multiple shooting cegar based falsification for hybrid systems n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Multiple Shooting, CEGAR-based Falsification for Hybrid Systems  PowerPoint Presentation
Download Presentation
Multiple Shooting, CEGAR-based Falsification for Hybrid Systems 

Loading in 2 Seconds...

play fullscreen
1 / 35

Multiple Shooting, CEGAR-based Falsification for Hybrid Systems  - PowerPoint PPT Presentation


  • 132 Views
  • Uploaded on

Multiple Shooting, CEGAR-based Falsification for Hybrid Systems . Jyotirmoy Deshmukh James Kapinski. Aditya Zutshi Sriram Sankaranarayanan. Hybrid Systems. Discrete Controller. Sense. Actuate. Safety Critical !. Physical System (plant). Falsification. Error?. System Description.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

Multiple Shooting, CEGAR-based Falsification for Hybrid Systems 


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
multiple shooting cegar based falsification for hybrid systems

Multiple Shooting, CEGAR-based Falsification for Hybrid Systems 

Jyotirmoy Deshmukh

James Kapinski

Aditya Zutshi

Sriram Sankaranarayanan

hybrid systems
Hybrid Systems

Discrete Controller

Sense

Actuate

Safety Critical !

Physical System (plant)

slide3

Falsification

Error?

System Description

ErrorStates

Initial States

t

Is there a trajectory from an initial state to an error state?

system description
System Description

Most systems do not have Hybrid Automaton models!

Mode 1

Mode 2

Simulink/Stateflow

X, t

X’

SIM(X,t)

X’

X

t

Hybrid Automaton Model

[Alur, Henzinger, Lygeros, Sastry, Tomlin,…]

single shooting
Single Shooting

SIM(X,t)

System Description

Inefficient in the presence of

non-linearitiesand discrete updates

Error States

Initial States

S-Taliro: [Fainekos, et al.]

BREACH: [Donze’]

RRT: [Bhatia et al., …]

multiple shooting
Multiple Shooting
  • Explore trajectory space
  • Narrow gaps iteratively

Proposed Solution

CEGAR

Error

States

Gaps

Initial States

contributions
Contributions

Multiple Shooting CEGAR

(Counter Example Guided Refinement)

Trajectory

segment

Abstract

path

B

Narrowing

of gaps

Refinement

A

  • Grid based Abstractions

Verification of Hybrid Systems Based on Counterexample-Guided Abstraction Refinement

[Clarke, Fehnker, et al.]

scatter and simulate
Scatter and Simulate
  • Grid based Abstractions
  • Induced by norm

Fundamental question in abstractions:

A  B ?

Scatter & Simulate

B

  • Explicit Abstractions
  • Black Box: No system dynamics
  • Complex dynamics
  • Curse of Dimensionality

A

multiple shooting cegar
Multiple Shooting & CEGAR

Compute

Explore it using scatter & simulate

  • Search Error Paths
  • Trade soundness for efficiency.
  • Find a subset of paths.

Assume implicit abstraction

Enumerate error paths

Check for concrete paths

Error Paths

done

Refineabstraction using CEGAR

Assume a finer abstraction

Compute

multiple shooting cegar1
Multiple Shooting & CEGAR…

Compute

Explore it using scatter & simulate

  • Refine by CEGAR
  • Examine abstract error paths
    • Entire path
    • Initial cell

Assume implicit abstraction

Enumerate error paths

Check for concrete paths

Error Paths

done

CEGAR

Finer grid size

Assume a finer abstraction

Compute

scatter and simulate1
Scatter and Simulate

Compute

Get cell from Q

Sample cell

Error States

Cell

Queue

Simulate for

Initial States

Identify reached cells

If new, add cell to Q

Error Paths

Enumerate error paths

refinement
Refinement

CEGAR

Refine Grid

Error Paths

Compute

Scatter & Simulate

New Error Paths

Enumerate error Paths

concretization
Concretization
  • Described procedure can run forever
    • Only comes up with

segmented trajectories

    • No termination guarantee

due to numerical errors

  • Solution
    • interleave Concretization:

Use random testing

on refined initial cells

Scatter &Simulate

Done!!

Concretize

CEGAR

demo van der pol iteration 1
DemoVan der Pol – iteration 1

Plot of Scatter & Simulate

Intial Set with initial cells

demo van der pol iteration 2
DemoVan der Pol – iteration 2

Plot of Scatter & Simulate

Intial Set with initial cells

demo van der pol iteration 3
DemoVan der Pol – iteration 3

Plot of Scatter & Simulate

Intial Set with initial cells

demo van der pol iteration 4
DemoVan der Pol – iteration 4

Plot of Scatter & Simulate

Intial Set with initial cells

demo van der pol iteration 5
DemoVan der Pol – iteration 5

Plot of Scatter & Simulate

Intial Set with initial cells

experiments

14 Cont. States

625 Modes

Experiments
  • Van Der Pol
  • Lorenz
  • Brusselator
  • Bouncing Ball
  • Bouncing Ball + SHM
  • Constrained Pendulum
  • Navigation 30(mod.)
  • Idle Speed Controller
  • MPC
  • Glucose Insulin
  • Quadcopter(mod.)
  • Cardiac

Academic Examples

  • Cont. States: 2-14
  • Modes: 0-625

Complex Benchmarks

comparison
Comparison

Random Testing

  • Van Der Pol
  • Lorenz
  • Brusselator
  • Bouncing Ball
  • Bouncing Ball + SHM
  • Constrained Pendulum
  • Navigation 30(mod.)
  • Idle Speed Controller
  • MPC
  • Glucose Insulin
  • Quadcopter(mod.)
  • Cardiac

Light-weight

Scatter and Simulate

S-Taliro

dReach

Exhaustive

S-Taliro: [Fainekos, et. Al.]dReach: [Gao, et. Al. ]

experimental setup

Times are hard to compare!

Experimental Setup

Random Testing

S-Taliro

Scatter & Sim.

  • Random Testing
  • Use random testing to synthesize safety properties when they don’t exist
  • Run 100,000 simulations and find number of violations
  • S-Talirovs Scatter & Sim.
  • Run 10 times
  • Run terminates if
      • Violation found
    • Timeout: 1hr
  • Tools can restart during a run
  • Time taken is hard to compare
    • S-Taliro has a single threaded impl.
results van der pol
Results - Van Der Pol

Highly non-linear!

2 continuous States

Random Testing

S-Taliro

Scatter & Sim.

Vs

results bouncing ball
Results - Bouncing Ball

Hybrid!

4 continuous States

1mode

Random Testing

S-Taliro

Scatter & Sim.

Vs

results navigation30
Results - Navigation30

625 Modes!

4 continuous States

625 modes

Random Testing

S-Taliro

Scatter & Sim.

Vs

Becnhmarks for Hybrid Systems Verification: [Fehnker and Ivancic]

results idle speed controller
Results - Idle Speed Controller

Inputs!

9 continuous States

4 modes

1 input

Random Testing

S-Taliro

Scatter & Sim.

Vs

A new algorithm for reachability analysis of hybrid automata : [A. Casagrande, et al.]

in summary
In Summary…
  • Falsification technique for Hybrid Systems.
  • No explicit model required!
  • Simulations are cheap and parallelizable!
  • Generalizable in many direction.

But…

  • Can not find non-robust trajectories
  • Convergence is not guaranteed
  • Best effort search
    • Can provide asymptotic guarantees
falsification approaches shooting
Falsification Approaches: Shooting
  • Single Shooting
  • Random testing
  • S-Taliro
  • BREACH
  • Systematic Sim.
  • RRTs
  • Multiple Shooting
  • Proposed approach:
    • Scatter & Simulate
single shooting random testing
Single Shooting: Random Testing

SIM(X,T)

System Description

  • Naïve: needs guidance
  • Curse of dimensionality: Scales poorly with increasing states

Error

States

Initial States

single shooting guided testing
Single Shooting:Guided Testing
  • S-Taliro: [Fainekos, et. Al]
  • BREACH: [Donze]

Inefficient in the presence of

non-linearities and discrete updates

Error

States

Initial States

multiple shooting1
Multiple Shooting

Distribute non -linearity

Solution…?

Use mature NLP Solvers

Translate the problem as an optimization problem with equality constraints

Error

States

Proposed Solution

Use Abstractions and CEGAR

Initial States

Undesirable Gaps

A Trajectory Splicing Approach to Concretizing Counterexamples for Hybrid Systems: [Zutshi, et al.]

abstractions and cegar
Abstractions and CEGAR

How to effectively use Multiple Shooting?

Use Discrete Abstractions and a refinement procedure

CEGAR: Counter Example Guided Refinement

  • Induced by norm
  • Grid Based Implicit Abstraction
  • Partitions the state space into rectangular Cells
  • Discovers relations using simulation

Verification of Hybrid Systems Based on Counterexample-Guided Abstraction Refinement

[Clarke, Fehnker, et al.]

grid based abstraction
Grid Based Abstraction
  • Discretizes concrete states
  • Relations induced

by Dynamics

Abstract State:

Concrete States:

HSolver: [Ratschan, et al.]

explicit abstractions
Explicit Abstractions

Curse of Dimensionality

  • Explicit abstraction construction
  • Used by verification approaches
  • Sound procedure finds relations between adjacent cells
  • Enumerate all abstract error paths

Predicate Abstraction for reachability analysis of HS

[Alur, Dang, Ivancic]

exploring implicit abstractions
Exploring Implicit Abstractions

Mitigate curse of dimensionality!

  • Implicit Abstractions
  • Use simulations in a multiple shooting fashion
  • Sample relations
  • Efficiently discover a subset of abstract error paths