Massachusetts Institute of Technology
Dagstuhl 2010
Verification of Hybrid Systems
Andreas Hofmann and Brian Williams
.
Validation Problem Statement
• Probabilistic Certificate of Validation
– Probability that a particular design will successfully pass a
use case, or set of use cases.
• Examples: probability that a vehicle
– will move at a top speed > 60 mph for one hour;
– will accelerate to 60 mph in less than 3 seconds;
– will successfully execute a mission plan in an allotted time.
Validation: Problem Statement
• Given a use case expressed as a flexible plan, Q ,
• a plant model, M, representing the dynamic behavior
of a design,
– also includes disturbance model
– also represents actuation limits
• Compute probabilistic certificate of validation
Pvalid Q M 
• Problem is related to, but distinct from Controller
Synthesis Problem (derive C given Q , M )
• Also distinct from problem of finding a single
trajectory that satisfies Q and M
Example Use Case
• Use case represented as a Qualitative State Plan (QSP)
– Events, episodes, temporal constraints
– Episodes have state-space constraints on initial, goal, and operating regions
Operating Constraints
Goal Constraints
Accelerate
Maintain speed
Brake
Steer 1
Steer 2
Steer 3
Top speed
reached
(x’ > 200)
Finish line crossed
(x > 1300)
Stopped
(x’ = 0)
Stay in lane
(ymin < y <
ymax)
Stay in lane
(ymin < y < ymax)
Stay in lane
(ymin < y <
ymax)
x is forward position
y is lateral position
Example Plant Models
x  Ax   Bu 
•
•
Aerodynamic resistance, rolling resistance, resistance due
to grade
Actuation limits
•
Tractive force limited by coefficient of friction with
ground, normal load
•
Also by engine torque, gearing
•
x  [ x, x , y, ]T
u  [ x,  ]T
 x 
0
A x    
 x 
 
0
Hybrid discrete/continuous
0
 x
Bu    
0
 
 
Disturbance Model
• Incorporated into Plant Model
– Noise with arbitrary distribution at the input.
– w is noise signal with arbitrary probability distribution.
Uncertainty via Stochastic Models
Continuous state
x c ,t
 xt 
y 
  t
 xt 
 
 y t 
(x0,y0)
Obstacle 1
Random initial state
Obstacle 2
Goal Region
Continuous dynamics
xx
~ fp(u
xct ,,0x)c,t )
c,tc,10 
xc,t 1  f (ut , xc,t )
7
Uncertainty via Stochastic Models
Continuous state
x c ,t
 xt 
y 
  t
 xt 
 
 y t 
(x0,y0)
Obstacle 1
Obstacle 2
Goal Region
Continuous dynamics
xc,0 ~ p(xc,0 )
xxc,ct,t11 ff(u
(ut ,t ,xxc,ct,,t) t )
 t ~ p( t )
Random disturbance process
8
Uncertainty via Stochastic Models
Continuous state
x c ,t
 xt 
y 
  t
 xt 
 
 y t 
Obstacle 1
Obstacle 2
Goal Region
Continuous dynamics
xc,0 ~ p(xc,0 )
xc,t 1  ft (ut , xc,t , t )
 t ~ p( t )
9
Robust Control
• “Find optimal, robust sequence of control actions”
Obstacle 1
Obstacle 1
Obstacle 2
Obstacle 2
Goal Region
Goal Region
p(failure) ≤ δ
Optimal but not Robust
Optimal and Robust
Robustness expressed using chance constraints
- Operator specifies maximum probability of failure δ
10
Problem: Synthesize Controller for a Biped that is
Robust to Disturbances
Example QSP for Biped
start
finish
[t_lb, t_ub]
CM
Qualitative
State Plan
left
toe-off
lf l1
Left
Foot
cmcm1
lf l 2
right
toe-off
rf  r1
right
heel-strike
Right
Foot
Compute u such that
resulting state
trajectory satisfies plan
-state constraints
-temporal constraints
left
heel-strike
rf  r 2
rf  r 2
Plant
u?
CM des
x  f x, u 
hx, u   0
Flow Tubes for Center of Mass
y
t
y
Fwd.
CM
y
y
t
Lat.
CM
Transform Stochastic Plant Model
into an Equivalent Deterministic One
• Use set bounds to represent hard limits on noise disturbance.
• Set bounds cover n of noise distribution.
• Set bounds on input noise translate to safety bounds on input.
• Corresponding safety bounds on state trajectories must be determined.
Compute Reach Sets
• Perform deterministic reach set analysis on QSP using plant model with
input noise set bounds.
– Start from goal region.
– Compute backward reach sets for each time increment back from goal.
•
Polytope for time t(k-j) represents all states (and control inputs) on feasible trajectories at j
time increments before goal time.
– Feasible with probability Psuccess
Relation Between State and Duration
t

y
t

y
y
y
Fwd.
CM
Lat.
CM
y
y
Controllable
initial region
Controllable
initial region
Goal region
Goal region
y
y
Key Questions
t

y
t

y
y
y
y
y
Controllable
initial region
Controllable
initial region
Goal region
Goal region
y
•
•
•
How do disturbances affect activity state and duration?
How much state and temporal flexibility, and actuation capability is necessary to
achieve desired probabilistic certificate?
How can compile time verification be leveraged for runtime verification and
control?
y