Weak Singular Hybrid Automata Formal Modeling and Verification for Cyber-Physical Systems Krishna S. Umang Mathur Ashutosh Trivedi Department of Computer Science and Engineering IIT Bombay, Mumbai, India January 18, 2014 Krishna S., Umang Mathur, Ashutosh Trivedi – 1 of 28
Cyber-Physical Systems (CPS) Medical Devices Avionics Energy Automobile Krishna S., Umang Mathur, Ashutosh Trivedi – 2 of 28
Verification/Synthesis with Hybrid Automata – Introduced by Alur et al. to model hybrid systems – Dynamics of physical variables are gives as ordinary differential equations – Quite expressive, but undecidable verification (reachability) problems – Decidable subclasses exists, e.g. – Initialized Rectangular Hybrid automata ( Henzinger et al. ), – Hybrid Automata with Strong Resets ( Bouyer et al. ), – Piecewise constant derivative systems ( Asarin, Maler, and Pnueli ), – Multi-Mode Systems ( Alur, Trivedi, Wojtczak ) – Tool support: HyTECH, PHAVer x 1 = 2 ˙ x 2 = 2 ˙ e m 1 x 1 < 0 , a, { x 2 } d 1 < x 2 < 3 x 1 = 0 ˙ x 1 = − 1 ˙ x 2 = 0 ˙ x 2 = − 1 ˙ m 0 m 3 x 2 > 0 , b x 1 < 22 , c x 1 = − 2 ˙ x 2 = − 2 ˙ m 2 2 ≤ x 1 < 6 Figure: A Hybrid Automata Krishna S., Umang Mathur, Ashutosh Trivedi – 3 of 28
Introduction Green Scheduling Weak Singular Hybrid Automata Syntax and Semantics Reachability and Schedulability Temporal Logic Model Checking Extending WSHA Summary Krishna S., Umang Mathur, Ashutosh Trivedi – 4 of 28
Peak Demand Reduction in Energy Usage 1. Absence of bulk energy storage technology 2. Base-load vs peaking power plants 3. Energy peaks are expensive: – For environment (peaking power plants are typically fossil-fueled ) – For energy providers – For customers (peak power pricing) 4. Energy peaks are often avoidable: – Extreme weather and energy peaks – Heating, Ventilation, and Air-conditioning (HVAC) Units 5. Load-balancing methods: – Load shedding – Load shifting – Green scheduling Krishna S., Umang Mathur, Ashutosh Trivedi – 5 of 28
Green Scheduling Zones \ HVAC Units Modes HIGH LOW OFF X (Temp. Change Rate/ Energy Usage) -2/3 -1/2 2/0.2 Y (Temp. Change Rate/ Energy Usage) -2/3 -1/2 3/0.2 – Assume that comfortable temperature range is 65 o F to 70 o F . – Energy is extremely expensive if peak demand dips above 4 units in a billing period Krishna S., Umang Mathur, Ashutosh Trivedi – 6 of 28
Green Scheduling Zones \ HVAC Units Modes HIGH LOW OFF X (Temp. Change Rate/ Energy Usage) -2/3 -1/2 2/0.2 Y (Temp. Change Rate/ Energy Usage) -2/3 -1/2 3/0.2 – Assume that comfortable temperature range is 65 o F to 70 o F . – Energy is extremely expensive if peak demand dips above 4 units in a billing period Problem Find an “implementable” switching schedule that keeps the temperatures within comfort zone and peak usage within 4 units? Krishna S., Umang Mathur, Ashutosh Trivedi – 6 of 28
Green Scheduling: Contd x = − 2 ˙ x = − 1 ˙ x = − 1 ˙ y = 3 ˙ y = − 1 ˙ y = 3 ˙ m 1 m 2 m 3 x = 2 ˙ x = 2 ˙ x = 2 ˙ y = − 2 ˙ y = − 1 ˙ y = 3 ˙ m 6 m 4 m 5 Safe Schedulability Problem Does there exist a switching schedule using these modes such that the temperatures of all zones stays in comfortable region? Krishna S., Umang Mathur, Ashutosh Trivedi – 7 of 28
Multi-mode Systems: Safe Schedulability x = − 2 ˙ x = − 1 ˙ x = − 1 ˙ y = 3 ˙ y = − 1 ˙ y = 3 ˙ m 1 m 2 m 3 x = 2 ˙ x = 2 ˙ x = 2 ˙ y = − 2 ˙ y = − 1 ˙ y = 3 ˙ m 6 m 4 m 5 Safe set: x ∈ [65 , 70] , y ∈ [65 , 70] x 68 y 68 s 0 Krishna S., Umang Mathur, Ashutosh Trivedi – 8 of 28
Multi-mode Systems: Safe Schedulability x = − 2 ˙ x = − 1 ˙ x = − 1 ˙ y = 3 ˙ y = − 1 ˙ y = 3 ˙ m 1 m 2 m 3 x = 2 ˙ x = 2 ˙ x = 2 ˙ y = − 2 ˙ y = − 1 ˙ y = 3 ˙ m 6 m 4 m 5 Safe set: x ∈ [65 , 70] , y ∈ [65 , 70] ( m 2 , 1) x 68 67 y 68 67 s 0 s 1 Krishna S., Umang Mathur, Ashutosh Trivedi – 8 of 28
Multi-mode Systems: Safe Schedulability x = − 2 ˙ x = − 1 ˙ x = − 1 ˙ y = 3 ˙ y = − 1 ˙ y = 3 ˙ m 1 m 2 m 3 x = 2 ˙ x = 2 ˙ x = 2 ˙ y = − 2 ˙ y = − 1 ˙ y = 3 ˙ m 6 m 4 m 5 Safe set: x ∈ [65 , 70] , y ∈ [65 , 70] ( m 2 , 1) ( m 3 , 1) x 68 67 66 y 68 67 70 s 0 s 1 s 2 Krishna S., Umang Mathur, Ashutosh Trivedi – 8 of 28
Multi-mode Systems: Safe Schedulability x = − 2 ˙ x = − 1 ˙ x = − 1 ˙ y = 3 ˙ y = − 1 ˙ y = 3 ˙ m 1 m 2 m 3 x = 2 ˙ x = 2 ˙ x = 2 ˙ y = − 2 ˙ y = − 1 ˙ y = 3 ˙ m 6 m 4 m 5 Safe set: x ∈ [65 , 70] , y ∈ [65 , 70] ( m 2 , 1) ( m 3 , 1) ( m 4 , 1) x 68 67 66 68 y 68 67 70 68 s 0 s 1 s 2 s 3 Krishna S., Umang Mathur, Ashutosh Trivedi – 8 of 28
Multi-mode Systems: Safe Schedulability x = − 2 ˙ x = − 1 ˙ x = − 1 ˙ y = 3 ˙ y = − 1 ˙ y = 3 ˙ m 1 m 2 m 3 x = 2 ˙ x = 2 ˙ x = 2 ˙ y = − 2 ˙ y = − 1 ˙ y = 3 ˙ m 6 m 4 m 5 Safe set: x ∈ [65 , 70] , y ∈ [65 , 70] ( m 2 , 1) ( m 3 , 1) ( m 4 , 1) ( m 2 , 1) x 68 67 66 68 67 · · · y 68 67 70 68 67 s 0 s 1 s 2 s 3 s 4 Krishna S., Umang Mathur, Ashutosh Trivedi – 8 of 28
Multi-mode Systems: Safe Schedulability x = − 2 ˙ x = − 1 ˙ x = − 1 ˙ y = 3 ˙ y = − 1 ˙ y = 3 ˙ m 1 m 2 m 3 x = 2 ˙ x = 2 ˙ x = 2 ˙ y = − 2 ˙ y = − 1 ˙ y = 3 ˙ m 6 m 4 m 5 Safe set: x ∈ [65 , 70] , y ∈ [65 , 70] ( m 2 , 1) ( m 3 , 1) ( m 4 , 1) ( m 2 , 1) x 68 67 66 68 67 · · · y 68 67 70 68 67 s 0 s 1 s 2 s 3 s 4 Krishna S., Umang Mathur, Ashutosh Trivedi – 8 of 28
Multi-mode Systems: Zeno schedule x = − 2 ˙ x = − 1 ˙ x = − 1 ˙ y = 3 ˙ y = − 1 ˙ y = 3 ˙ m 1 m 2 m 3 x = 2 ˙ x = 2 ˙ x = 2 ˙ y = − 2 ˙ y = − 1 ˙ y = 3 ˙ m 6 m 4 m 5 Safe set: x ∈ [65 , 70] , y ∈ [65 , 70] ( m 2 , 0) ( m 3 , 0) ( m 4 , 0) ( m 2 , 0) 68 68 68 68 68 · · · x 68 68 68 68 68 y s 0 s 1 s 2 s 3 s 4 Zeno Schedule Krishna S., Umang Mathur, Ashutosh Trivedi – 9 of 28
Multi-mode Systems: Zeno schedule x = − 2 ˙ x = − 1 ˙ x = − 1 ˙ y = 3 ˙ y = − 1 ˙ y = 3 ˙ m 1 m 2 m 3 x = 2 ˙ x = 2 ˙ x = 2 ˙ y = − 2 ˙ y = − 1 ˙ y = 3 ˙ m 6 m 4 m 5 Safe set: x ∈ [65 , 70] , y ∈ [65 , 70] ( m 3 , 1 ( m 4 , 1 ( m 2 , 1 2 ) 4 ) 8 ) ( m 2 , 1) 68 67 66 . 5 67 66 . 875 · · · x 68 67 68 . 5 68 67 . 875 y s 0 s 1 s 2 s 3 s 4 Zeno Schedule Krishna S., Umang Mathur, Ashutosh Trivedi – 10 of 28
Definition Definition (Constant-Rate Multi-Mode Systems: MMS) A MMS is a tuple H = ( M, n, R ) where – M is a finite nonempty set of modes, – n is the number of continuous variables, – R : M → R n gives for each mode the rate vector, – S ⊆ R n is a bounded convex set of safe states. Safe Schedulability Problem Given a multi-mode system and a starting state, decide whether there exists a non-Zeno safe schedule. Safe Reachability Problem Given a multi-mode system, a starting state and a target state, decide whether there exists a safe schedule from starting state to target state. Krishna S., Umang Mathur, Ashutosh Trivedi – 11 of 28
Key Results Theorem (Alur et. al) Safe schedulability can be solved in polynomial time. Theorem (Alur et. al) Safe reachability problem can be solved in polynomial time if both starting and target states are in the interior of safety set. Both the problems essentially boil down to solving a linear program polynomial in size of the inputs. Krishna S., Umang Mathur, Ashutosh Trivedi – 12 of 28
Safe Schedulability Problem: Geometry ( − 1 , 3) ( − 2 , 3) (2 , 3) x = − 2 ˙ x = − 1 ˙ x = − 1 ˙ m 3 m 1 m 6 y = 3 ˙ y = − 1 ˙ y = 3 ˙ m 1 m 2 m 3 m 2 m 5 m 4 ( − 1 , − 1) (2 , − 1) x = 2 ˙ x = 2 ˙ x = 2 ˙ y = − 2 ˙ y = − 1 ˙ y = 3 ˙ (2 , − 2) m 6 m 4 m 5 Safe set: x ∈ [65 , 70] , y ∈ [65 , 70] Krishna S., Umang Mathur, Ashutosh Trivedi – 13 of 28
Safe Schedulability Problem: Geometry m 6 m 3 m 1 m 2 m 5 m 4 s 1 Krishna S., Umang Mathur, Ashutosh Trivedi – 14 of 28
Safe Schedulability Problem: Geometry m 6 m 3 m 1 m 2 m 5 m 4 s 1 Krishna S., Umang Mathur, Ashutosh Trivedi – 14 of 28
Safe Schedulability Problem: Geometry m 6 m 3 m 1 m 2 m 5 m 4 s 1 Krishna S., Umang Mathur, Ashutosh Trivedi – 14 of 28
Safe Schedulability Problem: Geometry m 6 m 3 m 1 m 2 m 5 m 4 s 2 s 1 Krishna S., Umang Mathur, Ashutosh Trivedi – 14 of 28
Safe Schedulability Problem: Interior Case Theorem Assume that the starting state lies in the interior of the safety set. A safe non-Zeno schedule exists if and only if | M | X R ( i ) · f i = 0 i =1 | M | X f i = 1 . i =1 for some f 1 , f 2 , . . . , f | M | ≥ 0 . Moreover, such a schedule is periodic. Krishna S., Umang Mathur, Ashutosh Trivedi – 15 of 28
Reachability Problem: Geometry m 6 m 3 m 1 m 2 m 5 m 4 s 5 s 1 Krishna S., Umang Mathur, Ashutosh Trivedi – 16 of 28
Reachability Problem: Geometry m 6 m 3 m 1 m 2 m 5 m 4 s 3 s 5 s 2 s 1 Krishna S., Umang Mathur, Ashutosh Trivedi – 16 of 28
Safe Reachability Problem Theorem Assume that the starting state s 0 and the target state s t lie in the interior of the safety set. A safe schedule exists from s 0 to s t exists if and only if | M | X s 0 + R ( i ) · t i = s t i =1 for some t 1 , t 2 , . . . , t | M | ≥ 0 . Krishna S., Umang Mathur, Ashutosh Trivedi – 17 of 28
Recommend
More recommend