We consider the problem of translating a deterministic emph{simulation model} (like Matlab-Simunk, Modelica or Ptolemy models) into a emph{verification model} expressed by a network of hybrid automata. The goal is to verify safety using reachability analysis on the verification model. Simulation models typically use transitions with urgent semantics, which must be taken as soon as possible. Urgent transitions also make it possible to decompose systems that would otherwise need to be modeled with a monolithic hybrid automaton. In this paper, we include urgent transitions in our verification models and propose a suitable adaptation of our reachability algorithm. However, the simulation model, due to its imperfections, may be unsafe even though the corresponding hybrid automata are safe. Conversely, set-based reachability may not be able to show safety of an ideal formal model, since complex dynamics necessarily entail overapproximations. Taken as a whole, the formal modeling and verification process can both falsely claim safety and fail to show safety of the concrete system. We address this inconsistency by relaxing the model as follows. The standard semantics of hybrid automata is a mathematical idealization, where reactions are considered to be instantaneous and physical measurements infinitely precise. We propose semantics that relax these assumptions, where guard conditions are sampled in discrete time and admit measurement errors. The relaxed semantics can be translated to an equivalent relaxed model in standard semantics. The relaxed model is realistic in the sense that it can be implemented on hardware fast and precise enough, and in a way that safety is preserved. Finally, we show that overapproximative reachability analysis can show safety of relaxed models, which is not the case in general.
{"title":"From Simulation Models to Hybrid Automata Using Urgency and Relaxation","authors":"Stefano Minopoli, Goran Frehse","doi":"10.1145/2883817.2883825","DOIUrl":"https://doi.org/10.1145/2883817.2883825","url":null,"abstract":"We consider the problem of translating a deterministic emph{simulation model} (like Matlab-Simunk, Modelica or Ptolemy models) into a emph{verification model} expressed by a network of hybrid automata. The goal is to verify safety using reachability analysis on the verification model. Simulation models typically use transitions with urgent semantics, which must be taken as soon as possible. Urgent transitions also make it possible to decompose systems that would otherwise need to be modeled with a monolithic hybrid automaton. In this paper, we include urgent transitions in our verification models and propose a suitable adaptation of our reachability algorithm. However, the simulation model, due to its imperfections, may be unsafe even though the corresponding hybrid automata are safe. Conversely, set-based reachability may not be able to show safety of an ideal formal model, since complex dynamics necessarily entail overapproximations. Taken as a whole, the formal modeling and verification process can both falsely claim safety and fail to show safety of the concrete system. We address this inconsistency by relaxing the model as follows. The standard semantics of hybrid automata is a mathematical idealization, where reactions are considered to be instantaneous and physical measurements infinitely precise. We propose semantics that relax these assumptions, where guard conditions are sampled in discrete time and admit measurement errors. The relaxed semantics can be translated to an equivalent relaxed model in standard semantics. The relaxed model is realistic in the sense that it can be implemented on hardware fast and precise enough, and in a way that safety is preserved. Finally, we show that overapproximative reachability analysis can show safety of relaxed models, which is not the case in general.","PeriodicalId":337926,"journal":{"name":"Proceedings of the 19th International Conference on Hybrid Systems: Computation and Control","volume":"23 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-04-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125261217","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Benoît Barbot, M. Kwiatkowska, A. Mereacre, Nicola Paoletti
We develop a novel model-based hardware-in-the-loop (HIL) framework for optimising energy consumption of embedded software controllers. Controller and plant models are specified as networks of parameterised timed input/output automata and translated into executable code. The controller is encoded into the target embedded hardware, which is connected to a power monitor and interacts with the simulation of the plant model. The framework then generates a power consumption model that maps controller transitions to distributions over power measurements, and is used to optimise the timing parameters of the controller, without compromising a given safety requirement. The novelty of our approach is that we measure the real power consumption of the controller and use thus obtained data for energy optimisation. We employ timed Petri nets as an intermediate representation of the executable specification, which facilitates efficient code generation and fast simulations. Our framework uniquely combines the advantages of rigorous specifications with accurate power measurements and methods for online model estimation, thus enabling automated design of correct and energy-efficient controllers.
{"title":"Building Power Consumption Models from Executable Timed I/O Automata Specifications","authors":"Benoît Barbot, M. Kwiatkowska, A. Mereacre, Nicola Paoletti","doi":"10.1145/2883817.2883844","DOIUrl":"https://doi.org/10.1145/2883817.2883844","url":null,"abstract":"We develop a novel model-based hardware-in-the-loop (HIL) framework for optimising energy consumption of embedded software controllers. Controller and plant models are specified as networks of parameterised timed input/output automata and translated into executable code. The controller is encoded into the target embedded hardware, which is connected to a power monitor and interacts with the simulation of the plant model. The framework then generates a power consumption model that maps controller transitions to distributions over power measurements, and is used to optimise the timing parameters of the controller, without compromising a given safety requirement. The novelty of our approach is that we measure the real power consumption of the controller and use thus obtained data for energy optimisation. We employ timed Petri nets as an intermediate representation of the executable specification, which facilitates efficient code generation and fast simulations. Our framework uniquely combines the advantages of rigorous specifications with accurate power measurements and methods for online model estimation, thus enabling automated design of correct and energy-efficient controllers.","PeriodicalId":337926,"journal":{"name":"Proceedings of the 19th International Conference on Hybrid Systems: Computation and Control","volume":"46 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-04-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124155669","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The tool Matlab/Simulink is a numerical simulation environment that is widely used in industry for model-based design. Numerical simulation scales well and can be applied to systems with highly complex dynamics, but it is also inherently incomplete in the sense that critical events or behavior may be overlooked. The application of formal verification techniques to Simulink models could help to overcome this limitation. Set-based verification tools such as SpaceEx use as underlying formalism hybrid automata, which are semantically and structurally different from Simulink models. To address this issue, we are building the tool SL2SX for transforming a subset of the Simulink modeling language into a corresponding SpaceEx model. Our method is designed to preserve the syntactic aspects of a given Simulink diagram: the resulting SpaceEx model shows the same hierarchical structure and preserves the names of components and variables. Placeholders with the correct interface are provided for unsupported Simulink blocks, which can then be translated manually. We illustrate the tool SL2SX and the verification of the transformed models in SpaceEx on two examples provided by the Mathworks example library.
{"title":"SL2SX Translator: From Simulink to SpaceEx Models","authors":"Stefano Minopoli, Goran Frehse","doi":"10.1145/2883817.2883826","DOIUrl":"https://doi.org/10.1145/2883817.2883826","url":null,"abstract":"The tool Matlab/Simulink is a numerical simulation environment that is widely used in industry for model-based design. Numerical simulation scales well and can be applied to systems with highly complex dynamics, but it is also inherently incomplete in the sense that critical events or behavior may be overlooked. The application of formal verification techniques to Simulink models could help to overcome this limitation. Set-based verification tools such as SpaceEx use as underlying formalism hybrid automata, which are semantically and structurally different from Simulink models. To address this issue, we are building the tool SL2SX for transforming a subset of the Simulink modeling language into a corresponding SpaceEx model. Our method is designed to preserve the syntactic aspects of a given Simulink diagram: the resulting SpaceEx model shows the same hierarchical structure and preserves the names of components and variables. Placeholders with the correct interface are provided for unsupported Simulink blocks, which can then be translated manually. We illustrate the tool SL2SX and the verification of the transformed models in SpaceEx on two examples provided by the Mathworks example library.","PeriodicalId":337926,"journal":{"name":"Proceedings of the 19th International Conference on Hybrid Systems: Computation and Control","volume":"330 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-04-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132988906","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Session details: Methods for Reachability Analysis","authors":"T. Dang","doi":"10.1145/3261112","DOIUrl":"https://doi.org/10.1145/3261112","url":null,"abstract":"","PeriodicalId":337926,"journal":{"name":"Proceedings of the 19th International Conference on Hybrid Systems: Computation and Control","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-04-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117299032","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Session details: Control Synthesis","authors":"Majid Zamani","doi":"10.1145/3261114","DOIUrl":"https://doi.org/10.1145/3261114","url":null,"abstract":"","PeriodicalId":337926,"journal":{"name":"Proceedings of the 19th International Conference on Hybrid Systems: Computation and Control","volume":"4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-04-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132777951","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
We introduce SCOTS a software tool for the automatic controller synthesis for nonlinear control systems based on symbolic models, also known as discrete abstractions. The tool accepts a differential equation as the description of a nonlinear control system. It uses a Lipschitz type estimate on the right-hand-side of the differential equation together with a number of discretization parameters to compute a symbolic model that is related with the original control system via a feedback refinement relation. The tool supports the computation of minimal and maximal fixed points and thus natively provides algorithms to synthesize controllers with respect to invariance and reachability specifications. The atomic propositions, which are used to formulate the specifications, are allowed to be defined in terms of finite unions and intersections of polytopes as well as ellipsoids. While the main computations are done in C++, the tool contains a Matlab interface to simulate the closed loop system and to visualize the abstract state space together with the atomic propositions. We illustrate the performance of the tool with two examples from the literature. The tool and all conducted experiments are available at www.hcs.ei.tum.de.
{"title":"SCOTS: A Tool for the Synthesis of Symbolic Controllers","authors":"M. Rungger, Majid Zamani","doi":"10.1145/2883817.2883834","DOIUrl":"https://doi.org/10.1145/2883817.2883834","url":null,"abstract":"We introduce SCOTS a software tool for the automatic controller synthesis for nonlinear control systems based on symbolic models, also known as discrete abstractions. The tool accepts a differential equation as the description of a nonlinear control system. It uses a Lipschitz type estimate on the right-hand-side of the differential equation together with a number of discretization parameters to compute a symbolic model that is related with the original control system via a feedback refinement relation. The tool supports the computation of minimal and maximal fixed points and thus natively provides algorithms to synthesize controllers with respect to invariance and reachability specifications. The atomic propositions, which are used to formulate the specifications, are allowed to be defined in terms of finite unions and intersections of polytopes as well as ellipsoids. While the main computations are done in C++, the tool contains a Matlab interface to simulate the closed loop system and to visualize the abstract state space together with the atomic propositions. We illustrate the performance of the tool with two examples from the literature. The tool and all conducted experiments are available at www.hcs.ei.tum.de.","PeriodicalId":337926,"journal":{"name":"Proceedings of the 19th International Conference on Hybrid Systems: Computation and Control","volume":"12 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-04-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115425086","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Session details: Models with Uncertainty","authors":"A. Girard","doi":"10.1145/3261116","DOIUrl":"https://doi.org/10.1145/3261116","url":null,"abstract":"","PeriodicalId":337926,"journal":{"name":"Proceedings of the 19th International Conference on Hybrid Systems: Computation and Control","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-04-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133197821","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
We investigate quantifying the difference between two hybrid dynamical systems under noise and initial-state uncertainty. While the set of traces for these systems is infinite, it is possible to symbolically approximate trace sets using emph{reachpipes} that compute upper and lower bounds on the evolution of the reachable sets with time. We estimate distances between corresponding sets of trajectories of two systems in terms of distances between the reachpipes. In case of two individual traces, the Skorokhod distance has been proposed as a robust and efficient notion of distance which captures both value and timing distortions. In this paper, we extend the computation of the Skorokhod distance to reachpipes, and provide algorithms to compute upper and lower bounds on the distance between two sets of traces. Our algorithms use new geometric insights that are used to compute the worst-case and best-case distances between two polyhedral sets evolving with time.
{"title":"Computing Distances between Reach Flowpipes","authors":"R. Majumdar, Vinayak S. Prabhu","doi":"10.1145/2883817.2883850","DOIUrl":"https://doi.org/10.1145/2883817.2883850","url":null,"abstract":"We investigate quantifying the difference between two hybrid dynamical systems under noise and initial-state uncertainty. While the set of traces for these systems is infinite, it is possible to symbolically approximate trace sets using emph{reachpipes} that compute upper and lower bounds on the evolution of the reachable sets with time. We estimate distances between corresponding sets of trajectories of two systems in terms of distances between the reachpipes. In case of two individual traces, the Skorokhod distance has been proposed as a robust and efficient notion of distance which captures both value and timing distortions. In this paper, we extend the computation of the Skorokhod distance to reachpipes, and provide algorithms to compute upper and lower bounds on the distance between two sets of traces. Our algorithms use new geometric insights that are used to compute the worst-case and best-case distances between two polyhedral sets evolving with time.","PeriodicalId":337926,"journal":{"name":"Proceedings of the 19th International Conference on Hybrid Systems: Computation and Control","volume":"34 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-02-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124218962","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Shromona Ghosh, Dorsa Sadigh, P. Nuzzo, Vasumathi Raman, Alexandre Donzé, A. Sangiovanni-Vincentelli, S. Sastry, S. Seshia
We address the problem of diagnosing and repairing specifications for hybrid systems, formalized in signal temporal logic (STL). Our focus is on automatic synthesis of controllers from specifications using model predictive control. We build on recent approaches that reduce the controller synthesis problem to solving one or more mixed integer linear programs (MILPs), where infeasibility of an MILP usually indicates unrealizability of the controller synthesis problem. Given an infeasible STL synthesis problem, we present algorithms that provide feedback on the reasons for unrealizability, and suggestions for making it realizable. Our algorithms are sound and complete relative to the synthesis algorithm, i.e., they provide a diagnosis that makes the synthesis problem infeasible, and always terminate with a non-trivial specification that is feasible using the chosen synthesis method, when such a solution exists. We demonstrate the effectiveness of our approach on controller synthesis for various cyber-physical systems, including an autonomous driving application and an aircraft electric power system.
{"title":"Diagnosis and Repair for Synthesis from Signal Temporal Logic Specifications","authors":"Shromona Ghosh, Dorsa Sadigh, P. Nuzzo, Vasumathi Raman, Alexandre Donzé, A. Sangiovanni-Vincentelli, S. Sastry, S. Seshia","doi":"10.1145/2883817.2883847","DOIUrl":"https://doi.org/10.1145/2883817.2883847","url":null,"abstract":"We address the problem of diagnosing and repairing specifications for hybrid systems, formalized in signal temporal logic (STL). Our focus is on automatic synthesis of controllers from specifications using model predictive control. We build on recent approaches that reduce the controller synthesis problem to solving one or more mixed integer linear programs (MILPs), where infeasibility of an MILP usually indicates unrealizability of the controller synthesis problem. Given an infeasible STL synthesis problem, we present algorithms that provide feedback on the reasons for unrealizability, and suggestions for making it realizable. Our algorithms are sound and complete relative to the synthesis algorithm, i.e., they provide a diagnosis that makes the synthesis problem infeasible, and always terminate with a non-trivial specification that is feasible using the chosen synthesis method, when such a solution exists. We demonstrate the effectiveness of our approach on controller synthesis for various cyber-physical systems, including an autonomous driving application and an aircraft electric power system.","PeriodicalId":337926,"journal":{"name":"Proceedings of the 19th International Conference on Hybrid Systems: Computation and Control","volume":"6 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-02-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116806059","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Alena Rodionova, E. Bartocci, D. Ničković, R. Grosu
We show that metric temporal logic (MTL) the extension of linear temporal logic to real time, can be viewed as linear time-invariant filtering, by interpreting addition, multiplication, and their neutral elements, over the idempotent dioid (max,min,0,1). Moreover, by interpreting these operators over the field of reals (+,x,0,1), one can associate various quantitative semantics to a metric-temporal-logic formula, depending on the filter's kernel used: square, rounded-square, Gaussian, low-pass, band-pass, or high-pass. This remarkable connection between filtering and metric temporal logic allows us to freely navigate between the two, and to regard signal-feature detection as logical inference. To the best of our knowledge, this connection has not been established before. We prove that our qualitative, filtering semantics is identical to the classical MTL semantics. We also provide a quantitative semantics for MTL, which measures the normalized, maximum number of times a formula is satisfied within its associated kernel, by a given signal. We show that this semantics is sound, in the sense that, if its measure is 0, then the formula is not satisfied, and it is satisfied otherwise. We have implemented both of our semantics in Matlab, and illustrate their properties on various formulas and signals, by plotting their computed measures.
{"title":"Temporal Logic as Filtering","authors":"Alena Rodionova, E. Bartocci, D. Ničković, R. Grosu","doi":"10.1145/2883817.2883839","DOIUrl":"https://doi.org/10.1145/2883817.2883839","url":null,"abstract":"We show that metric temporal logic (MTL) the extension of linear temporal logic to real time, can be viewed as linear time-invariant filtering, by interpreting addition, multiplication, and their neutral elements, over the idempotent dioid (max,min,0,1). Moreover, by interpreting these operators over the field of reals (+,x,0,1), one can associate various quantitative semantics to a metric-temporal-logic formula, depending on the filter's kernel used: square, rounded-square, Gaussian, low-pass, band-pass, or high-pass. This remarkable connection between filtering and metric temporal logic allows us to freely navigate between the two, and to regard signal-feature detection as logical inference. To the best of our knowledge, this connection has not been established before. We prove that our qualitative, filtering semantics is identical to the classical MTL semantics. We also provide a quantitative semantics for MTL, which measures the normalized, maximum number of times a formula is satisfied within its associated kernel, by a given signal. We show that this semantics is sound, in the sense that, if its measure is 0, then the formula is not satisfied, and it is satisfied otherwise. We have implemented both of our semantics in Matlab, and illustrate their properties on various formulas and signals, by plotting their computed measures.","PeriodicalId":337926,"journal":{"name":"Proceedings of the 19th International Conference on Hybrid Systems: Computation and Control","volume":"48 2","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-10-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"113954414","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: