Date post: | 29-Dec-2015 |
Category: |
Documents |
Upload: | ilene-booker |
View: | 214 times |
Download: | 1 times |
Kim G. Larsen Peter Bulychev, Alexandre David,
Dehui Du, Axel Legay, Guangyuan Li, Marius Mikucionis, Danny B. Poulsen,
Amalie Stainer, Zheng Wang
Statistical Model Checking, Refinement Checking,
Optimization, .. for Stochastic Hybrid Systems
FORMATS, Sep 2012
IDEA4CPS Foundations for CPS
Kim Larsen [2]
I
D
E
A
Inst. of Software Chinese Academy of Sciences, Beijing, China
Technical University of Denmark,Lyngby, Denmark
East China Normal University, Shanghai, China
Aalborg University, Denmark
FORMATS, Sep 2012
Cyber-Physical Systems
Complex systems that tightly integrate multiple, networked computing elements (hardware and software) with non-computing physical elements such as electrical or mechanical components.
Kim Larsen [3]
Smart XHybrid Systems
FORMATS, Sep 2012
Trustworthiness
(TCPS) .. by which we mean CPS on which reliance can justifiably be placed.
(wiki) .. of a component is .. defined by how well it secures a set of functional and non-functional properties, deriving from its architecture, construction, and environment, and evaluated as appropriate.
Kim Larsen [4]
Probabilities
Confidence
Current State
FORMATS, Sep 2012 Kim Larsen [5]
StochasticHybrid Systems
ProbabilisticTemporal Logic
Statistical Model Checking
FORMATS, Sep 2012
Overview
Stochastic Hybrid Systems Weighted Metric Interval Temporal Logic UPPAAL SMC (Demo)
Energy Aware Buildings SMC and Refinement Checking SMC and Optimization
Conclusion
Kim Larsen [6]
FORMATS, Sep 2012
Stochastic Hybrid Systems
A Bouncing Ball
Kim Larsen [7/52]
Simulate 5 [<=20] {p}
Pr[<=20](<>(time >=12 && p >= 4))
FORMATS, Sep 2012
Hybrid Automata
H=(L, l0,§, X,E,F,Inv)where
L set of locations l0 initial location
§=§i [ §o set of actions X set of continuous variables
valuation º: X!R (=RX)
E set of edges (l,g,a,Á,l’) with gµRX and
ÁµRX£RX and a2§ For each l a
delay function F(l): R>0£RX ! RX
For each l an invariant Inv(l)µRX
Kim Larsen [8]
FORMATS, Sep 2012
Hybrid Automata
Kim Larsen [9]
Semantics States
(l,º) where º2RX
Transitions (l,º) !d (l,º’) where º’=F(l)(d)(º) provided º’2 Inv(l)
(l,º) !a (l’,º’) if
there exists (l,g,a,Á,l’)2E with º2g and (º,º’)2Á and º’2 Inv(l’)
(p= 10;v = 0) d! (p= 10¡ 9:81=2d2;v = ¡ 9:81d)bounce!! (p= 0;v = 14:02¢0:83) at d = 1:43
d! (p= 6:92;v = 0) at d = 1:18d! (p= 0;v = 11:51) at d = 1:18
bounce!! : : :
FORMATS, Sep 2012
Stochastic Hybrid Automata
Kim Larsen [10]
* Dirac’s delta functions for deterministic delays / next state
P [hit!] =Z t=1:43
t=0(2:5e¡ 2:5t)dt
= [¡ e¡ 2:5t]1:430 = 0:97
(p= 10;v = 0) d! (p= 10¡ 9:81=2d2;v = ¡ 9:81d)bounce!! (p= 0;v = 14:02¢0:83) at d = 1:43
Stochastic SemanticsFor each state s=(l,º)
Delay density function* ¹s: R>0! R
Output Probability Function°s: §o! [0,1]
Next-state density function*
´a s: St! R
where a2§.
FORMATS, Sep 2012
Stochastic Hybrid Automata
Kim Larsen [11]
* Dirac’s delta functions for deterministic delays / next state
P [hit!] =Z t=1:43
t=0(2:5e¡ 2:5t)dt
= [¡ e¡ 2:5t]1:430 = 0:97
(p= 10;v = 0) d! (p= 10¡ 9:81=2d2;v = ¡ 9:81d)bounce!! (p= 0;v = 14:02¢0:83) at d = 1:43
Stochastic SemanticsFor each state s=(l,º)
Delay density function* ¹s: R>0! R
Output Probability Function°s: §o! [0,1]
Next-state density function*
´a s: St! R
where a2§.
UPPAALUniform distributions (bounded delay)Exponential distributions (unbounded delay)Syntax for discrete probabilistic choiceDistribution on next state by use of randomHybrid flow by use of ODEs
NetworksRepeated races between components for outputting
FORMATS, Sep 2012
Pr[c<=C](<> T.T3) ?
Stochastic Semantics NTAs
Composition = Race between componentsfor outputting
Kim Larsen [12]
Pr[time<=2](<> T.T3) ?Pr[time<=T](<> T.T3) ?
FORMATS, Sep 2012
Stochastic Semantics of NHAs
Assumptions: Component SHAs are:
• Input enabled• Deterministic• Disjoint set of output actions
¼ ( s , a1 a2 …. an ) : the set of maximal runs from s with a prefix
t1 a1 t2 a2 … tn ak for some t1,…,tn 2 R.
Kim Larsen [13]
FORMATS, Sep 2012
Metric Interval Temporal Logic MITL≤ syntax:
ϕ ::=σ | ¬ϕ | ϕ1 ∧ ϕ2 | Oϕ | ϕ1 U≤d ϕ2
where d ∈ ℕ is a natural number. MITL≤ semantics [ r=(a1,t1)(a2,t2)(a3,t3) … ]:
r ⊨σ if a1= σ r ⊨¬ϕ if r ⊭ ϕ r ⊨ ϕ1 ∧ ϕ2 if r ⊨ ϕ1 and r ⊨ ϕ2
r ⊨Oϕ if (a2,t2)(a3,t3)… ⊨ ϕ
r ⊨ϕ1 U≤d ϕ2 if 9 i. (ai,ti)(ai+1,ti+1)… ⊨ ϕ2
with t1 +t2 +…+ti ≤d
and (aj,tj)(aj+1,tj+1)… ⊨ ϕ1 for j<i
Kim Larsen [14]
FORMATS, Sep 2012
Statistical Model Checking
Kim Larsen [16]
M
Á
µ, ²
Generator
Validator
Core Algorithm
Incon
clu
siv
e
PrM(Á) 2 [a-²,a+²] with confidence µ
p,®
PrM(Á) ¸ pat significance level ®
}<T p
[FORMATS11,RV12]
FORMATS, Sep 2012
Logical Properties– WMITL
Kim Larsen [17]
95% confidence interval: [0.215,0.225]
MODEL M OBSERVER(det)
Á =
FORMATS, Sep 2012
Statistical Model Checking [LPAR2012]
Kim Larsen [18]
M
Á
µ, ²
Generator
Validator
Core Algorithm
Incon
clu
siv
e
PrM(Á) 2 [a-²,a+²] with confidence µ
p,®
PrM(Á) ¸ pat significance level ®
CASAAL
OÁ
UÁ AÁ
} acc
M | OÁ
M | UÁ
FORMATS, Sep 2012
Experiments
Kim Larsen [19]
How exact is the O/U?1000 random formulas
2, 3, 4 actions15 connectives
New exact method for full MITL[a,b]
using rewriting [RV12]
Energy Aware Buildings
Fehnker, Ivancic. Benchmarks for Hybrid Systems Verification. HSCC04
With Alexandre David,Dehui Du
Marius MikucionisArne Skou
FORMATS, Sep 2012
Stochastic Hybrid Systems
Kim Larsen [21]
on/off
on/off
Room 1
Room 2Heater
simulate 1 [<=100]{Temp(0).T, Temp(1).T}
simulate 10 [<=100]{Temp(0).T, Temp(1).T}
Pr[<=100](<> Temp(0).T >= 10)
Pr[<=100](<> Temp(1).T<=5 and time>30) >= 0.2
FORMATS, Sep 2012
Results – Simulations
simulate 1 [<=2*day] { T[1], T[2], T[3], T[4], T[5] }
simulate 1 [<=2*day] { Heater(1).r, Heater(2).r, Heater(3).r }
Kim Larsen [26]
FORMATS, Sep 2012
const int Tenv=7;const int k=2;const int H=20;const int TB[4]= {12, 18, 25, 28};
Controller Synthesis
Kim Larsen [32]
on/off
??
const int Tenv=7;const int k=2;const int H=20;const int TB[4]= {12, 18, 25, 28};
low
normal
high
critical high
critical low
12
18
25
28
Room
Room Heater
FORMATS, Sep 2012
TA Abstraction
Kim Larsen [35]
const int uL[3]={3,5,2};const int uU[3]={4,6,3};const int dL[3]={3,9,15};const int dU[3]={4,10,16}
FORMATS, Sep 2012
Validation by Simulation
Kim Larsen [37]
const int uL[3]={3,8,2};const int uU[3]={4,9,3};const int dL[3]={3,9,15};const int dU[3]={4,10,16}
WATA, Dresden, May 30, 2012
Time Bounded L-problem [Qest12]
Kim Larsen [39]
simulate 1 [time<=5] {C, x, y} Problem:Determine schedule that maximizestime until out of energy
WATA, Dresden, May 30, 2012
TEST
Time Bounded L-problem [Qest12]
Kim Larsen [41]
simulate 10000 [time<=10] {C,x,y}: 1 : time>=7 && Test.GOOD
Pr [time<=10] (<> time>=7 && Test.GOOD
Can we do better?
FORMATS, Sep 2012
Other Case Studies
FIREWIRE BLUETOOTH 10 node LMAC
ROBOT
Kim Larsen [48]
Energy AwareBuildings
Genetic Oscilator(HBS)
SchedulabilityAnalysis forMix Cr Sys
PassengerSeating in
Aircraft
FORMATS, Sep 2012
Contribution & More
Natural stochastic semantics of networks of stochastic hybrid systems.
Efficient implementation of SMC algorithms: Estimation of Sequential testing ¸ p Sequential probability comparison ¸ Parameterized comparison
Distributed Implementation of SMC !Kim Larsen [49]