01/07/2010 Two Parallel Stories Timed and Hybrid Automata Symbolic model checking: Timed and hybrid systems: -abstract data type region algebra yp g g specific region algebra p g g -termination analysis (e.g. clock regions, polyhedra) Tom Henzinger IST Austria Theory Application Bertinoro 2010 Discrete (transition) system Discrete (transition) system Continuous (dynamical) system Q = R n Discrete (transition) system Discrete (transition) system Continuous (dynamical) system Continuous (dynamical) system Q = R n Q = R n Hybrid system Hybrid system jumps jumps flows flows -nondeterministic -time abstract 1
01/07/2010 A Thermostat A Thermostat States States x ∈ R x ∈ R temperature temperature h ∈ { on, off } h ∈ { on, off } heat heat Fl Flows [] h = on → x' = K ⋅ (H-x) f 1 f 2 [] h = off → x' = -K ⋅ x invariants A Thermostat States f 1 x ∈ R temperature h = on h ∈ { on, off } heat j 1 j 2 Fl Flows [] h = on → x' = K ⋅ (H-x) f 1 h = off [] h = off → x' = -K ⋅ x f 2 f 2 Jumps [] h = on → h := off j 1 x [] h = off → j 2 h := on guards A Thermostat A Thermostat States States x ∈ R temperature x ∈ R temperature h ∈ { on, off } heat h ∈ { on, off } heat t ∈ R timer (“clock”) t ∈ R timer (“clock”) Fl Flows Fl Flows f 1 [] h = on ∧ t ≤ U → x' = K ⋅ (H-x); t' := 1 f 1 [] h = on ∧ t ≤ U → x' = K ⋅ (H-x); t' = 1 [] h = off ∧ t ≤ U → x' = -K ⋅ x; t' := 1 [] h = off ∧ t ≤ U → x' = -K ⋅ x; t' = 1 f 2 f 2 Jumps Jumps [] h = on ∧ t ≥ L → h := off; t' := 0 [] h = on ∧ t ≥ L → h := off; t := 0 j 1 j 1 [] h = off ∧ t ≥ L → [] h = off ∧ t ≥ L → j 2 h := on; t' := 0 j 2 h := on; t := 0 2
01/07/2010 x A Thermostat f 1 States h = on x ∈ R temperature h ∈ { on, off } heat t ∈ R timer (“clock”) t Flows Fl x [] h = on ∧ t ≤ U → x' = K ⋅ (H-x); t' = 1 f 1 f 2 [] h = off ∧ t ≤ U → x' = -K ⋅ x; t' = 1 Jumps h = off j 1 [] h = on ∧ t ≥ L → h := off; t := 0 j 2 [] h = off ∧ t ≥ L → h := on; t := 0 t L U x x f 1 f 1 h = on h = on j 1 j 1 t t x x h = off h = off f 2 t t L U L U x x f 1 f 1 h = on h = on j 1 j 1 t t x x j 2 j 2 h = off h = off f 2 f 2 t t L U L U 3
01/07/2010 From a Hybrid System to a Symbolic Transition System x f 2 h = off 1. Discretize: from continuous to discrete 2 Lift: from states to state sets (“regions”) 2. Lift: from states to state sets ( regions ) 3. Observe: from infinite to finititary t L U Step 1: Discretize Transition System Transition System Q set of states Q set of states Σ set of actions Σ set of actions post: Q × Σ → 2 Q successor function post: Q × Σ → 2 Q successor function Thermostat Thermostat Q = R 2 × { on, off } Σ = { f 1 , f 2 , j 1 , j 2 } if t ≥ L { { (x, 0, off) } post ( x, t, on, j 1 ) = ∅ if t < L x Transition System Step 2: Lift Q set of states Σ set of actions h = on post: Q × Σ → 2 Q successor function t Thermostat Thermostat x R Q = R 2 × { on, off } Σ = { f 1 , f 2 , j 1 , j 2 } h = off { (x, 0, off) } if t ≥ L { post ( x, t, on, j 1 ) = ∅ if t < L infinite set if t < U { { (x, t, on) } if t = U post ( x, t, on, f 1 ) = ∅ if t > U t L U 4
01/07/2010 x x Step 2: Lift Step 2: Lift post( post(R,f 2 ), j 2 ) h = on h = on t t x x R R h = off h = off post(R,f 2 ) post(R,f 2 ) t t L U L U Lifted Transition System Lifted Transition System Q Q Σ Σ post: 2 Q × Σ → 2 Q post: 2 Q × Σ → 2 Q post(R, σ ) = ∪ q ∈ R post(q, σ ) post(R, σ ) = ∪ q ∈ R post(q, σ ) pre: 2 Q × Σ → 2 Q pre(R, σ ) = ∪ q ∈ R pre(q, σ ) x x h = on h = on t t x x pre(R,f 2 ) h = off h = off R R t t L U L U 5
01/07/2010 x x Step 3: Observe pre( pre(R,f 2 ), j 2 ) h = on h = on t t x x pre(R,f 2 ) 3 < x < 4 h = off h = off 2 < x < 3 R 1 < x < 2 0 < x < 1 t t L U L U Observed Transition System Observed Transition System Q Q Σ Σ pre, post: 2 Q × Σ → 2 Q pre, post: 2 Q × Σ → 2 Q A A = { a 1 , a 2 , a 3 , ... } set of observations a i µ Q = { a 1 , a 2 , a 3 , ... } set of observations a i µ Q Q Thermostat a 3 a 2 A = { on, off } [ { x = c, c < x < c+1 | c ∈ Z } a 1 Model Checking: Model Checking: From Finite-state to Hybrid Systems From Finite-state to Hybrid Systems Graph Algorithms: Graph Algorithms: -unit operation: access to a vertex (“state”) or edge (“transition”) -unit operation: access to a vertex (“state”) or edge (“transition”) -for finite-state systems -for finite-state systems S Symbolic Algorithms: b li Al ith -unit operation: pre or post on a state set ("region") -also for infinite-state systems 6
01/07/2010 Model Checking: Symbolic Transition System From Finite-state to Hybrid Systems Q Σ Graph Algorithms: pre, post A -unit operation: access to a vertex (“state”) or edge (“transition”) ℜ = { R 1 , R 2 , … } set of regions R i ⊆ Q -for finite-state systems S Symbolic Algorithms: b li Al ith -unit operation: pre or post on a state set ("region") -also for infinite-state systems -two ingredients: 1. region algebra (e.g. BDDs, clock zones, polyhedra) 2. termination analysis Symbolic Transition System Symbolic Transition System Q Σ pre, post 1. Local computation: Region Operations A Compute pre, post, Å , \ , and ⊆ on regions in ℜ . ℜ = { R 1 , R 2 , … } set of regions R i ⊆ Q Region algebra: 1. A ⊆ ℜ 2. pre, post: ℜ × Σ → ℜ computable Å : ℜ 2 → ℜ 3. \ : ℜ 2 → ℜ computable ⊆ : ℜ 2 → { t, f } Region Algebras Symbolic Transition System If -Q is the valuations for a set X:Vals of typed variables, 1. Local computation: Region Operations -the effect of transitions can be expressed using Ops on Vals, Compute pre, post, Å , \ , and ⊆ on regions in ℜ . -the first-order theory FO(Vals,Ops) admits quantifier elimination, 2. Global computation: Symbolic Semi-Algorithms Starting from the observations in A , compute new regions in ℜ by applying the operations pre, post, Å , \ , and ⊆ . 7
01/07/2010 Region Algebras Region Algebras If -Q is the valuations for a set X:Vals of typed variables, If -Q is the valuations for a set X:Vals of typed variables, -the effect of transitions can be expressed using Ops on Vals, -the effect of transitions can be expressed using Ops on Vals, -the first-order theory FO(Vals,Ops) admits quantifier elimination, -the first-order theory FO(Vals,Ops) admits quantifier elimination, then the quantifier-free fragment ZO(Vals,Ops) is a region algebra. then the quantifier-free fragment ZO(Vals,Ops) is a region algebra. This is because each pre and post operation is a quantifier elimination: This is because each pre and post operation is a quantifier elimination: pre(R(X)) = ( ∃ X) (Trans(X,X) ∧ R(X)) pre(R(X)) = ( ∃ X) (Trans(X,X) ∧ R(X)) Example: boolean systems (Vals = B, and ℜ = boolean expressions over X) Example: Polyhedral Hybrid Automata Example: Polyhedral Hybrid Automata Q = B m × R n Q = B m × R n Invariants and guards: Invariants and guards: b boolean and linear constraints, e.g. a ∧ ( 3x 1 + x 2 ≤ 7) l d li t i t ( 3 + ≤ 7) boolean and linear constraints, e.g. a ∧ ( 3x 1 + x 2 ≤ 7) b l d li t i t ( 3 + ≤ 7) Flows: rectangular differential inclusions, e.g. x' 1 ∈ [1,2] Flows: rectangular differential inclusions, e.g. x' 1 ∈ [1,2] Jumps: boolean and linear constraints, e.g. x 2 := 2x 1 + x 2 +1 Jumps: boolean and linear constraints, e.g. x 2 := 2x 1 + x 2 +1 A = set of boolean valuations and integral polyhedra in R n Example: Polyhedral Hybrid Automata Example: Polyhedral Hybrid Automata Q = B m × R n Q = B m × R n Invariants and guards: Invariants and guards: boolean and linear constraints, e.g. a ∧ ( 3x 1 + x 2 ≤ 7) ≤ 7) boolean and linear constraints, e.g. a ∧ ( 3x 1 + x 2 ≤ 7) ≤ 7) b l d li t i t ( 3 + b l d li t i t ( 3 + Flows: rectangular differential inclusions, e.g. x' 1 ∈ [1,2] Flows: rectangular differential inclusions, e.g. x' 1 ∈ [1,2] Jumps: boolean and linear constraints, e.g. x 2 := 2x 1 + x 2 +1 Jumps: boolean and linear constraints, e.g. x 2 := 2x 1 + x 2 +1 A = set of boolean valuations and integral polyhedra in R n A = set of boolean valuations and integral polyhedra in R n ℜ = set of boolean valuations and rational polyhedra in R n ℜ = set of boolean valuations and rational polyhedra in R n x = … ZO(Q, ≤ ,+) 8
Recommend
More recommend
