1 / 54

Hybrid Systems Theory

Hybrid Systems Theory. Edited and Presented by Thomas A. Henzinger, Co-PI UC Berkeley. Theories of -composition & hierarchy -computability & complexity. R.

youngfrank
Télécharger la présentation

Hybrid Systems Theory

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Hybrid Systems Theory Edited and Presented by Thomas A. Henzinger, Co-PI UC Berkeley

  2. Theories of -composition & hierarchy -computability & complexity R Theories of -robustness & approximation -probabilities & discounting B Formal Foundation for Embedded Systems needs to combine + Computation Physicality

  3. Continuous Dynamical Systems State space: Rn Dynamics: initial condition + differential equations Room temperature: x(0) = x0 x’(t) = -K·x(t) x x0 t Analytic complexity.

  4. Discrete Transition Systems State space: Bm Dynamics: initial condition + transition relation Heater: off on heat off on t Combinatorial complexity.

  5. x  L x  l x  u x  U Hybrid Automata State space: Bm Rn Dynamics: initial condition + transition relation + differential equations Thermostat: off x’ = -K·x x0 on off x’ = K·(H-x) on t

  6. Four Problems with Hybrid Automata • Robustness • Uncertainty • Compositionality • Computationality

  7. The Robustness Issue Hybrid Automaton Safe x = 3

  8. The Robustness Issue Slightly Perturbed Hybrid Automaton Unsafe x = 3+

  9. Robust Hybrid Automata value(Model,Property): States  B value(Model,Property): States  R Semantics: de Alfaro, H, Majumdar [ICALP 03] Computation: de Alfaro, Faella, H, Majumdar, Stoelinga [TACAS 04] Metrics on models: Chatterjee et al. [submitted]

  10. Boolean-valued Reachability (F Çpre(T))= T T a b c T   c … True or False

  11. max(0, ¢pre(1)) =  1 2  c … between 0 and 1 Real-valued Reachability (F Çpre(T))= T T a b c T   c … True or False discount factor 0 <  < 1

  12. Robust Hybrid Automata Continuity Theorem: If discountedBisimilarity(m1,m2) > 1 - , then |discountedValue(m1,p) - discountedValue(m2,p)| < f(). Further Advantages of Discounting: -approximability because of geometric convergence (avoids non-termination of verification algorithms) -applies also to probabilistic systems and to games (enables reasoning under uncertainty, and control)

  13. Four Problems with Hybrid Automata • Robustness • Uncertainty • Compositionality • Computationality

  14. The Uncertainty Issue Hybrid Automaton A Hybrid Automaton B 1 < y < 3 0 < x < 2 a b

  15. The Uncertainty Issue Composite Automaton A||B more likely a b less likely a,b impossible

  16. Concurrent Games 1,12,2 1,11,22,2 2,11,2 a b c 2,1 player "left"player "right" -for modeling component-based systems (“interfaces”) -for strategy synthesis (“control”)

  17. Concurrent Games 1,1 2,2 1,1 1,2 2,2 2,1 1,2 a b c 2,1 leftright c … player "left" has a deterministic strategy to reach c (X) (c  left right pre(X))

  18. Concurrent Games 1,1 2,2 1,1 1,2 2,2 2,1 1,2 a b c Pr(1): 0.5 Pr(2): 0.5 2,1 leftright c … player "left" has a deterministic strategy to reach cleftright c … player "left" has a randomized strategy to reach c (X) (c  left right pre(X))

  19. Stochastic Games Probability with which player "left" can reach c ? a b c right right 1 2 1 2 left left a: 0.6 b: 0.4 a: 0.5 b: 0.5 a: 0.0 c: 1.0 a: 0.0 c: 1.0 1 1 a: 0.1 b: 0.9 a: 0.2 b: 0.8 a: 0.7 b: 0.3 a: 0.0 b: 1.0 2 2

  20. Stochastic Games Probability with which player "left" can reach c ? 1 1 a b c 0.8 right right 1 2 1 2 left left a: 0.6 b: 0.4 a: 0.5 b: 0.5 a: 0.0 c: 1.0 a: 0.0 c: 1.0 1 1 a: 0.1 b: 0.9 a: 0.2 b: 0.8 a: 0.7 b: 0.3 a: 0.0 b: 1.0 2 2 (X) max(c, left right pre(X))

  21. Stochastic Games Probability with which player "left" can reach c ? 1 1 a b c 0.96 right right 1 2 1 2 left left a: 0.6 b: 0.4 a: 0.5 b: 0.5 a: 0.0 c: 1.0 a: 0.0 c: 1.0 1 1 a: 0.1 b: 0.9 a: 0.2 b: 0.8 a: 0.7 b: 0.3 a: 0.0 b: 1.0 2 2 (X) max(c, left right pre(X))

  22. Stochastic Games Probability with which player "left" can reach c ? 1 1 a b c 1 right right 1 2 1 2 left left a: 0.6 b: 0.4 a: 0.5 b: 0.5 a: 0.0 c: 1.0 a: 0.0 c: 1.0 1 1 a: 0.1 b: 0.9 a: 0.2 b: 0.8 a: 0.7 b: 0.3 a: 0.0 b: 1.0 2 2 Limit gives correct answer: de Alfaro, Majumdar [JCSS 04] coNP Å NP computation: Chatterjee, de Alfaro, H [submitted]

  23. Four Problems with Hybrid Automata • Robustness • Uncertainty • Compositionality • Computationality

  24. automatic (model checking) automatic (compilation) The Compositionality Issue Requirements Verification Model Environment Implementation Resources

  25. no change necessary Composition no change necessary The Compositionality Issue Requirements Verification Component Component Implementation Resources

  26. no change necessary Composition no change necessary The Compositionality Issue Requirements (time, fault tolerance, etc.) Verification Component Component Implementation Resources

  27. no change necessary Composition no change necessary The Compositionality Issue Requirements (time, fault tolerance, etc.) Agent algebras. Interface theories. Verification Component Component Implementation Virtual machines. Resources

  28. Logical Interaction Embedded Controller Embedded Controller … Physical Process Physical Process … Physical Interaction Subsystem 1 Subsystem N Heterogeneous Compositional Modeling Consider hybrid system made up of interacting distributed subsystems: • Physical subsystems coupled through a backbone • Each unit includes ECDs that implement the control, monitoring, and fault diagnosis tasks • Subsystem interactions at two levels: • physical – energy-based • logical – information based, facilitated by LANs Levels are not independent. Question: How does one systematically model the interactions between the subsystems efficiently while avoiding the computational complexity of generating global hybrid models? Implications: reachability analysis, design, control, and fault diagnosis

  29. Four Problems with Hybrid Automata • Robustness • Uncertainty • Compositionality • Computationality

  30. The Computationality Issue Reach Set Computation: system control , initial state Find reach set of all states that can be reached at time t starting in at t0 using open loop control u(t).

  31. Ellipsoidal Toolbox • Calculation of reach sets using ellipsoidal approximation algorithms • Visualization of their 3D projections www.eecs.berkeley.edu/~akurzhan/ellipsoids

  32. Putting It All Together • Robustness • Uncertainty • Compositionality • Computationality

  33. Classification of 2-Player Games • Zero-sum games: complementary payoffs. • Non-zero-sum games: arbitrary payoffs. 1,-1 0,0 3,1 1,0 -1,1 2,-2 3,2 4,2

  34. Classical Notion of Rationality Nash equilibrium: none of the players gains by deviation. 3,1 1,0 (row, column) 3,2 4,2

  35. Classical Notion of Rationality Nash equilibrium: none of the players gains by deviation. 3,1 1,0 (row, column) 3,2 4,2

  36. New Notion of Rationality Nash equilibrium: none of the players gains by deviation. Secure equilibrium: none hurts the opponent by deviation. 3,1 1,0 (row, column) 3,2 4,2

  37. Secure Equilibria • Natural notion of rationality for component systems: • First, a component tries to meet its spec. • Second, a component may obstruct the other components. • For Borel specs, there is always unique maximal secure equilibrium.

  38. Borel Games on State Spaces Synthesis: - Zero-sum game controller versus plant. - Control against all plant behaviors. Verification: - Non-zero-sum specs for components. - Components may behave adversarially, but without threatening their own specs.

  39. Borel Games on State Spaces • Zero-sum games: • Complementary objectives: 2 = :1. • Possible payoff profiles (1,0) and (0,1). • Non-zero-sum games: • Arbitrary objectives 1, 2. • Possible payoff profiles (1,1), (1,0), (0,1), and (0,0).

  40. Zero-Sum Borel Games • Winning: -Winning-1 states s: (9) (8) ,(s) 2 1. - Winning-2 states s: (9) (8) ,(s) 2 2. • Determinacy: • Every state is winning-1 or winning-2. • Borel determinacy [Martin 75]. • Memoryless determinacy for parity games [Emerson/Jutla 91]. (1,0) (0,1)

  41. Secure Equilibria • Secure strategy profile (,) at state s: (8’) ( v1,’ (s) < v1, (s) ) v2,’ (s) < v2, (s) ) (8’) ( v2’, (s) < v2, (s) ) v1’, (s) < v1, (s) ) • A secure profile (,) is a contract: if the player-1 deviates to lower player-2’s payoff, her own payoff decreases as well, and vice versa. • Secure equilibrium: secure strategy profile that is also a Nash equilibrium.

  42. State Space Partition

  43. Computing the Partition hh2ii ( :1Ç2 ) W10 hh1ii ( 1Æ:2 )

  44. Computing the Partition hh2ii (1)2 ) W01 hh2ii ( 2Æ:1 ) W10 hh1ii ( 1Æ:2 ) hh1ii (2)1 )

  45. Computing the Partition hh2ii (1)2 ) hh1ii1 W01 hh2ii ( 2Æ:1 ) U1 W10 hh1ii ( 1Æ:2 ) hh1ii (2)1 )

  46. Computing the Partition hh2ii (1)2 ) hh1ii1 W01 hh2ii ( 2Æ:1 ) U1 W10 hh1ii ( 1Æ:2 ) U2 hh2ii2 hh1ii (2)1 )

  47. Computing the Partition hh2ii (1)2 ) hh1ii1 W01 hh2ii ( 2Æ:1 ) Threat strategies T, T U1 hh2ii:1 hh1ii:2 W10 hh1ii ( 1Æ:2 ) U2 hh2ii2 hh1ii (2)1 )

  48. Computing the Partition hh2ii (1)2 ) hh1ii:2 hh1ii1 hh2ii:1 W01 hh2ii ( 2Æ:1 ) Threat strategies T, T U1 hh1,2ii (1 Æ2 ) W10 hh1ii ( 1Æ:2 ) U2 hh2ii2 Cooperation strategies C, C hh1ii (2)1 )

  49. Computing the Partition hh1ii1 W01 hh2ii ( 2Æ:1 ) U1 hh1,2ii (1 Æ2 ) W00 W10 hh1ii ( 1Æ:2 ) U2 hh2ii2

  50. Generalization of Determinacy Zero-sum games:2 = :1 Non-zero-sum games:1, 2 W1 W00 W01 W11 W2 W10

More Related