61269 - 100% DRAGON INRIA CHERCHEURS UK CMJN INRIA Déploiement identité - - - - - - - - - - NOIR 90% N0 J90 M100 C0 N0 J90 M20 C0 R1-30/03/11 Discrete Controller Synthesis for Infinite State Systems with ReaX Nicolas B erthier Hervé M archand Inria Rennes — Bretagne Atlantique WODES’ 14 May 14, 2014
ASTS Model Safety Control Problem Principles of the Solution ReaX Conclusions 2 / 21 Outline Infinite State Systems (ASTSs) Safety Control Problem for ASTSs Principles of the Solution ReaX: Technical Choices, Implementation & Evaluations Conclusions
ASTS Model Safety Control Problem Principles of the Solution ReaX Conclusions 3 / 21 Outline Infinite State Systems (ASTSs) Safety Control Problem for ASTSs Principles of the Solution ReaX: Technical Choices, Implementation & Evaluations Conclusions
ASTS Model Safety Control Problem Principles of the Solution ReaX Conclusions 4 / 21 ASTS Model for Infinite State Systems Definition (Arithmetic Symbolic Transition System — ASTS) S = � X , I , T , A , Θ 0 � where: ◮ X = � x 1 , . . . , x n � ; D X = B r × Z s × R t ← Vector of State Variables ◮ I = � i 1 , . . . , i m � ; D I = B u × Z v × R w ← Vector of Input Variables ◮ T = � t 1 , . . . , t n � ; t i : Expression on X ∪ I ← Transition Function ◮ A : Predicate on X ∪ I ← Assertion ◮ Θ 0 : Predicate on X ← Initial State(s) a ∧ ( 2 x + i � 0 ) / o , x := 2 x + 1 ¬ a ∨ ( 2 x + i < 0 ) i � 42 / o A B i > 42 / x := i ◮ X = � ξ, x , o � , I = � a , i � D X = { A , B } × Z × B , D I = B × Z ◮ A ( � ξ, x , o , a , i � ) = ( ξ = B ∧ 3 x + 2 i � 41 ∧ a ) ◮ Θ 0 ( � ξ, x , o � ) = ( ξ = A ∧ x = 0 ∧ ¬ o )
ASTS Model Safety Control Problem Principles of the Solution ReaX Conclusions 5 / 21 Outline Infinite State Systems (ASTSs) Safety Control Problem for ASTSs Principles of the Solution ReaX: Technical Choices, Implementation & Evaluations Conclusions
ASTS Model Safety Control Problem Principles of the Solution ReaX Conclusions 6 / 21 Safety Control Problem ◮ Initiated by Ramadge and Wonham 1989 1 Definition (Invariant for an ASTS) Given an ASTS S = � X , I , T , A , Θ 0 � , a Predicate Φ over X is an Invariant of S (Noted S | = Φ ) iff All Reachable States of S Satisfy Φ i.e., ∀ p ∈ N ∀ x 0 ∈ D X ← Initial State ∀ ( ι 0 , . . . , ι p ) ∈ D p ← Sequence of p Vectors of Inputs I Θ 0 ( x 0 ) ∧ ∀ i ∈ [ 0 , p ] , A ( T ( . . . T ( x 0 , ι 0 ) . . . , ι i )) ⇒ ∀ i ∈ [ 0 , p ] , Φ( T ( . . . T ( x 0 , ι 0 ) . . . , ι i )) 1 Peter J. G. Ramadge and W. Murray Wonham. “The control of discrete event systems”. In: Proceedings of the IEEE 77.1 (Jan. 1989), pp. 81–98.
ASTS Model Safety Control Problem Principles of the Solution ReaX Conclusions 6 / 21 Safety Control Problem ◮ Initiated by Ramadge and Wonham 1989 Definition (Invariant for an ASTS) Given an ASTS S = � X , I , T , A , Θ 0 � , a Predicate Φ over X is an Invariant of S (Noted S | = Φ ) iff All Reachable States of S Satisfy Φ Controller Synthesis Problem for Invariant Enforcement in ASTSs Given and ASTS S = � X , I uc ⊎ I c , T , A , Θ 0 � where: ◮ I uc ← Non-controllable Input Variables ◮ I c ← Controllable Input Variables and an Invariant Φ over X , ← Not Satis fi ed a priori Compute a Predicate A Φ such that: S ′ = � X , I uc ⊎ I c , T , A Φ , Θ 0 � | = Φ and ∀ v , A Φ ( v ) ⇒ A ( v )
ASTS Model Safety Control Problem Principles of the Solution ReaX Conclusions 7 / 21 Outline Infinite State Systems (ASTSs) Safety Control Problem for ASTSs Principles of the Solution Notations for Reasoning about State Spaces Finite Case Infinite Case (Contribution) ReaX: Technical Choices, Implementation & Evaluations Conclusions
ASTS Model Safety Control Problem Principles of the Solution ReaX Conclusions 8 / 21 Notations for Reasoning about State Spaces Definition (Controllable Infinite Transition System of an ASTS) One Associates to an ASTS S = � X , I uc ⊎ I c , T , A , Θ 0 � a Controllable Infinite Transition System [ S ] = � X , I , T S , A S , X 0 � where: ◮ X = D X ← State Space ◮ I = U × C ◮ U = D I uc ← Non-controllable Input Space ◮ C = D I c ← Controllable Input Space ◮ T S ⊆ X × I → X = λ ( x , ι ) . ( t i ( x , ι )) i ∈ [ 1 , n ] ← Transition Function ◮ A S ⊆ X × I = { ( x , ι ) | A ( x , ι ) } ← Assertion on Environment ◮ X 0 ⊆ X = { x | Θ 0 ( x ) } ← Initial States ◮ T − 1 : ℘ ( X ) → ℘ ( X × U × C ) ← Pre-image Function S
ASTS Model Safety Control Problem Principles of the Solution ReaX Conclusions 9 / 21 Finite Case: Algorithmic Principle ( e.g., X = B n ) Finite Case: State Variables on Finite Domains ◮ Proposed by Marchand et al. 2000 1 ❀ Maximally Permissive Controller 1 Hervé Marchand et al. “Synthesis of Discrete-Event Controllers based on the Signal Environment”. In: Discrete Event Dynamic System: Theory and Applications 10.4 (Oct. 2000), pp. 325–346.
ASTS Model Safety Control Problem Principles of the Solution ReaX Conclusions 9 / 21 Finite Case: Algorithmic Principle ( e.g., X = B n ) Finite Case: State Variables on Finite Domains ◮ Proposed by Marchand et al. 2000 1 ❀ Maximally Permissive Controller Informal Algorithm ◮ Let Bad = { x ∈ X | ¬ Φ( x ) } ← States to Avoid ◮ I Bad = States Uncontrollably Reaching Bad ← Co-reachability ◮ Success i ff X 0 ∩ I Bad = ∅ ◮ A Φ = T − 1 ( I c Bad ) ∩ A S ← Relating States with Allowed Inputs S 1 Hervé Marchand et al. “Synthesis of Discrete-Event Controllers based on the Signal Environment”. In: Discrete Event Dynamic System: Theory and Applications 10.4 (Oct. 2000), pp. 325–346.
ASTS Model Safety Control Problem Principles of the Solution ReaX Conclusions 10 / 21 Finite Case: Computing I Bad X Bad
ASTS Model Safety Control Problem Principles of the Solution ReaX Conclusions 10 / 21 Finite Case: Computing I Bad ∀ u ∈ U ∃ c ∈ C X Bad ∃ u ∈ U ∀ c ∈ C
ASTS Model Safety Control Problem Principles of the Solution ReaX Conclusions 10 / 21 Finite Case: Computing I Bad ∀ u ∈ U ∃ c ∈ C X I Bad Bad ∃ u ∈ U ∀ c ∈ C
ASTS Model Safety Control Problem Principles of the Solution ReaX Conclusions 10 / 21 Finite Case: Computing I Bad ∀ u ∈ U ∃ c ∈ C X I Bad Bad ∃ u ∈ U ∀ c ∈ C def I Bad = coreach u ( Bad ) coreach u ( B ) = lfp ( λβ. B ∪ pre u ( β )) def � ∃ u ∈ U , ∀ c ∈ C , ( x , u , c ) ∈ T − 1 � � x ∈ X ( B ) ∩ A S � pre u ( B ) = S
ASTS Model Safety Control Problem Principles of the Solution ReaX Conclusions 11 / 21 Infinite Case: Algorithmic Principle (Contribution) ( e.g., X = B n × Z m ) Infinite Case: Allowing Numerical Variables ◮ Undecidability Problem ❀ Over-approximating Solution ◮ Using Abstract Interpretation Techniques ◮ Computing I ′ Bad ( ⊇ I Bad ) � ❀ Maximally Permissive Controller
ASTS Model Safety Control Problem Principles of the Solution ReaX Conclusions 11 / 21 Infinite Case: Algorithmic Principle (Contribution) ( e.g., X = B n × Z m ) Infinite Case: Allowing Numerical Variables ◮ Undecidability Problem ❀ Over-approximating Solution ◮ Using Abstract Interpretation Techniques ◮ Computing I ′ Bad ( ⊇ I Bad ) � ❀ Maximally Permissive Controller Abstract Interpretation Requirements γ ◮ � Λ , ⊑ , ⊔ , ⊓ , ⊤ , ⊥� , α and γ such that: ℘ ( X ) − ← − − Λ − → α ◮ ℘ ( X ) ← Concrete Domain (Sets of States) ◮ Λ ← Abstract Domain (Finite Representation of Sets of States) ◮ α : ℘ ( X ) → Λ ← Abstraction Function ◮ γ : Λ → ℘ ( X ) ← Concretization Function ◮ T ♯ − 1 : Λ → Λ ← Abstract Pre-image S ◮ ∃ ♯ Y , ∀ ♯ ← Quanti fi er Elimination Y ◮ ∇ : Λ × Λ → Λ ← Widening Operator, Forcing Convergence
ASTS Model Safety Control Problem Principles of the Solution ReaX Conclusions 12 / 21 Infinite Case: Computing I ′ Bad ( ⊇ I Bad ) ∀ u ∈ U ∃ c ∈ C X I Bad Bad ∃ u ∈ U ∀ c ∈ C def I Bad = coreach u ( Bad ) coreach u ( B ) = lfp ( λβ. B ∪ pre u ( β )) def � ∃ u ∈ U , ∀ c ∈ C , ( x , u , c ) ∈ T − 1 � � x ∈ X ( B ) ∩ A S � pre u ( B ) = S
ASTS Model Safety Control Problem Principles of the Solution ReaX Conclusions 12 / 21 Infinite Case: Computing I ′ Bad ( ⊇ I Bad ) ∀ u ∈ U ∃ c ∈ C X I Bad Bad ∃ u ∈ U α ( Bad ) ∀ c ∈ C I ′ Bad = γ ◦ coreach ♯ u ◦ α ( Bad )
ASTS Model Safety Control Problem Principles of the Solution ReaX Conclusions 12 / 21 Infinite Case: Computing I ′ Bad ( ⊇ I Bad ) ∀ u ∈ U ∃ c ∈ C X I ′ I Bad Bad Bad ∃ u ∈ U ∀ c ∈ C I ′ Bad = γ ◦ coreach ♯ coreach ♯ def = lfp ( λβ. B ⊔ pre ♯ u ◦ α ( Bad ) u ( B ) u ( β )) � � �� = ∃ ♯ ∀ ♯ T ♯ − 1 pre ♯ def u ( B ) ( B ) ⊓ α ( A S ) U C S
ASTS Model Safety Control Problem Principles of the Solution ReaX Conclusions 12 / 21 Infinite Case: Computing I ′ Bad ( ⊇ I Bad ) ∀ u ∈ U ∃ c ∈ C X I ′ I Bad Bad Bad ∃ u ∈ U ∀ c ∈ C I ′ Bad = γ ◦ coreach ∇ coreach ∇ = lfp ( λβ. B ∇ pre ♯ def u ◦ α ( Bad ) u ( B ) u ( β )) � � �� = ∃ ♯ ∀ ♯ T ♯ − 1 pre ♯ def u ( B ) ( B ) ⊓ α ( A S ) U C S
Recommend
More recommend