Antoine Girard VAL-AMS Project Meeting April 2007 Behavioral Metrics for Simulation-based Circuit Validation

Time Domain Properties of Circuits Use Linear or Metric Temporal Logic Transient dynamics analysis: Desired performance characteristics: 1.Maximum overshoot 2.Rise time 3.Delay time 4.Settling time 5.Constraints on input/states 6.Response sensitivity

Time Domain Properties of Circuits System: Step input (t > 0) : Steady state at t = 0 - : Property: from Zhi Han’s PhD Thesis 2005

Computer Aided Techniques for Circuit Validation Model based validation of time domain properties of circuits and systems: - Specifications: Temporal Logic Formula. - For a set of possible initial states, inputs and parameters. Testing: - Simulate a (large) number of trajectories. - Does each trajectory satisfies the specification ? - No validation proof: notion of coverage. Reachability based verification: - Compute the (infinite) set of all possible trajectories. - Does each trajectory satisfies the specification ? - Formal proof. Intermediate approach: - Can we build a formal proof from a finite number of trajectories ?

Verification using Simulation Following the approach presented in: Fainekos, Girard and Pappas, Temporal logic verification using simulation, FORMATS Behavioral metrics: reachable set covering Can I compute a finite number of trajectories y 1,…,y N and parameters e 1,…,e N such that Quantitative interpretation of temporal logic formula: robustness degree [  ](y) How much can I perturb the trajectory y and the property  remains true / false ? Circuit validation:

Outline of the Talk Behavioral metrics. Quantitative interpretation of temporal logics Algorithms for circuits validation.

Behavioral Metrics Discrete time dynamical system with continuous/discrete inputs. Distance between trajectories starting from neighbour states, for neighbour sequences of inputs, remains small. Notion of behavioral metrics a.k.a. - Contraction metrics (Slotine) -  - ISS Lyapunov functions (Angeli) - Bisimulation functions (Girard & Pappas)

Behavioral Metrics Behavioral metric: function V: R n × R n  R + such that with 0< <1 and  0. Intuitively the function V : - bounds the distance between observations. - decreases under the evolution of the system.

Behavioral Metrics - Example I Transmission Line Model Behavioral metric exists:

Behavioral Metrics - Example II Boost DC/DC Converter

Behavioral Metrics - Example III Electrical oscillator with half-wave rectifier Behavioral metrics for LCS ? Use results on Lyapunov stability of LCS:

Reachable Set Covering Assume for simplicity that I={x 0 }, sample the set of inputs U : Build the simulation tree :

Reachable Set Covering Then for any trajectory y 0,...y N, of S, there exists a path q 0,...,q N in the simulation tree such that Good point: any accuracy can be achieved by choosing  fine enough ! Bad point: number of points in the simulation tree is exponential in time horizon N ! - Solution: construction of the tree guided by the property to be verified.

Outline of the Talk Behavioral metrics. Quantitative interpretation of temporal logics Algorithms for circuits validation.

Metric Temporal Logic (MTL) I can be of any bounded or unbounded interval of N. i.e. I = [0,+  ), I = [2,9] Syntax: Boolean Semantics: Fainekos, Pappas: Robustness of Temporal Logic Specifications, 2006

But the Boolean truth value is not enough … MTL Spec:  ((x  -10)    2 (x  10)) MTL Spec:  ((x  -10)    2 (x  10)) Fainekos, Pappas: Robustness of Temporal Logic Specifications, 2006

Syntax: Robust Semantics: Robust Semantics for MTL I can be of any bounded or unbounded interval of N. i.e. I = [0,+  ), I = [2,9] Fainekos, Pappas: Robustness of Temporal Logic Specifications, 2006

Robust and Boolean Semantics for MTL Proposition: Let Φ be an MTL formula and T be a signal, then Theorem: Let Φ be an MTL formula and T be a signal, then N Fainekos, Pappas: Robustness of Temporal Logic Specifications, 2006

Outline of the Talk Behavioral metrics. Quantitative interpretation of temporal logics Algorithms for circuits validation.

Circuit Validation Let us define the robustness of the property Φ over the trajectories of S : Build the simulation tree with sampling parameter  : for any trajectory y 0,...y N, of S, there exists a path q 0,...,q N in the simulation tree The property is verified / falsified if The number of nodes in the simulation tree is

The previous algorithm allows to sample uniformly the reachable set When interested in property verification, we can adapt locally the sampling to increase efficiency. e.g. for safety property: - use coarse sampling when far from the unsafe set - use fine sampling when near the unsafe set This multiresolution sampling of the reachable set is obtained by the procedure: - start with a coarse simulation graph - refine adaptively in regions where it is needed Property guided Simulation

Multiresolution simulation graph : Property guided Simulation

Mark the unsafe states : Property guided Simulation

Refinement procedure: Property guided Simulation

Refinement procedure: Property guided Simulation

Refinement procedure: Property guided Simulation

until you can conclude. Property guided Simulation

Three-dimensional linear system: Example Unsafe = {x 2  -7.4}Unsafe = {x 2  -7} Unsafe = {x 2  -6.2}Unsafe = {x 2  -5.8}

Verification of infinite state systems using simulation Based on the notion of behavioral metrics Computational cost related to the robustness of the system - the more robust, the easier the computation - for very robust system, verification requires one simulation Future work (in VAL-AMS project) - computation of behavioral metrics for LCS - interface with SICONOS - algorithms for computing “smartly” the simulation tree. - deeper analysis of the computational cost. Conclusions