This is another technique for verification of safety of hybrid system. Unlike the optimal-control based and set-propagation based techniques, it is not based on explicit computational characterization of the evolution of states in time. Instead, it is based on searching for a function of a state that satisfies certain properties. The function is called a barrier function and it serves as a certificate of safety.
For notational and conceptual convenience we start with an explanation of the method for continuous systems, and only then we extend it to hybrid systems.
Barrier certificate for continuous systems
We consider a continuous-time dynamical system modelled by
\dot{\bm x}(t) = \mathbf f(\bm x, \bm d),
where \bm d represents an uncertainty in the system description – it can be an uncertain parameter or an external disturbance acting on the system.
We now define two regions of the state space:
the set of initial states \mathcal X_0,
and the set of unsafe states \mathcal X_\mathrm{u}.
Our goal is to prove (certify) that the system does not reach the unsafe states for an arbitrary initial state \bm x(0)\in \mathcal X_0 and for an arbitrary d\in \mathcal D.
We define a barrier function B(\bm x) with the following three properties
B(\bm x) > 0,\quad \forall \bm x \in \mathcal X_\mathrm{u},
B(\bm x) \leq 0,\quad \forall \bm x \in \mathcal X_0,
Now, upon finding a function B(\bm x) with such properties, we will prove (certify) safety of the system – the function serves as a certificate of safety.
Note
It cannot go unnoticed that the properties of a barrier function B(\bm x) and the motivation for its finding resemble those of a Lyapunov function. Indeed, the two concepts are related. But they are not the same.
How do we find such function? We will reuse the computational technique based on sum-of-squares (SOS) polynomials that we already used for Lyapunov functions. But first we need to handle one unpleasant aspect of the third condition above – nonconvexity of the set given by B(\bm x) = 0.
Convex relaxation of the barrier certificate problem
We relax the third condition so that it holds not only at B(\bm x) = 0 but everywhere. The three conditions are then B(\bm x) > 0,\quad \forall \bm x \in \mathcal X_\mathrm{u},
B(\bm x) \leq 0,\quad \forall \bm x \in \mathcal X_0,
\nabla B(\bm x)^\top \mathbf f(\bm x, \bm d) \leq 0,\quad \forall \bm x\in \mathcal X, \bm d \in \mathcal D.
Let’s now demonstrate this by means of an example.
Example 1 Consider the system modelled by
\begin{aligned}
\dot x_1 &= x_2\\
\dot x_2 &= -x_1 + \frac{p}{3}x_1^3 - x_2,
\end{aligned}
where the parameter p\in [0.9,1.1].
The initial set is given by
\mathcal X_0 = \{ \bm x \in \mathbb R^2 \mid (x_1-1.5)^2 + x_2^2 \leq 0.25 \}
and the unsafe set is given by
\mathcal X_\mathrm{u} = \{ \bm x \in \mathbb R^2 \mid (x_1+1)^2 + (x_2+1)^2 \leq 0.16 \}.
The vector field \mathbf f and the initial and unsafe sets are shown in the figure below.
┌ Warning: At t=4.423118290940107, dt was forced below floating point epsilon 8.881784197001252e-16, and step error estimate = 1.139033855908175. Aborting. There is either an error in your model specification or the true solution is unstable (or the true solution can not be represented in the precision of Float64).
└ @ SciMLBase ~/.julia/packages/SciMLBase/BaHpR/src/integrator_interface.jl:623
Barrier certificate for hybrid systems
For a hybrid automaton with l locations \{q_1,q_2,\ldots,q_l\}, not just one but l barrier functions/certificates are needed:
B_i(\bm x) > 0,\quad \forall \bm x \in \mathcal X_\mathrm{u}(q_i),
B_i(\bm x) \leq 0,\quad \forall \bm x \in \mathcal X_0(q_i),