Modeling & Control of Hybrid Systems. Chapter 7 Model Checking and Timed Automata

Similar documents
Discrete abstractions of hybrid systems for verification

Lecture 6: Reachability Analysis of Timed and Hybrid Automata

Recent results on Timed Systems

Automata-theoretic analysis of hybrid systems

Modeling and Analysis of Hybrid Systems

Hybrid systems and computer science a short tutorial

Modeling and Analysis of Hybrid Systems


CEGAR:Counterexample-Guided Abstraction Refinement

Timed Automata. Semantics, Algorithms and Tools. Zhou Huaiyang

EE291E Lecture Notes 3 Autonomous Hybrid Automata

models, languages, dynamics Eugene Asarin PIMS/EQINOCS Workshop on Automata Theory and Symbolic Dynamics LIAFA - University Paris Diderot and CNRS

The algorithmic analysis of hybrid system

Student s Name Course Name Mathematics Grade 7. General Outcome: Develop number sense. Strand: Number. R D C Changed Outcome/achievement indicator

A Decidable Class of Planar Linear Hybrid Systems

Hybrid Automata. Lecturer: Tiziano Villa 1. Università di Verona

for System Modeling, Analysis, and Optimization

Algorithmic Verification of Stability of Hybrid Systems

Limits at Infinity. Horizontal Asymptotes. Definition (Limits at Infinity) Horizontal Asymptotes

Hybrid Systems Course Lyapunov stability

Timed Automata. Chapter Clocks and clock constraints Clock variables and clock constraints

Hybrid Systems - Lecture n. 3 Lyapunov stability

Reachability Problems for Continuous Linear Dynamical Systems

FORMAL LANGUAGES, AUTOMATA AND COMPUTATION

A Hybrid Control Model of Fractone-Dependent Morphogenesis

Reachability Problems for Continuous Linear Dynamical Systems

Notes on State Minimization

Numerical Methods. Exponential and Logarithmic functions. Jaesung Lee

Predator - Prey Model Trajectories are periodic

Automatic Generation of Polynomial Invariants for System Verification

APPROXIMATE SIMULATION RELATIONS FOR HYBRID SYSTEMS 1. Antoine Girard A. Agung Julius George J. Pappas

CDS 270 (Fall 09) - Lecture Notes for Assignment 8.

Symbolic Reachability Analysis of Lazy Linear Hybrid Automata. Susmit Jha, Bryan Brady and Sanjit A. Seshia

Models for Efficient Timed Verification

What we have done so far

Analysis of a Boost Converter Circuit Using Linear Hybrid Automata

EECS 144/244: Fundamental Algorithms for System Modeling, Analysis, and Optimization

An Introduction to Hybrid Systems Modeling

On simulations and bisimulations of general flow systems

ONR MURI AIRFOILS: Animal Inspired Robust Flight with Outer and Inner Loop Strategies. Calin Belta

Predator - Prey Model Trajectories are periodic

On Reachability for Hybrid Automata over Bounded Time

The State Explosion Problem

More on Regular Languages and Non-Regular Languages

Abstractions of hybrid systems: formal languages to describe dynamical behaviour

Control of Sampled Switched Systems using Invariance Analysis

On o-minimal hybrid systems

In this section you will learn the following : 40.1Double integrals

Bounded Model Checking with SAT/SMT. Edmund M. Clarke School of Computer Science Carnegie Mellon University 1/39

540 IEEE TRANSACTIONS ON AUTOMATIC CONTROL, VOL. 43, NO. 4, APRIL Algorithmic Analysis of Nonlinear Hybrid Systems

Date: Math 7 Final Exam Review Name:

Modeling and Analysis of Hybrid Systems

Symbolic Real Time Model Checking. Kim G Larsen

Pushdown timed automata:a binary reachability characterization and safety verication

Embedded Systems 5. Synchronous Composition. Lee/Seshia Section 6.2

Software Verification

Representing Arithmetic Constraints with Finite Automata: An Overview

Modeling and Analysis of Hybrid Systems

A Partial List of Topics: Math Spring 2009

Stepping stones for Number systems. 1) Concept of a number line : Marking using sticks on the floor. (1 stick length = 1 unit)

Unbounded, Fully Symbolic Model Checking of Timed Automata using Boolean Methods

More on Finite Automata and Regular Languages. (NTU EE) Regular Languages Fall / 41

Q 1. Richland School District Two 8th Grade Mathematics Pacing Guide. Last Edit: 1/17/17

Timed Automata VINO 2011

Formal Verification Techniques. Riccardo Sisto, Politecnico di Torino

Integration. Tuesday, December 3, 13

An Introduction to Hybrid Systems Modeling

University of California. Berkeley, CA fzhangjun johans lygeros Abstract

Overview. Discrete Event Systems Verification of Finite Automata. What can finite automata be used for? What can finite automata be used for?

Chapter 3 Differentiation Rules

Dynamical Systems Revisited: Hybrid Systems with Zeno Executions

Chapter Two: Finite Automata

Automata-based Verification - III

EQ: What are limits, and how do we find them? Finite limits as x ± Horizontal Asymptote. Example Horizontal Asymptote

Common Core State Standards for Mathematics Bid Category

MCPS Algebra 2 and Precalculus Standards, Categories, and Indicators*

Nonlinear Real Arithmetic and δ-satisfiability. Paolo Zuliani

Büchi Automata and their closure properties. - Ajith S and Ankit Kumar

Verification of analog and mixed-signal circuits using hybrid systems techniques

Hybrid Systems Modeling, Analysis and Control

An Efficient State Space Generation for the Analysis of Real-Time Systems

Copyright 2012 UC Regents and ALEKS Corporation. ALEKS is a registered trademark of ALEKS Corporation. P. 1/6

Complexity Issues in Automated Addition of Time-Bounded Liveness Properties 1

CISC 4090: Theory of Computation Chapter 1 Regular Languages. Section 1.1: Finite Automata. What is a computer? Finite automata

Georgios E. Fainekos, Savvas G. Loizou and George J. Pappas. GRASP Lab Departments of CIS, MEAM and ESE University of Pennsylvania

Algebra 1 (cp) Midterm Review Name: Date: Period:

MATH Spring 2010 Topics per Section

y2 + 4y - 5 c a + b 27 i C) ) (16, ) B) (16 3 3, )

On decision problems for timed automata

Classes and conversions

Math Analysis/Honors Math Analysis Summer Assignment

Liveness in L/U-Parametric Timed Automata

Reachability Analysis of Nonlinear and Hybrid Systems using Zonotopes May 7, / 56

Hybrid Automata and ɛ-analysis on a Neural Oscillator

Recognizing Safety and Liveness by Alpern and Schneider

Hybrid Control and Switched Systems. Lecture #1 Hybrid systems are everywhere: Examples

Lecture Notes on Emptiness Checking, LTL Büchi Automata

MA 180 Lecture. Chapter 0. College Algebra and Calculus by Larson/Hodgkins. Fundamental Concepts of Algebra

Natural Numbers: Also called the counting numbers The set of natural numbers is represented by the symbol,.

Rational Numbers and Exponents

Transcription:

Modeling & Control of Hybrid Systems Chapter 7 Model Checking and Timed Automata Overview 1. Introduction 2. Transition systems 3. Bisimulation 4. Timed automata hs check.1

1. Introduction Model checking = process of automatically analyzing properties of systems by exploring their state space Finite state systems properties can be investigated by systematically exploring states E.g., check whether particular set of states will be reached Not possible for hybrid systems since number of states is infinite However, for some hybrid systems one can find equivalent finite state system by partitioning state space into finite number of sets such that any two states in set exhibit similar behavior analyze hybrid system by working with sets of partition Generation and analysis of finite partition can be carried out by computer hs check.2

2. Transition systems Transition system T =(S,δ,S 0,S F ) consists of set of states S (finite or infinite) transition relation δ : S P(S) set of initial states S 0 S set of final states S F S Trajectory of transition system is (in)finite sequence of states {s i } N i=0 such that s 0 S 0 s i+1 δ(s i ) for all i hs check.3

Example of finite state transition system q 0 q 1 q 2 States: S={q 0,...,q 6 }; q 3 q 4 q 5 q 6 Transition relation: δ(q 0 )={q 0,q 1,q 2 }, δ(q 1 )={q 0,q 3,q 4 }, δ(q 2 )= {q 0,q 5,q 6 }, δ(q 3 )=δ(q 4 )=δ(q 5 )=δ(q 6 )= Initial states: S 0 ={q 0 } Final states: S F ={q 3,q 6 } (indicated by double circles) hs check.4

Transition system of hybrid automaton Hybrid automaton can be transformed into transition system by abstracting away time Consider hybrid automaton H =(Q,X,Init, f,inv,e,g,r) and final set of states F Q X Define S=Q X, i.e., s=(q,x) S 0 =Init S F = F transition relation δ consists of two parts: discrete transition relation δ e for each edge e=(q,q ) E: { {q δ e ( ˆq, ˆx)= } R(e, ˆx) if ˆq=q and ˆx G(e) if ˆq q or ˆx G(e) hs check.5

Transition system of hybrid automaton (cont.) continuous transition relation δ C : δ C ( ˆq, ˆx)={( ˆq, ˆx ) ˆq = ˆq and t f 0, x(t f )= ˆx t [0,t f ],x(t) Inv( ˆq)} where x( ) is solution of ẋ= f(ˆq,x) with x(0)= ˆx Overall transition relation is then δ(s)=δ C (s) e E δ e (s) transition from s to s is possible if either discrete transition e E of hybrid system brings s to s, or s can flow continuously to s after some time hs check.6

Transition system of hybrid automaton (cont.) Time has been abstracted away: we do not care how long it takes to get from s to s, we only care whether it is possible to get there eventually transition system captures sequence of events that hybrid system may experience, but not timing of these events hs check.7

Reachability Transition system is reachable if there exists trajectory such that s i S F for some i hs check.8

3. Bisimulation Turn infinite state system into finite state system by grouping together states that have similar behavior partition Yields so-called quotient transition system finite number of states can be analyzed more easily Problem: for most partitions properties of quotient transition system do not allow to draw any useful conclusions about properties of original system However, special type of partition for which quotient system ˆT is equivalent to original transition system T: bisimulation hs check.9

Important property If partition {S i } i I is bisimulation of transition system T and ˆT is quotient transition system, then S F is reachable by T if and only if corresponding final state Ŝ F in ˆT is reachable by ˆT For finite state systems computational efficiency Study reachability in quotient system instead of original system (quotient system usually much smaller than original) For infinite state systems: Even if original transition system has infinite number of states, sometimes bisimulation consisting of finite number of sets answer reachability questions for infinite state system by studying equivalent finite state system hs check.10

Bisimulation algorithm For timed automata we can always find finite bisimulation Bisimulation algorithm (see lecture notes): For finite state systems bisimulation algorithm will always terminate Problem: it may be more work to find bisimulation than to investigate reachability of the original system For infinite state systems: sometimes, algorithm may never terminate (reason: not all infinite state transition systems have finite bisimulations) hs check.11

Bisimulation algorithm (continued) For timed automata: bisimulation algorithm terminates in finite number of steps Disadvantage: total number of states in the quotient transition system grows very quickly (exponentially) as number of timers n increases hs check.12

4. Timed automata Timed automata involve simple continuous dynamics: all differential equations of form ẋ=1, all invariants, guards, etc. involve comparison of real-valued states with constants (e.g., x=1, x<2, x 0, etc.) Timed automata are limited for modeling physical systems However, very well suited for encoding timing constraints such as event A must take place at least 2 seconds after event B and not more than 5 seconds before event C Applications: multimedia, Internet, audio protocol verification hs check.13

4.1 Example of timed automaton x 1 = x 2 = 0 q 1 x 2 > 2 x 1 := 3 x 2 := 0 q 2 ẋ 1 = 1 ẋ 2 = 1 ẋ 1 = 1 ẋ 2 = 1 x 2 3 x 1 := 0 x 1 > 4 x 1 5 hs check.14

Timed automata (cont.) For timed automaton of example: all constants are non-negative integers can be generalized Given any timed automaton whose definition involves rational and/or negative constants, we can define an equivalent timed automaton whose definition involves only non-negative integers Done by scaling and shifting (adding appropriate integer) some of states Transformation into transition systems transition system corresponding to timed automaton always has finite bisimulation Standard bisimulation for timed automata is region graph hs check.15

x 2 Region graph 3 2 1 x 1 = x 2 = 0 0 1 2 3 4 5 x 1 q 1 x 2 > 2 x 1 := 3 x 2 := 0 q 2 ẋ 1 = 1 ẋ 2 = 1 ẋ 1 = 1 ẋ 2 = 1 x 2 3 x 1 := 0 x 1 > 4 x 1 5 hs check.16

x 1 = x 2 = 0 Construction of region graph ẋ 1 = 1 ẋ 2 = 1 x 2 > 2 x 1 := 3 x 2 := 0 ẋ 1 = 1 ẋ 2 = 1 x 2 3 x 1 := 0 x 1 > 4 x 1 5 Assume w.l.o.g. that all constants are non-negative integers Let C i be largest constant with which x i is compared in initial sets, guards, invariants and resets In example: C 1 = 5 and C 2 = 3 If all we know about timed automaton is these bounds C i, then x i could be compared with any integer M {0,1...,C i } in some guard, reset or initial condition set Hence, discrete transitions of timed automaton may be able to distinguish states with x i < M from states with x i = M and from states with x i > M (e.g., discrete transition may be possible from state with x i < M but not from state with x i > M) hs check.17

x 1 = x 2 = 0 Construction of region graph (cont.) Add sets to candidate bisimulation: ẋ 1 = 1 ẋ 2 = 1 x 2 3 x 2 > 2 x 1 := 0 x 1 := 3 x 2 := 0 x 1 > 4 ẋ 1 = 1 ẋ 2 = 1 x 1 5 for x 1 : x 1 (0,1),x 1 (1,2),x 1 (2,3),x 1 (3,4),x 1 (4,5),x 1 (5, ) x 1 = 0,x 1 = 1,x 1 = 2,x 1 = 3,x 1 = 4,x 1 = 5 for x 2 : x 2 (0,1),x 2 (1,2),x 2 (2,3),x 2 (3, ) x 2 = 0,x 2 = 1,x 2 = 2,x 2 = 3 Products of all sets: {x R 2 x 1 (0,1) x 2 (0,1)} {x R 2 x 1 (0,1) x 2 = 1} {x R 2 x 1 = 1 x 2 (0,1)} {x R 2 x 1 = 1 x 2 = 1} {x R 2 x 1 (1,2) x 2 (3, )}, etc. define all sets in R 2 that discrete dynamics can distinguish open squares, open horizontal and vertical line segments, integer points, and open, unbounded rectangles hs check.18

x 2 Construction of region graph (cont.) 2 Since ẋ 1 = ẋ 2 = 1, continuous states move diagonally up along 45 lines by allowing time to flow timed automaton may distinguish points below diagonal of each square, points above diagonal, and points on the diagonal E.g., points above diagonal of square 1 0 1 {x R 2 x 1 (0,1) x 2 (0,1)} will leave square through line {x R 2 x 1 (0,1) x 2 = 1} Points below diagonal leave square through line {x R 2 x 1 = 1 x 2 (0,1)} Points on diagonal leave square through point (1,1) 2 x 1 hs check.19

Construction of region graph (cont.) x 2 Split each open square in three: two open triangles and open diagonal line segment is enough to generate bisimulation: Theorem: The region graph is finite bisimulation of timed automaton 3 2 1 0 1 2 3 4 5 Disadvantage: total number of regions in the region graph grows very quickly (exponentially) as n increases x 1 hs check.20

5. Summary Verification of hybrid systems hard problem Transition systems Bisimulation & reachability turn infinite state system into finite state system by grouping together states that have similar behavior Timed automata finite bisimulation hs check.21

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback