IPAM, October 27, 2015
Formal Synthesis for Traffic Control Murat Arcak with Sam Coogan and Eric Kim Electrical Engineering and Computer Sciences, UC Berkeley
Broader agenda: Scalable design/verification of large systems • Compositional, bottom-up approach • Exploit inherent system structure • Applications drive new theory
mal methods require a finite state representation
n
control motivated by traffic control This Talk:Correct-by-design Formal synthesis, Nonlinear dynamics
q1 q4
q1 Outline:
q3
q5
q3 q6
Finite state abstraction finite abstraction
x+ = F (x) q2
q2
S. Coogan
q5 q6 1. q4 Finite abstraction
Formal control synthesis
formal methods
Formal Synthesis and Verification of Networked Systems control synthesis for formal methods
Exploiting a “mixed Finite state abstraction
monotonicity” property for scalability. Application to a macroscopic traffic flow model. Synthesis and Verification of Networked Systems 18/40
2. Compositional synthesis for large networks Decoupled synthesis for subnetworks with supply and demand contracts.
1
Formal methods require a finite state representation Correct-by-design control 1. Finite Abstraction for Formal Methods Nonlinear dynamics
q1 q4
q2
q3
q5
q6
Formal control synthesis
Finite state abstraction
Capture the underlying with a finite set of symbols and q2 qdynamics 3 q1 Formal transitions between them. Methods exist controlfor classes of systems q5 q6 synthesis (Tabuada, Girard, Abate, Belta, …) q4 Pappas, Reissig, Raisch, S. Coogan
Synthesis and Verification of Networked Systems
Finite state computations abstraction Example: polyhedral for piecewise affine systems S. Coogan Synthesis and Verification of Networked Systems 18/40 (Belta et al.)
Monotonicity and Mixed Monotonicity The discrete-time system: x+ = F (x)
is monotone if x1 x2
=)
x2X F (x1 ) F (x2 )
with respect to a partial order (standard order in this talk). Monotonicity offers strong dynamical properties [Hirsch, Smith, Angeli, Sontag] but is restrictive in practice. Necessary and sufficient condition for monotonicity: @Fi (x) @xj
0
8x 2 X
8i, j
Monotonicity and Mixed Monotonicity x+ = F (x)
x2X
is mixed monotone if there exists a “decomposition function” such that
f :X ⇥X !X f (x, x) = F (x) x1 x2 ) f (x1 , y) f (x2 , y)
y1 y2 ) f (x, y2 ) f (x, y1 ).
A sufficient condition for mixed monotonicity: @Fi (x) 9 ij 2 { 1, 1} s.t. ij 0 8i, j @xj yj Decomposition function: Fi (· · · , xj , · · · ) if ij = 1
Mixed Monotonicity Allows Scalable Finite Abstraction Two function evaluationsMotivation tightly bound the one-step reach set: Mixed Monotonicity Abstraction Monotone:
Mixed Monotone:
Exa
Efficient abstraction from reachability compu
The transition system T = (Q, M, d ) is an over-app abstraction of x+ = Fm (x, d):
If 9x 2 Iq 9d 2 D such that Fm (x, d) 2
Then q0 2 d (q, m)
Mixed monotonicity allows efficient abstr
This allows a scalable abstraction algorithm: [Coogan, Arcak, 2015]
q1 q4
q2 q5
q3 q6
Motivation
Mixed Monotonicity
Abstraction
Examples
Offset Optimization
Traffic Flow: a Macroscopic Model
Traffic flow model
Vehicles per time period
For each link ` : Demand, Fout i (xi ) Supply, Fin i (xi )
xijam
+ in Link statexupdate = x + f ` ` (x) ` + in out
xi = xi + fi (x, m) =: Fmi (x)
Outgoing links: Incoming links
fi
(x, m) + di
fkin (x, m)
=
xi
f`outOutgoing (x) =: Fflow ` (x) less than demand, X
Incoming flow less than supply out f `k ` (x, m)
Outgoing links `2in turn ratio ⇢ 1 in Incoming links: fiout (x, m) = si (m) min Fout (x ), min Fj (xj ) fjin (x, m) = Â bij fiout (x, m) i ⇢ i j2out bij 1 ini=in out out fS.`Coogan(x, m) = s` (m) min ` ), min ` (x k (xk ) Synthesis and Verification of Networked Systems 8/40 k2out `k ⇢
{0, 1}
Correct-by-design control Nonlinear dynamics
Traffic Flow is Mixed Monotone @Fi (x) ij @xj
0
Apply abstraction algorithm and add signaling states to transition model
ij
=
⇢
q1 q4
1 +1
q2
if i and j share tail node otherwise q3
q5
Formal control synthesis
q6
Finite state abstraction
finite abstraction
formal methods
Note: Standard monotonicity breaks down at splits 1 in out `=3 f1 = 2 (x2 ) S. Coogan
Synthesis and Verification of Networked Systems
18
12
`=2
congested
`=1
f3in = )
out = 13 f1 32
=
1
13 12
in 2 (x2 )
1
n+1 n+2 1
2
5
...
...
v
2
3
8
4
9
Example: Signal Control for a Corridor n+m n
Linear Temporal Logic spec. Mixed Monotonicity
Examplespolicy Naïve offset optimal
Motivation
6
Abstraction
I Each signal actuates cross street 7
traffic infinitely often
Conclusions
10
1 2 3 control4 of arterial corridor Correct-by-design
I Eventually, links 1, 2, 3, and 4 have
1
2 3 vehicles 4on each link fewer than 30 5 and this remains true 8 for6 all time 9 7
1
I The signal at junction v4 must 2 actuate each direction1 for at least 5 9
sequential time-steps (pedestrian Temporal two Logic Specifications: crossings)
10
3
2 3
8
4
4 9
Linear Temporal Logic spec.
Correct-by-design policy • Each signal actuates cross street I Each signal actuates cross street S. Coogan and M. Arcakoften Efficient Finite Abstraction of Mixed Monotone Systems traffic infinitely traffic infinitely often • Eventually, linkslinks 1, 2,1, 3, and I Eventually, 2, 3, and44 have fewer than vehicles on eacheach link have fewer than3030 vehicles and this remains true for all time • The signal at junction 4 must I The signal at junction v4 must actuateactuate crosseach street traffic direction for at for least at two sequential sequential time-steps (pedestrian least two time-steps crossings)
19/21
2. Compositional Synthesis for Large Networks [Kim, Arcak, Seshia, 2015] • “Contracts” between neighboring subnetworks to limit demand and guarantee adequate supply • Neighbors’ promises allow decoupled subnetwork models • Augment temporal logic specifications with own promises and synthesize controller for each subnetwork new i
=
original i
^
supply i
^
demand i
promises to neighbors
i = 1, 2, ...
Neighbors’ Promises Allow Decoupled Models Subnetwork 2 promises a minimum supply of 2contract on link 5 and to limit its demand on link 4 by 4contract vehicles per period.
Decoupled subnet ⇢ 1 model: f2out (x)
out 2 (x2 ),
1
in = min 5 (x5 ) 25 ⇢ 1 out contract best 2 min (x ), , 2 [ , ] 2 2 2 2 25 ⇢ 1 in 1 in in out f4 (x) = 74 min 7 (x7 ), 8 (x8 ), 4 (x4 ) 78
2
74
min
in 4 (x4 ),
,
2 [0,
74
contract ] 4
Requirements on the Specification 1. Separability:
network
=
Then the i th subproblem is: II. Easier to satisfy
subnet i
subnet 1 subnet
^ ··· ^
i^
subnet N
supply i
^
demand i
when i’s neighbors promise more
This allows a systematic search for contract parameters. Example: This requirement is met if x2 1) the dynamics are monotone, and 2) the specification corresponds to a lower set of the signal space: xx ¯ and x ¯2
) x2
x ¯ x1
Proof idea in a picture: x4 If subnet 2 promises more supply on link 5, then link 2 occupancy drops. Likewise
initial set
more supply
one step reach set less demand
less occupancy on link 4 if less demand is promised.
Why monotonicity matters: If subnet 1 promises more supply on link 4, this liberates more flow out of link 7 and causes higher occupancy on link 8 (contrary to fig. above).
x2
Conclusions • Formal methods enable automated control synthesis for rich classes of design specifications. • This talk addressed the critical issue of scalability for finite abstraction and control synthesis. • Traffic management is a fertile application area and exhibits the structural properties used in the talk.
I-80, near Berkeley
Remaining Problems Compositional synthesis: Probabilistic less conservative contracts guarantees: and cooperation among exploit demand subnetwork controllers statistics to rather than fully find transition decentralized probabilities control and guarantee satisfaction with Optimality: high probability add optimality criteria to specifications, e.g., Coordinated onramp metering / arterial minimize travel time, signaling minimize spatial and validation variations in traffic with hybrid density, maximize freeway/arterial throughput simulation
Acknowledgment: NSF-CPS grant CNS1446145 and coworkers:
Sam Coogan (UCLA)
Eric Kim
Calin Belta (Boston U.)
Sanjit Seshia
Roberto Horowitz
Alex Kurzhanskiy
Related Publications Coogan and Arcak “Efficient finite abstraction of mixed monotone systems” – HSCC 2015 Coogan, Gol, Arcak and Belta “Traffic network control from temporal logic specifications” – IEEE Trans. Control of Network Systems, 2015 Coogan and Arcak “Freeway traffic control from linear temporal logic specifications” – ICCPS 2014 Kim, Arcak and Seshia “Compositional controller synthesis for vehicular traffic networks” – CDC 2015
