190 likes | 214 Views
This talk discusses the use of hybrid automata, symbolic model checking, and interval numerical methods in the context of the HyTech system. It presents HyTech's algorithm and explores ways to extend its dynamics. Examples, such as a thermostat, demonstrate the shortcomings of HyTech and propose improvements using interval numerical methods. Finally, future work includes investigating the use of interval numerical methods on polyhedra or ellipsoids and redesigning HyTech's input language and implementation.
E N D
Beyond HyTech Presented by:Ben Horowitz and Rupak Majumdar{bhorowit,rupak}@eecs.berkeley.edu Joint work with Tom Henzinger and Howard Wong-Toi.
Structure of this talk • Hybrid automata • Symbolic model checking • HyTech • Interval numerics • HyTech’s algorithm • Extending HyTech’s dynamics • Thermostat example
Hybrid automata • (V, E, X, pre, post, init, flow, jump, inv, Σ)
Symbolic model checking • State space of a hybrid automaton is infinite. • Thus, verification algorithms must be symbolic. • To have a symbolic algorithm, we need: • finite representation of infinite state sets; • Pre, Boolean operations as primitives on state sets.
HyTech • Symbolic model checker for hybrid automata. • Automata must be polyhedral: • flow conditions are polyhedra; • invariants, pre, post, etc. are also polyhedra; • state sets are unions of convex polyhedra; • Pre implemented as polyhedral manipulation.
HyTech cont. • HyTech has been used to verify several realistic examples: • audio control protocol, • steam boiler, • auto engine in cutoff controller mode, • ...
Shortcomings of HyTech • HyTech allows only restrictive dynamics: • polyhedral automata • For example, in the cutoff control study: • dynamics required extensive manual approximation before HyTech could be applied.
Current ways to avoid shortcomings • For a large system, one may: • Simulate via numerical integration: • not appropriate for verification: • may miss events, • round-off errors; • Massage into HyTech-acceptable form: • messy, • time-consuming.
Avoiding shortcomings, cont. • Massaging input with rate translation: • Replace nonlinear x with linear x. • Bound (d/dt)x by upper & lower constants. • Split location v into several locations to yield better approximation.
Massaging input, cont. Thermostat becomes: State explosion!
Our objective • Our aim is to provide both a more direct and a more accurate analysis of hybrid systems. • More direct: dynamics may be modeled directly. • More accurate: bounds obtained are tighter. • We have implemented a prototype.
Interval numerical methods • Arithmetic operators on intervals instead of reals. • [2.7818 , 3.1416] • Numerical ODE solvers available. • ODE solutions lie within validated intervals. • In worst case, solution is unacceptably wide. • But solution is never false.
HyTech’s algorithm • Maintain two sets of regions: • R : already-explored regions, • R’ : to-be-explored regions. • Initially, R = and R’ is the initial region. • while (R’ ): • remove region r from R’, • compute r’s event and time successors S, • add non-visited successors to R’, • R := R { r }.
Our algorithm • Maintain two sets of regions: • R : already-explored region, • R’ : to-be-explored region. • Initially, R = and R’ is the initial region. • while (R’): • remove region r from R’, • compute r’s event and time successors S, • add non-visited successors to R’, • R := R { r }.
r e Computing time successors • Start with: • exit region e, • initial rectangle r. • Use interval numerical integration to compute time successors of r. • Stop when we hit e.
Tighter bounds for thermostat • Using HyTech, it was shown that 0 x 4. • Using a 20-state approximation, HyTech obtains the bounds .28 x 3.76. • Using interval numerical methods, the new HyTech shows that .367 x 3.64.
Nuclear reactor • Example from [ACHH]. • HyTech with old algorithm givest = 2 for controllability. • New Algorithm gives t = 1.55. • Other (small) examples in the HyTech example suite also work.
Future work • Try larger examples, e.g. cutoff control. • Investigate whether interval numerical methods can be used on polyhedra or ellipsoids. • Redesign HyTech’s input language and implementation.