- PDF Free Download

Size: px

Start display at page:

Download ""

Darlene Kelly
5 years ago
Views:

6 Modeling and Analysis of Hybrid Systems Linear hybrid automata I Prof. Dr. Erika Ábrahám Informatik 2 - LuFG Theory of Hybrid Systems RWTH Aachen University Szeged, Hungary, 27 September - 06 October 2017 Ábrahám - Hybrid Systems 1 / 31

7 Literature Alur et al.: The algorithmic analysis of hybrid systems Theoretical Computer Science, 138(1):334, 1995 Ábrahám - Hybrid Systems 2 / 31

8 Linear terms, constraints and formulas A linear term e over a set Var of variables is of the form e ::= c c x e + e where x Var is a variable and c stays for an integer (rational) constant. Example: x 1 + 2x 2 + 5x 3 is a linear term over Var = {x 1, x 2, x 3 }. A linear constraint t over Var is an (in)equality t ::= e 0 with {>,, =,, <} and e a linear term over Var. Example: x 1 + 2x 2 + ( 2) 0 is a linear constraint over Var = {x 1, x 2 }. We sometimes deviate from this normal form and write, e.g., x 1 + 2x 2 2. Ábrahám - Hybrid Systems 3 / 31

9 Linear terms, constraints and formulas A conjunctive linear formula ϕ over Var is dened by the following grammar: ϕ ::= t ϕ ϕ x. ϕ with t a linear constraint over Var and x Var a variable. Let Φ X be the set of all conjunctive linear formulas with free (non-quantied) variables from X Var. Example: t. x 1. x 1 0 x 1 = x 1 + 2t t 0 is a conjunctive linear formula over {x 1, x 1, t}, with free (non-quantied) variables {x 1 }. Ábrahám - Hybrid Systems 4 / 31

10 Regions A region over Var is a pair R = (l, ϕ) Loc Φ Var of a location and a conjunctive linear formula with free variables from Var. Example: (l, t. x 1. x 1 0 x 1 = x 1 + 2t t 0) is a region over {x 1 }. The intersection of two regions R 1 = (l 1, ϕ 1 ) and R 2 = (l 2, ϕ 2 ) from Loc Φ Var is dened as R 1 ˆ R 2 = if l 1 l 2 and otherwise. R 1 ˆ R 2 = (l 1, ϕ 1 ϕ 2 ) The intersection of two sets of regions P 1, P 2 Loc Φ Var is dened as P 1 ˆ P 2 = {(l, ϕ 1 ϕ 2 ) (l, ϕ 1 ) P 1, (l, ϕ 2 ) P 2 }. We dene other operations on regions like union etc. similarly, and extend them to sets of regions the natural way. Ábrahám - Hybrid Systems 5 / 31

12 Substitution Assume a set Var of variables, a linear formula ϕ Φ Var over Var, a variable x Var, and a linear term e over Var. The substitution ϕ[e/x] replaces each free occurrence of x in ϕ by e. Example: (x + 2y 0)[5/y] = x Example: ( y. x + 2y 0)[5/y] = x + 2y 0 We write ϕ[e 1,..., e n /x 1,..., x n ] for the simultaneous substitution of e i for x i, i = 1,..., n. For Var = {x 1,..., x n } we will also use a primed variable set Var = {x 1,..., x n} and write short ϕ[var /Var] for ϕ[x 1,..., x n/x 1,..., x n ]. Ábrahám - Hybrid Systems 6 / 31

13 Linear terms, constraints and formulas The semantics of linear terms, constraints and formulas over Var = {x 1,..., x n } in the context of a valuation ν V Var (i.e., ν : Var R) is as usual (we use the same notation for the syntax and the semantics of constants and operators): ν(c) c ν(c x) c ν(x) ν(e 1 + e 2 ) ν(e 1 ) + ν(e 2 ) ν(e 0) ν(e) 0 ν(ϕ 1 ϕ 2 ) ν(ϕ 1 ) and ν(ϕ 2 ) ν( x. ϕ) exists v R such that ν(ϕ[v/x]) holds Ábrahám - Hybrid Systems 7 / 31

14 Linear terms, constraints and formulas The solution set Sat(ϕ) of a linear formula ϕ over Var is the set of all valuations ν V Var that make ϕ true: Sat(ϕ) = {ν V Var ν = ϕ} The solution set Sat(R) of a region R = (l, ϕ) Loc Φ Var over Loc and Var is Sat((l, ϕ)) = {(l, ν) Loc V Var ν Sat(ϕ)} The solution set Sat(P ) of a set of regions P over Loc and Var is Sat(P ) = R P Sat(R). Two region sets P 1, P 2 Loc Φ Var are equivalent, written P 1 ˆ=P 2, i Sat(P 1 ) = Sat(P 2 ). We dene similarly the inclusion P 1 ˆ P 2 i Sat(P 1 ) Sat(P 2 ). Ábrahám - Hybrid Systems 8 / 31

15 Linear hybrid automata I A linear hybrid automaton is a hybrid automaton H = (Loc, Var, Lab, Edge, Act, Inv, Init) which can be represented by a tuple H = (Loc, Var, Lab, Edge, Act, Inv, Init) satisfying the following: The nite set Edge Loc Φ Var Φ Var Var Loc denes the set of edges Edge = {(l, a, µ e, l ) e = (l, a, Guard e, Reset e, l ) Edge}, where the transition relation µ e is given as µ e = {(ν, ν ) V Var V Var ν Sat(Guard e ) and (ν ν ) Sat(Reset e )} with ν ν V Var Var such that (ν ν )(x) = ν(x) for x Var and (ν ν )(x ) = ν (x) for x Var. The set Act Loc Φ Var contains for each location l Loc exactly one region (l, Act l ) Act whose second component is of the form Act l = n i=1 x i + kl,i lower t x i x i x i + k upper l,i t, dening the activities Act(l) = {f : R 0 V Var f xi [kl,i lower, k upper l,i ] for all i {1,..., n}}, where f xi : R 0 R with f xi (t) = f(t)(x i ) for all t R 0. Ábrahám - Hybrid Systems 9 / 31

16 Linear hybrid automata I (cont.) The set Inv Loc Φ Var contains for each location l Loc exactly one region (l, Inv l ) Inv such that Inv(l) = Sat(Inv l ). Init Loc Φ Var is a nite set of regions specifying the initial states by Init = {(l, ν) ν Sat(ϕ)}. (l,ϕ) Init Ábrahám - Hybrid Systems 10 / 31

17 Water-level monitor x = 0 y = 1 l 0 ẋ = 1 ẏ = 1 y 10 y = 10 x := 0 l 1 ẋ = 1 ẏ = 1 x 2 x = 2 x = 2 l 3 ẋ = 1 ẏ = 2 x 2 y = 5 x := 0 l 2 ẋ = 1 ẏ = 2 y 5 Ábrahám - Hybrid Systems 11 / 31

18 Mixer of uids l 1 ẋ 1 = 0 ẋ 2 [l 2, u 2 ] x 1 + x 2 d 2x 1 x < l 1 < u 1, 0 < l 2 < u 2, l u < 0, d > 0, c > 0 2x 1 x 2 = c 2x 1 x 2 = 0 x 1 = 0 x 2 = 0 l 0 ẋ 1 [l 1, u 1 ] ẋ 2 [l 2, u 2 ] x 1 + x 2 d c 2x 1 x 2 c 2x 1 x 2 = c 2x 1 x 2 = 0 l 2 ẋ 1 [l 1, u 1 ] ẋ 2 = 0 x 1 + x 2 d 2x 1 x 2 0 x = 0 x 1 := 0 x 2 := 0 x 1 + x 2 = d x := d x 1 + x 2 = d x := d l 3 ẋ [l, u] x 0 x 1 + x 2 = d x := d Ábrahám - Hybrid Systems 12 / 31

19 Reminder: Semantics of hybrid automata (l, a, µ, l ) Edge (ν, ν ) µ ν Inv(l ) (l, ν) a (l, ν ) Rule Discrete f Act(l) f(0) = ν f(t) = ν t 0 0 t t.f(t ) Inv(l) Rule Time (l, ν) t (l, ν ) Ábrahám - Hybrid Systems 13 / 31

20 Forward analysis Ábrahám - Hybrid Systems 14 / 31

21 Given a set of initial states Init Σ, we want to compute the set of all states which are reachable from Init: Reach + (Init) = {σ Σ σ Init. σ σ }. Ábrahám - Hybrid Systems 15 / 31

22 Given a set of initial states Init Σ, we want to compute the set of all states which are reachable from Init: Reach + (Init) = {σ Σ σ Init. σ σ }. More specically, we want to check whether the reachable region intersects with a set of bad (unsafe) states. Ábrahám - Hybrid Systems 15 / 31

23 Forward reachability analysis method forward_ reach ( h y b r i d automaton r e p r e s e n t a t i o n H = (Loc, Var, Lab, Edge, Act, Inv, Init), r e g i o n s e t P bad ) { } // s t a r t from t h e t i m e s u c c e s s o r s o f i n i t i a l r e g i o n s P 0 := T + (Init ˆ Inv) ; i f (Sat(P 0 ˆ P bad ) ) r e t u r n u n s a f e ; i := 0 ; w h i l e P i { // compute P i+1 := T + (D + (P i )) P i+1 := ; f o r each (R = (l, φ) P i ) { f o r each e = (l,..., l ) Edge { R := T + l (D+ e (R)) ; i f (Sat({R } ˆ P bad ) ) r e t u r n u n s a f e ; } e l s e i f ( not {R } ˆ ˆ i j=0 P j ) P i+1 := P i+1 {R } ; } } i := i +1; r e t u r n s a f e ; Ábrahám - Hybrid Systems 16 / 31

25 One-step reachability under time steps We dene the forward time closure T + l (ϕ) of a formula ϕ Φ Var at l Loc as T + l (ϕ) = x pre. t. t 0 ϕ[x pre /x] Act l [x pre, x/x, x ] Inv l Region R = (l, ϕ) Loc Φ Var : T + Set of regions P Loc Φ Var : l (R) = (l, T + (ϕ)) T + (P ) = {T + l (R) R = (l, ϕ) P } l Ábrahám - Hybrid Systems 17 / 31

26 One-step reachability under discrete steps We dene the postcondition D + e (ϕ) of a formula ϕ Φ Var with respect to an edge e = (l, Guard e, Reset e, l ) as D + e (ϕ) = x pre. ϕ[x pre /x] Guard e [x pre /x] Reset e [x pre, x/x, x ] Inv l. Region R = (l, ϕ) Loc Φ Var : Set of regions P Loc Φ Var : D + e (R) = (l, D + e (ϕ)) D + (P ) = {D + e (R) R = (l, ϕ) P, e = (l, Guard e, Reset e, l ) Edge} Ábrahám - Hybrid Systems 18 / 31

29 Backward analysis Ábrahám - Hybrid Systems 19 / 31

30 Given a set of target states B Σ, we want to compute the set of all states from which a state in B is reachable: Reach (B) = {σ Σ σ B. σ σ }. Ábrahám - Hybrid Systems 20 / 31

31 Given a set of target states B Σ, we want to compute the set of all states from which a state in B is reachable: Reach (B) = {σ Σ σ B. σ σ }. More specically, we want to check whether the set of backward reachable states intersects with a set of initial states. Ábrahám - Hybrid Systems 20 / 31

32 Backward reachability analysis method backward_reach ( ) { i := 0 ; P 0 := {T l (R) R = (l, ϕ) P bad ˆ Inv} ; // t i m e p r e d e c. o f bad r e g i o n s i f (Sat(P 0 ˆ Init) ) r e t u r n u n s a f e ; w h i l e P i { } } // compute t i m e p r e d e c e s s o r s o f // d i s c r e t e p r e d e c e s s o r s o f a l l r e g i o n s from P i f o r each (R = (l, φ) P i ) { f o r each e = (l,..., l) Edge { R := T l (D e (R)) ; i f (Sat({R } ˆ Init) ) r e t u r n u n s a f e ; e l s e i f ( not {R } ˆ i j=0 P j ) P i+1 := P i+1 {R } ; } } i := i +1; r e t u r n s a f e ; Ábrahám - Hybrid Systems 21 / 31

33 One-step reachability under time steps We dene the backward time closure T l (ϕ) of a formula ϕ Φ Var at l Loc as T l (ϕ) = x post. t. t 0 ϕ[x post /x] Act l [x, x post /x, x ] Inv l. Region R = (l, ϕ) Loc Φ Var : T l Set of regions P Loc Φ Var : (R) = (l, T (ϕ)) T (P ) = {T l (R) R = (l, ϕ) P } l Ábrahám - Hybrid Systems 22 / 31

34 One-step reachability under discrete steps We dene the precondition D e (ϕ) of a formula ϕ Φ Var with respect to an edge e = (l, Guard e, Reset e, l ) as D e (ϕ) = x post. ϕ[x post /x] Guard e Reset e [x, x post /x, x ] Inv l. Region R = (l, ϕ) Loc Φ Var : Set of regions P Loc Φ Var : D e (R) = (l, D e (ϕ)) D (P ) = {D e (R) R = (l, ϕ) P, e = (l, Guard e, Reset e, l ) Edge} Ábrahám - Hybrid Systems 23 / 31

37 Quantier elimination Problem 1: Formula size increases steeply Problem 2: In the presence of quantiers, computing operations (inclusion, intersection etc.) on regions is non-trivial Solution: Therefore, we eliminate quantiers: given a conjunctive linear formula x. ϕ Φ X, we compute another conjunctive linear formula ϕ Φ X\{x} that does not contain x such that Sat( x. ϕ) = Sat(ϕ ). Technique: Gauÿ and Fourier-Motzkin variable elimination Ábrahám - Hybrid Systems 24 / 31

38 Linear real arithmetic: Gauÿ method for equations Assume that ϕ is of the form x n. ϕ n k=1 a k x k = b with a n 0. Ábrahám - Hybrid Systems 25 / 31

39 Linear real arithmetic: Gauÿ method for equations Assume that ϕ is of the form x n. ϕ n k=1 a k x k = b with a n 0. a n x n = b a k x k k {1,...,n 1} Ábrahám - Hybrid Systems 25 / 31

40 Linear real arithmetic: Gauÿ method for equations Assume that ϕ is of the form x n. ϕ n k=1 a k x k = b with a n 0. a n x n = b a k x k x n = b a n k {1,...,n 1} k {1,...,n 1} a k a n x k := β Ábrahám - Hybrid Systems 25 / 31

41 Linear real arithmetic: Gauÿ method for equations Assume that ϕ is of the form x n. ϕ n k=1 a k x k = b with a n 0. a n x n = b a k x k x n = b a n Replace x n by β in ϕ. k {1,...,n 1} k {1,...,n 1} a k a n x k := β Ábrahám - Hybrid Systems 25 / 31

42 Linear real arithmetic: Gauÿ method for equations Assume that ϕ is of the form x n. ϕ n k=1 a k x k = b with a n 0. a n x n = b a k x k x n = b a n Replace x n by β in ϕ. k {1,...,n 1} k {1,...,n 1} a k a n x k := β This substitutiton leads to an equisatisable problem in n 1 variables: n Sat( x n. ϕ a k x k = b) = Sat(ϕ [β/x n ]) (for a n 0). k=1 Ábrahám - Hybrid Systems 25 / 31

43 Linear real arithmetic: Fourier-Motzkin for inequalities Discovered in 1826 by Fourier, re-discovered by Motzkin in 1936 Given: x n. a ij x j b i 1 i m 1 j n

44 Linear real arithmetic: Fourier-Motzkin for inequalities Discovered in 1826 by Fourier, re-discovered by Motzkin in 1936 Given: x n. 1 i m 1 j n a ij x j b i For a variable x n, we can partition the constraints according to the coecient a in : a in > 0: upper bound β i on x n a in < 0: lower bound β i on x n

45 Linear real arithmetic: Fourier-Motzkin for inequalities Discovered in 1826 by Fourier, re-discovered by Motzkin in 1936 Given: x n. 1 i m 1 j n a ij x j b i For a variable x n, we can partition the constraints according to the coecient a in : a in > 0: upper bound β i on x n a in < 0: lower bound β i on x n Idea: Exists satisfying value for variable x j i none of the intervals dened by lower-upper-bound-pairs on x j is empty

46 Linear real arithmetic: Fourier-Motzkin for inequalities Discovered in 1826 by Fourier, re-discovered by Motzkin in 1936 Given: x n. 1 i m 1 j n a ij x j b i For a variable x n, we can partition the constraints according to the coecient a in : a in > 0: upper bound β i on x n a in < 0: lower bound β i on x n Idea: Exists satisfying value for variable x j i none of the intervals dened by lower-upper-bound-pairs on x j is empty n a ij x j b i j=1

47 Linear real arithmetic: Fourier-Motzkin for inequalities Discovered in 1826 by Fourier, re-discovered by Motzkin in 1936 Given: x n. 1 i m 1 j n a ij x j b i For a variable x n, we can partition the constraints according to the coecient a in : a in > 0: upper bound β i on x n a in < 0: lower bound β i on x n Idea: Exists satisfying value for variable x j i none of the intervals dened by lower-upper-bound-pairs on x j is empty n n 1 a ij x j b i a in x n b i a ij x j j=1 j=1

48 Linear real arithmetic: Fourier-Motzkin for inequalities Discovered in 1826 by Fourier, re-discovered by Motzkin in 1936 Given: x n. 1 i m 1 j n a ij x j b i For a variable x n, we can partition the constraints according to the coecient a in : a in > 0: upper bound β i on x n a in < 0: lower bound β i on x n Idea: Exists satisfying value for variable x j i none of the intervals dened by lower-upper-bound-pairs on x j is empty n n 1 a ij x j b i a in x n b i a ij x j j=1 (a) (b) j=1 a in >0 x n b n 1 i a ij x j =: β l upper bound a in a in a in <0 x n b i a in j=1 n 1 a ij a in x j =: β u lower bound j=1 Ábrahám - Hybrid Systems 26 / 31

49 Example for upper and lower bounds (1) x 1 x 2 0 (2) x 1 x 3 0 (3) x 1 + x 2 + 2x 3 0 (4) x 3 1 Category for x 1? Ábrahám - Hybrid Systems 27 / 31

50 Example for upper and lower bounds Category for x 1? (1) x 1 x 2 0 Upper bound (2) x 1 x 3 0 (3) x 1 + x 2 + 2x 3 0 (4) x 3 1 Ábrahám - Hybrid Systems 27 / 31

51 Example for upper and lower bounds Category for x 1? (1) x 1 x 2 0 Upper bound (2) x 1 x 3 0 Upper bound (3) x 1 + x 2 + 2x 3 0 (4) x 3 1 Ábrahám - Hybrid Systems 27 / 31

52 Example for upper and lower bounds Category for x 1? (1) x 1 x 2 0 Upper bound (2) x 1 x 3 0 Upper bound (3) x 1 + x 2 + 2x 3 0 Lower bound (4) x 3 1 Ábrahám - Hybrid Systems 27 / 31

53 Example for upper and lower bounds Category for x 1? (1) x 1 x 2 0 Upper bound (2) x 1 x 3 0 Upper bound (3) x 1 + x 2 + 2x 3 0 Lower bound (4) x 3 1 No bound Ábrahám - Hybrid Systems 27 / 31

54 Eliminating unbounded variables Iteratively remove variables that are not bounded in both ways (and all the constraints that use them). The new problem has a solution i the old problem has one! 8x 7y x 3 y z z z Ábrahám - Hybrid Systems 28 / 31

55 Eliminating unbounded variables Iteratively remove variables that are not bounded in both ways (and all the constraints that use them). The new problem has a solution i the old problem has one! 8x 7y x 3 y z z z Ábrahám - Hybrid Systems 28 / 31

56 Eliminating unbounded variables Iteratively remove variables that are not bounded in both ways (and all the constraints that use them). The new problem has a solution i the old problem has one! 8x 7y x 3 y z z z y z z z Ábrahám - Hybrid Systems 28 / 31

57 Eliminating unbounded variables Iteratively remove variables that are not bounded in both ways (and all the constraints that use them). The new problem has a solution i the old problem has one! 8x 7y x 3 y z z z y z z z Ábrahám - Hybrid Systems 28 / 31

58 Eliminating unbounded variables Iteratively remove variables that are not bounded in both ways (and all the constraints that use them). The new problem has a solution i the old problem has one! 8x 7y x 3 y z z z y z z z z z Ábrahám - Hybrid Systems 28 / 31

59 Fourier-Motzkin variable elimination For each pair of a lower bound β l and an upper bound β u, we have β l x n β u Ábrahám - Hybrid Systems 29 / 31

60 Fourier-Motzkin variable elimination For each pair of a lower bound β l and an upper bound β u, we have β l x n β u For each such pair, add the constraint β l β u Ábrahám - Hybrid Systems 29 / 31

61 Fourier-Motzkin: Example (1) x 1 x 2 0 (2) x 1 x 3 0 (3) x 1 + x 2 + 2x 3 0 (4) x 3 1 Category for x 1? Ábrahám - Hybrid Systems 30 / 31

62 Fourier-Motzkin: Example Category for x 1? (1) x 1 x 2 0 Upper bound (2) x 1 x 3 0 Upper bound (3) x 1 + x 2 + 2x 3 0 Lower bound (4) x 3 1 eliminate x 1 Ábrahám - Hybrid Systems 30 / 31

63 Fourier-Motzkin: Example Category for x 1? (1) x 1 x 2 0 Upper bound (2) x 1 x 3 0 Upper bound (3) x 1 + x 2 + 2x 3 0 Lower bound (4) x 3 1 (5) 2x 3 0 (from 1,3) eliminate x 1 Ábrahám - Hybrid Systems 30 / 31

64 Fourier-Motzkin: Example Category for x 1? (1) x 1 x 2 0 Upper bound (2) x 1 x 3 0 Upper bound (3) x 1 + x 2 + 2x 3 0 Lower bound (4) x 3 1 (5) 2x 3 0 (from 1,3) (6) x 2 + x 3 0 (from 2,3) eliminate x 1 Ábrahám - Hybrid Systems 30 / 31

65 Fourier-Motzkin: Example (1) x 1 x 2 0 (2) x 1 x 3 0 (3) x 1 + x 2 + 2x 3 0 (4) x 3 1 (5) 2x 3 0 (from 1,3) (6) x 2 + x 3 0 (from 2,3) Category for x 1? eliminate x 1 Ábrahám - Hybrid Systems 30 / 31

66 Fourier-Motzkin: Example (1) x 1 x 2 0 (2) x 1 x 3 0 (3) x 1 + x 2 + 2x 3 0 (4) x 3 1 (5) 2x 3 0 (from 1,3) (6) x 2 + x 3 0 (from 2,3) Category for x 1? eliminate x 1 we eliminate x 3 Ábrahám - Hybrid Systems 30 / 31

67 Fourier-Motzkin: Example Category for x 1? (1) x 1 x 2 0 (2) x 1 x 3 0 (3) x 1 + x 2 + 2x 3 0 (4) x 3 1 Lower bound eliminate x 1 (5) 2x 3 0 (from 1,3) Upper bound (6) x 2 + x 3 0 (from 2,3) Upper bound we eliminate x 3 Ábrahám - Hybrid Systems 30 / 31

68 Fourier-Motzkin: Example Category for x 1? (1) x 1 x 2 0 (2) x 1 x 3 0 (3) x 1 + x 2 + 2x 3 0 (4) x 3 1 Lower bound eliminate x 1 (5) 2x 3 0 (from 1,3) Upper bound (6) x 2 + x 3 0 (from 2,3) Upper bound (7) 1 0 (from 4,5) Contradiction (the system is UNSAT) we eliminate x 3 Ábrahám - Hybrid Systems 30 / 31

69 Complexity Worst-case complexity: m m 2 Ábrahám - Hybrid Systems 31 / 31

70 Complexity Worst-case complexity: m m 2 (m 2 ) 2 Ábrahám - Hybrid Systems 31 / 31

71 Complexity Worst-case complexity: m m 2 (m 2 ) 2... m 2n Ábrahám - Hybrid Systems 31 / 31

72 Complexity Worst-case complexity: m m 2 (m 2 ) 2... m 2n Heavy! Ábrahám - Hybrid Systems 31 / 31

Modeling and Analysis of Hybrid Systems

Modeling and Analysis of Hybrid Systems 5. Linear hybrid automata I Prof. Dr. Erika Ábrahám Informatik 2 - LuFG Theory of Hybrid Systems RWTH Aachen University Szeged, Hungary, 27 September - 06 October