Forward Invariant Cuts to Simplify Proofs of Safety

The use of deductive techniques, such as theorem provers, has several advantages in safety verification of hybrid sys- tems; however, state-of-the-art theorem provers require ex- tensive manual intervention. Furthermore, there is often a gap between the type of assistance that a theorem prover requires to make progress on a proof task and the assis- tance that a system designer is able to provide. This paper presents an extension to KeYmaera, a deductive verification tool for differential dynamic logic; the new technique allows local reasoning using system designer intuition about per- formance within particular modes as part of a proof task. Our approach allows the theorem prover to leverage for- ward invariants, discovered using numerical techniques, as part of a proof of safety. We introduce a new inference rule into the proof calculus of KeYmaera, the forward invariant cut rule, and we present a methodology to discover useful forward invariants, which are then used with the new cut rule to complete verification tasks. We demonstrate how our new approach can be used to complete verification tasks that lie out of the reach of existing deductive approaches us- ing several examples, including one involving an automotive powertrain control system.Comment: Extended version of EMSOFT pape

Switching controllers based on neural networks estimates of stability regions and controller performance

Postprint. Trabajo presentado en International Workshop on Hybrid Systems: Computation and Control, 1998.This paper presents new results on switching control using neural networks. Given a set of candidate controllers, a pair of neural networks is trained to identify the stability region and estimate the closed-loop performance for each controller. The neural network outputs are used in the on-line switching rule to select the controller output to be applied to the system during each control period. The paper presents architectures and training procedures for the neural networks and sufficient conditions for stability of the closed-loop system using the proposed switching strategy. The neural-network-based switching strategy is applied to generate the switching strategy embeded in the SIMPLEX architecture, a real-time infrastructure for soft on-line control system upgrades. Results are shown for the real-time level control of a submerged vessel

On Zone-Based Analysis of Duration Probabilistic Automata

We propose an extension of the zone-based algorithmics for analyzing timed automata to handle systems where timing uncertainty is considered as probabilistic rather than set-theoretic. We study duration probabilistic automata (DPA), expressing multiple parallel processes admitting memoryfull continuously-distributed durations. For this model we develop an extension of the zone-based forward reachability algorithm whose successor operator is a density transformer, thus providing a solution to verification and performance evaluation problems concerning acyclic DPA (or the bounded-horizon behavior of cyclic DPA).Comment: In Proceedings INFINITY 2010, arXiv:1010.611

A hierarchical approach to energy management in data centers

Abstract — This paper concerns the management of energy in data centers using a cyber-physical model that supports the coordinated control of both computational and thermal (cooling) resources. On the basis of the structure of the proposed model and practical issues related to the data center layout and distribution of information, we propose a hierarchical optimization scheme in which the higher level chooses goals for regulation at the lower level. Linear programming is applied to solve sequences of one-step look-ahead problems at both the top level and in the lower-level controllers to solve. The approach is illustrated with simulation results. I

Avoiding geometric intersection operations in reachability analysis of hybrid systems

Although a growing number of dynamical systems studied in various fields are hybrid in nature, the verification of prop-erties, such as stability, safety, etc., is still a challenging problem. Reachability analysis is one of the promising meth-ods for hybrid system verification, which together with all other verification techniques faces the challenge of making the analysis scale with respect to the number of continuous state variables. The bottleneck of many reachability analysis techniques for hybrid systems is the geometrically computed intersection with guard sets. In this work, we replace the in-tersection operation by a nonlinear mapping onto the guard, which is not only numerically stable, but also scalable, mak-ing it possible to verify systems which were previously out of reach. The approach can be applied to the fairly common class of hybrid systems with piecewise continuous solutions, guard sets modeled as halfspaces, and urgent semantics, i.e. discrete transitions are immediately taken when enabled by guard sets. We demonstrate the usefulness of the new ap-proach by a mechanical system with backlash which has 101 continuous state variables

An Architectural Approach to the Design and Analysis of Cyber-Physical Systems

This paper presents an extension of existing software architecture tools to model physical systems, their interconnections, and the interactions between physical and cyber components. A new CPS architectural style is introduced to support the principled design and evaluation of alternative architectures for cyber-physical systems (CPSs). The implementation of the CPS architectural style in AcmeStudio includes behavioral annotations on components and connectors using either finite state processes (FSP) or linear hybrid automata (LHA) with plug-ins to perform behavior analysis using the Labeled Transition System Analyzer (LTSA) or Polyhedral Hybrid Automata Verifier (PHAVer), respectively. The CPS architectural style and analysis plug-ins are illustrated with an example

Control software model checking using bisimulation functions for nonlinear systems

Abstract — This paper extends a method for integrating source-code model checking with dynamic system analysis to verify properties of controllers for nonlinear dynamic systems. Source-code model checking verifies the correctness of control systems including features that are introduced by the software implementation, such as concurrency and task interleaving. Sets of reachable continuous states are computed using numerical simulation and bisimulation functions. The technique as origi-nally proposed handles stable dynamic systems with affine state equations for which quadratic bisimulation functions can be computed easily. The extension in this paper handles nonlinear systems with polynomial state equations for which bisimulation functions can be computed in some cases using sum-of-squares (SoS) techniques. The paper presents the convex optimizations required to perform control system verification using a source-code model checker, and the method is illustrated for an example of a supervisory control system. I

Bacteriocin-mediated competition in cystic fibrosis lung infections

Bacteriocins are toxins produced by bacteria to kill competitors of the same species. Theory and laboratory experiments suggest that bacteriocin production and immunity play a key role in the competitive dynamics of bacterial strains. The extent to which this is the case in natural populations, especially human pathogens, remains to be tested. We examined the role of bacteriocins in competition using Pseudomonas aeruginosa strains infecting lungs of humans with cystic fibrosis (CF). We assessed the ability of different strains to kill each other using phenotypic assays, and sequenced their genomes to determine what bacteriocins (pyocins) they carry. We found that (i) isolates from later infection stages inhibited earlier infecting strains less, but were more inhibited by pyocins produced by earlier infecting strains and carried fewer pyocin types; (ii) this difference between early and late infections appears to be caused by a difference in pyocin diversity between competing genotypes and not by loss of pyocin genes within a lineage over time; (iii) pyocin inhibition does not explain why certain strains outcompete others within lung infections; (iv) strains frequently carry the pyocin-killing gene, but not the immunity gene, suggesting resistance occurs via other unknown mechanisms. Our results show that, in contrast to patterns observed in experimental studies, pyocin production does not appear to have a major influence on strain competition during CF lung infections