1 / 23

Towards a HOL Framework for the Deductive Analysis of Hybrid Control Systems

This paper discusses the usage of Isabelle/HOL in the analysis of hybrid control systems, focusing on verification of control properties and requirements. It covers topics like PLC languages, differential equations, control loops, and the application of Isabelle/HOL in discrete components, function blocks, real analysis, and differential systems. The text highlights the capabilities and limitations of Isabelle/HOL in modeling and proving in the context of hybrid systems. Future directions include more automation, stronger libraries, and improved theorem proving interfaces.

vlora
Télécharger la présentation

Towards a HOL Framework for the Deductive Analysis of Hybrid Control Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Towards a HOL Framework for the Deductive Analysis of Hybrid Control Systems ADPM’2000 Norbert Völker University of Essex, England

  2. Two Tanks System V0 L V2 V1 Given a controller, verify that the tanks do not overflow and an equilibrium is reached.

  3. The Idea verify properties and requirements Controllers PLC Languages Plants Differential Equations Control Loops Requirements model Isabelle/HOL Model checker ODE solver

  4. HOL • Version of higher order predicate logic designed for mechanical hardware verification. • Polymorphic type system:   ,   ,  list, … • Very expressive due to abstraction and quantification over functions. • Widely studied and well understood logical systems. • Methodology of embedding other formalisms in HOL, for example subsets of VHDL and Java.

  5. Isabelle/HOL • Popular, interactive HOL theorem proving assistant. • Stresses logical safety - avoidance of inconsistency. • Supports safe theory extension by definitions, data types, primitive recursive functions, ... • Comes with libraries: nat, int, real, set, .... • Open and extendible • Proof results from external tools can be imported via oracles.

  6. Discrete Components in HOL a 0 a 1 a 2 a 3   f b 0 b 1 b 2 b 3  stream = (  ) f ::  stream   stream causal f =  g.  n x. take n (f x) = g (take n x) stream operators, LTL operators transition systems, automata

  7. Real Time clock = (   ) constant T :: clock T 0 T 1 T 2 T 3 T 0 T 1 T 2 T 3 Clocks are strictly monotonous, unbounded and start at 0. Conceptual clocks - cycle duration can vary

  8. Function Blocks in HOL • IEC 61131-3 PLC programming languages Structured Text (ST) and Sequential Function Charts (SFC) • Function blocks written in an idealised subset of ST/SFC are mapped to automata in HOL. • Mapping is similar to writing an interpreter in a functional programming language. • Automata are not executed - size is not important as long as there is a compact representation in HOL. • The HOL embedding defines a semantics.

  9. A Verifiable Subset of ST • Restriction to function block level: no configurations, resources, tasks or scheduling • Omission of absolute, global, reference or retentive variables. • Reactive model: actions are atomic • Idealised data types: Int, Bool, String, records, arrays • Disregard of implementation limitations. • Function block invocation has no side effects!

  10. Real Analysis in Isabelle/HOL • Axiomatic type class V of finite-dimensional, normed vector spaces over  • Limits, continuity, differentiation • Type  flow = (  ) • Differentiation operator D:: (:: V ) flow   flow • Lots of elementary lemmas and theorems. • Currently no integration, exp, sqrt, ln, sin, … • Currently 17 K theory files, 95 K proof code files.

  11. Differential Systems in HOL • A differential system (f,x0) without input is a transition system  diffsys = ([,  ]  )   where f is continuous and :: V. • Behaviour is given by the solution of the associated differential equation bhvD ::  diffsys   flow bhvD (f, x0) = ( g. g 0 = x0  D g = f  g) where  is Hilbert’s choice operator. • This does not mean we have solved the ODE.

  12. Plants in HOL   F g 0 g 1 g 2 g 3 g 4 F ::  stream   flow causal F Transition systems (f,y0) f :: [, ]  , y0 ::   a. continuous (f a) g 0 = bhvD (f (x 0), y0) g (n+1) = bhvD (f (x (n+1), g n (T (n+1)))

  13. A Control Loop in HOL B B B         ttc ttp 4,4 tt = feedback (ttp  ttc) 4,4 0 ttc ::  stream  (B B B) stream ttp :: (B B B) stream  (      ) stream

  14. Verification • Use standard Isabelle proof strategies and tools: • induction, case distinctions, algebraic manipulation • conditional term rewriting • proof search algorithms • Problems: • command line user interface • still relatively low level of proofs • real number library not well developed yet • algebraic manipulation often cumbersome • few decision procedures • analytically intractable systems remain intractable in HOL

  15. HOL models of automata, stream operators, LTL operators, PLC language subsets, differential and hybrid systems. The beginnings of a HOL Real Analysis library. Small verification examples (standard function blocks, traffic light, container control) Strong points: Compositional model of hybrid systems as causal functions on stream and flows. Verification lemmas yield understanding Trustworthiness of Isabelle/HOL What’s There

  16. Models of bigger/ more faithful PLC language subsets More automation of HOL modelling and proofs Connection to other tools A better theorem prover front-end. Comprehensive Real Analysis and Control theory libraries Bigger examples Verification of function block libraries An answer to: What contribution can HOL make? What’s Missing

  17. Questions or Comments?

  18. Transition Systems in HOL (,) trsys = ([, ]  )   bhvT :: [(,) trsys,  stream ]   stream bhvT (f,y0) x 0 = y0 bhvT (f,y0) x (n+1) = f (x n) (bhvT (f,y0) x n) Theorem: causal bhvT

  19. Automata in HOL (,,) automaton = (, ) trsys  ([, ]  ) bhvA :: [(,, ) automaton,  stream ]   stream bhvA (S,w) x n = w (x n) (bhvT S x n) Theorem: causal bhvA

  20. S0 SFC Controller Start S1 S V0 T1 S1.T S2 S V1 V0 bool level  T2 S2.T bool V1  time S3 S V2 bool V2 Level  L S4 R V2 L Level

  21. Controller in HOL ttc_autom :: (  ,   , BBB) automaton ttc_autom = ((ttc_tf, (0,0)), ttc_outf ) ttc_tf :: [   ,    ]     ttc_tf (level, t) (step, t0) = if step = 0 then (1,t)else if step = 1  T1 t t0then (2,t)else if step = 2  T2 t t0 then (3,t)else if step = 3  Level  L then (4,t)else if step = 4  Level  L then (3,t)else (step, t0 )

  22. Controller in HOL (continued) ttc_outf :: [   ,    ]  B  B  B ttc_outf (level, t) (step, t0) = if step = 0 then (False,False,False)else if step = 1 then (True, False, False)else if step = 2 then (True, True, False)else if step = 3 then (True, True, True)else (True, False, False)

  23. General Hybrid Systems   g   g :: [  stream,  flow]  stream  flow causal g

More Related