Reachability Analysis of Lazy Linear Hybrid Automata

Transition: Transitions are abstracted by abstracting jump and flow conditions. This must be done in order to ensure that transitions that are feasible in the concrete LLHA continue to be feasible in the abstract transition system, at the possible cost of introducing additional (spurious) behaviors. 1. The intuition behind the following definition of abstract guards and invariants is to relax the atomic constraints so that if Φ(x1, x2, . . . , xn) denotes a state invariant or guard, then the corresponding abstracted invariant or guard is Φ(x1, x2, . . . , xn) such that Φ(x1, x2, . . . , xn) =⇒ Φ(x1, x2, . . . , xn). 2. The set of flow values are abstracted to overapproximate the reachable configurations. If the flow value in a set Ẋ is ẋ, it is abstracted by including flow values ẋ and ẋ in its place, where ẋ ≤ ẋ ≤ ẋ (details given below). We first describe how invariants and guards are abstracted, and then describe the over-approximation of flow. Abstraction of invariants and guards. Invariants or guards can be expressed as a Boolean combination of atomic predicates in negation normal form (NNF), where each predicate is of the form f(x1, x2 . . . , xn) ≤ b where b ∈ Q. If Φ is an invariant or guard, then Φ = fbool(c1, c2, . . . , cn) where the constraint ci is fi ≤ bi and where fbool represents an NNF Boolean combination of its arguments. 10 Each predicate in the invariant or guard can be abstracted using the monotonicity of f with respect to each variable xi , that is, fxi = δf δxi is of the same sign over the range of interest. In particular, all polynomials which are linear in each variable, are always monotonic with respect to each variable. In order to define abstract state invariants and guards, we first describe how to construct abstract inequalities using the above observation about invariants and guards. Without loss of generality, let us assume that f(x1, x2 . . . , xn) ≤ b is an inequality whose partial derivative fxi with respect to each variable xi is of the same sign over the range of interest [QΠ(xi), QΠ(xi + Π)]. Then, its (conservative) abstraction is the relaxed inequality c′i defined below: c′i ≡ f(k1, k2 . . . , kn) ≤ b ′ where b = QΠ(b+Π) and ki = QΠ(xi) if fxi ≥ 0 = QΠ(xi +Π) if fxi < 0 This abstraction rounds up or down each variable to the nearest multiple of Π depending on whether the function f decreases or increases with increase in the variable. The constant b is always rounded up. All assignments to the variables which satisfied the earlier constraint also satisfy the relaxed constraint. Hence, this is an overapproximation of the original constraint. If Φ(x1, x2, . . . , xn) = fbool(f1 ≤ b1, . . . , fn ≤ bn) is the invariant or guard, the abstract state invariant or guard is defined as Φ(k1, k2, . . . , kn) = fbool(c ′ 1, c ′ 2, . . . , c ′ n) where the relaxed inequalities c′i are obtained from fi ≤ bi as described above. Thus, this relaxation results into an upper approximation of the behavior of the hybrid automaton. Abstraction of flow conditions. If ẋ is a rate of change allowed by flow(s) for some location s, then the following two rates of change represent its abstraction ⌊( ẋ Π )⌋Π and ⌈( ẋ Π )⌉Π. Figures 2.2(a) and 2.2(b) illustrate how flow conditions are abstracted. The abstraction of flow with 2Γ leads to an overapproximation of the dynamics of the LLHA: originally ẋ ∈ {3, 4, 5, 6}, but in the 2Γabstraction ẋ ∈ {2, 4, 6, 8}. Definition 5. A k-abstraction (k ≥ 1) of a lazy linear hybrid automaton is an abstraction of LLHA obtained using the above explained abstraction of configurations and transitions such that Π = 2Γ. The 0-abstraction is called the Γ-transition system as the quantization is done with respect to Γ. 11 1 2 3 4 5 6 7 8 9 10 11 12 1 2 3 5 6 7 8 9 10 4 Reachable values in Γ transition system