Optimal and Robust controller Synthesis Using Energy Timed Automata - PowerPoint PPT Presentation

Optimal and Robust controller Synthesis Using Energy Timed Automata with Uncertainty Giovanni Bacci, Patricia Bouyer, Uli Fahrenberg, Kim G. Larsen, Nicolas Markey, Pierre-Alain Reynier Presentation based on a paper accepted for publication at Formal Methods (FM’18) Work supported by ERC projects LASSO and EQualIS

Industrial Example: the HYDAC system System components • A machine that consumes oil according to Accumulator 2 . 2 l / s a fixed cyclic pattern of 20 s Pump • Hydraulic accumulator containing oil and V max a fixed amount of gas that puts the oil under pressure V min • Controllable pump (on/o ff ) which pumps Machine oil into the accumulator with rate 2.2 l/s The control objective 3.0 • The level of oil shall be maintained within a 2.8 Machine Rate (litre/second) 2.5 2.6 2.4 safe interval [V max ; V min ] = [4.9; 25.1] l 2.2 2.0 1.7 • The system shall never stop 1.8 1.6 1.4 • The controller shall minimise the average 1.2 1.2 1.2 1.0 0.8 ] [ level of oil so that the oil pressure is kept 0.5 0.6 0.4 as low as possible 0.2 0.0 0 2 4 6 8 10 12 14 16 18 20 Time (second) Cassez, Jensen, Larsen, Raskin, Reyner - Automatic Synthesis of Robust and Optimal Controllers (HSCC’09)

Motivation • Automatic synthesis of controllers for embedded systems is a di ffi cult task • They need to satisfy safety properties involving non- functional aspects such as time constraints and limited resources • While ensuring optimality w.r.t. given performance objectives

Energy constraints picture taken from gomspace.com

Our contribution • Novel framework for automatic synthesis of safe & optimal controllers for resource-aware systems modelled as energy timed automata • Controller synthesis are obtained by solving time- and energy-constrained infinite run problems • We address an open problem from [Bouyer, Fahrenberg, Larsen, Markey, Srba — FORMATS’08]

Context Bouyer, Fahrenberg, Larsen, Markey, Srba — Infinite Runs in Weighted Timed Automata with Energy Constraints (FORMATS’08)

Energy Timed Automata Clock invariants Finite set of I : S → C(X) clocks A = (S, S 0 , X, I, r, T) Rate assignment Finite set of Transition relation r : S → ℚ states T ⊆ S × C(X) × ℚ × 2 X × S y ≥ 1 u : − 3 x = 1 u : 0 4 s 0 s 1 s 2 : y := 0 x := 0 , y := 0 y ≤ 1 y ≤ 1 r : +2 r : +4 An ETA is an Energy Timed Path (ETP) when “it looks like a chain” and all clocks are reset on the last transition

Energy Timed Automata y ≥ 1 u : − 3 x = 1 u : 0 4 s 0 s 1 s 2 : y := 0 x := 0 , y := 0 y ≤ 1 y ≤ 1 r : +2 r : +4 A finite run of A w 4.2 An ETA generates runs (i.e., ρ s 0 sequences of configurations) 3 s 1 describing how the clocks 2.8 s 0 s 2 and the energy level evolves over time s 1 1.2 t 0.6 0 1

Segmented ETA Transition labels macro-states P : T → ETP A = (S,T,P) y ≥ 0 . 25 u : − 3 x =1 s 2 s 3 s 2 Transitions y :=0 x :=0 y :=0 r :+2 r :+4 s 0 s 2 ): x ≥ 1 u :+1 s 0 s 1 s 2 y :=0 x :=0 y :=0 r : − 1 r :0 A SETA is called • flat when for each s ∈ S there is at most one path from s to itself. • depth-1 whenever the graph is tree-like with only loops at leaves

Segmented ETA y ≥ 0 . 25 u : − 3 x =1 s 0 s 2 s 2 s 3 s 2 ): y :=0 x :=0 y :=0 r :+2 r :+4 x ≥ 1 u :+1 s 0 s 1 s 2 y :=0 x :=0 y :=0 r :0 r : − 1 w s 2 A finite (resp., infinite) s 1 s 2 s 3 s 1 s 3 execution of a SETA is a s 0 s 2 s 2 s 2 s 0 finite (resp., infinite) s 3 sequence of finite runs s 3 generated by its ETPs ρ 1 ρ 2 ρ 3 t 0 1 2 3

The energy-constrained infinite-run problem INPUT GOAL • An Energy timed automaton A Decide whether exists an • Initial state s 0 infinite execution of A • Initial energy level w 0 starting from (s 0 , 0, w 0 ) • Energy interval E = [L,U] that satisfies E w U s 2 s 1 s 2 s 3 s 1 s 3 s 0 s 2 s 2 s 2 s 0 s 3 s 3 L ρ 1 ρ 2 ρ 3 t 0 1 2 3

The energy-constrained infinite-run problem INPUT GOAL • An Energy timed automaton A Decide whether exists an • Initial state s 0 infinite execution of A • Initial energy level w 0 starting from (s 0 , 0, w 0 ) • Energy interval E = [L,U] that satisfies E … what was known so far Theorem [Markey’11] The energy constrained infinite-run problem is undecidable for ETAs with at least 2 clocks

Our contribution to the problem Theorem [Bacci et al. FM’18] The energy-constrained infinite-run problem is decidable for flat SETAs Theorem [Bacci et al. FM’18] For a fixed lower bound L, the existence of an energy upper bound U that solves the energy-constrained infinite run problem is decidable for flat SETA. For depth-1 flat SETA we can compute the least U. w U s 2 s 1 s 2 s 3 s 1 s 3 s 0 s 2 s 2 s 2 s 0 s 3 s 3 L ρ 1 ρ 2 ρ 3 t 0 1 2 3

The idea behind Consider an Energy Timed Path y ≥ 1 E = [0;5] u : − 3 x = 1 u : 0 4 s 0 s 1 s 2 P : y := 0 x := 0 , y := 0 y ≤ 1 y ≤ 1 r : +2 r : +4 Translation into a first- R E P ( w 0 , w 1 ) order formula in the k w 1 linear theory of the reals on Def. 5 ith 0 1 2 3 4 5 4 of ∃ d 0 , d 1 . d 0 ∈ [0 . 25; 1] ∧ d 1 ∈ [0; 1] ∧ d 0 + d 1 = 1 ∧ 3 w 0 ∈ [0; 5] ∧ w 0 + 2 d 0 ∈ [0; 5] ∧ w 0 + 2 d 0 − 3 ∈ [0; 5] ∧ w 1 = w 0 + 2 d 0 + 4 d 1 − 3 ∧ w 1 ∈ [0; 5] . 2 on 1 − ∧ ∈ w 0 0 0 1 2 3 4 5 o ( w 1 + 2 ≤ 2 w 0 ≤ w 1 + 4) ∧ ( w 1 − 0 . 5 ≤ w 0 ≤ w 1 + 1). g polyhedron is depicted above. / Quantifier elimination

The Energy Relation Energy Relation n − 1 X R E P ( w 0 , w 1 ) ⇐ ⇒ ∃ ( d i ) 0 ≤ i<n . � timing ∧ � energy ∧ w 1 = w 0 + ( d k · r ( s k ) + u k ) k =0 k Energy Functions w 1 (*) Indices are removed on to shorten notation 5 ith Forward propagation 4 of as R ( I ) = { w 1 ∈ E | ∃ w 0 ∈ I. R ( w 0 , w 1 ) } . 3 I R { | ∃ R ∈ ∈ Backward propagation 2 on R − 1 ( I ) = { w 0 ∈ E | ∃ w 1 ∈ I. R ( w 0 , w 1 ) } 1 w 0 0 0 1 2 3 4 5

The Energy Relation Energy Relation n − 1 X R E P ( w 0 , w 1 ) ⇐ ⇒ ∃ ( d i ) 0 ≤ i<n . � timing ∧ � energy ∧ w 1 = w 0 + ( d k · r ( s k ) + u k ) k =0 k Energy Functions w 1 (*) Indices are removed on shorten notation 5 ith Forward propagation 4 of as R ( I ) = { w 1 ∈ E | ∃ w 0 ∈ I. R ( w 0 , w 1 ) } . 3 I R { | ∃ R ∈ ∈ Backward propagation 2 on R − 1 ( I ) = { w 0 ∈ E | ∃ w 1 ∈ I. R ( w 0 , w 1 ) } 1 w 0 0 0 1 2 3 4 5

The Energy Relation Energy Relation n − 1 X R E P ( w 0 , w 1 ) ⇐ ⇒ ∃ ( d i ) 0 ≤ i<n . � timing ∧ � energy ∧ w 1 = w 0 + ( d k · r ( s k ) + u k ) k =0 k Energy Functions w 1 (*) Indices are removed on shorten notation 5 ith Forward propagation 4 of as R ( I ) = { w 1 ∈ E | ∃ w 0 ∈ I. R ( w 0 , w 1 ) } . 3 R(I) I R { | ∃ R ∈ ∈ Backward propagation 2 on R − 1 ( I ) = { w 0 ∈ E | ∃ w 1 ∈ I. R ( w 0 , w 1 ) } 1 I w 0 0 0 1 2 3 4 5

The Energy Relation Energy Relation n − 1 X R E P ( w 0 , w 1 ) ⇐ ⇒ ∃ ( d i ) 0 ≤ i<n . � timing ∧ � energy ∧ w 1 = w 0 + ( d k · r ( s k ) + u k ) k =0 k Energy Functions w 1 (*) Indices are removed on shorten notation 5 ith Forward propagation 4 of as R ( I ) = { w 1 ∈ E | ∃ w 0 ∈ I. R ( w 0 , w 1 ) } . 3 I I R { | ∃ R ∈ ∈ Backward propagation 2 on R − 1 ( I ) = { w 0 ∈ E | ∃ w 1 ∈ I. R ( w 0 , w 1 ) } 1 w 0 0 0 1 2 3 4 5 R -1 (I)

The Energy Relation Energy Relation n − 1 X R E P ( w 0 , w 1 ) ⇐ ⇒ ∃ ( d i ) 0 ≤ i<n . � timing ∧ � energy ∧ w 1 = w 0 + ( d k · r ( s k ) + u k ) k =0 k Energy Functions w 1 (*) Indices are removed on shorten notation 5 ith Forward propagation 4 of as R ( I ) = { w 1 ∈ E | ∃ w 0 ∈ I. R ( w 0 , w 1 ) } . 3 I R { | ∃ R ∈ ∈ Backward propagation 2 on R − 1 ( I ) = { w 0 ∈ E | ∃ w 1 ∈ I. R ( w 0 , w 1 ) } 1 w 0 0 0 1 2 3 4 5 s ( P i ) 1 ≤ i ≤ k . Consider a finite sequence of ETAs Described as a s R E P k � · · · � R E s R E finite conjunction of P . = linear constraints over P 1 w 0 and w 1 − ⇥ E that can be

From R to infinite runs s ( P i ) 1 ≤ i ≤ k . forming a cycle Consider a finite sequence of ETAs s R E P k � · · · � R E s R E P . = P 1 − ⇥ E that can be ⌫ R − 1 A post-fixed point for is a set of initial energy values that can be forward propagated infinitely many times. In particular, the greatest fixed point contains all the initial energy values that admit an infinite run satisfying E ⌫ R − 1 = \ ( R − 1 ) i ( E ) . i ∈ N

Characterising ν R − 1 ⌫ R − 1 = \ ( R − 1 ) i ( E ) . i ∈ N A generic post-fixed point [a; b] is logically characterised as follows φ ( a, b ) := a ≤ b ∧ a ∈ E ∧ b ∈ E ∧ ∀ w 0 ∈ [ a ; b ] . ∃ w 1 ∈ [ a ; b ] . R E P ( w 0 , w 1 ) By applying quantifier elimination (to w 0 an w 1 ) the above formula may be transformed in a finite disjunction of linear constraints, thus max a,b { b − a | φ ( a, b ) holds } This gives a method ν R − 1 for computing nuR1

Finding an infinite-run in a SETA Consider the initial energy w 0 = 3 and the energy interval E = [0; 5] y ≥ 0 . 25 u : − 3 x =1 s 0 s 2 s 2 s 3 s 2 ): y :=0 x :=0 y :=0 r :+2 r :+4 x ≥ 1 u :+1 s 0 s 1 s 2 y :=0 x :=0 y :=0 r :0 r : − 1 w U = 5 s 2 s 1 s 2 s 3 s 1 s 3 s 0 s 2 s 2 s 2 s 0 s 3 s 3 ρ 1 ρ 2 ρ 3 L = 0 t 0 1 2 3