co-simulation of physical model and self-adaptive ...€¦ · revolution of self-adaptation...
TRANSCRIPT
Co-simulation of Physical Model
and Self-Adaptive Predictive
Controller Using Hybrid
AutomataImane Lamrani, Ayan Banerjee, Sandeep Gupta.
iMPACT Lab
CISDE, Arizona State University.
Introduction
Safety-critical cyber-physical system (CPS) design and implementation has seen a new revolution of self-adaptation capabilities.
Self-adaptive predictive control (SAP) systems adjust their behavior in response to the continuously changing execution environment in order to achieve improved control.
For example, medical devices adopt self-adaptation control theory to deliver more accurate, personalized treatment to patients.
CPS verification techniques should be equipped with self-adaptation capabilities.
One of the versatile tool used for CPS verification is reachability analysis.
Numerical Simulation VS Reachability
Analysis
Numerical simulation is used to test the correct behavior of a system.
Advantage: Prove that system is unsafe (by producing a trajectory that
hits the unsafe set)
Disadvantage: The trajectory that hits the unsafe set may have been
overlooked.
Missed trajectory
Numerical Simulation VS Reachability
Analysis
Reachability analysis determines the set of states that a system can possibly
visit starting from a set of initial states.
If the reachable set does not intersect with unsafe states, then safety of
the system is guaranteed.
Reachability analysis over hybrid automata provides a higher level of safety
verification rigor.
Example CPS: Artificial Pancreas (AP)
Glucose-meter
value 𝐵𝑔
Insulin
Infusion rate
𝐼𝑡
Blood glucose
monitoring
control
algorithm
Input/Output
Operation
Traces
Example CPS: Hybrid automata of AP
Brakingሶ𝑋 = −𝑘2X t + 𝑘3(I(t) - 𝐼𝑏)ሶ𝐺 = −X t 𝐺(𝑡) + 𝑘1(𝐺𝑏-𝐺(𝑡))ሶ𝐼 = −𝑘4𝐼 𝑡 + 𝑘5 𝐺 𝑡 − 𝑘6
𝐼𝑡 = 0.5 𝐺 + 44.75
Basalሶ𝑋 = −𝑘2X t + 𝑘3(I(t) - 𝐼𝑏)ሶ𝐺 = −X t 𝐺(𝑡) + 𝑘1(𝐺𝑏-𝐺(𝑡))ሶ𝐼 = −𝑘4𝐼(𝑡) + 𝑘5(𝐺 𝑡 − 𝑘6)
𝐼𝑡 = 5
Correction Bolusሶ𝑋 = −𝑘2X t + 𝑘3(I(t) - 𝐼𝑏)ሶ𝐺 = −X t 𝐺(𝑡) + 𝑘1(𝐺𝑏-𝐺(𝑡))ሶ𝐼 = −𝑘4𝐼 𝑡 + 𝑘5 𝐺 𝑡 − 𝑘6
𝐼𝑡 = 50
G ≥ 120
G ≤ 120
G ≥ 180G ≥ 120Control Modes: Basal, Breaking, & Correction bolus.
Variables
X: Interstitial insulin concentration
G: Blood glucose concentration
I: Plasma insulin concentration
Flow Equation: ሶ𝑋() = ….;
Guard Condition: G ≥ 120;
Reset condition: Insulin infusion rate 𝐼𝑡=…;
Patient specific parameters: k1, …, k6
Self-adaptive Predictive Control (SAP)
Different conditions including disturbances or systemic changes may cause tremendous changes in the parameters of the predictive model describing the dynamics of the system.
SAP: Adjusting controller parameters in response to these changes to regulate the system and achieve improved control.
Reachability analysis over hybrid automata provides a higher level of safety verification rigor.
Existing hybrid automata tools do not support modeling of run-time self-adaption of predicates
Self Adaptive Control Systems
Change detection
Physical Environment
Controllercontrol signal output
Update controller
parameters
dynamics values
The controller modifies itself in response to changes in the dynamics and
characteristics of the system being controlled.
Self-adaptive Predictive Control (SAP)
Change detection
Physical Environment
PredictiveController
control signal output
Update predictive
model parameters
dynamics values
A predictive model of the physical environment is used to estimate the
values the system dynamics.
The predictive control algorithm computes control signal based on
dynamics predicted values.
Physical environment
predictive model
Example: SAP Artificial Pancreas
Problem Statement
Propose a co-simulation framework that strives to:
Support modeling of predictive control systems using hybrid automata,
and runtime self-adaption of hybrid automata based on new
configurations from other modeling tools such as Simulink.
Provide an alternative modeling technique for devices with self-
adaptive predictive control.
Verify the safety of self-adaptive predictive control devices by checking
whether the sets of reachable states of the system intersects with the
unsafe set.
The co-simulation framework is defined as the time synchronized simulation
of:
The SAP controller discrete decision making module,
The physical model update method, and
The physical system evolution.
Related Work
An approach to validate behavioral properties of decentral-ized self-adaptive systems. The self-adaptive system is modeled with timed automata and required properties are specified using timed-computation tree logic. Verification is done through Uppaal.
Formal verification approach of adaptive real-time systems to verify tasks schedulability to prevent missed task deadlines when adjustement are performed. Tasks can be described in the model as long as their behavior can be modeled using task automata.
Main assumption:
1- Adaptation scenarios have to be predefined.
2- An environment model should be available since it specifies the failure events
that have to be tested.
3- Proper test selection must be defined since exhaustive testing of systems is not feasible.
Not applicable to SAP control systems where configuration functions
are linear combination between the parameters of the predictive
model and the changing conditions of the environment.
Related Work
Another work introduced a configuration language to specify reconfiguration requirements and events in temporal logic while the system behavior is depicted in the hybrid automata model.
Reconfiguration mechanism is limited to a constant function which can not be applied to predictive self-adaptive control system.
Exact computation of reachable sets is still considered a difficult task and becomes even more complicated for time-varying systems.
Union of short-term simulations on a set of initial conditions has been proposed as an approach to compute overapproximation of reachable sets for time-varying systems.
Co-simulation Framework
Change Detection:
The change detection method compares
the expected value of the model
parameters and the vector of unbiased
parameter estimates computed.
Self-adaptation:
Adapts the predictive model accordingly
by re-estimating the changing parameters
of the model using the more recent data
only.
Simultaneously
running
Co-simulation Framework
HA supervisor (Python Script):
Generates initial predictive model in SpaceEx's
Calls SpaceEx executable to run system model with the configuration file that specifies initial states, sampling time... SpaceEx the reachable
states computed in an output file o1.txt.
Generate a new predictive model with new parameter settings once a change is detected.
Calls SpaceEx executable le to run the new
model file.
Repeat previous steps until termination criterion is satisfied.
The final reach set of the self-adaptive control system is a union of all reachable states o1.txt,…, on.txt
obtained with all controller configurations generated at
runtime.
Simultaneously
running
Example: Co-simulation for AP
Change Detection:
The change detection detects changes in the behavior of
the human body using recent blood glucose
measurements. These changes physically correspond to
significant change in glucose levels
Self-adaptation:
Re-estimate the changing parameters of the model using
the more recent data only. It applies Fisher Information and
Cramer Rao bound.
Patient predictive model
Example: Co-simulation for AP
Conclusions & Future Work
We have investigated the problem of safety verification of self-adaptive control systems.
We proposed a novel approach to model and verify the safety of self-adaptive predictive control systems via reachability analysis and co-simulation.
The proposed method is considered a run-time verification of the self-adaptive systems using reachability analysis.
Issue: Selection of an accurate termination criteria for the safety analysis.
Future work: Investigate the correctness of the computed reach set for predictive self-adaptive systems.
Questions & Answers