Modeling and Analysis of Hybrid Systems

Size: px

Start display at page:

Download "Modeling and Analysis of Hybrid Systems"

Ursula Cobb
6 years ago
Views:

1 Modeling and Analysis of Hybrid Systems Algorithmic analysis for linear hybrid systems Prof. Dr. Erika Ábrahám Informatik 2 - Theory of Hybrid Systems RWTH Aachen University SS 2015 Ábrahám - Hybrid Systems 1 / 22

2 Literature Alur et al.: The algorithmic analysis of hybrid systems Theoretical Computer Science, 138(1):3 34, 1995 Ábrahám - Hybrid Systems 2 / 22

3 Linear terms, constraints and formulas A linear term e over a set Var of variables is of the form e ::= c c x e + e where x Var is a variable and c stays for an integer (rational) constant. Example: x 1 + 2x 2 + 5x 3 is a linear term over Var = {x 1, x 2, x 3 }. A linear constraint t over Var is an (in)equality t ::= e 0 with {>,, =,, <} and e a linear term over Var. Example: x 1 + 2x 2 + ( 2) 0 is a linear constraint over Var = {x 1, x 2 }. We sometimes deviate from this normal form and write, e.g., x 1 + 2x 2 2. Ábrahám - Hybrid Systems 3 / 22

4 Linear terms, constraints and formulas A conjunctive linear formula ϕ over Var is defined by the following grammar: ϕ ::= t ϕ ϕ x. ϕ with t a linear constraint over Var and x Var a variable. Let Φ X be the set of all conjunctive linear formulas with free (non-quantified) variables from X Var. Example: t. x 1. x 1 0 x 1 = x 1 + 2t t 0 is a conjunctive linear formula over {x 1, x 1, t}, with free (non-quantified) variables {x 1 }. A region over Var is a pair (l, ϕ) Loc Φ Var of a location and a conjunctive linear formula with free variables from Var. Example: (l, t. x 1. x 1 0 x 1 = x 1 + 2t t 0) is a region over {x 1 }. We will use the intersection of two sets P i, P j Loc Φ Var of regions, defined as P 1 ˆ P 2 = {(l, ϕ 1 ϕ 2 ) (l, ϕ 1 ) P 1, (l, ϕ 2 ) P 2 }. Ábrahám - Hybrid Systems 4 / 22

5 Substitution Assume a set Var of variables, a linear formula ϕ Φ Var over Var, a variable x Var, and a linear term e over Var. The substitution ϕ[e/x] replaces each free occurrence of x in ϕ by e. Example: (x + 2y 0)[5/y] = x Example: ( y. x + 2y 0)[5/y] = x + 2y 0 We also write ϕ[e 1,..., e n /x 1,..., x n ] instead of ϕ[e 1 /x 1 ]... [e n /x n ]. For Var = {x 1,..., x n } we will also use a primed variable set Var = {x 1,..., x n} and write short ϕ[var /Var] for ϕ[x 1 /x 1]... [x n/x n ]. Ábrahám - Hybrid Systems 5 / 22

6 Linear terms, constraints and formulas The semantics of linear terms, constraints and formulas over Var = {x 1,..., x n } in the context of a valuation ν V Var (i.e., ν : Var R) is as usual (we use the same notation for the syntax and the semantics of constants and operators): ν(c) c ν(c x) c ν(x) ν(e 1 + e 2 ) ν(e 1 ) + ν(e 2 ) ν(e 0) ν(e) 0 ν(ϕ 1 ϕ 2 ) ν(ϕ 1 ) and ν(ϕ 2 ) ν( x. ϕ) exists v R such that ν(ϕ[v/x]) holds Ábrahám - Hybrid Systems 6 / 22

7 Linear terms, constraints and formulas The solution set Sat(ϕ) of a linear formula ϕ over Var is the set of all valuations ν V Var that make ϕ true: Sat(ϕ) = {ν V Var ν(ϕ) holds} The solution set Sat((l, ϕ)) of a region (l, ϕ) Loc Φ Var over Loc and Var is Sat((l, ϕ)) = {(l, ν) Loc V Var ν(ϕ) holds} Two region sets P 1, P 2 Loc Φ Var are equivalent, written P 1 ˆ=P 2, iff Sat(R) = Sat(R). R P 1 R P 2 We define similarly the inclusion P 1 ˆ P 2 iff Sat(R) Sat(R). R P 1 R P 2 Ábrahám - Hybrid Systems 7 / 22

8 Linear hybrid automata I A linear hybrid automaton is a hybrid automaton H = (Loc, Var, Lab, Edge, Act, Inv, Init) which can be represented by a tuple H = (Loc, Var, Lab, Edge, Act, Inv, Init) satisfying the following: The finite set Edge Loc Φ Var Φ Var Var Loc defines the set of edges Edge = {(l, µ e, l ) e = (l, Guard e, Reset e, l ) Edge}, where the transition relation µ e is given as µ e = {(ν, ν ) V Var V Var ν Sat(Guard e ) and (ν ν ) Sat(Reset e )} with ν ν V Var Var such that (ν ν )(x) = ν(x) for x Var and (ν ν )(x ) = ν (x) for x Var. The set Act Loc Φ Var contains for each location l Loc exactly one region (l, Act l ) Act whose second component is of the form Act l = n i=1 x i + kl,i lower t x i x i x i + k upper l,i t, defining the activities Act(l) = {f : R 0 V Var f xi [kl,i lower, k upper l,i ] for all i {1,..., n}}, where f xi : R 0 R with f xi (t) = f(t)(x i ) for all t R 0. Ábrahám - Hybrid Systems 8 / 22

9 Linear hybrid automata I (cont.) The set Inv Loc Φ Var contains for each location l Loc exactly one region (l, Inv l ) Inv such that Inv(l) = Sat(Inv l ). Init Loc Φ Var is a finite set of regions specifying the initial states by Init = {(l, ν) ν Sat(ϕ)}. (l,ϕ) Init Ábrahám - Hybrid Systems 9 / 22

10 Water-level monitor x = 0 y = 1 l 0 ẋ = 1 ẏ = 1 y 10 y = 10 x := 0 l 1 ẋ = 1 ẏ = 1 x 2 x = 2 x = 2 l 3 ẋ = 1 ẏ = 2 x 2 y = 5 x := 0 l 2 ẋ = 1 ẏ = 2 y 5 Ábrahám - Hybrid Systems 10 / 22

11 Mixer of fluids l 1 ẋ 1 = 0 ẋ 2 [l 2, u 2 ] x 1 + x 2 d 2x 1 x < l 1 < u 1, 0 < l 2 < u 2, l u 0, d > 0, c > 0 2x 1 x 2 = c 2x 1 x 2 = 0 x 1 = 0 x 2 = 0 l 0 ẋ 1 [l 1, u 1 ] ẋ 2 [l 2, u 2 ] x 1 + x 2 d c 2x 1 x 2 c 2x 1 x 2 = c 2x 1 x 2 = 0 l 2 ẋ 1 [l 1, u 1 ] ẋ 2 = 0 x 1 + x 2 d 2x 1 x 2 0 x = 0 x 1 := 0 x 2 := 0 x 1 + x 2 = d x := d x 1 + x 2 = d x := d l 3 ẋ [l, u] x 0 x 1 + x 2 = d x := d Ábrahám - Hybrid Systems 11 / 22

12 Reminder: Semantics of hybrid automata (l, a, µ, l ) Edge (ν, ν ) µ ν Inv(l ) (l, ν) a (l, ν ) Rule Discrete f Act(l) f(0) = ν f(t) = ν t 0 0 t t.f(t ) Inv(l) Rule Time (l, ν) t (l, ν ) Ábrahám - Hybrid Systems 12 / 22

13 Forward analysis Ábrahám - Hybrid Systems 13 / 22

14 Given a set if initial states Init Σ, we want to compute the set of all states which are reachable from Init: Reach + (Init) = {σ Σ σ Init. σ σ }. Ábrahám - Hybrid Systems 14 / 22

15 Given a set if initial states Init Σ, we want to compute the set of all states which are reachable from Init: Reach + (Init) = {σ Σ σ Init. σ σ }. More specifically, we want to check whether the reachable region intersects with a set of bad (unsafe) states. Ábrahám - Hybrid Systems 14 / 22

16 Forward reachability analysis method forward_ reach ( h y b r i d automaton r e p r e s e n t a t i o n H = (Loc, Var, Lab, Edge, Act, Inv, Init), r e g i o n s e t P bad ) { // s t a r t from the time s u c c e s s o r s o f i n i t i a l r e g i o n s P 0 := T + (Init ˆ Inv) ; i f (P 0 ˆ P bad ) return u n s a f e ; i := 0 ; while P i { // compute P i+1 := T + (D + (P i )) P i+1 := ; f o r each (R = (l, φ) P i ) { f o r each e = (l,,, l ) Edge { R := T + l (D+ e (R)) ; i f ({R } ˆ P bad ) return u n s a f e ; e l s e i f ( not {R } ˆ i j=0 P j ) P i+1 := P i+1 {R } ; } } i := i +1; } return s a f e ; } Ábrahám - Hybrid Systems 15 / 22

17 One-step reachability under time steps We define the forward time closure T + l (ϕ) of a formula ϕ Φ Var at l Loc as T + l (ϕ) = x pre. t. t 0 ϕ[x pre /x] Act l [x pre, x/x, x ] Inv l Region R = (l, ϕ) Loc Φ Var : T + Set of regions P Loc Φ Var : l (R) = (l, T + (ϕ)) T + (P ) = {T + l (R) R = (l, ϕ) P } l Ábrahám - Hybrid Systems 16 / 22

18 One-step reachability under discrete steps We define the postcondition D + e (ϕ) of a formula ϕ Φ Var with respect to an edge e = (l, Guard e, Reset e, l ) as D + e (ϕ) = x pre. ϕ[x pre /x] Guard e [x pre /x] Reset e [x pre, x/x, x ] Inv l. Region R = (l, ϕ) Loc Φ Var : Set of regions P Loc Φ Var : D + e (R) = (l, D + e (ϕ)) D + (P ) = {D + e (R) R = (l, ϕ) P, e = (l, Guard e, Reset e, l ) Edge} Ábrahám - Hybrid Systems 17 / 22

19 Backward analysis Ábrahám - Hybrid Systems 18 / 22

20 Given a set if target states B Σ, we want to compute the set of all states from which a state in B is reachable: Reach (B) = {σ Σ σ B. σ σ }. Ábrahám - Hybrid Systems 19 / 22

21 Given a set if target states B Σ, we want to compute the set of all states from which a state in B is reachable: Reach (B) = {σ Σ σ B. σ σ }. More specifically, we want to check whether the set of backward reachable states intersects with a set of initial states. Ábrahám - Hybrid Systems 19 / 22

22 Backward reachability analysis method backward_ reach ( ) { i := 0 ; P 0 := {T l (R) R = (l, ϕ) P bad ˆ Inv} ; // time p r e d e c. o f bad r e g i f (P 0 ˆ Init ) return u n s a f e ; while P i { // compute time p r e d e c e s s o r s o f // d i s c r e t e p r e d e c e s s o r s o f a l l r e g i o n s from P i f o r each (R = (l, φ) P i ) { f o r each e = (l,,, l) Edge { R := T l (D e (R)) ; i f ({R } ˆ Init ) return u n s a f e ; e l s e i f ( not {R } ˆ i j=0 P j ) P i+1 := P i+1 {R } ; } } i := i +1; } return s a f e ; } Ábrahám - Hybrid Systems 20 / 22

23 One-step reachability under time steps We define the backward time closure T l (ϕ) of a formula ϕ Φ Var at l Loc as T l (ϕ) = x post. t. t 0 ϕ[x post /x] Act l [x, x post /x, x ] Inv l. Region R = (l, ϕ) Loc Φ Var : T l Set of regions P Loc Φ Var : (R) = (l, T (ϕ)) T (P ) = {T l (R) R = (l, ϕ) P } l Ábrahám - Hybrid Systems 21 / 22

24 One-step reachability under discrete steps We define the precondition D e (ϕ) of a formula ϕ Φ Var with respect to an edge e = (l, Guard e, Reset e, l ) as D e (ϕ) = x post. ϕ[x post /x] Guard e Reset e [x, x post /x, x ] Inv l. Region R = (l, ϕ) Loc Φ Var : Set of regions P Loc Φ Var : D e (R) = (l, D e (ϕ)) D (P ) = {D e (R) R = (l, ϕ) P, e = (l, Guard e, Reset e, l ) Edge} Ábrahám - Hybrid Systems 22 / 22

Modeling and Analysis of Hybrid Systems

Modeling and Analysis of Hybrid Systems 5. Linear hybrid automata I Prof. Dr. Erika Ábrahám Informatik 2 - LuFG Theory of Hybrid Systems RWTH Aachen University Szeged, Hungary, 27 September - 06 October