ese601: hybrid systems some tools for verification spring 2006
TRANSCRIPT
ESE601: Hybrid Systems
Some tools for verification
Spring 2006
Software tools for verification
See the Hybrid Systems wiki at GRASP:http://wiki.grasp.upenn.edu/~graspdoc/hst/index.php?n=Main.HomePage
Today we are going to discuss:• MATISSE for reachability of constrained linear
systems.• SOSTOOLS for computation of barrier certificate for
nonlinear systems• UPPAAL for verification of timed automata
MATISSE
• MATISSE is a MATLAB toolbox.
• ‘Developed by Antoine Girard and George Pappas at UPenn.
• Main purpose is to compute abstraction/reduction of constrained linear systems, based on approximate bisimulation. [will be discussed later]
• Contains a functionality to compute the reachable set of a constrained linear system.
Constrained Linear Systems
• Constraints and reachable set are expressed as zonotopes.
• Constrained linear systems are systems of the form:
• The set I and U are zonotopes.
What is a zonotope?
• Zonotope: Minkowski sum of a finite number of segments.
• c is the center of the zonotope, {g1,…,gp} are the generators. The ratio p/n is the order of the zonotope.
Two dimensional zonotope with 3 generators
.1x1 ,gxcx ,RxZpi
1iiii
n
• The encoding of a zonotope has a polynomial complexity with the dimension.
• The set of zonotopes is closed under linear transformation
• The set of zonotopes is closed under the Minkowski sum
).Lg,,Lg(Lc,LZ ),g,,g(c,Z p1p1
).h,,h,(cZ ),g,,g,(cZ q122p111
).h,,h,g,,g,c(cZZ q1p12121
• Exactly what we need for our reachability algorithm
Some Properties of Zonotopes
Usage
• A constrained linear system (CLS) is defined as a 5-tuple, (A,B,C,U,I).
• Example:
Reachable set
• Reachable set is computed using the function reach_set. The function returns two arrays of zonotopes.
• S is a CLS, dt is the time step, N is the number of intervals. The end time of the reachability algorithm is thus N x dt.
• Then, a 2-dimensional cross-section of the reachability set can be plotted using:
Plotting the reachable set
• Plotting the reachability set in 2D:
• P is a 2xm matrix that defines the projection from output space to .
• The color of the plot is defined by the last option. In this case ‘b’ means blue, ‘r’ means red, etc
Example
2 4 6 8 10 12 14 16-15
-10
-5
0
5
10
15
20
SOSTOOLS for barrier certificate
• SOSTOOLS is a MATLAB toolbox for formulating and solving sums of squares (SOS) optimization programs.
• It is developed by a group from Caltech. Website: http://www.cds.caltech.edu/sostools • The problems are solved using Sedumi or SDPT3,
both well-known semidefinite programming solver, with SOSTOOLS handling internally all the necessary reformulations and data conversion.
Sum of squares
Gram matrix representation
Sum of squares program (SOSP)
The feasible set of solutions is convex.
Basic steps
Usage
•Polynomials can be declared symbolically:
• A SOSP is initialized using the function sosprogram.
• Declaring scalar decision variables
Usage
• Declaring polynomial variables.
• Declaring SOS polynomial variables is done in terms of the constructing vector of monomials.
Usage
• Adding equality constraints.
will add the following equality constraint to the program
• Adding inequality constraints.
will add the following inequality constraint to the program
Usage
•The solver is called using sossolve function.
• The output contains:
•The solution is then obtained by the function sosgetsol.
SOSP variable
Safety verification
Safety verification
Safety verification
UPPAAL
• UPPAAL is a software tool for modeling and verification of timed automata.
• UPPAAL is developed by a group of researchers from Uppsala (Sweden) and Aalborg (Denmark).
• It has a graphical interface.
• A complex system can be modeled as a network of hybrid automata, sharing some global variables (including clocks), and synchronizing with a handshake.
• Two automata can execute a transition labeled ‘lab’ if the guards are satisfied at both automata, and in one automaton the transition is label as ‘lab?’ and the other ‘lab!’.
• Verification is done by verifying temporal logic formulas. When a formula is invalid, a counterexample is provided.
UPPAAL
lab?
lab!synchronize