SYSTEMS USING SOFTWARE VERIFICATION Parasara Sridhar Duggirala UConn - PowerPoint PPT Presentation

ANALYZING REAL TIME LINEAR CONTROL SYSTEMS USING SOFTWARE VERIFICATION Parasara Sridhar Duggirala – UConn Mahesh Viswanathan – UIUC

Real-Time Systems + Linear Control Systems + Verification Verification Control systems Real Time Systems Linear systems This paper. RTSS 2015 [2]

Isn’t That Hybrid Systems Verification? ■ Yes and No. Physical Plant actuation sensing Continuous Controller Typical control system RTSS 2015 [3]

Isn’t That Hybrid Systems Verification? ■ Yes and No. Physical Plant 𝐃 𝟐 𝐃 𝟑 Logic ⋮ 𝐃 𝐨 Typical hybrid system RTSS 2015 [4]

Isn’t That Hybrid Systems ሶ ሶ ሶ Verification? ■ Yes and No. Physical Plant 𝐲 = 𝐠 𝟐 (𝐲) 𝐃 𝟐 𝐲 = 𝐠 𝟒 (𝐲) 𝐲 = 𝐠 𝟑 (𝐲) 𝐃 𝟑 Hybrid Automata Logic ⋮ Assumptions: 1. Continuous feedback 𝐃 𝐨 2. Exact computations Typical hybrid system RTSS 2015 [5]

Isn’t That Hybrid Systems ሶ ሶ ሶ Verification? ■ Technically Yes, practically No. Floating points, Data structures, … + Scheduling, … 𝐲 = 𝐠 𝟐 (𝐲) + VS 𝐲 = 𝐠 𝟒 (𝐲) Hardware, … 𝐲 = 𝐠 𝟑 (𝐲) Hybrid Automata + Plant Approx. model, … + Noisy environment RTSS 2015 [6]

Closely Related Works Floating points, Data structures, … 1. Fluctuat, Martinez et.al. [Floating Points] + 2. Sahvy, HybridFluctuat – periodic actuation. 3. Frehse et.al. [Scheduling] Scheduling, … + Hardware, … + Plant Approx. model, … + Noisy environment RTSS 2015 [7]

Closely Related Works Computation 1. Fluctuat, Martinez et.al. [Floating Points] delay 2. Sahvy, HybridFluctuat – periodic actuation. 3. Frehse et.al. [Scheduling] + This paper: Scheduling Verification (at discrete instances) + while taking into account the computation time of software and scheduling of RTOS. Physical Plant Linear System RTSS 2015 [8]

This Paper; Briefly ሶ 𝑦(𝑢) State of plant 𝑦 evolves as 𝑦 = 𝐵𝑦 + 𝐶𝑣 Physical Plant time actuation sensing main() (){ ……… Code if (…) then Controller … else … Software } Real Time Operating System Scheduling Verification that takes all the three aspects into account RTSS 2015 [9]

Outline ■ Introduction ■ Computational model ■ Drawbacks of existing techniques (or advantages?) ■ Software verification inspired technique – Analyzing linear control systems – Accounting for timing analysis ■ Software verification techniques used ■ Results ■ Discussion and Future work RTSS 2015 [10]

Computational Model 1. Control program is a task on RTOS (periodically scheduled). 2. Delay between sensing and actuation (computation time). 3. Control program may or may not make the deadline. RTSS 2015 [11]

Computational Model 1. Control program is a task on RTOS (periodically scheduled). 2. Delay between sensing and actuation (computation time). 3. Control program may or may not make the deadline. 1. Control program is run every T time units. 2. It may/may not make the deadline (TWCRT). 3. If it makes the deadline, results of computation are given as actuation parameters. 4. If it does not make the deadline, computation results are thrown away . RTSS 2015 [12]

Motivating Example ሶ ሶ ሶ Leader-Follower System Dynamics of the system velocity = 𝑤 ; velocity = 𝑤 𝑔 ; 𝑡 = 𝑤 𝑔 − 𝑤; acceleration = 𝑏 ; acceleration = 0 ; 𝑤 = 𝑏 − 𝑙 𝑏𝑓𝑠𝑝 𝑤; s 𝑏 = 𝑣; 𝑙 𝑏𝑓𝑠𝑝 is the air – drag Control Law leader follower 𝑣 = −2𝑏 − 2(𝑤 − 𝑤 𝑔 ) RTSS 2015 [13]

Motivating Example ሶ ሶ ሶ Leader-Follower System Dynamics of the system velocity = 𝑤 ; velocity = 𝑤 𝑔 ; 𝑡 = 𝑤 𝑔 − 𝑤; acceleration = 𝑏 ; acceleration = 0 ; 𝑤 = 𝑏 − 𝑙 𝑏𝑓𝑠𝑝 𝑤; s 𝑏 = 𝑣; 𝑙 𝑏𝑓𝑠𝑝 is the air – drag Control Law leader follower 𝑣 = −2𝑏 − 2(𝑤 − 𝑤 𝑔 ) ■ Controller operates at 100Hz frequency. (computation time = 0). ■ Hybrid systems model: 1. Add continuous variables 𝑣, 𝑢 2. Update 𝑣 every 0.01 sec. 3. Reset 𝑢 every 0.01 sec. RTSS 2015 [14]

Motivating Example ሶ ሶ ሶ Leader-Follower System Dynamics of the system velocity = 𝑤 ; velocity = 𝑤 𝑔 ; 𝑡 = 𝑤 𝑔 − 𝑤; acceleration = 𝑏 ; acceleration = 0 ; 𝑤 = 𝑏 − 𝑙 𝑏𝑓𝑠𝑝 𝑤; s 𝑏 = 𝑣; 𝑙 𝑏𝑓𝑠𝑝 is the air – drag Control Law leader follower 𝑣 = −2𝑏 − 2(𝑤 − 𝑤 𝑔 ) ■ Controller operates at 100Hz frequency. (computation time = 0). ■ Hybrid systems model: 1. Add continuous variables 𝑣, 𝑢 2. Update 𝑣 every 0.01 sec. 3. Reset 𝑢 every 0.01 sec. RTSS 2015 [15]

Naïve Hybrid Systems Verification With SpaceEx Property: If 𝑤 𝑔 = 60, 𝑤 0 ∈ [59,61], 𝑡 0 = 100 then always 𝑤 ≤ 62 ∧ 𝑡 ≥ 50 RTSS 2015 [16]

Naïve Hybrid Systems Verification With SpaceEx Property: If 𝑤 𝑔 = 60, 𝑤 0 ∈ [59,61], 𝑡 0 = 100 Property cannot be inferred! Overapproximation is too high then always 𝑤 ≤ 62 ∧ 𝑡 ≥ 50 RTSS 2015 [17]

Why It Does Not Work (And Why It Should Not) ■ Two source of overapproximation 1. Discrete transitions. 2. Mismatch between the actuated values and sensed values. If 𝑤 ∈ 59,61 , 𝑣 ∈ [−2,2] but 𝑣 > 0 if and only if 𝑤 < 60 . SpaceEx algorithm does conservative estimate. RTSS 2015 [18]

Why It Does Not Work (And Why It Should Not) ■ Two source of overapproximation 1. Discrete transitions. 2. Mismatch between the actuated values and sensed values. If 𝑤 ∈ 59,61 , 𝑣 ∈ [−2,2] but 𝑣 > 0 if and only if 𝑤 < 60 . SpaceEx algorithm does conservative estimate. ■ Why it should not? (#myPerspective) – Hybrid Systems verification tools are supposed to find the flaws at the design level . – Ensuring lower level details are “coherent” with higher level design should be the job of system developer (or a different verification tool?). – Problem: But many bugs happen during the implementation! RTSS 2015 [19]

Outline ■ Motivation ■ Computational model ■ Drawbacks of existing techniques (or advantages?) ■ Software verification inspired technique – Analyzing linear control systems – Accounting for timing analysis ■ Software verification techniques used ■ Results ■ Discussion and Future work RTSS 2015 [20]

Software Verification Inspired Technique: Outline + Generated code simulates the closed loop system by tracking the software state and physical state of the plant. + Physical Plant RTSS 2015 [21]

Software Verification Inspired Technique: Outline Code Piece 1 + + Code + Piece 2 Physical Plant Software Verification Tools RTSS 2015 [22]

Part 1 – Analyzing Linear Control System 𝑣(𝑢) ■ Linear ODE for plant ሶ 𝑦 = 𝐵𝑦 + 𝐶𝑣 . time ■ Closed form expression for the behavior 𝑢 𝑦(𝑢) 𝑓 𝐵 𝑢−𝜐 𝐶𝑣 𝜐 𝑒𝜐 . 𝑓 𝐵𝑢 𝑦 0 + න 0 time RTSS 2015 [23]

Part 1 – Analyzing Linear Control System 𝑣(𝑢) ■ Linear ODE for plant ሶ 𝑦 = 𝐵𝑦 + 𝐶𝑣 . time ■ Closed form expression for the behavior 𝑢 𝑦(𝑢) 𝑓 𝐵 𝑢−𝜐 𝐶𝑣 𝜐 𝑒𝜐 . 𝑓 𝐵𝑢 𝑦 0 + න 0 time ■ Observation: 𝑣(𝑢) is constant for a given time period (T). 𝑦 𝑈 = 𝑓 𝐵𝑈 𝑦 0 + 𝐻 𝐵, 𝑈 𝐶𝑣 ■ Since 𝑈, 𝐵 are known, 𝑦 𝑈 can be computed as a func. of 𝑦(0) . RTSS 2015 [24]

Part 1 – Analyzing Linear Control System 𝑣(𝑢) ■ Linear ODE for plant ሶ 𝑦 = 𝐵𝑦 + 𝐶𝑣 . time ■ Closed form expression for the behavior 𝑢 𝑦(𝑢) 𝑓 𝐵 𝑢−𝜐 𝐶𝑣 𝜐 𝑒𝜐 . 𝑓 𝐵𝑢 𝑦 0 + න 0 time ■ Observation: 𝑣(𝑢) is constant for a given time period (T). 𝑦 𝑈 = 𝑓 𝐵𝑈 𝑦 0 + 𝐻 𝐵, 𝑈 𝐶𝑣 ■ Since 𝑈, 𝐵 are known, 𝑦 𝑈 can be computed as a func. of 𝑦(0) . ■ For leader trailer system – at discrete time units. Note: Relation between 𝑡 𝑜 = 𝑡 − 0.0995 ∗ 𝑤 − 𝑤 𝑔 − 0.005 ∗ 𝑏 − 0.002 ∗ 𝑣 ; 𝑤 𝑜 = 𝑤 𝑔 + 0.99 ∗ 𝑤 − 𝑤𝑔 + 0.0995 ∗ 𝑏 + 0.005 ∗ 𝑣 ; 𝑣 and 𝑡 𝑜 , 𝑤 𝑜 , 𝑏 𝑜 is symbolic . 𝑏 𝑜 = 𝑏 + 0.1 ∗ 𝑣 ; RTSS 2015 [25]

Part 1 – Analyzing Linear Control System ■ What about with the control law? Note: 𝑣 > 0 initially 𝑣 = −2𝑏 − 2(𝑤 − 𝑤 𝑔 ) ; if and only if 𝑤 < 𝑤 𝑔 . 𝑡 𝑜 = 𝑡 − 0.0995 ∗ 𝑤 − 𝑤 𝑔 − 0.005 ∗ 𝑏 − 0.002 ∗ 𝑣 ; 𝑤 𝑜 = 𝑤 𝑔 + 0.99 ∗ 𝑤 − 𝑤𝑔 + 0.0995 ∗ 𝑏 + 0.005 ∗ 𝑣 ; 𝑏 𝑜 = 𝑏 + 0.1 ∗ 𝑣 ; RTSS 2015 [26]

Part 1 – Analyzing Linear Control System ■ What about with the control law? Note: 𝑣 > 0 initially 𝑣 = −2𝑏 − 2(𝑤 − 𝑤 𝑔 ) ; if and only if 𝑤 < 𝑤 𝑔 . 𝑡 𝑜 = 𝑡 − 0.0995 ∗ 𝑤 − 𝑤 𝑔 − 0.005 ∗ 𝑏 − 0.002 ∗ 𝑣 ; 𝑤 𝑜 = 𝑤 𝑔 + 0.99 ∗ 𝑤 − 𝑤𝑔 + 0.0995 ∗ 𝑏 + 0.005 ∗ 𝑣 ; 𝑏 𝑜 = 𝑏 + 0.1 ∗ 𝑣 ; = Code Piece 1 Skipping details: Error analysis and soudness proof. RTSS 2015 [27]