Conference PaperPDF Available

Abstract and Figures

Metric Temporal Logic (MTL) specifications can capture complex state and timing requirements. Given a nonlinear dynamical system and an MTL specification for that system, our goal is to find a trajectory that violates or satisfies the specification. This trajectory can be used as a concrete feedback to the system designer in the case of violation or as a trajectory to be tracked in the case of satisfaction. The search for such a trajectory is conducted over the space of initial conditions, system parameters and input signals. We convert the trajectory search problem into an optimization problem through MTL robust semantics. Robustness quantifies how close the trajectory is to violating or satisfying a specification. Starting from some arbitrary initial condition and parameter and given an input signal, we compute a descent direction in the search space, which leads to a trajectory that optimizes the MTL robustness. This process can be iterated to reach local optima (min or max). We demonstrate the method on examples from the literature.
Content may be subject to copyright.
Functional Gradient Descent Method for Metric Temporal Logic
Specifications
Houssam Abbas, Andrew Winn, Georgios Fainekos and A. Agung Julius
Abstract Metric Temporal Logic (MTL) specifications can
capture complex state and timing requirements. Given a nonlin-
ear dynamical system and an MTL specification for that system,
our goal is to find a trajectory that violates or satisfies the
specification. This trajectory can be used as a concrete feedback
to the system designer in the case of violation or as a trajectory
to be tracked in the case of satisfaction. The search for such
a trajectory is conducted over the space of initial conditions,
system parameters and input signals. We convert the trajectory
search problem into an optimization problem through MTL
robust semantics. Robustness quantifies how close the trajectory
is to violating or satisfying a specification. Starting from some
arbitrary initial condition and parameter and given an input
signal, we compute a descent direction in the search space,
which leads to a trajectory that optimizes the MTL robustness.
This process can be iterated to reach local optima (min or max).
We demonstrate the method on examples from the literature.
I. INTRODUCTION
The development of control laws for nonlinear systems
still remains a formidable challenge despite the wealth of re-
sults on nonlinear control. Many practitioners and researchers
still prefer to use classic optimal control [1] and Proportional-
Integral-Derivative (PID) control [2]. There are a number
of reasons for such a choice. The most important one is
that such methods are automatic or almost automatic and,
especially in industry, the control engineers might desire
to avoid complex mathematical derivations. In other cases,
PID control is sufficient to achieve the desired results [3] or
accurate mathematical models might not be available.
Usually, Model-Based Development (MBD) software
tools, like Simulink Design OptimizationTM, can search over
system parameters so that the system output satisfies certain
time and frequency domain specifications. S-TALIRO [4]
and BREACH [5] can be used for both falsification and
open loop control design for temporal logic specifications.
In particular, Metric Temporal Logic (MTL) [6] can capture
requirements on the correct sequencing of events, conditional
reachability, safety requirements and real-time constraints
between various events. In the MTL falsification problem
you are given a formal requirement in MTL and the goal
is to find system operating conditions and parameters that
generate behaviors which do not satisfy the requirements. In
[7], the robustness value of an MTL formula [8] with respect
This work was partially supported by the NSF awards CNS-1116136,
CNS-1218109, CNS-1319560 and by the Department of Defense SMART
Scholarship.
H. Abbas and G. Fainekos are with the Schools of Engineering at Arizona
State University, Tempe, AZ, E-mail: {hyabbas,fainekos}@asu.edu
A. Winn and A. A. Julius are with the Department of Electrical,
Computer, and Systems Engineering at Rensselaer Polytechnic Institute,
Troy, NY, E-mail: winna@rpi.edu, agung@ecse.rpi.edu
to a system simulation is considered as the cost function
for an optimization problem. By minimizing the robustness
value over the system simulations one can discover incorrect
or non-robust system behaviors, and by maximizing the
robustness value one can synthesize robust optimal control
trajectories with respect to the MTL specification, all within
the same framework.
All the aforementioned tools treat the system as a black-
box in order to handle systems of arbitrary complexity. They
need an accurate system simulator and, usually, as the fidelity
of the model increases so does the simulation time. Thus, the
total number of simulations needed before simulation-based
tools can provide an answer becomes critical.
In [9], the first steps were taken towards addressing the
problem of reducing the number of simulations for the MTL
falsification problem. That work dealt with deterministic
autonomous nonlinear systems where the search space was
the set of initial conditions (and any parameters) x0of
the system. If f(x0)denotes the MTL robustness value of
the trajectory starting from x0, then the goal of [9] was
to compute a vector dsuch that f(x0+d)< f(x0). In
this paper, the search space consists of the set of initial
conditions x0in RNand the set of square-integrable input
signals of duration T > 0. If a trajectory is computed starting
from an initial condition x0and under a given input signal
u(·)yields property robustness f(x0, u), then a descent
element (dx0, du)should be computed so that starting from
x0+dx0and under input u+du, the trajectory has robustness
f(x0+dx0, u +du)< f (x0, u).
Our solution combines the previous works in [9], [10]. In
brief, the work in [10] deals with the problem of optimizing
a differentiable integral cost function over the output trajec-
tories of the system starting from a given input signal. The
method is based on the calculus of variations, but it uses a
gradient descent based approach to solve the optimization
problem without formulating the optimality conditions given
by the Minimum Principle.
Contributions: In this paper, we present a method for the
computation of descent directions for reducing specification
robustness for nonlinear dynamical systems. In particular,
given an arbitrary MTL specification, we determine a crit-
ical point on the system trajectory which if changed, then
the MTL robustness will be changed as well. We derive
the equations which, given (x, u), will give a descent di-
rection (dx, du)that provably reduces robustness. Finally,
we demonstrate the applicability of our approach on some
nonlinear models from the literature.
2014 American Control Conference (ACC)
June 4-6, 2014. Portland, Oregon, USA
978-1-4799-3274-0/$31.00 ©2014 AACC 2312
II. PROB LEM FORMULATION
We consider a dynamical system with state xXRn
˙x=F(t, x, u)(1)
for a C1flow F:R×Rn×RmRnwith initial conditions
x0X0, and control input signal uL2[0, T ]which takes
values in a bounded subset Uof Rm:u(t)Ut.Tis
the trajectory duration, and is fixed throughout this paper, so
we may write L2without ambiguity. As explained earlier,
x0can include any system parameters (which are assumed
constant throughout a simulation). The letter wwill denote
an element w= (x0, u)of X0×L2. Standard assumptions
apply - see [9], [10].
Assumption 2.1: For every w= (x, u)X0×L2, there
exists a unique solution sw(·) :7→ Rnto the ODE (1). The
solution swis absolutely continuous. The flow Fis locally
bounded, that is, for all compact subsets S[0, T ]×X0×U,
there exists m > 0such that F(S)mB, where Bis the
unit ball centered at 0.
We formally capture specifications regarding the correct
system behavior using Metric Temporal Logic (MTL) for-
mulae [6]. An MTL formula is a formal logical statement
expressing some property that the system must satisfy. It is
built by combining atomic propositions using logical and
temporal operators. Logical operators are the conjunction
(), disjunction (), negation (¬), and implication ().
The temporal operators include eventually (3I),always
(2I)and until (UI). For example, MTL can capture the
requirement that “all the trajectories swattain a value in the
set [10,+)” (3[0,)sw(t)10), or that “whenever the
value of swexceeds 10, then it should go below 7 within
5 sec and remain there for at least 10 sec” (2(sw(t)10
3[0,5]2[0,10] sw(t)7)).
If we associate a set O(p)with each atomic proposition
pAP such that pis true of the states in O(p), then the
above properties can be written as 3[0,)p1with O(p1) =
[10,+), and 2(¬p13[0,5]2[0,10] p2)with O(p2) =
(−∞,7]. We can quantify how robustly a system trajectory
sxsatisfies a specification φin MTL [8]. Namely, we define
a function of the trajectory, ρφ(sw), which takes positive
values if swsatisfies φand negative values otherwise.
Its magnitude |ρφ|quantifies how well the specification is
satisfied or falsified. The process of falsifying a specification
φ, i.e. detecting a system behavior that does not satisfy φ,
can thus be re-cast as the problem of finding trajectories
with negative ρφ-values. On the other hand, the optimal
control can be posed as the problem of maximizing the
positive robustness. Since the solutions to (1) are assumed
unique, the search can be performed over the initial states
xX0(including any system parameters) and control
signals uL2, and can be improved by computing local
descent directions for ρφ.
Problem 1: Given xX0,uL2, and a formula φ, find
a vector dx Rnand signal du L2such that there exists
an h > 0for which
ρφ(x+h·dx, u +h·du)< ρφ(x, u)h(0,h)
A general MTL formula will involve multiple propositions
piand their sets O(pi). The following proposition simplifies
our task:
Proposition 2.1: Consider an MTL formula φand a tra-
jectory swof (1) such that [[φ, O]](sw,0) >0. If assumption
2.1 holds, and for each pAP ,O(p)is a closed half-
space, then there exist a critical time tr[0, T ]and a
critical proposition pAP which appears in φsuch that
ρφ(w) = infz∈O(p)ksw(tr)zk.
In this paper, we derive the descent vector relative to only one
O(p)at a time; this is the content of Problem 2. The choice of
which O(p)to descend towards at any given time is decided
by the following heuristic: the current target set is always
the set O(p)where pis the critical proposition defined in
Proposition 2.1. Other heuristics are possible. By focusing
on one O(p), the problem is reduced to falsification of a
safety formula, of the form: φ=(¬p)where O(p) = Uis
the set of ‘unsafe’ system states.
The robustness then reduces to:
ρφ(x, u) = f(x, u),min
0tTdU(s(x,u)(t)) (2)
where dU(y),infz∈U kyzkis the distance of a point y
from U.
The function fis non-differentiable, and generally non-
convex. The special problem is then:
Problem 2: Given xX0,uL2,U Rn, and f
defined in (2), find dx Rnand du L2such that there
exists an h > 0for which
f(x+h·dx, u +h·du)< f (x, u)h(0,h)
If we treat H,X×L2as a Hilbert space, then it can be
seen that dw = (dx, du)His a descent direction in H.
III. COMPUTING A DES CE N T DIRECTION
Recall that H=X0×L2is the Hilbert search space, and
let wHbe an element of that space. For convenience we
define sw(t) = sx0(t;u).
Before continuing we will prove a result that will allow
us to calculate our descent direction using a convex differ-
entiable manifold.
Theorem 3.1: Let w1Hwith critical time tr,1as
defined in Proposition 2.1. Define
z(t;w) = argminz∈U k¯s(t;w)zk,(3)
and
J(w) = k¯s(tr,1;w)z(tr,1;w1)k.(4)
Suppose that there exists w2Hwith critical time tr,2such
that J(w2)< J(w1). Then the robustness of the trajectory
sw2(·)is smaller than that of sw1(·):f(w2)< f(w1).
Proof: By (2) we see that
f(w2) = min
0tTinf
z∈Uksw2(t)zk,
J(w2)< J(w1) = f(w1)
2313
Our goal is to minimize the robustness. To do so we
generate a sequence (wi)Hsuch that f(wi+1)< f (wi)
as follows: first, w0is given. Then, we iteratively generate
wi+1 from wiby identifying a critical time tr,i and the
corresponding closest unsafe point z(tr,i, wi). We define the
function
Ji(w),G(sw(tr,i)) ,kz(tr,i, wi)sw(tr,i )k(5)
We then calculate a descent direction ˆwHand set
wi+1 =wi+hˆw, where his the step-size. The step-size
is adapted on-line: increased if a descent is obtained, and
reduced if no descent is achieved. Note that with respect to
sw(tr,i)(5) is differentiable everywhere except for the origin,
at which point the trajectory has reached the unsafe set and
falsification has been shown.
We now adapt the results presented in [10] to find an
update direction ˆwfor wthat locally decreases Ji(w), which
in turn will decrease the robustness, as per Thm.3.1.
Let dJi(w; ˆw)be the Fr´
echet derivative of Ji(w)in the
direction ˆw, and let ˆx0and ˆube the projections of ˆwonto
X0and L2. This derivative can be written as a scalar valued
linear functional of ˆwas follows:
dJi(w; ˆw),hq, ˆwi,ZT
0
qu(τu(τ) dτ+qT
x0ˆx0,(6)
where qx0and quare the projections of qHonto X0and
U. For brevity we shall use the following notations
∂G
∂x ,G
∂x
s(tr,i;x0,u)
R1×n,
∂F (t)
∂x ,F
∂x
(t,s(t;x0,u),u)
Rn×n,
∂F (t)
∂u ,F
∂u
(t,s(t;x0,u),u)
Rn×m.
Let dsw(t; ˆw)represent the functional derivative of sw(t)
in the direction ˆw. Using the Taylor series based approach
in [10] we see that
dJi(w, ˆw) = ∂G
∂x sw(tr,i ; ˆw),(7)
dsw(t; ˆw) =
Zt
0∂F (τ)
∂x dsw(τ; ˆw) + ∂F (τ)
∂u ˆu(τ)(8)
Now suppose that
dsw(t; ˆw) = hp(t),ˆwi
=Zt
0
pu(t, τ u(τ)+px0(t)Tˆx0.(9)
Plugging this equation into the right hand side of (8),
rearranging terms and swapping the order of integration and
equating terms with (9) yields
pu(t, τ ) = Zt
τ
∂F (ξ)
∂x pu(ξ , τ)+∂ F (τ)
∂u
px0(t) = Zt
0
∂F (τ)
∂x px0(τ)
We can solve for pu(t, τ )and px0(t)by solving the initial
value problem
d
dt pu(·, τ ) = ∂ F (t)
∂x pu(t, τ ),(10)
d
dt px0=∂F (t)
∂x px0(t),
pu(τ, τ ) = ∂F (τ)
∂u ,
px0(0) = In×n
By combining (7) with (9) and comparing to (6), we find
that
qu(τ) = ∂G
∂x pu(tr,i , τ )
qx0=∂G
∂x px0(tr,i )
Thus, to find a dJi(w; ˆw)that is negative, we can set ˆwin
the inner product (6) to be q, that is
ˆu(τ) = ∂G
∂x pu(tr,i , τ ),(11)
ˆx0=∂G
∂x px0(tr,i ).(12)
In order to calculate the update direction for a continuous
input on a digital computer, we represent the input function
by a linear combination of finitely many basis functions. In
each example presented in Section IV, we consider a basis of
either rectangular or triangular pulses that are evenly spaced
through time. Then we can calculate an exact update to the
input parameters using, for example, the sensitivity analysis
tools provided by SundialsTB toolbox [11].
Our approach is a local descent optimization; it can
easily be used within a multi-start scheme (where a local
optimization is performed from several initial points in the
search space), as illustrated in Example 3.
IV. EXP E RI MEN TS
Example 1: Our first example is a linear 81-dimensional
RLC circuit. The equations are given by
˙x(t) = Ax(t) + bu(t)
where Aand bhave appropriate dimensions. The sensitivity
ODE is then itself linear [9]. The safety specification requires
the output voltage to always be less than 1.5V:
φRLC =(x41 1.5)
Starting from x0= [0,0] and a constant input of 0, the
descent converges to a falsifying trajectory with a near-step
input. 4
Example 2: This example is adapted from [7], given by
˙x(t) = x1(t)x2(t) + u(t)
x2(t) cos(2πx2(t)) x1(t) sin(2πx1(t)) + u(t)
with initial condition x0X0= [1,1]×[1,1], and spec-
ification 2¬p2with O(p2) = [1.6,1.4] ×[0.9,1.1].
2314
0 0.5 1 1.5 2 2.5
0.09
0.092
0.094
0.096
0.098
0.1
0.102
0.104
t
ufinal
Fig. 1: Example 2. Final input found by descent.
Starting from x0= [0,0] and a constant input of 0.1,
the descent converges to a falsifying trajectory.The falsifying
input is shown in Fig.1. 4
Example 3: The following example is 3-dimensional sys-
tem modeling the variation of glucose and insulin levels
in the blood, following a meal intake [12]. The model
was developed to help design insulin infusion schedules for
diabetes patients, e.g. as done in [13]. It is given by
˙x(t) =
p1x1(t)x2(t)(x1(t) + Gb) + Bekt
p2x2(t) + p3x3(t)
n(x3(t) + Ib) + 1000
60VIu(t)
State x1represents the level of glucose in the blood
plasma above a given basal value Gb,x2is proportional
to the level of insulin that is effective in controlling blood
glucose level, and x3represents the level of insulin above
a given basal value Ib. The search space for [x1, x2, x3]is
[6,10] ×[0.05,0.1] ×[0.1,0.1]. The input u(t)represents a
direct infusion of insulin meant to control the glucose level.
u(t)is therefore also referred to as an ‘infusion schedule’.
The pi,n,Band kare model parameters. We fix duration
T= 200. Consider first the following specification:
φ1=[0,20]x1[2,10] [20,200] x1[1,1]
φ1specifies that glucose level should remain in the range
[2,10] for the first 20 seconds, and should remain in the
range [1,1] for the last 180 seconds. Our goal is to design
an infusion schedule such that the glucose level satisfies φ1.
This can be posed as the problem of falsifying ¬φ1. We
decided to search over the initial values of the ODE (1), the
input u, and the parameter p3:p3varies between diabetes
patients, and its estimated value for normal subjects is 1.3e-
5 [12]. Larger p3values imply that the insulin injection u(t)
will have a greater effect on the plasma glucose level x1(t).
The search range for p3is therefore fixed to [1e-5,1e-3]. Thus
the outcome of the optimization is a set of initial conditions
(patient’s state at meal time), a continuous infusion schedule,
and a class of patients (as described by the parameter p3) for
which the schedule is appropriate.
Starting from a constant input signal at 0.1, and
[x0, p3] =[8, 0.08, 0, 1.3e-5], the initial robustness is 1.5399.
0 50 100 150 200 250
−9
−8
−7
−6
−5
−4
−3
−2
−1
0
1
t
u(t)
Fig. 2: Example 3 (Insulin). Final input u(t)found by descent
algorithm, scaled to highlight the initial impulse.
0 20 40 60 80 100 120 140 160 180 200
0
0.5
1
1.5
2
2.5
3
t
(a) Final input obtained by descent.
0 20 40 60 80 100 120 140 160 180 200
−5
0
5
10
t
(b) Final trajectory returned by descent.
Fig. 3: Example 3 (Insulin). A profile obtained by multi-start.
The optimization returned a decision wwith robustness 0.678
in 12 iterations. The final p3value is 2.03e-5. It is interesting
to note that the final input shows an injection at the beginning
of time, followed by a constant infusion (Fig. 2). This is
the type of infusion schedule advocated as being optimal in
[12, Section III], under the nominal p3value and the cost
function C(u) = RT
0x2
1(t)dt. Our descent method produced
this schedule with relatively little computational effort, and
provides more information on the classes of patients for
which it is appropriate.
Consider next the following specification
φ2=(phg X¬phg 3[0,10]([0,20] ¬phg ))
with O(phg) = {x|x19.44}.φ2expresses that if
the glucose level rises above 9.44 mmol/L (meaning hyper-
glycemia), it should dip below 9.44 within 10secs and stay
there for at least 20secs. Starting from [6,0.05,0.1,0.0001],
the descent keeps the initial value of x1, since one way to
satisfy φ2is to never go above the dangerous level of 9.44. To
see how the schedule might need to be adapted for different
values of p3, we ran a random multi-start simulation, were
we uniformly sample the search space (we used 50 samples),
and from each sample we run a local descent. Fig.3a shows
a falsifying input profile significantly different from the one
in Fig.2, with p3=8e-4. Whether the shown input schedule
is practicable with today’s technology is not assessed, but
the point is that different classes of patients (and different
2315
initial states) might require different schedules. The resulting
glucose trajectory is shown in Fig.3b, demonstrating a quick
decrease towards safer levels of glucose. 4
Example 4: This example is a 6-dimensional system that
models a quadrotor moving through a vertical plane [10].
The system dynamics are given by:
¨
X=µ(wX˙
X)u1
msin θ
¨
Y=µ(wY˙
Y)g+u1
mcos θ
¨
θ=u2
Here mdenotes the object’s mass, gdenotes gravitational
acceleration, µis the coefficient of friction with the air, w·
is the wind velocity along each axis, and uiis the control
input. We define the XY coordinate of the object’s center of
mass as the system’s output.
For this example, we consider the task of verifying the
safety of controllers that drive the quadrotor from one side
of a hill over to the other side without hitting the hill or the
ground. On the other side is a desired goal region, which
the quadrotor must reach within 12 seconds and stay there
afterwards. This requirement can be represented by the MTL
specification,
φ=[12,]p1[0,12]¬p2[0,12] ¬p3,
Here, p1represents the goal set, p2represents the ground,
and p3represents the hill. The sets O(p1),O(p2),O(p3)used
in our experiments are shown graphically in Figure 4.
First, we designed a reference tracking feedback controller
by linearizing the system around a hovering operating point.
The system is assumed to be initially hovering at location
[x, y] = [8,2] and that there is no wind during the sim-
ulation. Although this controller works well in the nominal
case, it is prudent to consider what happens if the system
does not begin at the expected initial state, or if there is any
wind disturbance. To this end, we treat the wind velocity
as an input to the system bounded by ±2m/s. We use the
algorithm presented in this paper to search over bounded sets
of initial conditions and horizonal wind profiles.
When the optimization was first run, the system was
falsified mainly by shifting the intial xposition to the left
and by having the wind blow the quadrotor to the left. The
updated initial condition and wind disturbance thus caused
the quadrotor to fly into the ground in a way that is not
expected for the nominal performance. This algorithm was
able to quickly find this major design flaw, as shown in
Figure 4.
After fixing the reference signal to maintain a height
of 2 for all points to the left of the starting location, the
optimization was rerun. After running for 7 iterations, the
algorithm found that the initial conditions [x, y, θ, ˙x, ˙y, ˙
θ] =
[0,0,0.005,0,0,0.098] and the wind profile shown in Fig-
ure 5 was able to falsify φ, specifically by slowing the
horizontal progression of the quadrotor so that it was not
in the goal set at time t= 12.
V. REL ATED WOR K
The work that appears in [14], [15] is the closest to the
results that we present here in terms of methods utilized. In
[15], sensitivity analysis is used to compute neighborhoods
of trajectories that always remain close enough and, thus,
perform coverage of the initial conditions. These results were
later extended in [14] to estimating parameter ranges and
initial conditions for the satisfaction of STL properties. Even
though our solution leads to sensitivity calculations, our ob-
jective is very different from the work in [14]. Our goal is to
develop the local search tools needed in order to improve the
performance of stochastic MTL falsification/optimal control
methods [7], [16]. Moreover, we can search simultaneously
over the initial conditions, parameters and the input sig-
nals. Finally, stochastic falsification methods avoid the state-
explosion problems that occur when attempting to cover a
high-dimensional set of parameters.
Different versions of the optimal control problem under
Linear Temporal Logic (LTL) specifications are presented
in [17], [18]. The authors in [17] take a mathematical
programming approach, while [18] develops an automata
based approach. Unlike MTL, LTL does not allow the speci-
fication of timing intervals for the Until operator UI(and by
extension, the Always and Eventually operators). This timing
interval is necessary for expressing real-time constraints on
the succession of events, which is important in many control
applications. The problem of optimal control for vehicle
routing for MTL specifications is addressed in [19]. However,
the results in [19] apply to specifications without nested
temporal operators and finite transition systems.
Our work in this paper can also be viewed as an optimal
control problem over hybrid systems. Since in our imple-
mentation we parameterize the input signals with a finite
number of parameters at specific points in time, we can
view the system as a parametric hybrid automaton where the
mode switches occur at specific time instants. Then the goal
is to compute the system parameters and initial conditions
such that the MTL robustness is minimized. However, we
Fig. 4: Falsification of Quadrotor with poor reference signal
2316
Fig. 5: Falsifying Wind Profile for Quadrotor System
remark that our theoretical results do not require the finite
parameterization of the input function space.
In terms of optimal control over hybrid systems, [20]
calculates numerically a descent direction for a class of
switched systems. First, we remark that our original cost
function is non-differentiable so it does not satisfy the
assumptions in [20]. In our current numerical implementation
each subproblem that we solve, i.e., descent to a specific set,
satisfies the assumptions in [20]. Thus, our solution could be
utilizing the results in [20] to solve more general problems
in the future. Similar remarks hold for the optimal control
problem formulated in [21]. Finally, in [22], we demonstrated
that in the case of linear hybrid systems improvements in
the convergence rate of stochastic search algorithms can be
achieved by adding a local search step.
VI. CONCLUSIONS
We have presented the derivation of the equations that
can be used for the computation of Metric Temporal Logic
(MTL) robustness descent vectors in the set of initial condi-
tions, parameter space and input function space for nonlinear
dynamical systems. These results are necessary for enabling
“gray box” MTL falsification and open loop control methods
for dynamical systems. One important advantage of the
proposed approach is that our framework can be readily used
for MTL falsification and/or optimal control methods within
any Model Based Development (MBD) tool that supports
sensitivity analysis. For instance, Simulink can provide such
functionality [23]. In the future, we will focus on extending
our new approach to hybrid systems using, for instance, the
decomposition method proposed in [24]. Also of interest is
the interplay between stochastic search methods [22] and
local gradient descent [25].
REFERENCES
[1] D. P. Bertsekas, Dynamic Programming and Optimal Control, Two
Volume Set, 2nd ed. Athena Scientific, 2000.
[2] K. Ogata, Modern Control Engineering, 4th ed. Prentice Hall, 2001.
[3] N. Michael, D. Mellinger, Q. Lindsey, and V. Kumar, “The GRASP
multiple micro uav testbed,” IEEE Robotics and Automation Magazine,
vol. 17, no. 3, pp. 56–65, 2010.
[4] Y. S. R. Annapureddy, C. Liu, G. E. Fainekos, and S. Sankara-
narayanan, “S-taliro: A tool for temporal logic falsification for hybrid
systems,” in Tools and algorithms for the construction and analysis
of systems, ser. LNCS, vol. 6605. Springer, 2011, pp. 254–257.
[5] A. Donze, “Breach, a toolbox for verification and parameter synthesis
of hybrid systems,” in Computer Aided Verification, ser. LNCS.
Springer, 2010, vol. 6174, pp. 167–170.
[6] R. Koymans, “Specifying real-time properties with metric temporal
logic.” Real-Time Systems, vol. 2, no. 4, pp. 255–299, 1990.
[7] H. Abbas, G. E. Fainekos, S. Sankaranarayanan, F. Ivancic, and
A. Gupta, “Probabilistic temporal logic falsification of cyber-physical
systems,” ACM Transactions on Embedded Computing Systems,
vol. 12, no. s2, May 2013.
[8] G. Fainekos and G. Pappas, “Robustness of temporal logic specifica-
tions for continuous-time signals,” Theoretical Computer Science, vol.
410, no. 42, pp. 4262–4291, September 2009.
[9] H. Abbas and G. Fainekos, “Computing descent direction of mtl
robustness for non-linear systems,” in American Control Conference,
2013.
[10] A. K. Winn and A. Julius, “Optimization of human generated trajecto-
ries for safety controller synthesis,” in American Control Conference
(ACC), 2013, 2013, pp. 4374–4379.
[11] R. Serban and A. Hindmarsh, “Cvodes: the sensitivity-enabled ode
solver in sundials,” in Proceedings of IDETC/CIE, 2005.
[12] M. Fisher, “A semiclosed-loop algorithm for the control of blood glu-
cose levels in diabetics,Biomedical Engineering, IEEE Transactions
on, vol. 38, no. 1, pp. 57–61, 1991.
[13] S. Sankaranarayanan and G. Fainekos, “Falsification of temporal
properties of hybrid systems using the cross-entropy method,” in
ACM International Conference on Hybrid Systems: Computation and
Control, 2012.
[14] A. Donze, E. Fanchon, L. M. Gattepaille, O. Maler, and P. Tracqui,
“Robustness analysis and behavior discrimination in enzymatic reac-
tion networks,” PLoS ONE, vol. 6, no. 9, p. e24246, 09 2011.
[15] A. Donze and O. Maler, “Systematic simulation using sensitivity
analysis,” in Hybrid Systems: Computation and Control, ser. LNCS,
vol. 4416. Springer, 2007, pp. 174–189.
[16] T. Nghiem, S. Sankaranarayanan, G. Fainekos, F. Ivancic, A. Gupta,
and G. Pappas, “Monte-carlo techniques for falsification of temporal
properties of non-linear hybrid systems,” in Hybrid Systems: Compu-
tation and Control, 2010.
[17] S. Karaman, R. Sanfelice, and E. Frazzoli, “Optimal control of mixed
logical dynamical systems with linear temporal logic specifications,”
in IEEE Conf. on Decision and Control, 2008.
[18] E. A. Gol and C. Belta, “Time-constrained temporal logic control of
multi-affine systems,Nonlinear Analysis: Hybrid Systems, vol. 10,
pp. 21–33, 2013.
[19] S. Karaman and E. Frazzoli, “Vehicle routing problem with metric
temporal logic specifications,” in IEEE Conference on Decision and
Control, Dec. 2008, pp. 3953 –3958.
[20] H. Gonzalez, R. Vasudevan, M. Kamgarpour, S. S. Sastry, R. Bajcsy,
and C. J. Tomlin, “A descent algorithm for the optimal control of con-
strained nonlinear switched dynamical systems,” in Proceedings of the
13th ACM international conference on Hybrid systems: computation
and control, ser. HSCC ’10. ACM, 2010, pp. 51–60.
[21] H. Axelsson, Y. Wardi, M. Egerstedt, and E. Verriest, “Gradient
descent approach to optimal mode scheduling in hybrid dynamical
systems,” Journal of Optimization Theory and Applications, vol. 136,
no. 2, pp. 167–186, 2008.
[22] H. Abbas and G. Fainekos, “Linear hybrid system falsification through
local search,” in Automated Technology for Verification and Analysis,
ser. LNCS, vol. 6996. Springer, 2011, pp. 503–510.
[23] Z. Han and P. J. Mosterman, “Towards sensitivity analysis of hybrid
systems using simulink,” in Proceedings of the 16th international
conference on Hybrid systems: computation and control. ACM, 2013,
pp. 95–100.
[24] A. Zutshi, S. Sankaranarayanan, J. V. Deshmukh, and J. Kapinski,
“A trajectory splicing approach to concretizing counterexamples for
hybrid systems,” in IEEE Conference on Decision and Control, 2013.
[25] D. Hristu and K. Morgansen, “Limited communication control,Sys-
tems & Control Letters, vol. 37, pp. 193–205, 1999.
2317
... For example, one can consider different optimization algorithms to search for the counterexample (e.g. ant colony optimization [9] or functional gradient descent [10]). Falsification requires use of a formal specification, typically written in Metric Interval Temporal Logic (MITL) [11] or Signal Temporal Logic (STL) [12] (or some variant thereof). ...
... ∧( [5,7] gear == 3) ∧ ( [8,10] gear == 3) ...
... The engine speed is constant and allowed to be in the range [900,1100]. The throttle angle is generated as a pulse signal with a base value of 8.9, a delay of 3, a period in the range [10,30] and amplitude in the range [0.161]. Thus, the throttle angle always has a value in the range [8.9, 69.9], always switching back and forth between two values at different times of each simulation. ...
Preprint
Cyber-Physical Systems (CPSs) are systems with both physical and software components, for example cars and industrial robots. Since these systems exhibit both discrete and continuous dynamics, they are complex and it is thus difficult to verify that they behave as expected. Falsification of temporal logic properties is an approach to find counterexamples to CPSs by means of simulation. In this paper, we propose two additions to enhance the capability of falsification and make it more viable in a large-scale industrial setting. The first addition is a framework for transforming specifications from a signal-based model into Signal Temporal Logic. The second addition is the use of Valued Booleans and an additive robust semantics in the falsification process. We evaluate the performance of the additive robust semantics on a set of benchmark models, and we can see that which semantics are preferable depend both on the model and on the specification.
... These models are complex hybrid systems that are very challenging to verify and test. Falsification-based testing [2,3,17,18,142,252,331] aims at automatically generating counter-examples that violate the desired requirements in a CPS model. This approach employs a formal specification language such as STL to specify the desired requirements, and a monitor (the oracle), that verifies each simulation trace for correctness against the requirement and it provides an indication as to how far the trace is from violation. ...
... The positive and negative sign of the robustness value indicates whether the formula is satisfied or violated, respectively. This quantitative interpretation can be exploited in combination with several heuristics (e.g., ant colony, gradient ascent, statistical emulation) to optimize the CPS design in order to satisfy or falsify a given formal requirement [2,3,17,18,45,133,142,252,331]. From Monitoring to Control Synthesis. ...
... 2. In case of not complying with clause 1, the tenant will have till the 15th of the month to pay the above mentioned sum plus an additional fee of 5% of the amount. 3. In case of not complying with clause 2, the tenant will have to leave the premises before the end of the month and the deposit will be retained by the landlord." ...
Article
Full-text available
Runtime verification is an area of formal methods that studies the dynamic analysis of execution traces against formal specifications. Typically, the two main activities in runtime verification efforts are the process of creating monitors from specifications, and the algorithms for the evaluation of traces against the generated monitors. Other activities involve the instrumentation of the system to generate the trace and the communication between the system under analysis and the monitor. Most of the applications in runtime verification have been focused on the dynamic analysis of software, even though there are many more potential applications to other computational devices and target systems. In this paper we present a collection of challenges for runtime verification extracted from concrete application domains, focusing on the difficulties that must be overcome to tackle these specific challenges. The computational models that characterize these domains require to devise new techniques beyond the current state of the art in runtime verification.
... Current approaches to optimizing the robustness fall into four categories: the use of heuristics like Simulated Annealing Nghiem et al. [2010], cross-entropy Sankaranarayanan and Fainekos [2012b] and RRTs Dreossi et al. [2015]; non-smooth optimization Abbas and Fainekos [2013]; Mixed Integer Linear Programming (MILP) Raman et al. [2014], Saha and Julius [2016]; and iterative approximations Abbas and Fainekos [2011], Abbas et al. [2014], . Black-box heuristics are the most commonly used approach. ...
... Another MILP based approach is presented in Saha and Julius [2016] where constraints are added when necessary, in order to reduce MILP complexity. The work closest to the appproach presented in chapter 3 is Abbas and Fainekos [2011], Abbas et al. [2014]. There, the authors considered safety formulas, for which the robustness reduces to the minimum distance between x and the unsafe set U . ...
Article
Safe autonomous operation of dynamical systems has become one of the most important research problems. Algorithms for planning and control of such systems are now finding place on production vehicles, and are fast becoming ubiquitous on the roads and air-spaces. However most algorithms for such operations, that provide guarantees, either do not scale well or rely on over-simplifying abstractions that make them impractical for real world implementations. On the other hand, the algorithms that are computationally tractable and amenable to implementation generally lack any guarantees on their behavior. In this work, we aim to bridge the gap between provable and scalable planning and control for dynamical systems. The research covered herein can be broadly categorized into: i) multi-agent planning with temporal logic specifications, and ii) robust predictive control that takes into account the performance of the perception algorithms used to process information for control. In the first part, we focus on multi-robot systems with complicated mission requirements, and develop a planning algorithm that can take into account a) spatial, b) temporal and c) reactive mission requirements across multiple robots. The algorithm not only guarantees continuous time satisfaction of the mission requirements, but also that the generated trajectories can be followed by the robot. The other part develops a robust, predictive control algorithm to control the the dynamical system to follow the trajectories generated by the first part, within some desired bounds. This relies on a contract-based framework wherein the control algorithm controls the dynamical system as well as a resource/quality trade-off in a perception-based state estimation algorithm. We show that this predictive algorithm remains feasible with respect to constraints while following a desired trajectory, and also stabilizes the dynamical system under control. Through simulations, as well as experiments on actual robotic systems, we show that the planning method is computationally efficient as well as scales better than other state-of-the art algorithms that use similar formal specification. We also show that the robust control algorithm provides better control performance, and is also computationally more efficient than similar algorithms that do not leverage the resource/quality trade-off of the perception-based state estimator
... Formal control synthesis with temporal logic specifications: The control synthesis approaches with temporal logic specifications mainly convert the control synthesis problem into a mixed-integer linear programming (MILP) problem [26], [27], [28], [29], [30], [31] which can be solved efficiently by MILP solvers. Another set of approaches substitute the temporal logic constraint into the objective function of the optimization problem and apply a functional gradient descent algorithm on the resulting unconstrained problem [32], [33], [3], [34]. The control synthesis approach in this paper essentially extended the MILP-based approaches to non-linear dynamical systems to accommodate the pandemic models. ...
Preprint
Pandemics can bring a range of devastating consequences to public health and the world economy. Identifying the most effective control strategies has been the imperative task all around the world. Various public health control strategies have been proposed and tested against pandemic diseases (e.g., COVID-19). We study two specific pandemic control models: the susceptible, exposed, infectious, recovered (SEIR) model with vaccination control; and the SEIR model with shield immunity control. We express the pandemic control requirement in metric temporal logic (MTL) formulas. We then develop an iterative approach for synthesizing the optimal control strategies with MTL specifications. We provide simulation results in two different scenarios for robust control of the COVID-19 pandemic: one for vaccination control, and another for shield immunity control, with the model parameters estimated from data in Lombardy, Italy. The results show that the proposed synthesis approach can generate control inputs such that the time-varying numbers of individuals in each category (e.g., infectious, immune) satisfy the MTL specifications with robustness against initial state and parameter uncertainties.
... The second category of approaches mainly focus on linear dynamical systems and they convert the control synthesis problem into a mixed-integer linear programming (MILP) problem [35][36][37][38][39][40] which can be solved efficiently by MILP solvers. The third category of approaches substitute the temporal logic constraint into the objective function of the optimization problem and apply a functional gradient descent algorithm on the resulting unconstrained problem [10,[41][42][43]. The control synthesis approach in this paper is based on the second category of approaches, but we have extended the method to non-linear dynamical systems to fit the epidemic models for COVID-19. ...
Article
Full-text available
Ever since the outbreak of the COVID-19 epidemic, various public health control strategies have been proposed and tested against the coronavirus SARS-CoV-2. We study three specific COVID-19 epidemic control models: the susceptible, exposed, infectious, recovered (SEIR) model with vaccination control; the SEIR model with shield immunity control; and the susceptible, un-quarantined infected, quarantined infected, confirmed infected (SUQC) model with quarantine control. We express the control requirement in metric temporal logic (MTL) formulas (a type of formal specification languages) which can specify the expected control outcomes such as "the deaths from the infection should never exceed one thousand per day within the next three months" or "the population immune from the disease should eventually exceed 200 thousand within the next 100 to 120 days". We then develop methods for synthesizing control strategies with MTL specifications. To the best of our knowledge, this is the first paper to systematically synthesize control strategies based on the COVID-19 epidemic models with formal specifications. We provide simulation results in three different case studies: vaccination control for the COVID-19 epidemic with model parameters estimated from data in Lombardy, Italy; shield immunity control for the COVID-19 epidemic with model parameters estimated from data in Lombardy, Italy; and quarantine control for the COVID-19 epidemic with model parameters estimated from data in Wuhan, China. The results show that the proposed synthesis approach can generate control inputs such that the time-varying numbers of individuals in each category (e.g., infectious, immune) satisfy the MTL specifications. The results also show that early intervention is essential in mitigating the spread of COVID-19, and more control effort is needed for more stringent MTL specifications. For example, based on the model in Lombardy, Italy, achieving less than 100 deaths per day and 10000 total deaths within 100 days requires 441.7% more vaccination control effort than achieving less than 1000 deaths per day and 50000 total deaths within 100 days.
... The second category of approaches mainly focus on linear dynamical systems and they convert the control synthesis problem into a mixed-integer linear programming (MILP) problem [31], [32], [33], [34], [35], [36] which can be solved efficiently by MILP solvers. The third category of approaches substitute the temporal logic constraint into the objective function of the optimization problem and apply a functional gradient descent algorithm on the resulting unconstrained problem [37], [38], [8], [39]. The control synthesis approach in this paper is based on the second category of approaches, but we have extended the method to non-linear dynamical systems to fit the epidemic models for COVID-19. ...
Preprint
Full-text available
Ever since the outbreak of the COVID-19 epidemic, various public health control strategies have been proposed and tested against SARS-CoV-2. In this paper, we study three specific COVID-19 epidemic control models: the susceptible, exposed, infectious, recovered (SEIR) model with vaccination control, the SEIR model with shield immunity control, and the susceptible, un-quarantined infected, quarantined infected, confirmed infected (SUQC) model with quarantine control. We express the control requirement in metric temporal logic (MTL) formulas and develop methods for synthesizing control inputs based on three specific COVID-19 epidemic models with MTL specifications. To the best of our knowledge, this is the first paper to provide automatically-synthesized and fine-tuned control synthesis for the COVID-19 epidemic models with formal specifications. We provide simulation results in three different case studies: vaccination control for the COVID-19 epidemic with model parameters estimated from data in Lombardy, Italy; shield immunity control for the COVID-19 epidemic with model parameters estimated from data in Lombardy, Italy; and quarantine control for the COVID-19 epidemic with model parameters estimated from data in Wuhan, China. The results show that the proposed synthesis approach can generate control inputs within a relatively short time (within 5 seconds) such that the time-varying numbers of individuals in each category (e.g., infectious, immune) satisfy the MTL specifications. The results are also consistent with the claim that control in the early phases of COVID-19 is the most effective in the mitigation.
Article
In this work, we present an integrated Framework for Autonomous Drone Safety (FADS). The demand for safe and efficient mobility of people and goods is growing rapidly, in line with the growth in population in US urban centers. In response, new technologies to meet these urban mobility demands are also rapidly maturing in preparation for future full-scale deployment. As surface congestion increases and the technology surrounding unmanned aerial systems (UAS) matures, more people are looking to the urban airspace and Urban Air Mobility (UAM) as a piece of the puzzle to promote mobility in cities. However, the lack of coordination between UAS stakeholders, federal UAS safety regulations, and researchers developing UAS algorithms continues to be a critical barrier to widespread UAS adoption. FADS takes into account federal UAS safety requirements, UAM challenge scenarios, contingency events, as well as stakeholder-specific operational requirements. FADS formalizes these requirements, through Signal Temporal Logic (STL) representations, and a trajectory planning optimization for multi-rotor UAS fleets guarantees robust and continuous-time satisfaction of the requirements and mission objectives. The intuitive FADS user interface makes it easy to plan missions in a variety of environments; we demonstrate this through several rural and urban environment-based case studies. FADS holistically integrates high-level stakeholder objectives with low-level trajectory planning; combined with a user-friendly interface, FADS reduces the complexity of stakeholder coordination within the UAM context.
Article
Cyber-Physical Systems (CPSs) are systems with both physical and software components, for example cars and industrial robots. Since these systems exhibit both discrete and continuous dynamics, they are complex and it is thus difficult to verify that they behave as expected. Falsification of temporal logic properties is an approach to find counterexamples to CPSs by means of simulation. In this paper, we propose two additions to enhance the capability of falsification and make it more viable in a large-scale industrial setting. The first addition is a framework for transforming specifications from a signal-based model into Signal Temporal Logic. The second addition is the use of Valued Booleans and an additive robust semantics in the falsification process. We evaluate the performance of the additive robust semantics on a set of benchmark models, and we can see that which semantics are preferable depend both on the model and on the specification.
Preprint
Full-text available
Principles of modern cyber-physical system (CPS) analysis are based on analytical methods that depend on whether safety or liveness requirements are considered. Complexity is abstracted through different techniques, ranging from stochastic modelling to contracts. However, both distributed heuristics and Artificial Intelligence (AI)-based approaches as well as the user perspective or unpredictable effects, such as accidents or the weather, introduce enough uncertainty to warrant reinforcement-learning-based approaches. This paper compares traditional approaches in the domain of CPS modelling and analysis with the AI researcher perspective to exploring unknown complex systems.
Conference Paper
Full-text available
This paper examines techniques for finding falsifying trajectories of hybrid systems using an approach that we call trajectory splicing. Many formal verification techniques for hybrid systems, including flowpipe construction, can identify plausible abstract counterexamples for property violations. However, there is often a gap between the reported abstract counterexamples and the concrete system trajectories. Our approach starts with a candidate sequence of disconnected trajectory segments, each segment lying inside a discrete mode. However, such disconnected segments do not form concrete violations due to the gaps that exist between the ending state of one segment and the starting state of the subsequent segment. Therefore, trajectory splicing uses local optimization to minimize the gap between these segments, effectively splicing them together to form a concrete trajectory. We demonstrate the use of our approach for falsifying safety properties of hybrid systems using standard optimization techniques. As such, our approach is not restricted to linear systems. We compare our approach with other falsification approaches including uniform random sampling and a robustness guided falsification approach used in the tool S-Taliro. Our preliminary evaluation clearly shows the potential of our approach to search for candidate trajectory segments and use them to find concrete property violations.
Conference Paper
Full-text available
CVODES, which is part of the SUNDIALS software suite, is a stiff and nonstiff ordinary differential equation initial value problem solver with sensitivity analysis capabilities. CVODES is written in a data-independent manner, with a highly modular structure to allow incorporation of different preconditioning and/or linear solver methods. It shares with the other SUNDIALS solvers several common modules, most notably the generic kernel of vector operations and a set of generic linear solvers and preconditioners. CVODES solves the IVP by one of two methods — backward differentiation formula or Adams-Moulton — both implemented in a variable-step, variable-order form. The forward sensitivity module in CVODES implements the simultaneous corrector method, as well as two flavors of staggered corrector methods. Its adjoint sensitivity module provides a combination of checkpointing and cubic Hermite interpolation for the efficient generation of the forward solution during the adjoint system integration. We describe the current capabilities of CVODES, its design principles, and its user interface, and provide an example problem to illustrate the performance of CVODES.
Article
Full-text available
We present a Monte-Carlo optimization technique for finding system behaviors that falsify a metric temporal logic (MTL) property. Our approach performs a random walk over the space of system inputs guided by a robustness metric defined by the MTL property. Robustness is guiding the search for a falsifying behavior by exploring trajectories with smaller robustness values. The resulting testing framework can be applied to a wide class of cyber-physical systems (CPS). We show through experiments on complex system models that using our framework can help automatically falsify properties with more consistency as compared to other means, such as uniform sampling.
Conference Paper
Full-text available
The aim of the optimal safety controller synthesis problem is to synthesize a feedback controller that results in closed-loop trajectories that meet certain criteria, namely, the state or output trajectories terminate in a goal set without entering an unsafe set while optimizing some function. Our previous work presented a method for using finitely many human generated trajectories to synthesize a non-optimal safety controller. We propose a formal method for optimizing the human generated trajectories used to synthesize the controller. Our method is based on the calculus of variations, but is different from other similar algorithms in that it uses a gradient descent based approach to directly solve the optimization problem without formulating the optimality conditions given by the Pontryagin Minimum Principle. This method provides a tool for improving the performance of a controller synthesized using the methods outlined in our previous work. We present an example of optimizing a human generated trajectory for a nonlinear system, specifically a quadrotor, and quantify the improvements it is able to generate.
Conference Paper
Full-text available
The automatic analysis of transient properties of nonlinear dynamical systems is a challenging problem. The problem is even more challenging when complex state-space and timing requirements must be satisfied by the system. Such complex requirements can be captured by Metric Temporal Logic (MTL) specifications. The problem of finding system behaviors that do not satisfy an MTL specification is referred to as MTL falsification. This paper presents an approach for improving stochastic MTL falsification methods by performing local search in the set of initial conditions. In particular, MTL robustness quantifies how correct or wrong is a system trajectory with respect to an MTL specification. Positive values indicate satisfaction of the property while negative values indicate falsification. A stochastic falsification method attempts to minimize the system's robustness with respect to the MTL property. Given some arbitrary initial state, this paper presents a method to compute a descent direction in the set of initial conditions, such that the new system trajectory gets closer to the unsafe set of behaviors. This technique can be iterated in order to converge to a local minimum of the robustness landscape. The paper demonstrates the applicability of the method on some challenging nonlinear systems from the literature.
Article
Full-text available
Randomized testing is a popular approach for checking properties of large embedded system designs. It is well known that a uniform random choice of test inputs is often sub-optimal. Ideally, the choice of inputs has to be guided by choosing the right input distributions in order to expose corner-case violations. However, this is also known to be a hard problem, in practice. In this paper, we present an application of the cross-entropy method for adaptively choosing input distributions for falsifying temporal logic properties of hybrid systems. We present various choices for representing input distribution families for the cross-entropy method, ranging from a complete partitioning of the input space into cells to a factored distribution of the input using graphical models. Finally, we experimentally compare the falsification approach using the cross-entropy method to other stochastic and heuristic optimization techniques implemented inside the tool S-Taliro over a set of benchmark systems. The performance of the cross entropy method is quite promising. We find that sampling inputs using the cross-entropy method guided by trace robustness can discover violations faster, and more consistently than the other competing methods considered.
Conference Paper
In the design of engineered systems two types of models are used: (i) analysis models and (ii) system models. The system models are primary deliverables between design stages whereas analysis models are employed within a design stage. Sensitivity analysis studies the behavior of the system under small parameter variations which proves to be useful in design. To enable sensitivity analysis in verification of hybrid dynamic systems that model industry-size problems, support for simulation-based methods is desired. The computational semantics for simulation of corresponding analysis models must then be consistent with the computational semantics of the system models. A method is presented that enables direct sensitivity analysis on system models via an implementation in the Simulink(R) software. The approach relies on the existing ordinary differential equation solver of Simulink and the block-by-block analytic Jacobian computation to provide the analytic Jacobian for solving the sensitivity equations. Results of a prototype implementation show that sensitivity analysis can be applied to moderate size Simulink models of continuous and hybrid systems.
Article
From the Publisher:This comprehensive treatment of the analysis and design of continuous-time control systems provides a gradual development of control theory—and shows how to solve all computational problems with MATLAB. It avoids highly mathematical arguments, and features an abundance of examples and worked problems throughout the book. Chapter topics include the Laplace transform; mathematical modeling of mechanical systems, electrical systems, fluid systems, and thermal systems; transient and steady-state-response analyses, root-locus analysis and control systems design by the root-locus method; frequency-response analysis and control systems design by the frequency-response; two-degrees-of-freedom control; state space analysis of control systems and design of control systems in state space.