parsimonious, simulation based verification of linear...
TRANSCRIPT
Parsimonious, Simulation Based Verification Of Linear Systems
Parasara Sridhar Duggirala Mahesh Viswanathan
Safety Verification: Motivation
Adaptive cruise control
Program controller such that v → vf while having 𝑠 > 𝑙𝑖𝑚𝑖𝑡.
CAV 2016 2
𝒔
𝐯𝐟𝐯
Safety Verification: Motivation
Adaptive cruise control
Program controller such that v → vf while having 𝑠 > 𝑙𝑖𝑚𝑖𝑡.
CAV 2016 3
𝒔
𝐯𝐟𝐯
ODE model.ሶs = vf − v;ሶv = −kav + u;
Controller designu = c1v + c2s + c3
Safety Verification: Motivation
Adaptive cruise control
Program controller such that v → vf while having 𝑠 > 𝑙𝑖𝑚𝑖𝑡.
CAV 2016 4
𝒔
𝐯𝐟𝐯
ODE model.ሶs = vf − v;ሶv = −kav + u;
Controller designu = c1v + c2s + c3
Closed loop systemሶsv
=a11 a12a21 a22
sv
+b1b2
represented asሶ𝑥 = 𝐴𝑥 + 𝐵( )
Safety Verification: Motivation
Adaptive cruise control
Program controller such that v → vf while having 𝑠 > 𝑙𝑖𝑚𝑖𝑡.
CAV 2016 5
𝒔
𝐯𝐟𝐯
ODE model.ሶs = vf − v;ሶv = −kav + u;
Controller designu = c1v + c2s + c3
Closed loop systemሶsv
=a11 a12a21 a22
sv
+b1b2
Safety verification problem for linear systems ሶ𝒙 = 𝑨𝒙 + 𝑩From initial set Θ (dis)prove that no trajectory enters the unsafe set U
represented asሶ𝑥 = 𝐴𝑥 + 𝐵( )
Solution: Reachable Set
System: ሶ𝑥 = 𝐴𝑥 + 𝐵, initial set Θ (polyhedra), unsafe set 𝑈.
CAV 2016 6
𝚯
. 𝜉 𝑥0, 𝑡 = 𝑒𝐴𝑡𝑥0 +න0
𝑡
𝑒𝐴(𝑡−𝜏)𝐵𝑑𝜏
𝑥0
Solution: Reachable Set
System: ሶ𝑥 = 𝐴𝑥 + 𝐵, initial set Θ (polyhedra), unsafe set 𝑈.
CAV 2016 7
𝚯
. 𝜉 𝑥0, 𝑡 = 𝑒𝐴𝑡𝑥0 +න0
𝑡
𝑒𝐴(𝑡−𝜏)𝐵𝑑𝜏
𝑥0
Procedure to compute reachable set1. Represent the set Θ using data structure
Data structureSpaceEx – Support FunctionsCORA – ZonotopesFlow* – Taylor Models
Solution: Reachable Set
System: ሶ𝑥 = 𝐴𝑥 + 𝐵, initial set Θ (polyhedra), unsafe set 𝑈.
CAV 2016 8
𝚯
. 𝜉 𝑥0, 𝑡 = 𝑒𝐴𝑡𝑥0 +න0
𝑡
𝑒𝐴(𝑡−𝜏)𝐵𝑑𝜏
𝑥0
Procedure to compute reachable set1. Represent the set Θ using data structure2. Select a time interval ℎ.3. Compute 𝑃𝑜𝑠𝑡(Θ, ℎ) for [0, ℎ]
Data structureSpaceEx – Support FunctionsCORA – ZonotopesFlow* – Taylor Models
Solution: Reachable Set
System: ሶ𝑥 = 𝐴𝑥 + 𝐵, initial set Θ (polyhedra), unsafe set 𝑈.
CAV 2016 9
𝚯
. 𝜉 𝑥0, 𝑡 = 𝑒𝐴𝑡𝑥0 +න0
𝑡
𝑒𝐴(𝑡−𝜏)𝐵𝑑𝜏
𝑥0
Procedure to compute reachable set1. Represent the set Θ using data structure2. Select a time interval ℎ.3. Compute 𝑃𝑜𝑠𝑡(Θ, ℎ) for [0, ℎ]4. Iterate for future intervals.
Data structureSpaceEx – Support FunctionsCORA – ZonotopesFlow* – Taylor Models
Solution: Reachable Set
System: ሶ𝑥 = 𝐴𝑥 + 𝐵, initial set Θ (polyhedra), unsafe set 𝑈.
CAV 2016 10
𝚯
. 𝜉 𝑥0, 𝑡 = 𝑒𝐴𝑡𝑥0 +න0
𝑡
𝑒𝐴(𝑡−𝜏)𝐵𝑑𝜏
𝑥0
Procedure to compute reachable set1. Represent the set Θ using data structure2. Select a time interval ℎ.3. Compute 𝑃𝑜𝑠𝑡(Θ, ℎ) for [0, ℎ]4. Iterate for future intervals.
Data structureSpaceEx – Support FunctionsCORA – ZonotopesFlow* – Taylor Models
Drawbacks1. Representation cost grows with n2. Only overapproximation3. Cannot be directly applied for
time varying linear systems
This Paper: Contributions
New simulation based verification for linear systems.
1. For 𝒏-dimensional system, 𝒏 + 𝟏 simulations suffice.
2. Works for both time invariant and time variant systems.
3. Works for non-convex and unbounded initial set.
4. Can compute over- and under-approximation.
CAV 2016 11
The How: Superposition Principle
CAV 2016 12
𝑥1
𝑥2
𝜉(𝑥1, 𝑡)
𝜉(𝑥2, 𝑡)
The How: Superposition Principle
CAV 2016 13
𝑥1
𝑥2
𝜆𝑥1 + (1 − 𝜆)𝑥2
𝜉(𝑥1, 𝑡)
𝜉(𝑥2, 𝑡)
.
The How: Superposition Principle
CAV 2016 14
𝑥1
𝑥2
𝜆𝑥1 + (1 − 𝜆)𝑥2
𝜉(𝑥1, 𝑡)
𝜉(𝑥2, 𝑡)
𝜉 𝜆𝑥1 + 1 − 𝜆 𝑥2, 𝑡=
𝜆𝜉(𝑥1, 𝑡) + 1 − 𝜆 𝜉(𝑥2, 𝑡)
.
Implications Of Superposition
CAV 2016 15
𝑥0
𝑥1
𝑥2
v2
v1
.
.
.
Implications Of Superposition
CAV 2016 16
𝜉(𝑥0, 𝑡)
𝜉(𝑥1, 𝑡)
𝜉(𝑥2, 𝑡)
.
..v1′
v2′
𝑥0
𝑥1
𝑥2
v2
v1
.
.
.
Implications Of Superposition
CAV 2016 17
𝜉(𝑥0, 𝑡)
𝜉(𝑥1, 𝑡)
𝜉(𝑥2, 𝑡)
.
..v1′
v2′
𝑥0
𝑥1
𝑥2
v2
v1
.
.
.
𝑥0 + 𝛼1v1 + 𝛼2v2
.
Implications Of Superposition
CAV 2016 18
𝜉(𝑥0, 𝑡)
𝜉(𝑥1, 𝑡)
𝜉(𝑥2, 𝑡)
𝜉(𝑥0 + 𝛼1𝑣1 + 𝛼2𝑣2, 𝑡)
.
..v1′
v2′
𝑥0
𝑥1
𝑥2
v2
v1
.
.
.
𝑥0 + 𝛼1v1 + 𝛼2v2
.
Implications Of Superposition
CAV 2016 19
𝜉(𝑥0, 𝑡)
𝜉(𝑥1, 𝑡)
𝜉(𝑥2, 𝑡)
𝜉(𝑥0 + 𝛼1𝑣1 + 𝛼2𝑣2, 𝑡)
.
..v1′
v2′
.𝛼1v1
′ + 𝛼2v2′
𝑥0
𝑥1
𝑥2
v2
v1
.
.
.
𝑥0 + 𝛼1v1 + 𝛼2v2
.
Implications Of Superposition
CAV 2016 20
𝜉(𝑥0, 𝑡)
𝜉(𝑥1, 𝑡)
𝜉(𝑥2, 𝑡)
𝜉(𝑥0 + 𝛼1𝑣1 + 𝛼2𝑣2, 𝑡)
.
..v1′
v2′
.𝛼1v1
′ + 𝛼2v2′
𝑥0
𝑥1
𝑥2
v2
v1
.
.
.
𝑥0 + 𝛼1v1 + 𝛼2v2
.
Why is this important?Given 𝜉0, 𝜉1, and 𝜉2, one can
compute any simulation startingfrom linear span of 𝑥0, 𝑣1, and 𝑣2.
Implications Of Superposition
CAV 2016 21
𝜉(𝑥0, 𝑡)
𝜉(𝑥1, 𝑡)
𝜉(𝑥2, 𝑡)
𝜉(𝑥0 + 𝛼1𝑣1 + 𝛼2𝑣2, 𝑡)
.
..v1′
v2′
.
𝑥0
𝑥1
𝑥2
v2
v1
.
.
.
𝜉(𝑥0 + 𝛼1′𝑣1 + 𝛼2
′𝑣2, 𝑡)
𝛼1′v1
′ + 𝛼2′ v2
′
Why is this important?Given 𝜉0, 𝜉1, and 𝜉2, one can
compute any simulation startingfrom linear span of 𝑥0, 𝑣1, and 𝑣2.
Implications Of Superposition
CAV 2016 22
𝜉(𝑥0, 𝑡)
𝜉(𝑥1, 𝑡)
𝜉(𝑥2, 𝑡)
𝜉(𝑥0 + 𝛼1𝑣1 + 𝛼2𝑣2, 𝑡)
.
..v1′
v2′
.
𝑥0
𝑥1
𝑥2
v2
v1
.
.
.
𝜉(𝑥0 + 𝛼1′𝑣1 + 𝛼2
′𝑣2, 𝑡)
𝛼1′v1
′ + 𝛼2′ v2
′
Why is this important?Given 𝜉0, 𝜉1, and 𝜉2, one can
compute any simulation startingfrom linear span of 𝑥0, 𝑣1, and 𝑣2.
Key Idea: Use a set representation that exploits this property
Representation: Generalized Stars
Generalized star is represented as ⟨𝑐, 𝑉, 𝑃⟩
𝑐 – center, 𝑉 – set of vectors, 𝑃 – predicate.
CAV 2016 23
𝑐, 𝑉, 𝑃 = 𝑥 ∃ ത𝛼 = (𝛼1, … , 𝛼𝑛), c + Σ𝑖𝛼𝑖𝑣𝑖 = 𝑥, 𝑃 ത𝛼 = ⊤}
𝑣1
𝑣2
𝑐1
𝑃 𝛼1, 𝛼2≜
𝛼1 ≤ 1 ∧ 𝛼2 ≤ 1
𝑐1 + 𝛼1𝑣1 + 𝛼2𝑣2.
Representation: Generalized Stars
Generalized star is represented as ⟨𝑐, 𝑉, 𝑃⟩
𝑐 – center, 𝑉 – set of vectors, 𝑃 – predicate.
CAV 2016 24
𝑐, 𝑉, 𝑃 = 𝑥 ∃ ത𝛼 = (𝛼1, … , 𝛼𝑛), c + Σ𝑖𝛼𝑖𝑣𝑖 = 𝑥, 𝑃 ത𝛼 = ⊤}
𝑃 𝛼1, 𝛼2≜
𝛼1 ≤ 1 ∧ 𝛼2 ≤ 1 ∧ 𝛼1 + 𝛼2 ≤ 1.5𝑣1
𝑣2
𝑐1
Representation: Generalized Stars
Generalized star is represented as ⟨𝑐, 𝑉, 𝑃⟩
𝑐 – center, 𝑉 – set of vectors, 𝑃 – predicate.
CAV 2016 25
𝑐, 𝑉, 𝑃 = 𝑥 ∃ ത𝛼 = (𝛼1, … , 𝛼𝑛), c + Σ𝑖𝛼𝑖𝑣𝑖 = 𝑥, 𝑃 ത𝛼 = ⊤}
𝑃 𝛼1, 𝛼2≜
𝛼1 ≤ 1 − 𝛼22𝑣1
𝑣2
𝑐1
Representation: Generalized Stars
Generalized star is represented as ⟨𝑐, 𝑉, 𝑃⟩
𝑐 – center, 𝑉 – set of vectors, 𝑃 – predicate.
CAV 2016 26
𝑐, 𝑉, 𝑃 = 𝑥 ∃ ത𝛼 = (𝛼1, … , 𝛼𝑛), c + Σ𝑖𝛼𝑖𝑣𝑖 = 𝑥, 𝑃 ത𝛼 = ⊤}
𝑃 𝛼1, 𝛼2≜
𝑣1
𝑣2
𝑐1 𝟏. 𝟓*𝒔𝒒𝒓𝒕 -𝒂𝒃𝒔 𝒂𝒃𝒔 𝒙 – 𝟏 *𝒂𝒃𝒔 𝟑 – 𝒂𝒃𝒔 𝒙
𝒂𝒃𝒔 𝒙 – 𝟏 * 𝟑 – 𝒂𝒃𝒔 𝒙* 𝟏 +
𝒂𝒃𝒔 𝒂𝒃𝒔 𝒙 – 𝟑
𝒂𝒃𝒔 𝒙 - 𝟑* 𝒔𝒒𝒓𝒕 𝟏 –
𝒙
𝟕
𝟐
+
𝟒.𝟓 + 𝟎. 𝟕𝟓 * 𝒂𝒃𝒔 𝒙 – 𝟎.𝟓 + 𝒂𝒃𝒔 𝒙 + 𝟎. 𝟓 – 𝟐. 𝟕𝟓 * 𝒂𝒃𝒔 𝒙-𝟎. 𝟕𝟓 + 𝒂𝒃𝒔 𝒙 + 𝟎. 𝟕𝟓 * 𝟏 +𝒂𝒃𝒔 𝟏 – 𝒂𝒃𝒔 𝒙
𝟏 – 𝒂𝒃𝒔 𝒙,
-𝟑 *𝒔𝒒𝒓𝒕 𝟏 -𝒙
𝟕
𝟐
*𝒔𝒒𝒓𝒕𝒂𝒃𝒔 𝒂𝒃𝒔 𝒙 – 𝟒
𝒂𝒃𝒔 𝒙 -𝟒, 𝒂𝒃𝒔
𝒙
𝟐– 𝟎.𝟎𝟗𝟏𝟑𝟕𝟐𝟐 * 𝒙𝟐-𝟑 + 𝒔𝒒𝒓𝒕 𝟏 – 𝒂𝒃𝒔 𝒂𝒃𝒔 𝒙 – 𝟐 – 𝟏 𝟐 ,
(𝟐. 𝟕𝟏𝟎𝟓𝟐+ 𝟏. 𝟓 – 𝟎. 𝟓 * 𝒂𝒃𝒔(𝒙) – 𝟏. 𝟑𝟓𝟓𝟐𝟔 * 𝒔𝒒𝒓𝒕(𝟒 – (𝒂𝒃𝒔(𝒙) – 𝟏)^𝟐)) * 𝒔𝒒𝒓𝒕(𝒂𝒃𝒔(𝒂𝒃𝒔(𝒙) – 𝟏)/(𝒂𝒃𝒔(𝒙) – 𝟏))
Reachable Set Computation Using Simulations For Generalized Stars
Given Θ ≜ ⟨𝑐, 𝑉, 𝑃⟩ to compute reachable set
CAV 2016 27
𝑐 𝑣1
𝑣2Θ ≜ ⟨𝑐, 𝑉, 𝑃⟩
𝛼1 ≤ 1 ∧ 𝛼2 ≤ 1
Reachable Set Computation Using Simulations For Generalized Stars
Given Θ ≜ ⟨𝑐, 𝑉, 𝑃⟩ to compute reachable set1. Simulate from 𝑐2. Simulate from 𝑐 + 𝑣𝑖 for each 𝑖
CAV 2016 28
𝑐 𝑣1
𝑣2
𝛼1 ≤ 1 ∧ 𝛼2 ≤ 1
Θ ≜ ⟨𝑐, 𝑉, 𝑃⟩
Reachable Set Computation Using Simulations For Generalized Stars
Given Θ ≜ ⟨𝑐, 𝑉, 𝑃⟩ to compute reachable set1. Simulate from 𝑐2. Simulate from 𝑐 + 𝑣𝑖 for each 𝑖
Reachable set at time 𝑡 is given by ⟨𝑐′, 𝑉′, 𝑃⟩ where1. 𝑐′ is the simulation corresponding to 𝑐2. 𝑣𝑖′ is the difference of simulations from 𝑐 + 𝑣𝑖 and from 𝑐
CAV 2016 29
𝑐 𝑣1
𝑣2
𝑐′𝑣1′
𝑣2′
𝛼1 ≤ 1 ∧ 𝛼2 ≤ 1
Θ ≜ ⟨𝑐, 𝑉, 𝑃⟩
Reachable Set Computation Using Simulations For Generalized Stars
Given Θ ≜ ⟨𝑐, 𝑉, 𝑃⟩ to compute reachable set1. Simulate from 𝑐2. Simulate from 𝑐 + 𝑣𝑖 for each 𝑖
Reachable set at time 𝑡 is given by ⟨𝑐′, 𝑉′, 𝑃⟩ where1. 𝑐′ is the simulation corresponding to 𝑐2. 𝑣𝑖′ is the difference of simulations from 𝑐 + 𝑣𝑖 and from 𝑐
CAV 2016 30
𝑐 𝑣1
𝑣2
𝑐′𝑣1′
𝑣2′
𝛼1 ≤ 1 ∧ 𝛼2 ≤ 1
𝛼1 ≤ 1 ∧ 𝛼2 ≤ 1
Θ ≜ ⟨𝑐, 𝑉, 𝑃⟩
Reach(Θ, t) ≜ ⟨𝑐′, 𝑉′, 𝑃⟩
Reachable Set Computation Using Simulations For Generalized Stars
Given Θ ≜ ⟨𝑐, 𝑉, 𝑃⟩ to compute reachable set1. Simulate from 𝑐2. Simulate from 𝑐 + 𝑣𝑖 for each 𝑖
Reachable set at time 𝑡 is given by ⟨𝑐′, 𝑉′, 𝑃⟩ where1. 𝑐′ is the simulation corresponding to 𝑐2. 𝑣𝑖′ is the difference of simulations from 𝑐 + 𝑣𝑖 and from 𝑐
CAV 2016 31
𝑐 𝑣1
𝑣2
𝑐′𝑣1′
𝑣2′
Observation: 𝑹𝒆𝒂𝒄𝒉 preservesthe “shape” of the initial set.𝛼1 ≤ 1 ∧ 𝛼2 ≤ 1
𝛼1 ≤ 1 ∧ 𝛼2 ≤ 1
Θ ≜ ⟨𝑐, 𝑉, 𝑃⟩
Reach(Θ, t) ≜ ⟨𝑐′, 𝑉′, 𝑃⟩
Reachable Set Computation Using Simulations For Generalized Stars
Given Θ ≜ ⟨𝑐, 𝑉, 𝑃⟩ to compute reachable set1. Simulate from 𝑐2. Simulate from 𝑐 + 𝑣𝑖 for each 𝑖
Reachable set at time 𝑡 is given by ⟨𝑐′, 𝑉′, 𝑃⟩ where1. 𝑐′ is the simulation corresponding to 𝑐2. 𝑣𝑖′ is the difference of simulations from 𝑐 + 𝑣𝑖 and from 𝑐
CAV 2016 32
𝑐 𝑣1
𝑣2
𝑐′𝑣1′
𝑣2′
𝛼1 ≤ 1 ∧ 𝛼2 ≤ 1 ∧ 𝛼1 + 𝛼2 ≤ 1.5
𝛼1 ≤ 1 ∧ 𝛼2 ≤ 1 ∧ 𝛼1 + 𝛼2 ≤ 1.5
Observation: 𝑹𝒆𝒂𝒄𝒉 preservesthe “shape” of the initial set.
Θ ≜ ⟨𝑐, 𝑉, 𝑃⟩
Reach(Θ, t) ≜ ⟨𝑐′, 𝑉′, 𝑃⟩
Reachable Set Computation Using Simulations For Generalized Stars
Given Θ ≜ ⟨𝑐, 𝑉, 𝑃⟩ to compute reachable set1. Simulate from 𝑐2. Simulate from 𝑐 + 𝑣𝑖 for each 𝑖
Reachable set at time 𝑡 is given by ⟨𝑐′, 𝑉′, 𝑃⟩ where1. 𝑐′ is the simulation corresponding to 𝑐2. 𝑣𝑖′ is the difference of simulations from 𝑐 + 𝑣𝑖 and from 𝑐
CAV 2016 33
𝑐 𝑣1
𝑣2
𝑐′𝑣1′
𝑣2′
𝛼1 ≤ 1 − 𝛼22
𝛼1 ≤ 1 − 𝛼22
Observation: 𝑹𝒆𝒂𝒄𝒉 preservesthe “shape” of the initial set.
Θ ≜ ⟨𝑐, 𝑉, 𝑃⟩
Reach(Θ, t) ≜ ⟨𝑐′, 𝑉′, 𝑃⟩
Reachable Set Computation Using Simulations For Generalized Stars
Given Θ ≜ ⟨𝑐, 𝑉, 𝑃⟩ to compute reachable set1. Simulate from 𝑐2. Simulate from 𝑐 + 𝑣𝑖 for each 𝑖
Reachable set at time 𝑡 is given by ⟨𝑐′, 𝑉′, 𝑃⟩ where1. 𝑐′ is the simulation corresponding to 𝑐2. 𝑣𝑖′ is the difference of simulations from 𝑐 + 𝑣𝑖 and from 𝑐
CAV 2016 34
𝑐 𝑣1
𝑣2
𝑐′𝑣1′
𝑣2′
Problem: Exact simulations requires computing 𝒆𝑨𝒕 and is not necessarily finitely representable
𝛼1 ≤ 1 − 𝛼22
𝛼1 ≤ 1 − 𝛼22
Observation: 𝑹𝒆𝒂𝒄𝒉 preservesthe “shape” of the initial set.
Θ ≜ ⟨𝑐, 𝑉, 𝑃⟩
Reach(Θ, t) ≜ ⟨𝑐′, 𝑉′, 𝑃⟩
Validated Simulations
CAV 2016 35
𝜉 𝑥0, 𝑡
𝑥0
𝑣𝑎𝑙𝑆𝑖𝑚(𝑥0, 𝑡) returns sequence of regions such that 𝜉 𝑥0, 𝑡 ∈ 𝑅𝑙 when 𝑡 ∈ [𝑡𝑙 , 𝑡𝑙+1]
𝑑𝑖𝑎𝑚𝑒𝑡𝑒𝑟 𝑅𝑙 → 0 as |t𝑙+1 − 𝑡𝑙| → 0
.
Over- and Under-Approximations Using Validated Simulations
Problem – exact value of 𝑐, 𝑣1′ , and 𝑣2
′ is not known!
CAV 2016 36
𝑐 𝑣1
𝑣2
𝛼1 ≤ 1 ∧ 𝛼2 ≤ 1
Θ ≜ ⟨𝑐, 𝑉, 𝑃⟩
𝑅0
𝑅1
𝑅2
Over- and Under-Approximations Using Validated Simulations
Problem – exact value of 𝑐, 𝑣1′ , and 𝑣2
′ is not known!
CAV 2016 37
𝑐 𝑣1
𝑣2
𝛼1 ≤ 1 ∧ 𝛼2 ≤ 1
Θ ≜ ⟨𝑐, 𝑉, 𝑃⟩
𝑐′𝑣1′
𝑣2′
Over- and Under-Approximations Using Validated Simulations
Problem – exact value of 𝑐, 𝑣1′ , and 𝑣2
′ is not known!
CAV 2016 38
𝑐 𝑣1
𝑣2
𝛼1 ≤ 1 ∧ 𝛼2 ≤ 1
Θ ≜ ⟨𝑐, 𝑉, 𝑃⟩
Over- and Under-Approximations Using Validated Simulations
Problem – exact value of 𝑐, 𝑣1′ , and 𝑣2
′ is not known!
CAV 2016 39
𝑐 𝑣1
𝑣2
𝛼1 ≤ 1 ∧ 𝛼2 ≤ 1
Θ ≜ ⟨𝑐, 𝑉, 𝑃⟩
𝑐′ 𝑣1′
𝑣2′
Over- and Under-Approximations Using Validated Simulations
Problem – exact value of 𝑐, 𝑣1′ , and 𝑣2
′ is not known!
CAV 2016 40
𝑐 𝑣1
𝑣2
𝛼1 ≤ 1 ∧ 𝛼2 ≤ 1
Θ ≜ ⟨𝑐, 𝑉, 𝑃⟩
Over- and Under-Approximations Using Validated Simulations
Problem – exact value of 𝑐, 𝑣1′ , and 𝑣2
′ is not known!
CAV 2016 41
𝑐 𝑣1
𝑣2
𝛼1 ≤ 1 ∧ 𝛼2 ≤ 1
Θ ≜ ⟨𝑐, 𝑉, 𝑃⟩
Over- and Under-Approximations Using Validated Simulations
Problem – exact value of 𝑐, 𝑣1′ , and 𝑣2
′ is not known!
CAV 2016 42
𝑐 𝑣1
𝑣2
𝛼1 ≤ 1 ∧ 𝛼2 ≤ 1
Θ ≜ ⟨𝑐, 𝑉, 𝑃⟩Over–approximation is the
union of all such stars
Under–approximation is the intersection of all such stars
Over- and Under-Approximations Using Validated Simulations
Problem – exact value of 𝑐, 𝑣1′ , and 𝑣2
′ is not known!
CAV 2016 43
𝑐 𝑣1
𝑣2
𝛼1 ≤ 1 ∧ 𝛼2 ≤ 1
Θ ≜ ⟨𝑐, 𝑉, 𝑃⟩Over–approximation is the
union of all such stars
Under–approximation is the intersection of all such stars
𝑂𝐴 = 𝑥 ∃𝑐, ∃𝑣1, ∃𝑣2 ∃ ത𝛼, 𝑥 = 𝑐 + 𝛼1𝑣1 + 𝛼2𝑣2}𝑈𝐴 = 𝑥 ∀𝑐, ∀𝑣1, ∀𝑣2 ∃ ത𝛼, 𝑥 = 𝑐 + 𝛼1𝑣1 + 𝛼2𝑣2}
Over- and Under-Approximations Using Validated Simulations
Problem – exact value of 𝑐, 𝑣1′ , and 𝑣2
′ is not known!
CAV 2016 44
𝑐 𝑣1
𝑣2
𝛼1 ≤ 1 ∧ 𝛼2 ≤ 1
Θ ≜ ⟨𝑐, 𝑉, 𝑃⟩Provided in paper:1. Computing overapproximation2. Checking safety violation without using QE for bounded initial sets
Experimental Results - I
Comparison with SpaceEx on Linear Systems
CAV 2016 45
Benchmark Vars. TH Sim.Time. Verif.Time. C2E2 SpaceEx Result
Insulin 8 10 0.157 s 0.049 s 0.20 s 8.07 s Safe
Inslin 8 10 0.166 s 0.034 s 0.2 s 7.89 s Unsafe
Platoon 10 25 0.337 s 0.019 s 0.356 s TO Safe
Platoon 10 25 0.323 s 0.019 s 0.342 s TO Unsafe
Tank–10 10 20 0.745 s 0.206 s 0.951 s 4.886 s Safe
Tank–10 10 20 0.721 s 0.19 s 0.911 s 4.992 s Unsafe
Tank–15 15 20 1.325 s 0.363 s 1.688 s 8.176 s Safe
Tank–18 18 20 1.705 s 0.569 s 2.274 s 10.466 s Safe
Helicopter 28 20 3.192 s 1.634 s 4.826 s 2m 1.66 s Safe
Experimental Results - II
Comparison with Flow* for Linear Time Varying Systems
CAV 2016 46
Benchmark Vars C2E2 Flow*
Tank–TV 2 0.132 s 1.56 s
Tank–TV 4 0.198 s 4.28 s
Tank–TV 6 0.287 s 9.41 s
Tank–TV 8 0.356 s 18.73 s
Tank–TV 10 0.484 s 33.67 s
LTV 5 0.24 s 7.51 s
LTV 7 0.31 s 12.09 s
LTV 9 0.4 s 18.18 s
Experimental Results - III
Verification of Non-convex and Unbounded Initial Sets
CAV 2016 47
Benchmark Dim. TH. Init. Set. Res. Time
ACC 3 2 Non–Convex Safe 2.185
ACC 3 2 Unbounded Safe 1.774
ACC 3 2 Non–Convex Unsafe 1.11
ACC 3 2 Unbounded Unsafe 1.01
Tank 5 1 Non–Convex Safe 2.717
Tank 5 1 Unbounded Safe 2.145
Tank 5 1 Non–Convex Unsafe 1.722
Tank 5 1 Unbounded Unsafe 1.519
Conclusions
New simulation based verification for linear systems
1. For 𝑛–dimensional system, 𝑛 + 1 simulations suffice.2. Works for both time invariant and time variant systems.3. Works for non-convex and unbounded systems4. Can compute over- and under-approximation.5. Reuse the simulations for different initial sets.
CAV 2016 48
Thank You