Peter Bulychev Alexandre David Dehui Du Axel Legay Guangyuan Li Marius Mikucionis Danny B Poulsen Amalie Stainer Zheng Wang TexPoint fonts used in EMF ID: 410570
Download Presentation The PPT/PDF document "Kim G. Larsen" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
![2Bouyer,Larsen,Markey,Sankur,Thraneplatform(e.g.[4,15,20,12,5,21]).Int](https://thumbs.docslides.com/294385/2bouyer-larsen-markey-sankur-thraneplatform-e-g-4-15-20-12.jpg)
Slide1
Kim G. Larsen Peter Bulychev, Alexandre David, Dehui Du, Axel Legay, Guangyuan Li, Marius Mikucionis, Danny B. Poulsen, Amalie Stainer, Zheng Wang
TexPoint fonts used in EMF. Read the TexPoint manual before you delete this box.: AAAAAAAAAAAAA
Statistical
Model Checking
,
Refinement Checking
,
Optimization
, ..
for
Stochastic Hybrid SystemsSlide2
IDEA4CPS Foundations for CPSFORMATS, Sep 2012Kim Larsen [2]
I
DE
A
Inst. of Software Chinese Academy of Sciences,
Beijing, China
Technical
University
of Denmark,
Lyngby, Denmark
East China Normal University,
Shanghai, China
Aalborg
University
,
DenmarkSlide3
Cyber-Physical SystemsComplex systems that tightly integrate multiple, networked computing elements (hardware and software) with non-computing physical elements such as electrical or mechanical components.FORMATS, Sep 2012Kim Larsen [3]Smart XHybrid SystemsSlide4
Trustworthiness(TCPS) .. by which we mean CPS on which reliance can justifiably be placed. (wiki) .. of a component is .. defined by how well it secures a set of functional and non-functional properties, deriving from its architecture, construction, and environment, and evaluated as appropriate.FORMATS, Sep 2012Kim Larsen [4] Probabilities ConfidenceSlide5
Current StateFORMATS, Sep 2012Kim Larsen [5]StochasticHybrid SystemsProbabilisticTemporal Logic
Statistical Model CheckingSlide6
Overview Stochastic Hybrid SystemsWeighted Metric Interval Temporal LogicUPPAAL SMC (Demo)Energy Aware BuildingsSMC and Refinement CheckingSMC and OptimizationConclusionFORMATS, Sep 2012Kim Larsen [6]Slide7
Stochastic Hybrid SystemsA Bouncing BallFORMATS, Sep 2012Kim Larsen [7/52]Simulate 5 [<=20] {p}
Pr[<=20](<>(time >=12 && p >= 4))Slide8
Hybrid AutomataH=(L, l0,§, X,E,F,Inv)whereL set of locationsl0 initial location§=§i [ §o set of actionsX set of continuous variables
valuation º: X!R (=
RX)E set of edges (l,g,a,Á,l’) with gµRX and
Á
µ
R
X
£
R
X
and
a
2
§
For
each
l a
delay
function
F(l): R>0
£
R
X
!
R
X
For
each
l an
invariant
Inv
(l)
µ
R
X
FORMATS, Sep 2012
Kim Larsen [
8
]Slide9
Hybrid AutomataFORMATS, Sep 2012Kim Larsen [9]SemanticsStates (l,º) where º2RXTransitions (l,º)
!d (l,º’) where º’=F(l)(d)(º) provided º
’2 Inv(l) (l,º) !a (l’,º’)
if
there
exists
(
l,g,a,
Á
,l
’)
2
E
with
º
2
g and (º,
º’)2Á and
º
’
2
Inv
(l’)Slide10
Stochastic Hybrid AutomataFORMATS, Sep 2012Kim Larsen [10]* Dirac’s delta functions for deterministic delays / next state
Stochastic
SemanticsFor each state
s=(l,
º
)
Delay
d
ensity
function
*
¹
s
: R
>0
!
R
Output Probability Function
°
s
:
§
o
!
[0,1
]
Next-state density function
*
´
a
s
: St
!
R
where a
2
§
.
Slide11
Stochastic Hybrid AutomataFORMATS, Sep 2012Kim Larsen [11]* Dirac’s delta functions for deterministic delays / next state
Stochastic
SemanticsFor each state
s=(l,
º
)
Delay
d
ensity
function
*
¹
s
: R
>0
!
R
Output Probability Function
°
s
:
§
o
!
[0,1
]
Next-state density function
*
´
a
s
: St
!
R
where a
2
§
.
UPPAAL
Uniform distributions (
bounded
delay
)
Exponential
distributions (
unbounded
delay
)
Syntax
for
discrete
probabilistic
choice
Distribution on
next
state
by
use
of
random
Hybrid flow by
use
of
ODEs
Networks
Repeated
races
between
components for outputtingSlide12
Pr[c<=C](<> T.T3) ?
Stochastic Semantics NTAs
Composition = Race between componentsfor outputting Kim Larsen [12]FORMATS, Sep 2012
Pr[time<=2](<> T.T3) ?
Pr[time<=
T
](<> T.T3) ?Slide13
Stochastic Semantics of NHAsAssumptions: Component SHAs are: Input enabled Deterministic Disjoint set of output actions ¼ ( s , a1 a2 …. an ) : the set of maximal runs from s with a prefix t1 a1 t2
a2 … tn ak for some t1,…,tn 2
R.
Kim Larsen [
13
]
FORMATS, Sep 2012Slide14
Metric Interval Temporal LogicMITL≤ syntax: ϕ ::=σ | ¬ϕ | ϕ1 ∧ ϕ2 | Oϕ | ϕ1 U≤d ϕ2where d ∈ ℕ is a natural number.MITL≤ semantics [ r=(a1,t1)(a2,t2)(a
3,t3) … ]:r ⊨σ if a1= σ
r ⊨¬ϕ if r ⊭ ϕr ⊨ ϕ1 ∧ ϕ2 if
r
⊨
ϕ
1
and
r
⊨
ϕ
2
r
⊨
Oϕ if (a2,t
2)(a3,t
3
)…
⊨
ϕ
r
⊨
ϕ
1
U
≤d
ϕ
2
if
9
i
.
(
a
i
,t
i
)(a
i+1
,t
i+1
)…
⊨
ϕ
2
with
t
1
+
t
2
+…+
t
i
≤d
and
(
a
j
,t
j
)(a
j+1
,t
j+1
)…
⊨
ϕ
1
for j<
i
FORMATS, Sep 2012
Kim Larsen [
14
]Slide15
Logical Properties– WMITL FORMATS, Sep 2012Kim Larsen [15]MODEL MÁ =PrM(Á) = ??Slide16
Statistical Model CheckingFORMATS, Sep 2012Kim Larsen [16]
M
Á
µ
,
²
Generator
Validator
Core
Algorithm
Inconclusive
Pr
M
(
Á
)
2
[a-
²
,a+
²
]
with
confidence
µ
p,
®
Pr
M
(
Á
)
¸
p
at
significance
level
®
}
<
T
p
[
FORMATS11,
RV12
]Slide17
Logical Properties– WMITL FORMATS, Sep 2012Kim Larsen [17]95% confidence interval: [0.215,0.225]MODEL MOBSERVER(det)Á
=Slide18
Statistical Model Checking [LPAR2012] FORMATS, Sep 2012Kim Larsen [18]
M
Á
µ
,
²
Generator
Validator
Core
Algorithm
Inconclusive
Pr
M
(
Á
)
2
[a-
²
,a+
²
]
with
confidence
µ
p,
®
Pr
M
(
Á
)
¸
p
at
significance
level
®
CASAAL
O
Á
U
Á
A
Á
}
acc
M |
O
Á
M |
U
Á
Slide19
ExperimentsFORMATS, Sep 2012Kim Larsen [19]How exact is the O/U?1000 random formulas2, 3, 4 actions15 connectivesNew exact method for full
MITL[a,b]using rewriting [RV12]Slide20
Energy Aware BuildingsFehnker, Ivancic. Benchmarks for Hybrid Systems Verification. HSCC04With Alexandre David,Dehui DuMarius MikucionisArne SkouSlide21
Stochastic Hybrid SystemsFORMATS, Sep 2012Kim Larsen [21]on/offon/offRoom 1
Room
2Heater
simulate
1 [<=100]{
Temp
(0).T,
Temp
(1).T}
simulate
10 [<=100]{
Temp
(0).T,
Temp
(1).T}
Pr[<=100](<>
Temp
(0).T >= 10)
Pr[<=100](<> Temp(1).T<=5 and time>30) >= 0.2Slide22
FrameworkFORMATS, Sep 2012DesignSpaceExplorationKim Larsen [22]Slide23
Rooms & Heaters – MODELS FORMATS, Sep 2012
Kim Larsen [23]Slide24
Control Strategies – MODELS FORMATS, Sep 2012Temperature ThresholdStrategiesKim Larsen [24]Slide25
Weather & User Profile – MODELS FORMATS, Sep 2012Kim Larsen [25]Slide26
Results – Simulations FORMATS, Sep 2012simulate 1 [<=2*day] { T[1], T[2], T[3], T[4], T[5] }simulate 1 [<=2*day] { Heater(1).r, Heater(2).r, Heater(3).r }Kim Larsen [26]Slide27
Results – DiscomfortFORMATS, Sep 2012Pr[<=2*day](<> time>0 && Monitor.Discomfort)Kim Larsen [27]Slide28
Results – ComfortFORMATS, Sep 2012Pr[comfort<=2*day] (<> time>=2*day)Kim Larsen [28]Slide29
Results – Energy FORMATS, Sep 2012Pr[Monitor.energy<=1000000](<> time>=2*day)Kim Larsen [29]Slide30
Result – User ProfileFORMATS, Sep 2012Pr[Monitor.energy<=1000000](<> time>=2*day)Kim Larsen [30]Slide31
RefinementFORMATS, Sep 2012Kim Larsen [31]Slide32
const int Tenv=7;const int k=2;const int H=20;const
int TB[4]= {12, 18, 25, 28};
Controller SynthesisFORMATS, Sep 2012Kim Larsen [32]
o
n/off
??
const
int
Tenv
=7;
c
onst
int
k=2;
c
onst
int
H=20;
const
int
TB[4
]=
{
12, 18, 25, 28};
low
normal
high
c
ritical
high
c
ritical
low
12
18
25
28
Room
Room
HeaterSlide33
UnfoldingFORMATS, Sep 2012Kim Larsen [33]low
normalhighcritical high
critical low12
18
25
28Slide34
TimingFORMATS, Sep 2012Kim Larsen [34]lownormalhigh
critical highcritical
low121825
28Slide35
TA AbstractionFORMATS, Sep 2012Kim Larsen [35]const int uL[3]={3,5,2};const int
uU[3]={4,6,3};const int dL
[3]={3,9,15};const int dU[3]={4,10,16}Slide36
Validation by SimulationFORMATS, Sep 2012Kim Larsen [36]Slide37
Validation by SimulationFORMATS, Sep 2012Kim Larsen [37]const
int uL[3]={3,8,2};const
int uU[3]={4,9,3};const
int
dL
[3]={3,9,15};
const
int
dU
[3]={4,10,16}Slide38
OptimizationFORMATS, Sep 2012Kim Larsen [38]Slide39
Time Bounded L-problem [Qest12]WATA, Dresden, May 30, 2012Kim Larsen [39]simulate 1 [time<=5] {C, x, y}Problem:
Determine schedule that maximizestime until out of energySlide40
Time Bounded L-problem [Qest12]WATA, Dresden, May 30, 2012Kim Larsen [40]Pr[time<=30] (<> C<0 )Slide41
TESTTime Bounded L-problem [Qest12]WATA, Dresden, May 30, 2012Kim Larsen [41]simulate 10000 [time<=10] {C,x,y}: 1 : time>=7 && Test.GOOD
Pr [time<=10] (<> time
>=7 && Test.GOOD
Can
we
do
better
? Slide42
RESTART MethodFORMATS, Sep 2012Kim Larsen [42]Slide43
Meta ModelingFORMATS, Sep 2012Kim Larsen [43]RESTART ApproachSlide44
Meta ModelingFORMATS, Sep 2012Kim Larsen [44]Direct ApproachSlide45
Meta AnalysisFORMATS, Sep 2012Kim Larsen [45]Direct ApproachRESTART ApproachSlide46
Meta AnalysisFORMATS, Sep 2012Kim Larsen [46]Slide47
Meta AnalysisFORMATS, Sep 2012Kim Larsen [47]Slide48
Other Case StudiesFIREWIREBLUETOOTH 10 node LMAC
ROBOTKim Larsen [48]FORMATS, Sep 2012
Energy AwareBuildingsGenetic Oscilator
(HBS)
Schedulability
Analysis for
Mix Cr Sys
Passenger
Seating in
AircraftSlide49
Contribution & MoreNatural stochastic semantics of networks of stochastic hybrid systems.Efficient implementation of SMC algorithms:Estimation ofSequential testing ¸ pSequential probability comparison ¸Parameterized comparisonDistributed Implementation of SMC !FORMATS, Sep 2012Kim Larsen [49]Slide50
Thank You !FORMATS, Sep 2012Kim Larsen [50]