ISSN 1992-6502 (P ri nt)_
Vol. 17, no. 6 (59), pp. 38-42, 2013.
Vestnik UQA7U
ISSN 2225-2789 (Online) http://journal.ugatu.ac.ru
UDC 004.7
Model based design of control software for nonlinear discrete time hybrid systems V. Alimguzhin 1, F. Mari 2, I. Melatti 3, I. Salvo 4, E. Tronci 5
1 [email protected], 2 [email protected], 3 [email protected], 4 [email protected], 5 [email protected]
Sapienza University of Rome, Italy
Submitted 2013, June 10
Abstract. Many Embedded Systems are indeed Software Based Control Systems, that is control systems whose controller consists of control software running on a microcontroller device. This motivates investigation on Formal Model Based Design approaches for automatic synthesis of embedded systems control software. This paper addresses control software synthesis for discrete time nonlinear hybrid systems. We present a methodology to over approximate the dynamics of a discrete time nonlinear hybrid system K by means of a discrete time linear hybrid system LK, in such a way that controllers for LK are guaranteed to be controllers for K. We present experimental results on control software synthesis for the inverted pendulum, a challenging and meaningful control problem.
Keywords: model based design; Embedded Systems; hybrid systems; discrete time.
1. INTRODUCTION
Many Embedded Systems are indeed Software Based Control Systems (SBCSs). An SBCS consists of two main subsystems: the controller and the plant, that together form a closed loop system. Typically, the plant is a physical system whereas the controller consists of control software running on a microcontroller. Software generation from models and formal specifications forms the core of Model BasedDesign of embedded software. This approach is particularly interesting for SBCSs since in such a case system level specifications are much easier to define than the control software behavior itself.
Traditionally, the control software is designed using a separation-of-concerns approach. That is, Control Engineering techniques are used to design functional specifications (control law) from the closed loop system level specifications, whereas Software Engineering techniques are used to design control software implementing functional specifications. Such a separation-of-concerns approach has several drawbacks. For example, correctness of the control software is not formally verified and issues concerning non-functional requirements (such as computational resources, control software Worst Case Execution Time, WCET), are considered very late in the SBCS design activity and this could lead to new iterations of the control design (e.g., if the WCET is greater than the sampling time).
The previous considerations motivate research on methods and tools focusing on control software synthesis. The objective is that from the plant model, from formal specifications for the closed loop system behavior and from Implementation Specifications (that is, number of bits used in the quantization process) such methods can generate correct-by-construction control software satisfying the given specifications.
The tool QKS [1] has been designed following an SBCS model based design approach. Given a plant modeled as a Discrete Time Linear Hybrid System (DTLHS) QKS automatically synthesises control software meeting given safety and liveness closed loop specifications. The dynamics of a DTLHS is modeled as a set of linear constraints over a set of continuous as well as discrete variables describing system state, system inputs and disturbances. Although the control software synthesis problem for DTLHSs is undecidable [3], the semi-algorithm implemented in QKS usually succeeds in generating control software.
However, the dynamics of many interesting hybrid systems cannot be directly modeled by linear constraints. This motivates the focus of the present paper: control software synthesis for nonlinear Discrete Time Hybrid Systems (DTHS).
The present paper is a survey on the on-going research on Model Based Control Software Synthesis. More technical details can be found in [1-5]. We present a general approach to overapproximate (that is possibly allowing more behaviours than) a
given DTHS H by means of a DTLHS £H such that controllers for £H are guaranteed to be controllers for H. Control software for H is thus obtained by giving as input to the tool QKS [1] the linear plant model £H. We show the effectiveness of our approach by presenting experimental results on the inverted pendulum benchmark, a challenging and well studied example in control synthesis.
2. BACKGROUND
2.1. Predicates
An expression E(X) over a set of variables X is an expression of the form , where
are possibly non linear functions and are rational constants. For example,
3 s i nx, o g xy, xy, x are expressions over { x, y }.
is a linear expression if it is a linear combination of variables £ ¿e [n] ai xi.e. for all i, / (X) = for some . A constraint is an expression of
the form E (X) < b , where b is a rational constant. A predicate is a logical combination of constraints. A conjunctive predicate is a conjunction of constraints. We also write E (X) > b for — E (X) < — b , E (X) = b for (E (X) < b) A (E (X) > b ), and a < x < b for (x > a) A (x < b ) . Given a constraint and a boolean variable , the guarded constraint (if then ) denotes the predicate . Similarly, y —C (X) denotes (y = 1 )VC (X) . A guarded predicate is a conjunction of either constraints or guarded constraints. A guarded predicate is linear if it contains only linear expressions.
2.2. Control Problem for a Labeled Transition System
A Labeled Transition System (LTS) is a tuple S = (S, A, T) where S is a (possibly infinite) set of states, A is a (possibly infinite) set of actions, and : S X A X S — IB is the transition relation of S. Let seS and a e A. The set Adm (S, s) = { a e A | 3 s ' : T(s, a, s ')} is the set of actions admissible in , and
is the set of next states from via . A run or path for an LTS S is a sequence
of states and actions such that . The length
of a finite run is the number of actions in . We denote with the -th state element of
, and with the + 1 ) -th action element
of 7T. That is n (5)( t) = st, and n (i4)( t) = at. Given two LTSs and , we
say that overapproximates (notation )
when implies for all
and a e A. Note that E defines a partial order over
LTSs.
A controller restricts the dynamics of an LTS so that all states in a given initial region will eventually reach a given goal region. In what follows, let be an LTS, be, respective-
ly, the initial and goal regions of A controller for is a function such that ,
VaeA, if K(s,a) then 3 s' T(s,a,sO. The set
is the set of states for which at least a control action is enabled. The closed loop system is the LTS ,
where T (if)(s, a,sO = T (s, a,sO A K(s, a) . We call a path fullpath if either it is infinite or its last state has no successors.
We denote with P ath (s, a) the set of fullpaths starting in state with action . Given a path in S, we define j(S, n, G) as follows. If there exists
s. t. , then
m i n { n | n > 0 A n (5)(n) e G}. Otherwise,
. We require since our sys-
tems are non-terminating and each controllable state (including a goal state) must have a path of positive length to a goal state. Taking s u p 0 = + oo the worst case distance of a state from the goal region is
. A control problem for is a triple . A solution to is a con-
troller for such that and for all
se do m (K) , J(S (if) , G , s) is finite. An optimal solution to is a solution to , s.t. for all solutions to , for all we have J (S (r) , G,s)<; (S M, G,s) .
3. Discrete Time Hybrid Systems
Definition 1. A Discrete Time Hybrid System is a tuple where:
is a finite sequence of real ( ) and discrete (Xd) present state variables. The sequence X' of next state variables is obtained by decorating with ' all variables in X.
U = i/r U i/d is a finite sequence of input variables.
is a finite sequence of auxiliary
variables.
N (X, U, ^X') is a guarded predicate over XUUUfUX' defining the transition relation of the system.
A Discrete Time Linear Hybrid System (DTLHS) is a DTHS whose transition relation N is linear.
The semantics of a DTHS is given in terms of the labeled transition system
(DX,D„AN) where: N:DxxD„X^-^B is a function s.t. N (x, u, x ') = 3 ye Dr :N (x, u,y, x ') .
We say that DTHS J2 overapproximates DTHS J when LT S (J) E LT S (Jf2).
Example 1. Let us consider a simple inverted pendulum. The system is modeled by taking the angle 9 and the angular velocity 9 as state variables. The input of the system is the torquing force u, that can influence the velocity in both directions. Moreover, the behaviour of the system depends on the pendulum mass m, the length of the pendulum I and the gravitational acceleration 77. Given such parameters, the motion of the system is described by the differential equation: 9 = y s i n 9 + ^-u .
In order to obtain a state space representation, we consider the following normalized system, where is the angle and is the angular speed
9.
9 1
X1 = X2 X2 = — SinX! H---rU (1)
I ml/
The DTHS model for the pendulum is the tuple , where is the set of
continuous state variables, is the set of
input variables, and 7 = 0. Differently from [5], we consider the problem of finding a discrete con-trailer, whose decisions may be "apply the force clockwise" (u = 1 ), "apply the force counterclockwise" (u = — 1 ), or "do nothing" (u = 0 ). The intensity of the force will be given as a constant . Finally, the discrete time transition relation N is obtained from the equations in Eq. 1. as the Euler approximation with sampling time T, i.e. the predicate (x{ = Xi + Tx2) A (x2 = x2 + Tys i nxj +
T m i2 ^u) .
3.1. Quantized Control Problem for DTHSs
A DTHS control problem (J, /, G) is defined as the LTS control problem . To
manage real variables, in classical control theory the concept of quantization is introduced (Quantization is the process of approximating a continuous interval by a set of integer values. A quantization function for a real interval is a non-
decreasing function s. t. is a
bounded integer interval. We extend quantizations to integer intervals, by stipulating that in such a case the quantization function is the identity function. Given a DTHS , a quantization is a set of quantization functions
. If is a list of varia-
bles and , we write for
the tuple .
Definition 2. Let J = (X, //, 7, N ) be a DTHS, be a quantization for and be a
DTHS control problem. A T Quantized Feedback Control (QFC) solution to P is a solution K(x, u) to P s.t. there exists K: T (Dx) X T (D „) - B s. t. K (x, u) = K (T (x) ,T (u) ) .
4. LINEAR OVERAPPROXIMATION OF DTHSS
The tool QKS [1], given a DTLHS control problem and a quantization schema
as input, yields as output control software implementing an optimal quantized controller for , whenever a sufficient condition holds. In this section we show how a DTHS can be overapproximated by a DTLHS , in such a way that . Corollary 1 ensures that
controllers for are guaranteed to be controllers for .
4.1. DTHS Linearization
Let C(7), with 7cXui/U7UX', be a constraint in that contains a nonlinear function as a subterm. Then has the shape
, where is a set of real variables
, and is a set of discrete varia-
bles. For each , we define the function
obtained from , by instantiating discrete variables with w, i.e (R ) = / (R, w). Then C (7) is equivalent to the predicate
. In order to make the overapproximation tighter, we partition the domain DR of each function into hyperintervals , where / = EI j e [71] [ aj, ¿j] . In the following Re/ will denote the conjunctive predicate Aj e [7] aj < ?j < ¿j.
Let and be over- and under-
linear approximations of over the
hyperinterval /, i.e. such that Re/ implies i (R ) < /w (R) < i (R ) (in [4] we show the systematic approach for finding such approximations for functions using Taylor theorem). Taking fresh continuous variables
and fresh boolean vari-
vw-lJwe7)w,ie[n] 1 ""1
ables Z = f zw i] . r n, we define the guarded predicate :
AweBw Ai £[m]bw,i + £00 ^ b]
^ Awevw AiE[m][zw,i fw,i(R) ^ yw,( ^
a Awevw Aie[m][zw,i -> R e /¿] A
Aw £DwA(G [m] [zW/ ( > 1 ] .
This transformation eliminates a nonlinear subexpression of a constraint C(V) and yields a constraint C ( 7,y,Z) such that 3 y,Z [ C ( =>
C (F) ] . Given a DTHS J = (X,//,7,V) , without loss of generality, we may suppose that the transition relation V is a conjunction A (G [m] C ') of constraints. By applying
the above transformation to each nonlinear subexpression occurring in , we obtain a conjunction of linear constraints , such that . Hence starting from a DTHS , we find DTLHS ¿^ = (X, //, F JV) , whose dynamics overapproximates the dynamics of .
Theorem 1. Let J = (X, /,7, V ) be a DTHS and ¿J be its linearization. Then we have LT S (J) != LT S (¿J) .
Theorem 2. Let = (S,^4,7\) and £2 = be two LTSs and let be a solution to the LTS Control Problem (¿>2,7 , G) . If ! ¿>2 and for all then is also
solution to the LTS Control Problem (<§! , 7 , G) .
Corollary 1. Let be a DTHS
and be its linearization. Let be a solution to the DTLHS Control Problem . Then is
a solution to the DTHS Control Problem .
5. EXPERIMENTAL RESULTS
We present experimental results obtained by using QKS [1] on the inverted pendulum example described in Ex. 1. In all our experiments as in we
i
set I = g and m = —. We set the force intensity
parameter .
We use uniform quantization functions dividing the domain of each state variable [ — 1 . 1 77T, 1 . 1 77:] (we write n for a rational approximation of it) and 2)X2 = [—4,4] into 2 b equal intervals, where b is the number of bits used by AD conversion. Since we have two quantized variables, each one with bits, the number of quantized states is exactly . In the following, we sometimes make explicit the dependence on b by writing K ( b ).
The typical goal for the inverted pendulum is to turn the pendulum steady to the upright position, starting from any possible initial position, within a given speed interval. In our experiments, the goal region is defined by the predicate
, where ,
and the initial region is defined by the predicate 7 (X) = (—n < Xi < n) A (—4 < x2 < 4).
angle [x^ 10 bits ' angle [xd 9 bits
6 8 time in seconds
Fig. 1. Trajectories: Jf(K<9) ) and Jf(K:(10) )
All experiments have been carried out on an In-tel(R) Xeon(R) CPU @ 2.27GHz, with 23GiB of RAM, Debian GNU/Linux 6.0.3 (squeeze).
We run QKS for different values of the remaining parameters, i.e. p (goal tolerance) and b (number of bits of AD). In the Tab. 1. each row corresponds to a QKS run, columns , , show the corresponding inverted pendulum parameters, column shows the size of the obtained control software, columns CPU and MEM show the computation time (in seconds) and RAM usage (in KiB) needed by QKS to synthesize controller. Fig.1.
shows the simulations of and . As
we can see drives the system to the goal with a smarter trajectory with one swing only.
Table 1. Experimental results for inverted pendulum
b T P \K\ CPU MEM
8 0.1 0.1 2.73e+04 2.56e+03 7.72e+04
9 0.1 0.1 5.94e+04 1.13e+04 1.10e+05
10 0.1 0.1 1.27e+05 5.39e+04 1.97e+05
11 0.01 0.05 4.12e+05 1.47e+05 2.94e+05
6. CONCLUSIONS
We presented an automatic methodology to synthesize control software for nonlinear DTHS. The control software is correct-by-construction with respect to both System Level Formal Specifications of the closed loop system and Implementation Specifications, namely the quantization schema. The present work can be extended in several directions. First of all, it would be interesting to consider control synthesis of controllers that are optimal with respect to a cost function given as input of the control problem, rather than simply timeoptimal. Second, it would be interesting to extend our approach to CTL specifications, rather than just liveness and safety properties. Finally, a natural possible future research direction is to investigate
6
5
4
3
2
0
2
4
4
DTHS control software synthesis when the state is not fully observable.
ACKNOWLEDGMENTS
This research was supported by Erasmus Mundus MULTIC scholarship from the European Commission (EMA 2 MULTIC 10-837).
REFERENCES
1. Federico Mari, Igor Melatti, Ivano Salvo, and Enrico Tronci, "Synthesis of quantized feedback control software for discrete time linear hybrid systems," CAV, LNCS 6174, pp. 180-195, 2010.
2. Federico Mari, Igor Melatti, Ivano Salvo, and Enrico Tronci, "From boolean relations to control software," ICSEA, pp. 528-533, 2011.
3. F. Mari, I. Melatti, I. Salvo, and E. Tronci, "Undecidability of quantized state feedback control for discrete time linear hybrid systems," ICTAC, LNCS 7521, pp. 243-258, 2012.
4. V. Alimguzhin, F. Mari, I. Melatti, I. Salvo, and E. Tronci, "Automatic control software synthesis for quantized discrete time hybrid systems," CDC, IEEE, pp. 6120-6125, 2012.
5. V. Alimguzhin, F. Mari, I. Melatti, I. Salvo, and E. Tronci, "On model based synthesis of embedded control software," EMSOFT, ACM, pp. 227-236, 2012.
ABOUT AUTHORS
ALIMGUZHIN, Vadim, Postgrad. (PhD) Student, Computer Science Department, Sapienza University of Rome. Master of Software and Administration of Information Systems (USATU, 2009).
TRONCI, Enrico, Associate Prof., Computer Science Department, Sapienza University of Rome. Master of Electrical Engineering (Sapienza University of Rome, 1987), PhD in Computer Science (Carnegie Mellon University, 1991).
SALVO, Ivano, Assistant Prof., Computer Science Department, Sapienza University of Rome. Master of Computer Science (University of Udine, 1995), PhD in Computer Science (Sapienza University of Rome, 2000).
MELATTI, Igor, Assistant Prof., Computer Science Department, Sapienza University of Rome. Master of Computer Science (University of L'Aquila, 2001), PhD in Computer Science (University of L'Aquila, 2005).
MARI, Federico, Post Doc, Computer Science Department, Sapienza University of Rome. Master of Computer Science (Sapienza University of Rome, 2006), PhD in Computer Science (Sapienza University of Rome, 2009).