On the Soundness of Behavioural Abstraction in Hybrid Systems - PowerPoint PPT Presentation

On the Soundness of Behavioural Abstraction in Hybrid Systems SIM@SYST.Level, 19 th of October, 2014, Cargèse, France Simon Bliudze and Sébastien Furic

Towards On the Soundness of Behavioural Abstraction in Hybrid Systems SIM@SYST.Level, 19 th of October, 2014, Cargèse, France Simon Bliudze and Sébastien Furic

Towards On the Soundness of Behavioural Abstraction in Hybrid Systems S. Bliudze and S. Furic. An Operational Semantics for Hybrid Systems � Involving Behavioral Abstraction . Proc. of the 10 th International Modelica SIM@SYST.Level, 19 th of October, 2014, Cargèse, France Conference, Lund, Sweden, pp. 693–706. 2014. Simon Bliudze and Sébastien Furic

Abstraction model Fuse 
 extends Interfaces.OnePort; 
 parameter Real iMax; parameter Real Ron, Roff; Boolean on; protected Real R; initial equation on = true; equation 
 when i > iMax then on = false; 
 end when; 
 R = if on then Ron else Roff; v = R * i; end Fuse; • The fuse model assumes negligible melting duration • In particular w.r.t. the raise duration of the voltage source 2 / 22 S.Bliudze, SIM@SYST.Level, Cargèse, 19 th of October, 2014

Expected behaviour • Only the first fuse melts • Independently of the voltage slope 3 / 22 S.Bliudze, SIM@SYST.Level, Cargèse, 19 th of October, 2014

Nested abstraction • Suppose we also abstract the behaviour of the voltage source • Both fuses melt due to the loss of signal continuity 4 / 22 S.Bliudze, SIM@SYST.Level, Cargèse, 19 th of October, 2014

Desired behaviour • Signals are no longer maps from time to values • We need infinitesimal time steps to enable this behaviour 5 / 22 S.Bliudze, SIM@SYST.Level, Cargèse, 19 th of October, 2014

Non-standard analysis R infinitely great infinitely great 0 negative reals positive reals infinitesimals • Used intuitively by Leibniz and Newton • Formalised by Abraham Robinson in the 60s N, N + 1 , N 2 , N/ 2 , e N , . . . ε = 1 /N, . . . ε ≈ 0 7 / 22 S.Bliudze, SIM@SYST.Level, Cargèse, 19 th of October, 2014

Standardisation • Every finite non-standard real has a unique standard part x = std( x ) + ε std( x ) ∈ R ε ≈ 0 • Functions can be standardised def � � � � ∀ x ∈ R , std ( x ) = std f ( x ) f • Standardisation of a function is not defined on all non- standard reals, but only on the standard ones � � f : ∗ R → ∗ R std f : R → R 8 / 22 S.Bliudze, SIM@SYST.Level, Cargèse, 19 th of October, 2014

Examples • Differentiation � x 2 � = ( x + dx ) 2 − x 2 = 2 x dx + dx 2 d = 2 x + dx ≈ 2 x dx dx dx • Integration Z 1 N − 1 X f ( x ) dx ≈ f ( i dx ) dx , where N = 1 /dx 0 i =0 • Continuity ∀ x ∈ ∗ R , x ≈ a = ⇒ ∗ f ( x ) ≈ ∗ f ( a ) 9 / 22 S.Bliudze, SIM@SYST.Level, Cargèse, 19 th of October, 2014

Everything is a sequence 1 = [1 , 1 , 1 , . . . ] ∗ f = [ f, f, f, . . . ] 1 , 1 2 , 1 ⇥ ⇤ N = [1 , 2 , 3 , . . . ] ε = 1 /N = 3 , . . . 1 , 1 4 , 1 ε 2 = 1 /N 2 = ⇥ ⇤ N + 1 = [2 , 3 , 4 , . . . ] 9 , . . . Quite similar in spirit to the definition of reals using Cauchy sequences x = [ x 1 , x 2 , x 3 , . . . ] y = [ y 1 , y 2 , y 3 , . . . ] def ⇒ x i < y i for almost all i x < y ⇐ 10 / 21 S.Bliudze, SIM@SYST.Level, Cargèse, 19 th of October, 2014

Everything is a sequence 1 = [1 , 1 , 1 , . . . ] ∗ f = [ f, f, f, . . . ] 1 , 1 2 , 1 ⇥ ⇤ N = [1 , 2 , 3 , . . . ] ε = 1 /N = 3 , . . . 1 , 1 4 , 1 ε 2 = 1 /N 2 = ⇥ ⇤ N + 1 = [2 , 3 , 4 , . . . ] 9 , . . . Quite similar in spirit to the definition of reals using Cauchy sequences x = [ x 1 , x 2 , x 3 , . . . ] y = [ y 1 , y 2 , y 3 , . . . ] def ⇒ x i < y i for almost all i x < y ⇐ 10 / 21 S.Bliudze, SIM@SYST.Level, Cargèse, 19 th of October, 2014

Transfer principle • Non-standard reals are a first-order equivalent model of the real field R ∗ R • Any first-order formula true in is true in and vice-versa. • Example (continuity): ∀ ε ∈ R ( ε > 0) , ∃ δ ∈ R ( δ > 0) : � � | x − a | < δ ⇒ | f ( x ) − f ( a ) | < ε ∀ x ∈ R , 11 / 22 S.Bliudze, SIM@SYST.Level, Cargèse, 19 th of October, 2014

Transfer principle • Non-standard reals are a first-order equivalent model of the real field R ∗ R • Any first-order formula true in is true in and vice-versa. • Example (continuity): ∀ ε ∈ R ( ε > 0) , ∃ δ ∈ R ( δ > 0) : � � | x − a | < δ ⇒ | f ( x ) − f ( a ) | < ε ∀ x ∈ R , ∀ ε ∈ ∗ R ( ε > 0) , ∃ δ ∈ ∗ R ( δ > 0) : � � ∀ x ∈ ∗ R , | x − ∗ a | < δ ⇒ | ∗ f ( x ) − ∗ f ( ∗ a ) | < ε 11 / 22 S.Bliudze, SIM@SYST.Level, Cargèse, 19 th of October, 2014

Ł o ś ' theorem • Generalisation of the transfer principle ∗ R R • Any first-order formula is true in if and only if it is true in for almost all indices. • Example (Archimedean property): ε = [ ε 1 , ε 2 , ε 3 , . . . ] , ∀ i ∈ N , ε i ∈ R ( ε i > 0) ∀ x ∈ R , ∃ n ∈ Z : n ε i < x ≤ ( n + 1) ε i ∀ x ∈ ∗ R , ∃ n ∈ ∗ Z : n ε < x ≤ ( n + 1) ε 12 / 22 S.Bliudze, SIM@SYST.Level, Cargèse, 19 th of October, 2014

QSS approach def = ∗ R + ∗ T 0 ∗ T → r + ε · ∗ Z ε ≈ 0 • Force all dense-time signals to have discrete codomains 14 / 22 S.Bliudze, SIM@SYST.Level, Cargèse, 19 th of October, 2014

The meaning of ODE e x = f ( x, y ) ˙ x (0) = r • Red dots indicate events on the input signal 15 / 22 S.Bliudze, SIM@SYST.Level, Cargèse, 19 th of October, 2014

Inifinite slope signals • After “standardisation” they have vertical slopes 16 / 22 S.Bliudze, SIM@SYST.Level, Cargèse, 19 th of October, 2014

Back to the circuit • When the current reaches the rated value of the first fuse, this produces an input event, inverting the slope 17 / 22 S.Bliudze, SIM@SYST.Level, Cargèse, 19 th of October, 2014

Key assumptions • We rely on two assumptions • The signal passes by all intermediate values in the “right order” (continuity) • The fuse melts infinitely faster than the voltage increases (model assumption) 19 / 22 S.Bliudze, SIM@SYST.Level, Cargèse, 19 th of October, 2014

Key assumptions • We rely on two assumptions • The signal passes by all intermediate values in the “right order” (continuity) • The fuse melts infinitely faster than the voltage increases (model assumption) 19 / 22 S.Bliudze, SIM@SYST.Level, Cargèse, 19 th of October, 2014

Signets f : ∗ [0 , d f ] → ∗ R f (0) = 0 • Consider signals as sequences of additive signets • A signet is a non-standard continuous internal function 20 / 22 S.Bliudze, SIM@SYST.Level, Cargèse, 19 th of October, 2014

Specifying abstraction • Internal functions are 
 sequences of standard functions • As a consequence of Ł o ś ' theorem, we can reason on standard functions to draw conclusions about the signet • Use this to derive interval boundaries for the interval abstraction 21 / 22 S.Bliudze, SIM@SYST.Level, Cargèse, 19 th of October, 2014

Conclusion • We proposed a semantic model for hybrid signals • Uniform (linear) and dense nature of time • The “physical” properties of signals (read “continuity”) • Operational, although not directly implementable • Describes how to compute the exact solution of a system of dynamic equations • Disregarding the finiteness of computational resources • Can serve as a basis for reasoning and implementation • Concrete implementations approximate the solution with non-infinitesimal error • New language features can be discussed on a sound basis • First step towards formalising signal abstraction 22 / 22 S.Bliudze, SIM@SYST.Level, Cargèse, 19 th of October, 2014

Appendix

model BouncingBall Real v, x; 
 constant Real g = 10; initial equation v = 1.0; x = 0.0; equation 
 der (v) = -g; der (x) = v; when x < 0 then reinit(v, -0.8 * pre(v)); reinit(x, 0.0); end when ; end BouncingBall; 24 / 22 S.Bliudze, SIM@SYST.Level, Cargèse, 19 th of October, 2014

model BouncingBall Real v, x; 
 constant Real g = 10; initial equation v = 1.0; x = 0.0; equation 
 der (v) = -g; der (x) = v; when x < 0 then reinit(v, -0.8 * pre(v)); reinit(x, 0.0); end when ; end BouncingBall; 24 / 22 S.Bliudze, SIM@SYST.Level, Cargèse, 19 th of October, 2014

model BouncingBall Real v, x; 
 constant Real g = 10; initial equation v = 1.0; x = 0.0; equation 
 der (v) = -g; der (x) = v; when x < 0 then reinit(v, -0.8 * pre(v)); reinit(x, 0.0); end when ; end BouncingBall; 24 / 22 S.Bliudze, SIM@SYST.Level, Cargèse, 19 th of October, 2014

Which one is correct? 0.06 0.06 0.05 0.04 0.04 0.02 0.03 0 0.02 -0.02 0.01 -0.04 0 -0.01 -0.06 0 0.5 1 1.5 2 0 0.5 1 1.5 2 Results from simulator A Results from simulator B 25 / 21 S.Bliudze, SIM@SYST.Level, Cargèse, 19 th of October, 2014

Which one is correct? 0.06 0.06 0.05 0.04 0.04 0.02 0.03 0 0.02 -0.02 0.01 -0.04 0 -0.01 -0.06 0 0.5 1 1.5 2 0 0.5 1 1.5 2 Results from simulator A Results from simulator B 25 / 21 S.Bliudze, SIM@SYST.Level, Cargèse, 19 th of October, 2014

What’s wrong? n →∞ t n − t 0 = 10 v 0 lim = 1 g 26 / 21 S.Bliudze, SIM@SYST.Level, Cargèse, 19 th of October, 2014