Invariant-Based Verification and Synthesis for Hybrid Systems Naijun Zhan Institute of Software, Chinese Academy of Sciences (Joint work with Hengjun Zhao, Jiang Liu, Deepak Kapur, Kim G. Larsen, Liang Zou, etc.) IFIP WG 2.2 Scientific Meeting, IMS, Singapore Sept. 12-16, 2016
Outline Background Invariant and Verification Invariant-Based Synthesis Case Studies Conclusion 2
Outline Background Invariant and Verification Invariant-Based Synthesis Case Studies Conclusion 3
Classification of Dynamical Systems Discrete ON OFF Continuous ( t ) x x d x f ( x ) 0 d t 4
Hybrid System Continuous + Discrete Universal Law of Gravitation by Heer Rami http://www.benettonplay.com/toys/flipbookdeluxe/player.php?id=294504 5
Hybrid Automata transition Initial guard x x ( ) f 1 x f 2 x ( ) domain 6
HSs in Engineering Electrical Circuits Chemical Process http://people.ee.ethz.ch/~mpt/2/docs/demos/twotanks.php 7
Embedded Control Systems actuator physical discipline logic/computation sensor 8
9 Safety Critical Systems
Motivation Develop formal methods for enhancing the trustworthiness of safety critical embedded systems Problems: Verification and Design System Requirements: mainly safety Techniques: symbolic/rigorous computation 10
Outline Background Invariant and Verification Invariant-Based Synthesis Case Studies Conclusion 11
Deductive Verification Continuous system Program x x:=1; d f ( x ) while (x<=1000000000) d t { x:=x+1; } x ≦ 0 Inductive Inductive Invariant Invariant x=1 x ≧ 1 x ≧ 1 x+1 ≧ 1 x ≧ 1 ﹁ ( x ≦ 0 ) 12
Inductiveness Discrete Continuous I I Δ t Inductiveness Inductiveness x I x I x ( t ) I x ( t ) t I 1 k k Transition relation Transition relation x ( x ) ' x ( t t ) x ( t ) x ( t ) t k 1 k 13
Lie Derivatives and Invariant x d f ( x ) d t d p ( x ( t )) p ( x ) = 0 0 d t p ( x ) > 0 d p ( x ( t )) 0 d t d p ( x ( t )) 0 d t 14
Higher-Order Lie Derivatives p ( x ) = 0 1 d p 0 1 d t p ( x ) > 0 1 2 d p d p 0 0 1 2 d t d t d p ( x ( t )) 0 1 2 3 d p d p d p d t 0 0 0 1 2 3 d t d t d t 1 2 3 d p d p d p 0 0 0 1 2 3 d t d t d t 15
Criterion for Invariant f ( x ) and p ( x ) are polynomials Compute an upper bound N s.t. x d p ( x ) ≥ 0 is an inductive invariant of f ( x ) d t iff 1 d p 0 0 p 1 d t 1 2 d d p p 0 0 1 2 d t d t 1 2 N d p d p d p 0 0 0 1 2 N d t d t d t 16
Main Result Semi-algebraic set , First-order theory of real numbers is decidable Quantifier Elimination Checking whether a semi-algebraic set is an inductive invariant of a polynomial continuous dynamical systems is decidable 17
Parametric Case Parametric polynomials p ( u,x ) x d p ( u,x ) ≥ 0 is an inductive invariant of f ( x ) d t iff u satisfies 1 d p 0 0 p ( u , x ) 1 d t Use parametric polynomials and quantifier elimination (or other compuation 1 2 d d p p 0 0 techniques) to automatically discovering 1 2 d t d t inductive invariants 1 2 N d d d p p p 0 0 0 1 2 N d t d t d t 18
Inductive Invariant of HSs Init Inv Init G 1 12 Inv 1 Inv 2 1 , Inv Inv x 2 x f 1 x ( ) f 2 x ( ) Inv G Inv 1 12 2 G 21 Inv G Inv 2 21 1 19
Safety Verification Example Try to generate an invariant that implies y the safety property x 3 x x y y 3 S Inv 20
Outline Background Invariant and Verification Invariant-Based Synthesis Case Studies Conclusion 21
Problem Description Given an initial specification of a hybrid system and a safety requirement, construct a refined hybrid system such that the safety requirement is satisfied domains guards 22
Nuclear Reactor http://commons.wikimedia.org/wiki/File:Control_rods_schematic.svg 23
Hybrid Automata Model x : temperature of the reactor p : fraction of the rod immersed into the reactor 24
Violation of Safety 510 x 550 550 x 510 p 0 1 25
Invariant for Refinement Guard 12 Domain 1 Domain 2 S Inv 26
Result 6575 x 547 . 92 Inv 12 27
Optimization Further refine the hybrid system according to certain optimization criteria polynomial objective function + semi-algebraic feasible region Symbolic optimization 28
Outline Background Invariant and Verification Invariant-Based Synthesis Case Studies Oil pump Lunar lander Conclusion 29
Oil Pump Switching First studied in [Cassez et al. HSCC09, 45% improvement] Provided by the German company HYDAC Determine the time points to switch the pump on/off s.t. Safety: Optimality: minimize 30
Synthesized Switching Controller v 0 is the initial volume of oil on off on off 31
Performance Safety Improve the optimal value of [HSCC09] by 7.5% The synthesized controller is correct, also optimal 32
Soft Landing 15km Braking 3km Adjustment 2.4km Approach Hovering 100m Obstacle avoidance 30m Slow descent 0m Lunar surface 33
Slow Descent Phase Trajectory control Sampling period : ∆ T = 0.128s Control objective: v = -2m/s 34
Hybrid Automata Model Dynamics Replace the non-polynomial term by a new variable: a = Fc/m
Verification Safety requirement: | v – (-2)| 0.05 Generated Invariant: Kong, H., He, F., Song, X., Hung,W., Gu, M.: Exponential-condition-based barrier certificate generation for safety verification of hybrid systems. In: CAV’13. pp. 242–257 (2013) 36
Conclusion Hybrid systems attracts more and more interests with the development of safety critical embedded systems Invariant plays an important role in the study (formal verification, controller synthesis) of hybrid systems Semi-algebraic inductive invariant checking for polynomial continuous/hybrid systems is decidable 37
Conclusion Use parametric polynomials and symbolic computation to automatically discover invariants, and to perform optimization rigorous high complexity (may be combined with numeric computation) Non-polynomial systems transformed to polynomials ones Case studies show good prospect of proposed methods 38
Related references Hengjun Zhao, Mengfei Yang, Naijun Zhan, Bin Gu, Liang Zou and Yao Chen (2014): Formal verification of a descent guidance control program of a lunar lander , in Proc. of FM 2014, Lecture Notes in Computer Science 8442 , pp.733-748. Hengjun Zhao, Naijun Zhan and Deepak Kapur (2013): Synthesizing switching controllers for hybrid systems by generating invariants , in Proc. of the Jifeng Festschrift, Lecture Notes in Computer Science 8051, pp.354-373. Hengjun Zhao, Naijun Zhan, Deepak Kapur, and Kim G. Larsen (2012): A “hybrid” approach for synthesizing optimal controllers of hybrid systems: A Case study of the oil pump industrial example , in Proc. of FM 2012, Lecture Notes in Computer Science 7436, pp.471-485, 2012. Jiang Liu, Naijun Zhan and Hengjun Zhao (2011): Computing semi-algebraic invariants for polynomial dynamical systems , in Proc. of EMSOFT 2011, pp.97-106, ACM Press. 39
Thanks! Questions? 40
Recommend
More recommend