EECS 20 Lecture 7 (January 31, 2001) Tom Henzinger Reactive Systems.
EECS 20 Lecture 36 (April 23, 2001) Tom Henzinger Safety Control.
-
date post
22-Dec-2015 -
Category
Documents
-
view
216 -
download
2
Transcript of EECS 20 Lecture 36 (April 23, 2001) Tom Henzinger Safety Control.
![Page 1: EECS 20 Lecture 36 (April 23, 2001) Tom Henzinger Safety Control.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649d7a5503460f94a5e473/html5/thumbnails/1.jpg)
EECS 20
Lecture 36 (April 23, 2001)
Tom Henzinger
Safety Control
![Page 2: EECS 20 Lecture 36 (April 23, 2001) Tom Henzinger Safety Control.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649d7a5503460f94a5e473/html5/thumbnails/2.jpg)
The Control Problem
Given
Plant1.
2. Objective
![Page 3: EECS 20 Lecture 36 (April 23, 2001) Tom Henzinger Safety Control.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649d7a5503460f94a5e473/html5/thumbnails/3.jpg)
The Control Problem
Find
Plant
Controller
such that the composite (“closed-loop”) system satisfies the Objective
![Page 4: EECS 20 Lecture 36 (April 23, 2001) Tom Henzinger Safety Control.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649d7a5503460f94a5e473/html5/thumbnails/4.jpg)
Simple Control Problems
1. LTI Plant
2. Finite-State Plant
![Page 5: EECS 20 Lecture 36 (April 23, 2001) Tom Henzinger Safety Control.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649d7a5503460f94a5e473/html5/thumbnails/5.jpg)
Even Simple Linear Systems are Not Finite-State
x: Nats0 Reals y: Nats0 Reals
z Nats0, y(z) = 0 if z=0
(x(z-1) + x(z)) if z>0{
![Page 6: EECS 20 Lecture 36 (April 23, 2001) Tom Henzinger Safety Control.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649d7a5503460f94a5e473/html5/thumbnails/6.jpg)
Even Simple Finite-State Systems are Not Linear
x: Nats0 Reals y: Nats0 Reals
z Nats0, y(z) = x(z) if z’ z, x(z’) 100
0 if z’ z, x(z’) > 100
{
![Page 7: EECS 20 Lecture 36 (April 23, 2001) Tom Henzinger Safety Control.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649d7a5503460f94a5e473/html5/thumbnails/7.jpg)
i 100 / i i / 0
i > 100 / 0
( “i” stands for any input value )
![Page 8: EECS 20 Lecture 36 (April 23, 2001) Tom Henzinger Safety Control.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649d7a5503460f94a5e473/html5/thumbnails/8.jpg)
Simplest Finite-State Control Objective:
SAFETY
stay out of a set of undesirable plant states (the “error” states)
![Page 9: EECS 20 Lecture 36 (April 23, 2001) Tom Henzinger Safety Control.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649d7a5503460f94a5e473/html5/thumbnails/9.jpg)
The Finite-State Safety Control Problem
Given
finite-state machine Plant1
.
2. set Error of states of Plant
![Page 10: EECS 20 Lecture 36 (April 23, 2001) Tom Henzinger Safety Control.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649d7a5503460f94a5e473/html5/thumbnails/10.jpg)
The Finite-State Safety Control Problem
Findfinite-state machine Plant
finite-state machine Controller
such that the composite system never enters a state in Error
![Page 11: EECS 20 Lecture 36 (April 23, 2001) Tom Henzinger Safety Control.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649d7a5503460f94a5e473/html5/thumbnails/11.jpg)
Step 1:
Compute the “uncontrollable” states of Plant
1. Every state in Error is uncontrollable.
2. For all states s,
if for all inputs i there exist an uncontrollable
state s’ and an output o such that (s’,o)
possibleUpdates (s,i)
then s is uncontrollable.
![Page 12: EECS 20 Lecture 36 (April 23, 2001) Tom Henzinger Safety Control.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649d7a5503460f94a5e473/html5/thumbnails/12.jpg)
i/0
i/0
Error
Plant
0/1
1/1
0/1
1/1
0/1
1/1
1/0
1/1
0/1
0/1
1/01/1
0/0
![Page 13: EECS 20 Lecture 36 (April 23, 2001) Tom Henzinger Safety Control.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649d7a5503460f94a5e473/html5/thumbnails/13.jpg)
i/0
i/0
Error
Plant
0/1
1/1
0/1
1/1
0/1
1/1
1/0
1/1
0/1
0/1
1/01/1
uncontrollable (cannot prevent error state from being entered in 1 transition)
0/0
![Page 14: EECS 20 Lecture 36 (April 23, 2001) Tom Henzinger Safety Control.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649d7a5503460f94a5e473/html5/thumbnails/14.jpg)
i/0
i/0
Error
Plant
0/1
1/1
0/1
1/1
0/1
1/1
1/0
1/1
0/1
0/1
1/01/1
uncontrollable (cannot prevent error state from being entered in 2 transitions)
0/0
![Page 15: EECS 20 Lecture 36 (April 23, 2001) Tom Henzinger Safety Control.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649d7a5503460f94a5e473/html5/thumbnails/15.jpg)
i/0
i/0
Error
Plant
0/1
1/1
0/1
1/1
0/1
1/1
1/0
1/1
0/1
0/1
1/01/1
Uncontrollable
0/0
![Page 16: EECS 20 Lecture 36 (April 23, 2001) Tom Henzinger Safety Control.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649d7a5503460f94a5e473/html5/thumbnails/16.jpg)
i/0
i/0
Error
Plant
0/1
1/1
0/1
1/1
0/1
1/1
1/0
1/1
0/1
0/1
1/01/1
Uncontrollable
safe control inputs
0/0
![Page 17: EECS 20 Lecture 36 (April 23, 2001) Tom Henzinger Safety Control.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649d7a5503460f94a5e473/html5/thumbnails/17.jpg)
Step 2:
Design the Controller
1. For each controllable state s of the plant, choose one input i so that possibleUpdates (s,i) contains only controllable states.
![Page 18: EECS 20 Lecture 36 (April 23, 2001) Tom Henzinger Safety Control.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649d7a5503460f94a5e473/html5/thumbnails/18.jpg)
r
q
p i/0
i/0
Plant
0/1
1/1
0/1
1/1
0/1
1/1
1/0
1/1
0/1
0/1
1/01/1
Uncontrollable
chosen control inputsp : 1 q : 1 r :
0
0/0
![Page 19: EECS 20 Lecture 36 (April 23, 2001) Tom Henzinger Safety Control.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649d7a5503460f94a5e473/html5/thumbnails/19.jpg)
Step 2:
Design the Controller
1. For each controllable state s of the plant, choose one input i so that possibleUpdates (s,i) contains only controllable states.
2. Have the Controller keep track of the state of the Plant:
If Plant is output-deterministic, then Controller looks exactly like the controllable part of Plant, with inputs and outputs swapped.
![Page 20: EECS 20 Lecture 36 (April 23, 2001) Tom Henzinger Safety Control.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649d7a5503460f94a5e473/html5/thumbnails/20.jpg)
Plant
r
q
p i/0
i/0
0/1
1/1
0/1
1/1
0/1
1/1
1/0
1/1
0/1
0/1
1/01/1
Uncontrollable
Controller
r
q
p
0/1
1/0
0/11/1
1/1
0/0
![Page 21: EECS 20 Lecture 36 (April 23, 2001) Tom Henzinger Safety Control.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649d7a5503460f94a5e473/html5/thumbnails/21.jpg)
Plant
r
q
p i/0
i/0
0/1
1/1
0/1
1/1
0/1
1/1
1/0
1/1
0/1
0/1
1/01/1
Uncontrollable
Controller
r
q
p
0/1
1/0
0/11/1
1/1
0/0
(the Controller can be made receptive in any way)
0/0
![Page 22: EECS 20 Lecture 36 (April 23, 2001) Tom Henzinger Safety Control.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649d7a5503460f94a5e473/html5/thumbnails/22.jpg)
What if the Plant is not output-deterministic?
![Page 23: EECS 20 Lecture 36 (April 23, 2001) Tom Henzinger Safety Control.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649d7a5503460f94a5e473/html5/thumbnails/23.jpg)
Plant
r
q
p i/0
i/0
0/1
1/1
0/1
1/1
0/1
1/1
1/1
1/1
0/1
0/1
1/11/1
Uncontrollable
Controller
p,qp 1/1
0/1
![Page 24: EECS 20 Lecture 36 (April 23, 2001) Tom Henzinger Safety Control.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649d7a5503460f94a5e473/html5/thumbnails/24.jpg)
Plant
r
q
p i/0
i/0
0/1
1/1
0/1
1/1
0/1
1/1
1/1
1/1
0/1
0/1
1/11/1
Uncontrollable
Controller
p,qp 1/1 p,q,r1/1
0/1
![Page 25: EECS 20 Lecture 36 (April 23, 2001) Tom Henzinger Safety Control.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649d7a5503460f94a5e473/html5/thumbnails/25.jpg)
Plant
r
q
p i/0
i/0
0/1
1/1
0/1
1/1
0/1
1/1
1/1
1/1
0/1
0/1
1/11/1
Uncontrollable
Controller
p,qp 1/1 p,q,r1/1
Neither 0 nor 1 is safe !
0/1
![Page 26: EECS 20 Lecture 36 (April 23, 2001) Tom Henzinger Safety Control.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649d7a5503460f94a5e473/html5/thumbnails/26.jpg)
Plant
r
q
p i/0
i/0
0/1
1/1
0/1
1/1
0/1
1/1
1/1
1/1
0/1
0/1
1/11/1
Uncontrollable0/1
![Page 27: EECS 20 Lecture 36 (April 23, 2001) Tom Henzinger Safety Control.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649d7a5503460f94a5e473/html5/thumbnails/27.jpg)
Plant
r
q
p i/0
i/0
0/1
1/1
0/1
1/1
0/1
1/1
1/1
1/1
0/1
0/1
1/11/1
Uncontrollable0/1
Controller
p,rp 1/0
![Page 28: EECS 20 Lecture 36 (April 23, 2001) Tom Henzinger Safety Control.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649d7a5503460f94a5e473/html5/thumbnails/28.jpg)
Plant
r
q
p i/0
i/0
0/1
1/1
0/1
1/1
0/1
1/1
1/1
1/1
0/1
0/1
1/11/1
Uncontrollable0/1
Controller
p,rp 1/01/0
![Page 29: EECS 20 Lecture 36 (April 23, 2001) Tom Henzinger Safety Control.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649d7a5503460f94a5e473/html5/thumbnails/29.jpg)
Step 2: Design the Controller
1. Let Controllable be the controllable states of the Plant. A subset S Controllable is consistent if there is an input i such that for all states s S, all states in possibleUpdates (s,i) are controllable.
2. Let M be the state machine whose states are the consistent subsets of Controllable. Prune from M the states that have no successor, until no more states can be pruned.
3. If the result contains possibleInitialStates (of the plant) as a state, then it is the desired Controller. Otherwise, no controller exists.
![Page 30: EECS 20 Lecture 36 (April 23, 2001) Tom Henzinger Safety Control.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649d7a5503460f94a5e473/html5/thumbnails/30.jpg)
Plant
r
q
p i/0
i/0
0/1
1/1
0/1
1/1
0/1
1/1
1/1
1/1
0/1
0/1
1/11/1
Uncontrollable0/1
Consistent subsets
{p} : 0, 1 {q} : 1 {r} : 0
{p,q} : 1 {p,r} : 0 {q,r}, {p,q,r} not consistent
![Page 31: EECS 20 Lecture 36 (April 23, 2001) Tom Henzinger Safety Control.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649d7a5503460f94a5e473/html5/thumbnails/31.jpg)
Plant
r
q
p i/0
i/0
0/1
1/1
0/1
1/1
0/1
1/1
1/1
1/1
0/1
0/1
1/11/1
Uncontrollable0/1
p q r
p,rp,q
{p} : 0, 1 {q} : 1 {r} : 0 {p,q} : 1 {p,r} : 0
![Page 32: EECS 20 Lecture 36 (April 23, 2001) Tom Henzinger Safety Control.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649d7a5503460f94a5e473/html5/thumbnails/32.jpg)
Plant
r
q
p i/0
i/0
0/1
1/1
0/1
1/1
0/1
1/1
1/1
1/1
0/1
0/1
1/11/1
Uncontrollable0/1
p q r
p,rp,q
{q} : 1 {r} : 0 {p,q} : 1 {p,r} : 0
1 0
![Page 33: EECS 20 Lecture 36 (April 23, 2001) Tom Henzinger Safety Control.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649d7a5503460f94a5e473/html5/thumbnails/33.jpg)
Plant
r
q
p i/0
i/0
0/1
1/1
0/1
1/1
0/1
1/1
1/1
1/1
0/1
0/1
1/11/1
Uncontrollable0/1
p q r
p,rp,q
{r} : 0 {p,q} : 1 {p,r} : 0
1 0
1
![Page 34: EECS 20 Lecture 36 (April 23, 2001) Tom Henzinger Safety Control.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649d7a5503460f94a5e473/html5/thumbnails/34.jpg)
Plant
r
q
p i/0
i/0
0/1
1/1
0/1
1/1
0/1
1/1
1/1
1/1
0/1
0/1
1/11/1
Uncontrollable0/1
p q r
p,rp,q
{p,q} : 1 {p,r} : 01 0
1
0
![Page 35: EECS 20 Lecture 36 (April 23, 2001) Tom Henzinger Safety Control.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649d7a5503460f94a5e473/html5/thumbnails/35.jpg)
Plant
r
q
p i/0
i/0
0/1
1/1
0/1
1/1
0/1
1/1
1/1
1/1
0/1
0/1
1/11/1
Uncontrollable0/1
p q r
p,r
{p,r} : 0
1 0
1
0
1
p,q
![Page 36: EECS 20 Lecture 36 (April 23, 2001) Tom Henzinger Safety Control.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649d7a5503460f94a5e473/html5/thumbnails/36.jpg)
Plant
r
q
p i/0
i/0
0/1
1/1
0/1
1/1
0/1
1/1
1/1
1/1
0/1
0/1
1/11/1
Uncontrollable0/1
p q r
p,r1 0
1
0
p,q 0
![Page 37: EECS 20 Lecture 36 (April 23, 2001) Tom Henzinger Safety Control.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649d7a5503460f94a5e473/html5/thumbnails/37.jpg)
Plant
r
q
p i/0
i/0
0/1
1/1
0/1
1/1
0/1
1/1
1/1
1/1
0/1
0/1
1/11/1
Uncontrollable0/1
p q r
p,r1 0
1
0
p,q 0
![Page 38: EECS 20 Lecture 36 (April 23, 2001) Tom Henzinger Safety Control.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649d7a5503460f94a5e473/html5/thumbnails/38.jpg)
Plant
r
q
p i/0
i/0
0/1
1/1
0/1
1/1
0/1
1/1
1/1
1/1
0/1
0/1
1/11/1
Uncontrollable0/1
p q r
p,r
0
1
0
0
![Page 39: EECS 20 Lecture 36 (April 23, 2001) Tom Henzinger Safety Control.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649d7a5503460f94a5e473/html5/thumbnails/39.jpg)
Plant
r
q
p i/0
i/0
0/1
1/1
0/1
1/1
0/1
1/1
1/1
1/1
0/1
0/1
1/11/1
Uncontrollable0/1
p
p,r
0
0
![Page 40: EECS 20 Lecture 36 (April 23, 2001) Tom Henzinger Safety Control.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649d7a5503460f94a5e473/html5/thumbnails/40.jpg)
Plant
r
q
p i/0
i/0
0/1
1/1
0/1
1/1
0/1
1/1
1/1
1/1
0/1
0/1
1/11/1
Uncontrollable0/1
Controller
p,rp i/0i/0