Generating Invariants for Hybrid Systems by Computing Vanishing Ideals of Sample Points Bin Wu, Yongjun Fu Generating Invariants for Hybrid Systems by Computing Vanishing Ideals of Sample Points Bin Wu1,3, Yongjun Fu2 Department of Basic Course, Shanghai University of Finance and Economics Zhejiang College, Jinhua, 321013, China, E-mail: wubin876@yeah.net 2 Jinhua College of Vocation and Technology, Jinhua, 321000, China 3 Shanghai Key Laboratory of Trustworthy Computing, East China Normal University, Shanghai, 200062, China 1, First and Corresponding Author Abstract In this paper, we investigate the problem of generating invariants of hybrid systems. We present a new approach, for generating polynomial equation invariants of hybrid systems through computing vanishing ideal of sample points. The challenge is to deal with the continuous consecution of hybrid systems because of the existence of differential equations. Our approach avoids first-order quantifier elimination and cylindrical algebraic decomposition (CAD). From the preliminary experiment results, we demonstrate the feasibility of our approach. Keywords: Program Verification; Hybrid system; Invariant Generation; Vanishing Ideal 1. Introduction Hybrid systems are dynamic systems that exhibit both continuous and discrete dynamic behavior, and continuous dynamic behavior is generally described by differential equations. The verification of safety (invariance and reachability) properties plays a central role in the analysis of hybrid systems. This problem is very hard to computer even for the simplest case. In this paper, we present a new method for generating polynomial invariants of hybrid systems based on computing vanishing ideal of system sample points. Given a degree bound el of the potential polynomial invariants of hybrid system at each location e n l , we first get no more than l sample points by recording the values of system variables at n each location l , where n is the number of system variables. Then we apply Buchberger-Möller algorithm to compute the vanishing ideal of these sample points as candidate invariants (candidate may not be real invariant) at each location l . Subsequently, we verify the candidate invariants based on polynomial-scale discrete consecution and continuous consecution. Finally, we can either generate the polynomial invariants at each location l or conclude that the polynomial invariants at each location l with degree e' do not exist, where e' ( e) is the minimal degree of the polynomials in the vanishing ideals. Recent years, many methods have been proposed to generate invariants for hybrid systems. For linear hybrid systems, linear inductive invariants were generated by Tiwari [1] and were constructed by Halbwachs et al. [2] based on a specific abstract interpretation. In [3], Sankaranarayanan et al. presented a method to generate invariants for hybrid systems, which translated the invariant generation problem to a constraint solving problem. In [4], for hybrid systems with linear continuous dynamics, polynomial invariants were generated by a computational method using Gröbner Bases. Gulwani et al. [5] proposed a constraint-based technique for constructing invariants for hybrid systems. In [6], a method was firstly proposed to compute differential invariants of hybrid systems as fixedpoints. Parillo et al. [7] presented a powerful framework by semidefinite programming. Prajna et al. [8] addressed the safety-verification problem using the ideal of barrier certificates. The rest of the paper is organized as follows. In Section 2, we recall the notions of vanishing ideals International Journal of Digital Content Technology and its Applications(JDCTA) Volume6,Number4,March 2012 doi:10.4156/jdcta.vol6.issue4.31 252 Generating Invariants for Hybrid Systems by Computing Vanishing Ideals of Sample Points Bin Wu, Yongjun Fu for finitely many points, hybrid systems and (inductive) invariants. In Section 3, we present an efficient method to generate polynomial equation invariants for hybrid systems and an example is given. We conclude our results in Section 4. 2. Notation and Definitions This section contains a collection of definitions and facts about vanishing ideals of finitely many points and hybrid systems, which will be needed later. Throughout this paper, let K be a (commutative) field of characteristic zero , K [ x1 , , x n ] be the ring of polynomials in n in K [ x1 , , x n ] be the graded lexicographic order, and deg( f ) denote the total degree of a polynomial f K [ x1 , , x n ] . indeterminates x1 , , x n over K , the monomial order 2.1. Vanishing Ideals of Finitely Many Points Definition 1 (Ideal of Polynomials). A set I K [ x1 , , x n ] is an ideal in K [ x1 , , x n ] if for any f,gI and h K [ x1 , , x n ] , we have f gI and f h I . For h1 , , hr K [ x1 , , x n ] we denote by h1 , , hr the smallest ideal containing h1 , , hr , i.e. r h1 , , hr f i hi f i K [ x1 , , xn ]. i 1 If I h1 , , hr , we say that I is an ideal generated by h1 , , hr and that h1 , , hr is a basis of I . By Hilbert’ Basis Theorem, any ideal in K [ x1 , x n ] has a finite basis. We can compute Gröbner bases of ideals using Buchberger’s algorithm [9]. n Definition 2 (Vanishing Ideals of Finitely Many Points). Let A be a finite set of K . The vanishing ideal of the point set A is the ideal I ( A) { f K [ x1 , xn ] | f ( a ) 0, for all a A} of all the polynomials vanishing on each point in A . Buchberger and Möller presented an algorithm [10] to compute the reduced Gröbner basis of the vanishing idea for finite many points, based on Gaussian elimination on a generalized Vandermonde matrix. 2 4 Remark 1. Stated in [11], Buchberger-Möller algorithm is of polynomial time complexity O ( n s ) , where n is the dimension of the affine space and s is the number of points. 2.2. Hybrid Systems and Invariants We represent hybrid systems via hybrid automata [12]. Definition 3 (Hybrid System). A hybrid system is a tuple V , L, T , , D, Inv, l 0 , where V is a finite set of real-valued system variables, the number of variables( | V | ) is called the dimensionality of the system; L is a finite set of locations; T is a set of discrete transitions. Each transition T is a tuple l1 , l2 , , , where l1 , l 2 L are the pre- and post- locations of the transition. The transition relation is a first-order assertion over V V ' , where V denotes the current state variables and V ' denotes the next-state variables. is a first-order assertion over V which is the guard condition of the transition ; is a first-order assertion over V denoting the initial condition; D is a map that maps each location l L to a differential rule D ( l ) denoting an assertion 253 Generating Invariants for Hybrid Systems by Computing Vanishing Ideals of Sample Points Bin Wu, Yongjun Fu over V {v | v V } . The differential rule specifies the local evolution of variables during a local time interval. Inv is a map that maps each location l L to a location condition. Inv ( l ) denotes an assertion over V ; l0 L is an initial location. Definition 4 (Computation). A computation of a hybrid automaton is an infinite sequence of states li , xi L V : l0 , x0 , l1 , x1 , l 2 , x2 , such that l0 is the initial condition and x0 , and for two consecution states pair li , xi , li 1 , xi 1 , one of the following conditions is satisfied: Discrete Consecution: there exists a transition : l1 , l2 , T , such that l1 li , l2 li 1 and xi , xi 1 . Continuous Consecution: there exists differentiable function : [0, ] n l L and a time interval 0 , and a continuous and , such that (1) li li 1 l ; (2) (0) xi , ( ) xi 1 , and (t [0, ]), (t ) | Inv (l ) ; (3) (t [0, ]), ( t ), ( t ) | D (l ) . Example 1. Figure 1 shows a canonical example of a hybrid system called the bouncing ball, representing a ball bouncing on a soft floor ( y 0 ). The corresponding hybrid system is as follows: V { y , v y , }; L {l}; T { }, where l , l , 0 y 0 y ' y vy ( y 0 v y 16 0); vy 2 ' 0 ; D(l ) ( y v y v y 10 1); Inv (l ) ( y 0) The variable y is the position of the ball, v y is its velocity, and represents the time elapsed since its last bounce. A bounce is modeled by the transition , which means its velocity v y is halved and its directive is reversed. y 0, 0 v v y y , y 2 0 y l : y 0 y vy vy 10 1 Figure 1. A bouncing ball’s hybrid automaton An assertion, we mean a first-order formula over the system variables. We use the notation s | 254 Generating Invariants for Hybrid Systems by Computing Vanishing Ideals of Sample Points Bin Wu, Yongjun Fu . We will also write 1 | 2 for two assertions 1 , 2 to represent that 2 is true at least in all the states in which 1 is true. to denote that a state s satisfies an assertion Next, we introduce the notions of (inductive) invariants for hybrid systems. Definition 5 (Invariant). An invariant of the hybrid system at location l L is an assertion over V which holds at all reachable states at location l . Definition 6 (Inductive Invariant). Let be a hybrid system and D the domain of assertions. An assertion map for is a map : L D that associates each location of the hybrid system with (l ) . We say that is inductive if the following hold: Initiation: | (l0 ) ; Discrete Consecution: For each discrete transition l1 , l2 , , , we have (l1 ) | (l2 ) ' Continuous Consecution: For every location l L , and states l , x1 , l , x2 which x2 evolves from x1 according to the differential rule D ( l ) at l , if x1 | (l ) then x2 | (l ) . It is a well-known result [13] that if is an inductive assertion map then ( l ) is an invariant at location l for each l L . However, an invariant assertion is not necessarily inductive. an assertion In this paper, we are interested in finding inductive invariants of the form p (V ) 0 , where p (V ) is a polynomial over the system variables. For brevity, we shall use ( l ) to denote both the assertion p 0 and the polynomial p . In the sequel, we will use the following stronger but more practical discrete consecution condition defined in [3] or [14]. Definition 7 (Polynomial-Scale Discrete Consecution). Let l1 , l2 , be a discrete transition be an assertion map. We say satisfies polynomial-scale (PS) discrete consecution for if there exists a polynomial q over V such that | ( (l2 ) ' q (l1 ) 0) . and In particular, if deg( q ) = 0, polynomial-scale discrete consecution reduces to constant-scale discrete consecution. From Definition 7, to verify whether satisfies polynomial-scale discrete consecution, it suffices to check whether (l1 ) | (l2 ) ' . 3. Generating Invariants for Hybrid Systems In this section, we present an approach to generate polynomial equation invariants for hybrid systems by computing vanishing ideals of sample points. Our invariant generation method consists of the following steps: Step 1: We get a set Sl of sample points by recording the values of system variables at each location l . Step 2: We apply Buchberger-Möller algorithm to compute a Gröbner basis of the vanishing ideal I ( Sl ) of Sl , and take the polynomials in the basis of I ( Sl ) , or more exactly, the corresponding polynomial equalities as candidate invariants. Step 3: For each candidate invariant, we determine whether it is an invariant of the given hybrid system at location l by checking polynomial-scale discrete consecution and continuous consecution. 3.1. Getting a set of sample points The first step in our method is to get a set Sl of sample points for each location l . Let be a 255 Generating Invariants for Hybrid Systems by Computing Vanishing Ideals of Sample Points Bin Wu, Yongjun Fu hybrid system with m locations and n system variables. Given an upper bound el for the total l L . By a classical result from el n combinatorics, we need at most sample points to determine a candidate invariant in n n variables with total degree bound el . For the discrete consecution, we can get a set Sld containing no more than N ld sample points at location l by executing discrete consecution. For continuous consecution, we construct a system of differential equations based on differential rule D ( l ) . If the closed form solutions of it can be found, we will obtain a finite set Slc containing no more than N lc degree of its potential polynomial invariants at location sample points at location e n l from them, where Sl Sld Slc and N ld N lc l . n Example 2. For the system introduced in Example 1, set the degree bound of the polynomial invariants e n l to be el 2 , we need l 10 sample points. By running the discrete n consecution with the initial values ( y , v y , ) =(0, 16, 0), we get sample points: at the location Sld = {(0, 16, 0), (0,−8, 0), (0, 4, 0), (0,−2, 0), (0, 1, 0)}. For continuous consecution at location l , we abstract a system of differential equations via differential rule D ( l ) as follow: y (t ) v y (t ) v y (t ) 10 (t ) 1 with initial values y 0, v y 16, 0. Its closed form solutions are: y (t ) 5t 2 16t v y (t ) 10t 16 (t ) t (1) Consider the location condition Inv ( l ) ( y 0) , we get sample points: Slc ={(0, 16, 0), (3, 14, 0.2), (5.6, 12, 0.4), (7.8, 10, 0.6), (9.6, 8, 0.8),(11, 6, 1)}. Consequently, Sl = {(0, 16, 0), (0,−8, 0), (0, 4, 0), (0,−2, 0),(0, 1, 0), (3, 14, 0.2), (5.6, 12, 0.4), (7.8, 10, 0.6), (9.6, 8, 0.8),(11, 6, 1)}. 3.2. Computing vanishing ideal The second step in our technique is computing the vanishing ideal I ( Sl ) 1 ,r of the point set Sl as candidate invariants, where 1 ,r is a Gröbner basis of the ideal I ( Sl ) . In addition, we can get the minimal degree e '( e ) of all the polynomials in I ( Sl ) . Example 3. Apply Buchberger-Möller algorithm to get a vanishing ideal 1 ,2 ,3 ,4 of 10 sample points in Example 2 with respect to the graded lexicographical ordering y v y , where 256 Generating Invariants for Hybrid Systems by Computing Vanishing Ideals of Sample Points Bin Wu, Yongjun Fu 1 y 16 5 2 2 v y 16 10 2 3 6 3 5 3.4 4 1.8 3 0.4384 2 0.0384 4 5 11v 4y 110v 3y 440v 2y 704v y 1024 777600.0001 1922400.001 2 1746000.004 3 690000.0053 4100000.0026 5 3.3. Verifying the candidate invariants The third step in our approach is verifying whether each candidate in {1 0,r 0} is an actual invariant. Clearly, all the i satisfy Initiation condition, since they belong to the vanishing ideal of sample points of the hybrid system. Therefore, the remaining task is to determine whether i satisfies polynomial-scale discrete consecution and continuous consecution. For the polynomial-scale discrete consecution, according to Definition 7 we only need check whether i (l1 ) | i (l2 ) ' . For the continuous consecution, based on Definition 7 we will check whether the closed form solutions computed in Step 1 satisfy i 0 . As a result, we can either generate the polynomial invariants of total degree e or conclude that polynomial invariants with degree e ' do not exist. Example 4. For the polynomial-scale discrete consecution, we determine whether i ( y , v y , ) | i ( y ', vy , ') for i 1,2,3, 4 . We then get that i ( y , v y , ) | i ( y ', vy , ') for i 1, 2,3 and 4 ( y , v y , ) | 4 ( y ', vy , ') . In addition, for the continuous consecution, we check whether the closed form solutions (1) satisfy the candidates i ( y , v y , ) 0 for i 1, 2,3 . We then get that the solutions satisfy 1 0 and 2 0 . Finally, we obtain the invariants of the hybrid system : y 16 5 2 0 v y 16 10 2 0 ( y , v y , ) 0 is an ( y , v y , ) is e ' 2 . Moreover, we conclude if degree of the polynomials invariant of hybrid system , the minimal 4. Conclusions In this paper, we present a new method to generate polynomial equation invariants for hybrid systems. We first generate vanishing ideals of hybrid system sample points to get candidate invariants, then check whether the candidates satisfy polynomial-scale discrete consecution and continuous consecution based on Definition (6) and Definition (7). Finally, we obtain the polynomial equation invariants of hybrid systems. Our approach avoids first-order quantifier elimination and cylindrical algebraic decomposition as well as they do not depend on any abstraction interpretation methods. However, differential equations solving techniques are used to verify candidate invariants in our approach. It is well known that the differential equations are generally hard to solve. How to furtherly improve the efficiency of our method is still a big challenge and our main future work. 5. Acknowledgment We are so grateful to Dr. Min Wu and Dr. Zhengfeng Yang for their contribution to the previous work as well as lots of fruitful discussions on this work and valuable comments on the draft of this 257 Generating Invariants for Hybrid Systems by Computing Vanishing Ideals of Sample Points Bin Wu, Yongjun Fu paper. This research was partly supported by the NSFC projects No.90718041 and the Scientific Research Fund of Zhejiang Provincial Education Department No. Y201122194. 6. References [1] A. Tiwari, “Approximate reachability for linear systems,” in HSCC’2003: Hybrid Systems: Computation and Control, O. Maler and A. Pnueli, Eds., vol. 2623 of LNCS. Prague, The Czech Republic: Springer-Verlag, 2003, pp. 514–525. [2] N. Halbwachs, Y. erick Proy, and P. Roumanoff, “Verification of real-time systems using linear relation analysis,” Formal Methods in System Design, vol. 11, no. 2, pp. 157–185, 1997. [3] S. Sankaranarayanan, H. Sipma, and Z. Manna, “Constructing invariants for hybrid systems,” in HSCC’2004: Hybrid Systems: Computation and Control, R. Alur and G. J. Pappas, Eds., vol. 2993 of LNCS. Philadelphia, PA, USA: Springer-Verlag, 2004, pp. 539–554. [4] E. Rodr´ıguez-Carbonell and A. Tiwari, “Generating polynomial invariants for hybrid systems,” in HSCC’2005: Hybrid Systems: Computation and Control, M. Morari and L. Thiele, Eds., vol. 3414 of LNCS. Zurich, Switzerland: Springer-Verlag, 2005, pp. 590–605. [5] S. Gulwani and A. Tiwari, “Constraint-based approach for analysis of hybrid systems,” in CAV’2008: 20th International Conference on Computer Aided Verification, A. Gupta and S. Malik, Eds., vol. 5123 of LNCS. Princeton, NJ, USA: Springer-Verlag, 2008, pp. 190–203. [6] A. Platzer and E. M. Clarke, “Computing differential invariants of hybrid systems as fixedpoints,” in CAV’2008: 20th International Conference on Computer Aided Verification, A. Gupta and S. Malik, Eds., vol. 5123 of LNCS. Princeton, NJ, USA: Springer-Verlag, 2008, pp. 176–189. [7] P. A. Parrilo, “Semidefinite programming relaxations for semialgebraic problems,” Mathematical Programming Series B, vol. 96, no. 2, pp. 293–320, 2003. [8] S. Prajna and A. Jadbabaie, “Safety verification of hybrid systems using barrier certificates,” in HSCC’2004: Hybrid Systems: Computation and Control, R. Alur and G. J. Pappas, Eds., vol. 2993 of LNCS. Philadelphia, PA, USA: Springer-Verlag, 2004, pp. 477–492. [9] B. Buchberger, “Gröbner-bases: An algorithmic method in polynomial ideal theory.” in Multidimensional Systems Theory - Progress, Directions and Open Problems in Multidimensional Systems. Reidel Publishing Company, Dodrecht – Boston - Lancaster, 1985, pp. 184–232. [10] H. M. Möller and B. Buchberger, “The construction of multivariate polynomials with preassigned zeros,” in EUROCAM’ 1982: European Computer Algebra Conference, J. Calmet, Ed., vol. 144 of LNCS. Marseille, France: Springer, Berlin-New York, 1982, pp. 24–31. [11] M. G. Marinari, H. M. Möller, and T. Mora, “Gröbner bases of ideals defined by functionals with an application to ideals of projective points,” Applicable Algebra in Engineering, Communication and Computing, vol. 4, no. 2, pp. 103–145, 1993. [12] T. A. Henzinger, “The theory of hybrid automata,” in LICS’ 1996: Proceedings of the 11th Annual IEEE Symposium on Logic in Computer Science, 1996, pp. 278–292. [13] R. W. Floyd, “Assigning meanings to programs,” in Mathematical Aspects of Computer Science, ser. Proceedings of Symposia in Applied Mathematics, J. T. Schwartz, Ed., vol. 19. Providence, Rhode Island: American Mathematical Soecity, 1967, pp. 19–32. [14] S. Sankaranarayanan, H. B. Sipma, and Z. Manna, “Nonlinear loop invariant generation using gröbner bases,” in POPL’2004: Proceedings of the 31st ACM SIGPLANSIGACT symposium on Principles of programming languages. Venice, Italy: ACM Press, New York, NY, 2004, pp. 318–329. [15] Duolin Liu, "E-commerce System Security Assessment Based on Grey Relational Analysis Comprehensive Evaluation", JDCTA: International Journal of Digital Content Technology and its Applications, Vol. 5, No. 10, pp. 279-284, 2011. [16] Yuan Jiang, Dongming Jiang, "The Security Assessment Method of Wireless Sensor Network with Interval Grey Linguistic Variables", JDCTA: International Journal of Digital Content Technology and its Applications, Vol. 5, No. 10, pp. 389-395, 2011 [17] Wang Jinbo, Liu Xuefeng, Deng Ming, "A Framework of Knowledge Management System for Support Decision Making on Web-enabled Environment", JCIT, Vol. 6, No. 7, pp. 133-139, 2011. [18] Kaihong Guo, Wenli Li, "A C-OWA Operator-based Method for Aggregating Intuitionistic Fuzzy Information and Its Application to Decision Making under Uncertainty", JDCTA, Vol. 4, No. 7, pp. 140-147, 2010. 258
© Copyright 2024