Dina Workshop Analysing Properties of Hybrid Systems Rafael Wisniewski Aalborg University
Dina Workshop Contents Example of Coffee Machine Models for Closed Systems Reachability Problem Control Synthesis Continuous Systems
Dina Workshop Example of the Coffe Machine Consider a machine M, which distributes coffee and tea. A customer inserts a unit coin and presses a button for tea or coffee, the machine heats water with certain ingredients and releases plastic cups filled with appropriate drinks. Such a system is decomposed into: Physical Interface (takes care of signals and energy exchange) Information Processing (processes information enterring the system regardless the physical origin)
Dina Workshop Physical Interface vs. Information Processing
Dina Workshop Information Processing Components PortMeaning 1 A coin was inserted 2 cancel button pressed 3 release the coin 4 suffucuent money inserted 5 money returned to user 6 drink distribution ended 7 coffee button pressed tea button pressed 8 drink preparation ended 9 start preparing coffee start preparing tea
Dina Workshop Machines M1 and M2 – Formalism of Automata
Dina Workshop Synchronous Product M = M1 || M2 Consider two automata G 1 = (X 1, E 1, f 1, G 1, x 01, X m1 ), G 2 = (X 2, E 2, f 2, G 2, x 02, X m2 ) and event in G 1 ||G 2 occurs if it occurs either in G 1 or G 2, G 1 ||G 2 = (X 1 x X 2, E 1 E 2, f, G 1||2, (x 01, x 02 ), X m1 x X m2 ) where (f(x 1, e), f(x 2, e)) if e G 1 (x 1 ) G 2 (x 2 ) f((x 1, x 2 ),e) = (f(x 1, e), x 2 )) if e G 1 (x 1 ) \ E 2 (x 1, f(x 2, e)) if e G 2 (x 2 ) \ E 1 and G 1||2 (x 1, x 2 ) = (G 1 (x 1 ) G 2 (x 2 )) (G 1 (x 1 ) \ E 2 ) (G 2 (x 2 ) \ E 1 )
Dina Workshop M1 and M2
Dina Workshop M1 || M2
Dina Workshop Fixing the Bug by ”lock” Label
Dina Workshop Well Behaving Product of M1 and M2
Dina Workshop Conclusions from the Example Systems may consist of a great number of components thus the global system appears to be very complicated. Set of behaviors are paths in the global transition graph. The desired behavior of a system can be specified as a set of allowed sequences of states and events. Proving that the system is correct amounts to showing that all sequences generated by the system are those allowed by the specifications.
Dina Workshop System D-I D-I is a system not exposed to the external influence and its future evolution depends exclusively on its current state Definition (System D-I) A transition system is S = (X, f), where X is a set of finite states, and f: X X is the transition function and x 0 is the initial state. Notation X* denotes the set of all sequences over X X k are sequences of length k Definition (Behavior) Given a transition system S = (X, f) the behavior of S starting from an initial state x 0 X is a sequence = { i } X*, i N such that 0 = x 0 and i+1 = f( i ) i N.
Dina Workshop Basic Reachability Problem Definition (Basic Reachability Problem) For a system S with given x 0 and a set P X the Basic Reachability Problem is the question if the behavior of S starting at x 0 reaches P (does there exist k such that k P ?). Set of all reachable sets can be generated by Algorithm 1 (Forward Simulation/Reachability) 0 := x 0 F 0 := {x 0 } repeat k+1 := f( k ) F k+1 := F k { k+1 } until F k+1 = F k F* := F k if F* P then the system is reachable Finiteness of X plays a crucial role since the sets P, F k, and the transition functions can be stored in finite data structure, secondly the algorithm converges
Dina Workshop System with One Input Definition (System D-II) A one-input transition system is S = (X, V, f), where X and V are finite sets and f: X x V X is the transition function (a partial function).
Dina Workshop System D-II Definition (Behavior Induced by Input) Given a system S=(X,V,f) and an input sequence = { i } V*. The behavior of S starting from x 0 in the presence of is a sequence: ( ) = { i } X* such that 0 = x 0 and i+1 = f( I, i ) i N. Definition (Reachability) For a D-II system S with given x 0 and a set P X the Reachability Problem is the question if Is there some input sequence such that ( ) reaches P. Naive solution Use Algorithm 1 and feed it with a sufficiently large finite sequence V* we obtain the set F*( ) of states reached by ( ). The set of all reachable states is F* = F*( ).
Dina Workshop Execution Tree
Dina Workshop Forward Reachability Algorithm in Breadth-First Search Denote f(x) the set of all immediate successors of x, i.e. f(x) = {z: u f(x,u) = z} and f(F) = {f(x): x F} Algorithm 2 (Forward Reachability) F 0 := {x 0 } repeat F k+1 := F k f(F k ) until F k+1 = F k F* := F k
Dina Workshop Forward Reachability Algorithm in Depth-First Search
Dina Workshop Backward Reachability Denote f -1 (x) the set of all immediate predecessors of x, i.e. f -1 (x) = {z: u f(z,u) = x} and f -1 (F) = {f -1 (x): x F} Algorithm 3 (Backward Reachability) F 0 := P repeat F k+1 := F k f -1 (F k ) until F k+1 = F k F* := F k Theorem 1(Algorithmic Verification) For each type II-D system there exists an algorithm (with a finite number of steps), which verifies reachability to a finite set P.
Dina Workshop System with Two Inputs Definition (System III-D) A two-input transition system is S = (X, U, V, f) where X, U, V are finite sets and f: X x U x V X is the transition function. (The set U is interpreted as the set of control actions and the set V represents disturbances.) Definition (Strategy and State Strategy) Let S = (X, U, V, f) be III-D system. A strategy for U is a function c: X* U. A state strategy is a strategy satisfying c( x) = c( ´x) for every and ´ and hence it can be written as a function d: X U (I.e. strategy is only dependent on the current state, not the entire history). Remark Each state strategy converts a type III system S = (X, U, V, f) into type II, S c = (X, V, f c ) such that f c (x, v) = f(x, c(x), v). Definition (Synthesis for Reachability) Let S = (X, U, V, f) be a type III system and let P X. The controller synthesis problem is to find a startegy c such that all the behaviors of the closed-loop system S c = (X, V, f c ) never reaches P.
Dina Workshop An Example of Type III System Let P = {x5} then the state x5 cannot be avoided from x4 by any control, since if we choose u1 the environment can choose v2 and if we choose u2 the environment can choose v1.
Dina Workshop Controller Synthesis Definition (Controllable Predecessors) Let S = (X, U, V, f) be a type III system. The set of controllable predecessors of F X is defined (F) = {x: u U v V f(x, u, v) F} and it denotes all the states from which the controller, by properly selecting u, can force the system into F in the next step. Algorithm 4 (Controller Synthesis) F 0 := X-P repeat F k+1 := F k (F k ) until F k+1 = F k F* := F k Algorithm 4 produces the set F* of states from which reaching P can be forever avoided.
Dina Workshop An Example of Type III System In the example the algorithm produces a sequence {x1, x2, x3, x4}, {x1, x2, x3}. The control strategy is c(x1) = u1, c(x2) = u2, and c(x3) = u1.
Dina Workshop General Comments on Continuous Systems In general the reachability problem for infinite state systems is undecidable. Promising idea is to investigate morphisms from infinite-state systems to finite ones. One can investigate system of the form dx/dt = f(x, ) with control signals of the form : T V. The first problem is simulation ´[(n+1) ] = ´[n ] + h( ´[n ], ) providing approximate of the solution of for discrete time T = {n : n N}.
Dina Workshop Continuous Reachability Notation x t x’ indicates that there exists an input : [0, t] V such that the behavior ( ) starting at x reaches x’ at time t. Let F X and I R + then I-successors of F are all the states that can be reached from F within the time interval I i.e. f I (F) = {x’: x F t I x t x’ } Algorithm 5 (Continuous Reachability) F 0 := {x 0 } repeat F k+1 := F k f [0,r] (F k ) until F k+1 = F k F* := F k
Dina Workshop Comments on Algorithm 5 The algorithm suffers from ability to compute f I (F) exactly and the lack of guarantee for convergence. Remedy is over estimation by convex polyhedra. It has a good meaning for linear systems dx/dt = Ax + Bu