The Image Computation Problem in Hybrid Systems Model Checking e - - PowerPoint PPT Presentation

The Image Computation Problem in Hybrid Systems Model Checking

Andr´ e Platzer1,2 Edmund M. Clarke2

1University of Oldenburg, Department of Computing Science 2Carnegie Mellon University, Computer Science Department

Hybrid Systems: Computation and Control (HSCC’2007)

Andr´ e Platzer, Edmund M. Clarke (CMU) Image Computation in Hybrid Systems HSCC’07 1 / 13

Image Computation in Hybrid Systems

I Analyse image computation problem in hybrid systems Approximation refinement techniques and their limits

Andr´ e Platzer, Edmund M. Clarke (CMU) Image Computation in Hybrid Systems HSCC’07 2 / 13

Image Computation in Hybrid Systems

I H Analyse image computation problem in hybrid systems Approximation refinement techniques and their limits

Andr´ e Platzer, Edmund M. Clarke (CMU) Image Computation in Hybrid Systems HSCC’07 2 / 13

Image Computation in Hybrid Systems

I H H Analyse image computation problem in hybrid systems Approximation refinement techniques and their limits

Andr´ e Platzer, Edmund M. Clarke (CMU) Image Computation in Hybrid Systems HSCC’07 2 / 13

Image Computation in Hybrid Systems

I H H B Analyse image computation problem in hybrid systems Approximation refinement techniques and their limits

Andr´ e Platzer, Edmund M. Clarke (CMU) Image Computation in Hybrid Systems HSCC’07 2 / 13

Image Computation in Hybrid Systems

I H H B Image Computation Model Checking Analyse image computation problem in hybrid systems Approximation refinement techniques and their limits

Andr´ e Platzer, Edmund M. Clarke (CMU) Image Computation in Hybrid Systems HSCC’07 2 / 13

Air Traffic Management

Andr´ e Platzer, Edmund M. Clarke (CMU) Image Computation in Hybrid Systems HSCC’07 3 / 13

Air Traffic Management

Andr´ e Platzer, Edmund M. Clarke (CMU) Image Computation in Hybrid Systems HSCC’07 3 / 13

ATM: Roundabout Maneuver Automaton

  ˙ x = −v1 +v2 cos φ +ω1y ˙ y = v2 sin φ −ω1x ˙ φ = ω2 −ω1   Cruise ωi := 0 LCircle ωi := ω close rot[-θ, -θ] back rot[-θ, -θ] RCircle ωi := −ω close rot[θ, θ] back rot[θ, θ]

Details Andr´ e Platzer, Edmund M. Clarke (CMU) Image Computation in Hybrid Systems HSCC’07 4 / 13

Outline

1

Motivation Image Computation in Hybrid Systems Air Traffic Management

2

Approximation in Model Checking Approximation Refinement Model Checking Exact Image Computation: Polynomials and Beyond Image Approximation

3

Flow Approximation Bounded Flow Approximation Continuous Image Computation Probabilistic Model Checking Differential Flow Approximation

4

Experimental Results

5

Conclusions and Future Work

Andr´ e Platzer, Edmund M. Clarke (CMU) Image Computation in Hybrid Systems HSCC’07 4 / 13

Outline

1

Motivation Image Computation in Hybrid Systems Air Traffic Management

2

Approximation in Model Checking Approximation Refinement Model Checking Exact Image Computation: Polynomials and Beyond Image Approximation

3

Flow Approximation Bounded Flow Approximation Continuous Image Computation Probabilistic Model Checking Differential Flow Approximation

4

Experimental Results

5

Conclusions and Future Work

Andr´ e Platzer, Edmund M. Clarke (CMU) Image Computation in Hybrid Systems HSCC’07 4 / 13

AMC: Approximation Refinement Model Checking

AMC(B reachable from I in H):

1 A := approx(H) uniformly 2 blur by uniform approximation error +ǫ 3 check(B reachable from I in A + ǫ) 4 B not reachable ⇒ H safe

I B

Andr´ e Platzer, Edmund M. Clarke (CMU) Image Computation in Hybrid Systems HSCC’07 5 / 13

AMC: Approximation Refinement Model Checking

AMC(B reachable from I in H):

1 A := approx(H) uniformly 2 blur by uniform approximation error +ǫ 3 check(B reachable from I in A + ǫ) 4 B not reachable ⇒ H safe

I H B

Andr´ e Platzer, Edmund M. Clarke (CMU) Image Computation in Hybrid Systems HSCC’07 5 / 13

AMC: Approximation Refinement Model Checking

AMC(B reachable from I in H):

1 A := approx(H) uniformly 2 blur by uniform approximation error +ǫ 3 check(B reachable from I in A + ǫ) 4 B not reachable ⇒ H safe

I H A B

Andr´ e Platzer, Edmund M. Clarke (CMU) Image Computation in Hybrid Systems HSCC’07 5 / 13

AMC: Approximation Refinement Model Checking

AMC(B reachable from I in H):

1 A := approx(H) uniformly 2 blur by uniform approximation error +ǫ 3 check(B reachable from I in A + ǫ) 4 B not reachable ⇒ H safe

I H A +ǫ B

Andr´ e Platzer, Edmund M. Clarke (CMU) Image Computation in Hybrid Systems HSCC’07 5 / 13

AMC: Approximation Refinement Model Checking

AMC(B reachable from I in H):

1 A := approx(H) uniformly 2 blur by uniform approximation error +ǫ 3 check(B reachable from I in A + ǫ) 4 B not reachable ⇒ H safe

I H A +ǫ B

Andr´ e Platzer, Edmund M. Clarke (CMU) Image Computation in Hybrid Systems HSCC’07 5 / 13

AMC: Approximation Refinement Model Checking

AMC(B reachable from I in H):

1 A := approx(H) uniformly 2 blur by uniform approximation error +ǫ 3 check(B reachable from I in A + ǫ) 4 B not reachable ⇒ H safe

I H A +ǫ B

Andr´ e Platzer, Edmund M. Clarke (CMU) Image Computation in Hybrid Systems HSCC’07 5 / 13

AMC: Exact Image Computation

AMC(B reachable from I in H):

1 A := approx(H) uniformly 2 blur by uniform approximation error +ǫ 3 check(B reachable from I in A + ǫ) 4 B not reachable ⇒ H safe

Proposition

check and blur can be implemented for I and B semialgebraic A with polynomial flows over R +Piecewise definitions +Rational extensions (e.g. multivariate rational splines)

Andr´ e Platzer, Edmund M. Clarke (CMU) Image Computation in Hybrid Systems HSCC’07 5 / 13

AMC: Image Approximation

AMC(B reachable from I in H):

1 A := approx(H) uniformly 2 blur by uniform approximation error +ǫ 3 check(B reachable from I in A + ǫ) 4 B not reachable ⇒ H safe

Proposition

approx exists for all uniform errors ǫ > 0 when using polynomials to build A Flows ϕ ∈ C (D, Rn) of H D ⊂ R × Rn compact closure of an open set

Andr´ e Platzer, Edmund M. Clarke (CMU) Image Computation in Hybrid Systems HSCC’07 5 / 13

Outline

1

Motivation Image Computation in Hybrid Systems Air Traffic Management

2

Approximation in Model Checking Approximation Refinement Model Checking Exact Image Computation: Polynomials and Beyond Image Approximation

3

Flow Approximation Bounded Flow Approximation Continuous Image Computation Probabilistic Model Checking Differential Flow Approximation

4

Experimental Results

5

Conclusions and Future Work

Andr´ e Platzer, Edmund M. Clarke (CMU) Image Computation in Hybrid Systems HSCC’07 5 / 13

Bounded Flow Approximation

Proposition (Effective Weierstraß approximation)

Flows ϕ ∈ C 1(D, Rn) Bounds b := maxx∈D ˙ ϕ(x) ⇒ approx computable, hence image computation decidable

Andr´ e Platzer, Edmund M. Clarke (CMU) Image Computation in Hybrid Systems HSCC’07 6 / 13

Continuous Image Computation

B Numerical R-Turing Machine ϕ =∅ =∅ x ∈ R ϕ(x) ˙ ϕ(x)

x1 x2 x3 B

• Andr´

e Platzer, Edmund M. Clarke (CMU) Image Computation in Hybrid Systems HSCC’07 7 / 13

Continuous Image Computation

B Numerical R-Turing Machine ϕ =∅ =∅ x ∈ R ϕ(x) ˙ ϕ(x)

x1 x2 x3 B

• g

Andr´ e Platzer, Edmund M. Clarke (CMU) Image Computation in Hybrid Systems HSCC’07 7 / 13

Continuous Image Computation

B Numerical R-Turing Machine ϕ =∅ =∅ x ∈ R ϕ(x) ˙ ϕ(x)

x1 x2 x3 B

• g

Proposition (Image computation undecidable for. . . )

arbitrarily effective flow ϕ ∈ C k(D ⊆ Rn, Rm); D, B effective tolerate error ǫ > 0 in decisions

Andr´ e Platzer, Edmund M. Clarke (CMU) Image Computation in Hybrid Systems HSCC’07 7 / 13

Continuous Image Computation

B Numerical R-Turing Machine ϕ =∅ =∅ x ∈ R ϕ(x) ˙ ϕ(x)

x1 x2 x3 B

• g

Proposition (Image computation undecidable for. . . )

arbitrarily effective flow ϕ ∈ C k(D ⊆ Rn, Rm); D, B effective tolerate error ǫ > 0 in decisions ϕ smooth polynomial function with Q-coefficients

Andr´ e Platzer, Edmund M. Clarke (CMU) Image Computation in Hybrid Systems HSCC’07 7 / 13

Probabilistic Model Checking

x1 x2 x3 B

• Andr´

e Platzer, Edmund M. Clarke (CMU) Image Computation in Hybrid Systems HSCC’07 8 / 13

Probabilistic Model Checking

x1 x2 x3 x4 B

• Andr´

e Platzer, Edmund M. Clarke (CMU) Image Computation in Hybrid Systems HSCC’07 8 / 13

Probabilistic Model Checking

x1 x2 x3 x4 x5 x6 B

• Andr´

e Platzer, Edmund M. Clarke (CMU) Image Computation in Hybrid Systems HSCC’07 8 / 13

Probabilistic Model Checking

x1 x2 x3 x4 x5 x6 B

• Proposition

P( ˙ ϕ∞ > b) → 0 as b → ∞ ϕ evaluated on finite subset X = {xi} of open or compact D ⇒ P(decision correct) → 1 as d(·, X)∞ → 0

Andr´ e Platzer, Edmund M. Clarke (CMU) Image Computation in Hybrid Systems HSCC’07 8 / 13

Differential Flow Approximation

ϕ solves ˙ x(t) = f (t, x)

Proposition

Flow ϕ is solution of ˙ x(t) = f (t, x) f ∈ C ([a, b] × Rn, Rn) ℓ-Lipschitz-continuous: f (t, x1) − f (t, x2) ≤ ℓx1 − x2 ⇒ Continuous image computation decidable

Andr´ e Platzer, Edmund M. Clarke (CMU) Image Computation in Hybrid Systems HSCC’07 9 / 13

Outline

1

Motivation Image Computation in Hybrid Systems Air Traffic Management

2

Approximation in Model Checking Approximation Refinement Model Checking Exact Image Computation: Polynomials and Beyond Image Approximation

3

Flow Approximation Bounded Flow Approximation Continuous Image Computation Probabilistic Model Checking Differential Flow Approximation

4

Experimental Results

5

Conclusions and Future Work

Andr´ e Platzer, Edmund M. Clarke (CMU) Image Computation in Hybrid Systems HSCC’07 9 / 13

Experimental Results: Roundabout ATM

Counterexamples with distances ≈0.0016mi after 3 refinements in absolute coords

Andr´ e Platzer, Edmund M. Clarke (CMU) Image Computation in Hybrid Systems HSCC’07 10 / 13

Experimental Results: Tangential Roundabout ATM

Solution: adaptively choose rotation using tangential construction classical tangential

p m p m

No more counterexamples Simple online calculation

Details Andr´ e Platzer, Edmund M. Clarke (CMU) Image Computation in Hybrid Systems HSCC’07 11 / 13

Outline

1

Motivation Image Computation in Hybrid Systems Air Traffic Management

2

Approximation in Model Checking Approximation Refinement Model Checking Exact Image Computation: Polynomials and Beyond Image Approximation

3

Flow Approximation Bounded Flow Approximation Continuous Image Computation Probabilistic Model Checking Differential Flow Approximation

4

Experimental Results

5

Conclusions and Future Work

Andr´ e Platzer, Edmund M. Clarke (CMU) Image Computation in Hybrid Systems HSCC’07 11 / 13

Conclusions

Image computation in hybrid systems model checking

1

approx uniformly

2

blur by uniform error

3

check for B

flows approx / image computation

continuous uniform approx exists, but. . . smooth undecidable by evaluation bounded by b decidable bound probabilities probabilistically decidable ODE ℓ-Lipschitz decidable Combine numerical algorithms with symbolic analysis Roundabout maneuver unsafe Solution: adaptively choose rotations by tangential construction Report with details

Andr´ e Platzer, Edmund M. Clarke (CMU) Image Computation in Hybrid Systems HSCC’07 12 / 13

Future Work

Extend tangential roundabout maneuver

Determine speed/thrust bounds Position discrepancies caused by imprecise tracking Verify liveness: aircraft finally on original route Full curve dynamics

Combine numerical algorithms with symbolic analysis . . . Improve our preliminary model checker Multivariate rational spline approximation

Andr´ e Platzer, Edmund M. Clarke (CMU) Image Computation in Hybrid Systems HSCC’07 13 / 13

Outline

6

Related Work

7

Details Air Traffic Management Roundabout Maneuver Automaton Adaptive Tangential Roundabout Maneuver

Andr´ e Platzer, Edmund M. Clarke (CMU) Image Computation in Hybrid Systems HSCC’07 7 / 13

• W. Damm, G. Pinto, and S. Ratschan.

Guaranteed termination in the verification of LTL properties of non-linear robust discrete time hybrid systems. In ATVA, 2005.

• R. Lanotte and S. Tini.

Taylor approximation for hybrid systems. In HSCC, pages 402–416, 2005.

• M. Massink and N. D. Francesco.

Modelling free flight with collision avoidance. In ICECCS, pages 270–280, 2001.

• C. Piazza, M. Antoniotti, V. Mysore, A. Policriti, F. Winkler, and
• B. Mishra.

Algorithmic algebraic model checking I. In CAV, 2005.

• A. Platzer and E. M. Clarke.

The image computation problem in hybrid systems model checking. Technical report, 2007.

• C. Tomlin, G. J. Pappas, and S. Sastry.

Andr´ e Platzer, Edmund M. Clarke (CMU) Image Computation in Hybrid Systems HSCC’07 8 / 13

Outline

6

Related Work

7

Details Air Traffic Management Roundabout Maneuver Automaton Adaptive Tangential Roundabout Maneuver

Andr´ e Platzer, Edmund M. Clarke (CMU) Image Computation in Hybrid Systems HSCC’07 8 / 13

Air Traffic Management

x y Φ protected zone v1 Ω1

Andr´ e Platzer, Edmund M. Clarke (CMU) Image Computation in Hybrid Systems HSCC’07 9 / 13

ATM: Roundabout Maneuver Automaton

   ˙ x = −v1 + v2 cos φ + ω1y ˙ y = v2 sin φ − ω1x ˙ φ = ω2 − ω1    Cruise ωi := 0 x2 + y2 ≥ α2 LCircle ωi := ω ˙ c = 1 x2 + y2 ≤ α2 ∧ y ≥ 0 rot[-θ, -θ] c := 0 c ≥ π

ω

rot[-θ, -θ] RCircle ωi := −ω ˙ c = 1 x2 + y2 ≤ α2 ∧ y < 0 rot[θ, θ] c := 0 c ≥ π

ω

rot[θ, θ]

Return Andr´ e Platzer, Edmund M. Clarke (CMU) Image Computation in Hybrid Systems HSCC’07 10 / 13

Experimental Results: Roundabout ATM

Counterexamples with distances ≈0.0016mi after 3 refinements in absolute coords relative coords

Andr´ e Platzer, Edmund M. Clarke (CMU) Image Computation in Hybrid Systems HSCC’07 11 / 13

Experimental Results: Tangential Roundabout ATM

α2 =m − 02 α2 =m − p2 γ1 =∠(m − 0) γ2 =∠(m − p)

p m p m

Return Andr´ e Platzer, Edmund M. Clarke (CMU) Image Computation in Hybrid Systems HSCC’07 12 / 13

Experimental Results: Tangential Roundabout ATM

α2 =m − 02 α2 =m − p2 γ1 =∠(m − 0) γ2 =∠(m − p)

p m p m

Solutions for θj using any k, ℓ ∈ {1, 2}: ∠

• (−1)j+1 x3 + xy2 + (−1)j+kı
• x2(x2 + y2)(4α2 − x2 − y2)

x(x − ıy)

• + (−1)ℓ π

2

Return Andr´ e Platzer, Edmund M. Clarke (CMU) Image Computation in Hybrid Systems HSCC’07 12 / 13

Experimental Results: Tangential Roundabout ATM

α2 =m − 02 α2 =m − p2 γ1 =∠(m − 0) γ2 =∠(m − p)

p m p m

Solutions for θj using any k, ℓ ∈ {1, 2}: ∠

• (−1)j+1 x3 + xy2 + (−1)j+kı
• x2(x2 + y2)(4α2 − x2 − y2)

x(x − ıy)

• + (−1)ℓ π

2 min

k,ℓ max(|θ1 − 0|, |θ2 − φ|)

Return Andr´ e Platzer, Edmund M. Clarke (CMU) Image Computation in Hybrid Systems HSCC’07 12 / 13

Tangential Roundabout Maneuver Automaton

Cruise (2)[ωi := 0] x2 + y2 ≥ α2 Close ˙ c = 1 c = 0 x2 + y2 ≤ α2 rot[θ1, θ2], c := 0 LCircle (2)[ωi := ω] y ≥ 0 rot[θ1, θ2] RCircle (2)[ωi := −ω] y < 0 rot[θ1, θ2]

Return Andr´ e Platzer, Edmund M. Clarke (CMU) Image Computation in Hybrid Systems HSCC’07 13 / 13