Upload
truonghuong
View
227
Download
0
Embed Size (px)
Citation preview
24: Model Checking & Reachability Analysis15-424: Foundations of Cyber-Physical Systems
Goran Frehse Andre Platzer
Verimag
[1] Laurent Doyen, Goran Frehse, George J. Pappas, Andre Platzer.Verification of Hybrid Systems.In Edmund M. Clarke, Thomas A. Henzinger and Helmut Veith,editors, Handbook of Model Checking. Springer, 2017.
Goran Frehse, Andre Platzer () FCPS / 24: Model Checking & Reachability Analysis 1 / 36
Outline
1 Hybrid AutomataExampleDefinition and Semantics
2 Set-Based ReachabilityPiecewise Constant DynamicsPiecewise Affine DynamicsSet Representations
3 Conclusions
Goran Frehse, Andre Platzer () FCPS / 24: Model Checking & Reachability Analysis 1 / 36
Outline
1 Hybrid AutomataExampleDefinition and Semantics
2 Set-Based ReachabilityPiecewise Constant DynamicsPiecewise Affine DynamicsSet Representations
3 Conclusions
Goran Frehse, Andre Platzer () FCPS / 24: Model Checking & Reachability Analysis 1 / 36
Outline
1 Hybrid AutomataExampleDefinition and Semantics
2 Set-Based ReachabilityPiecewise Constant DynamicsPiecewise Affine DynamicsSet Representations
3 Conclusions
Goran Frehse, Andre Platzer () FCPS / 24: Model Checking & Reachability Analysis 1 / 36
Example: Ball on String
m
Fs
Fg
xr
xr + L
x
(a) extension
m
Fg
xr
xr + L
x
(b) freefall
dynamics in freefall when x ≥ xr , with mass m
mx = Fg = −mg
dynamics in extension when x ≤ xr , spring constant k , damping d
mx = Fg + Fs = −mg + kxr − kx − dx
transition when x = xr + L, collision factor c ∈ [0, 1] x+ = −cx
Goran Frehse, Andre Platzer () FCPS / 24: Model Checking & Reachability Analysis 2 / 36
Example: Ball on String
m
Fs
Fg
xr
xr + L
x
(c) extension
m
Fg
xr
xr + L
x
(d) freefall
dynamics in freefall when x ≥ xr , with mass m
mx = Fg = −mg
dynamics in extension when x ≤ xr , spring constant k , damping d
mx = Fg + Fs = −mg + kxr − kx − dx
transition when x = xr + L, collision factor c ∈ [0, 1] x+ = −cxGoran Frehse, Andre Platzer () FCPS / 24: Model Checking & Reachability Analysis 2 / 36
Hybrid Automaton Model: Ball on String
auxiliary variable v = x , so v = x
clip from SpaceEx Model Editor1
1G. Frehse, C. L. Guernic, A. Donze, R. Ray, O. Lebeltel, R. Ripado, A. Girard, T. Dang,and O. Maler, “Spaceex: Scalable verification of hybrid systems,” in CAV’11, ser. LNCS,Springer, 2011.
Goran Frehse, Andre Platzer () FCPS / 24: Model Checking & Reachability Analysis 3 / 36
Simulation
0 0.5 1 1.5 2 2.5
−1
0
1
x0
x1
x2
x3x4
x5
t
positionx
0 0.5 1 1.5 2 2.5
−5
0
5
v0
v1
v−2
v2
v3
v4
v5
t
velocity
v
Goran Frehse, Andre Platzer () FCPS / 24: Model Checking & Reachability Analysis 4 / 36
Outline
1 Hybrid AutomataExampleDefinition and Semantics
2 Set-Based ReachabilityPiecewise Constant DynamicsPiecewise Affine DynamicsSet Representations
3 Conclusions
Goran Frehse, Andre Platzer () FCPS / 24: Model Checking & Reachability Analysis 4 / 36
Hybrid Automata (Alur, Henzinger, ’95)[2][3]
locations Loc = ℓ1, . . . , ℓm and variables X = x1, . . . , xndefine the state space Loc× RX
transitions Edg ⊆ Loc× Lab× Loc define location changes withsynchronization labels Lab
evolution domain alias invariant Inv ⊆ Loc× RX ,
flow relation Flow, where Flow(ℓ) ⊆ RX × RX , e.g.,
x = f (x);
jump relation Jump, where Jump(e) ⊆ RX × RX+, e.g.,
Jump(e) = (x, x+) | x ∈ G ∧ x+ = r(x)
initial states Init ⊆ Inv
Except: all described by semialgebraic sets (often polyhedra)
Goran Frehse, Andre Platzer () FCPS / 24: Model Checking & Reachability Analysis 5 / 36
Hybrid Automata (Alur, Henzinger, ’95)[2][3]
locations Loc = ℓ1, . . . , ℓm and variables X = x1, . . . , xndefine the state space Loc× RX
transitions Edg ⊆ Loc× Lab× Loc define location changes withsynchronization labels Lab
evolution domain alias invariant Inv ⊆ Loc× RX ,
flow relation Flow, where Flow(ℓ) ⊆ RX × RX , e.g.,
x = f (x);
jump relation Jump, where Jump(e) ⊆ RX × RX+, e.g.,
Jump(e) = (x, x+) | x ∈ G ∧ x+ = r(x)
initial states Init ⊆ Inv
Except: all described by semialgebraic sets (often polyhedra)
Goran Frehse, Andre Platzer () FCPS / 24: Model Checking & Reachability Analysis 5 / 36
Run Semantics
(ℓ0, x0)δ0,ξ0−−→ (ℓ0, ξ0(δ0))
α0−→ (ℓ1, x1)δ1,ξ1−−→ (ℓ1, ξ1(δ1)) . . .
with (ℓ0, x0) ∈ Init, αi ∈ Lab ∪ τ, and for i = 0, 1, . . .:
1 Trajectories: (ξ(t), ξ(t)) ∈ Flow(ℓ) and ξi(t) ∈ Inv(ℓi)for all t ∈ [0, δi ].
2 Jumps: (ξi(δi), xi+1) ∈ Jump(ei), ei = (ℓi , αi , ℓi+1) ∈ Edg, andxi+1 ∈ Inv(ℓi+1).
A state (ℓ, x) is reachable if there exists a run with (ℓi , xi) = (ℓ, x)for some i .
Usually: Flow(ℓ) is ODE and trajectory ξ(t) its solution
Goran Frehse, Andre Platzer () FCPS / 24: Model Checking & Reachability Analysis 6 / 36
Run Semantics
(ℓ0, x0)δ0,ξ0−−→ (ℓ0, ξ0(δ0))
α0−→ (ℓ1, x1)δ1,ξ1−−→ (ℓ1, ξ1(δ1)) . . .
with (ℓ0, x0) ∈ Init, αi ∈ Lab ∪ τ, and for i = 0, 1, . . .:
1 Trajectories: (ξ(t), ξ(t)) ∈ Flow(ℓ) and ξi(t) ∈ Inv(ℓi)for all t ∈ [0, δi ].
2 Jumps: (ξi(δi), xi+1) ∈ Jump(ei), ei = (ℓi , αi , ℓi+1) ∈ Edg, andxi+1 ∈ Inv(ℓi+1).
A state (ℓ, x) is reachable if there exists a run with (ℓi , xi) = (ℓ, x)for some i .
Usually: Flow(ℓ) is ODE and trajectory ξ(t) its solution
Goran Frehse, Andre Platzer () FCPS / 24: Model Checking & Reachability Analysis 6 / 36
Example: Ball on String
−1 −0.8 −0.6 −0.4 −0.2 0 0.2 0.4 0.6 0.8 1
−5
0
5
x0
ξ0(δ0) = x1
ξ3(δ3) = x4ξ1(δ1)
x2
ξ2(δ2) = x3
ξ4(δ4) = x5
position x
velocity
v
Goran Frehse, Andre Platzer () FCPS / 24: Model Checking & Reachability Analysis 7 / 36
Outline
1 Hybrid AutomataExampleDefinition and Semantics
2 Set-Based ReachabilityPiecewise Constant DynamicsPiecewise Affine DynamicsSet Representations
3 Conclusions
Goran Frehse, Andre Platzer () FCPS / 24: Model Checking & Reachability Analysis 7 / 36
Set-Based Reachability
Extending numerical simulation from numbers to sets
account for nondeterminism
exhaustive
infinite time horizon
Downsides:
only approximate for complex dynamics
generally not scalable in number of variables
trade-off between runtime and accuracy
may not terminate or degenerate to “system could be anywhere”
Goran Frehse, Andre Platzer () FCPS / 24: Model Checking & Reachability Analysis 8 / 36
Reachability Algorithm
One-step successors by time elapse from set of states S ,
PostC (S) =(ℓ, ξ(δ))
∣∣ ∃(ℓ, x) ∈ S : (ℓ, x)δ,ξ−→ (ℓ, ξ(δ))
One-step successors by jump from set of states S ,
PostD(S) =(ℓ′, x′)
∣∣ ∃(ℓ′, x′) ∈ S ,∃α ∈ Lab∪τ:(ℓ, x) α−→ (ℓ′, x′)
R0 := PostC (Init),
Ri+1 := Ri ∪ PostC (PostD(Ri)).
If Ri+1 = Ri , then Ri = reachable states.
may not terminate if states unbounded (counter)
problem undecidable in general2
2T. A. Henzinger, P. W. Kopke, A. Puri, and P. Varaiya, “What’s decidable about hybridautomata?” Journal of Computer and System Sciences, vol. 57, pp. 94–124, 1998.
Goran Frehse, Andre Platzer () FCPS / 24: Model Checking & Reachability Analysis 9 / 36
Ball on String: Reachable States
(clip from SpaceEx output)
Goran Frehse, Andre Platzer () FCPS / 24: Model Checking & Reachability Analysis 10 / 36
Outline
1 Hybrid AutomataExampleDefinition and Semantics
2 Set-Based ReachabilityPiecewise Constant DynamicsPiecewise Affine DynamicsSet Representations
3 Conclusions
Goran Frehse, Andre Platzer () FCPS / 24: Model Checking & Reachability Analysis 10 / 36
HA of piecewise constant dynamics (PCDA,LHA)
initial states and invariants are conjunctions of linear constraints
xr ≤ x ∧ x ≤ xr + L
flows are conjunctions of linear constraints over derivatives X
x = 5 ∧ v = −1 ∧ 2 ≤ z ∧ z ≤ 5
jumps are conjunctive linear constraints over X ∪ X+,where X+ denote the variables after the jump.
x = xr + L ∧ v > 0 ∧ v+ = −0.5 ∗ v
One-step successors of PCDA can be computed exactly.Often: assume all constraints are compact or at least closed.
Goran Frehse, Andre Platzer () FCPS / 24: Model Checking & Reachability Analysis 11 / 36
Polyhedra in Constraint Form
Conjunctive linear constraints are polyhedra
H-polyhedron (constraint form)
P =x∣∣∣ ∧m
i=1aTi x ≤ bi
,
with facet normals ai ∈ Rn and inhomogeneous coefficients bi ∈ R.vector-matrix notation:
P =x∣∣∣ Ax ≤ b
, with A =
(aT1...aTm
),b =
( b1...bm
).
Goran Frehse, Andre Platzer () FCPS / 24: Model Checking & Reachability Analysis 12 / 36
Time Elapse with Polyhedra
For PCDA, it suffices to consider straight-line trajectories:3
Lemma (Constant Derivatives)
There is a trajectory ξ(t) from x = ξ(0) to x′ = ξ(δ), δ > 0, iffη(t) = x+ qt with q = (x′ − x)/δ is a trajectory from x to x′.
Proof Idea: Average slope is enough by mean-value theorem
3P.-H. Ho, “Automatic analysis of hybrid systems,” Technical Report CSD-TR95-1536,PhD thesis, Cornell University, Aug. 1995.
Goran Frehse, Andre Platzer () FCPS / 24: Model Checking & Reachability Analysis 13 / 36
Time Elapse with Polyhedra
For PCDA, it suffices to consider straight-line trajectories:3
Lemma (Constant Derivatives)
There is a trajectory ξ(t) from x = ξ(0) to x′ = ξ(δ), δ > 0, iffη(t) = x+ qt with q = (x′ − x)/δ is a trajectory from x to x′.
Proof Idea: Average slope is enough by mean-value theorem
3P.-H. Ho, “Automatic analysis of hybrid systems,” Technical Report CSD-TR95-1536,PhD thesis, Cornell University, Aug. 1995.
Goran Frehse, Andre Platzer () FCPS / 24: Model Checking & Reachability Analysis 13 / 36
Time Elapse with Polyhedra
Given polyhedra P = x | Ax ≤ b, Q = q | Aq ≤ bTime successors with constant slope ∈ Q (ignores evolution domain):
PQ = x′ | x ∈ P ,q ∈ Q, t ∈ R≥0, x′ = x+ qt.
Eliminating q = x′−xt
for t > 0, plug into Q, and multiplying with t:
PQ =x′∣∣∣ Ax ≤ b ∧ A(x′ − x) ≤ b · t ∧ t ≥ 0
.
Quantifier elimination of t squares the number of constraints. FMMore general union of two polyhedra if Q not compact.Subsequently intersect with evolution domain Inv:
postC (ℓ× P) = ℓ×(PFlow(ℓ)
)∩ Inv(ℓ).
Goran Frehse, Andre Platzer () FCPS / 24: Model Checking & Reachability Analysis 14 / 36
Time Elapse with Polyhedra – Geometric Version
x1
x2
Qpos(Q)
(a) cone pos(Q)
x1
x2
P
Q
P ⊕Q
(b) P ⊕Q
x1
x2
P
P ⊕ pos(Q)
(c) PQ = P ⊕ pos(Q)
cone around Q pos(Q) = q · t | q ∈ Q, t ≥ 0Minkowski sum P ⊕Q = p+ q | p ∈ P ,q ∈ Qconvex hull chull(Q) =
∑qi∈Q λi · qi
∣∣∣ λi ≥ 0,∑
i λi = 1
Goran Frehse, Andre Platzer () FCPS / 24: Model Checking & Reachability Analysis 15 / 36
Polyhedra in Generator Form
H-polyhedron (constraint form)
P =x∣∣∣ Ax ≤ b
, with A =
(aT1...aTm
),b =
( b1...bm
).
V-polyhedron (generator form)
P = (V ,R) = chull (V )⊕ pos(chull(R)).
with vertices V ⊆ Rn and rays R ⊆ Rn
If P = (V ,R) and Q = (V ′,R ′) in generator form and closed, then
PQ = (V ,R)(V ′,R ′) = (V ,R ∪ V ′ ∪ R ′)
But: conversion between H- and V-polyhedra is expensivecube: 2n constraints, 2n verticescross-polytope (diamond): 2n vertices, 2n constraints
Goran Frehse, Andre Platzer () FCPS / 24: Model Checking & Reachability Analysis 16 / 36
Discrete Successors
Edge e = (ℓ, α, ℓ′) with guard x ∈ G and nondeterministic assignmentx+ = Cx+w, w ∈ W ,
postD(ℓ× P) = ℓ′ ×(C (P ∩ G)⊕W
)∩ Inv(ℓ′).
If constant matrix C invertible and everything in constraint form
CP = x | AC−1x ≤ b where P =x∣∣∣ Ax ≤ b
Otherwise requires quantifier elimination
Goran Frehse, Andre Platzer () FCPS / 24: Model Checking & Reachability Analysis 17 / 36
Computational Cost
polyhedraoperation m constraints k generators
cone pos() m2 kMinkowski sum ⊕ exp k2
linear map Ax+b m / exp kintersection ∩ 2m exp
Generator form good for continuous successors PQ = P ⊕ pos(Q)Constraint form is better for discrete successors if no uncertaintyConversion is expensive
Goran Frehse, Andre Platzer () FCPS / 24: Model Checking & Reachability Analysis 18 / 36
Outline
1 Hybrid AutomataExampleDefinition and Semantics
2 Set-Based ReachabilityPiecewise Constant DynamicsPiecewise Affine DynamicsSet Representations
3 Conclusions
Goran Frehse, Andre Platzer () FCPS / 24: Model Checking & Reachability Analysis 18 / 36
Piecewise Affine Dynamics
Hybrid automata with piecewise affine dynamics (PWA)
initial states and invariants are conjunctive linear constraintsover X alias polyhedra
xr ≤ x ∧ x ≤ xr + L
flows are affine ODEs with compact convex polyhedra U
x = Ax+ Bu, u ∈ U ,
jumps have a guard set and assignments
x+ = Cx+w, w ∈ W .
Goran Frehse, Andre Platzer () FCPS / 24: Model Checking & Reachability Analysis 19 / 36
Continuous successors
x = Ax+ Bu, u ∈ U ,
trajectory ξ(t) from ξ(0) = x0 for integrable input signal ζ(t) ∈ U :
ξx0,ζ(t) = eAtx0 +
∫ t
0
eA(t−s)Bζ(s)ds
superposition with“backdated impact eA(t−s) of input ζ(s) at s”
reachable states from set X0 for any input signal:
Xt = eAtX0 ⊕ Yt
Yt =
∫ t
0
eAsUds = eAtX0 ⊕ limδ→0
⌊t/δ⌋⊕k=0
eAδkδU
Goran Frehse, Andre Platzer () FCPS / 24: Model Checking & Reachability Analysis 20 / 36
Computing a Convex Cover
X0
Ω0
Xδ
Ω1
X2δ
Ω2
Compute Ω0,Ω1, . . . for fixed time horizon T such that∪0≤t≤T
Xt ⊆ Ω0 ∪ Ω1 ∪ . . . .
Goran Frehse, Andre Platzer () FCPS / 24: Model Checking & Reachability Analysis 21 / 36
Time Discretization at Step-size δ
X0
Ω0
Xδ
Ω1
X2δ
Ω2
Semi-group property: (Xkδ)δ = X(k+1)δ
Time discretization: X(k+1)δ = eAδXkδ ⊕ Yδ
Given initial approximations Ω0 and Ψδ for the first δ such that∪0≤t≤δ
Xt ⊆ Ω0, Yδ ⊆ Ψδ,
Xt is covered by the sequence
Ωk+1 = eAδΩk ⊕Ψδ.
Goran Frehse, Andre Platzer () FCPS / 24: Model Checking & Reachability Analysis 22 / 36
Initial Approximations
X0
Xδ
Ω0
(a) convex hull and pushing facets (b) convex hull and bloating
By Taylor approximation or by solving optimization problems
Goran Frehse, Andre Platzer () FCPS / 24: Model Checking & Reachability Analysis 23 / 36
Initial Approximations – Forward Bloating
Bloating based on norms bounding Taylor approximation error:4
Ω0 = chull(X0 ∪ eAδX0)⊕ (αδ + βδ)B,Ψδ = βδB,αδ = µ(X0) · (e∥A∥δ − 1− ∥A∥δ),βδ = 1
∥A∥µ(BU) · (e∥A∥δ − 1),
with radius µ(X ) = maxx∈X∥x∥ and unit ball B.
4A. Girard, “Reachability of uncertain linear systems using zonotopes,” in HSCC, 2005,pp. 291–305.
Goran Frehse, Andre Platzer () FCPS / 24: Model Checking & Reachability Analysis 24 / 36
Initial Approximations – Forward Bloating
X0
Ω0
Xδ
Ω1
X2δ
Ω2
Forward bloating is tight on X0 and bloated on Xδ.Improvements:
intersect forward bloating with backward bloating
bloat based on interpolation error
Goran Frehse, Andre Platzer () FCPS / 24: Model Checking & Reachability Analysis 25 / 36
Wrapping Effect: Error Accumulation
X0
eAδX0
Appr(eAδX0)
Appr(eAδAppr(eAδX0))
(a) with wrapping effect
X0
eAδX0
Appr(eAδX0)Appr(eA2δX0)
(b) with wrapping-free algorithm
Avoid increasing complexity through deliberate over-approximation
Ωk+1 = Appr(eAδΩk ⊕Ψδ).
Example: bounding box over-approximation is fast
Goran Frehse, Andre Platzer () FCPS / 24: Model Checking & Reachability Analysis 26 / 36
Wrapping Effect: Wrapping-free Cases
Idea: Over-approximate each image of initial approximation separatelySolution: Split sequence5
Ψk+1 = Appr(eAkδΨδ)⊕ Ψk with Ψ0 = 0,Ωk = Appr(eAkδΩ0)⊕ Ψk from initial Ω0
satisfies Ωk = Appr(Ωk) (wrapping-free) if
Appr(P ⊕Q) = Appr(P)⊕ Appr(Q),
e.g., bounding box.
5A. Girard, C. L. Guernic, and O. Maler, “Efficient computation of reachable sets of lineartime-invariant systems with inputs,” in HSCC, 2006, pp. 257–271.
Goran Frehse, Andre Platzer () FCPS / 24: Model Checking & Reachability Analysis 27 / 36
Outline
1 Hybrid AutomataExampleDefinition and Semantics
2 Set-Based ReachabilityPiecewise Constant DynamicsPiecewise Affine DynamicsSet Representations
3 Conclusions
Goran Frehse, Andre Platzer () FCPS / 24: Model Checking & Reachability Analysis 27 / 36
Polyhedra
X0
Ω0
Xδ
Ω1
X2δ
Ω2
polyhedraoperation m constr. k gen.
convex hull chull exp 2kMinkowski sum ⊕ exp k2
linear map Ax+b m / exp kintersection ∩ 2m exp
Goran Frehse, Andre Platzer () FCPS / 24: Model Checking & Reachability Analysis 28 / 36
Ellipsoids6
X0
Ω0
Xδ
Ω1
X2δ
Ω2
polyhedra ellipsoidsoperation m constr. k gen. n × n matrix
convex hull chull exp 2k approxMinkowski sum ⊕ exp k2 approxlinear map Ax+b m / exp k O(n3)intersection ∩ 2m exp approx
6A. B. Kurzhanski and P. Varaiya, Dynamics and Control of Trajectory Tubes. Springer,2014.
Goran Frehse, Andre Platzer () FCPS / 24: Model Checking & Reachability Analysis 29 / 36
Zonotopes
v1v2
v3
v4c
Zonotope with center c ∈ Rn and generators v1, . . . , vk ∈ Rn
P =
c+
∑k
i=1αivi
∣∣∣∣ αi ∈ [−1, 1]
.
linear map: (Ac, ⟨Av1, . . . ,Avk⟩)Minkowski sum: P ⊕Q = (c+ d, ⟨v1, . . . , vk ,w1, . . . ,wm⟩)Not closed under chull or ∩ so need approximations
Goran Frehse, Andre Platzer () FCPS / 24: Model Checking & Reachability Analysis 30 / 36
Zonotopes7
X0
Ω0
Xδ
Ω1
X2δ
Ω2
polyhedra ellipsoids zonotopesoperation m constr. k gen. n × n matrix k generators
convex hull chull exp 2k approx approxMinkowski sum⊕ exp k2 approx 2klinear map Ax+b m / exp k O(n3) kintersection ∩ 2m exp approx approx
7A. Girard, “Reachability of uncertain linear systems using zonotopes,” in HSCC, 2005,pp. 291–305.
Goran Frehse, Andre Platzer () FCPS / 24: Model Checking & Reachability Analysis 31 / 36
Support Functions of Compact Convex Set P
dρP(d)
P
0
(a) support function in direction d
d3
d4
d1
d2
P
⌈P⌉D
(b) outer approximation
support function ρP(·) by linear optimization (efficient!)
ρP(d) = maxdTx | x ∈ P
computed values define polyhedral outer approximation
⌈P⌉D =∩d∈D
dTx ≤ ρP(d)
Goran Frehse, Andre Platzer () FCPS / 24: Model Checking & Reachability Analysis 32 / 36
Support Functions
dρP(d)
P
0
(a) support function in direction d
d3
d4
d1
d2
P
⌈P⌉D
(b) outer approximation
linear map: ρAX (ℓ) = ρX (ATℓ) O(mn)
convex hull: ρchull(P∪Q)(ℓ) = maxρP(ℓ), ρQ(ℓ) O(1)Minkowski sum: ρX⊕Y(ℓ) = ρX (ℓ) + ρY(ℓ) O(1)Intersection: expressible as optimization problem
Goran Frehse, Andre Platzer () FCPS / 24: Model Checking & Reachability Analysis 33 / 36
Support Functions (Le Guernic, Girard,’09)[9]
X0
Ω0
Xδ
Ω1
X2δ
Ω2
X0
Ω0
Xδ
Ω1
X2δ
Ω2
support functions: lazy approximation on demand
polyhedra ellipsoids zonotopes support f.operation m constr. k gen. n × n matrix k generators —
convex hull chull exp 2k approx approx O(1)Minkowski sum ⊕ exp k2 approx 2k O(1)linear map Ax+b m / exp k O(n3) k O(n2)intersection ∩ 2m exp approx approx opt. / approx
Goran Frehse, Andre Platzer () FCPS / 24: Model Checking & Reachability Analysis 34 / 36
Outline
1 Hybrid AutomataExampleDefinition and Semantics
2 Set-Based ReachabilityPiecewise Constant DynamicsPiecewise Affine DynamicsSet Representations
3 Conclusions
Goran Frehse, Andre Platzer () FCPS / 24: Model Checking & Reachability Analysis 34 / 36
Conclusions
Hybrid automata are challenging for model checking.
Set-based reachability is exhaustive, sufficient for safety andbounded liveness.
expensive, scalable for piecewise affine dynamics
Abstraction lifts reachability to more complex systems
progress with approximate simulation relations
Verification by numerical simulation extends properties fromtraces to sets of states
sampling of initial states limited to low dimensional sets
Goran Frehse, Andre Platzer () FCPS / 24: Model Checking & Reachability Analysis 35 / 36
References
[2] R. Alur, C. Courcoubetis, N. Halbwachs, T. Henzinger, P.-H. Ho, X. Nicollin, A. Olivero,J. Sifakis, and S. Yovine, “The algorithmic analysis of hybrid systems,” TheoreticalComputer Science, vol. 138, pp. 3–34, 1995.
[3] T. A. Henzinger, “The theory of hybrid automata.,” in LICS, Los Alamitos: IEEEComputer Society, 1996, pp. 278–292.
[9] C. Le Guernic and A. Girard, “Reachability analysis of linear systems using supportfunctions,” Nonlinear Analysis: Hybrid Systems, vol. 4, no. 2, pp. 250–262, 2010.
Goran Frehse, Andre Platzer () FCPS / 24: Model Checking & Reachability Analysis 36 / 36