A. Dubey,X. Wu,H. Su,T. J. Koo

DOI: https://doi.org/10.1007/11562948_11

2005-01-01

Abstract:In this paper, we describe a computation platform called ReachLab, which enables automatic analysis of embedded software systems that interact with continuous environment. Algorithms are used to specify how the state space of the system model should be explored in order to perform analysis. In ReachLab, both system models and analysis algorithm models are specified in the same framework using Hybrid System Analysis and Design Language (HADL), which is a meta-model based language. The platform allows the models of algorithms to be constructed hierarchically and promotes their reuse in constructing more complex algorithms. Moreover, the platform is designed in such a way that the concerns of design and implementation of analysis algorithms are separated. On one hand, the models of analysis algorithms are abstract and therefore the design of algorithms can be made independent of implementation details. On the other hand, translators are provided to automatically generate implementations from the models for computing analysis results based on computation kernels. Multiple computation kernels, which are based on specific computation tools such as d/dt and the Level Set toolbox, are supported and can be chosen to enable hybrid state space exploration. An example is provided to illustrate the design and implementation process in ReachLab.

Yan Zhang,Xiangwei Liu,Jin Shi,Tian Zhang,Zhuzhong Qian

DOI: https://doi.org/10.1109/IMIS.2014.8

2014-01-01

Abstract:Cyber-Physical Systems (CPS) play an important role in the safety-critical systems. It is very significant to verify whether some concerned behaviors exist in a CPS. Hybrid interface automata, extension of a non-hybrid version, are used to model a CPS. A scenario, described by MARTE sequence diagram, specifies the concerned behaviors. An algorithm is given for bounded checking the behavioral nonexistent consistency, namely, the behaviors specified by a scenario all do not exist in a hybrid interface automaton. The idea of the algorithm is, firstly, encoding the behavioral nonexistent consistency to an unconstrained dynamic programming, secondly, solving the unconstrained dynamic programming by a genetic algorithm. The algorithm can search the results on the real domain, and be applied to nonlinear as well as linear hybrid systems.

Marcelo Forets,Daniel Freire,Christian Schilling

DOI: https://doi.org/10.1109/MEMOCODE51338.2020.9314994

2022-07-06

Abstract:Efficiently handling time-triggered and possibly nondeterministic switches for hybrid systems reachability is a challenging task. In this paper we present an approach based on conservative set-based enclosure of the dynamics that can handle systems with uncertain parameters and inputs, where the uncertainties are bound to given intervals. The method is evaluated on the plant model of an experimental electro-mechanical braking system with periodic controller. In this model, the fast-switching controller dynamics requires simulation time scales of the order of nanoseconds. Accurate set-based computations for relatively large time horizons are known to be expensive. However, by appropriately decoupling the time variable with respect to the spatial variables, and enclosing the uncertain parameters using interval matrix maps acting on zonotopes, we show that the computation time can be lowered to 5000 times faster with respect to previous works. This is a step forward in formal verification of hybrid systems because reduced run-times allow engineers to introduce more expressiveness in their models with a relatively inexpensive computational cost.

Systems and Control

Lei Bu,Alessandro Cimatti,Xuandong Li,Sergio Mover,Stefano Tonetta

DOI: https://doi.org/10.1007/978-3-642-13464-7_13

2010-01-01

Abstract:Hybrid automata are a widely accepted modeling framework for systems with discrete and continuous variables. The traditional semantics of a network of automata is based on interleaving, and requires the construction of a monolithic hybrid automaton based on the composition of the automata. This destroys the structure of the network and results in a loss of efficiency, especially using bounded model checking techniques. An alternative compositional semantics, called “shallow synchronization”, exploits the locality of transitions and relaxes time synchronization. The semantics is obtained by composing traces of the local automata, and superimposing compatibility constraints resulting from synchronization. In this paper, we investigate the different symbolic encodings of the reachability problem of a network of hybrid automata. We propose a novel encoding based on the shallow synchronization semantics, which allows different strategies for searching local paths that can be synchronized. We implemented a bounded reachability search based on the use of an incremental Satisfiability-Modulo-Theory solver. The experimental results confirm that the new encoding often performs better than the one based on interleaving.

Xiaohong Chen,Jun Sun,Meng Sun

DOI: https://doi.org/10.1007/978-3-319-11737-9_5

2014-01-01

Abstract:Compositional coordination models and languages play an important role in cyber-physical systems (CPSs). In this paper, we introduce a formal model for describing hybrid behaviors of connectors in CPSs. We extend the constraint automata model, which is used as the semantic model for the exogenous channel-based coordination language Reo, to capture the dynamic behavior of connectors in CPSs where the discrete and continuous dynamics co-exist and interact with each other. In addition to the formalism, we also provide a theoretical compositional approach for constructing the product automata for a Reo circuit, which is typically obtained by composing several primitive connectors in Reo.

Luan Viet Nguyen,Gautam Mohan,James Weimer,Oleg Sokolsky,Insup Lee,Rajeev Alur

DOI: https://doi.org/10.48550/arXiv.1902.04064

2019-02-10

Abstract:Model-based design offers a promising approach for assisting developers to build reliable and secure cyber-physical systems (CPSs) in a systematic manner. In this methodology, a designer first constructs a model, with mathematically precise semantics, of the system under design, and performs extensive analysis with respect to correctness requirements before generating the implementation from the model. However, as new vulnerabilities are discovered, requirements evolve aimed at ensuring resiliency. There is currently a shortage of an inexpensive, automated mechanism that can effectively repair the initial design, and a model-based system developer regularly needs to redesign and reimplement the system from scratch. In this paper, we propose a new methodology along with a Matlab toolkit called REAFFIRM to facilitate the model-based repair for improving the resiliency of CPSs. REAFFIRM takes the inputs including 1) an original hybrid system modeled as a Simulink/Stateflow diagram, 2) a given resiliency pattern specified as a model transformation script, and 3) a safety requirement expressed as a Signal Temporal Logic formula, and then outputs a repaired model which satisfies the requirement. The overall structure of REAFFIRM contains two main modules, a model transformation, and a model synthesizer built on top of the falsification tool Breach. We introduce a new model transformation language for hybrid systems, which we call HATL to allow a designer to specify resiliency patterns. To evaluate the proposed approach, we use REAFFIRM to automatically synthesize repaired models for an adaptive cruise control (ACC) system under a GPS sensor spoofing attack, for a single-machine infinite-bus (SMIB) system under a sliding-mode switching attack, and for a missile guidance system under gyroscopes sensor attack.

Systems and Control

Yan Zhang,Jin Shi,Tian Zhang,Xiangwei Liu,Zhuzhong Qian

DOI: https://doi.org/10.1016/j.pmcj.2015.07.008

IF: 3.848

2015-01-01

Pervasive and Mobile Computing

Abstract:Cyber–Physical Systems (CPS) are hybrid, safety-critical systems. For finding safety or security hazard in the design phase, modeling for CPS and checking their properties become very important. We focus on the compatibility, i.e., two systems can work together, and behavioral nonexistent consistency, i.e., forbidden behaviors do not occur in a system. Hybrid interface automata (HIA), which extend from interface automata and is not input-enabled, are introduced to model CPS. The compatibility of HIA is checked under an optimistic approach, which means if there is an environment in which two HIA cannot reach an illegal location, namely, at the location one cannot accept the input send by the other, they are compatible. Based on a scenario that specifies forbidden behaviors, behavioral nonexistent consistency is boundedly checked by transforming it to an unconstrained dynamic programming, and solving the programming by a genetic algorithm. The method can directly apply to nonlinear hybrid model. It relaxes a restriction on the form of the system dynamic in traditional algorithms. An experiment and simulation validate our algorithms.

Duan Zhang,Huaping Dai,Youxian Sun

DOI: https://doi.org/10.1002/apj.5500130307

2005-01-01

Developments in Chemical Engineering and Mineral Processing

Abstract:AbstractHybrid Event Graphs (HEGs), a subclass of Hybrid Petri Nets, are extensions of Timed Event Graphs and Timed Event Multi‐graphs. A set of dioid linear algebraic equations will be inferred as a novel method of analysis a special class of HEG, if we treat the numbers of firings for discrete transitions and the cumulated amount of consumed token for continuous transitions as state‐variables. As a new modelling approach, it clearly illustrates characteristics of both discrete events and continuous events. Based on the algebraic model, the analyses and controls of HEG are more convenient. An example of optimal control is demonstrated.

Jiawan Wang,Wenxia Liu,Muzimiao Zhang,Jiaqi Wei,Yuhui Shi,Lei Bu,Xuandong Li

DOI: https://doi.org/10.1007/978-3-031-65633-0_15

2024-01-01

Abstract:Cyber-physical systems (CPSs) are used in many safety-critical areas, making it crucial to ensure their safety. However, with CPSs increasingly dynamically deployed and reconfigured during run-time, their safety analysis becomes challenging. For one thing, reconfigurable CPSs usually consist of multiple agents dynamically connected during runtime. Their highly dynamic system topologies are too intricate for traditional modeling languages, which, in turn, hinders formal analysis. For another, due to the growing size and uncertainty of reconfigurable CPSs, their system models can be huge and even unavailable at design time. This calls for runtime analysis approaches with better scalability and efficiency. To address these challenges, we propose a scenario-based hierarchical modeling language for reconfigurable CPS. It provides template models for agent inherent features, together with an instantiation mechanism to activate single agent's runtime behavior, communication configurations for multiple agents' connected behaviors, and scenario task configurations for their dynamic topologies. We also present a path-oriented falsification approach to falsify system requirements. It employs classification-model-based optimization to explore search space effectively and cut unnecessary system simulations and robustness calculations for efficiency. Our modeling and falsification are implemented in a tool called SNIFF. Experiments have shown that it can largely reduce modeling time and improve modeling accuracy, and perform scalable CPS falsification with high success rates in seconds.

Javier Borquez,Shuang Peng,Yiyu Chen,Quan Nguyen,Somil Bansal

2024-06-25

Abstract:Hybrid dynamical systems with nonlinear dynamics are one of the most general modeling tools for representing robotic systems, especially contact-rich systems. However, providing guarantees regarding the safety or performance of nonlinear hybrid systems remains a challenging problem because it requires simultaneous reasoning about continuous state evolution and discrete mode switching. In this work, we address this problem by extending classical Hamilton-Jacobi (HJ) reachability analysis, a formal verification method for continuous-time nonlinear dynamical systems, to hybrid dynamical systems. We characterize the reachable sets for hybrid systems through a generalized value function defined over discrete and continuous states of the hybrid system. We also provide a numerical algorithm to compute this value function and obtain the reachable set. Our framework can compute reachable sets for hybrid systems consisting of multiple discrete modes, each with its own set of nonlinear continuous dynamics, discrete transitions that can be directly commanded or forced by a discrete control input, while still accounting for control bounds and adversarial disturbances in the state evolution. Along with the reachable set, the proposed framework also provides an optimal continuous and discrete controller to ensure system safety. We demonstrate our framework in several simulation case studies, as well as on a real-world testbed to solve the optimal mode planning problem for a quadruped with multiple gaits.

Robotics,Systems and Control

Charles Hartsell,Shreyas Ramakrishna,Abhishek Dubey,Daniel Stojcsics,Nagabhushan Mahadevan,Gabor Karsai

DOI: https://doi.org/10.48550/arXiv.2102.09419

2021-03-24

Abstract:Autonomous CPSs are often required to handle uncertainties and self-manage the system operation in response to problems and increasing risk in the operating paradigm. This risk may arise due to distribution shifts, environmental context, or failure of software or hardware components. Traditional techniques for risk assessment focus on design-time techniques such as hazard analysis, risk reduction, and assurance cases among others. However, these static, design-time techniques do not consider the dynamic contexts and failures the systems face at runtime. We hypothesize that this requires a dynamic assurance approach that computes the likelihood of unsafe conditions or system failures considering the safety requirements, assumptions made at design time, past failures in a given operating context, and the likelihood of system component failures. We introduce the ReSonAte dynamic risk estimation framework for autonomous systems. ReSonAte reasons over Bow-Tie Diagrams (BTDs) which capture information about hazard propagation paths and control strategies. Our innovation is the extension of the BTD formalism with attributes for modeling the conditional relationships with the state of the system and environment. We also describe a technique for estimating these conditional relationships and equations for estimating risk based on the state of the system and environment. To help with this process, we provide a scenario modeling procedure that can use the prior distributions of the scenes and threat conditions to generate the data required for estimating the conditional relationships. To improve scalability and reduce the amount of data required, this process considers each control strategy in isolation and composes several single-variate distributions into one complete multi-variate distribution for the control strategy in question.

Robotics

Yejiang Yang,Zihao Mo,Weiming Xiang

2023-04-27

Abstract:In this paper, a computationally efficient data-driven hybrid automaton model is proposed to capture unknown complex dynamical system behaviors using multiple neural networks. The sampled data of the system is divided by valid partitions into groups corresponding to their topologies and based on which, transition guards are defined. Then, a collection of small-scale neural networks that are computationally efficient are trained as the local dynamical description for their corresponding topologies. After modeling the system with a neural-network-based hybrid automaton, the set-valued reachability analysis with low computation cost is provided based on interval analysis and a split and combined process. At last, a numerical example of the limit cycle is presented to illustrate that the developed models can significantly reduce the computational cost in reachable set computation without sacrificing any modeling precision.

Systems and Control,Machine Learning,Dynamical Systems

Stefan Schupp,Erika Ábrahám

DOI: https://doi.org/10.1007/978-3-319-89963-3_17

2018-01-01

Abstract:To decide whether a set of states is reachable in a hybrid system, over-approximative symbolic successor computations can be used, where the symbolic representation of state sets as well as the successor computations have several parameters which determine the efficiency and the precision of the computations. Naturally, faster computations come with less precision and more spurious counterexamples. To remove a spurious counterexample, the only possibility offered by current tools is to reduce the error by re-starting the complete search with different parameters. In this paper we propose a CEGAR approach that takes as input a user-defined ordered list of search configurations, which are used to dynamically refine the search tree along potentially spurious counterexamples. Dedicated datastructures allow to extract as much useful information as possible from previous computations in order to reduce the refinement overhead.

Taylor T. Johnson,Sayan Mitra

DOI: https://doi.org/10.1007/978-3-319-10512-3_10

2014-01-01

Abstract:In this paper, we present a method for computing the set of reachable states for networks consisting of the parallel composition of a finite number of the same hybrid automaton template with rectangular dynamics. The method utilizes a symmetric representation of the set of reachable states (modulo the automata indices) that we call anonymized states, which makes it scalable. Rather than explicitly enumerating each automaton index in formulas representing sets of states, the anonymized representation encodes only: (a) the classes of automata, which are the states of automata represented with formulas over symbolic indices, and (b) the number of automata in each of the classes. We present an algorithm for overapproximating the reachable states by computing state transitions in this anonymized representation. Unlike symmetry reduction techniques used in finite state models, the timed transition of a network composed of hybrid automata causes the continuous variables of all the automata to evolve simultaneously. The anonymized representation is amenable to both reducing the discrete and continuous complexity. We evaluate a prototype implementation of the representation and reachability algorithm in our satisfiability modulo theories (SMT)-based tool, Passel. Our experimental results are promising, and generally allow for scaling to networks composed of tens of automata, and in some instances, hundreds (or more) of automata.

Xin Chen,Stefan Schupp,Ibtissem Ben Makhlouf,Erika Ábrahám,Goran Frehse,Stefan Kowalewski

DOI: https://doi.org/10.1007/978-3-319-17524-9_29

2015-01-01

Abstract:Since about two decades, formal methods for continuous and hybrid systems enjoy increasing interest in the research community. A wide range of analysis techniques were developed and implemented in powerful tools. However, the lack of appropriate benchmarks make the testing, evaluation and comparison of those tools difficult. To support these processes and to ease exchange and repeatability, we present a manifold benchmark suite for the reachability analysis of hybrid systems. Detailed model descriptions, classification schemes, and experimental evaluations help to find the right models for a given purpose.

Lei Bu,Qixin Wang,Xinyue Ren,Shaopeng Xing,Xuandong Li

DOI: https://doi.org/10.1109/tcad.2019.2935062

IF: 2.9

2020-01-01

IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems

Abstract:Unlike standalone embedded devices, behaviors of a cyber-physical system (CPS) are highly dynamic. Many parameter values (e.g., those related to nature environment and third party black box functions) are unknown offline. Furthermore, distributed sub-CPSs may exchange data online. In this article, we first propose the concept of parametric hybrid automata (PHA) to describe such complex CPSs. As some PHA parameter values are unknown until runtime, conventional offline model checking is infeasible. Instead, we propose to carry out PHA model checking online, as a fault prediction mechanism. However, this usage is challenged by the high time cost of state reachability verification, which is the conventional focus of model checking. To address this challenge, we propose that the model checking shall focus on online scenario reachability validation instead. Furthermore, we propose a mechanism to compose/decompose scenarios. Our scenario reachability validation can exploit linear programming to achieve polynomial time cost. Evaluations on a state-of-the-art train control system show that our approach can cut online model checking time cost from over 1 h to within 200 ms.

Chenyu Jiang,Zhanyu He,Fengjun Li,Fei Xie,Licheng Zheng,Jun Yang,Ming Yang

DOI: https://doi.org/10.1002/qre.3196

2022-09-08

Quality and Reliability Engineering International

Abstract:Nowadays, the emerging digital technologies and digitalization trend in safety‐critical industrial process systems are bringing great opportunities for system performance improvements. However, new big challenges are also encountered in the reliability and safety evaluation of large complex industrial process systems due to its multi‐state, multi‐phase dynamic interactions, resilience on software and inter‐dependencies among digital components. The objectives of this study are i) to present an introductory overview of a hybrid computing framework as a supplementary to conventional fault tree analysis toolkit for risk‐oriented reliability analysis in dynamic probabilistic safety assessment context; ii) to illustrate how to combine the three methods of DDET, Markov/CCMT, and GO‐FLOW for integrated risk solutions by a case study of small‐break LOCA in nuclear power plants. Within the hybrid computing framework, the DDET model is implemented based on graph‐based search and sequence diagram refactoring by linking with Markov/CCMT and GO‐FLOW solver for branch probability estimation. The dynamic event tree model is adopted to represent the accident sequence of small‐break LOCA, where the heading events of system failure of digital RPS and phased‐mission ECCS in realization of safety‐critical functions of reactivity control and emergency core cooling are respectively modeled and analyzed by Markov chain and GO‐FLOW method. The demonstration results show that the failure analysis of complex dynamic process interactions together with time‐dependent mission reliability analysis of safety systems involved in accident prevention and mitigation can be easily implemented with accurate modeling and fast evaluation within the hybrid integration platform. The core algorithms and principles implemented for dynamic risk scenarios development by DDET, modeling, and analysis of dynamic process interactions by Markov/CCMT, time‐dependent and multi‐phase mission reliability analysis by GO‐FLOW as well as their integration to provide comprehensive solutions for the application of dynamic reliability in risk assessment are also discussed as open problems for future research.

engineering, industrial, multidisciplinary,operations research & management science

Rafael Rosales,Michael Paulitsch

DOI: https://doi.org/10.1145/3386244

2021-01-28

Abstract:Time plays a major role in the specification of Cyber-physical Systems (CPS) behavior with concurrency, timeliness, asynchrony, and resource limits as their main characteristics. In addition to timeliness , the specification of CPS needs to assess and unambiguously define its behavior with respect to the other Quality-of-Information (QoI) properties: (1) Correctness, (2) Completeness, (3) Consistency, and (4) Accuracy. Very often, CPS need to handle these QoI properties, and any combination thereof, multiple times when performing computation and communication processes. However, a model-driven and systematic approach to specify CPS behavior that jointly considers combined QoI aspects is possible but missing in existing methodologies. As the first contribution of this work, we provide an extension to an established model of computation (MoC) based on “Functions driven by Finite State Machine” (FunState) to enable a model-driven composition mechanism to create CPS behavior specifications from reusable components. Second, we present a novel set of design patterns to illustrate the modeling of QoI-aware CPS specifications that can be applied in several state-of-the-art Electronic System Level (ESL) methodologies. The time semantics of the MoC are formalized using the tagged-signal-model, and the presented model-driven approach enables the composition of multiple design patterns. The main benefits of the presented model-driven approach and design patterns to create CPS specifications are as follows: (a) reduce modeling effort, errors, and time through the reuse of known recipes to re-incurring tasks and allow to automatically generate repetitive control flows based on extended Finite State Machines; (b) increase system robustness and facilitate the creation of holistic QoI management allowing to unambiguously define system behavior for scenarios with single/multiple QoI requirement violations in different models of computation; (c) dynamically validate timing behavior of system implementations to enable a multi-objective optimization of nonfunctional properties that influence CPS timing. We demonstrate the aforementioned benefits through the modeling and evaluation of an infrastructure-assisted automated driving case study using Infrastructure-to-Vehicle (I2V) communications to distribute QoI critical road environment information.

Li Xuandong,Zheng Tao,Hou Jianmin,Zhao Jianhua,Zheng Guoliang

DOI: https://doi.org/10.1007/3-540-64358-3_53

1998-01-01

Abstract:In this paper, we consider the problem verifying hybrid systems modelled by linear hybrid automata. We extend the traditional regular expressions with time constraints and use them as a language to describe the behaviour of a class of linear hybrid automata. The extended notation is called Hybrid Regular Expression (HRE). Based on linear programming, we show that for the class of linear hybrid automata whose behaviour can be represented by HREs, two class of reachability problems and the satisfaction problem for linear duration invariants are decidable.

Xin Chen,Sriram Sankaranarayanan

DOI: https://doi.org/10.1109/rtss.2016.011

2016-01-01

Abstract:We introduce an approach to conservatively abstract a nonlinear continuous system by a hybrid automaton whose continuous dynamics are given by a decomposition of the original dynamics. The decomposed dynamics is in the form of a set of lower-dimensional ODEs with time-varying uncertainties whose ranges are defined by the hybridization domains. We propose several techniques in the paper to effectively compute abstractions and flowpipe overapproximations. First, a novel method is given to reduce the overestimation accumulation in a Taylor model flowpipe construction scheme. Then we present our decomposition method, as well as the framework of on-the-fly hybridization. A combination of the two techniques allows us to handle much larger, nonlinear systems with comparatively large initial sets. Our prototype implementation is compared with existing reachability tools for offline and online flowpipe construction on challenging benchmarks of dimensions ranging from 7 to 30. Our code has successfully passed the artifact evaluation.