![Page 1: ESE601: Hybrid Systems Some tools for verification Spring 2006](https://reader035.vdocument.in/reader035/viewer/2022062515/56649cc55503460f9498e1a3/html5/thumbnails/1.jpg)
ESE601: Hybrid Systems
Some tools for verification
Spring 2006
![Page 2: ESE601: Hybrid Systems Some tools for verification Spring 2006](https://reader035.vdocument.in/reader035/viewer/2022062515/56649cc55503460f9498e1a3/html5/thumbnails/2.jpg)
Software tools for verification
See the Hybrid Systems wiki at GRASP:http://wiki.grasp.upenn.edu/~graspdoc/hst/index.php?n=Main.HomePage
Today we are going to discuss:• MATISSE for reachability of constrained linear
systems.• SOSTOOLS for computation of barrier certificate for
nonlinear systems• UPPAAL for verification of timed automata
![Page 3: ESE601: Hybrid Systems Some tools for verification Spring 2006](https://reader035.vdocument.in/reader035/viewer/2022062515/56649cc55503460f9498e1a3/html5/thumbnails/3.jpg)
MATISSE
• MATISSE is a MATLAB toolbox.
• ‘Developed by Antoine Girard and George Pappas at UPenn.
• Main purpose is to compute abstraction/reduction of constrained linear systems, based on approximate bisimulation. [will be discussed later]
• Contains a functionality to compute the reachable set of a constrained linear system.
![Page 4: ESE601: Hybrid Systems Some tools for verification Spring 2006](https://reader035.vdocument.in/reader035/viewer/2022062515/56649cc55503460f9498e1a3/html5/thumbnails/4.jpg)
Constrained Linear Systems
• Constraints and reachable set are expressed as zonotopes.
• Constrained linear systems are systems of the form:
• The set I and U are zonotopes.
![Page 5: ESE601: Hybrid Systems Some tools for verification Spring 2006](https://reader035.vdocument.in/reader035/viewer/2022062515/56649cc55503460f9498e1a3/html5/thumbnails/5.jpg)
What is a zonotope?
• Zonotope: Minkowski sum of a finite number of segments.
• c is the center of the zonotope, {g1,…,gp} are the generators. The ratio p/n is the order of the zonotope.
Two dimensional zonotope with 3 generators
.1x1 ,gxcx ,RxZpi
1iiii
n
![Page 6: ESE601: Hybrid Systems Some tools for verification Spring 2006](https://reader035.vdocument.in/reader035/viewer/2022062515/56649cc55503460f9498e1a3/html5/thumbnails/6.jpg)
• The encoding of a zonotope has a polynomial complexity with the dimension.
• The set of zonotopes is closed under linear transformation
• The set of zonotopes is closed under the Minkowski sum
).Lg,,Lg(Lc,LZ ),g,,g(c,Z p1p1
).h,,h,(cZ ),g,,g,(cZ q122p111
).h,,h,g,,g,c(cZZ q1p12121
• Exactly what we need for our reachability algorithm
Some Properties of Zonotopes
![Page 7: ESE601: Hybrid Systems Some tools for verification Spring 2006](https://reader035.vdocument.in/reader035/viewer/2022062515/56649cc55503460f9498e1a3/html5/thumbnails/7.jpg)
Usage
• A constrained linear system (CLS) is defined as a 5-tuple, (A,B,C,U,I).
• Example:
![Page 8: ESE601: Hybrid Systems Some tools for verification Spring 2006](https://reader035.vdocument.in/reader035/viewer/2022062515/56649cc55503460f9498e1a3/html5/thumbnails/8.jpg)
Reachable set
• Reachable set is computed using the function reach_set. The function returns two arrays of zonotopes.
• S is a CLS, dt is the time step, N is the number of intervals. The end time of the reachability algorithm is thus N x dt.
• Then, a 2-dimensional cross-section of the reachability set can be plotted using:
![Page 9: ESE601: Hybrid Systems Some tools for verification Spring 2006](https://reader035.vdocument.in/reader035/viewer/2022062515/56649cc55503460f9498e1a3/html5/thumbnails/9.jpg)
Plotting the reachable set
• Plotting the reachability set in 2D:
• P is a 2xm matrix that defines the projection from output space to .
• The color of the plot is defined by the last option. In this case ‘b’ means blue, ‘r’ means red, etc
![Page 10: ESE601: Hybrid Systems Some tools for verification Spring 2006](https://reader035.vdocument.in/reader035/viewer/2022062515/56649cc55503460f9498e1a3/html5/thumbnails/10.jpg)
Example
2 4 6 8 10 12 14 16-15
-10
-5
0
5
10
15
20
![Page 11: ESE601: Hybrid Systems Some tools for verification Spring 2006](https://reader035.vdocument.in/reader035/viewer/2022062515/56649cc55503460f9498e1a3/html5/thumbnails/11.jpg)
SOSTOOLS for barrier certificate
• SOSTOOLS is a MATLAB toolbox for formulating and solving sums of squares (SOS) optimization programs.
• It is developed by a group from Caltech. Website: http://www.cds.caltech.edu/sostools • The problems are solved using Sedumi or SDPT3,
both well-known semidefinite programming solver, with SOSTOOLS handling internally all the necessary reformulations and data conversion.
![Page 12: ESE601: Hybrid Systems Some tools for verification Spring 2006](https://reader035.vdocument.in/reader035/viewer/2022062515/56649cc55503460f9498e1a3/html5/thumbnails/12.jpg)
Sum of squares
![Page 13: ESE601: Hybrid Systems Some tools for verification Spring 2006](https://reader035.vdocument.in/reader035/viewer/2022062515/56649cc55503460f9498e1a3/html5/thumbnails/13.jpg)
Gram matrix representation
![Page 14: ESE601: Hybrid Systems Some tools for verification Spring 2006](https://reader035.vdocument.in/reader035/viewer/2022062515/56649cc55503460f9498e1a3/html5/thumbnails/14.jpg)
Sum of squares program (SOSP)
The feasible set of solutions is convex.
![Page 15: ESE601: Hybrid Systems Some tools for verification Spring 2006](https://reader035.vdocument.in/reader035/viewer/2022062515/56649cc55503460f9498e1a3/html5/thumbnails/15.jpg)
Basic steps
![Page 16: ESE601: Hybrid Systems Some tools for verification Spring 2006](https://reader035.vdocument.in/reader035/viewer/2022062515/56649cc55503460f9498e1a3/html5/thumbnails/16.jpg)
Usage
•Polynomials can be declared symbolically:
• A SOSP is initialized using the function sosprogram.
• Declaring scalar decision variables
![Page 17: ESE601: Hybrid Systems Some tools for verification Spring 2006](https://reader035.vdocument.in/reader035/viewer/2022062515/56649cc55503460f9498e1a3/html5/thumbnails/17.jpg)
Usage
• Declaring polynomial variables.
• Declaring SOS polynomial variables is done in terms of the constructing vector of monomials.
![Page 18: ESE601: Hybrid Systems Some tools for verification Spring 2006](https://reader035.vdocument.in/reader035/viewer/2022062515/56649cc55503460f9498e1a3/html5/thumbnails/18.jpg)
Usage
• Adding equality constraints.
will add the following equality constraint to the program
• Adding inequality constraints.
will add the following inequality constraint to the program
![Page 19: ESE601: Hybrid Systems Some tools for verification Spring 2006](https://reader035.vdocument.in/reader035/viewer/2022062515/56649cc55503460f9498e1a3/html5/thumbnails/19.jpg)
Usage
•The solver is called using sossolve function.
• The output contains:
•The solution is then obtained by the function sosgetsol.
SOSP variable
![Page 20: ESE601: Hybrid Systems Some tools for verification Spring 2006](https://reader035.vdocument.in/reader035/viewer/2022062515/56649cc55503460f9498e1a3/html5/thumbnails/20.jpg)
Safety verification
![Page 21: ESE601: Hybrid Systems Some tools for verification Spring 2006](https://reader035.vdocument.in/reader035/viewer/2022062515/56649cc55503460f9498e1a3/html5/thumbnails/21.jpg)
Safety verification
![Page 22: ESE601: Hybrid Systems Some tools for verification Spring 2006](https://reader035.vdocument.in/reader035/viewer/2022062515/56649cc55503460f9498e1a3/html5/thumbnails/22.jpg)
Safety verification
![Page 23: ESE601: Hybrid Systems Some tools for verification Spring 2006](https://reader035.vdocument.in/reader035/viewer/2022062515/56649cc55503460f9498e1a3/html5/thumbnails/23.jpg)
UPPAAL
• UPPAAL is a software tool for modeling and verification of timed automata.
• UPPAAL is developed by a group of researchers from Uppsala (Sweden) and Aalborg (Denmark).
• It has a graphical interface.
• A complex system can be modeled as a network of hybrid automata, sharing some global variables (including clocks), and synchronizing with a handshake.
![Page 24: ESE601: Hybrid Systems Some tools for verification Spring 2006](https://reader035.vdocument.in/reader035/viewer/2022062515/56649cc55503460f9498e1a3/html5/thumbnails/24.jpg)
• Two automata can execute a transition labeled ‘lab’ if the guards are satisfied at both automata, and in one automaton the transition is label as ‘lab?’ and the other ‘lab!’.
• Verification is done by verifying temporal logic formulas. When a formula is invalid, a counterexample is provided.
UPPAAL
lab?
lab!synchronize