Approximate Abstraction for Verification of Continuous and

Hybrid Systems

Antoine Girard

Guest lectureESE601: Hybrid Systems

03/22/2006

Antoine.Girard@imag.fr

VERIMAG

Hybrid Systems

• General modeling framework for complex systems :- continuous dynamics (ode, pde, sde) - discrete dynamics (automata, Markov processes)

• Several applications including embedded systems :- design : computer = automata, continuous environment - implementation : integrated circuits, analogical et numerical components

• These systems are generally :- structured (hierarchical modeling/architecture)- large scale systems (numerous continuous variables) - safety critical (plane, subway, nuclear power plant)

Algorithmic Verification

• Algorithmic proof of the safety of a system:

No trajectory of the system can reacha set of unsafe states.

• Initially on the software part [1980 - …] : - verification of discrete systems, Model Checking - for some properties, one cannot ignore the continuous dynamics

• Verification of continuous and hybrid systems [1995 - …] : - exhaustive simulation of systems using set valued computations techniques. - central notion reachable set : subset of the state space, reachable by the trajectories of the system from a subset of initial states.

Reachability Analysis

• Computation of the reachable set : - exactly for some very simple classes of systems Piecewise constant differential inclusions, some linear systems - approximately for other classes (over-approximation algorithms)

• Over-approximation algorithms Set-based simulation + numerical errors:

- Polytopes [Asarin, Dang, Maler; Krogh et.al.; Girard] - Ellipsoids [Kurzhanski, Varayia]

ReachInit

Unsafe

Complexity Barrier

Computational cost of the reachable set is a major issue !

100

10

Linear systems Piecewise affine systems

Nonlinear systems Hybrid systems

Model Complexity

Dimension of the continuous state space

Complex system

Abstraction

• Notion of system approximation :

S2 is an abstraction of S1 iffevery trajectory of S1 is also a trajectory of S2.

• Hybridization : Approximation of complex continuous dynamics by simpler hybrid dynamics. [Asarin, Dang, Girard; Lefebvre, Gueguen; Frehse]

• Dimension reduction [Pappas et.al.; van der Schaft]

• If S2 is safe then S1 is safe : Unsafe)Reach(SUnsafe)Reach(S 12

Analysis of complex systems

Abstraction methods for complexity reduction of systems.

100

10

Linear systems Piecewise affine systems

Nonlinear systems Hybrid system

Model complexity

Dimension of the continuous state space

Complex system

Abstraction

Dimension reduction

Hybridization

Outline

1. Abstraction and Approximation :

- Simulation relation

- Approximate simulation relation

2. Approximate simulation relations for continuous systems.

3. Approximate simulation relations for hybrid systems.

Simulation Relations

• Local characterization of trajectories inclusion.

• Simulation relation R X1 x X2 :

• If for all initial state x1 of S1 there exists an initial state x2 of S2

such that (x1,x2) R then S2 is an abstraction of S1.

R.)'x,'(x that such ,'xx ,S of transition a exists there

,'xx ,S of transition every For 2.

)(xg)(xg 1.

then R,)x,(x If

21222

111

2211

21

Y)(xgy 111

1S

11 Xx Y)(xgy 222

2S

22 Xx

From Abstraction to Approximation

• Trajectories inclusion is well suited to discrete systems.

• For continuous and hybrid systems, it is restrictive :

Natural topology on the state space

Distance between the trajectories seems more appropriate

• Thus, S2 is an approximate abstraction or approximation of S1 if

For every trajectory of S1, there exists a trajectory of S2 such that the distance between the trajectories remains bonded by

• is the precision of the approximation ( = 0, abstraction).

A Useful Notion for Verification

• If S2 is an approximation of S1 of precision :

• Therefore,

• The safety of S1 can be proved using an approximation S2.

δ)),N(Reach(S)Reach(S 21

Unsafe)Reach(Sδ)N(Unsafe,)Reach(S 12

Unsafe

)Reach(S2 )Reach(S1

Unsafe

Approximate Simulation Relation

• Local characterization of the notion of approximation.

• Approximate simulation relation of precision , R X1 x X2 :

• If for every initial state x1 of S1 there exists an initial state x2 of S2 such that (x1,x2) R, then S2 is an approximation of S1 of precision .

R.)'x,'(x que telle ,'xx ,S of transition a exists there

,'xx ,S of transition every For 2.

δ))(xg),(xd(g 1.

then R,)x,(x If

21222

111

2211

21

- A. Girard, G.J. Pappas, Approximation metrics for discrete and continuous systems, IEEE TAC, accepted 2006.

Y)(xgy 111

1S

11 Xx Y)(xgy 222

2S

22 Xx

Outline

1. Abstraction and Approximation :

- Simulation relation

- Approximate simulation relation

2. Approximate simulation relations for continuous systems.

3. Approximate simulation relations for hybrid systems.

(t)y1

(t)y2

1S

2S

(t))(xg(t)y

D(t)d (t)),d(t),xf(t)x

111

111111

(

(t))(xg(t)y

D(t)d (t)),d(t),(xf(t)x

222

222222

Simulation Functions

1,2.i ,R y,I(0)x ,Rx piii

ni

i

0)d,(xfx

)x,q(x)d,(xf

x)x,q(x

minmax

)(xg)(xg)x,q(x

2222

21111

1

21

DdDd

2

221121

2211

is a simulation function if)x,q(x)x,V(x 2121

A. Girard, G.J. Pappas, Approximate bisimulations for constrained linear systems, CDC 2005.

A. Girard, G.J. Pappas, Approximate bisimulations for nonlinear dynamical systems, CDC 2005.

Simulation Functions

• Simulation functions define approximate simulation relations:

• Particularly,

• Let

then S2 is an approximation of S1 of precision .

δ precision of relation simulation eapproximat an is

δ)x,V(x )x,(x R

then function simulation a isV If

2121

- A. Girard, G.J. Pappas, Approximation metrics for discrete and continuous systems, IEEE TAC, accepted 2006.

relation simulation a is 0)x,V(x )x,(x R 2121

),x,V(xminmaxδ 21IxIx 2211

(t)y1

(t)y2

1S

2S

11

21321

.

3

23212

.

13211

.

z y

uu2z3z 2z z

u4z z 3z z

u7z7z-8zz

x y

d x -x

2

.

1,1][d

,2][u 1,1],[u 21 0

5}x(0){5.5I 2 .8

1}(0)z(0)z-(0)z1

-3,(0)z2- 8,(0)z{6I

321

211

Simulation function:2

322

1321321 x)z(zx)(zx),z,z,q(zx),z,z,V(z

Example

Indeed,

and

Then,

Since Reach(S2) = (-1,8.5],

21

232

21321 x)(zx)z(zx)(zx),z,z,q(z

d)2x)(uzz2(z

x)zz4(2zxxq

zzq

zzq

zzq

1321

23213

32

21

1

2

1V min max

21 II

9.21] 1.71,[)Reach(S1

Example

(t)y1

(t)y2

1S

2S

0 Bd)q(x).(Ax inf sup

CxCx)x,q(x

2211DdDd

TT21

(t)xC(t)y

D(t)d (t),dB(t)xA(t)x

111

1111111

(t)xC(t)y

D(t)d (t),dB(t)xA(t)x

222

2222222

, C|CC ,A0

0AA ,

x

xx 21

2

1

2

1

. B0

0BB ,

d

dd

2

1

2

1

Linear Systems

is a simulation function if)x,q(x)x,V(x 2121

• We look for simulation functions of the form

• Decomposition of the approximation error: transient /asymptotic

• Characterization

0. 0,M , ,MxxmaxV(x) T

MBuxinfsupsup1

0M2MAMA

CCM

T

DdDd1Mxx

T

T

2211Tλ

α

λ

For a λ > 0.

Truncated Quadratic Functions

A. Girard, G.J. Pappas, Approximate bisimulations for constrained linear systems, CDC 2005.

Truncated Quadratic Functions

• Universal for stable linear systems :

Two stable linear systemsare approximations of each other.

(though the precision may be very bad)

• Characterisation allows algorithmic computation of simulation functions.

• Generalizable to non-stable systems :

Two linear systems with identical unstable subsystemsare approximations of each other.

MATISSE

• MATLAB toolbox

• Functionalities:

- Computation of a simulation function between a system and its projection.

- Evaluates the precision of the approximation of a system by its projection.

- Finds a good projection of a system (for a given dimension).

- Reachability computations based on zonotopes.

• Available from

http://www.seas.upenn.edu/~agirard/Software/MATISSE/index.html

Metrics for Approximate TransItion Systems Simulation and Equivalence

MATISSE

Example of application: safety verification of a 10 dimensional system

Metrics for Approximate TransItion Systems Simulation and Equivalence

10 dimensionaloriginal system

5 dimensionalapproximation

7 dimensional approximation

Outline

1. Abstraction and Approximation :

- Simulation relation

- Approximate simulation relation

2. Approximate simulation relations for continuous systems.

3. Approximate simulation relations for hybrid systems.

Hybrid Systems

l1,1l1,1

1l1,1

11l1,1

Inv(t)x ,D(t)d

(t))(xg(t)y

(t))d(t),(xf(t)x

l'1,1l'1,1

1l'1,1

11l'1,1

Inv(t)x ,D(t)d

(t))(xg(t)y

(t))d(t),(xf(t)x

))(t(xR:)(tx ,G)(tx 1e1,1e1,1

))(t(xR:)(tx ,G)(tx 1e'1,1e'1,1

Hybrid automaton H1 of the type:

(t))y(t),(l :by observed is system The

I{l}I :states initial of Set

11

Lll1,1

Approximation of Hybrid Systems

Approximation H2 of the hybrid automaton H1:

• Metrics on the set of observations

• H1 et H2 have the same discrete structure- same underlying automaton- approximation of the continuous dynamics

l'l if

l'l if y'y)y',(l'y),(l,d

Approximation of Hybrid Systems

l2,2l2,2

2l2,2

22l2,2

Inv(t)x ,D(t)d

(t))(xg(t)y

(t))d(t),(xf(t)x

l'2,2l'2,2

2l'2,2

22l'2,2

Inv(t)x ,D(t)d

(t))(xg(t)y

(t))d(t),(xf(t)x

))(t(xR:)(tx ,G)(tx 2e2,2e2,2

))(t(xR:)(tx ,G)(tx 2e'2,2e'2,2

H2 approximation of H1 of the form:

(t))y(t),(l :by observed is system The

I{l}I :states initial of Set

22

Lll2,2

Approximation of the Continuous Dynamics

• For each mode lL, the continuous dynamics of H1 is approximated.

• We compute a simulation function

• We define a notion of neighborhood

0)d,(xfx

)x,(xq)d,(xf

x)x,(xq

minmax

)(xg)(xg)x,(xq

22l2,2

21l11l1,

1

21l

DdDd

2

2l2,1l1,21l

l2,2l1,1

: )x,(xq)x,(xV 21l21l

.δ)x,(xV|xδ),(xN 21l21l

• Simulation relation of the form :

of precision δ=max(δ1, … , δ|L|).

• Sufficient conditions :

• If then H2 is an approximation of H1 of precision δ=max(δ1, … , δ|L|).

Approximate Simulation Relationsfor Hybrid Systems

)'x,'(xVminmaxmaxδE,)l'(l,e(3)

G)δ,(GNE,)l'(l,e(2)

Inv)δ,(InvNL,l(1)

21l')(xR'x)(xR'x

δ)x,(xVGx

l'

e2,le1,l

l2,ll1,l

2e2,21e1,1

l21l

e1,1

l21l212211 δ)x,(xVl,ll|)x,l,x,(lR

),x,(xVminmaxδ L,l 21lIxIx

ll2,2l1,1

A. Girard, A.A. Julius, G.J. Pappas, Approximate simulation relations for hybrid systems, ADHS 2006, submitted.

Example

1x RxInv

,0.1,0.1-d(t)

x(t)Cy(t)

d(t)Bx(t)A(t)x

14

1

1

11

))(x(tR:)x(t

,1x1RxG

1,2

14

1,2

{0}0.9,1.14,54,5{1}I :states initial of Set 1

2

2

2

22

RInv

,1,1.1d(t)

x(t)Cy(t)

d(t)Bx(t)A(t)x

.10

01C ,

5

10B ,

10

10.5A

,

00

00

10

01

C ,

0

0

1

0

B ,

0.7800

80.700

010.53

0030.5

A

T222

T111

Example

The first dynamics (dimension 4) is approximated by a 2 dimensional dynamics.

Original system Approximation

Extensions

• Methods for the computation simulation functions for continuous nonlinear systems (SOS programs)

• Theoretical framework and aglorithms for approximation of stochastic hybrid systems

A. Girard, G.J. Pappas, Approximate bisimulations for nonlinear dynamical systems, CDC 2005.

A.A. Julius, A. Girard, G.J. Pappas, Approximate bisimulation for a class of stochastic hybrid systems, ACC 2006.

A.A. Julius, Approximate abstraction of stochastic hybrid automata, HSCC 2006.

• Unified (discrete/continuous/hybrid) framework for system approximation.

• Approximation as a relaxation of the notion of abstraction:- distance between trajectories rather than an inclusion relation.- allows additional simplifications.

• Approach based on simulation functions- Lyapunov-like characterization - Algorithms (LMIs, SOS, Optimization)

• Framework suitable for safety verification of complex systems.

Conclusion