Sound and Automated Synthesis of Digital Stabilizing Controllers for Continuous Plants

Modern control is implemented with digital microcontrollers, embedded within a dynamical plant that represents physical components. We present a new algorithm based on counter-example guided inductive synthesis that automates the design of digital controllers that are correct by construction. The synthesis result is sound with respect to the complete range of approximations, including time discretization, quantization effects, and finite-precision arithmetic and its rounding errors. We have implemented our new algorithm in a tool called DSSynth, and are able to automatically generate stable controllers for a set of intricate plant models taken from the literature within minutes.Comment: 10 page

Reachability analysis of linear hybrid systems via block decomposition

Reachability analysis aims at identifying states reachable by a system within a given time horizon. This task is known to be computationally expensive for linear hybrid systems. Reachability analysis works by iteratively applying continuous and discrete post operators to compute states reachable according to continuous and discrete dynamics, respectively. In this paper, we enhance both of these operators and make sure that most of the involved computations are performed in low-dimensional state space. In particular, we improve the continuous-post operator by performing computations in high-dimensional state space only for time intervals relevant for the subsequent application of the discrete-post operator. Furthermore, the new discrete-post operator performs low-dimensional computations by leveraging the structure of the guard and assignment of a considered transition. We illustrate the potential of our approach on a number of challenging benchmarks.Comment: Accepted at EMSOFT 202

Conflict-driven Hybrid Observer-based Anomaly Detection

This paper presents an anomaly detection method using a hybrid observer -- which consists of a discrete state observer and a continuous state observer. We focus our attention on anomalies caused by intelligent attacks, which may bypass existing anomaly detection methods because neither the event sequence nor the observed residuals appear to be anomalous. Based on the relation between the continuous and discrete variables, we define three conflict types and give the conditions under which the detection of the anomalies is guaranteed. We call this method conflict-driven anomaly detection. The effectiveness of this method is demonstrated mathematically and illustrated on a Train-Gate (TG) system

Infinite horizon control and minimax observer design for linear DAEs

In this paper we construct an infinite horizon minimax state observer for a linear stationary differential-algebraic equation (DAE) with uncertain but bounded input and noisy output. We do not assume regularity or existence of a (unique) solution for any initial state of the DAE. Our approach is based on a generalization of Kalman's duality principle. The latter allows us to transform minimax state estimation problem into a dual control problem for the adjoint DAE: the state estimate in the original problem becomes the control input for the dual problem and the cost function of the latter is, in fact, the worst-case estimation error. Using geometric control theory, we construct an optimal control in the feed-back form and represent it as an output of a stable LTI system. The latter gives the minimax state estimator. In addition, we obtain a solution of infinite-horizon linear quadratic optimal control problem for DAEs.Comment: This is an extended version of the paper which is to appear in the proceedings of the 52nd IEEE Conference on Decision and Control, Florence, Italy, December 10-13, 201

Automatic Verification of Linear Controller Software

We consider the problem of verification of software implementations of linear time-invariant controllers. Commonly, different implementations use different representations of the controller’s state, for example due to optimizations in a third-party code generator. To accommodate this variation, we exploit input-output controller specification captured by the controller’s transfer function and show how to automatically verify correctness of C code controller implementations using a Frama-C/Why3/Z3 toolchain. Scalability of the approach is evaluated using randomly generated controller specifications of realistic size

Automatic Verification Of Linear Controller Software

Many safety-critical cyber-physical systems have a software-based controller at their core. Since the system behavior relies on the operation of the controller, it is imperative to ensure the correctness of the controller to have a high assurance for such systems. Nowadays, controllers are developed in a model-based fashion. Controller models are designed, and their performances are analyzed first at the model level. Once the control design is complete, software implementation is automatically generated from the mathematical model of the controller by a code generator. To assure the correctness of the controller implementation, it is necessary to check that the code generation is correctly done. Commercial code generators are complex black-box software that are generally not formally verified. Subtle bugs have been found in commercially available code generators that consequently generate incorrect code. In the absence of verified code generators, it is desirable to verify instances of implementations against their original models. Such verification is desired to be performed from the input-output perspective because correct implementations may have different state representations to each other for several possible reasons (e.g., code generator\u27s choice of state representation, optimization used in code generator and code transformation). In this dissertation, we propose several methods to verify a given controller implementation against its given model from the input-output perspective. First of all, we propose a method to derive assertions from the controller model, and check if the assertions are invariant to the controller implementation via a proposed toolchain based on a popular deductive program verification framework. Moreover, we propose an alternative more scalable method that extracts a model from the controller implementation using the symbolic execution technique, and compare the extracted model to the original controller model using state-of-the-art constraint solvers. Lastly, we extend our latter method to correctly account for the rounding errors in the floating-point computation of the controller implementation. We demonstrate the scalability of our proposed approaches through evaluation with randomly generated controller specifications of realistic size

Coprime factor model reduction for continuous-time uncertain systems

The paper considers the problem of coprime factor model reduction for a class of continuous-time uncertain systems with structured norm bounded uncertainty. The proposed method is applicable to the uncertain systems which may be robustly unstable, overcoming the robust stability restriction in the balanced truncation approach. A systematic approach is presented to construct a contractive coprime factor for the underlying uncertain system, based on the use of LMIs. This enables the balanced truncation to be applied to the contractive coprime factor to obtain the reduced uncertain system. Error bound on the L 2-induced norm of the resulting coprime factor is derived. © 2008 IEEE

A gramian-based approach to model reduction for uncertain systems

The technical note considers a problem of model reduction for a class of uncertain systems with structured norm bounded uncertainty. The technical note introduces controllability and observability Gramians in terms of certain parameterized algebraic Riccati inequalities. Based on these Gramians, three model reduction approaches are investigated for the underlying uncertain systems. © 2010 IEEE