Overview of
Abstraction-Based Parameter Synthesis
for Multiaffine Systems
Alexander Bykovsky
email: control.eight@gmail.com
Hybrid automata
Hybrid systems combine continuous and discrete dynamics interaction. Somehow we need to capture dynamics of the continuous parts of the system with the dynamics of the logic and discrete parts.
Temperature-thermostat system as a hybrid automation
A hybrid automaton (HA) is a mathematical model with
both continuous and discrete behavior. It is represented by the tuple H = (Loc, Var, Inv, Flow, Trans, Init ).
Loc is a set of discrete locations.
Var is a set of real-valued variables x1, . . . , xn.
Flow (ℓ ) is a set of differential equations (or inclusions) that defines the time-driven evolution of the continuous variables.
The set of discrete transitions Trans defines how the state can jump between locations when inside the transition’s guard set.
The system can remain in a location ℓ while the state is inside the
invariant set Inv (ℓ ).
All behavior originates from the set of initial states Init .
A state s ∈ Loc x R^n consists of a location and values
of the continuous variables x1, . . . , xn .
Temperature-thermostat system as a hybrid automation formal description
Loc ∈ {on, off}
Var ∈ [~18, ~21]
Flow ∈ {x ̇ =−a(x−b),x ̇ =−ax}, a > 0, b >= 20 - some temprature towards what it increases
Trans ∈ {(on, >= 20), (off, <= 19)}
Init ∈ {(on, 19.5),(on, 18.5), (off, 19.5), (off, 20.01)}
Inv ∈ {<= 20, >= 19}
States ∈ {(on, 18.67), (on, 19.5), (off, 20.1), (off, 19.5}
A possible trajectory of the thermostat system
18.5
19
20
19.5
On
Off
On
20.5
Verification problems
In the verification setting, we are interested in whether there exists a trajectory from the set Init to a set Bad which defines the bad states to be avoided.
Two central problems in formal analysis are reachability analysis and safety verification.
Convex approximation technique
There is as stepwise refinement design method in which one starts of an abstract level that allows relatively easy verification, and then processes in steps to more and more refined deisgns. Then complicated description of a part of the system is replaced by some coarse information. This process is sometimes called abstraction.
Bouncing Ball Example
Position / time
Velocity / time
Reachability analysis
State-space consists of: position and velocity
We need to decide if there exists a trajectory of the hybrid system that reaches a given set of states.
Parameter synthesis problem which is to identify sets of parameters for which the system does (or does not) reach a given set of states. The term “parameter” refers to both the initial conditions of the model (e.g., thermostat is switched on at time t = 0) and dynamical parameters (e.g., temperature has specific value).
Parameter synthesis
For example, in the context of a thermostat and an air conditioner, we might be interested in partitioning the parameter space into two regions — those that, with heating is switched on, deterministically lead to the an air conditioner working properly, and those that lead to an air conditioner to be broken.
The parameter synthesis problem is relatively easy to solve when the system has linear dynamics, and there are a variety of methods for doing so.
Linear hybrid automata (LHA)
Let x (t) ∈ R^n denote the values of the continuous variables at time t. We consider continuous dynamics Flow of the following two forms. If x˙ (t ) ∈ P where P is a polytope, then the HA is called a linear hybrid automaton (LHA), considering convex polytopes.
Convex polyhedron
Genetic regulatory network
is defined by the dynamics of the following form:
Here xi is the i-th component of the state vector x ∈ X ⊂ R^n . Pi and Di are sets of indices. κij and γij are production and degradation rate parameters, respectively.
The terms rij are continuous piecewise-multiaffi ne functions arising from products of ramp functions r+ and r−.
Example (two-genes network):
Affine dynamics
Multiaffine function
Example (two genes network):
Ramp functions:
Multiaffine hybrid automata (MHA)
If x˙ (t) = f (x, t) where f (x, t) is a multiaffine function, then the HA is called a multiaffine hybrid automaton (MHA). It helps to model systems with highly nonlinear behavior.
It's difficult to solve verification problem for MHA. And we don't have a good solution for this as for LHA like SpaceEx.
In our case f(x, t) =
Where ka - is - p - uncertain parameter. So our function is multiaffine in x but affine in p. So we can use LHA to explore state space of uncertain parameters - P.
Our goal is to identify a subset of the parameter domain D which ensures that the property ϕ holds for a given MHA, i.e., RBad is avoided when starting in RInit .
Goal and Solution
We first introduce an LHA Lm (p) which overapproximates the behavior of the transition system TM (p) for a particular parameter value p ∈ D. In particular, we map every hyper-rectangular region to a location in the LHA and use the bounds on the regions as invariants.
The system is parametrized by the vector p = (p1, ..., pm ) ∈ D , where D is the hyper-rectangular domain of uncertain parameters.
Text
From state space partition to transition system
Example for κa = 10 and
κb = 15 (arrows normalized)
From state space partition to transition system. Modeling with SpaceEx
Let's define H1, H2, H3, H4 for our example where κa = 10 and κb = 15. The most important is to define flows.
Flow for H1:
Flow for H2:
(a)
(b)
(a) and
(c)
Flow for H3:
(d)
and (b)
Flow for H4:
(d) and (c)
From state space partition to transition system. Modeling with SpaceEx
Finally model for H1, H2, H3, H4 using SpaceEx will look like the following. Please note that this is a LHA. It defines Loc (H1, H2, H3, H4), Var (xa, xb), Inv (4 invs), Flow (defined above), Trans (t1, t2, t3, t4, t33).
One can notice that all Flows are affine.
From state space partition to transition system. Modeling with SpaceEx
Let's check some transitions. Init: xa = 0, xb = 0, init locaiton: H1. Should be transition from H1 to H2.
H1
H2
From state space partition to transition system. Modeling with SpaceEx
Init: xa = 8, xb = 4, init location: H2. There shouldn't be any transitions.
H2
From state space partition to transition system. Modeling with SpaceEx
Init: xa = 10.2, xb = 12, init locaiton: H4. Transitions: H4 -> H3 -> H1 -> H2.
H1
H2
H4
H3
Modeling transition system
LM( p) has a transition from location ℓ to ℓ′ associated with
hyper-rectangles Hℓ and Hℓ′ only if the projection of f( x, p) on the Hℓ→ Hℓ′ direction is positive in at least one corner of the facet separating Hℓ from Hℓ′ .
Transition direction
Projection
Set-Based LHA Abstraction
L∃M(P) has a transition from location ℓ to ℓ′ if there is a transition from ℓ to ℓ′ in LM(p) for some p ∈ P. Analogously, LaM(P) has a transition from location ℓ to ℓ′ if there is a transition from ℓ to ℓ′ in LM(p) for all p ∈ P.
For example for our case there is a transition from H1 to H2 for κa = 10 and κb = 15. So we can conclude that L∃M(P) has a transition from location H1 to H2. If we check that all values for ka and kb lead us to a transition from H1 to H2 then we can also conclude that LaM(P) has a transition from location H1 to H2.
Set-Based LHA Abstraction
Then we define:
For H1 we've got the following state equations:
Set-Based LHA Abstraction. Example
Discrete Abstraction of MHA
Clearly, the induced Kripke structure is a conservative abstraction of the LHA as it allows for additional trajectories to the bad states for two reasons. The behavior in the states is unconstrained due
to the absence of flows, and the initial and bad states of the Kripke structure overapproximate their LHA counterparts.
Parameter Identification
Parameter Identification
This function takes a list CL of constraints which encodes hyperplanes used to define the current parameter set.
Parameter Identification
Recursively it will be going as if it's a binary tree. So from algorithmic complexity analysis prospective there will be O(2^n) computations.
Evaluation
Evaluation
To summarize there are following advantages:
- This model tends to have better parameter coverage
- This model can identify more sets with valid parameters
- It shrinks a space in much precise way (more nodes in a search tree)
- This model treats time as a continuous entity.
- Acceptable runtime execution time.
- Employing the symbolic model and using LHA allow us to use existing state of the art tools such as SpaceEx.
-
This approach has a large potential with respect to parallelization.
Conclusion
Given a parameter polytope P, we compute an LHA which overapproximates the system behavior for P. Furthermore, we compute another LHA which enables us to prune the search tree. We have evaluated our approach on a model of a genetic regulatory network and a myocyte model and demonstrated its improvement over RoVerGeNe, a tool for parameter identification based on a purely discrete abstraction.