trends in formal analysis and synthesis of time-delayed systems · 2019-07-29 · trends in formal...

Trends in Formal Analysis and Synthesis ofTime-Delayed Systems

Indecision and Delay Are the Parents of Failure— Towards a theory of networked hybrid systems —

Naijun Zhan

State Key Laboratory of Computer Science, Institute of Software, CAS, Beijing, China

Real-Time Scheduling Open Problems Seminar 2019, Paris, July 24, 2019

RTSOPS 2019, Paris, July. 24, 2019 · Naijun Zhan: Indecision and Delay · 1 / 25

Hybrid Systems

Plant

ControlAnalogswitch

Continuouscontrollers

D/A

Discretesupervisor

A/D

Plant

observablestate

environmentalinfluence

disturbances ("noise")

control

selection

setpoints

active control law

setpointspart ofobservablestate

task selection

Loads ofcontinuouscomputations

interleavedwith discretedecisions

Plant

ControlAnalogswitch


D/A

Discretesupervisor

A/D

Plant

observablestate



control

selection

setpoints

active control law


task selection

Crucial question:• How do the controller and the plant interact?

Traditional answer:• Coupling assumed to be (or at least modeled as) delay-free.⇒ Mode dynamics is covered by the conjunction of the individual ODEs.⇒ Switching btw. modes is an immediate reaction to environmental conditions.


Hybrid Systems



Plant

ControlAnalogswitch


D/A

Discretesupervisor

A/D

Plant

observablestate



control

selection

setpoints

active control law


task selection



Plant

ControlAnalogswitch


D/A

Discretesupervisor

A/D

Plant

observablestate



control

selection

setpoints

active control law


task selection




Hybrid Systems



Plant

ControlAnalogswitch


D/A

Discretesupervisor

A/D

Plant

observablestate



control

selection

setpoints

active control law


task selection




Is Instantaneous Coupling Realistic?Digital control needs A/D and D/A conversion,which induces latency in signal forwarding.

Digital signal processing, especially in complexsensors like CV, needs processing time, addingsignal delays.

Networked control introduces communicationlatency into the feedback control loop.

Harvesting, fusing, and forwarding datathrough sensor networks enlarge the latter byorders of magnitude.


Is Instantaneous Coupling Realistic? No.Digital control needs A/D and D/A conversion,which induces latency in signal forwarding.

Digital signal processing, especially in complexsensors like CV, needs processing time, addingsignal delays.

Networked control introduces communicationlatency into the feedback control loop.

Harvesting, fusing, and forwarding datathrough sensor networks enlarge the latter byorders of magnitude.


Do Delays Have Observable Effect?ddtx(t) = −x(t)x(0) = 1

0 5 10 15−0.5

0

0.5

1

t

x

ddtx(t) = −x(t−1)x([−1, 0]) ≡ 1

0 5 10 15−0.5

0

0.5

1

t

x


Do Delays Have Observable Effect? Yes, they have.ddtx(t) = −x(t)x(0) = 1

0 5 10 15−0.5

0

0.5

1

t

x

ddtx(t) = −x(t−1)x([−1, 0]) ≡ 1

0 5 10 15−0.5

0

0.5

1

t

x


May the Effects be Harmful?• Delayed logistic equation [G. Hutchinson, 1948]:

d

dtN(t) = N(t)[1−N(t− r)]

0 50 1000

0.2

0.4

0.6

0.8

1

1.2

1.4

1.6

1.8

2r=0.25

t

N

0 50 1000

0.2

0.4

0.6

0.8

1

1.2

1.4

1.6

1.8

2r=1.52

t

N

0 50 1000

0.2

0.4

0.6

0.8

1

1.2

1.4

1.6

1.8

2r=1.65

t

N


May the Effects be Harmful? Yes, delays may well annihilate

control performance.

• Delayed logistic equation [G. Hutchinson, 1948]:d

dtN(t) = N(t)[1−N(t− r)]

0 50 1000

0.2

0.4

0.6

0.8

1

1.2

1.4

1.6

1.8

2r=0.25

t

N

0 50 1000

0.2

0.4

0.6

0.8

1

1.2

1.4

1.6

1.8

2r=1.52

t

N

0 50 1000

0.2

0.4

0.6

0.8

1

1.2

1.4

1.6

1.8

2r=1.65

t

N


Consequences• Delays in feedback control loops are ubiquitous.• They may well invalidate the safety/stability/. . . certificates obtained

by verifying delay-free abstractions of the feedback control system.Automatic verification/synthesis methods addressing feedbackdelays in hybrid systems should therefore abound!

Surprisingly, they don’t:1 S. Prajna, A. Jadbabaie: Meth. f. safety verification of time-delay syst. (CDC’05)2 L. Zou, M. Fränzle, ZNJ, P.N. Mosaad: Autom. verific. of stabil. and safety (CAV ’15)3 H. Trinh, P.T. Nam, P.N. Pathirana, H.P. Le: On bwd.s and fwd.s reachable sets

bounding for perturbed time-delay systems. (Appl. Math. & Comput. 269, ’15)4 Z. Huang, C. Fan, S. Mitra: Bounded invariant verification for time-delayed nonlinear

networked dynamical systems (NAHS ’16)5 P.N. Mosaad, M. Fränzle, B. Xue: Temporal logic verification for DDE (ICTAC ’16)6 M. Chen, M. Fränzle, Y. Li, P.N. Mosaad, ZNJ: Validat. simul.-based verific. (FM ’16)7 B. Xue, P. Mosaad, M. Fränzle, M. Chen, Y. Li and ZNJ: Safe over- and

under-approximation of reachable sets for delay differential equations (FORMATS ’17)8 E. Goubault, S. Putot, and L. Sahlmann: Inner and outer approximating flowpipes for

delay differential equations (CAV ’18)9 M. Chen, M. Fränzle, Y. Li, P. Mosad and ZNJ: What’s to come is still unsure:

Synthesizing synthesizers resilient to delayed reaction (ATVA ’18)10 S. Feng, M. Chen, ZNJ et al.: Taming delays in dynamical systems: Unbounded

verification of DDEs (CAV ’19)


Consequences• Delays in feedback control loops are ubiquitous.• They may well invalidate the safety/stability/. . . certificates obtained

by verifying delay-free abstractions of the feedback control system.Automatic verification/synthesis methods addressing feedbackdelays in hybrid systems should therefore abound!

Surprisingly, they don’t:1 S. Prajna, A. Jadbabaie: Meth. f. safety verification of time-delay syst. (CDC’05)2 L. Zou, M. Fränzle, ZNJ, P.N. Mosaad: Autom. verific. of stabil. and safety (CAV ’15)3 H. Trinh, P.T. Nam, P.N. Pathirana, H.P. Le: On bwd.s and fwd.s reachable sets

bounding for perturbed time-delay systems. (Appl. Math. & Comput. 269, ’15)4 Z. Huang, C. Fan, S. Mitra: Bounded invariant verification for time-delayed nonlinear

networked dynamical systems (NAHS ’16)5 P.N. Mosaad, M. Fränzle, B. Xue: Temporal logic verification for DDE (ICTAC ’16)6 M. Chen, M. Fränzle, Y. Li, P.N. Mosaad, ZNJ: Validat. simul.-based verific. (FM ’16)7 B. Xue, P. Mosaad, M. Fränzle, M. Chen, Y. Li and ZNJ: Safe over- and

under-approximation of reachable sets for delay differential equations (FORMATS ’17)8 E. Goubault, S. Putot, and L. Sahlmann: Inner and outer approximating flowpipes for

delay differential equations (CAV ’18)9 M. Chen, M. Fränzle, Y. Li, P. Mosad and ZNJ: What’s to come is still unsure:

Synthesizing synthesizers resilient to delayed reaction (ATVA ’18)10 S. Feng, M. Chen, ZNJ et al.: Taming delays in dynamical systems: Unbounded

verification of DDEs (CAV ’19)RTSOPS 2019, Paris, July. 24, 2019 · Naijun Zhan: Indecision and Delay · 6 / 25

The Agenda

1 Controller synthesis for time-delayed systems• Controller synthesis by reduction to playing safety games in the setting

of discrete time• Trends and challenges in controller synthesis for more complicated

time-delayed systems

2 Stability analysis and verification of delay differential equations• Bounded reachability analysis• Unbounded verification• Trends and challenges in analysis and verification of more complicated

time-delayed systems3 Other potential directions

• Weakly hard scheduling• · · ·


Discrete Safety Games

Staying safe and reaching an objectivewhen observation & actuation is confined by delays


A Trivial Safety GameA Trivial Safety Game

a

b u

u

u

b

a

a

b

u

u

v

v

e3

a3

a4

e2

a

a1

e1

2

a5

Goal: Avoid a5 by appropriateactions of player e.

Strategy: May always play "a"except in e3:

e1, e2 7→ ae3 7→ b

PKU MAVeLoS Workshop, Beijing, Oct. 8, 2017 · Martin Fränzle: Indecision and Delay · 13 / 39

Goal: Avoid a5 by appropriateactions of player e.

Strategy: May always play "a" exceptin e3:

e1, e2 7→ ae3 7→ b


Playing Safety Game Subject to Discrete DelayPlaying Subject to Discrete Delay

Shift registersGame state AdversaryEgo player

Observation: It doesn’t make an observable difference for the joint dynamicswhether delay occurs in perception, actuation, or both.

Consequence: There is an1 obvious reduction to a safety game of perfectinformation.

1

In fact, two different ones: To mimic opacity of the shift registers, delay has to bemoved to actuation/sensing for ego/adversary, resp. The two thus play different games!


Observation: It doesn’t make an observable difference for the jointdynamics whether delay occurs in perception, actuation, or both.

Consequence: There is an1obvious reduction to a safety game of perfectinformation.

1In fact, two different ones: To mimic opacity of the shift registers, delay has to bemoved to actuation/sensing for ego/adversary, resp. The two thus play different games!


Reduction to Delay-Free Gamesfrom Ego-Player Perspective

The Reductionfrom Ego-Player Perspective

Egoinput Σ

Shift register

Σ / Ego inp. Adv. inp.

Safe / unsafe

Gam

e g

raph

Σ

Safety games w. delay can be solved algorithmically.

Game graph incurs blow-up by factor |Alphabet(ego)|delay.


Safety games w. delay can be solved algorithmically ([M. Zimmermann.LICS’18, GandALF’17], [F. Klein & M. Zimmermann. ICALP’15, CSL’15]).Game graph incurs blow-up by factor |Alphabet(ego)|delay.A more efficient algorithm is presented in [Chen et al., ATVA’18](distinguished paper awards)


Towards Incremental Synthesis of Delay-TolerantStrategiesObservation: A winning strategy for delay k′ > k can always be utilized

for a safe win under delay k.Consequence: That a position is winning for delay k is a necessary

condition for it being winning under delay k′ > k.

Idea: Incrementally filter out loss states &incrementally synthesize winning strategy for the remaining:

1 Synthesize winning strategy for underlying delay-free safetygame.

2 For each winning state, lift strategy from delay k to k + 1.3 Remove states where this does not succeed.4 Repeat from 2 until either delay-resilience suffices or initial

state turns lossy.

M. Chen, M. Fraenzle, Y. Li, P. Mosad and N. Zhan: Whats to come is stillunsure: Synthesizing synthesizers resilient to delayed reaction. ATVA ’18.


Arriving Out of Order (Acta Informatica 2019)

Observations may arrive out-of-order:Maximum delay 5

Out of order!

60

57

65

62

59

56

61

58

62

61

63

60

64

59Sample #

t

But this may only reduce effective delay, improving controllability:

More recent

state information

available earlier

Effective

delay 2

Maximum delay 5

Factual delay 3

61

58

60

57

65

62

64

59

62

61

63

60Sample #

t !

W.r.t. qualitative controllability, the worst-case of out-of-order delivery isequivalent to order-preserving delay k.Stochastically expected controllability even better than for strict delay k.

M. Chen, M. Fraenzle, Y. Li, P. Mosad and N. Zhan: In decision and delays arethe parents of failure – Taming them algorithmically by synthesizing delay-resilientcontrol. Acta Informatica, 2019.


Future Directions

• Integrate stochastic models of message delays into safety synthesisprocesses

• Distributions on delays can be modeled• and leveraged in synthesis against quantitative safety targets.

• Let synthesis constructively leverage the advantages of (partial)control on out-of-order delivery

• Many network technologies permit influence on message delay (QoSfeatures, differentiated message classes like emergency messages, . . . )

• These do not strictly control, yet have significant impact on messagedelivery sequence.

• Could thus be exploited in control synthesis.

• Model delays by delay differential equations, and synthesizecontrollers for delay hybrid systems

• Multiple players, non-zero sum game, e.g., unmanned vehicle


Solving Delay Differential Equations (DDE)

A formal model of delayed feedback control


DDE — The HistoryHistorical motivation (predating digital control):

“Despite [...] very satisfactory state of affairs as far as [ordinary]differential equations are concerned, we are nevertheless forced to turnto the study of more complex equations. Detailed studies of the realworld impel us, albeit reluctantly, to take account of the fact that therate of change of physical systems depends not only on their presentstate, but also on their past history.”

[Richard Bellman and Kenneth L. Cooke, 1963]

Mathematical form:d

dtx(t) = f(x(t),x(t− δ1), . . . ,x(t− δn)), with δn > . . . > δ1 > 0,

Simplest instance (which we will mostly concentrate on in the remainder):

d

dtx(t) = f(x(t− δ))


DDE — Why They are Hard(er)x = f0

ddtx = −f0

d3

dtx = −f0

d2

dtx = f0

d10

dtx = f0

ddtx(t) = −x(t− 1)

DDE constitute a model of system dy-namics beyond “state snapshots”:• They feature “functional state”

instead of state in the Rn.• Thus providing rather infallible,

infinite-dimensional memory ofthe past.

N.B.: More complex transformations may beapplied to the initial segment f0 according tothe DDE’s right-hand side. f0 will neverthe-less hardly ever vanish from the state space.

Try only if

to you!infinite state no longer is scary enough


Formal Verification for DDE: An OverviewBounded-time verification:• Verification goal: given a time-bound τ show that the solutions to the

DDE on time interval [0, τ ] satisfy a given invariance property.

• Means:1 Simulation-based verification:

• do numerical simulation on a (sufficiently dense) sample of initialstates,

• add (pessimistic) error analysis and sensitivity analysis,• “bloat” the resulting trajectories accordingly.• See [Z. Huang, C. Fan, S. Mitra, NAHS 2016];

[M. Chen, M. Fränzle, Y. Li, P. Mosaad, ZNJ, FM’16].

2 Reachability analysis + homeomorphism:• over- and under-approximate reachable sets symbolically,• compute the largest time-delay term such that any delay smaller than

the bound, the reachable set computation for the next step can bereduced to compute the boundaries of the over- and under-approximatereachable sets of previous segment by exploiting homeomorphism.

• See ([B. Xue, M. Fränzle, ZNJ, FORMATS ’17 ])([B. Xue, ZNJ, Q. Wang, S. Feng, IEEE TAC 2019 ])



DDE on time interval [0, τ ] satisfy a given invariance property.• Means:

1 Simulation-based verification:• do numerical simulation on a (sufficiently dense) sample of initial

states,• add (pessimistic) error analysis and sensitivity analysis,• “bloat” the resulting trajectories accordingly.• See [Z. Huang, C. Fan, S. Mitra, NAHS 2016];


x

y

t






DDE on time interval [0, τ ] satisfy a given invariance property.• Means:

1 Simulation-based verification:• do numerical simulation on a (sufficiently dense) sample of initial

states,• add (pessimistic) error analysis and sensitivity analysis,• “bloat” the resulting trajectories accordingly.• See [Z. Huang, C. Fan, S. Mitra, NAHS 2016];






Formal Verification for DDE: An Overview (cont’d)Unbounded verification:• Verification goal: show that the solutions to the DDE satisfy a given

invariance property (the trajectory could be infinite).

• Means:1 interval Taylor model + stability analysis (only for simplest DDEs):

• predefine a parametric interval polynomial containing all possiblesolutions of the DDE on the given segment,

• derive an operator between the paramenters of the solution on theprevious segment and the ones on the next segment, forming atime-invariant discrete dynamical system

• exploting the stability analysis of the resulted time-invariant dynamicalsystem, reduce the safety verification and stability analysis to boundedcases.

• See ([L. Zou, P. Mosaad, M. Fränzle, X. Bai, ZNJ, CAV ’15]).2 Liearization + spectral analysis (for general DDEs):

• linearise a non-linear DDE,• exploiting spectral analysis, obtain the stability of the linear part,• reduce unbounded verification and analysis to bounded case.• See ([S. Feng, M. Chen, ZNJ, M. Fränzle, X. Bai, CAV ’19]).



invariance property (the trajectory could be infinite).• Means:

1 interval Taylor model + stability analysis (only for simplest DDEs):• predefine a parametric interval polynomial containing all possible

solutions of the DDE on the given segment,• derive an operator between the paramenters of the solution on the

previous segment and the ones on the next segment, forming atime-invariant discrete dynamical system


• See ([L. Zou, P. Mosaad, M. Fränzle, X. Bai, ZNJ, CAV ’15]).

2 Liearization + spectral analysis (for general DDEs):• linearise a non-linear DDE,• exploiting spectral analysis, obtain the stability of the linear part,• reduce unbounded verification and analysis to bounded case.• See ([S. Feng, M. Chen, ZNJ, M. Fränzle, X. Bai, CAV ’19]).



invariance property (the trajectory could be infinite).• Means:

1 interval Taylor model + stability analysis (only for simplest DDEs):• predefine a parametric interval polynomial containing all possible

solutions of the DDE on the given segment,• derive an operator between the paramenters of the solution on the

previous segment and the ones on the next segment, forming atime-invariant discrete dynamical system


• See ([L. Zou, P. Mosaad, M. Fränzle, X. Bai, ZNJ, CAV ’15]).2 Liearization + spectral analysis (for general DDEs):

• linearise a non-linear DDE,• exploiting spectral analysis, obtain the stability of the linear part,• reduce unbounded verification and analysis to bounded case.• See ([S. Feng, M. Chen, ZNJ, M. Fränzle, X. Bai, CAV ’19]).


Unbounded Analysis for ddtx(t) = f(x(t− δ))

Main Ingredients

1 Generate the Taylor series for the segment x |[nδ,(n+1)δ] by integratingf(x) |[(n−1)δ,nδ].

Degree of Taylor series grows indefinitely (and rapidly so i.g.).Computationally intractable.Lacking means for analysing unbounded behaviour.

2 Overapproximate segments by interval Taylor series of fixed degreeTractable (if degree low enough).Thus permits bounded model checking.Still no immediate means for unbounded analysis.

3 Extract operator computing next ITS from current one;analyse its properties

Unbounded safety and stability analysis become feasible.

L. Zou, M. Fraenzle, N. Zhan and P. Mosaad: Automatic stability and safetyverification for delay differential equations. CAV ’15.


Unb. Ana. for ddtx(t) = f(x(t),x(t− δ1), . . . ,x(t− δn))

Stability of Linear Dynamics by Spectral Analysis

For linear DDEs:

d

dtx (t) = Ax (t) +Bx (t− r)

The characteristic equation:

det (λI −A−) = 0

Globally exponentially stable if ∀λ : R(λ) < 0, i.e.,

∃K > 0. ∃α < 0: ‖ξϕ(t)‖ ≤ K ‖ϕ‖ eαt, ∀t ≥ 0, ∀ϕ ∈ Cr




For linear DDEs:

d



det(λI −A−Be−rλ

)= 0


∃K > 0. ∃α < 0: ‖ξϕ(t)‖ ≤ K ‖ϕ‖ eαt, ∀t ≥ 0, ∀ϕ ∈ Cr




For linear DDEs:

d




)= 0

-5 -4 -3 -2 -1 0

-150

-100

-50

0

50

100

150

R(λ)

I(λ

)


∃K > 0. ∃α < 0: ‖ξϕ(t)‖ ≤ K ‖ϕ‖ eαt, ∀t ≥ 0, ∀ϕ ∈ Cr




For linear DDEs:

d




)= 0

-5 -4 -3 -2 -1 0α-150

-100

-50

0

50

100

150

R(λ)

I(λ

)


∃K > 0. ∃α < 0: ‖ξϕ(t)‖ ≤ K ‖ϕ‖ eαt, ∀t ≥ 0, ∀ϕ ∈ Cr



Reducing Unbounded Verification to Bounded One

1 Identify the rightmost eigenvalue (and hence α), then construct Kand δ.

2 Compute T ∗, as well as T ′ (by bounded verifiers) s.t. ‖Ω‖ < δ withinT ′.

3 Reduce to bounded verifi., i.e., ∀T > T ′ + T ∗, ∞-safe ⇐⇒ T -safe.4

-5 -4 -3 -2 -1 0α-150

-100

-50

0

50

100

150

R (λ)

I( λ

)

(a)

0 40 60 80 100T′ + T*

-0.4

-0.2

0.0

0.2

0.4

t

u(t)

(b)

4.2 (a) h(z) 计

maxλ∈σ R (λ) < α < 0 α = −0.5 (b) Taylor

[91]所 (4.20) T >

(T ′ + T ∗) = 15.5s ∞- T-

Figure 4.2 Ubounded safety verification of the population dynamics. (a) The identified right-

most eigenvalues of h(z) and an upper bound α = −0.5 such that maxλ∈σ R (λ) < α < 0;

(b) Overapproximation of the reachable set of the system (4.20) produced by the method

in [91] using Taylor models for bounded verification. Together with this overapproxi-

mation we prove the equivalence of ∞-safety and T-safety of the system, for any T >

(T ′ + T ∗) = 15.5s.

[−1, 15.5] 与 U (4.20)

DDEs: 所单理论

指计理 (2.1)

DDEs 别 ∥B∥ e−rα∑ki=1 ∥Ai∥ e−riα ∥B∥ ∑k

i=1 ∥Ai∥ 中 Ai 中 x(t − ri)

Jacobian

[8]中理 1.2 中所

4.3

所 Wolfram

M [152]中 DDE-BIFTOOL6 计

6http://ddebiftool.sourceforge.net/

59

δ = minδϵ, δϵ/

(Ke−rα

(1 + ∥B∥

∫ r0

e−ατ dτ))

δϵ = Ke−rα(1 + ∥B∥

∫ r0

e−ατ dτ)∥ϕ∥ eϵKe−rαt+αt

ϵ ≤ −α/(2Ke−rα)

S. Feng, M. Chen, N. Zhan, M. Fränzle, B. Xue: Taming delays in dyn. syst.:Unbounded verif. of DDEs. CAV ’19.



Reducing Unbounded Verification to Bounded One

1 Identify the rightmost eigenvalue (and hence α), then construct Kand δ.

2 Compute T ∗, as well as T ′ (by bounded verifiers) s.t. ‖Ω‖ < δ withinT ′.

3 Reduce to bounded verifi., i.e., ∀T > T ′ + T ∗, ∞-safe ⇐⇒ T -safe.4

-5 -4 -3 -2 -1 0α-150

-100

-50

0

50

100

150

R (λ)

I( λ

)

(a)

0 40 60 80 100T′ + T*

-0.4

-0.2

0.0

0.2

0.4

t

u(t)

(b)

4.2 (a) h(z) 计


[91]所 (4.20) T >

(T ′ + T ∗) = 15.5s ∞- T-






(T ′ + T ∗) = 15.5s.

[−1, 15.5] 与 U (4.20)

DDEs: 所单理论

指计理 (2.1)



Jacobian

[8]中理 1.2 中所

4.3

所 Wolfram



59

4

-5 -4 -3 -2 -1 0α-150

-100

-50

0

50

100

150

R (λ)

I( λ

)

(a)

0 40 60 80 100T′ + T*

-0.4

-0.2

0.0

0.2

0.4

t

u(t)

(b)

4.2 (a) h(z) 计


[91]所 (4.20) T >

(T ′ + T ∗) = 15.5s ∞- T-






(T ′ + T ∗) = 15.5s.

[−1, 15.5] 与 U (4.20)

DDEs: 所单理论

指计理 (2.1)



Jacobian

[8]中理 1.2 中所

4.3

所 Wolfram



59

S. Feng, M. Chen, N. Zhan, M. Fränzle, B. Xue: Taming delays in dyn. syst.:Unbounded verif. of DDEs. CAV ’19.


Future DirectionsExtend the method to more general forms of DDE:• DDE also featuring immediate state feedback and disturbance, as

suggested by ODE models of the plant dynamics,(partially addressed in [B. Xue, M. Fränzle, P. Mosaad, CDC ’17];

[B. Xue, Q. Wang, S. Feng, ZNJ, HSCC’19])• DDE covering multiple different, constant feedback delays (on-going),• DDE exhibiting state-dependent delay (on-going),• DDE featuring randomly distributed delay,• stochastic DDE.

Extend the method to delayed hybrid-state dynamics:• Hybrid automata comprising DDE instead of ODE.• Hybrid automata additionally featuring latency in their discrete

reactive behaviour.Invariant generation for time-delayed systems. (on-going)• Some first try was done by Prajna&Jadbabaie [ CDC’05].


Potential Directions

Related to Weakly Hard Systems


Weakly Hard System Courtesy by Dr. Chao Huang

Sample 𝑥 1 Compute 𝑢2

1

Sample 𝑥 𝑇 Allow occasional deadline misses

0

𝑥 = 𝑓 𝑥 + 𝑔 𝑥 𝑢

𝑢 = 𝑢0 = 0

𝑡

0

𝑊 Deadline


𝑢 = 𝑢1

𝑇

Sampling period

2𝑇 +𝑊

2𝑇 3𝑇

𝑢 = 𝑢3


𝑇 +𝑊

𝑢 = 𝑢1

Is an 𝒎,𝑲 weakly-hard system safe?

𝑚,𝐾 constraint: at most 𝑚 deadline misses among any 𝐾 consecutive periods[G. Bernat et al., 2001]

Timing disturbance Communication delay, sensing failure…


trends in formal analysis and synthesis of time-delayed systems · 2019-07-29 · trends in formal...

Documents