Dina Workshop

Analysing Properties of Hybrid Systems

Rafael Wisniewski

Aalborg University

Dina Workshop

Contents

Example of Coffee Machine Models for Closed Systems Reachability Problem Control Synthesis Continuous Systems

Dina Workshop

Example of the Coffe Machine

Consider a machine M, which distributes coffee and tea. A customer inserts a unit coin and presses a button for tea or coffee, the machine heats water with certain ingredients and releases plastic cups filled with appropriate drinks.

Such a system is decomposed into: Physical Interface (takes care of signals and energy

exchange) Information Processing (processes information enterring the

system regardless the physical origin)

Dina Workshop

Physical Interface vs. Information Processing

Coins

Drinks

Bottons

Coins

Information Processing

PhysicalInformation

Dina Workshop

Information Processing ComponentsPort Meaning

1 A coin was inserted

2 cancel button pressed

3 release the coin

4 suffucuent money inserted

5 money returned to user

6 drink distribution ended

7 coffee button pressed

tea button pressed

8 drink preparation ended

9 start preparing coffee

start preparing tea

M2M1

coin-out

cancel

coin-in

done

reset

ok

st-coffeest-tea

drink-ready

req-coffeereq-tea

1

2

3

4

5

6

7

8

9

Dina Workshop

Machines M1 and M2 – Formalism of Automata

0 1

coin-in/ ok

done/

cancel/ coin-out, reset

M1

A B

C

D

req-tea/ st-tea

req-coffee/ st-coffee

drink-ready/ done

ok/

reset/

drink-ready/ done

M2

Dina Workshop

Synchronous Product M = M1 || M2

Consider two automata G1 = (X1, E1, f1, G1, x01, Xm1), G2 = (X2, E2, f2, G2, x02, Xm2) and

event in G1||G2 occurs if it occurs either in G1 or G2,

G1||G2 = (X1x X2, E1 E2, f, G1||2, (x01, x02), Xm1 x Xm2)

where

(f(x1, e), f(x2, e)) if eG1(x1) G2(x2)

f((x1, x2),e) = (f(x1, e), x2)) if eG1(x1) \ E2

(x1, f(x2, e)) if eG2(x2) \ E1

and

G1||2(x1, x2) = (G1(x1) G2(x2)) (G1(x1) \ E2) (G2(x2) \ E1)

Dina Workshop

M1 and M2

0 1

coin-in/ ok

done/

cancel/ coin-out, reset

M1

A B

C

D

req-tea/ st-tea

req-coffee/ st-coffee

drink-ready/ done

ok/

reset/

drink-ready/ done

M2

Dina Workshop

M1 || M2

0A 1B

1C

1D

req-tea/ st-tea

req-coffee/ st-coffee

drink-ready/

coin-in/

cancel/ coin-out

drink-ready/

0C

0D

cancel/ coin-out

cancel/ coin-out

drink-ready/

drink-ready/

Dina Workshop

Fixing the Bug by ”lock” Label

0 1

coin-in/ ok

done/

cancel/ coin-out, reset

M1

2lock/

A B

C

D

req-tea/ st-tea, lock

req-coffee/ st-coffee, lock

drink-ready/ done

ok/

reset/

drink-ready/ done

M2

Dina Workshop

Well Behaving Product of M1 and M2

0A 1B

2C

2D

req-tea/ st-tea,

req-coffee/ st-coffee

drink-ready/

coin-in/

cancel/ coin-out

drink-ready/

Dina Workshop

Conclusions from the Example

Systems may consist of a great number of components thus the global system appears to be very complicated.

Set of behaviors are paths in the global transition graph. The desired behavior of a system can be specified as a

set of allowed sequences of states and events. Proving that the system is correct amounts to showing that

all sequences generated by the system are those allowed by the specifications.

Dina Workshop

System D-I

D-I is a system not exposed to the external influence and its future evolution depends exclusively on its current state

Definition (System D-I)A transition system is S = (X, f), where X is a set of finite states, and f: X X is the transition function and x0 is the initial state.

NotationX* denotes the set of all sequences over XXk are sequences of length k

Definition (Behavior)Given a transition system S = (X, f) the behavior of S starting from an initial state x0 X is a sequence = {i} X*, i N such that 0 = x0 and i+1 = f(i) i N.

Dina Workshop

Basic Reachability Problem Definition (Basic Reachability Problem)

For a system S with given x0 and a set P X the Basic Reachability Problem is the question if the behavior of S starting at x0 reaches P (does there exist k such that

k P ?). Set of all reachable sets can be generated by

Algorithm 1 (Forward Simulation/Reachability)

0 := x0

F0 := {x0}repeat

k+1 := f(k) Fk+1 := Fk {k+1}until Fk+1 = Fk

F* := Fk

if F* P then the system is reachable Finiteness of X plays a crucial role since the sets P, Fk, and the transition

functions can be stored in finite data structure, secondly the algorithm converges

Dina Workshop

System with One Input

Definition (System D-II)

A one-input transition system is S = (X, V, f), where X and V are finite sets and f: X x V X is the transition function (a partial function).

x1

x2 x4

x3 x5

v1

v1

v1

v1

v2

v1, v2

v2v2

v2

Dina Workshop

System D-II

Definition (Behavior Induced by Input)

Given a system S=(X,V,f) and an input sequence = {i}V*. The behavior of S starting from x0 in the presence of is a sequence:

() = {i} X* such that 0 = x0 and i+1 = f(I, i) i N. Definition (Reachability)

For a D-II system S with given x0 and a set P X the Reachability Problem is the question if Is there some input sequence such that () reaches P.

Naive solution Use Algorithm 1 and feed it with a sufficiently large finite sequence

V* we obtain the set F*() of states reached by (). The set of all reachable states is F* = F*().

Dina Workshop

Execution Tree

x1

x2 x4

x3 x5

v1

v1

v1

v1

v2

v1, v2

v2v2

v2

x1

x2 x3

x5

x2 x5

x3

x4

x5 x5

x3

x4 x5

x2

x1

v1

v1

v1

v1v1 v1 v1

v2

v2v2

v2 v2 v2 v2

Dina Workshop

Forward Reachability Algorithm in Breadth-First Search

x1 x5

x2 x5

x3

x4

x5 x5

x3

x2

x1

v1

v1

v1v1

v2

v2v2

v2 v2

v1

Denote f(x) the set of all immediate successors of x, i.e.

f(x) = {z: u f(x,u) = z} and

f(F) = {f(x): x F}

Algorithm 2 (Forward Reachability)

F0 := {x0}

repeat

Fk+1 := Fk f(Fk)

until Fk+1 = Fk

F* := Fk

Dina Workshop

Forward Reachability Algorithm in Depth-First Search

x5

x2 x5

x3

x4

x5

x3

x4 x5

x2

x1

v1

v1

v1 v1

v1

v2

v2

v2 v2

v2

Dina Workshop

Backward Reachability Denote f -1(x) the set of all immediate predecessors of x, i.e.

f -1(x) = {z: u f(z,u) = x} and

f -1(F) = {f -1(x): x F}

Algorithm 3 (Backward Reachability)

F0 := P

repeat

Fk+1 := Fk f-1(Fk)

until Fk+1 = Fk

F* := Fk

Theorem 1(Algorithmic Verification)

For each type II-D system there exists an algorithm (with a finite number of steps), which verifies reachability to a finite set P.

Dina WorkshopSystem with Two Inputs Definition (System III-D)

A two-input transition system is S = (X, U, V, f) where X, U, V are finite sets and f: X x U x V X is the transition function. (The set U is interpreted as the set of control actions and the set V represents disturbances.)

Definition (Strategy and State Strategy)Let S = (X, U, V, f) be III-D system. A strategy for U is a function c: X* U. A state strategy is a strategy satisfying c(•x) = c(´•x) for every and ´ and hence it can be written as a function d: X U (I.e. strategy is only dependent on the current state, not the entire history).

Remark

Each state strategy converts a type III system S = (X, U, V, f) into type II, Sc = (X, V, fc) such that fc(x, v) = f(x, c(x), v).

Definition (Synthesis for Reachability)Let S = (X, U, V, f) be a type III system and let P X. The controller synthesis problem is to find a startegy c such that all the behaviors of the closed-loop system Sc = (X, V, fc) never reaches P.

Dina Workshop

An Example of Type III System

Let P = {x5} then the state x5 cannot be avoided from x4 by any control, since if we choose u1 the environment can choose v2 and if we choose u2 the environment can choose v1.

x1 x2 x4

x3 x5

v2

u1v1, v2

u2

v2

u2

v2

v2

u2

v2

v2

u2

v2

v1

v1

u1

v1v1

v1

v1

u1

u1

v1

Dina WorkshopController Synthesis Definition (Controllable Predecessors)

Let S = (X, U, V, f) be a type III system. The set of controllable predecessors of F X is defined(F) = {x: u U v V f(x, u, v) F}and it denotes all the states from which the controller, by properly selecting u, can force the system into F in the next step.

Algorithm 4 (Controller Synthesis)

F0 := X-P

repeat

Fk+1 := Fk (Fk)

until Fk+1 = Fk

F* := Fk

Algorithm 4 produces the set F* of states from which reaching P can be forever avoided.

Dina Workshop

An Example of Type III System

In the example the algorithm produces a sequence {x1, x2, x3, x4}, {x1, x2, x3}. The control strategy is c(x1) = u1, c(x2) = u2, and c(x3) = u1.

x1 x2 x4

x3 x5

v2

u1v1, v2

u2

v2

u2

v2

v2

u2

v2

v2

u2

v2

v1

v1

u1

v1v1

v1

v1

u1

u1

v1

Dina Workshop

General Comments on Continuous Systems

In general the reachability problem for infinite state systems is undecidable. Promising idea is to investigate morphisms from infinite-state systems to finite ones.

One can investigate system of the form dx/dt = f(x, ) with control signals of the form : T V.

The first problem is simulation

´[(n+1)] = ´[n] + h(´[n], )

providing approximate of the solution of for discrete time T = {n: n N}.

x0

P

Dina Workshop

Continuous Reachability

Notationx t x’ indicates that there exists an input : [0, t] V such that the behavior () starting at x reaches x’ at time t.

Let F X and I R+ then I-successors of F are all the states that can be reached from F within the time interval I i.e.

fI(F) = {x’: x F t I x t x’ }

x0 Algorithm 5 (Continuous Reachability)

F0 := {x0}

repeat

Fk+1 := Fk f[0,r](Fk)

until Fk+1 = Fk

F* := Fk

Dina Workshop

Comments on Algorithm 5

The algorithm suffers from ability to compute fI(F) exactly and the lack of guarantee for convergence.

Remedy is over estimation by convex polyhedra. It has a good meaning for linear systems dx/dt = Ax + Bu

x0