Alexandre Donzé

SpaceEx: scalable verification of hybrid systems

We present a scalable reachability algorithm for hybrid systems with piecewise affine, non-deterministic dynamics. It combines polyhedra and support function representations of continuous sets to compute an over-approximation of the reachable states. The algorithm improves over previous work by using variable time steps to guarantee a given local error bound. In addition, we propose an improved approximation model, which drastically improves the accuracy of the algorithm. The algorithm is implemented as part of SpaceEx, a new verification platform for hybrid systems, available at spaceex.imag.fr. Experimental results of full fixed-point computations with hybrid systems with more than 100 variables illustrate the scalability of the approach.

Robust satisfaction of temporal logic over real-valued signals

We consider temporal logic formulae specifying constraints in continuous time and space on the behaviors of continuous and hybrid dynamical system admitting uncertain parameters. We present several variants of robustness measures that indicate how far a given trajectory stands, in space and time, from satisfying or violating a property. We present a method to compute these robustness measures as well as their sensitivity to the parameters of the system or parameters appearing in the formula. Combined with an appropriate strategy for exploring the parameter space, this technique can be used to guide simulation-based verification of complex nonlinear and hybrid systems against temporal properties. Our methodology can be used for other non-traditional applications of temporal logic such as characterizing subsets of the parameter space for which a system is guaranteed to satisfy a formula with a desired robustness degree.

Breach, a toolbox for verification and parameter synthesis of hybrid systems

We describe Breach, a Matlab/C++ toolbox providing a coherent set of simulation-based techniques aimed at the analysis of deterministic models of hybrid dynamical systems The primary feature of Breach is to facilitate the computation and the property investigation of large sets of trajectories It relies on an efficient numerical solver of ordinary differential equations that can also provide information about sensitivity with respect to parameters variation The latter is used to perform approximate reachability analysis and parameter synthesis A major novel feature is the robust monitoring of metric interval temporal logic (MITL) formulas The application domain of Breach ranges from embedded systems design to the analysis of complex non-linear models from systems biology.

Systematic Simulation Using Sensitivity Analysis

In this paper we propose a new technique for verification by simulation of continuous and hybrid dynamical systems with uncertain initial conditions. We provide an algorithmic methodology that can, in most cases, verify that the system avoids a set of bad states by conducting a finite number of simulation runs starting from a finite subset of the set of possible initial conditions. The novelty of our approach consists in the use of sensitivity analysis, developed and implemented in the context of numerical integration, to efficiently characterize the coverage of sampling trajectories.

Verification of Analog and Mixed-Signal Circuits Using Hybrid System Techniques

In this paper we demonstrate a potential extension of formal verification methodology in order to deal with time-domain properties of analog and mixed-signal circuits whose dynamic behavior is described by differential algebraic equations. To model and analyze such circuits under all possible input signals and all values of parameters, we build upon two techniques developed in the context of hybrid (discrete-continuous) control systems. First, we extend our algorithm for approximating sets of reachable sets for dense-time continuous systems to deal with differential algebraic equations (DAEs) and apply it to a biquad low-pass filter. To analyze more complex circuits, we resort to bounded horizon verification. We use optimal control techniques to check whether a Δ-Σ modulator, modeled as a discrete-time hybrid automaton, admits an input sequence of bounded length that drives it to saturation.

Robustness Analysis and Behavior Discrimination in Enzymatic Reaction Networks

Characterizing the behavior and robustness of enzymatic networks with numerous variables and unknown parameter values is a major challenge in biology, especially when some enzymes have counter-intuitive properties or switch-like behavior between activation and inhibition. In this paper, we propose new methodological and tool-supported contributions, based on the intuitive formalism of temporal logic, to express in a rigorous manner arbitrarily complex dynamical properties. Our multi-step analysis allows efficient sampling of the parameter space in order to define feasible regions in which the model exhibits imposed or experimentally observed behaviors. In a first step, an algorithmic methodology involving sensitivity analysis is conducted to determine bifurcation thresholds for a limited number of model parameters or initial conditions. In a second step, this boundary detection is supplemented by a global robustness analysis, based on quasi-Monte Carlo approach that takes into account all model parameters. We apply this method to a well-documented enzymatic reaction network describing collagen proteolysis by matrix metalloproteinase MMP2 and membrane type 1 metalloproteinase (MT1-MMP) in the presence of tissue inhibitor of metalloproteinase TIMP2. For this model, our method provides an extended analysis and quantification of network robustness toward paradoxical TIMP2 switching activity between activation or inhibition of MMP2 production. Further implication of our approach is illustrated by demonstrating and analyzing the possible existence of oscillatory behaviors when considering an extended open configuration of the enzymatic network. Notably, we construct bifurcation diagrams that specify key parameters values controlling the co-existence of stable steady and non-steady oscillatory proteolytic dynamics.

Parameter Synthesis for Hybrid Systems with an Application to Simulink Models

This paper addresses a parameter synthesis problem for nonlinear hybrid systems. Considering a set of uncertain parameters and a safety property, we give an algorithm that returns a partition of the set of parameters into subsets classified as safe, unsafe, or uncertain, depending on whether respectively all, none, or some of their behaviors satisfy the safety property. We make use of sensitivity analysis to compute approximations of reachable sets and an error control mechanism to determine the size of the partition elements in order to obtain the desired precision. We apply the technique to Simulink models by combining generated code with a numerical solver that can compute sensitivities to parameter variations. We present experimental results on a non-trivial Simulink model of a quadrotor helicopter.

Statistical Model Checking of Mixed-Analog Circuits with an Application to a Third Order Δ – Σ Modulator

In this paper, we consider verifying properties of mixed-signal circuits, i.e., circuits for which there is an interaction between analog (continuous) and digital (discrete) quantities. We follow the statistical Model Checking approach of [You05, You06] that consists of evaluating the property on a representative subset of behaviors, generated by simulation, and answering the question of whether the circuit satisfies the property with a probability greater than or equal to some value. The answer is correct up to a certain probability of error, which is pre-specified. The method automatically determines the minimal number of simulations needed to achieve the desired accuracy, thus providing a convenient way to control the trade-off between precision and computational cost. We propose a logic adapted to the specification of properties of mixed-signal circuits, in the temporal domain as well as in the frequency domain. Our logic is unique in that it allows us to compare the Fourier transform of two signals. We demonstrate the applicability of the method on a model of a third order Δ *** Σ modulator for which previous formal verification attempts were too conservative and required excessive computation time.

Parameter Synthesis in Nonlinear Dynamical Systems: Application to Systems Biology

The dynamics of biological processes are often modeled as systems of nonlinear ordinary differential equations (ODE). An important feature of nonlinear ODEs is that seemingly minor changes in initial conditions or parameters can lead to radically different behaviors. This is problematic because in general it is never possible to know/measure the precise state of any biological system due to measurement errors. The parameter synthesis problem is to identify sets of parameters (including initial conditions) for which a given system of nonlinear ODEs does not reach a given set of undesirable states. We present an efficient algorithm for solving this problem that combines sensitivity analysis with an efficient search over initial conditions. It scales to high-dimensional models and is exact if the given model is affine. We demonstrate our method on a model of the acute inflammatory response to bacterial infection, and identify initial conditions consistent with 3 biologically relevant outcomes.

On simulation-based probabilistic model checking of mixed-analog circuits

In this paper, we consider verifying properties of mixed-signal circuits, i.e., circuits for which there is an interaction between analog (continuous) and digital (discrete) values. We use a simulation-based approach that consists of evaluating the property on a representative subset of behaviors and answering the question of whether the circuit satisfies the property with a probability greater than or equal to some threshold. We propose a logic adapted to the specification of properties of mixed-signal circuits in the temporal domain as well as in the frequency domain. We also demonstrate the applicability of the method on different models of Δ–Σ modulators for which previous formal verification attempts were too conservative and required excessive computation time.