Invariant Generation through Strategy Iteration in Succinctly Represented Control Flow Graphs

We consider the problem of computing numerical invariants of programs, for instance bounds on the values of numerical program variables. More specifically, we study the problem of performing static analysis by abstract interpretation using template linear constraint domains. Such invariants can be obtained by Kleene iterations that are, in order to guarantee termination, accelerated by widening operators. In many cases, however, applying this form of extrapolation leads to invariants that are weaker than the strongest inductive invariant that can be expressed within the abstract domain in use. Another well-known source of imprecision of traditional abstract interpretation techniques stems from their use of join operators at merge nodes in the control flow graph. The mentioned weaknesses may prevent these methods from proving safety properties. The technique we develop in this article addresses both of these issues: contrary to Kleene iterations accelerated by widening operators, it is guaranteed to yield the strongest inductive invariant that can be expressed within the template linear constraint domain in use. It also eschews join operators by distinguishing all paths of loop-free code segments. Formally speaking, our technique computes the least fixpoint within a given template linear constraint domain of a transition relation that is succinctly expressed as an existentially quantified linear real arithmetic formula. In contrast to previously published techniques that rely on quantifier elimination, our algorithm is proved to have optimal complexity: we prove that the decision problem associated with our fixpoint problem is in the second level of the polynomial-time hierarchy.Comment: 35 pages, conference version published at ESOP 2011, this version is a CoRR version of our submission to Logical Methods in Computer Scienc

Polyhedral Tools for Control

Polyhedral operations play a central role in constrained control. One of the most fundamental operations is that of projection, required both by addition and multiplication. This thesis investigates projection and its relation to multi-parametric linear optimisation for the types of problems that are of particular interest to the control community. The first part of the thesis introduces an algorithm for the projection of polytopes in halfspace form, called Equality Set Projection (ESP). ESP has the desirable property of output sensitivity for non-degenerate polytopes. That is, a linear number of linear programs are needed per output facet of the projection. It is demonstrated that ESP is particularly well suited to control problems and comparative simulations are given, which greatly favour ESP. Part two is an investigation into the multi-parametric linear program (mpLP). The mpLP has received a lot of attention in the control literature as certain model predictive control problems can be posed as mpLPs and thereby pre-solved, eliminating the need for online optimisation. The structure of the solution to the mpLP is studied and an approach is pre- sented that eliminates degeneracy. This approach causes the control input to be continuous, preventing chattering, which is a significant problem in control with a linear cost. Four new enumeration methods are presented that have benefits for various control problems and comparative simulations demonstrate that they outperform existing codes. The third part studies the relationship between projection and multi-parametric linear programs. It is shown that projections can be posed as mpLPs and mpLPs as projections, demonstrating the fundamental nature of both of these problems. The output of a multi-parametric linear program that has been solved for the MPC control inputs offline is a piecewise linear controller defined over a union of polyhedra. The online work is then to determine which region the current measured state is in and apply the appropriate linear control law. This final part introduces a new method of searching for the appropriate region by posing the problem as a nearest neighbour search. This search can be done in logarithmic time and we demonstrate speed increases from 20Hz to 20kHz for a large example system