• No results found

r r r + − v1 + − v2 + − vn r C C C C · · · · · ·

Figure 4.27: Transmission line circuit

circuit system can be described by the following ODE.           

˙v1 = −2 · v1+ v2+ 2 − exp(α · v1) − exp(α · (v1− v2)) + i(t)

˙v2 = −2 · v2+ v1+ v3+ exp(α · (v1− v2)) − exp(α · (v2− v3))

· · ·

˙vn−1 = −2 · vn−1+ vn−2+ vn+ exp(α · (vn−2− vn−1)) − exp(α · (vn−1− vn))

˙vn = −vn+ vn−1− 1 + exp(α · (vn−1− vn))

In order to reduce the stiffness of the dynamics, we reduce the value of α from 40 to 5. Scalable continuous and hybrid benchmarks can be built based on various types of inputs. Here, we consider a discontinuous input i(t) which is adapted from the one presented in [RW03]. i(t) =    2, t ≤ 1 3 − t, 1 < t ≤ 2 1, t > 2

Then the whole system can be modeled by a hybrid automaton consists of 3 modes and n variables. We consider the initial value of vi ranging in [0, 0.02] for all 1 ≤ i ≤ n.

Figure 4.28 shows the flowpipe over-approximations computed by our techniques over the time horizon [0, 3] for n = 6.

4.6

Summary

We introduce the use of TM flowpipes to over-approximate the reachable set for a non- linear hybrid automaton. Similar work can be found in [RN11] which uses Interval Taylor Series (ITS). By using TMs, we are able to avoid splitting any set in reachability analysis, and therefore can deal with some case studies with more than 5 variables. Although it requires to compute multivariate polynomials, under the help of proper simplification methods, our method can still efficiently produce an accurate result in most cases.

The applicability of a representation class could be investigated based on a large num- ber of examples which should cover most well-known difficulties in hybrid system reach- ability analysis. For example, large initial sets, high nondeterminism on jumps and so

Figure 4.28: Flowpipe over-approximations of the line circuit model with n = 6

on. Since hybrid systems do not have standard benchmarks, it is also significant to pro- pose new case studies which are adapted from industrial applications. In this chapter, we present a considerable number of examples which are taken from biology, medicine, mechanics and electricity. It can be seen that our TM flowpipe construction method has good performance over all of them. Further investigations on the applicability of TM flowpipes will be given in the next chapter.

Chapter 5

The Tool Flow*

It is important to make the Taylor model (TM) techniques presented in the thesis accessible to other people. To do so, we implement most of the introduced techniques and heuristics in a tool named Flow*. As we found few tools which can effectively deal with non-linear hybrid systems from different areas, it is also urgent for us to release the tool.

This chapter devotes a detailed description of the tool Flow* which is a reachability analyzer for non-linear hybrid systems. It is implemented in C++ based on some open source libraries such as the GNU MPFR Library and the GNU Scientific Library (GSL). Besides the techniques introduced previously, we also implement some algorithms to improve the efficiency of TM computation. The performance of Flow* is shown via comparisons with VNODE-LP, dReach and SpaceEx. Moreover, we also provide a scalability evaluation based on the non-linear transmission line circuit benchmark.

5.1

Overview

Figure 5.1 provides a bird’s view of the modules in Flow* which consists of two main parts:

• TM related modules - the basic computational libraries of Flow*. It includes a library of interval arithmetic, a library of TM arithmetic, and a library for computing intersections of TMs with other sets which are defined by systems of polynomial constraints.

• Reachability related modules - the high-level algorithms for computing flowpipe over- approximations under continuous dynamics. It also includes a parser for continuous and hybrid reachability problems as well as a parser for TM flowpipes.

The main functionality of the tool is to solve a hybrid reachability problem. However, it may also be used as a validated ODE solver, or to conservatively check the safety of given TMs. As a reachability problem solver, the tool accepts a file in which the following content should be specified.

• A hybrid automaton which is described by the language introduced in Section 5.3. • An initial set which can be an interval or a TM in a mode of the hybrid automaton.

Model file

Model parser

TM integrator

Poly ODE 1 Poly ODE 2

Poly ODE 3 Nonpoly ODE

Basic libraries TM arithmetic Interval arithmetic Image Computation Domain contraction Range over- approximation TM analyzer

Plot file Result TM file TM file

TM parser

Figure 5.1: Structure of Flow* v1.2.1

• An unsafe set which is defined by a system of polynomial constraints. If no unsafe set is given, the tool will not do a safety checking after the computation of TM flowpipes.

• A reachability setting which includes the time step-sizes, TM orders, remainder es- timation, cutoff threshold, floating-point precision and etc.. They will be applied to the consequent reachability computation. The details will be addressed in the following sections.

After parsing the model file, the tool calls Algorithm 12, in the main loop of which the flowpipes in a location is generated by a TM integrator. As we stated in Section 3.3, a pre- conditioned Taylor expansion for a polynomial ODE can be generated by different schemes which are suitable to different situations. Here, Flow* provides three options, i.e., Poly ODE 1-3 which are implemented according to Approach I-III respectively presented in Section 3.3. Non-polynomial ODEs are treated separately. In each time step, we first compute a TM for the vector field, and then compute a preconditioned Taylor expansion by Approach III. After the reachability computation is accomplished, the following results will be returned by Flow*.

• A TM file. All computed TM flowpipes along with the state space specification as well as the plot setting will be stored in an output file. Such a file could be used by other tools for further analyzing the TMs. Flow* can also be used to work on those TMs again while the unsafe set or plot setting is changed.

• Result of safety checking. If an unsafe set is specified in the model file, the tool will conservatively check the safety of the computed TM flowpipes. If no TM “intersects” the unsafe set, the tool returns SAFE, otherwise the result is UNKNOWN.

5.2. BASIC COMPUTATIONAL LIBRARIES 135