Automatic Rectangular Refinement of Affine Hybrid Automata

1
Automatic Rectangular Refinement of Affine Hybrid
Automata
Laurent Doyen ULB
Jean-François Raskin ULB
Tom Henzinger EPFL
FORMATS 2005 Sep 27th - Uppsala
2
Overview

• Automatic analysis of affine hybrid systems

3
Overview

• Automatic analysis of affine hybrid systems
• Example

4
Overview

• Automatic analysis of affine hybrid systems
• Example

Two trajectories
5
Overview

• Automatic analysis of affine hybrid systems
• Example

Affine dynamics
6
Overview

• Automatic analysis of affine hybrid systems
• Example

B
2
4
4
4
3
A
2
2
Affine dynamics
Discrete states

7
Reminder

• Some classes of hybrid automata
• Timed automata ( )
• Rectangular automata ( )
• Linear automata ( )

8
Reminder

• Some classes of hybrid automata
• Timed automata ( )
• Rectangular automata ( )
• Linear automata ( )

9
Reminder

• Some classes of hybrid automata
• Timed automata ( )
• Rectangular automata ( )
• Linear automata ( )
• Affine automata ( )
• Polynomial automata ( )
• etc.

10
Reminder

• Some classes of hybrid automata
• Timed automata ( )
• Rectangular automata ( )
• Linear automata ( )
• Affine automata ( )
• Polynomial automata ( )
• etc.

11
Methodology

• Affine automaton A and set of states Bad
• Check that Reach(A) ? Bad Ø

12
Methodology

• Affine automaton A and set of states Bad
• Check that Reach(A) ? Bad Ø

• Affine dynamics is too complex ?
• Abstract it !

13
Methodology

• Affine automaton A and set of states Bad
• Check that Reach(A) ? Bad Ø

HOW ?
14
Methodology

• 1. Abstraction over-approximation

Affine dynamics Rectangular
dynamics
15
Methodology

• 1. Abstraction over-approximation

Affine dynamics Rectangular
dynamics

Let Then
16
Methodology

• 2. Refinement split locations by a line cut

Line l ?
17
Methodology

• 2. Refinement split locations by a line cut

Line l ?
18
Methodology
Original Automaton
A
A
Yes
Property verified
19
Methodology
Original Automaton
A
A
Yes
(Undecidable)
Property verified
20
Methodology
Original Automaton
A

• using Reach(A)
• using Pre(Bad)

A
No
Yes
(Undecidable)
Property verified
21
Refinement

• 2. Refinement split locations by a line cut
• Which location(s) ?
• Loc1 Locations reachable in the last step
• Loc2 Reachable locations that can reach Bad
• Better replace the state space by Loc2

22
Refinement

• 2. Refinement split locations by a line cut
• Which location(s) ?
• Loc1 Locations reachable in the last step
• Loc2 Reachable locations that can reach Bad
• Better replace the state space by Loc2
• Which line cut ?
• The best cut for some criterion characterizing
  the goodness of the resulting approximation.

23
Notations
24
Notations
25
Notations
26
Notations
27
Goodness of a cut

• A good cut should minimize

• ?

28
Goodness of a cut

• A good cut should minimize

• ?
• ?

29
Goodness of a cut

• A good cut should minimize

• ?
• ?
• ?

30
Goodness of a cut

• A good cut should minimize

• ?
• ?
• ?

Our choice
31
Finding the optimal cut
P
32
Extremal level sets of f(x,y)
P
33
Extremal level sets of g(x,y)
P
34
Example
P
35
Example
P
Then any line separating and is
better than any other line.
36
Example
P
37
Example
P
Any line separating and is better
than any other line.
38
Example
P
Any line separating and is better
than any other line.
39
Example
P
Thus, for every the best line separates and
40
Example
P
Thus, for every the best line separates and
41
Example
P
Thus, for every the best line separates and
42
Example
P
Thus, for every the best line separates and
43
Example
P
When
44
Example
P
When
45
Example
P
46
Example
Intersection
P
When an intersection occurs
The process continues because it is still
possible to separate both from and
from
47
Example
P
48
Example
P
49
Example
P
50
Example
P
51
Example
P
Intersection
When a second intersection occurs
52
Example
P
Intersection
In this case, we have reached the "limit of
separability"
53
Example
P
An optimal cut
54
How to compute the intersection ?
P
55
How to compute the intersection ?
We have to find the minimal ? such that
P
(u,v)
56
How to compute the intersection ?
We have to find the minimal ? such that
P
(u,v)
This is a linear program !
57
The algorithm

• Applies in the plane (2D)
• Several particular cases

58
The algorithm

• Applies in the plane (2D)
• Several particular cases
• What for higher dimension ?
• An option discretize the problem using a grid
• Apply a (more) discrete algorithm
• The exact solution can be arbitrarily closely
  approximated

59
The algorithm

• Applies in the plane (2D)
• Several particular cases
• What for higher dimension ?
• An option discretize the problem using a grid
• Apply a (more) discrete algorithm
• The exact solution can be arbitrarily closely
  approximated

60
The algorithm

• Applies in the plane (2D)
• Several particular cases
• What for higher dimension ?
• An option discretize the problem using a grid
• Apply a (more) discrete algorithm
• The exact solution can be arbitrarily closely
  approximated

61
Navigation benchmark

• In each location, the dynamics has the form

• We cut in the plane v1-v2

62
Navigation benchmark

• In each location, the dynamics has the form

• We cut in the plane v1-v2

63
Results

• NAV 07

• NAV 04

64
Results NAV 04

• Forward

• Backward

65
Results NAV 04

• Forward

• Forward

66
Results NAV 07

• Backward

67
Conclusion

• Approximations
• Rectangular
• Over-approximations

68
Conclusion

• Approximations
• Rectangular
• Over-approximations
• Refinements
• Automatic
• Optimal split for some criterion (at least in 2D)

69
Conclusion

• Approximations
• Rectangular
• Over-approximations
• Refinements
• Automatic
• Optimal split for some criterion (at least in 2D)
• Possible future work
• Under-approximations
• Optimal split for some other criterion
• Combine with other approaches (barrier
  certificates, ellipsoïds, )

70
References

• FI04 A. Fehnker and F. Ivancic. Benchmarks for
  hybrid systems verification. In HSCC 2004, LNCS
  2993, pp 326-341.
• Fre05 G. Frehse. Phaver Algorithmic
  verification of hybrid systems past hytech. In
  HSCC 2005, LNCS 3414, pp 258-273.