Presentation is loading. Please wait.

Presentation is loading. Please wait.

Dina Workshop Analysing Properties of Hybrid Systems Rafael Wisniewski Aalborg University.

Published byScott Lawrence Modified over 9 years ago

Similar presentations

Presentation on theme: "Dina Workshop Analysing Properties of Hybrid Systems Rafael Wisniewski Aalborg University."— Presentation transcript:

1 Dina Workshop Analysing Properties of Hybrid Systems Rafael Wisniewski Aalborg University

2 Dina Workshop Contents Example of Coffee Machine Models for Closed Systems Reachability Problem Control Synthesis Continuous Systems

3 Dina Workshop Example of the Coffe Machine Consider a machine M, which distributes coffee and tea. A customer inserts a unit coin and presses a button for tea or coffee, the machine heats water with certain ingredients and releases plastic cups filled with appropriate drinks. Such a system is decomposed into: Physical Interface (takes care of signals and energy exchange) Information Processing (processes information enterring the system regardless the physical origin)

4 Dina Workshop Physical Interface vs. Information Processing

5 Dina Workshop Information Processing Components PortMeaning 1 A coin was inserted 2 cancel button pressed 3 release the coin 4 suffucuent money inserted 5 money returned to user 6 drink distribution ended 7 coffee button pressed tea button pressed 8 drink preparation ended 9 start preparing coffee start preparing tea

6 Dina Workshop Machines M1 and M2 – Formalism of Automata

7 Dina Workshop Synchronous Product M = M1 || M2 Consider two automata G 1 = (X 1, E 1, f 1, G 1, x 01, X m1 ), G 2 = (X 2, E 2, f 2, G 2, x 02, X m2 ) and event in G 1 ||G 2 occurs if it occurs either in G 1 or G 2, G 1 ||G 2 = (X 1 x X 2, E 1  E 2, f, G 1||2, (x 01, x 02 ), X m1 x X m2 ) where (f(x 1, e), f(x 2, e)) if e  G 1 (x 1 )  G 2 (x 2 ) f((x 1, x 2 ),e) = (f(x 1, e), x 2 )) if e  G 1 (x 1 ) \ E 2 (x 1, f(x 2, e)) if e  G 2 (x 2 ) \ E 1 and G 1||2 (x 1, x 2 ) = (G 1 (x 1 )  G 2 (x 2 ))  (G 1 (x 1 ) \ E 2 )  (G 2 (x 2 ) \ E 1 )

8 Dina Workshop M1 and M2

9 Dina Workshop M1 || M2

10 Dina Workshop Fixing the Bug by ”lock” Label

11 Dina Workshop Well Behaving Product of M1 and M2

12 Dina Workshop Conclusions from the Example Systems may consist of a great number of components thus the global system appears to be very complicated. Set of behaviors are paths in the global transition graph. The desired behavior of a system can be specified as a set of allowed sequences of states and events. Proving that the system is correct amounts to showing that all sequences generated by the system are those allowed by the specifications.

13 Dina Workshop System D-I D-I is a system not exposed to the external influence and its future evolution depends exclusively on its current state Definition (System D-I) A transition system is S = (X, f), where X is a set of finite states, and f: X  X is the transition function and x 0 is the initial state. Notation X* denotes the set of all sequences over X X k are sequences of length k Definition (Behavior) Given a transition system S = (X, f) the behavior of S starting from an initial state x 0 X is a sequence  = {  i }  X*, i  N such that  0 = x 0 and  i+1 = f(  i )  i  N.

14 Dina Workshop Basic Reachability Problem Definition (Basic Reachability Problem) For a system S with given x 0 and a set P  X the Basic Reachability Problem is the question if the behavior of S starting at x 0 reaches P (does there exist k such that  k  P ?). Set of all reachable sets can be generated by Algorithm 1 (Forward Simulation/Reachability)  0 := x 0 F 0 := {x 0 } repeat  k+1 := f(  k ) F k+1 := F k  {  k+1 } until F k+1 = F k F* := F k if F*  P   then the system is reachable Finiteness of X plays a crucial role since the sets P, F k, and the transition functions can be stored in finite data structure, secondly the algorithm converges

15 Dina Workshop System with One Input Definition (System D-II) A one-input transition system is S = (X, V, f), where X and V are finite sets and f: X x V  X is the transition function (a partial function).

16 Dina Workshop System D-II Definition (Behavior Induced by Input) Given a system S=(X,V,f) and an input sequence  = {  i }  V*. The behavior of S starting from x 0 in the presence of  is a sequence:  (  ) = {  i }  X* such that  0 = x 0 and  i+1 = f(  I,  i )  i  N. Definition (Reachability) For a D-II system S with given x 0 and a set P  X the Reachability Problem is the question if Is there some input sequence  such that  (  ) reaches P. Naive solution Use Algorithm 1 and feed it with a sufficiently large finite sequence   V* we obtain the set F*(  ) of states reached by  (  ). The set of all reachable states is F* =  F*(  ).

17 Dina Workshop Execution Tree

18 Dina Workshop Forward Reachability Algorithm in Breadth-First Search Denote f(x) the set of all immediate successors of x, i.e. f(x) = {z:  u f(x,u) = z} and f(F) = {f(x): x  F} Algorithm 2 (Forward Reachability) F 0 := {x 0 } repeat F k+1 := F k  f(F k ) until F k+1 = F k F* := F k

19 Dina Workshop Forward Reachability Algorithm in Depth-First Search

20 Dina Workshop Backward Reachability Denote f -1 (x) the set of all immediate predecessors of x, i.e. f -1 (x) = {z:  u f(z,u) = x} and f -1 (F) = {f -1 (x): x  F} Algorithm 3 (Backward Reachability) F 0 := P repeat F k+1 := F k  f -1 (F k ) until F k+1 = F k F* := F k Theorem 1(Algorithmic Verification) For each type II-D system there exists an algorithm (with a finite number of steps), which verifies reachability to a finite set P.

21 Dina Workshop System with Two Inputs Definition (System III-D) A two-input transition system is S = (X, U, V, f) where X, U, V are finite sets and f: X x U x V  X is the transition function. (The set U is interpreted as the set of control actions and the set V represents disturbances.) Definition (Strategy and State Strategy) Let S = (X, U, V, f) be III-D system. A strategy for U is a function c: X*  U. A state strategy is a strategy satisfying c( x) = c(  ´x) for every  and  ´ and hence it can be written as a function d: X  U (I.e. strategy is only dependent on the current state, not the entire history). Remark Each state strategy converts a type III system S = (X, U, V, f) into type II, S c = (X, V, f c ) such that f c (x, v) = f(x, c(x), v). Definition (Synthesis for Reachability) Let S = (X, U, V, f) be a type III system and let P  X. The controller synthesis problem is to find a startegy c such that all the behaviors of the closed-loop system S c = (X, V, f c ) never reaches P.

22 Dina Workshop An Example of Type III System Let P = {x5} then the state x5 cannot be avoided from x4 by any control, since if we choose u1 the environment can choose v2 and if we choose u2 the environment can choose v1.

23 Dina Workshop Controller Synthesis Definition (Controllable Predecessors) Let S = (X, U, V, f) be a type III system. The set of controllable predecessors of F  X is defined  (F) = {x:  u  U  v  V f(x, u, v)  F} and it denotes all the states from which the controller, by properly selecting u, can force the system into F in the next step. Algorithm 4 (Controller Synthesis) F 0 := X-P repeat F k+1 := F k   (F k ) until F k+1 = F k F* := F k Algorithm 4 produces the set F* of states from which reaching P can be forever avoided.

24 Dina Workshop An Example of Type III System In the example the algorithm produces a sequence {x1, x2, x3, x4}, {x1, x2, x3}. The control strategy is c(x1) = u1, c(x2) = u2, and c(x3) = u1.

25 Dina Workshop General Comments on Continuous Systems In general the reachability problem for infinite state systems is undecidable. Promising idea is to investigate morphisms from infinite-state systems to finite ones. One can investigate system of the form dx/dt = f(x,  ) with control signals of the form  : T  V. The first problem is simulation  ´[(n+1)  ] =  ´[n  ] + h(  ´[n  ],  ) providing approximate of the solution of  for discrete time T  = {n  : n  N}.

26 Dina Workshop Continuous Reachability Notation x  t x’ indicates that there exists an input  : [0, t]  V such that the behavior  (  ) starting at x reaches x’ at time t. Let F  X and I  R + then I-successors of F are all the states that can be reached from F within the time interval I i.e. f I (F) = {x’:  x  F  t  I x  t x’ } Algorithm 5 (Continuous Reachability) F 0 := {x 0 } repeat F k+1 := F k  f [0,r] (F k ) until F k+1 = F k F* := F k

27 Dina Workshop Comments on Algorithm 5 The algorithm suffers from ability to compute f I (F) exactly and the lack of guarantee for convergence. Remedy is over estimation by convex polyhedra. It has a good meaning for linear systems dx/dt = Ax + Bu

Download ppt "Dina Workshop Analysing Properties of Hybrid Systems Rafael Wisniewski Aalborg University."

Similar presentations

Partial Order Reduction: Main Idea

Partial Order Reduction: Main Idea
Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:

Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:
Vered Gafni – Formal Development of Real Time Systems 1 Statecharts Semantics.

Vered Gafni – Formal Development of Real Time Systems 1 Statecharts Semantics.
1 Nondeterministic Space is Closed Under Complement Presented by Jing Zhang and Yingbo Wang Theory of Computation II Professor: Geoffrey Smith.

1 Nondeterministic Space is Closed Under Complement Presented by Jing Zhang and Yingbo Wang Theory of Computation II Professor: Geoffrey Smith.
THE CHURCH-TURING T H E S I S “ TURING MACHINES” Pages 136 - 150 1 COMPUTABILITY THEORY.

THE CHURCH-TURING T H E S I S “ TURING MACHINES” Pages COMPUTABILITY THEORY.
ECE 667 - Synthesis & Verification - L271 ECE 697B (667) Spring 2006 Synthesis and Verification of Digital Systems Model Checking basics.

ECE Synthesis & Verification - L271 ECE 697B (667) Spring 2006 Synthesis and Verification of Digital Systems Model Checking basics.
Timed Automata.

Timed Automata.
Supervisory Control of Hybrid Systems Written by X. D. Koutsoukos et al. Presented by Wu, Jian 04/16/2002.

Supervisory Control of Hybrid Systems Written by X. D. Koutsoukos et al. Presented by Wu, Jian 04/16/2002.
1 COMP 382: Reasoning about algorithms Unit 9: Undecidability [Slides adapted from Amos Israeli’s]

1 COMP 382: Reasoning about algorithms Unit 9: Undecidability [Slides adapted from Amos Israeli’s]
CS 267: Automated Verification Lecture 10: Nested Depth First Search, Counter- Example Generation Revisited, Bit-State Hashing, On-The-Fly Model Checking.

CS 267: Automated Verification Lecture 10: Nested Depth First Search, Counter- Example Generation Revisited, Bit-State Hashing, On-The-Fly Model Checking.
1 Temporal Claims A temporal claim is defined in Promela by the syntax: never { … body … } never is a keyword, like proctype. The body is the same as for.

1 Temporal Claims A temporal claim is defined in Promela by the syntax: never { … body … } never is a keyword, like proctype. The body is the same as for.
1 Mechanical Verification of Timed Automata Myla Archer and Constance Heitmeyer Presented by Rasa Bonyadlou 24 October 2002.

1 Mechanical Verification of Timed Automata Myla Archer and Constance Heitmeyer Presented by Rasa Bonyadlou 24 October 2002.
Best-First Search: Agendas

Best-First Search: Agendas
Planning under Uncertainty

Planning under Uncertainty
Synthesis of Embedded Software Using Free-Choice Petri Nets.

Synthesis of Embedded Software Using Free-Choice Petri Nets.
Review: Search problem formulation

Review: Search problem formulation
An Introduction to Input/Output Automata Qihua Wang.

An Introduction to Input/Output Automata Qihua Wang.
1 Undecidability Andreas Klappenecker [based on slides by Prof. Welch]

1 Undecidability Andreas Klappenecker [based on slides by Prof. Welch]
CS 536 Spring 20011 Global Optimizations Lecture 23.

CS 536 Spring Global Optimizations Lecture 23.
CSE115/ENGR160 Discrete Mathematics 03/03/11 Ming-Hsuan Yang UC Merced 1.

CSE115/ENGR160 Discrete Mathematics 03/03/11 Ming-Hsuan Yang UC Merced 1.

Similar presentations

Ads by Google