Formal-V Group, IIT KGP 1 Introduction to Hybrid Automata Introduction to Hybrid Automata Arijit Mondal Kapil Modi Arnab Sinha
Formal-V Group, IIT KGP 2 Introduction A hybrid automaton is a formal model for a mixed discrete continuous system. Systems with ‘ discrete jumps ’ & ‘ continuous flow ’ can be modeled into Hybrid Automata. Bouncing Ball Example: Here, the following properties hold:
Formal-V Group, IIT KGP 3 Bouncing Ball: Properties States: In air (Assumption: Rebound time is negligible) Continuous Variable: height (h), velocity (v) Guard Condition : height=0, velocity=negative. Effect (Reset Map): velocity changes due to restitution coefficient (e) We are ready for the Model !!!
Formal-V Group, IIT KGP 4 Bouncing Ball Model: State Continuous variables Guard Condition Reset condition Domain (Fly)
Formal-V Group, IIT KGP 5 An Illustration: Water Tank Problem
Formal-V Group, IIT KGP 6 Water Tank: Properties The supplier can supply water at a rate of w to only one reservoir at a time. [Discrete Behavior] The current levels are x1 and x2 respectively. [Continuous Variables] The minimum threshold to be maintained are r1 and r2 respectively. [Guard Conditions] It is assumed that while transition between reservoirs none of the level changes. [Reset Property] Hence we can model it with Hybrid Automata!!!
Formal-V Group, IIT KGP 7 Water Tank Problem Guard Condition Reset Property state Continuous variables Domain(q1) Domain(q2)
Formal-V Group, IIT KGP 8 The Automaton Where, Q = set of discrete states. X = set of continuous variables, Where, E is the set of edges. G is the guard condition, and, R is the Reset Map
Formal-V Group, IIT KGP 9 An Illustration: Water Tank Problem
Formal-V Group, IIT KGP 10 Water Tank Problem: Formal Model
Formal-V Group, IIT KGP 11 Water Tank Problem: Formal Model (Contd.)
Formal-V Group, IIT KGP 12 Water Tank Problem
Formal-V Group, IIT KGP 13 Hybrid time set It is a sequence of finite or infinite intervals such that
Formal-V Group, IIT KGP 14 Bouncing Ball: Hybrid time-set The bouncing ball: The first half is upward movement and the next half is downwards. The first run is interval and the next run is in and so on.
Formal-V Group, IIT KGP 15 Hybrid Trajectory q, x) A hybrid trajectory is a triple q, x) consisting of a hybrid time set, and two sequences of functions q and x such that
Formal-V Group, IIT KGP 16 Hybrid Execution An execution of a hybrid automation H is hybrid trajectory, q, x), which satisfies the following conditions. Initial condition: Discrete evolution:
Formal-V Group, IIT KGP 17 Hybrid Execution (contd.) Continuous evolution: such that is the solution to the diff. equation over starting at
Formal-V Group, IIT KGP 18 Water Tank Problem: Hybrid Execution
Formal-V Group, IIT KGP 19 Water Tank Problem: Hybrid Execution (Contd.) Initial Condition Discrete Evolution
Formal-V Group, IIT KGP 20 Water Tank Problem: Hybrid Execution (Contd.) Continuous Evolution
Formal-V Group, IIT KGP 21 Classification of Executions Finite, if is a finite sequence and the last interval in is closed. Infinite, if is a infinite sequence, or if, Zeno, if it is infinite but the sum of intervals is finite. Real life designs are mostly non-zeno i.e. time-diverging e.g. bouncing ball system. Maximal, if it is not a strict prefix of any other execution of H.
Formal-V Group, IIT KGP 22 0-Transition We know, Hence we define an event which triggers transition iff there exists an edge e= (q, q ’ ) such that for some, Hence we can say for all states q, of a hybrid automaton i.e. we can always construct an edge such that 0
Formal-V Group, IIT KGP 23 Composition of Automata For two hybrid automata, and then we can define the semantics of parallel composition as But for composition, the transitions have to be consistent. The transitions, and are consistent if any of the following three conditions are true, and.
Formal-V Group, IIT KGP 24 Composition: Water Tank Model We develop two independent models of the 2 reservoirs. 0 0 holds when water is supplied to tank 1.
Formal-V Group, IIT KGP 25 Composition: Water Tank Model The complete model.
Formal-V Group, IIT KGP 26 Example: Buck Converter Buck converter driving variable load Switch S1 remain on for 6 secs and off for 4 secs Switch S2 alternate between R1 and R2 in every 4 secs
Formal-V Group, IIT KGP 27 Discrete states and State variables Four discrete states –S1 on and S2—R1 (A) –S1 on and S2—R2 (B) –S1 off and S2—R2 (C) –S1 off and S2—R1 (D) For circuit dynamics: –Current through inductor (i) –Voltage across capacitor (v) Clock variables: –S1: denotes the duration of on/off state of switch S1 –S2: denotes the duration of connection of switch S2 with R1 or R2
Formal-V Group, IIT KGP 28 Dynamic activities For states (A) and (B)For states (C) and (D) For clock variable S1 and S2 for all locations
Formal-V Group, IIT KGP 29 Hybrid model of Buck converter
Formal-V Group, IIT KGP 30 Example (Buck converter) [Santosh]
Formal-V Group, IIT KGP 31 Descriptions Zero pulse – Generates –ve square pulse when input crosses zero volt from any +ve voltage Monoshot – Generates +ve square pulse with Ton and it is triggered by a –ve edge at the input. Startup pulse – Generates –ve pulse to trigger the monoshot. Zero crossing detector – It toggles output when the input crosses zero volt. Initial output logic zero. Drivers – To drive power MOS switches.
Formal-V Group, IIT KGP 32 Hysteresis comparator Outputs logic high if input is below threshold Outputs logic low if input is above threshold V in V out
Formal-V Group, IIT KGP 33 Determination of discrete states This systems can be modeled as hybrid system and dynamics behavior of each state depends on the following –State of PMOS –State of NMOS –Control signal to PMOS –Control signal to NMOS Dynamic behavior of each state will depend on the following: –V cx : PMOS drain voltage –V out : Output voltage
Formal-V Group, IIT KGP 34 Hybrid automata QStateActivityReset 1 P n, N f, CP n, CN f 2 P n, N f, CP f, CN n 3 P f, N n, CP f, CN n 4 P f, N n, CP n, CN f QQG 12T≥T on 23CP f & CN n 34
Formal-V Group, IIT KGP 35 Linear hybrid systems (LHS) For all locations activity (vector field) can be defined as follows: For all locations invariant (domain) is defined by a linear formula over continuous states (X). For all transitions, guarded set of nondeterministic assgn.
Formal-V Group, IIT KGP 36 Example (x+y>4)→{x:=[3x+y,2y], y:=[7,5x]} v(α x )=21 v( β x )=24 x=3 y=12 x=23 y=9 v( α y )=7 v(β y )=15 v:(x=3,y=12)
Formal-V Group, IIT KGP 37 Special cases Discrete variable Discrete system – All variable are discrete variable Proposition – x is discrete variable and Clock
Formal-V Group, IIT KGP 38 Special cases (contd.) Timed automaton – Linear hybrid system all of whose variables are propositions or clocks and linear expression are Boolean combination of inequalities. (x#c or x-y#c) Skewed clock: Multirate timed system – LHS whose variables are propositions and skewed clocks n-rate timed system – Multirate timed system whose skewed clocks proceed at n different rates
Formal-V Group, IIT KGP 39 Special cases (contd.) Integrator Parameter - x discrete variable Simple LHS – Domains (invariants) and Guards are of the form x≤k or x≥k
Formal-V Group, IIT KGP 40 Reachability results The reachability problem is decidable for simple multirate timed system. The reachability problem is undecidable for 2-rate timed system. The reachability problem is undecidable for simple integrator systems
Formal-V Group, IIT KGP 41 Verification of Hybrid Automata A hybrid automata specification can be encoded as a set of desirable hybrid trajectories, H. The given model is said to meet the given specification if the set of execution of the model is a subset of H. Safety Property:- where F is the set of safe states in which we wish to remain always. Liveness Property:- where T is the set of states in which we visit eventually.
Formal-V Group, IIT KGP 42 Example Say we model a traffic system with a hybrid automata, then the set of safe states F, are those, in which no two cars collide. Set of live states T, are those, in which the cars eventually reach their destination.
Formal-V Group, IIT KGP 43 Transition System from a hybrid automaton H = (Q, X, Init, f, Dom, E, G, R) be a hybrid automaton with a distinguished set of final states, F, S: set of states (finite or infinite) A transition relation A set of initial states A set of final states Hybrid Automata transformed into a transition system.
Formal-V Group, IIT KGP 44 Transition System from a hybrid automaton (contd.) The transition relation can be divided into a discrete transition relation and a continuous transition relation. For each edge, For the continuous transition relation, Where, x(.) is the solution of the differential equation. Hence,
Formal-V Group, IIT KGP 45 Backward Reachability Algorithm: Initialization: repeat if return ” reachable “ endif until return “ not reachable“
Formal-V Group, IIT KGP 46 Backward Reachability: Example q0 q1 q2 q3 q4q5 q6
Formal-V Group, IIT KGP 47 Backward Reachability: Example q0 q1 q2 q3 q4q5 q6
Formal-V Group, IIT KGP 48 Backward Reachability: Example q0 q1 q2 q3 q4q5 q6
Formal-V Group, IIT KGP 49 Bisimulation: Example We can check, is a bisimulation of the given system, but is not. q0 q1 q2 q3 q4q5 q6
Formal-V Group, IIT KGP 50 Bisimulation: Example q0 q1 q2 q3 q4q5 q6
Formal-V Group, IIT KGP 51 Bisimulation: Example q0 q1 q2 q3 q4q5 q6 Not a Bisimulation
Formal-V Group, IIT KGP 52 Bisimulation: Definition A bisimulation of a transition system is a partition of the state space S of T such that, is a union of elements of the partition, If one state (say s) in some set of the partition (say ) can transition to another set in the partition (say ), then all other states, in must be able to transition to some state in. More formally,
Formal-V Group, IIT KGP 53 Bisimulation: Algorithm Let, be a bisimulation of the transition system, T and let be the quotient-transition system. is reachable by T, iff is reachable by.In fact, bisimulation preserves any property that can be expressed in CTL.[1] Algorithm: Initialization: while such that do end while return
Formal-V Group, IIT KGP 54 Bisimulation Algorithm: Example q0 q1 q2 q3 q4q5 q6
Formal-V Group, IIT KGP 55 Bisimulation Algorithm: Example q0 q1 q2 q3 q4q5 q6
Formal-V Group, IIT KGP 56 Problems at Hand:- 1. Due to possible variations in the system parameters which are determined only after the low level synthesis is complete, our hybrid system model may change. We wish to automate the effects of change. It will also give us the range of system parameters for which the circuit behavior does not violate the system specifications. 2. In the design hierarchy, we may have a block-level design, which can be resolved into circuit-level design. To check whether, the two designs are compliant, we will check the equivalence of two hybrid automata.
Formal-V Group, IIT KGP 57 Intuitive Idea Any two equivalent hybrid systems, should follow the same differential equation, at any given cycle, assuming the designs are correct. Hence at any given cycle, a particular state in H1 should have a mirror state in H2. So, we aim to compose the two hybrid systems.
Formal-V Group, IIT KGP 58 Intuitive Idea: Contd. Consider the following 2 models H1 H2
Formal-V Group, IIT KGP 59 Intuitive Idea: Contd. Composed Model H1 || H2
Formal-V Group, IIT KGP 60 Informal Algorithm Algorithm: Init(c) = compose (Init1,Init2); Q(c) = Init(c) ; while all the nodes of H1 and H2 are not in Q(c) for each node(s(i), s’(i)) in Q(c) for each transition of s(i) to p(j) (say e(ij)) for each transition of s’(i) to p’(j) (say e’(ij)) if(!check_consistency(e(ij), e’(ij)) return FAILURE else compose (p(j), p’(j)) ; Q(c)=union( Q(c), (p(j), p’(j)) ) ; endfor endwhile
Formal-V Group, IIT KGP 61 Existing Hybrid Model Checking Tools Checkmate for verifying hybrid systems.[MATLAB Based] Chutinan, Krogh, Stursberg et. al., CMU Requiem for verifying hybrid systems. University of Pennsylvania d/dt for verifying and synthesis hybrid systems. Thao Dang and Oded Maler HyTech for verifying linear hybrid systems. Thomas A Henzinger, Pei-Hsin Ho, and Howard Wong-Toi Ptolemy II for simulating concurrent, embedded and hybrid systems. Center for Hybrid and Embedded Software Systems (CHESS), University of California, Berkeley. Edward A. Lee
Formal-V Group, IIT KGP 62 Reference [1] “ Lecture Notes on Hybrid Systems ” John Lygeros, University of Patras [2]T.A.Henzinger. Hybrid automata with finite bisimulations. ICALP 95: Automata, Languages, and Programming, Lecture Notes in Computer Science 944, Pages Springer-Verlag, [3]T.A.Henzinger. Theory of Hybrid automata [4]Rajeev Alur, T.A. Henzinger et. al. The Algorithmic Analysis of Hybrid Systems, Theoretical Computer Science, 1995
Formal-V Group, IIT KGP 63