Green Scheduling

(1)

CS620, IIT BOMBAY

Green Scheduling

Ashutosh Trivedi

Department of Computer Science and Engineering, IIT Bombay

CS620: New Trends in IT: Modeling and Verification of Cyber-Physical Systems (26 July 2013)

(2)

Peak Demand Reduction in Energy Usage

1. Absence ofbulk energy storage technology 2. Base-load vspeaking powerplants

3. Energy peaks are expensive:

– Forenvironment(peaking power plants are typically fossil-fueled )

– Forenergy providers

– Forcustomers(peak power pricing) 4. Energy peaks are often avoidable:

– Extreme weather and energy peaks – Heating, Ventilation, and Air-conditioning

(HVAC) Units 5. Load-balancing methods:

– Load shedding – Load shifting

– Green scheduling [NBPM11]

(3)

Green Scheduling

Zones\HVAC Units Modes HIGH LOW OFF

X (Temp. Change Rate/ Energy Usage) -2/3 -1/2 2/0.2 Y (Temp. Change Rate/ Energy Usage) -2/3 -1/2 3/0.2

– Assume thatcomfortable temperaturerange is 65^oF to70^oF. – Energy is extremely expensive if peak demand dips above 4 units in a

billing period

Problem

Find an “implementable”switching schedule that keeps the temperatures withincomfort zone andpeak usagewithin 4 units?

(4)

Green Scheduling

X (Temp. Change Rate/ Energy Usage) -2/3 -1/2 2/0.2 Y (Temp. Change Rate/ Energy Usage) -2/3 -1/2 3/0.2 – Assume thatcomfortable temperaturerange is 65^oF to70^oF. – Energy is extremely expensive if peak demand dips above 4 units in a

billing period

Problem

Find an “implementable”switching schedule that keeps the temperatures withincomfort zone andpeak usagewithin 4 units?

(5)

Green Scheduling

X (Temp. Change Rate/ Energy Usage) -2/3 -1/2 2/0.2 Y (Temp. Change Rate/ Energy Usage) -2/3 -1/2 3/0.2 – Assume thatcomfortable temperaturerange is 65^oF to70^oF. – Energy is extremely expensive if peak demand dips above 4 units in a

billing period

Problem

Find an “implementable”switching schedule that keeps the temperatures withincomfort zoneandpeak usagewithin 4 units?

(6)

Green Scheduling: Contd

˙ x=−2

˙ y=−2 MH,H(6)

˙ x=−2

˙ y=−1 MH,L(5)

˙ x=−1

˙ y=−2 ML,H(5)

˙ x=−2

˙ y= 3 MH,O(3.2)

˙ x=−1

˙ y=−1 ML,L(4)

˙ x=−1

˙ y= 3 ML,O(2.2)

˙ x= 2

˙ y=−2

˙ x= 2

˙ y=−1

˙ x= 2

˙ y= 3

(7)

Green Scheduling: Contd

˙ x=−2

˙ y=−2 MH,H(6)

˙ x=−2

˙ y=−1 MH,L(5)

˙ x=−1

˙ y=−2 ML,H(5)

˙ x=−2

˙ y= 3 MH,O(3.2)

˙ x=−1

˙ y=−1 ML,L(4)

˙ x=−1

˙ y= 3 ML,O(2.2)

˙ x= 2

˙ y=−2 MO,H(3.2)

˙ x= 2

˙ y=−1 MO,L(2.2)

˙ x= 2

˙ y= 3 MO,O(0.4)

(8)

Green Scheduling: Contd

˙ x=−2

˙ y= 3

m1

˙ x=−1

˙ y=−1

m2

˙ x=−1

˙ y= 3

m3

˙ x= 2

˙ y=−2

m4

˙ x= 2

˙ y=−1

m5

˙ x= 2

˙ y= 3

m6

Safe Schedulability Problem

Does there exist aswitching scheduleusing thesemodessuch that the temperatures of all zones stays incomfortable region?

(9)

Multi-mode Systems: Safe Schedulability

˙ x=−2

˙ y= 3

m1

˙ x=−1

˙ y=−1

m2

˙ x=−1

˙ y= 3

m3

˙ x= 2

˙ y=−2

m4

˙ x= 2

˙ y=−1

m5

˙ x= 2

˙ y= 3

m6

Safe set: x∈[65,70], y∈[65,70]

68 68 x y

s0

67 67 s1

(m2,1) 66

70 s2

(m3,1) 68

68 s3

(m4,1) 67

67 s4

(m2,1) · · ·

Keywords: State, Schedule, periodic schedule, ultimately periodic schedule, trajectory, and safe schedule

(10)

Multi-mode Systems: Safe Schedulability

˙ x=−2

˙ y= 3

m1

˙ x=−1

˙ y=−1

m2

˙ x=−1

˙ y= 3

m3

˙ x= 2

˙ y=−2

m4

˙ x= 2

˙ y=−1

m5

˙ x= 2

˙ y= 3

m6

Safe set: x∈[65,70], y∈[65,70]

68 68 x y

s0

67 67 s1

(m2,1)

66 70 s2

(m3,1) 68

68 s3

(m4,1) 67

67 s4

(m2,1) · · ·

Keywords: State, Schedule, periodic schedule, ultimately periodic schedule,

(11)

Multi-mode Systems: Safe Schedulability

˙ x=−2

˙ y= 3

m1

˙ x=−1

˙ y=−1

m2

˙ x=−1

˙ y= 3

m3

˙ x= 2

˙ y=−2

m4

˙ x= 2

˙ y=−1

m5

˙ x= 2

˙ y= 3

m6

Safe set: x∈[65,70], y∈[65,70]

68 68 x y

s0

67 67 s1

(m2,1) 66

70 s2

(m3,1)

68 68 s3

(m4,1) 67

67 s4

(m2,1) · · ·

(12)

Multi-mode Systems: Safe Schedulability

˙ x=−2

˙ y= 3

m1

˙ x=−1

˙ y=−1

m2

˙ x=−1

˙ y= 3

m3

˙ x= 2

˙ y=−2

m4

˙ x= 2

˙ y=−1

m5

˙ x= 2

˙ y= 3

m6

Safe set: x∈[65,70], y∈[65,70]

68 68 x y

s0

67 67 s1

(m2,1) 66

70 s2

(m3,1) 68

68 s3

(m4,1)

67 67 s4

(m2,1) · · ·

(13)

Multi-mode Systems: Safe Schedulability

˙ x=−2

˙ y= 3

m1

˙ x=−1

˙ y=−1

m2

˙ x=−1

˙ y= 3

m3

˙ x= 2

˙ y=−2

m4

˙ x= 2

˙ y=−1

m5

˙ x= 2

˙ y= 3

m6

Safe set: x∈[65,70], y∈[65,70]

68 68 x y

s0

67 67 s1

(m2,1) 66

70 s2

(m3,1) 68

68 s3

(m4,1) 67

67 s4

(m2,1) · · ·

(14)

Multi-mode Systems: Safe Schedulability

˙ x=−2

˙ y= 3

m1

˙ x=−1

˙ y=−1

m2

˙ x=−1

˙ y= 3

m3

˙ x= 2

˙ y=−2

m4

˙ x= 2

˙ y=−1

m5

˙ x= 2

˙ y= 3

m6

Safe set: x∈[65,70], y∈[65,70]

68 68 x y

s0

67 67 s1

(m2,1) 66

70 s2

(m3,1) 68

68 s3

(m4,1) 67

67 s4

(m2,1) · · ·

(15)

Multi-mode System: Zeno schedule

˙ x=−2

˙ y= 3

m1

˙ x=−1

˙ y=−1

m2

˙ x=−1

˙ y= 3

m3

˙ x= 2

˙ y=−2

m4

˙ x= 2

˙ y=−1

m5

˙ x= 2

˙ y= 3

m6

Safe set: x∈[65,70], y∈[65,70]

68 68 x y

s0

68 68 s1

(m2,0) 68

68 s2

(m3,0) 68

68 s3

(m4,0) 68

68 s4

(m2,0) · · ·

Keywords: Zeno Schedule

(16)

Multi-mode Systems: Zeno schedule

˙ x=−2

˙ y= 3

m1

˙ x=−1

˙ y=−1

m2

˙ x=−1

˙ y= 3

m3

˙ x= 2

˙ y=−2

m4

˙ x= 2

˙ y=−1

m5

˙ x= 2

˙ y= 3

m6

Safe set: x∈[65,70], y∈[65,70]

68 68 x y

s0

67 67 s1

(m2,1) 66.5

68.5 s2

(m3,¹₂) 67 68 s3

(m4,¹₄) 66.875 67.875

s4

(m2,¹₈) · · ·

(17)

Another Example: Leaking Tanks Systems

v₂ v₁

w u₁

`₁

u₂

`₂

x₁ x₂

˙ x1=−v1

˙ x2=−v1

m1

˙

x1=w−v1

˙ x2=−v2

m2

˙ x1=−v1

˙

x2=w−v2

m3

x1∈[`1, u1], x2∈[`2, u2]

(18)

Another Example: Leaking Tanks Systems

v₂ v₁

w u₁

`₁

u₂

`₂

x₁ x₂

˙ x1=−v1

˙ x2=−v1

˙

x1=w−v1

˙ x2=−v2

˙ x1=−v1

˙

x2=w−v2

(19)

... and more

1. Temperature and humidity control in cloud servers 2. Robot motion planning

3. Autonomous vehicles navigation 4. and more..

(20)

Motivation

Constant-Rate Multi-Mode Systems

Optimization, Discretization, and Undecidability

Summary

(21)

Definitions: Convex Sets

z z

Convex Sets Non-Convex Set

y x

x y

x1

x2

x3

x4

x5

– Aconvex combinationof a set of pointsx1, x2, . . . , xn∈Rⁿ is a point of the formλ1x1+λ2x2+· · ·+λnxn whereλi∈[0,1]andP

iλi= 1.

– A setS⊆Rⁿ isconvex if for any set of pointsx1, x2, . . . , xn∈S their convex combinations are also inS.

– Theconvex hullof pointsx1, x2, . . . , xn∈Rⁿ is the minimum convex set that contains these point, and is the set of all convex combinations.

(22)

Definitions: Convex Sets

z z

y x

x y

x1

x2

x3

x4

x5

iλi= 1.

– A setS ⊆Rⁿ isconvex if for any set of pointsx1, x2, . . . , xn∈S their convex combinations are also inS.

(23)

Definitions: Convex Sets

z z

y x

x y

x1

x2

x3

x4

x5

iλi= 1.

– A setS ⊆Rⁿ isconvex if for any set of pointsx1, x2, . . . , xn∈S their convex combinations are also inS.

(24)

Formal Definitions

Definition (Constant-Rate Multi-Mode Systems: MMS)

A MMS is a tupleH= (M, n, R)where – M is a finite nonempty set ofmodes, – nis the number ofcontinuous variables,

– R:M →Rⁿ gives for each mode therate vector, – S⊆Rⁿ is a bounded convexset ofsafe states.

– Thetrajectory of a schedule(m1, t1),(m2, t2), . . . ,(mk, tk)froms0 is s0,(m1, t1), s1, . . . ,(mk, tk), sk

such thatsi=si−1+ti·R(mi)for all for all1≤i≤k.

– Ascheduleis safe ats0 if all states of its trajectory froms0 are safe. – Amodemist-safe at a states∈S if the schedule(m, t)is safe.

(25)

Formal Definitions

Definition (Constant-Rate Multi-Mode Systems: MMS)

A MMS is a tupleH= (M, n, R)where – M is a finite nonempty set ofmodes, – nis the number ofcontinuous variables,

– R:M →Rⁿ gives for each mode therate vector, – S⊆Rⁿ is a bounded convexset ofsafe states.

– Thetrajectory of a schedule(m1, t1),(m2, t2), . . . ,(mk, tk)froms0 is s0,(m1, t1), s1, . . . ,(mk, tk), sk

such thatsi=si−1+ti·R(mi)for all for all1≤i≤k.

– Ascheduleis safe ats0 if all states of its trajectory froms0 are safe.

– Amodemist-safe at a states∈S if the schedule(m, t)is safe.

(26)

Definition

Safe Schedulability Problem

Given an MMSHand a starting states0 decide whether there exists a non-Zeno safe schedule.

Theorem

Safe Schedulability can be solved inpolynomial time.

Safe Reachability Problem

Given an MMSH, astarting state s0∈S, and atarget state st∈S, decide whether there exists a safe schedule that reachesstfroms0.

Theorem

Safe Reachability can be solved inpolynomial timeif the starting and the target states lie in the interior ofS.

(27)

Definition

Safe Schedulability Problem

Theorem

Safe Reachability Problem

Given an MMSH, astarting state s0∈S, and atarget state st∈S, decide whether there exists a safe schedule that reachesstfroms0.

Theorem

(28)

Definition

Safe Schedulability Problem

Theorem

Safe Reachability Problem

Given an MMSH, astarting state s0∈S, and atarget statest∈S, decide whether there exists a safe schedule that reachesstfroms0.

Theorem

(29)

Definition

Safe Schedulability Problem

Theorem

Safe Reachability Problem

Given an MMSH, astarting state s0∈S, and atarget statest∈S, decide whether there exists a safe schedule that reachesstfroms0.

Theorem

(30)

Safe Schedulability Problem: Geometry

˙ x=−2

˙ y= 3

m1

˙ x=−1

˙ y=−1

m2

˙ x=−1

˙ y= 3

m3

˙ x= 2

˙ y=−2

m4

˙ x= 2

˙ y=−1

m5

˙ x= 2

˙ y= 3

m6

Safe set: x∈[65,70], y∈[65,70]

m1

(−2,3)

m4

(2,−2) m6

(2,3)

m2

(−1,−1) m3

(−1,3)

m5

(2,−1)

(31)

Safe Schedulability Problem: Geometry

s1

m6

m₃ m1

m2

m₄ m₅

(32)

Safe Schedulability Problem: Geometry

s1

m6

m₃ m1

m2

m₄ m₅

(33)

Safe Schedulability Problem: Geometry

s1

m6

m₃ m1

m2

m₄ m₅

(34)

Safe Schedulability Problem: Geometry

s1

m6

m₃ m1

m2

m₄ m₅

s2

(35)

Safe Schedulability Problem: Geometry

s1

m6

m3

m1

m2

m4

m5

s2 s3

s4

m5

(36)

Safe Schedulability Problem: Interior Case

Lemma

Assume that the starting state lies in theinteriorof the safety set.

A safenon-Zenoschedule exists if and only if

|M|

X

i=1

R(i)·fi = 0

|M|

X

i=1

fi = 1.

for somef1, f2, . . . , f|M|≥0.

Moreover, such a schedule isperiodic.

(37)

Safe Schedulability Problem: Interior Case

Proof Sketch: (“if” direction):

If for some non-negativefi we have

|M|

X

i=1

R(i)·fi= 0and

|M|

X

i=1

fi= 1 then there exists anon-Zeno periodic safeschedule.

1. There exists at >0such that all modes are safe ats0fort-time. 2. Consider theperiodicschedule

(m1, t·f1),(m2, t·f2), . . . ,(m|M|, t·f|M|) 3. Notice that the schedule isnon-Zeno.

4. Consider the trajectory of the schedule

s0,(m1, t1), s1(m2, t2), . . . , s|M|,(m1, t1). . . 5. Notice thatsi·|M|+j =sj for alli≥0.

6. We show thats0, s1, . . . , s|M|−1are safe.

(38)

Safe Schedulability Problem: Interior Case

If for some non-negativefi we have

|M|

X

i=1

R(i)·fi= 0and

|M|

X

i=1

fi= 1 then there exists anon-Zeno periodic safeschedule.

1. There exists at >0 such that all modes are safe ats0fort-time.

2. Consider theperiodicschedule

(m1, t·f1),(m2, t·f2), . . . ,(m|M|, t·f|M|) 3. Notice that the schedule isnon-Zeno.

4. Consider the trajectory of the schedule

s0,(m1, t1), s1(m2, t2), . . . , s|M|,(m1, t1). . .

(39)

Safe Schedulability Problem: “If” Direction

Lemma: Allconvex combinations of finite safe schedules are safe.

x0, y0, z0

x1

x2

x3

y1 y2

y3

z1

z2

z3

z4

z5

z6 z6=λx3+ (1−λ)y3

Corollary: All intermediate states visited in the following periodic schedule are safe if each mode is safe for timet >0.

(m1, t·f1),(m2, t·f2), . . . ,(m|M|, t·f|M|)

(40)

Safe Schedulability Problem: “If” Direction

Lemma: Allconvex combinations of finite safe schedules are safe.

x0, y0, z0

x1

x2

x3

y1 y2

y3

z1

z2

z3

z4

z5

z6 z6=λx3+ (1−λ)y3

Corollary: All intermediate states visited in the following periodic schedule are safe if each mode is safe for timet >0.

(m1, t·f1),(m2, t·f2), . . . ,(m|M|, t·f|M|)

(41)

Safe Schedulability Problem: Interior Case

Proof Sketch: (“only if” direction):

There exists anon-Zeno periodic safeschedule only if for some non-negative fi we have

|M|

X

i=1

R(i)·fi= 0and

|M|

X

i=1

fi= 1

1. Assume that it is notfeasible.

2. Then byFarkas’s lemmathere is(v1, v2, . . . , vn)∈Rⁿ such that (v1, v2, . . . , vn)·R(i)>0 for all modesi. 3. Taking any mode contributes to some progress in the direction

(v1, v2, . . . , vn)

4. Any non-Zeno schedule will eventually leave the safety set.

(42)

Safe Schedulability Problem: Interior Case

|M|

X

i=1

R(i)·fi= 0and

|M|

X

i=1

fi= 1

2. Then byFarkas’s lemmathere is(v1, v2, . . . , vn)∈Rⁿ such that (v1, v2, . . . , vn)·R(i)>0 for all modesi.

3. Taking any mode contributes to some progress in the direction (v1, v2, . . . , vn)

(43)

Farkas’s Lemma

Gyula Farkas (1847–1930)

Theorem

LetAbe a real N×M matrixandb be anN-dimensionalvector.

Thenexactly oneof the following two statements is true.

– There exists a vectorx∈R^M such that Ax=bandx≥0.

– There exists a vectory∈R^N such thatA^Ty≥0andb^Ty <0.

(44)

Farkas’s lemma application

There exists a vector(f1, f2, . . . , fm)such that for

A=







R(1)(1) R(2)(1) · · · R(m)(1) R(1)(2) R(2)(2) · · · R(m)(2) R(1)(3) R(2)(3) · · · R(m)(3)

1 1 · · · 1







x= (f1, f2, . . . , fm)andb= (0,0, . . . ,1), we have thatAx=bandx≥0.

By Farkas’s lemma, either our equations are feasible or the following is feasible. There exists a vector(v1, v2, . . . , vn, d)such that for

A^T =







R(1)(1) R(1)(2) R(1)(3) 1 R(2)(1) R(2)(2) R(2)(3) 1 R(3)(1) R(3)(2) R(3)(3) 1

· · ·

R(m)(1) R(m)(2) R(m)(3) 1







andb^t= (0,0,0, . . . ,1)^T,A^Ty≥0 andb^Ty <0.

(45)

Farkas’s lemma application

There exists a vector(f1, f2, . . . , fm)such that for

A=







R(1)(1) R(2)(1) · · · R(m)(1) R(1)(2) R(2)(2) · · · R(m)(2) R(1)(3) R(2)(3) · · · R(m)(3)

1 1 · · · 1







x= (f1, f2, . . . , fm)andb= (0,0, . . . ,1), we have thatAx=bandx≥0.

By Farkas’s lemma, either our equations are feasible or the following is feasible.

There exists a vector(v1, v2, . . . , vn, d)such that for

A^T =







R(1)(1) R(1)(2) R(1)(3) 1 R(2)(1) R(2)(2) R(2)(3) 1 R(3)(1) R(3)(2) R(3)(3) 1

· · ·

R(m)(1) R(m)(2) R(m)(3) 1







andb^t= (0,0,0, . . . ,1)^T,A^Ty≥0 andb^Ty <0.

(46)

Safe Schedulability Problem: Interior Case

|M|

X

i=1

R(i)·fi= 0and

|M|

X

i=1

fi= 1

2. Then byFarkas’s lemmathere is(v1, v2, . . . , vn)∈Rⁿ such that (v1, v2, . . . , vn)·R(i)>0 for all modesi.

3. Taking any mode contributes to some progress in the direction (v1, v2, . . . , vn)

(47)

Reachability Problem: Geometry

s1

m6

m₃ m1

m2

m₄ m₅

s5

(48)

Reachability Problem: Geometry

s2

m6

m₃ m1

m2

m₄ m₅

s3

s5

(49)

Safe Reachability Problem

Lemma

Assume that thestartingstates0 and thetargetstate stlie in theinteriorof the safety set.

A safe schedule exists froms0 tostexists if and only if

s0+

|M|

X

i=1

R(i)·ti=st

for somet1, t2, . . . , t|M|≥0.

Proof Sketch:

“Only if” direction is trivial.

(50)

Safe Reachability Problem

If for somet1, t2, . . . , t|M|≥0we have that

s0+

|M|

X

i=1

R(i)·ti=st

then a safe schedule exists froms0 tost.

1. There exists at >0 such that all modes are safe ats0andstfort-time.

Notice all points on the line connectings0andst. 2. Let`be a natural number greater than

P|M|

i=1ti

t .

3. The periodic schedule(m1, t1/`),(m2, t2/`), . . . ,(mM, t|M|/`)reaches the target in`· |M|steps.

4. Each intermediate state is in the safety set.

(51)

Thumb Rules: Schedulability

The following isfeasible:

|M|

X

i=1

R(i)·fi= 0and

|M|

X

i=1

fi= 1 Or, the following in infeasible:

(v1, v2, . . . , vn)·R(i)>0 for all modesi.

m1

(−2,3)

m4

(2,−2) m6

(2,3)

m2

(−1,−1) m3

(−1,3)

m5

(2,−1)

(52)

Thumb Rules: Schedulability

|M|

X

i=1

R(i)·fi= 0and

|M|

X

i=1

fi= 1 Or, the following in infeasible:

(v1, v2, . . . , vn)·R(i)>0 for all modesi.

m1

(−2,3)

m4

(2,−2) m6

(2,3) m3

(−1,3)

m5

(2,−1)

(53)

Thumb Rules: Reachability

s0+

|M|

X

i=1

R(i)·ti=st

s0

st

R₁

R2

(54)

Reachability: Boundary Case

s ₁ s ₂ . . .

s s ⁰

1. Rate vectors are(1,1)and(1,−1) 2. Angle ats⁰ is30^o.

3. ksk, sk=ks, s⁰k ·(

√3−1

√3+1)^k.

(55)

Reachability: Boundary Case

s ₁ s ₂ . . .

s s ⁰

1. Rate vectors are(1,1) and(1,−1) 2. Angle ats⁰ is30^o.

3. ksk, sk=ks, s⁰k ·(

√3−1

√3+1)^k.

(56)

Schedulability: Boundary Case

X Y Z s0

(57)

Schedulability: Boundary Case

X Y Z s0

(58)

Schedulability: Boundary Case

X Y Z s0

(59)

Schedulability: Boundary Case

X Y Z s0

(60)

Schedulability: Boundary Case

Lemma

For any finite safe scheduleσthere exists a finite safe scheduleσ⁰ s.t.:

1. All modes that were ever safe during the trajectory withσwill be safe in the final state ofσ⁰, and

2. The set of safe modes in every state ofσ⁰ will always be increasing.

x0, y0

x1

x2

x3

y1

y2

y3

σ: t1 t2 t3

σ⁰: t1/2

t1/4 t2/2

t1/8 t2/4 t3/2

(61)

Schedulability: Boundary Case

Lemma

For any finite safe scheduleσthere exists a finite safe scheduleσ⁰ s.t.:

1. All modes that were ever safe during the trajectory withσwill be safe in the final state ofσ⁰, and

2. The set of safe modes in every state ofσ⁰ will always be increasing.

x0, y0

x1

x2

x3

y1

y2

y3

σ: t1 t2 t3

σ⁰: t1/2

t1/4 t2/2

t1/8 t2/4 t3/2

(62)

Algorithm: Interior Case

1. Compute the sequence of set of modesM1, M2, . . . , Mk such that – M1 is the set of safe modes atx0, and

– Miis the set of safe modes at states reachable fromx0 using only modes fromMi−1.

2. M1⊂M2⊂ · · · ⊂Mk.

3. Modes outsideMk are never reachable fromx0. 4. The setMk can be computed in polynomial time.

5. MMS is schedulable fromx0 if and only if:

X

m∈Mk

R(m)·fm= 0and X

m∈Mk

fm= 1 6. That can, again, be checked in polynomial time.

(63)

Motivation

Summary

(64)

Optimization Schedulability and Reachability

– MMSH= (M, n, R)andprice functionπ:M →R – Priceof a finite schedule(m1, t1),(m2, t2), . . . ,(mk, tk)is

k

X

i=1

π(mi)ti.

– Average priceof an infinite schedule(m1, t1),(m2, t2), . . .is lim sup

n→∞

Pk

i=1π(mi)ti

Pk i=1ti

. – Optimal reachability-price and average-price problems

– MinimizeP|M|

i=1ti·π(mi)subject to: s0+

|M|

X

i=1

R(i)·ti=st, andti≥0. – MinimizeP|M|

i=1fi·π(mi)subject to:

|M|

X

i=1

R(i)·fi= 0and

|M|

X

i=1

fi= 1, fi≥0.

(65)

Optimization Schedulability and Reachability

– MMSH= (M, n, R)andprice functionπ:M →R – Priceof a finite schedule(m1, t1),(m2, t2), . . . ,(mk, tk)is

k

X

i=1

π(mi)ti.

– Average priceof an infinite schedule(m1, t1),(m2, t2), . . .is lim sup

n→∞

Pk

i=1π(mi)ti

Pk i=1ti

. – Optimal reachability-price and average-price problems – MinimizeP|M|

i=1ti·π(mi)subject to:

s0+

|M|

X

i=1

R(i)·ti =st, andti≥0.

– MinimizeP|M|

i=1fi·π(mi)subject to:

|M|

X

i=1

R(i)·fi= 0and

|M|

X

i=1

fi= 1, fi≥0.

(66)

Discrete Schedulability and Undecidability

Discrete Schedulability:

– Requiring schedules with delays that are multiples of a givensampling rate – For aboundedsafety set only a finite number of states reachable using

such discrete schedulers.

– Such reachable state-transition graph is ofexponential size.

– schedulability/optimization problems can be solved in PSPACE.

– PSPACE-hardness can be shown by a reduction from the acceptance problem forlinear-bounded automata.

Generalizations:

– One can add somestructureto the system by adding – guardson mode-switches

– mode-dependentinvariants

– Corresponds to a variant (singular) ofhybrid automata [HKPV98] – Each of these generalizations lead toundecidabilityof the reachability

problem.

(67)

Discrete Schedulability and Undecidability

Discrete Schedulability:

– Requiring schedules with delays that are multiples of a givensampling rate – For aboundedsafety set only a finite number of states reachable using

such discrete schedulers.

– Such reachable state-transition graph is ofexponential size.

– schedulability/optimization problems can be solved in PSPACE.

– PSPACE-hardness can be shown by a reduction from the acceptance problem forlinear-bounded automata.

Generalizations:

– One can add somestructureto the system by adding – guardson mode-switches

– mode-dependentinvariants

– Corresponds to a variant (singular) ofhybrid automata [HKPV98]

– Each of these generalizations lead toundecidabilityof the reachability problem.

(68)

Undecidability Proof

Marvin Minsky (1927) A Minsky machineAis a tuple (L, C, D)where:

– L={`0, `1, . . . , `n} is the set of states including thedistinguished terminal state`n;

– C={c1, c2}is the set of twocounters;

– D={δ , δ , . . . , δ }is the set of transitions of the following type:

(69)

Undecidability Proof

– LetA= (L, C, D)be a Minsky machine.

– Aconfigurationof a Minsky machine is a tuple(`, c, d) – The initial configuration(`0,0,0)

– Therunof a Minsky machine is a (finite or infinite)validsequence of configurationshk0, k1, . . .i

– The run is a finite sequence (halting) if and only if the last configuration is the terminal state`n.

– Thehalting problem for a Minsky machine asks whether its unique run is finite.

Theorem ( [Min67] )

The halting problem for the two-counter Minsky machines isundecidable.

We reduce Minsky machine halting problem to singular hybrid automata reachability problem.

Theorem

The reachability problem forsingular hybrid automatais undecidable.

(70)

Undecidability Proof

Theorem ( [Min67] )

Theorem

(71)

Undecidability Proof

Theorem ( [Min67] )

Theorem

(72)

Motivation

Summary

(73)

Summary

1. Discussed a model forconstant-rate multi-mode systems

2. Polynomial-time algorithmsfor safe schedulability and safe reachability 3. Energy peak demand reductionproblem

4. Discrete schedulerslead to PSPACE-hardness

5. Adding eitherlocal invariantsor guardslead to undecidability 6. Bounded-rate Multi-mode systems

(74)

Course overview

1. Formal Modeling of CPS

– Discrete Dynamical Systems (Extended Finite State Machines) – Continuous Dynamical Systems (Ordinary Differential Equations) – Hybrid Dynamical Systems

– Timed automata, – Hybrid automata,

– PCDs, Multi-mode systems, and other decidable subclasses

2. Tools for modeling CPS – UPPAAL

– HyTech

– Stateflow/Simulink 3. Verification and Synthesis

– Classical temporal logicsLTLandCTL

– Real-time extensions of these logics, in particularMTL – Model-Checking for timed and hybrid automata

– Automatic Synthesis for CPS (satisfiability, controller-environment games,

(75)

Grading

30%

20%

End-semester Project Mid-semester Quizzes

(76)

T. A. Henzinger, P. W. Kopke, A. Puri, and P. Varaiya.

What’s decidable about hybrid automata?

Journal of Comp. and Sys. Sciences, 57:94–124, 1998.

Marvin L. Minsky.

Computation: finite and infinite machines.

Prentice-Hall, Inc., 1967.

T. X. Nghiem, M. Behl, G. J. Pappas, and R. Mangharam.

Green scheduling: Scheduling of control systems for peak power reduction.

2nd International Green Computing Conference, July 2011.