Unbounded-Time Analysis of Guarded LTI Systems with Inputs by Abstract Acceleration [chapter]

Dario Cattaruzza, Alessandro Abate, Peter Schrammel, Daniel Kroening
2015 Lecture Notes in Computer Science  
Linear Time Invariant (LTI) systems are ubiquitous in software systems and control applications. Unbounded-time reachability analysis that can cope with industrial-scale models with thousands of variables is needed. To tackle this general problem, we use abstract acceleration, a method for unboundedtime polyhedral reachability analysis for linear systems. Existing variants of the method are restricted to closed systems, i.e., dynamical models without inputs or non-determinism. In this paper, we
more » ... present an extension of abstract acceleration to linear loops with inputs, which correspond to discrete-time LTI control systems, and further study the interaction with guard conditions. The new method relies on a relaxation of the solution of the linear dynamical equation that leads to a precise over-approximation of the set of reachable states, which are evaluated using support functions. In order to increase scalability, we use floating-point computations and ensure soundness by interval arithmetic. Our experiments show that performance increases by several orders of magnitude over alternative approaches in the literature. In turn, this tremendous gain allows us to improve on precision by computing more expensive abstractions. We outperform state-of-theart tools for unbounded-time analysis of LTI system with inputs in speed as well as in precision. to safety problems. The first approach is to attempt to infer a loop invariant, i.e., an inductive set of states that includes all reachable states. If the computed invariant is disjoint from the set of bad states, this proves that the latter are unreachable and hence that the loop is safe. However, analysers frequently struggle to obtain an invariant that is precise enough with acceptable computational cost. The problem is evidently exacerbated by the presence of non-determinism in the loop, which corresponds to the case of open systems. Prominent representatives of this analysis approach include Passel [30] , Sting [7], and abstract interpreters such as Astrée [2] and InterProc [28] . The second approach is to surrender exhaustive analysis over the infinite time horizon, and to restrict the exploration to system dynamics up to some given finite time bound. Bounded-time reachability is decidable, and decision procedures for the resulting satisfiability problem have made much progress in the past decade. The precision related to the bounded analysis is offset by the price of uncertainty: behaviours beyond the given time bound are not considered, and may thus violate a safety requirement. Representatives are STRONG [11] and SpaceEx [16] . The goal of this paper is to push the frontiers of unbounded-time reachability analysis: we aim at devising a method that is able to reason soundly about unbounded trajectories. We present a new approach for performing abstract acceleration. Abstract acceleration [21, 22, 29] captures the effect of an arbitrary number of loop iterations with a single, non-iterative transfer function that is applied to the entry state of the loop (i.e., to the set of initial conditions of the linear dynamics). The key contribution of this paper is to lift the restriction of [29] to closed systems, and thus to allow for the presence of non-determinism. We summarise next the contributions of this work:
doi:10.1007/978-3-662-48288-9_18 fatcat:yphi3muwobclznwsqprerzt5py