersection ++ -- -- - 34