hybrid system verification synchronous workshop 2003 a new verification algorithm for planar...

Hyb

rid

Syste

m V

eri

ficati

on

Synchronous Workshop 2003

A New Verification Algorithm for

Planar Differential Inclusions

Gordon Pace

University of Malta

December 2003

Hyb

rid

Syste

m V

eri

ficati

on


Scientific Models

• Discrete systems– CSs’ favourite domain– What I should be talking about here …

• Continuous systems– Engineers’ domain– Differential equations

• Hybrid Systems

Hyb

rid

Syste

m V

eri

ficati

on


A Hybrid System

• Typical example: A heated room with a a thermostat.

• Room temperature T continuous variable,• State of heater (on or off) is a discrete

variable,• Different (continuous/differential) equations

regulate room temperature depending whether heater is on or off.

Hyb

rid

Syste

m V

eri

ficati

on


The Heated Room: Required Parameters

• Dynamics in different (discrete) states;

• When to switch from one state to another;

• Whether any continuous variables are reset discontinuously when switching from one state to another.

Hyb

rid

Syste

m V

eri

ficati

on


The Heated Room:Typical questions

• Reachability questions: Can the room temperature rise over 5% above the thermostat setting?

• ‘Qualitative’ system behaviour: Given a loop (a sequence of discrete states) what continuous behaviour is possible within that loop?

Hyb

rid

Syste

m V

eri

ficati

on


Hybrid Automata

On Off

Hyb

rid

Syste

m V

eri

ficati

on


On Off

Label

Dynamics

Invariant

Guard Reset

Hybrid Automata

Hyb

rid

Syste

m V

eri

ficati

on


Verification of Hybrid Automata

• Undecidable in general.

• Even (good) testing is difficult!

• Most complete approaches look at sub-problems eg limiting differential equations, limiting number of continuous variables.

Hyb

rid

Syste

m V

eri

ficati

on


Swimmer in a whirlpool

Hyb

rid

Syste

m V

eri

ficati

on


Polygonal Differential Inclusion Systems (SPDIs)

• A partition of the plane into convex polygons

• Constant differential inclusion for each region describing allowable dynamics

Hyb

rid

Syste

m V

eri

ficati

on


Swimmer SPDI

Hyb

rid

Syste

m V

eri

ficati

on


Swimmer SPDI

Arrows:System dynamics

Polygons:Discrete states

(Transformed) coordinates:

two continuous states

Hyb

rid

Syste

m V

eri

ficati

on


Swimmer SPDI

Arrows:System dynamics

Polygons:Discrete states

Position on line:one continuous state

Hyb

rid

Syste

m V

eri

ficati

on


Swimmer SPDI

Hyb

rid

Syste

m V

eri

ficati

on


Some undecidable extensions

• Three or more dimensions

• Variant differential inclusions

• SPDIs with arbitrary resets

Hyb

rid

Syste

m V

eri

ficati

on


Some observations (1)

• Position on edges can be described as a single real number.

• Starting from a position s on an edge and ending at t on another edge, the linear inclusion limits guarantees:

t 2 [1 s + 2, 1 s + 2]• Similarly if we went through a number of

edges in between.

Hyb

rid

Syste

m V

eri

ficati

on


Result:

• Given a loop of region edges, we can compute the reachable polygon without iterating.

• We can compute the effect of following an abstract trace:

e1…ei(ei+1…ej)*ej+1…ek(ek+1…el)* … en

Hyb

rid

Syste

m V

eri

ficati

on


Some observations (2)

• For any self-crossing path through an SPDI, there exists a non-self-crossing one with the same start and end points.

• A path which follows a loop (a number of times), leaves it and goes through the loop again, can be replaced by one which enters the loop only once.

Hyb

rid

Syste

m V

eri

ficati

on


Result:

• Any path through an abstract trace which is ‘too long’ also belongs to a shorter abstract path:

e1…ei(ei+1…ej)*ej+1…ek(ek+1…el)* … en

• Only a finite number of paths need be explored to check reachability.

Hyb

rid

Syste

m V

eri

ficati

on


Summary

• We can (non-iteratively) calculate the effect of following an abstract path.

• A finite number of abstract paths cover all possible concrete paths from one edge to another.

• These abstract paths can be calculated.

Hyb

rid

Syste

m V

eri

ficati

on


Summary




We have an algorithm to

decide SPDI reachability

Hyb

rid

Syste

m V

eri

ficati

on


Summary




But it does not guarantee shortest

counter-example

unless exhaustive search is performed

Hyb

rid

Syste

m V

eri

ficati

on


Forward model checking

[

Termination Condition:

Hyb

rid

Syste

m V

eri

ficati

on


SPDI model checking

[ [

Termination Condition:[ [

Hyb

rid

Syste

m V

eri

ficati

on


SPDI model checking

[ [


This follows loops (non-iteratively) in one

step

Hyb

rid

Syste

m V

eri

ficati

on


SPDI model checking

[ [


This is the invariance kernel of the SPDI

Hyb

rid

Syste

m V

eri

ficati

on


Invariance kernel of a loop

• The greatest set of points such that every trajectory starting in such points must remain in the set forever.

• Can be calculated using a non-iterative algorithm.

• The set is the union of all invariance kernels.

Hyb

rid

Syste

m V

eri

ficati

on






BFS algorithm which guarantees

shortest abstract counter-example

Hyb

rid

Syste

m V

eri

ficati

on






Allows us to apply standard

model-checking verification optimisations

to SPDI verification

Hyb

rid

Syste

m V

eri

ficati

on


Future work

• Implementation of the new algorithm and standard optimisations

• Case studies and safe approximation generators

• How can this be applied to discrete systems with one continuous variable and differential inclusion transitions?

Hyb

rid

Syste

m V

eri

ficati

on


x 2 [min{c1, 1 x + 2}, max{c1, 1 s + 2}]

hybrid system verification synchronous workshop 2003 a new verification algorithm for planar...

Documents