1 / 34

Controller Synthesis for Discrete and Timed Systems

Controller Synthesis for Discrete and Timed Systems. Stavros Trypakis (joint work with Karine Altisen). Controller Synthesis. Given a controller embedded in a certain environment , and a property , restrict the controller so that the property

boddie
Télécharger la présentation

Controller Synthesis for Discrete and Timed Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Controller Synthesisfor Discrete and Timed Systems Stavros Trypakis (joint work with Karine Altisen)

  2. Controller Synthesis Given a controller embedded in a certain environment, and a property, restrict the controller so that the property is satisfied, no matter how the environment behaves. Properties: • Invariance: the controller keeps the system inside • a set of safe states. • Reachability: the controller leads the system to • a set of targetstates.

  3. x <= 1 x <= 0 Synthesizing a controller for a rail crossing approach! is_up far near lower? y <= 1 x >= 1 y := 0 x <= 5 x := 0 up! down! enter! exit! y >= 1 x > 2 raise? x := 0 y <= 2 y := 0 in is_down Train Gate Environment approach? Invariance: in  is_down Controller lower! raise! exit?

  4. Scheduling periodic tasks with deadlines ready1! ready2! idle wait idle wait x1[9,11] x2[7,10] x1 := 0 x2 := 0 start1? start2? end1! end2! y1 := 0 y2 := 0 y1[2,3] error y2[1,2] error x1 > 5 x2 > 4 missed! missed! exec exec Task 1 Task 2 Environment Processor start1! start2! Invariance:  error end1? end2? • Synthesized controller corresponds to scheduler.

  5. … Controller synthesis for discrete systems • Model : finite graph with edges labeled • controllable - uncontrollable. • similar to 2-player games :

  6. 1st strategy : 2nd strategy : Strategies • Strategy : sub-graph containing, for each node, • at least one controllable • and alluncontrollablesuccessors.

  7. Winning strategies (invariance) • Invariance of a property P : • all nodes of the strategy satisfy P. winning strategy w.r.t. invariance of P P

  8. Winning strategies (reachability) • Reachability of a property P : • all paths of the strategy eventually • reach a node satisfying P. P winning strategy w.r.t. reachability of P P

  9. Computing winning nodes with fix-points • contr-pre(S) : set of nodes which have at least one • controllable successor in S and all uncontrollable • successors in S. • Invariance of P : gfp X . P  contr-pre(X) • Reachability of P : lfp X . P  contr-pre(X)

  10. Computing winning strategies on-the-fly • Perform a forward DFS on the graph : - nodes/edges are inserted in the strategy during exploration - ensure that for each node included in the strategy, all u-succs and at least one c-succ are also in the strategy - stop at already visited nodes - as soon as the first strategy is found, it is returned • For invariance: - nodes initially marked “maybe”, potentially changed to “no” - strategy exists if initial node remains “maybe” till the end • For reachability: - nodes initially marked “maybe”, potentially changed to “yes” - strategy exists if initial node changes to “yes” at the end • Back-tracking may be necessary.

  11. BAD … Illustration of on-the-fly algorithm P • Reachability of P: • Back-tracking:

  12. t t Controller synthesis for timed systems • Model : timed automata with discrete transitions • labeled controllable - uncontrollable. … • Additional feature: • time transitions. … • Condition for strategy: if in the original • graph, then, in the strategy sub-graph: - either t’ - or for some t’ < t

  13. Controller synthesis for timed systems • Winning strategies and contr-pre( ) operator • defined similarly. • Winning nodes computed by fix-points. • Implemented in Kronos. • Problems: • - costly operations (non-convex polyhedra) • - algorithm not on-the-fly (unreachable states, etc) • - sometimes Zeno controllers Alternative: use the on-the-fly algorithm on the time-abstracting quotient graph.

  14. The Time-abstracting Bisimulation Equivalence on TA states:   s1 s2 s1 s2 a a t1, t2  R t1 t2   s3 s4 s3 s4 Preserve discrete state changes. Abstract exact time delays.

  15. Q1 pre (Q2) = Q1 Q1 pre (Q2) = Q1 a time The Time-abstracting Quotient Graph • The quotient induced by the greatest time-abstracting • bisimulation defined on the TA. • Finite symbolicgraph: • - Nodes = symbolic states(equivalence classes). • - Edges = symbolic transitions(discrete and time). • Basic property: pre-stability  a t a s1 s2 s1 s2 Q1 Q2 Q1 Q2

  16. (near, going up, 1, 1 < x <= y <= 2 z < x+1) Example of Quotient graph  up approach approach up    enter  lower up lower lower lower   enter exit up down down down down down down    enter exit raise raise  raise   approach

  17. How to apply the untimed algorithmto the time-abstracting quotient graph 1. Remove all  edges which can be obtained by reflexive-transitive closure. 2. All remaining  edges are labeled controllable. Justification: The controller can choose to let time pass or issue before moving to next node. Case 1: The controller has no choice but to let time pass. Case 2:

  18. Example of on-the-fly algorithm  up approach approach up    enter  lower up lower lower lower   enter exit up down down down down down down    enter exit raise raise  raise   approach

  19. Still … • Implementation … • Extend algorithm to more general properties • (liveness). • Method not fully on-the-fly: Quotient graph minimization On-the-fly algorithm TA Controller pre-stability of quotient graph essential for correctness  cannot use forward reachability graph… 

  20. Analysis with Time-abstracting Bisimulations s2 s3 s4 ... s5 Timed Büchi Automata model checking DFS for cycles or SCCs in the quotient graph Verification on the Quotient graph:Linear-time Every cycle in the quotient graph contains an infinite run and vice versa. Q1 Q2 Q3 Q4 s1

  21. Analysis with Time-abstracting Bisimulations  s1 s2 s5  1 s6 2  s3 s4 TCTL model checking CTL model checking in the quotient graph Verification on the Quotient graph:Branching-time If s1  s2, then for any TCTL formula , s1 satisfies  iff s2 satisfies . Due to determinism of time.

  22. Plan • Analysis with the Time-abstracting Bisimulation • On-the-fly Verification • Diagnostics • Controller Synthesis • Implementation • Case studies • Conclusions and Perspectives

  23. Controller Synthesis • Timed case: - Model: TA with discrete actions labeled controllable-uncontrollable - Semantics: dense strategies (time transitions ?)   c u s s Controller Synthesis • Untimed case: u c u - Model: graph with edges labeled controllable - uncontrollable. c c ... ... - Semantics: strategy = sub-graph containing, for each node, at least one controllable and alluncontrollablesuccessors

  24. Controller Synthesis c  u Q s Controller Synthesis using Fix-points • controllable-predecessor operator contr-pre(Q) = • all states from which the system can be led to Q, • no matter how the environment behaves. • compute winning states as fix-points of contr-pre( ). • obtain controller = intersect TA with winning states. • method costly (complementation in contr-pre( ), • fix-point computes maximal strategy).

  25. Controller Synthesis On-the-fly Controller Synthesis • on-the-fly algorithm for theuntimed case: • - a DFS is used to find a strategy • - the algorithm stops as soon as first strategy is found • untimed algorithm can be used for timed synthesis, too:

  26. Plan • Analysis with the Time-abstracting Bisimulation • On-the-fly Verification • Diagnostics • Controller Synthesis • Implementation • Case studies • Conclusions and Perspectives

  27. Implementation Full TCTL model checking TBA model checking Safe TCTL model checking Minim. Controller Synthesis Reachability Matrix library Implementation in Kronos initial partition TA TA P, <=k P, ... TA ...  P, P  P (On-the-fly) Parallel Composition TA TBA Quotient Graph Yes/No, diagnostics Restricted TA (controller) Yes/No, diagnostics  Aldebaran: - reduction/comparison - model checking - simulation/visualization

  28. Implementation TA network + discrete shared vars. + message passing model.c Kronos-Open generator C-compiler Open-Caesar’s graph library exhibitor Optimized polyhedra library simulator evaluator Connection of Kronos to Open-Caesar interface to Open-Caesar input: model code generation -calculus formula Yes/No + untimed diagnostics Yes/No + untimed diagnostics regular expression Simulation graph State formula -Reachability + timed diagnostics - TBA model checking. profounder TBA

  29. Plan • Analysis with the Time-abstracting Bisimulation • On-the-fly Verification • Diagnostics • Controller Synthesis • Implementation • Case studies • ConclusionsandPerspectives

  30. Case studies Case Studies • FRP/DT protocol(project with CNET, Lannion) • - found inconsistency error(known to designers) • Multimedia documents(from INRIA project OPERA) • - modeled documents as Timed Automata • - checked executability (model checking) • - computed schedulers (controller synthesis) • Bang&Olufsen protocol (from previous case study by Uppaal) • - found error not reported in Uppaal case study • Benchmarks: STARIchip, Fischer’sprotocol, • CSMA/CD protocol, FDDIprotocol, Philips protocol

  31. Case studies Experiences: performance • improved performance in benchmarks, • often by many orders of magnitude. • tools and techniques able to handle • real-world case studies: - Bang&Olufsen: 30 discrete variables, large constants simulation graph = 10 symbolic states, 15 mins, 300 MB counter example = 1500 steps long, 20 secs 7 - STARI: 30 clocks, 60 boolean variables • often bottleneck is discrete state space

  32. Case studies Experiences: comparison of methods Techniques are complementary Quotient graph Simulation graph Case study time (secs) time (secs) nodes edges nodes edges Fischer 22,085 122,804 1,000 164,935 457,799 1,060 Real-time scheduling 929 1,503 70 10,839 22,382 150 Philips 503 1,001 3 194 488 1 CSMA/CD 481 875 1 60 96 1

  33. Conclusions Conclusions Practicality not measured only in seconds, megabytes • Expressive models : • - discrete variables (Kronos-open) • - different property-specification formalisms (TBA, TCTL) • Variety : • - of problems (model checking, controller synthesis) • - of techniques (on-the-fly, using untimed tools) • - of feedback (symbolic/timed diagnostics, controllers) • Case studies : source of inspiration.

  34. Perspectives Perspectives • Controller synthesis: • - more properties (e.g., liveness) • - more efficient techniques (e.g., completely on-the-fly) • Performance: • - homogeneous representation of discrete and • continuous state space (e.g., BDDs + polyhedra) • - adaptation/combination with untimed techniques • reducing interleavings (e.g., partial orders) • Methodology for correct & efficient modeling: • - domain-specific guidelines • - composition theory

More Related