Breaking Dense Structures: Proving Stability of Densely Structured Hybrid Systems

Abstraction and refinement is widely used in software development. Such techniques are valuable since they allow to handle even more complex systems. One key point is the ability to decompose a large system into subsystems, analyze those subsystems and deduce properties of the larger system. As cyber-physical systems tend to become more and more complex, such techniques become more appealing. In 2009, Oehlerking and Theel presented a (de-)composition technique for hybrid systems. This technique is graph-based and constructs a Lyapunov function for hybrid systems having a complex discrete state space. The technique consists of (1) decomposing the underlying graph of the hybrid system into subgraphs, (2) computing multiple local Lyapunov functions for the subgraphs, and finally (3) composing the local Lyapunov functions into a piecewise Lyapunov function. A Lyapunov function can serve multiple purposes, e.g., it certifies stability or termination of a system or allows to construct invariant sets, which in turn may be used to certify safety and security. In this paper, we propose an improvement to the decomposing technique, which relaxes the graph structure before applying the decomposition technique. Our relaxation significantly reduces the connectivity of the graph by exploiting super-dense switching. The relaxation makes the decomposition technique more efficient on one hand and on the other allows to decompose a wider range of graph structures.Comment: In Proceedings ESSS 2015, arXiv:1506.0325

Deadness and how to disprove liveness in hybrid dynamical systems

© 2016 The Authors. Published by Elsevier. This is an open access article available under a Creative Commons licence. The published version can be accessed at the following link on the publisher’s website: https://doi.org/10.1016/j.tcs.2016.06.009What if we designed a tool to automatically prove the dynamical properties of systems for which analytic proof is difficult or impossible to obtain? Such a tool would represent a significant advance in the understanding of complex dynamical systems with nonlinearities. This is precisely what this paper offers: a solution to the problem of automatically proving some dynamic stability properties of complex systems with multiple discontinuities and modes of operation modelled as hybrid dynamical systems. For this purpose, we propose a reinterpretation of some stability properties from a computational viewpoint, chiefly by using the computer science concepts of safety and liveness. However, these concepts need to be redefined within the framework of hybrid dynamical systems. In computer science terms, here, we consider the problem of automatically disproving the liveness properties of nonlinear hybrid dynamical systems. For this purpose, we define a new property, which we call deadness. This is a dynamically-aware property of a hybrid system which, if true, disproves the liveness property by means of a finite execution. We formally define this property, and give an algorithm which can derive deadness properties automatically for a type of liveness property called inevitability. We show how this algorithm works for three different examples that represent three classes of hybrid systems with complex behaviours.This work has been supported by the Engineering and Physical Sciences Research Council (EPSRC) of the UK under the framework of the project DYVERSE: A New Kind of Control for Hybrid Systems (EP/I001689/1). The first author also acknowledges the support of the Research Councils UK under the grant EP/E50048/1.Published versio

An Axiomatic Approach to Liveness for Differential Equations

This paper presents an approach for deductive liveness verification for ordinary differential equations (ODEs) with differential dynamic logic. Numerous subtleties complicate the generalization of well-known discrete liveness verification techniques, such as loop variants, to the continuous setting. For example, ODE solutions may blow up in finite time or their progress towards the goal may converge to zero. Our approach handles these subtleties by successively refining ODE liveness properties using ODE invariance properties which have a well-understood deductive proof theory. This approach is widely applicable: we survey several liveness arguments in the literature and derive them all as special instances of our axiomatic refinement approach. We also correct several soundness errors in the surveyed arguments, which further highlights the subtlety of ODE liveness reasoning and the utility of our deductive approach. The library of common refinement steps identified through our approach enables both the sound development and justification of new ODE liveness proof rules from our axioms.Comment: FM 2019: 23rd International Symposium on Formal Methods, Porto, Portugal, October 9-11, 201

Verifying safety and persistence in hybrid systems using flowpipes and continuous invariants

We describe a method for verifying the temporal property of persistence in non-linear hybrid systems. Given some system and an initial set of states, the method establishes that system trajectories always eventually evolve into some specified target subset of the states of one of the discrete modes of the system, and always remain within this target region. The method also computes a time-bound within which the target region is always reached. The approach combines flowpipe computation with deductive reasoning about invariants and is more general than each technique alone. We illustrate the method with a case study showing that potentially destructive stick-slip oscillations of an oil-well drill eventually die away for a certain choice of drill control parameters. The case study demonstrates how just using flowpipes or just reasoning about invariants alone can be insufficient and shows the richness of systems that one can handle with the proposed method, since the systems features modes with non-polynomial ODEs. We also propose an alternative method for proving persistence that relies solely on flowpipe computation

Formal verification of analog and mixed signal circuits using deductive and bounded approaches

This thesis presents novel formal verification techniques to verify the important property of inevitability of states in analog and mixed signal (AMS) circuits. Two techniques to verify the inevitability of phase locking in a Charge Pump Phase Lock Loop (PLL) circuit are presented: mixed deductivebounded and deductive-only verification approaches. The deductive-bounded approach uses Lyapunov-like certificates with bounded advection of sets to verify the inevitability of phase locking. The deductive-only technique uses a combination of Lyapunov and Escape certificates to verify the inevitability property. Both deductive-only and deductive-bounded verification approaches involve positivity/negativity checks of polynomials over semi-algebraic sets, which both belong to the NP-hard set of problems. The Sum of Squares (SOS) programming technique is used to transform the positivity tests of polynomials to the feasibility of semi-definite programs. The efficacy of the approach is demonstrated by verifying the inevitability of phase locking for a third and fourth order CP PLL. Similarly, the inevitability of oscillation in ring oscillators (ROs) is verified using a numeric-symbolic deductive approach. The global inevitability (of oscillation) property is specified as a conjunction of several sub-properties that are verified via different Lyapunov-like certificates in different subsets of the state space. The construction of these certificates is posed as the verification of First Order Formulas (FOFs) having Universal-Existential quantifiers. A tractable numeric-symbolic approach, based on SOS programming and Quantifier Elimination (QE), is used to verify these FOFs. The approach is applied to the verification of inevitability of oscillation in ROs with odd and even topologies. Furthermore, frequency domain properties specification and verification for analog oscillators is presented. The behaviour of an oscillator in the frequency domain is specified, while it operates in close proximity to the desired limit cycle, employing finite Fourier series representation of a periodic signal. To be sufficiently robust enough against parameter variations, robustness of parameters is introduced in these specifications. These frequency domain properties are verified using a mixed time-frequency domain technique based on Satisfiability Modulo Ordinary Differential Equation (SMODE). The efficacy of the technique is demonstrated for the benchmark voltage controlled and tunnel diode oscillators

Formal Techniques for Component-based Design of Embedded Systems

Embedded systems have become ubiquitous - from avionics and automotive over consumer electronics to medical devices. Failures may entailmaterial damage or compromise safety of human beings. At the same time, shorter product cycles, together with fast growing complexity of the systems to be designed, create a tremendous need for rigorous design techniques. The goal of component-based construction is to build complex systems from simpler components that are well understood and can be (re)used so as to accelerate the design process. This document presents a summary of the formal techniques for component-based design of embedded systems I have (co-)developed

Separation of distributed coordination and control for programming reliable robotics

A robot's code needs to sense the environment, control the hardware, and communicate with other robots. Current programming languages do not provide the necessary hardware platform-independent abstractions, and therefore, developing robot applications require detailed knowledge of signal processing, control, path planning, network protocols, and various platform-specific details. Further, porting applications across hardware platforms becomes tedious. With the aim of separating these hardware dependent and independent concerns, we have developed Koord: a domain specific language for distributed robotics. Koord abstracts platform-specific functions for sensing, communication, and low-level control. Koord makes the platform-independent control and coordination code portable and modularly verifiable. It raises the level of abstraction in programming by providing distributed shared memory for coordination and port interfaces for sensing and control. We have developed the formal executable semantics of Koord in the K framework. With this symbolic execution engine, we can identify proof obligations for gaining high assurance from Koord applications. Koord is deployed on CyPhyHouse---a toolchain that aims to provide programming, debugging, and deployment benefits for distributed mobile robotic applications. The modular, platform-independent middleware of CyPhyHouse implements these functionalities using standard algorithms for path planning (RRT), control (MPC), mutual exclusion, etc. A high-fidelity, scalable, multi-threaded simulator for Koord applications is developed to simulate the same application code for dozens of heterogeneous agents. The same compiled code can also be deployed on heterogeneous mobile platforms. This thesis outlines the design, implementation and formalization of the Koord language and the main components of CyPhyHouse that it is deployed on