Generating Invariants for Hybrid Systems by Computing Vanishing Ideals of Sample Points
Bin Wu, Yongjun Fu
Generating Invariants for Hybrid Systems by Computing Vanishing Ideals
of Sample Points
Bin Wu1,3, Yongjun Fu2
Department of Basic Course, Shanghai University of Finance and
Economics Zhejiang College, Jinhua, 321013, China, E-mail: [email protected]
2
Jinhua College of Vocation and Technology, Jinhua, 321000, China
3
Shanghai Key Laboratory of Trustworthy Computing, East China Normal University,
Shanghai, 200062, China
1, First and Corresponding Author
Abstract
In this paper, we investigate the problem of generating invariants of hybrid systems. We
present a new approach, for generating polynomial equation invariants of hybrid systems through
computing vanishing ideal of sample points. The challenge is to deal with the continuous
consecution of hybrid systems because of the existence of differential equations. Our approach
avoids first-order quantifier elimination and cylindrical algebraic decomposition (CAD). From the
preliminary experiment results, we demonstrate the feasibility of our approach.
Keywords: Program Verification; Hybrid system; Invariant Generation; Vanishing Ideal
1. Introduction
Hybrid systems are dynamic systems that exhibit both continuous and discrete dynamic behavior,
and continuous dynamic behavior is generally described by differential equations. The verification of
safety (invariance and reachability) properties plays a central role in the analysis of hybrid systems.
This problem is very hard to computer even for the simplest case.
In this paper, we present a new method for generating polynomial invariants of hybrid systems based
on computing vanishing ideal of system sample points.
Given a degree bound el of the potential polynomial invariants of hybrid system at each location
e  n
l , we first get no more than  l
 sample points by recording the values of system variables at
 n 
each location l , where n is the number of system variables. Then we apply Buchberger-Möller
algorithm to compute the vanishing ideal of these sample points as candidate invariants (candidate may
not be real invariant) at each location l . Subsequently, we verify the candidate invariants based on
polynomial-scale discrete consecution and continuous consecution. Finally, we can either generate the
polynomial invariants at each location l or conclude that the polynomial invariants at each location
l with degree  e' do not exist, where e' (  e) is the minimal degree of the polynomials in the
vanishing ideals.
Recent years, many methods have been proposed to generate invariants for hybrid systems. For
linear hybrid systems, linear inductive invariants were generated by Tiwari [1] and were constructed by
Halbwachs et al. [2] based on a specific abstract interpretation. In [3], Sankaranarayanan et al.
presented a method to generate invariants for hybrid systems, which translated the invariant generation
problem to a constraint solving problem. In [4], for hybrid systems with linear continuous dynamics,
polynomial invariants were generated by a computational method using Gröbner Bases. Gulwani et al.
[5] proposed a constraint-based technique for constructing invariants for hybrid systems. In [6], a
method was firstly proposed to compute differential invariants of hybrid systems as fixedpoints. Parillo
et al. [7] presented a powerful framework by semidefinite programming. Prajna et al. [8] addressed the
safety-verification problem using the ideal of barrier certificates.
The rest of the paper is organized as follows. In Section 2, we recall the notions of vanishing ideals
International Journal of Digital Content Technology and its Applications(JDCTA)
Volume6,Number4,March 2012
doi:10.4156/jdcta.vol6.issue4.31
252
Generating Invariants for Hybrid Systems by Computing Vanishing Ideals of Sample Points
Bin Wu, Yongjun Fu
for finitely many points, hybrid systems and (inductive) invariants. In Section 3, we present an efficient
method to generate polynomial equation invariants for hybrid systems and an example is given. We
conclude our results in Section 4.
2. Notation and Definitions
This section contains a collection of definitions and facts about vanishing ideals of finitely many
points and hybrid systems, which will be needed later. Throughout this paper, let K be a
(commutative) field of characteristic zero , K [ x1 ,  , x n ] be the ring of polynomials in n
 in K [ x1 ,  , x n ] be the graded
lexicographic order, and deg( f ) denote the total degree of a polynomial f  K [ x1 ,  , x n ] .
indeterminates x1 ,  , x n over K , the monomial order
2.1. Vanishing Ideals of Finitely Many Points
Definition 1 (Ideal of Polynomials). A set I  K [ x1 ,  , x n ] is an ideal in K [ x1 ,  , x n ] if for
any
f,gI
and
h  K [ x1 ,  , x n ] , we have
f  gI
and
f  h  I . For
h1 ,  , hr  K [ x1 ,  , x n ] we denote by  h1 ,  , hr  the smallest ideal containing h1 ,  , hr , i.e.
 r

 h1 ,  , hr    f i hi f i  K [ x1 ,  , xn ].
 i 1

If I   h1 ,  , hr  , we say that I is an ideal generated by h1 ,  , hr and that h1 ,  , hr is a
basis of I .
By Hilbert’ Basis Theorem, any ideal in K [ x1 ,  x n ] has a finite basis. We can compute
Gröbner bases of ideals using Buchberger’s algorithm [9].
n
Definition 2 (Vanishing Ideals of Finitely Many Points). Let A be a finite set of K . The
vanishing ideal of the point set A is the ideal
I ( A)  { f  K [ x1 ,  xn ] | f ( a )  0, for all a  A}
of all the polynomials vanishing on each point in A .
Buchberger and Möller presented an algorithm [10] to compute the reduced Gröbner basis of the
vanishing idea for finite many points, based on Gaussian elimination on a generalized Vandermonde
matrix.
2 4
Remark 1. Stated in [11], Buchberger-Möller algorithm is of polynomial time complexity O ( n s ) ,
where n is the dimension of the affine space and s is the number of points.
2.2. Hybrid Systems and Invariants
We represent hybrid systems via hybrid automata [12].
Definition 3 (Hybrid System). A hybrid system  is a tuple V , L, T , , D, Inv, l 0  , where

V is a finite set of real-valued system variables, the number of variables( | V | ) is called the


dimensionality of the system;
L is a finite set of locations;
T is a set of discrete transitions. Each transition
  T is a tuple  l1 , l2 ,  ,   , where
l1 , l 2  L are the pre- and post- locations of the transition. The transition relation  is a
first-order assertion over V  V ' , where V denotes the current state variables and V ' denotes
the next-state variables.  is a first-order assertion over V which is the guard condition of the
transition  ;
  is a first-order assertion over V denoting the initial condition;
 D is a map that maps each location l  L to a differential rule D ( l ) denoting an assertion
253
Generating Invariants for Hybrid Systems by Computing Vanishing Ideals of Sample Points
Bin Wu, Yongjun Fu
over V  {v | v  V } . The differential rule specifies the local evolution of variables during a
local time interval.
 Inv is a map that maps each location l  L to a location condition. Inv ( l ) denotes an
assertion over V ;
 l0  L is an initial location.
Definition 4 (Computation). A computation of a hybrid automaton is an infinite sequence of states
 li , xi   L 
V
:  l0 , x0 ,  l1 , x1  ,  l 2 , x2 , 
such that l0 is the initial condition and
x0   , and for two consecution states pair
 li , xi ,  li 1 , xi 1  , one of the following conditions is satisfied:
Discrete Consecution: there exists a transition
 :  l1 , l2 ,    T , such that l1  li , l2  li 1 and
 xi , xi 1    .
Continuous Consecution: there exists
differentiable function
 : [0,  ] 
n
l  L and a time interval   0 , and a continuous and
, such that
(1) li  li 1  l ;
(2)  (0)  xi ,  ( )  xi 1 , and (t  [0,  ]),  (t ) | Inv (l ) ;
(3) (t  [0,  ]),  ( t ), ( t ) | D (l ) .
Example 1. Figure 1 shows a canonical example of a hybrid system called the bouncing ball,
representing a ball bouncing on a soft floor ( y  0 ). The corresponding hybrid system is as follows:
V  { y , v y ,  };
L  {l};
T  { }, where   l , l ,   0  y  0  y '  y  vy  

  ( y  0  v y  16    0);
vy
2
  '  0 ;

D(l )  ( y  v y  v y  10    1);
Inv (l )  ( y  0)
The variable y is the position of the ball, v y is its velocity, and  represents the time elapsed
since its last bounce. A bounce is modeled by the transition
 , which means its velocity v y is halved
and its directive is reversed.
 y  0,   0

v
v y   y , y  
2

   0



y



l : y 0
y  vy
vy  10
  1
Figure 1. A bouncing ball’s hybrid automaton
An assertion, we mean a first-order formula over the system variables. We use the notation s | 
254
Generating Invariants for Hybrid Systems by Computing Vanishing Ideals of Sample Points
Bin Wu, Yongjun Fu
 . We will also write 1 |  2 for two assertions 1 ,
 2 to represent that  2 is true at least in all the states in which 1 is true.
to denote that a state s satisfies an assertion
Next, we introduce the notions of (inductive) invariants for hybrid systems.
Definition 5 (Invariant). An invariant of the hybrid system  at location l  L is an assertion

over V which holds at all reachable states at location l .
Definition 6 (Inductive Invariant). Let  be a hybrid system and D the domain of assertions. An
assertion map for  is a map  : L  D that associates each location of the hybrid system with
 (l ) . We say that  is inductive if the following hold:
Initiation:  |  (l0 ) ;
Discrete Consecution: For each discrete transition    l1 , l2 ,  ,   , we have
 (l1 )     |  (l2 ) '
Continuous Consecution: For every location l  L , and states  l , x1  ,  l , x2  which x2
evolves from x1 according to the differential rule D ( l ) at l , if x1 |  (l ) then x2 |  (l ) .
It is a well-known result [13] that if  is an inductive assertion map then  ( l ) is an invariant at
location l for each l  L . However, an invariant assertion is not necessarily inductive.
an assertion
In this paper, we are interested in finding inductive invariants of the form p (V )  0 , where
p (V ) is a polynomial over the system variables. For brevity, we shall use  ( l ) to denote both the
assertion p  0 and the polynomial p .
In the sequel, we will use the following stronger but more practical discrete consecution condition
defined in [3] or [14].
Definition 7 (Polynomial-Scale Discrete Consecution). Let    l1 , l2 ,   be a discrete transition
 be an assertion map. We say  satisfies polynomial-scale (PS) discrete consecution for  if
there exists a polynomial q over V such that  | ( (l2 ) '  q  (l1 )  0) .
and
In particular, if deg( q ) = 0, polynomial-scale discrete consecution reduces to constant-scale discrete
consecution.
From Definition 7, to verify whether  satisfies polynomial-scale discrete consecution, it suffices
to check whether
 (l1 ) |  (l2 ) ' .
3. Generating Invariants for Hybrid Systems
In this section, we present an approach to generate polynomial equation invariants for hybrid
systems by computing vanishing ideals of sample points.
Our invariant generation method consists of the following steps:
Step 1: We get a set Sl of sample points by recording the values of system variables at each
location l .
Step 2: We apply Buchberger-Möller algorithm to compute a Gröbner basis of the vanishing ideal
I ( Sl ) of Sl , and take the polynomials in the basis of I ( Sl ) , or more exactly, the corresponding
polynomial equalities as candidate invariants.
Step 3: For each candidate invariant, we determine whether it is an invariant of the given hybrid
system at location l by checking polynomial-scale discrete consecution and continuous consecution.
3.1. Getting a set of sample points
The first step in our method is to get a set Sl of sample points for each location
l . Let  be a
255
Generating Invariants for Hybrid Systems by Computing Vanishing Ideals of Sample Points
Bin Wu, Yongjun Fu
hybrid system with m locations and n system variables. Given an upper bound el for the total
l  L . By a classical result from
 el  n 
combinatorics, we need at most 
 sample points to determine a candidate invariant in n
 n 
variables with total degree bound el . For the discrete consecution, we can get a set Sld containing
no more than N ld sample points at location l by executing discrete consecution. For continuous
consecution, we construct a system of differential equations based on differential rule D ( l ) . If the
closed form solutions of it can be found, we will obtain a finite set Slc containing no more than N lc
degree of its potential polynomial invariants at location
sample points at location
e  n
l from them, where Sl  Sld  Slc and N ld  N lc   l
.
 n 
Example 2. For the system introduced in Example 1, set the degree bound of the polynomial invariants
e  n
l to be el  2 , we need  l
  10 sample points. By running the discrete
 n 
consecution with the initial values ( y , v y ,  ) =(0, 16, 0), we get sample points:
at the location
Sld = {(0, 16, 0), (0,−8, 0), (0, 4, 0), (0,−2, 0), (0, 1, 0)}.
For continuous consecution at location l , we abstract a system of differential equations via
differential rule D ( l ) as follow:
 y (t )  v y (t )

 v y (t )  10
 (t )  1

with initial values y  0, v y  16,
  0.
Its closed form solutions are:
 y (t )  5t 2  16t

v y (t )  10t  16
  (t )  t

(1)
Consider the location condition Inv ( l )  ( y  0) , we get sample points: Slc ={(0, 16, 0), (3, 14,
0.2), (5.6, 12, 0.4), (7.8, 10, 0.6), (9.6, 8, 0.8),(11, 6, 1)}.
Consequently, Sl = {(0, 16, 0), (0,−8, 0), (0, 4, 0), (0,−2, 0),(0, 1, 0), (3, 14, 0.2), (5.6, 12, 0.4), (7.8,
10, 0.6), (9.6, 8, 0.8),(11, 6, 1)}.
3.2. Computing vanishing ideal
The second step in our technique is computing the vanishing ideal I ( Sl )  1 ,r  of the point
set Sl as candidate invariants, where
1 ,r
is a Gröbner basis of the ideal I ( Sl ) . In addition,
we can get the minimal degree e '(  e ) of all the polynomials in I ( Sl ) .
Example 3. Apply Buchberger-Möller algorithm to get a vanishing ideal 1 ,2 ,3 ,4  of 10
sample points in Example 2 with respect to the graded lexicographical ordering y  v y   , where
256
Generating Invariants for Hybrid Systems by Computing Vanishing Ideals of Sample Points
Bin Wu, Yongjun Fu
1  y  16  5 2
2   v y  16  10 2
3   6  3 5  3.4 4  1.8 3  0.4384 2  0.0384
4   5  11v 4y  110v 3y  440v 2y  704v y  1024  777600.0001  1922400.001 2
 1746000.004 3  690000.0053 4100000.0026 5
3.3. Verifying the candidate invariants
The third step in our approach is verifying whether each candidate in {1  0,r  0} is an
actual invariant. Clearly, all the
i
satisfy Initiation condition, since they belong to the vanishing
ideal of sample points of the hybrid system. Therefore, the remaining task is to determine whether
i
satisfies polynomial-scale discrete consecution and continuous consecution. For the
polynomial-scale discrete consecution, according to Definition 7 we only need check whether
i (l1 ) | i (l2 ) ' . For the continuous consecution, based on Definition 7 we will check whether the
closed form solutions computed in Step 1 satisfy
i  0 .
As a result, we can either generate the polynomial invariants of total degree  e or conclude that
polynomial invariants with degree  e ' do not exist.
Example 4. For the polynomial-scale discrete consecution, we determine whether
i ( y , v y ,  ) | i ( y ', vy ,  ') for i  1,2,3, 4 . We then get that i ( y , v y ,  ) | i ( y ', vy ,  ') for
i  1, 2,3 and 4 ( y , v y ,  ) | 4 ( y ', vy ,  ') .
In addition, for the continuous consecution, we check whether the closed form solutions (1) satisfy
the candidates i ( y , v y ,  )  0 for i  1, 2,3 . We then get that the solutions satisfy 1  0 and
2  0 .
Finally, we obtain the invariants of the hybrid system  :
y  16  5 2  0   v y  16  10 2  0
 ( y , v y ,  )  0 is an
 ( y , v y ,  ) is e '  2 .
Moreover, we conclude if
degree of the polynomials
invariant of hybrid system  , the minimal
4. Conclusions
In this paper, we present a new method to generate polynomial equation invariants for hybrid
systems. We first generate vanishing ideals of hybrid system sample points to get candidate invariants,
then check whether the candidates satisfy polynomial-scale discrete consecution and continuous
consecution based on Definition (6) and Definition (7). Finally, we obtain the polynomial equation
invariants of hybrid systems. Our approach avoids first-order quantifier elimination and cylindrical
algebraic decomposition as well as they do not depend on any abstraction interpretation methods.
However, differential equations solving techniques are used to verify candidate invariants in our
approach. It is well known that the differential equations are generally hard to solve. How to furtherly
improve the efficiency of our method is still a big challenge and our main future work.
5.
Acknowledgment
We are so grateful to Dr. Min Wu and Dr. Zhengfeng Yang for their contribution to the previous
work as well as lots of fruitful discussions on this work and valuable comments on the draft of this
257
Generating Invariants for Hybrid Systems by Computing Vanishing Ideals of Sample Points
Bin Wu, Yongjun Fu
paper. This research was partly supported by the NSFC projects No.90718041 and the Scientific
Research Fund of Zhejiang Provincial Education Department No. Y201122194.
6.
References
[1] A. Tiwari, “Approximate reachability for linear systems,” in HSCC’2003: Hybrid Systems:
Computation and Control, O. Maler and A. Pnueli, Eds., vol. 2623 of LNCS. Prague, The Czech
Republic: Springer-Verlag, 2003, pp. 514–525.
[2] N. Halbwachs, Y. erick Proy, and P. Roumanoff, “Verification of real-time systems using linear
relation analysis,” Formal Methods in System Design, vol. 11, no. 2, pp. 157–185, 1997.
[3] S. Sankaranarayanan, H. Sipma, and Z. Manna, “Constructing invariants for hybrid systems,” in
HSCC’2004: Hybrid Systems: Computation and Control, R. Alur and G. J. Pappas, Eds., vol.
2993 of LNCS. Philadelphia, PA, USA: Springer-Verlag, 2004, pp. 539–554.
[4] E. Rodr´ıguez-Carbonell and A. Tiwari, “Generating polynomial invariants for hybrid systems,” in
HSCC’2005: Hybrid Systems: Computation and Control, M. Morari and L. Thiele, Eds., vol. 3414
of LNCS. Zurich, Switzerland: Springer-Verlag, 2005, pp. 590–605.
[5] S. Gulwani and A. Tiwari, “Constraint-based approach for analysis of hybrid systems,” in
CAV’2008: 20th International Conference on Computer Aided Verification, A. Gupta and S.
Malik, Eds., vol. 5123 of LNCS. Princeton, NJ, USA: Springer-Verlag, 2008, pp. 190–203.
[6] A. Platzer and E. M. Clarke, “Computing differential invariants of hybrid systems as fixedpoints,”
in CAV’2008: 20th International Conference on Computer Aided Verification, A. Gupta and S.
Malik, Eds., vol. 5123 of LNCS. Princeton, NJ, USA: Springer-Verlag, 2008, pp. 176–189.
[7] P. A. Parrilo, “Semidefinite programming relaxations for semialgebraic problems,” Mathematical
Programming Series B, vol. 96, no. 2, pp. 293–320, 2003.
[8] S. Prajna and A. Jadbabaie, “Safety verification of hybrid systems using barrier certificates,” in
HSCC’2004: Hybrid Systems: Computation and Control, R. Alur and G. J. Pappas, Eds., vol.
2993 of LNCS. Philadelphia, PA, USA: Springer-Verlag, 2004, pp. 477–492.
[9] B. Buchberger, “Gröbner-bases: An algorithmic method in polynomial ideal theory.” in
Multidimensional Systems Theory - Progress, Directions and Open Problems in Multidimensional
Systems. Reidel Publishing Company, Dodrecht – Boston - Lancaster, 1985, pp. 184–232.
[10] H. M. Möller and B. Buchberger, “The construction of multivariate polynomials with preassigned
zeros,” in EUROCAM’ 1982: European Computer Algebra Conference, J. Calmet, Ed., vol. 144
of LNCS. Marseille, France: Springer, Berlin-New York, 1982, pp. 24–31.
[11] M. G. Marinari, H. M. Möller, and T. Mora, “Gröbner bases of ideals defined by functionals with
an application to ideals of projective points,” Applicable Algebra in Engineering, Communication
and Computing, vol. 4, no. 2, pp. 103–145, 1993.
[12] T. A. Henzinger, “The theory of hybrid automata,” in LICS’ 1996: Proceedings of the 11th Annual
IEEE Symposium on Logic in Computer Science, 1996, pp. 278–292.
[13] R. W. Floyd, “Assigning meanings to programs,” in Mathematical Aspects of Computer Science,
ser. Proceedings of Symposia in Applied Mathematics, J. T. Schwartz, Ed., vol. 19. Providence,
Rhode Island: American Mathematical Soecity, 1967, pp. 19–32.
[14] S. Sankaranarayanan, H. B. Sipma, and Z. Manna, “Nonlinear loop invariant generation using
gröbner bases,” in POPL’2004: Proceedings of the 31st ACM SIGPLANSIGACT symposium on
Principles of programming languages. Venice, Italy: ACM Press, New York, NY, 2004, pp.
318–329.
[15] Duolin Liu, "E-commerce System Security Assessment Based on Grey Relational Analysis
Comprehensive Evaluation", JDCTA: International Journal of Digital Content Technology and its
Applications, Vol. 5, No. 10, pp. 279-284, 2011.
[16] Yuan Jiang, Dongming Jiang, "The Security Assessment Method of Wireless Sensor Network
with Interval Grey Linguistic Variables", JDCTA: International Journal of Digital Content
Technology and its Applications, Vol. 5, No. 10, pp. 389-395, 2011
[17] Wang Jinbo, Liu Xuefeng, Deng Ming, "A Framework of Knowledge Management System for
Support Decision Making on Web-enabled Environment", JCIT, Vol. 6, No. 7, pp. 133-139, 2011.
[18] Kaihong Guo, Wenli Li, "A C-OWA Operator-based Method for Aggregating Intuitionistic Fuzzy
Information and Its Application to Decision Making under Uncertainty", JDCTA, Vol. 4, No. 7,
pp. 140-147, 2010.
258