Neural state classification for hybrid systems

Abstract

Model checking of hybrid systems is usually expressed in terms of the following reachability problem for hybrid automata (HA) [6]: given an HA M, a set of initial states I, and a set of unsafe states U, determine whether there exists a trajectory of M starting in an initial state and ending in an unsafe state. The time-bounded version of this problem considers trajectories that are within a given time bound T.We introduce the State Classification Problem (SCP), a generalization of the model checking problem for hybrid systems. Let B = {0,1} be the set of Boolean values. Given an HA M with state space S(M), time bound T, and set of unsafe states U ⊂ S(M), the SCP problem is to find a function F*: S(M) → B such that for all s ∈ S(M), F* (s) = 1 if M |= Reach (U ,s,T), i.e., if it is possible for M, starting in s, to reach a state in U within time T ; F*(s) = 0 otherwise. A state s ⊂ S(M) is called positive if F*(s) = 1. Otherwise, s is negative. We call such a function a state classifier.State classification is also useful in at least two other contexts. First, due to random disturbances, a hybrid system may restart in a random state outside the initial region, and we may wish to check the system's safety from that state. Secondly, a classifier can be used for online model checking [10], where in the process of monitoring a system's behavior, one would like to determine, in real-time, the fate of the system going forward from the current (non-initial) state.This paper shows how deep neural networks (DNNs) can be used for state classification, an approach we refer to as Neural State Classification (NSC). An NSC classifier is subject to false positives (FPs) and, more importantly, false negatives (FNs). An FP occurs when a state s is deemed positive when it is actually negative, and, likewise, an FN occurs when s is deemed negative when it is actually positive.A well-trained NSC classifier offers high accuracy, runs in constant time (approx. 1 ms in our experiments), and takes constant space (e.g., a DNN with l hidden layers and n neurons only requires functions of dimension l · n for its encoding). This makes NSC classifiers very appealing for applications such as online model checking, a type of analysis subject to strict time and space constraints.Our approach can also classify states of parametric HA by encoding each parameter as an additional input to the classifier. This makes NSC more versatile than state-of-the-art hybrid system reachability tools, which provide little or no support for parametric analysis [3,4].The NSC method is summarized in Figure 1. We train the state classifier using supervised learning, where the training examples are derived by sampling the state and parameter spaces according to some distribution. Reachability values for the examples are computed by invoking an oracle, i.e., an hybrid system model checker [4] or a simulator when the system is deterministic.We evaluate a trained state classifier by estimating its accuracy, false-positive rate, and false-negative rate (together with their confidence intervals) on a test dataset of fresh samples. This allows us to quantify how well the classifier extrapolates to unseen states, i.e., the probability that it correctly predicts reachability for any state.Inspired by statistical model checking [8], we also provide statistical guarantees through sequential hypothesis testing to certify (up to some confidence level) that the classifier meets prescribed accuracy levels on unseen data.We also consider two tuning methods that can reduce and virtually eliminate false negatives: a new method called falsification-guided adaptation that iteratively re-trains the classifier with false negatives found through adversarial sampling; and threshold selection, which adjusts the NN's classification threshold to favor FPs over FNs.We have applied NSC to six nonlinear hybrid system benchmarks, achieving an accuracy of 99.25% to 99.98%, and a false-negative rate of 0.0033 to 0, which we further reduced to 0.0015 to 0 after tuning the classifier. We believe that this level of accuracy is acceptable in many practical applications, and that these results demonstrate the promise of the NSC approach.In the rest of this extended abstract, we provide more details about the NSC approach and discuss experimental results.