EECS 144/244: System Modeling, Analysis, and Optimization

Similar documents
Verification of Hybrid Systems

Hybrid systems and computer science a short tutorial

Analysis of a Boost Converter Circuit Using Linear Hybrid Automata

Embedded Systems 5. Synchronous Composition. Lee/Seshia Section 6.2

Hybrid Control and Switched Systems. Lecture #1 Hybrid systems are everywhere: Examples

Cyber-Physical Systems Modeling and Simulation of Hybrid Systems

An Introduction to Hybrid Automata, Numerical Simulation and Reachability Analysis

Hybrid Systems - Lecture n. 3 Lyapunov stability

Bounded Model Checking with SAT/SMT. Edmund M. Clarke School of Computer Science Carnegie Mellon University 1/39

Model Checking of Hybrid Systems

APPROXIMATE SIMULATION RELATIONS FOR HYBRID SYSTEMS 1. Antoine Girard A. Agung Julius George J. Pappas

The algorithmic analysis of hybrid system

Modeling and Analysis of Hybrid Systems

Verifying Safety Properties of Hybrid Systems.

Numerical Analysis and Reachability

Parametric Verification and Test Coverage for Hybrid Automata Using the Inverse Method

Formally Correct Monitors for Hybrid Automata. Verimag Research Report n o TR

An Introduction to Hybrid Systems Modeling

c 2011 Kyoung-Dae Kim

Algorithmic Verification of Stability of Hybrid Systems

Hybrid Systems Modeling, Analysis and Control

Automatic Generation of Polynomial Invariants for System Verification

EE291E Lecture Notes 3 Autonomous Hybrid Automata

arxiv: v1 [cs.fl] 25 Nov 2018

Timed Automata VINO 2011

Verification of analog and mixed-signal circuits using hybrid systems techniques

Work in Progress: Reachability Analysis for Time-triggered Hybrid Systems, The Platoon Benchmark

540 IEEE TRANSACTIONS ON AUTOMATIC CONTROL, VOL. 43, NO. 4, APRIL Algorithmic Analysis of Nonlinear Hybrid Systems

Hybrid Systems Course Lyapunov stability

Embedded Systems 2. REVIEW: Actor models. A system is a function that accepts an input signal and yields an output signal.

for System Modeling, Analysis, and Optimization

CEGAR:Counterexample-Guided Abstraction Refinement

Lecture 6: Reachability Analysis of Timed and Hybrid Automata

Models for Control and Verification

Reachability Analysis: State of the Art for Various System Classes

Timed Automata. Chapter Clocks and clock constraints Clock variables and clock constraints

A Automatic Synthesis of Switching Controllers for Linear Hybrid Systems: Reachability Control

Verifying Global Convergence for a Digital Phase-Locked Loop

Testing System Conformance for Cyber-Physical Systems

EE C128 / ME C134 Feedback Control Systems

EE 144/244: Fundamental Algorithms for System Modeling, Analysis, and Optimization Fall 2016

Static-Dynamic Analysis of Security Metrics

HyLAA: A Tool for Computing Simulation-Equivalent Reachability for Linear Systems

Automata-theoretic analysis of hybrid systems

Verification of Polynomial Interrupt Timed Automata

On simulations and bisimulations of general flow systems

Modeling and Analysis of Hybrid Systems

Parameter iden+fica+on with hybrid systems in a bounded- error framework

Hybrid Control and Switched Systems. Lecture #4 Simulation of hybrid systems

Discontinuous Systems

Verification of Nonlinear Hybrid Systems with Ariadne

Hybrid Control and Switched Systems. Lecture #9 Analysis tools for hybrid systems: Impact maps

Rigorous Simulation-Based Analysis of Linear Hybrid Systems

Modeling & Control of Hybrid Systems. Chapter 7 Model Checking and Timed Automata

EECS 144/244: Fundamental Algorithms for System Modeling, Analysis, and Optimization

Reachability Analysis for Hybrid Dynamic Systems*

Hybrid Systems Modeling Challenges caused by CPS

Step Simulation Based Verification of Nonlinear Deterministic Hybrid System

Temporal logics and explicit-state model checking. Pierre Wolper Université de Liège

Time Domain Verification of Oscillator Circuit Properties

Verification of Hybrid Systems with Ariadne

Modeling and Verifying a Temperature Control System using Continuous Action Systems

Course on Hybrid Systems

Chapter 4: Computation tree logic

Supervisory Control of Hybrid Systems

Hybrid automata: from verification to implementation

Towards a Mechanised Denotational Semantics for Modelica

HybridSAL Relational Abstracter

A synchronous rendering of hybrid systems for designing Plant-on-a-Chip (PoC)

Generation of Basic Semi-algebraic Invariants Using Convex Polyhedra

Lecture 11: Timed Automata

Real-Time Systems. Lecture 10: Timed Automata Dr. Bernd Westphal. Albert-Ludwigs-Universität Freiburg, Germany main

Reachability Analysis of Hybrid Systems using Support Functions

Set- membership es-ma-on of hybrid dynamical systems.

Algorithmic verification

Modeling and Analysis of Hybrid Systems

ONR MURI AIRFOILS: Animal Inspired Robust Flight with Outer and Inner Loop Strategies. Calin Belta

Synthesizing Switching Logic using Constraint Solving

Control of Industrial Systems to Avoid Failures: Application to Electrical System

Towards Co-Engineering Communicating Autonomous Cyber-physical Systems. Bujorianu, M.C. and Bujorianu, M.L. MIMS EPrint:

A Decidable Class of Planar Linear Hybrid Systems

DYNAMICAL SYSTEMS

Symbolic Verification of Hybrid Systems: An Algebraic Approach

Chapter 2 Optimal Control Problem

User s Manual of Flow* Version 2.0.0

Static Program Analysis using Abstract Interpretation

Discrete abstractions of hybrid systems for verification

Lecture Notes on Software Model Checking

Scalable Static Hybridization Methods for Analysis of Nonlinear Systems

ANALYZING REAL TIME LINEAR CONTROL SYSTEMS USING SOFTWARE VERIFICATION. Parasara Sridhar Duggirala UConn Mahesh Viswanathan UIUC

Approximation Metrics for Discrete and Continuous Systems

Bridging the Semantic Gap Between Heterogeneous Modeling Formalisms and FMI

Computable Analysis, Hybrid Automata, and Decision Procedures (Extended Thesis Abstract)

Symbolic Reachability Analysis of Lazy Linear Hybrid Automata. Susmit Jha, Bryan Brady and Sanjit A. Seshia

APPROXIMATING SWITCHED CONTINUOUS SYSTEMS BY RECTANGULAR AUTOMATA

Abstractions and Decision Procedures for Effective Software Model Checking

An introduction to Uppaal and Timed Automata MVP5 1

Hierarchical Control of Piecewise Linear Hybrid Dynamical Systems Based on Discrete Abstractions Λ

Advanced Automata Theory 7 Automatic Functions

An Introduction to Hybrid Systems Modeling

Transcription:

EECS 144/244: System Modeling, Analysis, and Optimization Continuous Systems Lecture: Hybrid Systems Alexandre Donzé University of California, Berkeley April 5, 2013 Alexandre Donzé: EECS 144/244 Hybrid Systems Overview 1 / 66

Hybrid Systems Informally System mixing continuous and discrete dynamics In the modelling and simulation community, arised from the need to explicitely deal with discontinuous models In the (theoretical) computer science community, arised from the need to enrich discrete automata with richer dynamics Alexandre Donzé: EECS 144/244 Hybrid Systems Overview Introduction 2 / 66

Hybrid Systems Informally System mixing continuous and discrete dynamics Hybrid System ẋ = f q (x, p) q 1 q 0 q 2 In the modelling and simulation community, arised from the need to explicitely deal with discontinuous models In the (theoretical) computer science community, arised from the need to enrich discrete automata with richer dynamics Alexandre Donzé: EECS 144/244 Hybrid Systems Overview Introduction 2 / 66

Hybrid Systems Informally System mixing continuous and discrete dynamics Hybrid System ẋ = f q (x, p) q 1 q 0 q 2 Relatively recent notion (early 90s), although they are everywhere In the modelling and simulation community, arised from the need to explicitely deal with discontinuous models In the (theoretical) computer science community, arised from the need to enrich discrete automata with richer dynamics Alexandre Donzé: EECS 144/244 Hybrid Systems Overview Introduction 2 / 66

Hybrid Systems Informally System mixing continuous and discrete dynamics Hybrid System ẋ = f q (x, p) q 1 q 0 q 2 Relatively recent notion (early 90s), although they are everywhere In the modelling and simulation community, arised from the need to explicitely deal with discontinuous models In the (theoretical) computer science community, arised from the need to enrich discrete automata with richer dynamics Alexandre Donzé: EECS 144/244 Hybrid Systems Overview Introduction 2 / 66

Hybrid Systems Informally System mixing continuous and discrete dynamics Hybrid System ẋ = f q (x, p) q 1 q 0 q 2 Relatively recent notion (early 90s), although they are everywhere In the modelling and simulation community, arised from the need to explicitely deal with discontinuous models In the (theoretical) computer science community, arised from the need to enrich discrete automata with richer dynamics Alexandre Donzé: EECS 144/244 Hybrid Systems Overview Introduction 2 / 66

Note: Hybrid Systems vs Cyber-physical Systems (CPS) A cyber-physical system (CPS) is a system featuring a tight combination of, and coordination between, the systems computational and physical elements. Strong Correlation Both mix discrete (compuational) and continuous (physical) Although, objects of different nature a HS is a formal mathematical model a CPS corresponds to some concrete device Hybrid systems are a more general notion One can argue that CPS HS but HS CPS. E.g. HS used in systems biology for modelling cells, which are CPS. Alexandre Donzé: EECS 144/244 Hybrid Systems Overview Introduction 3 / 66

Note: Hybrid Systems vs Cyber-physical Systems (CPS) A cyber-physical system (CPS) is a system featuring a tight combination of, and coordination between, the systems computational and physical elements. Strong Correlation Both mix discrete (compuational) and continuous (physical) Although, objects of different nature a HS is a formal mathematical model a CPS corresponds to some concrete device Hybrid systems are a more general notion One can argue that CPS HS but HS CPS. E.g. HS used in systems biology for modelling cells, which are CPS. Alexandre Donzé: EECS 144/244 Hybrid Systems Overview Introduction 3 / 66

Note: Hybrid Systems vs Cyber-physical Systems (CPS) A cyber-physical system (CPS) is a system featuring a tight combination of, and coordination between, the systems computational and physical elements. Strong Correlation Both mix discrete (compuational) and continuous (physical) Although, objects of different nature a HS is a formal mathematical model a CPS corresponds to some concrete device Hybrid systems are a more general notion One can argue that CPS HS but HS CPS. E.g. HS used in systems biology for modelling cells, which are CPS. Alexandre Donzé: EECS 144/244 Hybrid Systems Overview Introduction 3 / 66

Note: Hybrid Systems vs Cyber-physical Systems (CPS) A cyber-physical system (CPS) is a system featuring a tight combination of, and coordination between, the systems computational and physical elements. Strong Correlation Both mix discrete (compuational) and continuous (physical) Although, objects of different nature a HS is a formal mathematical model a CPS corresponds to some concrete device Hybrid systems are a more general notion One can argue that CPS HS but HS CPS. E.g. HS used in systems biology for modelling cells, which are CPS. Alexandre Donzé: EECS 144/244 Hybrid Systems Overview Introduction 3 / 66

1 Example from a control scientist perspective 2 Numerical simulation of hybrid systems 3 Hybrid Systems Verification (slides by G. Frehse) 4 Summary Alexandre Donzé: EECS 144/244 Hybrid Systems Overview Introduction 4 / 66

1 Example from a control scientist perspective 2 Numerical simulation of hybrid systems 3 Hybrid Systems Verification (slides by G. Frehse) 4 Summary Alexandre Donzé: EECS 144/244 Hybrid Systems Overview Example from a control scientist perspective 5 / 66

Systems with Discontinuities Example: circuit with a switch ( or any other discontinuous element, e.g., diodes, etc) Hybrid blocks Alexandre Donzé: EECS 144/244 Hybrid Systems Overview Example from a control scientist perspective 6 / 66

Example: quadrirotor helicopter We consider a model with three components: I a non-linear model of the dynamics which computes the behavior of the vehicule w.r.t. the action of the rotors I A linear feedback controler which drives the vehicule toward a specified position I A discrete supervisor equipped with sensors which triggers an avoiding manoeuver when the vehicule approaches an obstacle with a dangerous speed Alexandre Donze : EECS 144/244 Hybrid Systems Overview Example from a control scientist perspective 7 / 66

Simulink model Alexandre Donzé: EECS 144/244 Hybrid Systems Overview Example from a control scientist perspective 8 / 66

A sample trajectory Alexandre Donzé: EECS 144/244 Hybrid Systems Overview Example from a control scientist perspective 9 / 66

A sample trajectory Alexandre Donzé: EECS 144/244 Hybrid Systems Overview Example from a control scientist perspective 9 / 66

A sample trajectory Alexandre Donzé: EECS 144/244 Hybrid Systems Overview Example from a control scientist perspective 9 / 66

A sample trajectory Alexandre Donzé: EECS 144/244 Hybrid Systems Overview Example from a control scientist perspective 9 / 66

1 Example from a control scientist perspective 2 Numerical simulation of hybrid systems 3 Hybrid Systems Verification (slides by G. Frehse) 4 Summary Alexandre Donzé: EECS 144/244 Hybrid Systems Overview Numerical simulation of hybrid systems 10 / 66

Piecewiese continuous models Consider piecewise-continuous models of the form ẋ = f(q, x, p), x(0) = x 0 y = g(x) q + = e(q, y), q(0) = q 0 where x R n is the state variable q N is the discrete state, p R np is the parameter vector, g is the guard function and e is the event or transition function, where q + q only if g(x) = 0 Alexandre Donzé: EECS 144/244 Hybrid Systems Overview Numerical simulation of hybrid systems 11 / 66

Assumptions for existence and uniqueness of solutions q Q, (x, p) f(q, x, p) is continuously differentiable Mode changes (q + q ) when (τ, i), g i (x(τ)) = 0 g is differentiable and whenever g i (x(τ)) = 0, g i (x(τ)), f(q, x, p) g i (x(τ)), f(q +, x +, p) > 0 Under these assumptions, Given x 0 and p, there exist a unique trajectory x(t, p) Trajectory x(t, p) is differentiable w.r.t. p Alexandre Donzé: EECS 144/244 Hybrid Systems Overview Numerical simulation of hybrid systems 12 / 66

Assumptions for existence and uniqueness of solutions q Q, (x, p) f(q, x, p) is continuously differentiable Mode changes (q + q ) when (τ, i), g i (x(τ)) = 0 g is differentiable and whenever g i (x(τ)) = 0, g i (x(τ)), f(q, x, p) g i (x(τ)), f(q +, x +, p) > 0 Under these assumptions, Given x 0 and p, there exist a unique trajectory x(t, p) Trajectory x(t, p) is differentiable w.r.t. p Alexandre Donzé: EECS 144/244 Hybrid Systems Overview Numerical simulation of hybrid systems 12 / 66

Simulation algorithm Discontinuity locking + Event detection by zero crossing detection 1. Let f k (x, p) = f(q(t k ), x, p) (block switching between t k and t k+1 ) 2. Solve ODE ẋ = f k (x, p) on [t k, t k + h k ] 3. If for all i, sign(g i (x)) = Constant on (t k, t k + h k ] then let t k+1 = t k + h k 4. Else find the minimum time τ > t k for which g i (x(τ)) = 0 and let t k+1 = τ 5. Return ξ p (t k+1 ) and restart with q(t + k+1 ) = e(q(t k), λ(t k+1 ))) Alexandre Donzé: EECS 144/244 Hybrid Systems Overview Numerical simulation of hybrid systems 13 / 66

Simulation algorithm Discontinuity locking + Event detection by zero crossing detection 1. Let f k (x, p) = f(q(t k ), x, p) (block switching between t k and t k+1 ) 2. Solve ODE ẋ = f k (x, p) on [t k, t k + h k ] 3. If for all i, sign(g i (x)) = Constant on (t k, t k + h k ] then let t k+1 = t k + h k 4. Else find the minimum time τ > t k for which g i (x(τ)) = 0 and let t k+1 = τ 5. Return ξ p (t k+1 ) and restart with q(t + k+1 ) = e(q(t k), λ(t k+1 ))) Alexandre Donzé: EECS 144/244 Hybrid Systems Overview Numerical simulation of hybrid systems 13 / 66

Simulation algorithm Discontinuity locking + Event detection by zero crossing detection 1. Let f k (x, p) = f(q(t k ), x, p) (block switching between t k and t k+1 ) 2. Solve ODE ẋ = f k (x, p) on [t k, t k + h k ] 3. If for all i, sign(g i (x)) = Constant on (t k, t k + h k ] then let t k+1 = t k + h k 4. Else find the minimum time τ > t k for which g i (x(τ)) = 0 and let t k+1 = τ 5. Return ξ p (t k+1 ) and restart with q(t + k+1 ) = e(q(t k), λ(t k+1 ))) Alexandre Donzé: EECS 144/244 Hybrid Systems Overview Numerical simulation of hybrid systems 13 / 66

Simulation algorithm Discontinuity locking + Event detection by zero crossing detection 1. Let f k (x, p) = f(q(t k ), x, p) (block switching between t k and t k+1 ) 2. Solve ODE ẋ = f k (x, p) on [t k, t k + h k ] 3. If for all i, sign(g i (x)) = Constant on (t k, t k + h k ] then let t k+1 = t k + h k 4. Else find the minimum time τ > t k for which g i (x(τ)) = 0 and let t k+1 = τ 5. Return ξ p (t k+1 ) and restart with q(t + k+1 ) = e(q(t k), λ(t k+1 ))) Alexandre Donzé: EECS 144/244 Hybrid Systems Overview Numerical simulation of hybrid systems 13 / 66

Simulation algorithm Discontinuity locking + Event detection by zero crossing detection 1. Let f k (x, p) = f(q(t k ), x, p) (block switching between t k and t k+1 ) 2. Solve ODE ẋ = f k (x, p) on [t k, t k + h k ] 3. If for all i, sign(g i (x)) = Constant on (t k, t k + h k ] then let t k+1 = t k + h k 4. Else find the minimum time τ > t k for which g i (x(τ)) = 0 and let t k+1 = τ 5. Return ξ p (t k+1 ) and restart with q(t + k+1 ) = e(q(t k), λ(t k+1 ))) Alexandre Donzé: EECS 144/244 Hybrid Systems Overview Numerical simulation of hybrid systems 13 / 66

Simulink Semantics Blocks (from Mathworks documentation) A Simulink block consists of inputs, a set of states, and outputs: u (Input) x (States) y (Output) The following equations express the mathematical relationships between the inputs, outputs, states, and simulation time ẋ = f D (t, x, u) (Derivatives) y = f O (t, x, u) (Outputs) x dk+1 = f u (t, x c, x dk, u) (Update) where x = [x c ; x d ] Alexandre Donzé: EECS 144/244 Hybrid Systems Overview Numerical simulation of hybrid systems 14 / 66

Simulink Semantics Blocks (from Mathworks documentation) A Simulink block consists of inputs, a set of states, and outputs: u (Input) x (States) y (Output) The following equations express the mathematical relationships between the inputs, outputs, states, and simulation time ẋ = f D (t, x, u) (Derivatives) y = f O (t, x, u) (Outputs) x dk+1 = f u (t, x c, x dk, u) (Update) where x = [x c ; x d ] Alexandre Donzé: EECS 144/244 Hybrid Systems Overview Numerical simulation of hybrid systems 14 / 66

Simulink Semantics Alexandre Donzé: EECS 144/244 Hybrid Systems Overview Numerical simulation of hybrid systems 15 / 66

Difficulties with Zero-Crossing Zeno phenomenon (example with the bouncing ball). Adaptive algorithm limits number and accuracy of detection: Zero-crossing detection cannot be certified, Alexandre Donzé: EECS 144/244 Hybrid Systems Overview Numerical simulation of hybrid systems 16 / 66

Heterogenous Simulation Mixing continuous-time models with finite states machines E.g.: Simulink comes with StateFlow, which implements StateCharts StateCharts are treated as standards Simulink Blocks, with discrete updates, derivatives, etc, interacting with the continuous solver Problem: the execution (semantics) of state charts can depend on solver parameters! Mathworks solution: guidelines Ptolemy II solution: clean separation and interactions of different semantics (models of computation) through the explicit use of directors Alexandre Donzé: EECS 144/244 Hybrid Systems Overview Numerical simulation of hybrid systems 17 / 66

Heterogenous Simulation Mixing continuous-time models with finite states machines E.g.: Simulink comes with StateFlow, which implements StateCharts StateCharts are treated as standards Simulink Blocks, with discrete updates, derivatives, etc, interacting with the continuous solver Problem: the execution (semantics) of state charts can depend on solver parameters! Mathworks solution: guidelines Ptolemy II solution: clean separation and interactions of different semantics (models of computation) through the explicit use of directors Alexandre Donzé: EECS 144/244 Hybrid Systems Overview Numerical simulation of hybrid systems 17 / 66

Heterogenous Simulation Mixing continuous-time models with finite states machines E.g.: Simulink comes with StateFlow, which implements StateCharts StateCharts are treated as standards Simulink Blocks, with discrete updates, derivatives, etc, interacting with the continuous solver Problem: the execution (semantics) of state charts can depend on solver parameters! Mathworks solution: guidelines Ptolemy II solution: clean separation and interactions of different semantics (models of computation) through the explicit use of directors Alexandre Donzé: EECS 144/244 Hybrid Systems Overview Numerical simulation of hybrid systems 17 / 66

Heterogenous Simulation Mixing continuous-time models with finite states machines E.g.: Simulink comes with StateFlow, which implements StateCharts StateCharts are treated as standards Simulink Blocks, with discrete updates, derivatives, etc, interacting with the continuous solver Problem: the execution (semantics) of state charts can depend on solver parameters! Mathworks solution: guidelines Ptolemy II solution: clean separation and interactions of different semantics (models of computation) through the explicit use of directors Alexandre Donzé: EECS 144/244 Hybrid Systems Overview Numerical simulation of hybrid systems 17 / 66

Heterogenous Simulation Mixing continuous-time models with finite states machines E.g.: Simulink comes with StateFlow, which implements StateCharts StateCharts are treated as standards Simulink Blocks, with discrete updates, derivatives, etc, interacting with the continuous solver Problem: the execution (semantics) of state charts can depend on solver parameters! Mathworks solution: guidelines Ptolemy II solution: clean separation and interactions of different semantics (models of computation) through the explicit use of directors Alexandre Donzé: EECS 144/244 Hybrid Systems Overview Numerical simulation of hybrid systems 17 / 66

Heterogenous Simulation Mixing continuous-time models with finite states machines E.g.: Simulink comes with StateFlow, which implements StateCharts StateCharts are treated as standards Simulink Blocks, with discrete updates, derivatives, etc, interacting with the continuous solver Problem: the execution (semantics) of state charts can depend on solver parameters! Mathworks solution: guidelines Ptolemy II solution: clean separation and interactions of different semantics (models of computation) through the explicit use of directors Alexandre Donzé: EECS 144/244 Hybrid Systems Overview Numerical simulation of hybrid systems 17 / 66

1 Example from a control scientist perspective 2 Numerical simulation of hybrid systems 3 Hybrid Systems Verification (slides by G. Frehse) 4 Summary Alexandre Donzé: EECS 144/244 Hybrid Systems Overview Hybrid Systems Verification (slides by G. Frehse) 18 / 66

From Finite State Machines To Hybrid Automata Finite State Machine q 0 10 q 1 01 Alexandre Donzé: EECS 144/244 Hybrid Systems Overview Hybrid Systems Verification (slides by G. Frehse) 19 / 66

From Finite State Machines To Hybrid Automata Finite State Machine q 0 10 q 1 01 Timed Automaton q 0 ẋ = 1 q 1 ẋ = 1 Alexandre Donzé: EECS 144/244 Hybrid Systems Overview Hybrid Systems Verification (slides by G. Frehse) 19 / 66

From Finite State Machines To Hybrid Automata Finite State Machine Linear Hybrid Automaton q 0 q 1 10 01 q 0 ẋ [a, b] q 1 ẋ [c, d] Timed Automaton q 0 q 1 ẋ = 1 ẋ = 1 Alexandre Donzé: EECS 144/244 Hybrid Systems Overview Hybrid Systems Verification (slides by G. Frehse) 19 / 66

From Finite State Machines To Hybrid Automata Finite State Machine Linear Hybrid Automaton q 0 q 1 10 01 q 0 ẋ [a, b] q 1 ẋ [c, d] Timed Automaton Hybrid Automaton q 0 ẋ = 1 q 1 ẋ = 1 q 0 ẋ = f 1 (x) q 1 ẋ = f 2 (x) Alexandre Donzé: EECS 144/244 Hybrid Systems Overview Hybrid Systems Verification (slides by G. Frehse) 19 / 66

From Finite State Machines To Hybrid Automata Finite State Machine Linear Hybrid Automaton q 0 q 1 10 01 q 0 ẋ [a, b] q 1 ẋ [c, d] Timed Automaton Hybrid Automaton q 0 ẋ = 1 q 1 ẋ = 1 q 0 ẋ = f 1 (x) q 1 ẋ = f 2 (x) Note Linear Hybrid Automatons [ACHH93] are not hybrid systems with linear continuous dynamics (eg. f i (x) = A i x)! ( We ll come back to this) Alexandre Donzé: EECS 144/244 Hybrid Systems Overview Hybrid Systems Verification (slides by G. Frehse) 19 / 66

Formal Verification Model of System Formal Specification Revise Design Verification (algorithmic) Incorrect / Unknown Correct TCAS verified in part [Livadas, Lygeros, Lynch, 00] Alexandre Donzé: EECS 144/244 Hybrid Systems Overview Hybrid Systems Verification (slides by G. Frehse) 20 / 66 7

Characteristics Formal Verification mathematical rigor (sound proofs & algorithms) exhaustive In this talk: Reachability Analysis initial states run (trajectory) forbidden states reachable states = states on any run Alexandre Donzé: EECS 144/244 Hybrid Systems Overview Hybrid Systems Verification (slides by G. Frehse) 21 / 66 10

Join Maneuver [Tomlin et al.] reachable states blue plane time reachable states yellow plane Alexandre Donzé: EECS 144/244 Hybrid Systems Overview Hybrid Systems Verification (slides by G. Frehse) 22 / 66 11

Join Maneuver [Tomlin et al.] reachable states blue plane Possible collision! time reachable states yellow plane Alexandre Donzé: EECS 144/244 Hybrid Systems Overview Hybrid Systems Verification (slides by G. Frehse) 23 / 66 12

Key Problems Formal Verification computable (decidable) only for simple dynamics computationally expensive representation of / computation with continuous sets Alexandre Donzé: EECS 144/244 Hybrid Systems Overview Hybrid Systems Verification (slides by G. Frehse) 24 / 66 13

Formal Verification Fighting complexity with overapproximations simplify dynamics set representations set computations Overapproximations should be conservative easy to derive and compute with accurate (not too many false positives) Alexandre Donzé: EECS 144/244 Hybrid Systems Overview Hybrid Systems Verification (slides by G. Frehse) 25 / 66 14

Formal Verification Model of System Formal Specification Revise Design Verification (algorithmic) Incorrect / Unknown Correct TCAS verified in part [Livadas, Lygeros, Lynch, 00] Alexandre Donzé: EECS 144/244 Hybrid Systems Overview Hybrid Systems Verification (slides by G. Frehse) 26 / 66 16

Formal Verification Model of System Model of Physics Model of Software continuous dynamics discrete dynamics ẋ = f(x) Alexandre Donzé: EECS 144/244 Hybrid Systems Overview Hybrid Systems Verification (slides by G. Frehse) 27 / 66 17

Modeling Hybrid Systems Example: Bouncing Ball ball with mass m and position x in free fall bounces when it hits the ground at x = 0 initially at position x 0 and at rest x F g 0 Alexandre Donzé: EECS 144/244 Hybrid Systems Overview Hybrid Systems Verification (slides by G. Frehse) 28 / 66 18

Part I Free Fall Condition for Free Fall ball above ground: x 0 x F g First Principles (physical laws) gravitational force : F g = mg g=9.81m/s 2 0 Newton's law of motion : mẍ=f g Alexandre Donzé: EECS 144/244 Hybrid Systems Overview Hybrid Systems Verification (slides by G. Frehse) 29 / 66 19

Part I Free Fall F g = mg mẍ = F g Obtaining 1 st Order ODE System ordinary differential equationẋ=f(x) transform to 1st order by introducing variables for higher derivatives x 0 F g here:v=ẋ: ẋ = v v = g Alexandre Donzé: EECS 144/244 Hybrid Systems Overview Hybrid Systems Verification (slides by G. Frehse) 30 / 66 20

Part II Bouncing Conditions for Bouncing ball at ground position:x=0 downward motion:v<0 Action for Bouncing velocity changes direction loss of velocity (deformation, friction) v:= cv,0 c 1 Alexandre Donzé: EECS 144/244 Hybrid Systems Overview Hybrid Systems Verification (slides by G. Frehse) 31 / 66 21

Combining Part I and II Free Fall whilex 0, ẋ = v v = g continuous dynamics ẋ = f(x) Bouncing ifx=0andv<0 v := cv discrete dynamics x G x:=r(x) Alexandre Donzé: EECS 144/244 Hybrid Systems Overview Hybrid Systems Verification (slides by G. Frehse) 32 / 66 22

Hybrid Automaton Model x=x 0 v=0 initial conditions location invariant flow freefall x 0 ẋ = v v = g bounce x=0 v<0 v:= cv label guard reset discrete transition Alexandre Donzé: EECS 144/244 Hybrid Systems Overview Hybrid Systems Verification (slides by G. Frehse) 33 / 66 23

Hybrid Automata H =(Loc,Var,Ini,Inv,Trans,Lab,Flow) Defining Inhabited State Space: LocationsLoc {freefall} VariablesVar {x,v} Valuation: x R Vars attributes a real value to each variable State: s=(l,x), withl Loc,x R Vars Initial states Ini Loc R Vars {(freefall,(x=x 0,v=0))} InvariantInv Loc R Vars {(freefall,(x 0,v R))} Alexandre Donzé: EECS 144/244 Hybrid Systems Overview Hybrid Systems Verification (slides by G. Frehse) 34 / 66 24

Hybrid Automata Discrete Dynamics Defining Discrete Dynamics: Trans (l,α,g,r,l ) Trans, with R labelα Lab, guardg R Vars, resetr:r Vars 2 RVars (l,x) G (l,r(x)) Semantics: Discrete Transition can jump from (l,x) to (l, x ) if x G and x R(x) Alexandre Donzé: EECS 144/244 Hybrid Systems Overview Hybrid Systems Verification (slides by G. Frehse) 35 / 66 25

Hybrid Automata Cont. Dynamics Defining Continuous Dynamics: Flow Flow :Loc R Vars 2 RVars for each location l differential inclusion ẋ Flow(l,x) Semantics: Time Elapse change state along x(t) as time elapses x(t) must be in invariant Inv ẋ(t) Flow(l,x) Alexandre Donzé: EECS 144/244 Hybrid Systems Overview Hybrid Systems Verification (slides by G. Frehse) 36 / 66 26

Hybrid Automata Cont. Dynamics Bouncing Ball: Flow: x,v ẋ = v v = g v(0) x(0) x(t) v(t) t Alexandre Donzé: EECS 144/244 Hybrid Systems Overview Hybrid Systems Verification (slides by G. Frehse) 37 / 66 27

Run Hybrid Automata - Semantics sequence of discrete transitions and time elapse Execution run that starts in the initial states x 0 (t) x 2 (t) x 1 (t) Alexandre Donzé: EECS 144/244 Hybrid Systems Overview Hybrid Systems Verification (slides by G. Frehse) 38 / 66 28

Execution of Bouncing Ball position x x 0 x 0 (t) x 1 (t) x 2 (t) x3 (t) x4 (t) 0 δ 0 δ 1 δ 2 δ 3 δ 4 time t v 0 velocity v 0 v 0 (t) v 1 (t) v 2 (t)v 3 (t) v 4 (t) δ 0 δ 1 δ 2 δ 3 δ 4 time t Alexandre Donzé: EECS 144/244 Hybrid Systems Overview Hybrid Systems Verification (slides by G. Frehse) 39 / 66 29

Execution of Bouncing Ball State-Space View (infinite time range) position x x 0 x 0 (t) x 1 (t) x 2 (t) 0 discrete transition velocity v Alexandre Donzé: EECS 144/244 Hybrid Systems Overview Hybrid Systems Verification (slides by G. Frehse) 40 / 66 30

Formal Verification Model of System Formal Specification Revise Design Verification (Reachability) Incorrect / Unknown Correct TCAS verified in part [Livadas, Lygeros, Lynch, 00] Alexandre Donzé: EECS 144/244 Hybrid Systems Overview Hybrid Systems Verification (slides by G. Frehse) 41 / 66 31

Computing Reachable States Reachable states: Reach(S) any state encountered in a run starting in S S position x 0 velocity v Alexandre Donzé: EECS 144/244 Hybrid Systems Overview Hybrid Systems Verification (slides by G. Frehse) 42 / 66 32

Computing Reachable States Compute successor states discrete transitions :Post d (R) time elapse :Post c (R) R 1 =Post c (R 0 ) R 0 R 3 =Post c (R 2 ) 0 R 2 =Post d (R 1 ) Alexandre Donzé: EECS 144/244 Hybrid Systems Overview Hybrid Systems Verification (slides by G. Frehse) 43 / 66 33

Computing Reachable States Fixpoint computation Initialization:R 0 =Ini Recurrence:R k+1 =R k Post d (R k ) Post c (R k ) Termination:R k+1 =R k Reach=R k. Problems in general termination not guaranteed time-elapse very hard to compute with sets Alexandre Donzé: EECS 144/244 Hybrid Systems Overview Hybrid Systems Verification (slides by G. Frehse) 44 / 66 34

Linear Hybrid Automata Continuous Dynamics piecewise constant: ẋ = 1 intervals: ẋ [1, 2] conservation laws: ẋ 1 + ẋ 2 = 0 general form: conjunctions of linear constraints a ẋ b, a Z n, b Z, {<, }. = convex polyhedron over derivatives Alexandre Donzé: EECS 144/244 Hybrid Systems Overview Hybrid Systems Verification (slides by G. Frehse) 45 / 66 38

Discrete Dynamics Linear Hybrid Automata affine transform: x := ax + b with intervals: x 2 := x 1 ± 0.5 general form: conjunctions of linear constraints (new value x ) a x+a x b, a, a Z n, b Z, {<, } = convex polyhedron over x and x Alexandre Donzé: EECS 144/244 Hybrid Systems Overview Hybrid Systems Verification (slides by G. Frehse) 46 / 66 39

Linear Hybrid Automata Invariants, Initial States general form: conjunctions of linear constraints a x b, a Z n, b Z, {<, }, = convex polyhedron over x Alexandre Donzé: EECS 144/244 Hybrid Systems Overview Hybrid Systems Verification (slides by G. Frehse) 47 / 66 40

Reachability with LHA Compute discrete successor states Post d (S) all x for which exists x Ss.t. x G x R(x) Inv Operations: existential quantification intersection standard operations on convex polyhedra Alexandre Donzé: EECS 144/244 Hybrid Systems Overview Hybrid Systems Verification (slides by G. Frehse) 48 / 66 41

Reachability with LHA Compute time elapse states Post c (S) Theorem [Alur et al.] Time elapse along arbitrary trajectory iff time elapse along straight line (convex invariant). Inv time elapse along straight line can be computed as projection along cone [Halbwachs et al.] Alexandre Donzé: EECS 144/244 Hybrid Systems Overview Hybrid Systems Verification (slides by G. Frehse) 49 / 66 42

Reachability with LHA [Halbwachs, Henzinger, 93-97] 1. get projection cone invariant 2. time elapse by projection 3. compute successors of transitions successors initial states derivatives projection cone Alexandre Donzé: EECS 144/244 Hybrid Systems Overview Hybrid Systems Verification (slides by G. Frehse) 50 / 66 43

Piecewise Affine Hybrid Systems Affine dynamics Flow: ẋ = Ax + b (deterministic) ẋ Ax + B, with B a set (nondeterministic) For time elapse it s enough to look at a single location. Alexandre Donzé: EECS 144/244 Hybrid Systems Overview Hybrid Systems Verification (slides by G. Frehse) 51 / 66 55

Linear Dynamics Let s begin with autonomous part of the dynamics: ẋ = Ax, x R n Known solutions: analytic solution in continuous time explicit solution at discrete points in time (up to arbitrary accuracy) Approach for Reachability: Compute reachable states over finite time: Reach [0,T] (X Ini ) Use time-discretization, but with care! Alexandre Donzé: EECS 144/244 Hybrid Systems Overview Hybrid Systems Verification (slides by G. Frehse) 52 / 66 56

Time-Discretization for an Initial Point Analytic solution: with t = δk : x(t) = e At x Ini x 3 x(t) x(δ(k + 1)) = e Aδ x(δk) x 0 x 1 x 2 0 δ 2δ 3δ t Explicit solution in discretized time (recursive): x 0 = x Ini x k+1 = e Aδ x k multiplication with const. matrix e Aδ = linear transform Alexandre Donzé: EECS 144/244 Hybrid Systems Overview Hybrid Systems Verification (slides by G. Frehse) 53 / 66 57

Time-Discretization for an Initial Set Explicit solution in discretized time X 2 X X 1 X 0 = X Ini 0 X k+1 = e Aδ Reach X [0,3δ] (X Ini ) k Acceptable solution for purely continuous systems x(t) is in ǫ(δ)-neighborhood of some X k Unacceptable for hybrid systems discrete transitions might fire between sampling times if transitions are missed, x(t) not in ǫ(δ)-neighborhood 0 δ 2δ X 3 3δ t Alexandre Donzé: EECS 144/244 Hybrid Systems Overview Hybrid Systems Verification (slides by G. Frehse) 54 / 66 58

Bouncing Ball X 90 = In other examples this error might not be as obvious Alexandre Donzé: EECS 144/244 Hybrid Systems Overview Hybrid Systems Verification (slides by G. Frehse) 55 / 66 59

Goal: Reachability by Time-Discretization Compute sequence Ω k over bounded time [0,Nδ] such that: Reach [0,Nδ] (X Ini ) Ω 0 Ω 1... Ω N Approach: Refine Ω k by recurrence: Ω 2 Ω k+1 = e Aδ Ω k Condition for Ω 0 : Ω 0 Ω 1 Reach [0,3δ] (X Ini ) Reach [0,δ] (X Ini ) Ω 0 0 δ 2δ 3δ t Alexandre Donzé: EECS 144/244 Hybrid Systems Overview Hybrid Systems Verification (slides by G. Frehse) 56 / 66 60

Time-Discretization with Convex Hull Overapproximating Reach [0,δ] : X 1 X 0 Reach [0,δ] (X Ini ) Conv(X 0,X 1 ) Bloat(Conv(X 0,X 1 )) Alexandre Donzé: EECS 144/244 Hybrid Systems Overview Hybrid Systems Verification (slides by G. Frehse) 57 / 66 61

Time-Discretization with Convex Hull Bouncing Ball: X 1 Ω 0 X 0 X 1 Ω 0 Alexandre Donzé: EECS 144/244 Hybrid Systems Overview Hybrid Systems Verification (slides by G. Frehse) 58 / 66 X 0 62

Nondeterministic Affine Dynamics Let s include the effect of inputs: ẋ = Ax + Bu, x R n, u U R p variables x 1,,x n, inputs u 1,,u p Input u models nondeterminism ẋ Ax + BU used later for overapproximating nonlinear dynamics Alexandre Donzé: EECS 144/244 Hybrid Systems Overview Hybrid Systems Verification (slides by G. Frehse) 59 / 66 63

Nondeterministic Affine Dynamics Analytic Solution x(t) = e Aδ x(0) + τ 0 e A(δ τ) Bu(τ)dτ autonomous dynamics influence of inputs influence of inputs Reach [0,3δ] (X Ini ) 0 δ 2δ 3δ t Alexandre Donzé: EECS 144/244 Hybrid Systems Overview Hybrid Systems Verification (slides by G. Frehse) 60 / 66 64

Nondeterministic Affine Dynamics How far can the input push the system in δ time? V = box with radius e A δ 1 A sup u U Bu Ω 0 = Bloat(Conv(X Ini, e Aδ X Ini )) V Ω k+1 = e Aδ Ω k V Minkowski Sum: A B ={a + b a A, b B} Alexandre Donzé: EECS 144/244 Hybrid Systems Overview Hybrid Systems Verification (slides by G. Frehse) 61 / 66 65

Nondeterministic Affine Dynamics Ω 2 = e Aδ Ω 1 V e Aδ Ω 1 Ω 1 Ω 0 0 δ 2δ 3δ t Alexandre Donzé: EECS 144/244 Hybrid Systems Overview Hybrid Systems Verification (slides by G. Frehse) 62 / 66 66

Implementing Reachability Find representation for continuous sets with linear transformation Minkowski Sum intersection (with guards) Polyhedra, zonotopes, ellipsoids, support functions (current state of the art) Extension to Nonlinear dynamics Approximation with simpler dynamics (through linearizations) Still scalability issues Alexandre Donzé: EECS 144/244 Hybrid Systems Overview Hybrid Systems Verification (slides by G. Frehse) 63 / 66

Implementing Reachability Find representation for continuous sets with linear transformation Minkowski Sum intersection (with guards) Polyhedra, zonotopes, ellipsoids, support functions (current state of the art) Extension to Nonlinear dynamics Approximation with simpler dynamics (through linearizations) Still scalability issues Alexandre Donzé: EECS 144/244 Hybrid Systems Overview Hybrid Systems Verification (slides by G. Frehse) 63 / 66

Implementing Reachability Find representation for continuous sets with linear transformation Minkowski Sum intersection (with guards) Polyhedra, zonotopes, ellipsoids, support functions (current state of the art) Extension to Nonlinear dynamics Approximation with simpler dynamics (through linearizations) Still scalability issues Alexandre Donzé: EECS 144/244 Hybrid Systems Overview Hybrid Systems Verification (slides by G. Frehse) 63 / 66

1 Example from a control scientist perspective 2 Numerical simulation of hybrid systems 3 Hybrid Systems Verification (slides by G. Frehse) 4 Summary Alexandre Donzé: EECS 144/244 Hybrid Systems Overview Summary 64 / 66

Hybrid Systems Tools (non exhaustive list) Simulink/Stateflow: defines itself as a hybrid systems simulator very rich sets of toolbox/frameworks with sometimes confusing semantics Ptolemy: composition of heterogeonous models of computation (MoCs) with emphasis on deterministic behaviors defines a unique model of superdense time (allows ordering of true simultaneous events) semantics made explicit and user-defined (directors) Spaceex: implements the most common theoretical hybrid model, Hybrid Input Output Automata (Lynch et al 2003) emphasis on non-determinism : computes reachable sets for safety analysis Alexandre Donzé: EECS 144/244 Hybrid Systems Overview Summary 65 / 66

Hybrid Systems Tools (non exhaustive list) Simulink/Stateflow: defines itself as a hybrid systems simulator very rich sets of toolbox/frameworks with sometimes confusing semantics Ptolemy: composition of heterogeonous models of computation (MoCs) with emphasis on deterministic behaviors defines a unique model of superdense time (allows ordering of true simultaneous events) semantics made explicit and user-defined (directors) Spaceex: implements the most common theoretical hybrid model, Hybrid Input Output Automata (Lynch et al 2003) emphasis on non-determinism : computes reachable sets for safety analysis Alexandre Donzé: EECS 144/244 Hybrid Systems Overview Summary 65 / 66

Hybrid Systems Tools (non exhaustive list) Simulink/Stateflow: defines itself as a hybrid systems simulator very rich sets of toolbox/frameworks with sometimes confusing semantics Ptolemy: composition of heterogeonous models of computation (MoCs) with emphasis on deterministic behaviors defines a unique model of superdense time (allows ordering of true simultaneous events) semantics made explicit and user-defined (directors) Spaceex: implements the most common theoretical hybrid model, Hybrid Input Output Automata (Lynch et al 2003) emphasis on non-determinism : computes reachable sets for safety analysis Alexandre Donzé: EECS 144/244 Hybrid Systems Overview Summary 65 / 66

Summary Mature simulation language and tools, although semantics have not yet converged/stabilized Current works are still trying to decide the proper semantics of mixing discrete formalism with continuous time simulation Formal verification a la model checking making progress, but still a noticeable gap between what tools can handle and what actual designer do with modern block-diagram tools Active area of research: abstractions, composition, accuracy improvement, clever compilation, mathematical paradigm shift, etc Alexandre Donzé: EECS 144/244 Hybrid Systems Overview Summary 66 / 66

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback