SMT-Based Bounded Model Checking of Fixed-Point Digital Controllers

Digital controllers have several advantages with respect to their flexibility and design's simplicity. However, they are subject to problems that are not faced by analog controllers. In particular, these problems are related to the finite word-length implementation that might lead to overflows, limit cycles, and time constraints in fixed-point processors. This paper proposes a new method to detect design's errors in digital controllers using a state-of-the art bounded model checker based on satisfiability modulo theories. The experiments with digital controllers for a ball and beam plant demonstrate that the proposed method can be very effective in finding errors in digital controllers than other existing approaches based on traditional simulations tools

Passivity Degradation In Discrete Control Implementations: An Approximate Bisimulation Approach

In this paper, we present some preliminary results for compositional analysis of heterogeneous systems containing both discrete state models and continuous systems using consistent notions of dissipativity and passivity. We study the following problem: given a physical plant model and a continuous feedback controller designed using traditional control techniques, how is the closed-loop passivity affected when the continuous controller is replaced by a discrete (i.e., symbolic) implementation within this framework? Specifically, we give quantitative results on performance degradation when the discrete control implementation is approximately bisimilar to the continuous controller, and based on them, we provide conditions that guarantee the boundedness property of the closed-loop system.Comment: This is an extended version of our IEEE CDC 2015 paper to appear in Japa

Sound and Automated Synthesis of Digital Stabilizing Controllers for Continuous Plants

Modern control is implemented with digital microcontrollers, embedded within a dynamical plant that represents physical components. We present a new algorithm based on counter-example guided inductive synthesis that automates the design of digital controllers that are correct by construction. The synthesis result is sound with respect to the complete range of approximations, including time discretization, quantization effects, and finite-precision arithmetic and its rounding errors. We have implemented our new algorithm in a tool called DSSynth, and are able to automatically generate stable controllers for a set of intricate plant models taken from the literature within minutes.Comment: 10 page

Synthesis of Minimal Error Control Software

Software implementations of controllers for physical systems are at the core of many embedded systems. The design of controllers uses the theory of dynamical systems to construct a mathematical control law that ensures that the controlled system has certain properties, such as asymptotic convergence to an equilibrium point, while optimizing some performance criteria. However, owing to quantization errors arising from the use of fixed-point arithmetic, the implementation of this control law can only guarantee practical stability: under the actions of the implementation, the trajectories of the controlled system converge to a bounded set around the equilibrium point, and the size of the bounded set is proportional to the error in the implementation. The problem of verifying whether a controller implementation achieves practical stability for a given bounded set has been studied before. In this paper, we change the emphasis from verification to automatic synthesis. Using synthesis, the need for formal verification can be considerably reduced thereby reducing the design time as well as design cost of embedded control software. We give a methodology and a tool to synthesize embedded control software that is Pareto optimal w.r.t. both performance criteria and practical stability regions. Our technique is a combination of static analysis to estimate quantization errors for specific controller implementations and stochastic local search over the space of possible controllers using particle swarm optimization. The effectiveness of our technique is illustrated using examples of various standard control systems: in most examples, we achieve controllers with close LQR-LQG performance but with implementation errors, hence regions of practical stability, several times as small.Comment: 18 pages, 2 figure

On the Generation of Precise Fixed-Point Expressions

Several problems in the implementations of control systems, signal-processing systems, and scientific computing systems reduce to compiling a polynomial expression over the reals into an imperative program using fixed-point arithmetic. Fixed-point arithmetic only approximates real values, and its operators do not have the fundamental properties of real arithmetic, such as associativity. Consequently, a naive compilation process can yield a program that significantly deviates from the real polynomial, whereas a different order of evaluation can result in a program that is close to the real value on all inputs in its domain. We present a compilation scheme for real-valued arithmetic expressions to fixed-point arithmetic programs. Given a real-valued polynomial expression t, we find an expression t' that is equivalent to t over the reals, but whose implementation as a series of fixed-point operations minimizes the error between the fixed-point value and the value of t over the space of all inputs. We show that the corresponding decision problem, checking whether there is an implementation t' of t whose error is less than a given constant, is NP-hard. We then propose a solution technique based on genetic programming. Our technique evaluates the fitness of each candidate program using a static analysis based on affine arithmetic. We show that our tool can significantly reduce the error in the fixed-point implementation on a set of linear control system benchmarks. For example, our tool found implementations whose errors are only one half of the errors in the original fixed-point expressions

Towards a Compiler for Reals

Numerical software, common in scientific computing or embedded systems, inevitably uses a finite-precision approximation of the real arithmetic in which most algorithms are designed. In many applications, the roundoff errors introduced by finite-precision arithmetic are not the only source of inaccuracy, and measurement and other input errors further increase the uncertainty of the computed results. Adequate tools are needed to help users select suitable data types and evaluate the provided accuracy, especially for safety-critical applications. We present a source-to-source compiler called Rosa that takes as input a real-valued program with error specifications and synthesizes code over an appropriate floating-point or fixed-point data type. The main challenge of such a compiler is a fully automated, sound, and yet accurate-enough numerical error estimation. We introduce a unified technique for bounding roundoff errors from floating-point and fixed-point arithmetic of various precisions. The technique can handle nonlinear arithmetic, determine closed-form symbolic invariants for unbounded loops, and quantify the effects of discontinuities on numerical errors. We evaluate Rosa on a number of benchmarks from scientific computing and embedded systems and, comparing it to the state of the art in automated error estimation, show that it presents an interesting tradeoff between accuracy and performance

Verified compilation and optimization of floating-point kernels

When verifying safety-critical code on the level of source code, we trust the compiler to produce machine code that preserves the behavior of the source code. Trusting a verified compiler is easy. A rigorous machine-checked proof shows that the compiler correctly translates source code into machine code. Modern verified compilers (e.g. CompCert and CakeML) have rich input languages, but only rudimentary support for floating-point arithmetic. In fact, state-of-the-art verified compilers only implement and verify an inflexible one-to-one translation from floating-point source code to machine code. This translation completely ignores that floating-point arithmetic is actually a discrete representation of the continuous real numbers. This thesis presents two extensions improving floating-point arithmetic in CakeML. First, the thesis demonstrates verified compilation of elementary functions to floating-point code in: Dandelion, an automatic verifier for polynomial approximations of elementary functions; and libmGen, a proof-producing compiler relating floating-point machine code to the implemented real-numbered elementary function. Second, the thesis demonstrates verified optimization of floating-point code in: Icing, a floating-point language extending standard floating-point arithmetic with optimizations similar to those used by unverified compilers, like GCC and LLVM; and RealCake, an extension of CakeML with Icing into the first fully verified optimizing compiler for floating-point arithmetic.Bei der Verifizierung von sicherheitsrelevantem Quellcode vertrauen wir dem Compiler, dass er Maschinencode ausgibt, der sich wie der Quellcode verhält. Man kann ohne weiteres einem verifizierten Compiler vertrauen. Ein rigoroser maschinen-ü}berprüfter Beweis zeigt, dass der Compiler Quellcode in korrekten Maschinencode übersetzt. Moderne verifizierte Compiler (z.B. CompCert und CakeML) haben komplizierte Eingabesprachen, aber unterstützen Gleitkommaarithmetik nur rudimentär. De facto implementieren und verifizieren hochmoderne verifizierte Compiler für Gleitkommaarithmetik nur eine starre eins-zu-eins Übersetzung von Quell- zu Maschinencode. Diese Übersetzung ignoriert vollständig, dass Gleitkommaarithmetik eigentlich eine diskrete Repräsentation der kontinuierlichen reellen Zahlen ist. Diese Dissertation präsentiert zwei Erweiterungen die Gleitkommaarithmetik in CakeML verbessern. Zuerst demonstriert die Dissertation verifizierte Übersetzung von elementaren Funktionen in Gleitkommacode mit: Dandelion, einem automatischen Verifizierer für Polynomapproximierungen von elementaren Funktionen; und libmGen, einen Beweis-erzeugenden Compiler der Gleitkommacode in Relation mit der implementierten elementaren Funktion setzt. Dann demonstriert die Dissertation verifizierte Optimierung von Gleitkommacode mit: Icing, einer Gleitkommasprache die Gleitkommaarithmetik mit Optimierungen erweitert die ähnlich zu denen in unverifizierten Compilern, wie GCC und LLVM, sind; und RealCake, eine Erweiterung von CakeML mit Icing als der erste vollverifizierte Compiler für Gleitkommaarithmetik

EASILY VERIFIABLE CONTROLLER DESIGN WITH APPLICATION TO AUTOMOTIVE POWERTRAINS

Bridging the gap between designed and implemented model-based controllers is a major challenge in the design cycle of industrial controllers. This gap is mainly created due to (i) digital implementation of controller software that introduces sampling and quantization imprecisions via analog-to-digital conversion (ADC), and (ii) uncertainties in the modeled plant’s dynamics, which directly propagate through the controller structure. The failure to identify and handle these implementation and model uncertainties results in undesirable controller performance and costly iterative loops for completing the controller verification and validation (V&V) process. This PhD dissertation develops a novel theoretical framework to design controllers that are robust to implementation imprecision and uncertainties within the models. The proposed control framework is generic and applicable to a wide range of nonlinear control systems. The final outcome from this study is an uncertainty/imprecisions adaptive, easily verifiable, and robust control theory framework that minimizes V&V iterations in the design of complex nonlinear control systems. The concept of sliding mode controls (SMC) is used in this study as the baseline to construct an easily verifiable model-based controller design framework. SMC is a robust and computationally efficient controller design technique for highly nonlinear systems, in the presence of model and external uncertainties. The SMC structure allows for further modification to improve the controller robustness against implementation imprecisions, and compensate for the uncertainties within the plant model. First, the conventional continuous-time SMC design is improved by: (i) developing a reduced-order controller based on a novel model order reduction technique. The reduced order SMC shows better performance, since it uses a balanced realization form of the plant model and reduces the destructive internal interaction among different states of the system. (ii) developing an uncertainty-adaptive SMC with improved robustness against implementation imprecisions. Second, the continuous-time SMC design is converted to a discrete-time SMC (DSMC). The baseline first order DSMC structure is improved by: (i) inclusion of the ADC imprecisions knowledge via a generic sampling and quantization uncertainty prediction mechanism which enables higher robustness against implementation imprecisions, (ii) deriving the adaptation laws via a Lyapunov stability analysis to overcome uncertainties within the plant model, and (iii) developing a second order adaptive DSMC with predicted ADC imprecisions, which provides faster and more robust performance under modeling and implementation imprecisions, in comparison with the first order DSMC. The developed control theories from this PhD dissertation have been evaluated in real-time for two automotive powertrain case studies, including highly nonlinear combustion engine, and linear DC motor control problems. Moreover, the DSMC with predicted ADC imprecisions is experimentally tested and verified on an electronic air throttle body testbed for model-based position tracking purpose