1 Formal Models for Stability Analysis : Verifying Average Dwell Time * Sayan Mitra MIT,CSAIL...
20
1 Formal Models for Stability Analysis : Verifying Average Dwell Time* Sayan Mitra MIT,CSAIL [email protected] Research Qualifying Exam 20 th December 2004 Joint work with Daniel Liberzon (UIUC) and Nancy Lynch (MIT) * Full version of the paper has been sent for
-
Upload
silvia-owens -
Category
Documents
-
view
225 -
download
1
Transcript of 1 Formal Models for Stability Analysis : Verifying Average Dwell Time * Sayan Mitra MIT,CSAIL...
1
Formal Models for Stability Analysis : Verifying Average Dwell Time*
Sayan Mitra MIT,CSAIL
Research Qualifying Exam20th December 2004
Joint work with Daniel Liberzon (UIUC) and Nancy Lynch (MIT)
* Full version of the paper has been sent for journal review.
2Verifying Average Dwell Time
A common math model (HIOA) Expressive: few constraints on continuous and discrete behavior
Compositional: analyze complex systems by looking at parts
Structured: inductive verification
Compatible: application of CT results e.g. stability, synthesis
Motivation: Macro
Control Theory: Dynamical system with boolean variables
Stability
Controllability
Controller design
Computer Science: State transition systems with continuous dynamics
Safety verification model checking theorem proving
Hybrid Systems
3Verifying Average Dwell Time
Motivation: Micro
Analysis of mobile algorithms (CT view) nodes: plant with continuous motion, disturbance
algorithm: controller maintaining some structure
Complexity
Stability and Robustness
4Verifying Average Dwell Time
Outline
1. Background
2. Stability under slow switching
3. Formal Model
4. Invariant Approach
5. MILP Approach
6. Conclusions
5Verifying Average Dwell Time
Switching and Stability
M1
M2
M1M2
M2 M1
M3
6Verifying Average Dwell Time
Stability Under Slow Switchings
Theorem [Hespanha]: Assuming Lyapunov functions for the individual modes exist, global asymptotic stability is guaranteed if τa is large enough.
),( Tt# of switches on average dwell time (ADT)
t1 12 2
)()( tV t decreasing sequence
--- (1)
7Verifying Average Dwell Time
Problem Statement
If all the executions of the hybrid system satisfy Equation (1), then the
system is said to have ADT τa .
Q: Given hybrid system A, does it have ADT τa ? or, what is the largest τa that is ADT for A ?
8Verifying Average Dwell Time
V: set of variables, types, valuations val(V), dtypes Q: set of states, Q val(V) : start states A: set of actions D Q A Q: discrete transitions. (v,a,v) є D is written in
short as
T: set of trajectories for V, functions describing continuous
evolution
A trajectory : J val(V)
T is closed under prefix, suffix, and concatenation
Formal Definitions: Hybrid Automata
[Lynch,Segala,Vaandrager]
9Verifying Average Dwell Time
Every variable is either discrete or continuous V = Vc U Vc
A set F of state models for the continuous variables Vc
A state model is a locally Lipschitz function f such that the solution to the system of differential equation d(v) = f(v) are in the dtypes of the corresp. continuous variables
A mode switching function
So, we have only continuous variables changing over trajectories:
Mode switches changing the state models
Definitions: Structured HA (SHA)
10Verifying Average Dwell Time
Definitions: Executions and Invariants
Execution (fragment): sequence 0 a1 1 a2 2 …, where:
Each i is a trajectory of the automaton, and
Each (i.lstate, ai , i+1.fstate) is a discrete step
Invariant I(s) proved by base case :
induction discrete:
continuous:
Supporting TIOA software tools [Kaynar, Lynch, Mitra]
14Verifying Average Dwell Time
Average Dwell Time: Invariant Approach
An SHA A has ADT if there exists N0 such that for all α
Quantification over all executions: ADT is a property of the executions of the automaton
Invariant approach: Transform the automaton A A’ so that the ADT property of A
becomes an invariant property of A’. Then use theorem proving or model checking tools to prove the
invariant(s)
15Verifying Average Dwell Time
Transformation for Stability Uniform stability preserving transformation:
counter Q, for number of extra mode switches a (reset) timer t Qmin for the smallest value of Q
A A’
Theorem: A has average dwell time τa iff Q- Qmin ≤ N0 in all reachable states of A’. invariant property
16Verifying Average Dwell Time
ProofIf part: we show that
t1 t2tmin
Qmin
Q(t2,t1) = Q(t2, tmin) – Q(t1,tmin)
≤ Q(t2,tmin)
= Q(t2) – Qmin(t2)
≤ N0
t1 t2tmin
Qmin
Qmin(t2) < Qmin(t1)
Q(t2,t1) = Q(t2, tmin) + Q(t1,tmin)
≤ Q(t2,tmin)
= Q(t2) – Qmin(t2)
≤ N0Only if part: Consider a state s’ = α’(t) of A’
suppose α’(t0) attains Qmin, Qmin(t) = Qmin(t0)
Q(t) – Qmin(t) ≤ N0
Q Q
17Verifying Average Dwell Time
Case Study: Hysteresis Switch
Initialize
Find
no yes?
Inputs:
Under suitable conditions on (compatible with bounded .........................................................noise
and no unmodeled dynamics), can prove ADT. See CDC paper for
details [Mitra, Liberzon]
Used in switching (supervisory) control of uncertain systems
18Verifying Average Dwell Time
Average Dwell Time : Optimization approach
An SHA A has ADT if there exists N0 such that for all α
An SHA A does not have ADT if for all N0 there is execution α such thatAn SHA A does not have ADT if for all N0 there is execution α such that
In general solving OPT1 is hard
• Finiteness of solution
• Completeness
# extra switches in α w.r.t. τa
19Verifying Average Dwell Time
Looking at cyclic counterexample
A simple sufficient condition for violating ADT
Lemma 3: If there is a cyclic execution of A with extra switches w.r.t τa, then
A does not have ADT τa.
Q: Is this also a necessary condition ?
A: For a useful class of SHA it is. Finitely initialized SHA.
implies
is finite
Lemma 4: IF SHA A does not have ADT τa and it is finitely initialized then it
has a cyclic execution with extra switches.
20Verifying Average Dwell Time
Extending to Non-initialized SHA
If there is a subset of variables Z V, such that if x.Z = y.Z then x є implies y є F(x) = F(y)
xx’ on a then there exists y’ such that yy’ on a and x’.Z = y’.Z
xx’ by traj τ then there exists y’ such that yy’ on a traj of same length and x’.Z = y’.Z
Z induces a congruence relation and partitions the state space of A into equivalence classes.
We can find a region automaton Rz(A) corresponding to A such that, any τa > 0 is an ADT for A iff it is also an ADT for Rz(A).
It is sufficient to have Rz(A) finitely initialized (and not A itself ) for the optimization approach to work.
21Verifying Average Dwell Time
Case Study: Gas BurnerSHA Region automata
MILP Soultion
22Verifying Average Dwell Time
Conclusions
SHA, SHIOA model, stability definitions Verification of ADT property:
Invariant approach --- general but not automatic MILP approach --- restrictive, can be fully automated
ADT preserving abstractions
Summary:
Future work:
Stability of mobile algorithms
Input-output properties (external stability)
Probabilistic HIOA [Cheung, Lynch, Segala, Vaandrager] and stability of stochastic switched systems [Chatterjee, Liberzon, FrA01.1]
23Verifying Average Dwell Time
References
[Mitra, Liberzon, Lynch, “Verifying average dwell time”, 2004, http://decision.csl.uiuc.edu/~liberzon]
