Formal-V Group, IIT KGP 1 Introduction to Hybrid Automata Introduction to Hybrid Automata Arijit Mondal Kapil Modi Arnab Sinha

Formal-V Group, IIT KGP 11

Introduction to Hybrid AutomataIntroduction to Hybrid Automata

Arijit Mondal

Kapil Modi

Arnab Sinha


IntroductionIntroduction• A hybrid automaton is a formal model for a

mixed discrete continuous system.• Systems with ‘discrete jumps’ & ‘continuous

flow’ can be modeled into Hybrid Automata.• Bouncing Ball Example:

Here, the following properties hold:

0,,..

hgvvh


Bouncing Ball: PropertiesBouncing Ball: Properties

• States: In air (Assumption: Rebound time is negligible)

• Continuous Variable: height (h), velocity (v)• Guard Condition : height=0, velocity=negative.• Effect (Reset Map): velocity changes due to

restitution coefficient (e)

We are ready for the Model !!!


Bouncing Ball Model:Bouncing Ball Model:

0

.

.

h

gv

vh

Fly

)0()0( vh

evv :

0h

State

Continuous variables

Guard Condition

Reset condition

Domain (Fly)


An Illustration: Water Tank Problem An Illustration: Water Tank Problem


Water Tank: PropertiesWater Tank: Properties

• The supplier can supply water at a rate of w to only one reservoir at a time. [Discrete Behavior]

• The current levels are x1 and x2 respectively.[Continuous Variables]

• The minimum threshold to be maintained are r1 and r2 respectively. [Guard Conditions]

• It is assumed that while transition between reservoirs none of the level changes. [Reset Property]

Hence we can model it with Hybrid Automata!!!


Water Tank ProblemWater Tank Problem

11

2

.

2

1

.

1

2

rx

vwx

vx

q

22 rx xx :

xx :11 rx

2211 rxrx 2211 rxrx

Guard Condition

Reset Property

state

Continuous variables

Domain(q1) Domain(q2)

1

.

1 1

.

2 2

2 2

q

x w v

x v

x r


The AutomatonThe Automaton

• Where,• Q = set of discrete states.• X = set of continuous variables, nXQf :

),,,,,,,( RGEDInitfXQH

)(: XPQDom

XQInit

)(:

)(:

XPXER

XPEG

QQE

Where, E is the set of edges. G is the guard condition, and, R is the Reset Map


An Illustration: Water Tank Problem An Illustration: Water Tank Problem


Water Tank Problem: Formal ModelWater Tank Problem: Formal Model

}|{},{

),(

,),(

},{

22112

21

2

12

2

11

2

21

rxrxxqqInit

vw

vxqf

v

vwxqf

X

qqQ


Water Tank Problem: Formal Model Water Tank Problem: Formal Model (Contd.)(Contd.)

}{),,(),,(

)},(),,{(

}|{)(

}|{)(

1221

1221

112

2

222

1

xxqqRxqqR

qqqqE

rxxqDom

rxxqDom


Water Tank ProblemWater Tank Problem

11

2

.

2

1

.

1

2

rx

vwx

vx

q

22 rx xx :

xx :11 rx

2211 rxrx 2211 rxrx

1

.

1 1

.

2 2

2 2

q

x w v

x v

x r


Hybrid time setHybrid time set

NiiN IIII 010 }{},..,{

It is a sequence of finite or infinite intervals such that

i

andIIN

NiI

iii

NNNNNN

iii

1'

''

'

);,[],[)(

],,[


Bouncing Ball: Hybrid time-setBouncing Ball: Hybrid time-set

0'0

'1

1The bouncing ball: The first half is upward movement and the next half is downwards. The first run is interval and the next run is in and so on.'

0 0[ , ] '

1 1[ , ]


Hybrid Trajectory Hybrid Trajectory q, x)q, x)

• A hybrid trajectory is a triple q, x) consisting of a hybrid time set, and two sequences of functions q and x such that

n0

0

0

:(.),(.)}{

:(.),(.)}{

}{

iiN

i

iiN

i

Ni

Ixxx

QIqqq

I


Hybrid ExecutionHybrid Execution

An execution of a hybrid automation H is hybrid trajectory,

q, x), which satisfies the following conditions.

• Initial condition:

• Discrete evolution:

Initxq ))0(),0(( 00

)).(),(),(()(

)),(),(()(,))(),((,'

11'

11

11''

11'

iiiiiiii

iiiiiiiiii

xqqRx

andqqGxEqqi


Hybrid Execution (contd.)Hybrid Execution (contd.)• Continuous evolution:

QIq ii :(.).1 ;),()( iiii Itqtq such that

XIx ii :(.).2 is the solution to the diff. equation

))(),(( txtqfdt

dxii

i

over starting at iI ,);( andx ii

))(()(),,[ ' tqDomtxt iiii


Water Tank Problem: Hybrid ExecutionWater Tank Problem: Hybrid Execution

11

2

.

2

1

.

1

2

rx

vwx

vx

q

22 rx xx :

xx :11 rx

2211 rxrx 2211 rxrx

1

.

1 1

.

2 2

2 2

q

x w v

x v

x r


Water Tank Problem: Hybrid Execution (Contd.)Water Tank Problem: Hybrid Execution (Contd.)

}|{},{

),(

,),(

},{

22112

21

2

12

2

11

2

21

rxrxxqqInit

vw

vxqf

v

vwxqf

X

qqQ

}{),,(),,(

)},(),,{(

}|{)(

}|{)(

1221

1221

112

2

222

1

xxqqRxqqR

qqqqE

rxxqDom

rxxqDom

'1 0 0 1[ , ]I t t q

'2 1 1 2[ , ]I t t q

'1 0 1 2 1 2( ) ; ( )q t q q t q

'1 2 1 0 2 1( , ) ( ( ), ( ))q q E q t q t E

0 0 1 1 1 2 2( (0), (0)) {( , ) | }q x q x x r x r Init Initial Condition

Discrete Evolution


Water Tank Problem: Hybrid Execution (Contd.)Water Tank Problem: Hybrid Execution (Contd.)

.

1 1 1, ( ) ; ( , )t I q t q x f q x

.

2 2 2, ( ) ; ( , )t I q t q x f q x

Continuous Evolution


Classification of ExecutionsClassification of Executions

• Finite, if is a finite sequence and the last interval in is closed.

• Infinite, if is a infinite sequence, or if,

• Zeno, if it is infinite but the sum of intervals is finite. Real life designs are mostly non-zeno i.e. time-diverging e.g. bouncing ball system.

• Maximal, if it is not a strict prefix of any other execution of H.

N

iii

0

' )(


0-Transition0-Transition• We know,

• Hence we define an event which triggers transition iff there exists an edge e= (q, q’) such that for some ,

• Hence we can say for all states q, of a hybrid automaton i.e. we can always construct an edge such that

)}(,,)(|{~~

XPXEeXeggG

'qq

Gg

).(,)(~

XPXXeg qq 0

),( qqe ).()( qDomeg

q0

).()( qDomeg


Composition of AutomataComposition of Automata• For two hybrid automata, and then we can define

the semantics of parallel composition as • But for composition, the transitions have to be

consistent.• The transitions, and are consistent if

any of the following three conditions are true,• • and .• and .

1H 2H21 || HH

111 qq a 22

2 qq a

21 aa

211 \ a 02 a

122 \ a 01 a


Composition: Water Tank ModelComposition: Water Tank Model• We develop two independent models of the 2 reservoirs.

12q11q

1 1x r 1 1x r

0

1 1 1 1: ,x r x r

21q22q

0

2 2x r 2 2x r2 2 2 2: ,x r x r

holds when water is supplied to tank 1.

:supply false

:supply true

:supply true

:supply false

12q


Composition: Water Tank ModelComposition: Water Tank Model• The complete model.

11 22{ , }q q 12 21{ , }q q


Example: Buck ConverterExample: Buck Converter

Buck converter driving variable load

• Switch S1 remain on for 6 secs and off for 4 secs• Switch S2 alternate between R1 and R2 in every 4 secs


Discrete states and State variablesDiscrete states and State variables

• Four discrete states– S1 on and S2—R1 (A)– S1 on and S2—R2 (B)– S1 off and S2—R2 (C)– S1 off and S2—R1 (D)

• For circuit dynamics:– Current through inductor (i)– Voltage across capacitor

(v)• Clock variables:

– S1: denotes the duration of on/off state of switch S1

– S2: denotes the duration of connection of switch S2 with R1 or R2


Dynamic activitiesDynamic activities

11 s

.

.

v Ei

L Li v

vC RC

For states (A) and (B) For states (C) and (D)

For clock variable S1 and S2 for all locations

12 s

.

.

i

vi

Li v

vC RC


Hybrid model of Buck converterHybrid model of Buck converter


Example (Buck converter) Example (Buck converter) [Santosh][Santosh]


DescriptionsDescriptions

• Zero pulse – Generates –ve square pulse when input crosses zero volt from any +ve voltage

• Monoshot – Generates +ve square pulse with Ton and it is triggered by a –ve edge at the input.

• Startup pulse – Generates –ve pulse to trigger the monoshot.

• Zero crossing detector – It toggles output when the input crosses zero volt. Initial output logic zero.

• Drivers – To drive power MOS switches.


Hysteresis comparatorHysteresis comparator

• Outputs logic high if input is below threshold• Outputs logic low if input is above threshold

Vin

Vout


Determination of discrete statesDetermination of discrete states

• This systems can be modeled as hybrid system and dynamics behavior of each state depends on the following– State of PMOS– State of NMOS– Control signal to PMOS– Control signal to NMOS

• Dynamic behavior of each state will depend on the following:

– Vcx : PMOS drain voltage

– Vout : Output voltage


Hybrid automataHybrid automata

Q State Activity Reset1 Pn, Nf, CPn, CNf

2 Pn, Nf, CPf, CNn

3 Pf, Nn, CPf, CNn

4 Pf, Nn, CPn, CNf

lvv cxout 1 Evcx

lvv cxout 1 Evcx

lvv cxout 1 kcx vv

Q Q G

1 2 T≥Ton

2 3 CPf & CNn

3 4

lvv cxout 1 kcx vv

lthoutcx vvv 0


Linear hybrid systems (LHS)Linear hybrid systems (LHS)

• For all locations activity (vector field) can be defined as follows:

• For all locations invariant (domain) is defined by a linear formula over continuous states (X).

• For all transitions, guarded set of nondeterministic assgn.

}|],[:{ Xxx xx

Zkkx xx ,

)()()()(),( xx vxvvXxxviffEvv


ExampleExample

(x+y>4)→{x:=[3x+y,2y], y:=[7,5x]}

v(αx)=21

v(βx)=24

x=3y=12

x=23y=9

v(αy)=7

v(βy)=15

v:(x=3,y=12)


Special casesSpecial cases

Discrete variable Qqx 0

Discrete system – All variable are discrete variable

Proposition – x is discrete variable and EexeR }1,0{),(

Clock )},0{),(()1( EexxeRQqx


Special cases (contd.)Special cases (contd.)

• Timed automaton – Linear hybrid system all of whose variables are propositions or clocks and linear expression are Boolean combination of inequalities. (x#c or x-y#c)

• Skewed clock:

• Multirate timed system – LHS whose variables are propositions and skewed clocks

• n-rate timed system – Multirate timed system whose skewed clocks proceed at n different rates

)},0{),((),( EexxeRZkQqkx


Special cases (contd.)Special cases (contd.)

• Integrator

• Parameter - x discrete variable

• Simple LHS – Domains (invariants) and Guards are of the form x≤k or x≥k

)},0{),(()}1,0{( EexxeRQqx

EexxeR ),(


Reachability resultsReachability results

• The reachability problem is decidable for simple multirate timed system.

• The reachability problem is undecidable for 2-rate timed system.

• The reachability problem is undecidable for simple integrator systems


Verification of Hybrid AutomataVerification of Hybrid Automata• A hybrid automata specification can be encoded as a set of

desirable hybrid trajectories, H. • The given model is said to meet the given specification if the set

of execution of the model is a subset of H.• Safety Property:-

• where F is the set of safe states in which we wish to remain always.

• Liveness Property:-

• where T is the set of states in which we visit eventually.

(( , ) )G q x F

(( , ) )F q x T


ExampleExample• Say we model a traffic system with a hybrid automata, then

the set of safe states F, are those, in which no two cars collide.

• Set of live states T, are those, in which the cars eventually reach their destination.


Transition System from a hybrid automatonTransition System from a hybrid automaton

• H = (Q, X, Init, f, Dom, E, G, R) be a hybrid automaton with a distinguished set of final states, F,

•

• S: set of states (finite or infinite)• A transition relation• A set of initial states• A set of final states

F Q X

0( , , , )FT S S S

: ( )S P S 0S SFS S

0

F

S Q X

S Init

S F

Hybrid Automata transformed into a transition system.


Transition System from a hybrid automaton (contd.)Transition System from a hybrid automaton (contd.)

{ '} ( , ), ( ) ( ( ))( , )

,e

q R e x if q q and x G eq x

otherwise

( , ')e q q E

( , ) {( ', ') |

[ ' ] [ 0, ( ( ) ') ( [0, ], ( ) ( ))]}

c q x q x Q X

q q T x T x t T x t Dom q

The transition relation can be divided into a discrete transition relation and a continuous transition relation.For each edge,

For the continuous transition relation,

Where, x(.) is the solution of the differential equation. .

( , ) , (0)x f q x with x x

Hence, ( ) ( ) ( )c ee E

s s s


Backward ReachabilityBackward Reachability

0 , 0FW S i

( ) { | ( )}Pre S s S s S s s

Algorithm:

Initialization:

repeatif

return ” reachable “endif

untilreturn “ not reachable“

0iW S

1 ( )i i iW Pre W W 1i i

FS

FS1i iW W


Backward Reachability: ExampleBackward Reachability: Example

q0

q1 q2

q3 q4 q5 q6



q0

q1 q2

q3 q4 q5 q6



q0

q1 q2

q3 q4 q5 q6


Bisimulation: ExampleBisimulation: Example• We can check, is a bisimulation

of the given system, but is not.

q0

q1 q2

q3 q4 q5 q6

0 1 2 3 6 4 5{{ },{ , },{ , },{ , }}q q q q q q q

0 1 3 4 2 5 6{{ },{ , , },{ , , }}q q q q q q q


Bisimulation: ExampleBisimulation: Example

q0

q1 q2

q3 q4 q5 q6

0 1 2 3 6 4 5{{ },{ , },{ , },{ , }}q q q q q q q


Bisimulation: ExampleBisimulation: Example

q0

q1 q2

q3 q4 q5 q6

0 1 3 4 2 5 6{{ },{ , , },{ , , }}q q q q q q q

Not a Bisimulation


Bisimulation: DefinitionBisimulation: Definition• A bisimulation of a transition system is a

partition of the state space S of T such that,

• is a union of elements of the partition,• is a union of elements of the partition,• If one state (say s) in some set of the partition (say ) can

transition to another set in the partition (say ), then all other states, in must be able to transition to some state in . More formally,

0( , , , )FT S S S{ }i i IS

0SFS

iSjS

s

, , , , ( ) , , ( )i j ji j I s s S if s S then s S

iS jS


Bisimulation: AlgorithmBisimulation: Algorithm• Let, be a bisimulation of the transition system, T and let

be the quotient-transition system. is reachable by T, iff

is reachable by .In fact, bisimulation preserves any property that can be expressed in CTL.[1]

Algorithm:

Initialization:

while such that

do

end while

return

{ }i i IS

T

TFS

FS

0 0{ , , \ ( )}F FP S S S S S ,i jS S P ( ) ( )i j i j iS Pre S S Pre S S

'

''

' ''

( )

\ ( )

( \ ) { , }

i i j

i i j

i i i

S S Pre S

S S Pre S

P P S S S


Bisimulation Algorithm: ExampleBisimulation Algorithm: Example

q0

q1 q2

q3 q4 q5 q6


Bisimulation Algorithm: ExampleBisimulation Algorithm: Example

q0

q1 q2

q3 q4 q5 q6


Problems at Hand:-Problems at Hand:-

1. Due to possible variations in the system parameters which are determined only after the low level synthesis is complete, our hybrid system model may change. We wish to automate the effects of change. It will also give us the range of system parameters for which the circuit behavior does not violate the system specifications.

2. In the design hierarchy, we may have a block-level design, which can be resolved into circuit-level design. To check whether, the two designs are compliant, we will check the equivalence of two hybrid automata.


Intuitive IdeaIntuitive Idea

• Any two equivalent hybrid systems, should follow the same differential equation, at any given cycle, assuming the designs are correct.

• Hence at any given cycle, a particular state in H1 should have a mirror state in H2.

• So, we aim to compose the two hybrid systems.


Intuitive Idea: Contd.Intuitive Idea: Contd.• Consider the following 2 models

H1

H2


Intuitive Idea: Contd.Intuitive Idea: Contd.

• Composed Model

H1 || H2


Informal AlgorithmInformal AlgorithmAlgorithm:

Init(c) = compose (Init1,Init2);

Q(c) = Init(c) ;while all the nodes of H1 and H2 are not in Q(c)

for each node(s(i), s’(i)) in Q(c)for each transition of s(i) to p(j) (say e(ij))

for each transition of s’(i) to p’(j) (say e’(ij)) if(!check_consistency(e(ij), e’(ij))

return FAILURE else

compose (p(j), p’(j)) ; Q(c)=union( Q(c), (p(j), p’(j)) ) ;

endforendfor

endforendwhile


Existing Hybrid Model Checking ToolsExisting Hybrid Model Checking Tools

• Checkmate for verifying hybrid systems.[MATLAB Based] • Chutinan, Krogh, Stursberg et. al., CMU

• Requiem for verifying hybrid systems.

• University of Pennsylvania

• d/dt for verifying and synthesis hybrid systems. • Thao Dang and Oded Maler

• HyTech for verifying linear hybrid systems. • Thomas A Henzinger, Pei-Hsin Ho, and Howard Wong-Toi

• Ptolemy II for simulating concurrent, embedded and hybrid systems. • Center for Hybrid and Embedded Software Systems

(CHESS), University of California, Berkeley.

• Edward A. Lee


ReferenceReference• [1]“Lecture Notes on Hybrid Systems”

John Lygeros, University of Patras

• [2]T.A.Henzinger. Hybrid automata with finite bisimulations. ICALP 95: Automata, Languages, and Programming, Lecture Notes in Computer Science 944, Pages 225-238. Springer-Verlag, 1995.

• [3]T.A.Henzinger. Theory of Hybrid automata

• [4]Rajeev Alur, T.A. Henzinger et. al. The Algorithmic Analysis of Hybrid Systems, Theoretical Computer Science, 1995


Documents

Formal-V Group, IIT KGP 1 Introduction to Hybrid Automata Introduction to Hybrid Automata Arijit Mondal Kapil Modi Arnab Sinha