robust simulation of safety-critical systems · 2019. 11. 20. · introduction • a “robust...
TRANSCRIPT
![Page 1: Robust Simulation of Safety-Critical Systems · 2019. 11. 20. · Introduction • A “Robust System” mitigates the effects of uncertainty to ensure performance/safety constraints](https://reader036.vdocuments.us/reader036/viewer/2022071510/612e92741ecc51586942e617/html5/thumbnails/1.jpg)
Robust Simulation of Safety-Critical Systems
Matthew D. Stuber, PhDAssistant Professor, Chemical & Biomolecular Eng.
![Page 2: Robust Simulation of Safety-Critical Systems · 2019. 11. 20. · Introduction • A “Robust System” mitigates the effects of uncertainty to ensure performance/safety constraints](https://reader036.vdocuments.us/reader036/viewer/2022071510/612e92741ecc51586942e617/html5/thumbnails/2.jpg)
Outline• Introduction & Background
– What is meant by “robust simulation”?– Steady-state vs. dynamical systems
• Preliminaries– Problem formulation & foundational results
• New Results– Extending steady-state to dynamical
• Conclusions and Future Work
INCOSE - Oct. 17, 2019
![Page 3: Robust Simulation of Safety-Critical Systems · 2019. 11. 20. · Introduction • A “Robust System” mitigates the effects of uncertainty to ensure performance/safety constraints](https://reader036.vdocuments.us/reader036/viewer/2022071510/612e92741ecc51586942e617/html5/thumbnails/3.jpg)
Key ContributorMatthew WilhelmPhD CandidatePSOR Lab, Dept. of Chemical and Biomolecular Eng.University of Connecticut
INCOSE - Oct. 17, 2019
![Page 4: Robust Simulation of Safety-Critical Systems · 2019. 11. 20. · Introduction • A “Robust System” mitigates the effects of uncertainty to ensure performance/safety constraints](https://reader036.vdocuments.us/reader036/viewer/2022071510/612e92741ecc51586942e617/html5/thumbnails/4.jpg)
Introduction• A “Robust System” mitigates the effects of uncertainty to ensure
performance/safety constraints are satisfied.
INCOSE - Oct. 17, 2019
![Page 5: Robust Simulation of Safety-Critical Systems · 2019. 11. 20. · Introduction • A “Robust System” mitigates the effects of uncertainty to ensure performance/safety constraints](https://reader036.vdocuments.us/reader036/viewer/2022071510/612e92741ecc51586942e617/html5/thumbnails/5.jpg)
Introduction• A “Robust System” mitigates the effects of uncertainty to ensure
performance/safety constraints are satisfied.• “Robust Simulation” refers to the ability to rigorously account for the impacts
of uncertainty via a model-based (i.e., simulation) approach– Conclude whether or not a system can meet the desired
performance/safety constraints in the face of uncertainty using mathematical models
INCOSE - Oct. 17, 2019
![Page 6: Robust Simulation of Safety-Critical Systems · 2019. 11. 20. · Introduction • A “Robust System” mitigates the effects of uncertainty to ensure performance/safety constraints](https://reader036.vdocuments.us/reader036/viewer/2022071510/612e92741ecc51586942e617/html5/thumbnails/6.jpg)
Introduction• A “Robust System” mitigates the effects of uncertainty to ensure
performance/safety constraints are satisfied.• “Robust Simulation” refers to the ability to rigorously account for the impacts
of uncertainty via a model-based (i.e., simulation) approach– Conclude whether or not a system can meet the desired
performance/safety constraints in the face of uncertainty using mathematical models
INCOSE - Oct. 17, 2019
Research Challenge: How can we use model-based optimal design principles to improve reliability and safety of systems at the design stage?
![Page 7: Robust Simulation of Safety-Critical Systems · 2019. 11. 20. · Introduction • A “Robust System” mitigates the effects of uncertainty to ensure performance/safety constraints](https://reader036.vdocuments.us/reader036/viewer/2022071510/612e92741ecc51586942e617/html5/thumbnails/7.jpg)
Accounting for Uncertainty
INCOSE - Oct. 17, 2019
System Model
Parametric Uncertainty
Design
zState-Space
?
For a specific design, how would the system respond to uncertainty?
( , , ) h z u p 0Pp
Uu
![Page 8: Robust Simulation of Safety-Critical Systems · 2019. 11. 20. · Introduction • A “Robust System” mitigates the effects of uncertainty to ensure performance/safety constraints](https://reader036.vdocuments.us/reader036/viewer/2022071510/612e92741ecc51586942e617/html5/thumbnails/8.jpg)
Accounting for Uncertainty
INCOSE - Oct. 17, 2019
System Model
Parametric Uncertainty
Design
OperatingEnvelope
zState-SpaceFor a specific design, how would the system respond to uncertainty?
( , , ) h z u p 0Pp
Uu
![Page 9: Robust Simulation of Safety-Critical Systems · 2019. 11. 20. · Introduction • A “Robust System” mitigates the effects of uncertainty to ensure performance/safety constraints](https://reader036.vdocuments.us/reader036/viewer/2022071510/612e92741ecc51586942e617/html5/thumbnails/9.jpg)
Accounting for Uncertainty
INCOSE - Oct. 17, 2019
System Model
Parametric Uncertainty
Design
OperatingEnvelope
zState-SpaceFor a specific design, how would the system respond to uncertainty?
Constraint/Specification
( , , ) h z u p 0Pp
Uu
![Page 10: Robust Simulation of Safety-Critical Systems · 2019. 11. 20. · Introduction • A “Robust System” mitigates the effects of uncertainty to ensure performance/safety constraints](https://reader036.vdocuments.us/reader036/viewer/2022071510/612e92741ecc51586942e617/html5/thumbnails/10.jpg)
Accounting for Uncertainty
INCOSE - Oct. 17, 2019
System Model
Parametric Uncertainty
Design
OperatingEnvelope
zState-SpaceFor a specific design, how would the system respond to uncertainty?
Constraint/Specification
SYSTEM FAILURE!
( , , ) h z u p 0Pp
Uu
![Page 11: Robust Simulation of Safety-Critical Systems · 2019. 11. 20. · Introduction • A “Robust System” mitigates the effects of uncertainty to ensure performance/safety constraints](https://reader036.vdocuments.us/reader036/viewer/2022071510/612e92741ecc51586942e617/html5/thumbnails/11.jpg)
Accounting for Uncertainty
INCOSE - Oct. 17, 2019
System Model
Parametric Uncertainty
Design
OperatingEnvelope
zState-SpaceFor a specific design, how would the system respond to uncertainty?
Constraint/Specification
SYSTEM FAILURE!
( , , ) h z u p 0Pp
Uu
![Page 12: Robust Simulation of Safety-Critical Systems · 2019. 11. 20. · Introduction • A “Robust System” mitigates the effects of uncertainty to ensure performance/safety constraints](https://reader036.vdocuments.us/reader036/viewer/2022071510/612e92741ecc51586942e617/html5/thumbnails/12.jpg)
Accounting for Uncertainty
INCOSE - Oct. 17, 2019
System Model
Parametric Uncertainty
Design
OperatingEnvelope
zState-SpaceFor a specific design, how would the system respond to uncertainty?
Constraint/Specification
ROBUST SYSTEM!
( , , ) h z u p 0Pp
Uu
![Page 13: Robust Simulation of Safety-Critical Systems · 2019. 11. 20. · Introduction • A “Robust System” mitigates the effects of uncertainty to ensure performance/safety constraints](https://reader036.vdocuments.us/reader036/viewer/2022071510/612e92741ecc51586942e617/html5/thumbnails/13.jpg)
Accounting for Uncertainty
INCOSE - Oct. 17, 2019
System Model
Parametric Uncertainty
Design
OperatingEnvelope
zState-SpaceFor a specific design, how would the system respond to uncertainty?
Constraint/Specification
ROBUST SYSTEM!
( , , ) h z u p 0Pp
Uu
Research Challenge: Verifying a system is not robust is as simple as finding a single realization of uncertainty that violates the constraint.
Verifying a system is robust requires simulating infinitely-many realizations of uncertainty and ensuring the system never violates the constraint.
![Page 14: Robust Simulation of Safety-Critical Systems · 2019. 11. 20. · Introduction • A “Robust System” mitigates the effects of uncertainty to ensure performance/safety constraints](https://reader036.vdocuments.us/reader036/viewer/2022071510/612e92741ecc51586942e617/html5/thumbnails/14.jpg)
Introduction• Steady-state vs. dynamical systems models
INCOSE - Oct. 17, 2019
System Model
( , , ) h z u p 0System Model
( , , ) ( ( , , ), , , )t t tx u p f x u p u p
nonlinear algebraic system nonlinear ODE system
![Page 15: Robust Simulation of Safety-Critical Systems · 2019. 11. 20. · Introduction • A “Robust System” mitigates the effects of uncertainty to ensure performance/safety constraints](https://reader036.vdocuments.us/reader036/viewer/2022071510/612e92741ecc51586942e617/html5/thumbnails/15.jpg)
Introduction• Steady-state vs. dynamical systems models
INCOSE - Oct. 17, 2019
System Model
( , , ) h z u p 0System Model
( , , ) ( ( , , ), , , )t t tx u p f x u p u p
nonlinear algebraic system nonlinear ODE system
Now, we must account for the transient response to uncertainty in our design.
![Page 16: Robust Simulation of Safety-Critical Systems · 2019. 11. 20. · Introduction • A “Robust System” mitigates the effects of uncertainty to ensure performance/safety constraints](https://reader036.vdocuments.us/reader036/viewer/2022071510/612e92741ecc51586942e617/html5/thumbnails/16.jpg)
Accounting for Uncertainty
INCOSE - Oct. 17, 2019
Dynamic SystemModel
Parametric Uncertainty
Design
OperatingEnvelope
State-Space
Constraint/Specification
ROBUST SYSTEM!
Pp
Uu
( , , ), , , ) 0(k k
g t t x u p u p
( , , )ktx u p
![Page 17: Robust Simulation of Safety-Critical Systems · 2019. 11. 20. · Introduction • A “Robust System” mitigates the effects of uncertainty to ensure performance/safety constraints](https://reader036.vdocuments.us/reader036/viewer/2022071510/612e92741ecc51586942e617/html5/thumbnails/17.jpg)
OperatingEnvelope
Accounting for Uncertainty
INCOSE - Oct. 17, 2019
Dynamic SystemModel
Parametric Uncertainty
Design
State-Space
Constraint/Specification
Pp
Uu
1 1( , , ), , , ) 0(
k kg t t x u p u p
1( , , )
kt x u p
SYSTEM FAILURE!
![Page 18: Robust Simulation of Safety-Critical Systems · 2019. 11. 20. · Introduction • A “Robust System” mitigates the effects of uncertainty to ensure performance/safety constraints](https://reader036.vdocuments.us/reader036/viewer/2022071510/612e92741ecc51586942e617/html5/thumbnails/18.jpg)
Preliminaries• From a design perspective, our objective is to verify performance/safety in
the face of (the worst-case) uncertainty over the time horizon.
INCOSE - Oct. 17, 2019
,
0
( ) max ( ( , , ), , , )
s.t. ( , , ) ( ( , , ), , , )
( , , 0) ( , )
P t Ig t t
t t t
pu x u p u p
x u p f x u p u px u p x u p
![Page 19: Robust Simulation of Safety-Critical Systems · 2019. 11. 20. · Introduction • A “Robust System” mitigates the effects of uncertainty to ensure performance/safety constraints](https://reader036.vdocuments.us/reader036/viewer/2022071510/612e92741ecc51586942e617/html5/thumbnails/19.jpg)
Preliminaries• From a design perspective, our objective is to verify performance/safety in
the face of (the worst-case) uncertainty over the time horizon.
If , we have verified the robustness of our design u.
“For a given design, the system does not violate performance/safety at any point in time, even in the face of the worst-case uncertainty”
INCOSE - Oct. 17, 2019
( ) 0 u
,
0
( ) max ( ( , , ), , , )
s.t. ( , , ) ( ( , , ), , , )
( , , 0) ( , )
P t Ig t t
t t t
pu x u p u p
x u p f x u p u px u p x u p
![Page 20: Robust Simulation of Safety-Critical Systems · 2019. 11. 20. · Introduction • A “Robust System” mitigates the effects of uncertainty to ensure performance/safety constraints](https://reader036.vdocuments.us/reader036/viewer/2022071510/612e92741ecc51586942e617/html5/thumbnails/20.jpg)
PreliminariesDiscrete-time reformulation, e.g., implicit Euler:
Where we have
INCOSE - Oct. 17, 2019
, ) ( , , )(i i
ty u p x u p
0 0
1 1 1
( , )
( , , , ), 1, ,i i i i
h t i K
y x u py y f y u p
0
( , , ) ( ( , , ), , , )
( , , 0) ( , )
t t t
x u p f x u p u px u p x u p
![Page 21: Robust Simulation of Safety-Critical Systems · 2019. 11. 20. · Introduction • A “Robust System” mitigates the effects of uncertainty to ensure performance/safety constraints](https://reader036.vdocuments.us/reader036/viewer/2022071510/612e92741ecc51586942e617/html5/thumbnails/21.jpg)
PreliminariesDiscrete-time reformulation, e.g., implicit Euler:
INCOSE - Oct. 17, 2019
, ,
0 0
1
1
0 1 1
( ) max ( , , , )
s.t. ( , )
( , , , )
( , , , )
kkP t I
K K K K
g t
h t
h t
p yu y u p
y x u py y f y u p 0
y y f y u p 0
( , , ) h y u p 0
,
0
( ) max ( ( , , ), , , )
s.t. ( , , ) ( ( , , ), , , )
( , , 0) ( , )
P t Ig t t
t t t
pu x u p u p
x u p f x u p u px u p x u p
![Page 22: Robust Simulation of Safety-Critical Systems · 2019. 11. 20. · Introduction • A “Robust System” mitigates the effects of uncertainty to ensure performance/safety constraints](https://reader036.vdocuments.us/reader036/viewer/2022071510/612e92741ecc51586942e617/html5/thumbnails/22.jpg)
PreliminariesDiscrete-time reformulation, e.g., implicit Euler:
INCOSE - Oct. 17, 2019
, ,
0 0
1
1
0 1 1
( ) max ( , , , )
s.t. ( , )
( , , , )
( , , , )
kkP t I
K K K K
g t
h t
h t
p yu y u p
y x u py y f y u p 0
y y f y u p 0
( , , ) h y u p 0Related to “orthogonal collocation” approach: Biegler (1983)
,
0
( ) max ( ( , , ), , , )
s.t. ( , , ) ( ( , , ), , , )
( , , 0) ( , )
P t Ig t t
t t t
pu x u p u p
x u p f x u p u px u p x u p
![Page 23: Robust Simulation of Safety-Critical Systems · 2019. 11. 20. · Introduction • A “Robust System” mitigates the effects of uncertainty to ensure performance/safety constraints](https://reader036.vdocuments.us/reader036/viewer/2022071510/612e92741ecc51586942e617/html5/thumbnails/23.jpg)
Robust Steady-State Simulation• Previous developments: a set-valued mapping theory that enables the
calculation of rigorous bounds on the states over the entire uncertainty space.
INCOSE - Oct. 17, 2019
System Model
Parametric Uncertainty
Design
OperatingEnvelope
zState-Space
( , , ) h z u p 0Pp
Uu
![Page 24: Robust Simulation of Safety-Critical Systems · 2019. 11. 20. · Introduction • A “Robust System” mitigates the effects of uncertainty to ensure performance/safety constraints](https://reader036.vdocuments.us/reader036/viewer/2022071510/612e92741ecc51586942e617/html5/thumbnails/24.jpg)
Robust Steady-State Simulation• Previous developments: a set-valued mapping theory that enables the
calculation of rigorous bounds on the states over the entire uncertainty space.
INCOSE - Oct. 17, 2019
System Model
Parametric Uncertainty
Design
OperatingEnvelope
zState-Space
( , , ) h z u p 0Pp
Uu Stuber, M.D. et al. (2015)
![Page 25: Robust Simulation of Safety-Critical Systems · 2019. 11. 20. · Introduction • A “Robust System” mitigates the effects of uncertainty to ensure performance/safety constraints](https://reader036.vdocuments.us/reader036/viewer/2022071510/612e92741ecc51586942e617/html5/thumbnails/25.jpg)
Robust Steady-State Simulation• How does this work mathematically?
– Implicit function theorem
– (parametric) mean value theorem
– Fixed-point iterations
– Rigorous (global) set-valued arithmetic• Interval arithmetic• generalized McCormick convex relaxations
INCOSE - Oct. 17, 2019
( , , ) ( , ) : ( ( , ), , ) h z u p 0 z x u p h x u p u p 0
( , )( ( , ) ( , )) ( ( , ), , ) M u p x u p u p h u p u p
1( , ) : ( ( , ))k k x u p x u p
Stuber, M.D. et al. (2015)
![Page 26: Robust Simulation of Safety-Critical Systems · 2019. 11. 20. · Introduction • A “Robust System” mitigates the effects of uncertainty to ensure performance/safety constraints](https://reader036.vdocuments.us/reader036/viewer/2022071510/612e92741ecc51586942e617/html5/thumbnails/26.jpg)
Robust Steady-State Simulation
INCOSE - Oct. 17, 2019
OperatingEnvelope
zState-Space
Convex relaxation of nonconvex operating envelope (without actually simulating the operating envelope)
Stuber, M.D. et al. (2015)
![Page 27: Robust Simulation of Safety-Critical Systems · 2019. 11. 20. · Introduction • A “Robust System” mitigates the effects of uncertainty to ensure performance/safety constraints](https://reader036.vdocuments.us/reader036/viewer/2022071510/612e92741ecc51586942e617/html5/thumbnails/27.jpg)
Robust Dynamic Simulation• Our dynamic model is reformulated in the discrete form as a nonlinear
algebraic system:
INCOSE - Oct. 17, 2019
0
1
0
1 0 1 1
( , )
( , , , )( , , )
( , , , )K K K K
h t
h t
y x u py y f y u p
h y u p 0
y y f y u p
( 1) ( 1): px u xnn K n n K h
![Page 28: Robust Simulation of Safety-Critical Systems · 2019. 11. 20. · Introduction • A “Robust System” mitigates the effects of uncertainty to ensure performance/safety constraints](https://reader036.vdocuments.us/reader036/viewer/2022071510/612e92741ecc51586942e617/html5/thumbnails/28.jpg)
Robust Dynamic Simulation• Our dynamic model is reformulated in the discrete form as a nonlinear
algebraic system:
INCOSE - Oct. 17, 2019
0
1
0
1 0 1 1
( , )
( , , , )( , , )
( , , , )K K K K
h t
h t
y x u py y f y u p
h y u p 0
y y f y u p
( 1) ( 1): px u xnn K n n K h
Very large!
![Page 29: Robust Simulation of Safety-Critical Systems · 2019. 11. 20. · Introduction • A “Robust System” mitigates the effects of uncertainty to ensure performance/safety constraints](https://reader036.vdocuments.us/reader036/viewer/2022071510/612e92741ecc51586942e617/html5/thumbnails/29.jpg)
Robust Dynamic Simulation
INCOSE - Oct. 17, 2019
![Page 30: Robust Simulation of Safety-Critical Systems · 2019. 11. 20. · Introduction • A “Robust System” mitigates the effects of uncertainty to ensure performance/safety constraints](https://reader036.vdocuments.us/reader036/viewer/2022071510/612e92741ecc51586942e617/html5/thumbnails/30.jpg)
Robust Dynamic Simulation
INCOSE - Oct. 17, 2019
Here, we have 5 states. For a system with K=1000, we would need to account for a 5000-dimension system simultaneously.
Each block of unknowns only depends on the previous timesteps (known). Thus, we only need to account for a single 5-dimensional system sequentially.
![Page 31: Robust Simulation of Safety-Critical Systems · 2019. 11. 20. · Introduction • A “Robust System” mitigates the effects of uncertainty to ensure performance/safety constraints](https://reader036.vdocuments.us/reader036/viewer/2022071510/612e92741ecc51586942e617/html5/thumbnails/31.jpg)
Robust Dynamic SimulationApply the theory introduced previously for robust steady-state simulation to our system to calculate rigorous bounds on the state variables over the range of uncertainty variables p and design variables u, block-by-block.
INCOSE - Oct. 17, 2019
( , , ) h y u p 0
![Page 32: Robust Simulation of Safety-Critical Systems · 2019. 11. 20. · Introduction • A “Robust System” mitigates the effects of uncertainty to ensure performance/safety constraints](https://reader036.vdocuments.us/reader036/viewer/2022071510/612e92741ecc51586942e617/html5/thumbnails/32.jpg)
Robust Dynamic Simulation
INCOSE - Oct. 17, 2019
OperatingEnvelope
zState-Space
OperatingEnvelope
zState-Space
1k kt t
![Page 33: Robust Simulation of Safety-Critical Systems · 2019. 11. 20. · Introduction • A “Robust System” mitigates the effects of uncertainty to ensure performance/safety constraints](https://reader036.vdocuments.us/reader036/viewer/2022071510/612e92741ecc51586942e617/html5/thumbnails/33.jpg)
Robust Dynamic Simulation
INCOSE - Oct. 17, 2019
Control of a 9-species biological reaction for wastewater treatment.
![Page 34: Robust Simulation of Safety-Critical Systems · 2019. 11. 20. · Introduction • A “Robust System” mitigates the effects of uncertainty to ensure performance/safety constraints](https://reader036.vdocuments.us/reader036/viewer/2022071510/612e92741ecc51586942e617/html5/thumbnails/34.jpg)
Future Work• Extend the worst-case uncertainty verification to the robust design problem
to “minimize the maximum impact of uncertainty”
INCOSE - Oct. 17, 2019
,
,
0
min
s.t. max ( ( , , ), , , )
s.t. ( , , ) ( ( , , ), , , )
( , , 0) ( , )
U
P t Ig t t
t t t
u
px u p u p
x u p f x u p u px u p x u p
,
0
( ) max ( ( , , ), , , )
s.t. ( , , ) ( ( , , ), , , )
( , , 0) ( , )
P t Ig t t
t t t
pu x u p u p
x u p f x u p u px u p x u p
![Page 35: Robust Simulation of Safety-Critical Systems · 2019. 11. 20. · Introduction • A “Robust System” mitigates the effects of uncertainty to ensure performance/safety constraints](https://reader036.vdocuments.us/reader036/viewer/2022071510/612e92741ecc51586942e617/html5/thumbnails/35.jpg)
Conclusion• We have developed a method for rigorously bounding the operating
envelope of a dynamical system• We enable a simulation-based approach with deterministic global
optimization for worst-case safety verification• We have developed the theory for higher-order implicit integration methods
(parametric implicit linear multistep methods).• Focused on two-step (2nd-order) methods
– Much greater accuracy than implicit Euler– Unconditionally stable
INCOSE - Oct. 17, 2019
![Page 36: Robust Simulation of Safety-Critical Systems · 2019. 11. 20. · Introduction • A “Robust System” mitigates the effects of uncertainty to ensure performance/safety constraints](https://reader036.vdocuments.us/reader036/viewer/2022071510/612e92741ecc51586942e617/html5/thumbnails/36.jpg)
Thank you!
Any Questions?
This material is based upon work supported by the National Science Foundation under Grant No. 1932723. Any opinions, findings, and conclusions or recommendations expressed in this
material are those of the authors and do not necessarily reflect the views of the National Science Foundation.
INCOSE - Oct. 17, 2019