Approximation Metrics for Discrete and Continuous Systems Antoine Girard and George J. Pappas VERIMAG Workshop “Topics in Computation and Control” March 27 th 2006, Santa Barbara, CA, USA

Safety Verification Language of S: set of observed trajectories of S. Reachable set of S: subset of observations reached by trajectories of S. Safety verification problem or Reachability problem A general system S with observations: SafeUnsafe

S 2 is safe What is Abstraction? All the trajectories of S 1 are trajectories of S 2. (i.e. L(S 1 )  L(S 2 )). Then, Reach(S1)  Reach(S2). Given a (complicated) system S 1, we compute a (simple) system S 2 :  S 1 is safe

Hierarchy of Abstraction Bisimulation relation: S 1  S 2 Simulation relation: S 1  S 2 Language equivalence: L(S 1 ) = L(S 2 ) Language inclusion: L(S 1 )  L(S 2 ) Reachability equivalence: Reach(S 1 ) = Reach(S 2 ) Reachability inclusion: Reach(S 1 )  Reach(S 2 )

From Abstraction to Approximation The previous notions of abstraction are all exact: When dealing with continuous and hybrid systems: - Uncertain parameters, - Noisy inputs. Notions of abstraction become restrictive and not robust. Notions of approximation seem more appropriate. Notions of approximation need metrics. Each trajectory of S1 is a trajectory of S2. Each trajectory of S1 has a neighboring trajectory of S2.

Outline of the Talk 1.Approximation metrics for transition systems - Hierarchy of approximation metrics - Computational framework 2. Applications to safety verification: - Approximation of continuous systems - Safety verification using simulation

A transition system consists of A set of states Q A subset of initial states Q 0  Q A set of events Σ The transition relation A set of observations Π The observation map  q  = π We assume systems to be non-blocking, possibly nondeterministic. The sets Q, Σ, and Π may be infinite. Modeling framework for discrete, continuous and hybrid systems. Transition Systems

A quantitative theory of approximations requires metrics. A transition system is a called metric transition system if The set of states has a metric d Q : Q x Q  R + The set of events has the discrete metric The set of observations has a metric d Π : Q x Q  R + + some regularity assumptions. Metric Transition Systems

Relevant question for the safety verification problem: Since Reach(S 1 ), Reach(S 2 )  Π which is a metric space where h , h denote Hausdorff distances. Reachability Metrics How well Reach(S1) is approximated by Reach(S2) ?

Application to Safety Verification Reach(S 1 )  N(Reach(S 2 ),δ) where δ = d R  (S 1,S 2 ) Reach(S 2 )  N(Π U,δ) =   Reach(S 1 )  Π U =  Any S 2, such that d R (S 1,S 2 )  η/2, allows to verify that S 1 is safe where η = dist(Reach(S 1 ),Π U ). The more robustly safe S 1, the more approximations are allowed, the easier the safety verification.

More complex properties: language approximation is more appropriate. Lifting the metric d Π to sequences (in the infinity sense): Reachability and language metrics are useful but difficult to compute. Language Metrics

Consider two transition systems and let δ  0 be given R  Q 1 x Q 2 is a δ - approximate simulation relation if it 1. respects observations:if (q 1,q 2 )  R then d Π (  q 1  1,  q 2  2 )  δ 2. respects transitions: if (q 1,q 2 )  R then For δ = 0, we recover the usual notion of exact simulation. Approximate Simulation

If  q 1  Q 1 0,  q 2  Q 2 0 such that (q 1,q 2 )  R then we say that Tightest precision with which S 2 approximately simulates S 1  Simulation metric Under some regularity assumptions: S 2 approximately simulates S 1 with precision δ: S 1  δ S 2 Simulation Metric

Symmetric version of approximate simulation: approximate bisimulation Tightest precision with which S 1 and S 2 are approximately bisimilar  Bisimulation metric Under some regularity assumptions: Bisimulation Metric

Hierarchy of Approximation Metrics Bisimulation metric: d B (S 1,S 2 ) Simulation metric: d S  (S 1,S 2 ) Undirected language metric: d L (S 1,S 2 ) Directed language metric: d L  (S 1,S 2 ) Undirected reachability metric: d R (S 1,S 2 ) Directed reachability metric: d R  (S 1,S 2 ) A. Girard, G.J. Pappas, Approximation metrics for discrete and continuous systems, TAC, accepted.

Zero Sections Bisimulation relation: S 1  S 2 Simulation relation: S 1  S 2 Language equivalence: cl(L(S 1 )) = cl(L(S 2 )) Language inclusion: cl(L(S 1 ))  cl(L(S 2 )) Reachability equivalence: cl(Reach(S 1 )) = cl(Reach(S 2 )) Reachability inclusion: cl(Reach(S 1 ))  cl(Reach(S 2 ))

How do we compute of the simulation and bisimulation metrics ? Dual approach to the relations based on functions: A (bi)-simulation function is a function V: Q 1 x Q 2  R +  { +  }, R V (δ) = { (q 1,q 2 ) | V (q 1,q 2 )  δ } is a δ-approximate (bi)-simulation relation Then, the (bi)-simulation metrics can be bounded by Computational Framework

Characterization of bisimulation functions: Minimal bisimulation function: smallest function satisfying equation For the minimal bisimulation function Minimal bisimulation function hard to compute for infinite state systems. Bisimulation functions

Outline of the Talk 1.Approximation metrics for transition systems - Hierarchy of approximation metrics - Computational framework 2. Applications to safety verification: - Approximation of continuous systems - Safety verification using simulation

Continuous Dynamics S generates the transition system T = (Q, Q 0, Σ, , Π, .  ) where The set of states Q = R n The subset of initial states Q 0 = I The set of labels Σ = R + The transition relation is given by The set of observations Π = R p The observation map  x  = g(x)

Bisimulation functions is a bisimulation function if and only if

Bisimulation function: Example

Indeed, And Then, Since, Example

For bisimulation functions of the form we get Constrained Linear Systems

We search bisimulation functions of the form Decomposition transient/asymptotic error Characterization For some λ > 0. Truncated Quadratic Functions A. Girard, G.J. Pappas, Approximate bisimulations for constrained linear systems, CDC 2005.

Truncated Quadratic Functions Universal for stable constrained linear systems: Two stable constrained linear systems are approximately bisimilar. (but the precision can be very bad!) Characterization allows to derive computationally effective algorithms. Generalizable to non-stable systems: two systems are approximately bisimilar iff their unstable subsystems are exactly bisimilar.

MATISSE MATLAB toolbox Functionalities: - Computes a bisimulation function between a system and its projection. - Evaluates the bisimulation distance between a system and its projection. - Finds a good projection of a system (given the desired dimension). - Performs reachability computations using zonotopes. Available at Metrics for Approximate TransItion Systems Simulation and Equivalence

MATISSE Example of application: safety verification of a ten-dimensional system Metrics for Approximate TransItion Systems Simulation and Equivalence A. Girard, G.J. Pappas, Approximate bisimulation relations for constrained linear systems, Submitted dimensional original system 5-dimensional approximation 7-dimensional approximation

Computational method for nonlinear autonomous systems (SOS) Characterization of approximate simulation for hybrid systems Theoretical framework, computational methods for stochastic linear dynamical/hybrid systems (with stochastic jumps) Extensions A. Girard, G.J. Pappas, Approximate bisimulations for nonlinear dynamical systems, CDC A.A. Julius, A. Girard, G.J. Pappas, Approximate bisimulation for a class of stochastic hybrid systems, ACC Talk on Wednesday: A.A. Julius, Approximate abstraction of stochastic hybrid automata, HSCC A. Girard, A.A Julius, G.J. Pappas, Approximate simulation relations for hybrid systems, ADHS 2006.

Outline of the Talk 1.Approximation metrics for transition systems - Hierarchy of approximation metrics - Computational framework 2. Applications to safety verification: - Approximation of continuous systems - Safety verification using simulation

Let us consider a metric transition system A pseudo-metric d B on the set of states Q: d B (q, q) = 0 d B (q 1, q 2 ) = d B (q 2,q 1 ) d B (q 1, q 3 )  d B (q 1, q 2 ) + d B (q 2, q 3 ) is a bisimulation metric if there exists > 1 Bisimulation metric  pseudo-metric + bisimulation function. Back to Transition Systems

The bisimulation metric allows to sample subsets of Q Simulation-based reachability : - sample the set of initial states - sample of the successor operators Simulation-based Reachability

Post(q 0 2 ) Post(q 0 1 ) Q0Q0 Simulation-based reachability: let δ  δ/λ + ε Simulation-based Reachability q01q01 q02q02 q11q11 q12q12 q13q13

Q0Q0 Because d is a bisimulation metric we can show that Then, it follows that Simulation-based Reachability q01q01 q02q02 q11q11 q12q12 q13q13 Talk on Friday: A. Girard, G.J. Pappas, Verification using Simulation, HSCC 2006.

Unified (discrete/continuous) framework for system approximation. Approximation as a relaxation of abstraction: - metrics instead of relations. - more significant complexity reduction. Approach based on bisimulation functions - Lyapunov like characterization - computational methods (LMIs, SOS, Games) Robustness of the safety of the original system is critical for the amount of approximations that can be done. Conclusion