MembershipBased Synthesis of Linear Hybrid Automata
 1 Citations
 5.3k Downloads
Abstract
We present two algorithmic approaches for synthesizing linear hybrid automata from experimental data. Unlike previous approaches, our algorithms work without a template and generate an automaton with nondeterministic guards and invariants, and with an arbitrary number and topology of modes. They thus construct a succinct model from the data and provide formal guarantees. In particular, (1) the generated automaton can reproduce the data up to a specified tolerance and (2) the automaton is tight, given the first guarantee. Our first approach encodes the synthesis problem as a logical formula in the theory of linear arithmetic, which can then be solved by an smt solver. This approach minimizes the number of modes in the resulting model but is only feasible for limited data sets. To address scalability, we propose a second approach that does not enforce to find a minimal model. The algorithm constructs an initial automaton and then iteratively extends the automaton based on processing new data. Therefore the algorithm is wellsuited for online and synthesisintheloop applications. The core of the algorithm is a membership query that checks whether, within the specified tolerance, a given data set can result from the execution of a given automaton. We solve this membership problem for linear hybrid automata by repeated reachability computations. We demonstrate the effectiveness of the algorithm on synthetic data sets and on cardiaccell measurements.
Keywords
Synthesis Linear hybrid automaton Membership1 Introduction
Natural sciences pursue to understand the mechanisms of real systems and to make this understanding accessible. Achieving these two goals requires observation, analysis, and modeling of the system. Typically, physical components of a system evolve continuously in real time, while the system may switch among a finite set of discrete states. This applies to cyberphysical systems but also to purely analog systems; e.g., an animal’s hunger affects its movement. A proper formalism for modeling such types of systems with mixed discretecontinuous behavior is a hybrid automaton [11]. Unlike blackbox models such as neural networks, hybrid automata are easy to interpret by humans. However, designing such models is a timeintensive and errorprone process, usually conducted by an expert who analyzes the experimental data and makes decisions.
In this paper, we propose two automatic approaches for synthesizing a linear hybrid automaton [1] from experimental data. The approaches provide two main properties. The first property is soundness, which ensures that the generated model has enough executions: these executions approximate the given data up to a predefined accuracy. The second property is precision, which ensures that the generated model does not have too many executions. The behavior of a hybrid automaton is constrained by socalled invariants and guards. Precision expresses that the boundaries of these invariants and guards are witnessed by the data, which indicates that the constraints cannot be made tighter. Moreover, the proposed synthesis algorithm is complete for a general class of linear hybrid automata, i.e., the algorithm can synthesize any given model from this class.
The first approach reduces the synthesis problem to a satisfiability question for a lineararithmetic formula. The formula allows us to encode a minimality constraint (namely in the number of socalled modes) on the resulting model. This approach is, however, not scalable, which motivates our second approach. Our second approach follows an iterative modeladaptation scheme. Apart from scalability advantages, this online algorithm is thus also wellsuited for synthesisintheloop applications.
After constructing an initial model, the second approach iteratively improves and expands the model by considering new experiments. After each iteration, the model will capture all behaviors exhibited in the previous experiments. Given an automaton and new experimental data, the algorithm proceeds as follows. First we ask whether the current automaton already captures the data. We pose this question as a membership query for a piecewiselinear function in the set of executions of the automaton. For the membership query, we present an algorithm based on reachability inside a tube around the function. If the data is not captured, we need to modify the automaton accordingly by adding behavior. We first try to relax the abovementioned invariants and guards, which we reduce to another membership query. If that query is negative as well, we choose a path in the automaton that closely resembles the given data and then modify the automaton along that path by also adding new discrete structure (called modes and transitions). This modification step is again guided by membership queries to identify the aspects of the model that require improvement and expansion.
As the main contributions, (1) we present an online algorithm for automatic synthesis of linear hybrid automata from data that is sound, i.e., guarantees that the generated model approximates the data up to a userdefined threshold, precise, i.e., the generated model is tight, and complete for a general class of models (2) we solve the membership problem of a piecewiselinear function in a linear hybrid automaton. This is a critical step in our synthesis algorithm
Related Work. The synthesis of hybrid systems was initially studied in control theory under the term identification, mainly focused on (discretetime) switched autoregressive exogenous (SARX) and piecewiseaffine autoregressive exogenous (PWARX) models [7, 18]. SARX models constitute a subclass of linear hybrid automata with deterministic switching behavior. PWARX models are specific SARX models where the mode invariants form a statespace partition. Fixing the number of modes, the identification problem from inputoutput data can be solved algebraically by inferring template parameters. However, in contrast to linear hybrid automata, the lack of nondeterminism and the underlying assumption that there is no hidden state (mode) limits the applicability of these models. An algorithm by Bemporad et al. constructs a PWARX model that satisfies a global error bound [5]. Ozay presents an algorithm for SARX models where the switching is purely timetriggered [17]. There also exist a few online algorithms for the recursive synthesis of PWARX models based on pattern recognition [19] or lifting to a highdimensional identification problem for ARX models [10, 22].
Synthesis is also known as process mining, and as learning models from traces; the latter refers to approaches based on learning finitestate machines [3] or other machinelearning techniques. More recently, synthesis of hybrid automaton models has gained attention. All existing approaches that we are aware of have structural restrictions of some sort, which we describe below. We synthesize, for the first time, a general class of linear hybrid automata which (1) allows nondeterminism to capture many behaviors by a concise representation and (2) provides formal soundness and precision guarantees. The algorithm is also the first online synthesis approach for linear hybrid automata.
The general synthesis problem for hybrid automata is hard: for deterministic timed automata (a subclass of linear hybrid automata with globally identical continuous dynamics), one may already require data of exponential length [21]. The approach by Niggemann et al. constructs an automaton with acyclic discrete structure [16], while the approach by Grosu et al., intended to model purely periodic behavior, constructs a cycliclinear hybrid automaton whose discrete structure consists of a loop [8]. Ly and Lipson use symbolic regression to infer a nonlinear hybrid automaton [14]. However, their model neither contains state variables (i.e., the model is purely inputdriven, comparable to the SARX model) nor invariants, and the number of modes needs to be fixed in advance. Medhat et al. describe an abstract framework, based on heuristics, to learn linear hybrid automata from input/output traces [15]. They first employ Angluin’s algorithm for learning a finitestate machine [3], which serves as the discrete structure of the hybrid automaton, before they decorate the automaton with continuous dynamics. This strict separation inherently makes their approach offline. The work by Summerville et al. based on leastsquares regression requires an exhaustive construction of all possible models for later optimizing a cost function over all of them [20]. Lamrani et al. learn a completely deterministic model with urgent transitions using ideas from information theory [12].
2 Preliminaries
Sets. Let \(\mathbb {R} \), \(\mathbb {R}_{\geqslant 0} \), and \(\mathbb {N}\) denote the set of real numbers, nonnegative real numbers, and natural numbers, respectively. We write \(\mathbf x \) for points \((x_1 , \ldots , x_n)\) in \(\mathbb {R} ^n\). Let \(\mathtt{cpoly}(n)\) be the set of compact and convex polyhedral sets over \(\mathbb {R} ^n\). A set \(X \in \mathtt{cpoly}(n)\) is characterized by its set of vertices \(\texttt {vert}(X) \). For a set of points Y, \(\mathtt{chull} (Y) \in \mathtt{cpoly}(n)\) denotes the convex hull. Given a set \(X \in \mathtt{cpoly}(n)\) and \(\varepsilon \in \mathbb {R}_{\geqslant 0} \), we define the \(\varepsilon \)bloating of X as \(\lceil X \rceil _\varepsilon :=\{ \mathbf x \in \mathbb {R} ^n \mid \exists \mathbf x _0 \in X: \Vert \mathbf x  \mathbf x _0 \Vert \leqslant \varepsilon \} \in \mathtt{cpoly}(n)\), where \(\Vert \cdot \Vert \) is the infinity norm. Given an interval \(I = [l, u] \in \mathtt{cpoly}(1)\), \(\mathtt{lb}(I) = l\) and \(\mathtt{ub}(I) = u\) denote its lower and upper bound.
Functions and Sequences. Given a function f, let \(\mathtt{dom}(f)\) resp. \(\mathtt{img}(f)\) denote its domain resp. image. Let \(f\!\!\downharpoonright _{A}\) denote the restriction of f to domain \(A \subseteq \mathtt{dom}(f)\). We define a distance between functions f and g with the same domain and codomain by \(d(f, g) :=\max _{t \in \mathtt{dom}(f)} \Vert f(t)  g(t) \Vert \). A sequence of length m is a function \(s: D \rightarrow A\) over an ordered finite domain \(D = \{i_1, \ldots , i_m\} \subseteq \mathbb {N}\) and a set A, and we write \(\mathtt{len}(s)\) to denote the length of s. A sequence s is also represented by enumerating its elements, as in \(s(i_1), \ldots , s(i_m)\).
Affine and PiecewiseLinear Functions. An affine piece is a function \(p: I \rightarrow \mathbb {R} ^n\) over an interval \(I = [t_0, t_1] \subseteq \mathbb {R} \) defined as \(p(t) = \mathbf {a}t + \mathbf {b}\) where \(\mathbf {a}, \mathbf {b}\in \mathbb {R} ^n\). Given an affine piece p, \(\mathtt{init}(p)\) denotes the start point \(p(t_0)\), \(\mathtt{end}(p)\) denotes the end point \(p(t_1)\), and \(\mathtt{slope}(p)\) denotes the slope \(\mathbf {a}\). We call two affine pieces p and \(p'\) adjacent if \(\mathtt{end}(p) = \mathtt{init}(p')\) and \(\mathtt{ub}(\mathtt{dom}(p)) = \mathtt{lb}(\mathtt{dom}(p'))\). For \(m \in \mathbb {N}\), an mpiecewiselinear (mpwl\({\textit{)}}\) function \(f : I \rightarrow \mathbb {R} ^n\) over interval \(I = [0, \mathsf {T} ] \subseteq \mathbb {R} \) consists of m affine pieces \(p_1, \ldots , p_m\), such that \(I = \cup _{1 \leqslant j \leqslant m} \mathtt{dom}(p_j)\), \(f(t) = p_j(t)\) for \(t \in \mathtt{dom}(p_j)\), and for every \(1 < j \leqslant m\) we have \(\mathtt{end}(p_{j1}) = \mathtt{init}(p_j)\). We show a 3pwl function in Fig. 1 on the left. Let \(\texttt {pieces}(f)\) denote the set of affine pieces of f. We refer to f and the sequence \(p_1, \ldots , p_{m}\) interchangeably and write “pwl function” if m is clear from the context. A kink of a pwl function is the point between two adjacent pieces. Given a pwl function \(f : I \rightarrow \mathbb {R} ^n\) and a value \(\varepsilon \in \mathbb {R}_{\geqslant 0} \), the \(\varepsilon \)tube of f is the function \(\texttt {tube}_{f, \varepsilon }: I \rightarrow \mathtt{cpoly}(n)\) such that \(\texttt {tube}_{f, \varepsilon } (t) = \lceil f(t) \rceil _\varepsilon \).
Graphs. A graph is a pair (V, E) of a finite set V and a relation \(E \subseteq V \times V\). A path \(\pi \) in (V, E) is a sequence \(v_1, \dots , v_{m}\) with \((v_{j1}, v_j) \in E\) for \(1 < j \leqslant m\).
Hybrid Automata. We consider a particular class of hybrid automata [1, 11].
Definition 1
A ndimensional linear hybrid automaton ( lha ) is a tuple \(\mathcal {H} = (\textit{Q}, \textit{E}, \textit{X}, \textit{Flow}, \textit{Inv}, \textit{Grd})\), where (1) \(\textit{Q}\) is a finite set of modes, (2) \(\textit{E}\subseteq \textit{Q}\times \textit{Q}\) is a transition relation, (3) \(\textit{X}= \mathbb {R}^n\) is the continuous statespace, (4) \(\textit{Flow}: \textit{Q}\rightarrow \mathbb {R}^n\) is the flow function, (5) \(\textit{Inv}: \textit{Q}\rightarrow \mathtt{cpoly}(n)\) is the invariant function, and (6) \(\textit{Grd}: \textit{E}\rightarrow \mathtt{cpoly}(n)\) is the guard function
We sometimes annotate the elements of lha \(\mathcal {H} \) by a subscript, as in \(\textit{Q}_\mathcal {H} \) for the set of modes. We refer to \((\textit{Q}_\mathcal {H}, \textit{E}_\mathcal {H})\) as the graph of lha \(\mathcal {H} \).
An lha evolves continuously according to the flow function in each mode. The behavior starts in some mode \(q \in \textit{Q}\) and some continuous state \(\mathbf x \in \textit{Inv}(q)\). For every mode \(q \in \textit{Q}\), the continuous evolution follows the differential equation \(\dot{\mathbf{x }} = \textit{Flow}(q)\) while satisfying the invariant \(\textit{Inv}(q)\). The behavior can switch from one mode \(q_1\) to another mode \(q_2\) if there is a transition \((q_1, q_2) \in \textit{E}\) and the guard \(\textit{Grd}((q_1,q_2))\) is satisfied. During a switch, the continuous state does not change. This type of system is sometimes called a switched linear hybrid system [13].
Definition 2

for all \(1 \leqslant j < m\), \(\gamma (t) \in \textit{Inv}(\delta (j))\) for \(t \in \mathcal {I} (j)\) and \(\dot{\gamma }(t') = \textit{Flow}(\delta (j))\) for all \(t'\) in the interior of \(\mathcal {I} (j)\), i.e., \(\gamma \!\!\downharpoonright _{\mathcal {I} (j)}\) is an affine function satisfying the invariant and following the flow, and

for all \(1 \leqslant j < m\), \((\delta (j), \delta (j+1)) \in \textit{E}\) and \(\gamma (t) \in \textit{Grd}((\delta (j), \delta (j+1)))\) where \(t = \mathtt{ub}(\mathcal {I} (j))\), i.e., if a transition is taken, then the guard is satisfied.
We denote the set of all executions of \(\mathcal {H} \) by \(\mathtt{exec}(\mathcal {H})\). Given an lha \(\mathcal {H}\), we say that an execution \(\sigma \) follows a path \(\pi \) in \(\mathcal {H}\), that is, in the graph \((\textit{Q}_\mathcal {H}, \textit{E}_\mathcal {H})\), denoted as \({\sigma {\mathop {\leadsto }\limits ^{\mathcal {H}}} \pi }\), if \(\mathtt{len}(\mathcal {I}) = \mathtt{len}(\pi )\) and \(\delta (j) =\pi (j)\) for every \(0 \leqslant j < \mathtt{len}(\mathcal {I})\).
From Timeseries Data to pwl Functions. Experimental data typically comes as time series, i.e., data is only available at sampled points in time. A time series is a sampling \(s : D \rightarrow \mathbb {R} ^n\) over a finite time domain \(D \subseteq [0, \mathsf {T} ] \). Since the lha model features piecewiselinear executions, we focus on piecewiselinear approximation of the data. pwl functions can approximate any continuous behavior with arbitrary precision. There are different yet valid choices for approximating data. For a single time series, linear interpolation gives a perfect fit, but contains many kinks; other algorithms minimize the number of kinks for a given error bound [6, 9]. One can preprocess multiple time series into a single pwl function using, e.g., linear regression. In this paper, we leave the choice of abstraction open and assume that the input is given as pwl functions.
3 Synthesis of Linear Hybrid Automata
In this section, we specify the synthesis problem, consider two different specifications, synchronous and asynchronous, and present the automated approach for solving the synchronous problem. The overall goal is to synthesize a linear hybrid automaton from a set of pwl functions such that the automaton captures the behavior described by each of the pwl functions up to a bound \(\varepsilon \).
Definition 3
(Soundness). Given a pwl function f and a value \(\varepsilon \in \mathbb {R}_{\geqslant 0} \), we say that an lha \(\mathcal {H} \) \(\varepsilon \)captures f if there exists an execution \(\sigma = (\mathcal {I}, \gamma , \delta )\) in \(\mathtt{exec}(\mathcal {H})\) with \(d(f, \gamma ) \leqslant \varepsilon \).
The value \(\varepsilon \) quantifies the acceptable deviation of an execution’s continuous function \(\gamma \) from the pwl function f. For \(\varepsilon = 0\), \(\gamma \) must precisely follow f. A straightforward formulation of the problem we want to solve is the following.
Problem 1
(Synthesis). Given a finite set of pwl functions \(\mathcal {F} \) and \(\varepsilon \in \mathbb {R}_{\geqslant 0} \), construct an lha \(\mathcal {H} \) that \(\varepsilon \)captures every function \(f \in \mathcal {F} \).
Observe that this problem is not wellposed, as it can be satisfied by an automaton that exhibits an excessive amount of behavior. Hence our second goal for the synthesis algorithm is to ensure constraints on the automaton’s size. We start with the synthesis of an lha with minimal number of modes.
3.1 Synchronous Switching Specification
For now, we require that the executions in the lha switch synchronously with the given pwl functions. Under this assumption, we tackle a refinement of Problem 1:
Problem 2
(Synchronous synthesis). Given a finite set of pwl functions \(\mathcal {F} \) and a value \(\varepsilon \in \mathbb {R}_{\geqslant 0} \), construct an lha \(\mathcal {H} \) that \(\varepsilon \)captures every function \(f \in \mathcal {F} \) synchronously, and furthermore require that \(\mathcal {H}\) has the minimal number of modes.
In the following, we present an algorithm to solve Problem 2. The idea is, given a pwl function f, to synthesize an execution \(\sigma \) that is \(\varepsilon \)close to f. Recall that the continuous function \(\gamma \) of an execution is essentially just another pwl function. Any lha that contains the execution \(\sigma \) has to comprise a mode for each different slope in \(\gamma \). Thus a minimal number of modes can be achieved by minimizing the number of different slopes in \(\gamma \). By fixing a number of different slopes, we encode the existence of \(\gamma \) as a logical formula \(\phi _{f,\varepsilon }\), which will be satisfiable if and only if there exists a suitable function \(\gamma \).
Lemma 1
Let \(\mathcal {F} \) be a finite set of pwl functions and \(\varepsilon \in \mathbb {R}_{\geqslant 0} \). If \(\phi _{\mathcal {F},\varepsilon }(\ell )\) is satisfiable for some integer value \(\ell \), then there exists a set of pwl functions \(\mathcal {F} '\) such that \(\mathcal {F} ' = \mathcal {F} \), each function in \(\mathcal {F} \) is \(\varepsilon \)close to some function in \(\mathcal {F} '\), and the number of distinct slopes in \(\mathcal {F} '\) does not exceed \(\ell \).
The set \(\mathcal {F} '\) can be extracted from a satisfying assignment. We define a hybrid automaton with minimal number of locations 0capturing a given pwl function.
Definition 4

\(\textit{Q}= \{ q_\mathbf {a}\mid \exists p \in \texttt {pieces}(f): \mathtt{slope}(p) = \mathbf {a}\}\),

\(\textit{E}= \{ (q_\mathbf {a}, q_{\mathbf {a'}}) \mid \exists p, p' \in \texttt {pieces}(f) \text {adjacent}: \mathtt{slope}(p) = \mathbf {a}, \mathtt{slope}(p') = \AA \}\),

\(\textit{Flow}(q_\mathbf {a}) = \mathbf {a}\),

\(\textit{Inv}(q_\mathbf {a}) = \mathtt{chull} ( \{ \mathtt{img}(p) \mid p \in \texttt {pieces}(f): \mathtt{slope}(p) = \mathbf {a}\})\), and

\(\textit{Grd}((q_\mathbf {a}, q_\mathbf {a'})) = \mathtt{chull} ( \{ \mathtt{end}(p) \mid {} \exists p, p' \in \texttt {pieces}(f) \, \text {adjacent}: \mathtt{slope}(p) = \mathbf {a}\), \(\mathtt{slope}(p') = \AA \} ).\)
Lemma 2
Given a pwl function f, the canonical automaton \(\mathcal {H} _f\) 0captures f, and every lha that 0captures f has at least as many modes as \(\mathcal {H} _f\).
Definition 5
(Merging). Given two hybrid automata \(\mathcal {H} _i = (\textit{Q}_i, \textit{E}_i, \textit{X}, \textit{Flow}_i,\) \( \textit{Inv}_i, \textit{Grd}_i)\), \(i = 1, 2\) with \(\textit{Q}_1 \cap \textit{Q}_2 = \emptyset \), let \(\textit{Q}_\mathbf {a}= Q^{\mathcal {H} _1}_\mathbf {a}\cup Q^{\mathcal {H} _2}_\mathbf {a}\) be the locations with flow equal to \(\mathbf {a}\). We define the merging of \(\mathcal {H} _1\)and \(\mathcal {H} _2\) as \(\mathcal {H} _1 \sqcup \mathcal {H} _2 :=(\textit{Q}, \textit{E}, \textit{X}, \textit{Flow}, \textit{Inv}, \textit{Grd})\) with \(\textit{Q}= \{ q_\mathbf {a}\mid \mathbf {a}\in \mathbb {R} ^n, Q_\mathbf {a}\ne \emptyset \}\), \(\textit{E}= \{(q_\mathbf {a}, q_{\mathbf {a}'}) \mid \exists (q, q') \in E_1 \cup E_2, q \in Q_\mathbf {a}, q \in Q_\mathbf {a}' \}\), \(\textit{Flow}(q_\mathbf {a}) = \mathbf {a}\), \(\textit{Inv}(q_\mathbf {a}) = \mathtt{chull} (\{\textit{Inv}_i(q) \mid q \in Q_\mathbf {a}, i=1,2\})\), and \(\textit{Grd}((q_\mathbf {a}, q_{\mathbf {a}'})) = \mathtt{chull} (\{\textit{Grd}_i((q, q')) \mid (q, q') \in E_i\), \(q \in Q_\mathbf {a}, q' \in \textit{Q}_{\mathbf {a}'}, i=1,2 \})\).
Theorem 1
Given a finite set of pwl functions \(\mathcal {F} \) and a value \(\varepsilon \in \mathbb {R}_{\geqslant 0} \), let \(\ell \) be the smallest integer such that \(\phi _{\mathcal {F},\varepsilon }(\ell )\) is satisfiable and let \(\mathcal {F} '\) be a set of pwl functions corresponding to a satisfying assignment. Then, the merging of canonical automata \(\sqcup _{f \in \mathcal {F} '} \mathcal {H} _f\) solves Problem 2.
The above synthesis algorithm works well with short and lowdimensional pwl functions but does not scale to realistic problem sizes due to the heavy use of disjunctions. We next address scalability with a new online algorithm.
3.2 Asynchronous Switching Specification
We now change the requirement from the previous subsection (minimality in the models’ discrete structure) to tightness in the model’s statespace constraints. Intuitively, for every vertex \(\mathbf v \) of an invariant or guard in \(\mathcal {H} \) there should be some witness data \(f \in \mathcal {F} \) that is close to \(\mathbf v \) (at some point in time).
Definition 6
The restriction to the vertices is reasonable because all sets are compact convex polyhedra. Note that \(\varepsilon \)capturing compares functions to the automaton’s executions, while \(\varepsilon \)precision compares functions to the automaton’s statespace.
We also relax the limitation to synchronously switching executions. Instead, we allow asynchronous switching, characterized as follows: for every function f \(\varepsilon \)captured by \(\mathcal {H}\), there exists an execution \(\sigma \in \mathtt{exec}(\mathcal {H})\) with the same number of switches as there are kinks in f, i.e., \(\mathtt{len}(\mathcal {I}) = \texttt {pieces}(f) \), and where the jth switch in the execution should take place during the time period between the kinks \(j1\) and \(j+1\). We close this section with the new problem statement (a refinement of Problem 1), and present a solution in the next section.
Problem 3
(Asynchronous synthesis). Given a finite set of pwl functions \(\mathcal {F} \) and a value \(\varepsilon \in \mathbb {R}_{\geqslant 0} \), construct an \(\varepsilon \)precise lha \(\mathcal {H} \) that \(\varepsilon \)captures every function \(f \in \mathcal {F} \) asynchronously.
4 Membershipbased Synthesis Approach
In this section, we present an algorithm for solving Problem 3. The core of the algorithm is a reachability computation for providing the polyhedral regions where executions of an lha that are \(\varepsilon \)close to a given pwl function f are allowed to switch. More precisely, given a path \(\pi \) and the \(\varepsilon \)tube of f, the algorithm iteratively constructs the set inside the \(\varepsilon \)tube where an execution following \(\pi \) can switch, without escaping from the tube. These reachable set are, in general, computed with respect to a starting compact convex polyhedron P, a pair of adjacent affine pieces p and \(p'\), and a pair of modes q and \(q'\) along \(\pi \).
Definition 7

\(P^\pi _0 :=\textit{Inv}_\mathcal {H} (q_1) \cap \texttt {tube}_{f, \varepsilon } (0)\),

\(P^\pi _j := switch _\mathcal {H} (P^\pi _{j1},p_{j1}, p_j, q_{j1}, q_j)\) for \(1< j < m\), and

\(P^\pi _{m} :=\{ \mathbf x \in \textit{Inv}(q_{m}) \mid \) \(\exists \sigma = (\mathcal {I}, \gamma , \delta ) \in \mathtt{exec}(\mathcal {H}): \sigma {\mathop {\leadsto }\limits ^{\mathcal {H}}} q_{m}, \gamma (0) \in P^\pi _{m1},\)
\(\mathtt{dom}(\gamma ) = \mathtt{dom}(p_m)\), \(\gamma (t) \in \texttt {tube}_{p_{m}, \varepsilon } (t) \text { and } \mathbf x = \gamma (\mathtt{ub}(\mathcal {I} (m)))\}.\)
4.1 Membershipbased Synthesis Algorithm
The synthesis algorithm outlined in Algorithm 1 computes an lha \(\mathcal {H}\) solving Problem 3 for a given finite set of pwl functions \(\mathcal {F}\) and a value \(\varepsilon \in \mathbb {R}_{\geqslant 0} \). The algorithm initially infers an lha \(\mathcal {H} \) that \(\varepsilon \)captures the first function \(f_0\) of \(\mathcal {F}\) in an \(\varepsilon \)precise manner in line 1. The remaining pwl functions are handled in an iterative loop. For each pwl function f, the algorithm performs a membership query, where it checks if f is \(\varepsilon \)captured by the lha \(\mathcal {H} \) in line 3. If the query results in a positive answer (\(\textit{ans} = True \)), nothing needs to be done. Otherwise, the query returns a path \(\pi \) and the lha \(\mathcal {H}\) needs to be modified. The modification of the automaton \(\mathcal {H} \) is performed in two attempts. The first attempt, in line 5, temporarily increases invariants and guards of \(\mathcal {H} \). If such a modification is sufficient to let the membership query succeed, the modifications are made permanent in line 8. Otherwise, in the second attempt the algorithm adds new modes and/or transitions to \(\mathcal {H}\) along the path \(\pi \). Below we describe every procedure of Algorithm 1 in detail.
Initialization. The procedure InitLha \((f, \varepsilon )\) constructs an initial lha \(\mathcal {H} \) that \(\varepsilon \)captures an mpwl function f. Observe that by Lemma 2 the canonical automaton \(\mathcal {H} _f\) 0captures (and hence \(\varepsilon \)captures) the function f. In order to allow similar dynamical behaviors in a given lha \(\mathcal {H}\), the procedure InitLha \((f, \varepsilon )\) \(\varepsilon \)bloats both invariant and guards polyhedra. The procedure InitLha \((f, \varepsilon )\) outputs the \(\varepsilon \)bloated canonical automaton \(\mathcal {H} _f^\varepsilon \) and is illustrated in Fig. 1.
Definition 8
Given an lha \(\mathcal {H} = (\textit{Q}, \textit{E}, \textit{X}, \textit{Flow}, \textit{Inv}, \textit{Grd})\), we define the \(\varepsilon \) bloated lha of \(\mathcal {H} \) as \(\mathcal {H} ^\varepsilon = (\textit{Q}, \textit{E}, \textit{X}, \textit{Flow}, \textit{Inv}^{\,\varepsilon }, \textit{Grd}^{\,\varepsilon })\) where \(\textit{Inv}^{\,\varepsilon } (q) = \lceil \textit{Inv}(q) \rceil _\varepsilon \) for every \(q \in \textit{Q}\) and \(\textit{Grd}^{\,\varepsilon } (e) = \lceil \textit{Grd}(e) \rceil _\varepsilon \) for every \(e \in \textit{E}\).
Lemma 3
Given a pwl function f and \(\varepsilon \in \mathbb {R}_{\geqslant 0} \), \(\mathcal {H} _f^\varepsilon \) \(\varepsilon \)captures f.
Membership. The procedure Membership \((f,\mathcal {H},\varepsilon )\) checks whether there exists an asynchronous execution \(\sigma = (\mathcal {I},\gamma ,\delta )\) in \(\mathcal {H} \) such that \(d(f, \gamma ) \leqslant \varepsilon \) holds. Let us introduce the required notions to formalize the membership problem.
Definition 9
An execution \(\sigma = (\mathcal {I},\gamma ,\delta )\) of an lha \(\mathcal {H} \) is consistent with an mpwl function f, described by the affine pieces \(p_1, \ldots , p_{m}\), if \(\mathtt{len}(\mathcal {I}) = m\), \([\![ \mathcal {I} ]\!] = \mathtt{dom}(f)\), and \(\mathtt{ub}(\mathcal {I} (j)) \in \mathtt{dom}(p_j) \cup \mathtt{dom}(p_{j+1})\) for every \(1 \leqslant j < m\).
Problem 4
(Membership). Given an mpwl function f, an lha \(\mathcal {H} \), and a value \(\varepsilon \in \mathbb {R}_{\geqslant 0} \), decide if there exists an execution \(\sigma = (\mathcal {I},\gamma ,\delta )\) in \(\mathtt{exec}(\mathcal {H})\) that is consistent with f and such that \(d(f, \gamma ) \leqslant \varepsilon \) holds.
Lemma 4
Let \(\mathcal {H} \) be an lha and f be an mpwl function. Then there exists a path \(\pi \) of length m in \(\mathcal {H} \) such that the final reachable switching set \(P^\pi _m\) is not empty if and only if there exists an execution \(\sigma \) in \(\mathtt{exec}(\mathcal {H})\) solving Problem 4.
Relaxation. If Membership \((f,\mathcal {H},\varepsilon )\) returns False, RelaxAll \((\mathcal {H}, f, \varepsilon )\) constructs an automaton \(\overline{\mathcal {H}}\) that is equivalent to \(\mathcal {H}\) except that its invariants and guards are enlarged to allow additional executions inside the \(\texttt {tube}_{f, \varepsilon } \). Then, the algorithm computes Membership \((f,\overline{\mathcal {H}},\varepsilon )\). If the answer is False again, the algorithm proceeds to the adaptation procedure in line 10. Otherwise (if the answer is True), we obtain a path \(\pi \) in \(\overline{\mathcal {H}} \). Then the algorithm executes the procedure RelaxPath \((\mathcal {H}, f, \varepsilon , \pi )\), which extends the constraints of invariants and guards in \(\mathcal {H}\) for the modes in \(\pi \) by taking the convex hull with the corresponding reachable switching sets \(P^\pi _j \in \mathcal {P}^\pi \). The relaxation procedure applied on the running example is shown in Fig. 3.
Adaptation. If both the membership query and the relaxation procedure fail, the procedure Adapt \((\mathcal {H},f,\varepsilon ,\pi )\) modifies the lha \(\mathcal {H}\) for \(\varepsilon \)capturing f. Conceptually, we construct a new path \(\pi '\), based on some path \(\pi \), and modify \(\mathcal {H} \) accordingly such that the graph of \(\mathcal {H}\) contains \(\pi '\). Recalling Lemma 4, we need to ensure that every reachable switching set in \(\mathcal {P}^{\pi '}\) is nonempty. We construct \(\pi '\) by trying to preserve the modes in path \(\pi \). If this is not possible, we try to replace them by existing modes in the lha \(\mathcal {H} \) whenever possible, potentially adding new transitions. The last option is to create new modes. Finally, we extend the lha \(\mathcal {H} \) by adding the new transitions and/or modes determined by the new path \(\pi '\).
For the replacement of the jth mode q in the path \(\pi '\) we follow two strategies. The first strategy is to replace the mode q by an existing mode \(q' \ne q\) in \(\mathcal {H} \) such that \(\textit{Flow}_\mathcal {H} (q')\) is similar to slope(\(p_j\)). Formally, let \(\mathsf {T}\) be the duration of piece \(p_j\). \(\textit{Flow}_\mathcal {H} (q')\) is similar to slope(\(p_j\)) if \(\Vert \mathtt{init}(p_j) + \mathsf {T} \cdot \textit{Flow}_\mathcal {H} (q')  \mathtt{end}(p_j) \Vert \leqslant 2 \varepsilon \). See Fig. 2(b) for an example. If the first strategy fails, the second strategy is to create a new mode \(q^*\) with flow \(\mathtt{newflow}(q^*)= \mathtt{slope}(p_j)\) for replacement in \(\pi '\). We denote the set of existing modes similar to some mode q in \(\pi \) by \(\mathtt{sim}(\pi ')\), and the set of new modes \(q^*\) by \(\mathtt{new}(\pi ')\). Once the path \(\pi '\) is constructed, the adaptation of the lha \(\mathcal {H} \) is performed with respect to \(\pi '\). Figure 4 exemplifies the adaptation of the lha in Fig. 1.
Definition 10

\(\textit{Q}\,' :=\textit{Q}\cup \mathtt{new}(\pi ')\),

\(\textit{E}\,' :=\textit{E}\cup \{ (q_{j},q_{j+1}) \mid 1 \leqslant j < m \} \),

\(\textit{Flow}\,'(q) :={\left\{ \begin{array}{ll} \mathtt{newflow}(q) &{} \text{ if } q \in \mathtt{new}(\pi '), \\ \textit{Flow}(q) &{} \text{ otherwise }, \end{array}\right. }\)

\(\textit{Inv}\,'(q) :={\left\{ \begin{array}{ll} \mathtt{chull} (\bigcup _{q = q_j, q \ne q_1} P^{\pi '}_{j1} \cup \bigcup _{q = q_j} P^{\pi '}_{j}) &{} \text {if } q \in \mathtt{new}(\pi '), \\ \mathtt{chull} (\textit{Inv}(q) \cup \bigcup _{q = q_j, q \ne q_1} P^{\pi '}_{j1} \cup \bigcup _{q = q_j} P^{\pi '}_{j}) &{} \text {if } q \in \mathtt{sim}(\pi '), \\ \textit{Inv}(q) &{} \text {otherwise}, \end{array}\right. }\)

\(\textit{Grd}\,'((q,q')) :={\left\{ \begin{array}{ll} \mathtt{chull} (\bigcup _{q = q_j, q' = q_{j+1}} P^{\pi '}_{j}) &{} \begin{array}[t]{@{}l@{}} \text {if } q \in \mathtt{new}(\pi ') \\ \text {or } q' \in \mathtt{new}(\pi '), \end{array} \\ \mathtt{chull} (\textit{Grd}((q,q')) \cup \bigcup _{q = q_j, q' = q_{j+1}} P^{\pi '}_{j}) &{} \begin{array}[t]{@{}l@{}} \text {if } q \in \mathtt{sim}(\pi ') \\ \text {or }\, q' \in \mathtt{sim}(\pi '), \end{array} \\ \textit{Grd}((q,q')) &{} \text {otherwise.} \end{array}\right. }\)
4.2 Discussion
The construction of the initial lha (line 1 in Algorithm 1) can be modified to clustering pieces with similar slopes. This can help reducing the number of modes in the initial automaton, but does not guarantee that the first pwl function \(f_0\) is \(\varepsilon \)captured. To fix this, \(f_0\) can be included in the loop of Algorithm 1.
Algorithm 1 follows a local repair strategy, based on a single pwl function. Thanks to this, the algorithm can be used in an online setting where new data arrives after the algorithm has started. However, the resulting model is influenced by the order in which the algorithm processes the functions \(f \in \mathcal {F} \). In the simple case that \(\mathcal {F}\) only contains affine functions with the same slope, all models resulting from different processing orders will consist of a single mode with the same flow, and the invariant bounds differ by at most \(\varepsilon \). Furthermore, for a precision value \(\varepsilon = 0\), the result is always orderindependent.
We now discuss the restrictions of the models we obtain from Algorithm 1. We did not include a set of initial states in our presentation, but the generalization is straightforward. Our transitions do not include assignments, which would make executions discontinuous. The usual assumption in many application domains, e.g., life sciences, is that the underlying system is continuous, so having assignments would not be desirable. In the setting where the input is given as timeseries data, discrete events would typically be approximated by steep slopes in the pwl function. In the setting where the input is given as discontinuous pwl functions f, in order to \(\varepsilon \)capture f, one would generally require that the automaton switches synchronously with f (cf. Sect. 3.1), instead of asynchronous switching as in our algorithm. Under this additional assumption, we can pose the procedures Membership and RelaxPath as a single linear program (similar to formula \(\phi _{f,\varepsilon }\)). This linear program can also be used to identify assignments.
The continuous dynamics of our models are defined by constant differential equations. As mentioned before, this class generally suffices to approximate an arbitrary continuous function (by increasing the number of modes). An extension of our approach to use polyhedral differential inclusions (also called linear envelopes) is by merging modes of “similar” dynamics. This may, however, lead to the dilemma that several modes are equally similar.
4.3 Theoretical Properties of the Membershipbased Synthesis
The following theorem asserts that Algorithm 1 solves Problem 3.
Theorem 2
(Soundness and precision). Given a finite set of pwl functions \(\mathcal {F}\) and a value \(\varepsilon \in \mathbb {R}_{\geqslant 0} \), let \(\mathcal {H}\) be an automaton resulting from Synthesis \((\mathcal {F}, \varepsilon )\). Then \(\mathcal {H}\) both \(\varepsilon \)captures all functions in \(\mathcal {F} \) and is \(\varepsilon \)precise with respect to \(\mathcal {F} \).
Algorithm 1 satisfies a completeness property in the following sense. For every model \(\mathcal {H}\) from a certain class we can find a set \(\mathcal {F} \) of pwl functions and a value \(\varepsilon \) such that Synthesis \((\mathcal {F}, \varepsilon )\) results in \(\mathcal {H}\). Before we can characterize the class of models, we first need to introduce some terminology.
Definition 11
Let \(q \in \textit{Q}\) be a mode with invariant \(X = \textit{Inv}(q)\) and flow \(\textit{Flow}(q)\). We call a continuous state \({ \mathbf x }_2 \in X\) forward reachable in q if there is a continuous state \({ \mathbf x }_1 \in X\) such that \({ \mathbf x }_2\) is reachable from \({ \mathbf x }_1\) by just letting time pass, i.e., \(\exists t > 0: { \mathbf x }_2 = { \mathbf x }_1 + \textit{Flow}(q) \cdot t\). Analogously, we call state \({ \mathbf x }_2 \in X\) backward reachable in q if there is a state \({ \mathbf x }_1 \in X\) such that \({ \mathbf x }_2\) is reachable from \({ \mathbf x }_1\). A continuous state is dead in q if it is neither forward reachable nor backward reachable in q.
We characterize the class of automata \(\mathcal {H} = (\textit{Q}, \textit{E}, \textit{X}, \textit{Flow}, \textit{Inv}, \textit{Grd})\) for which the algorithm is complete by considering the following assumptions: (1) no invariant contains a dead continuous state. Furthermore, if \(e = (q_1, q_2)\) is a transition, then all continuous states in the guard \(\textit{Grd}(e)\) are forward reachable in \(q_1\) and backward reachable in \(q_2\), and (2) no two modes have the same slope \(\square \)
Roughly speaking, Assumption (1) asserts that, after every switch, an execution can stay in the new mode for a positive amount of time.
Theorem 3
(Completeness). Given an lha \(\mathcal {H}\) satisfying Assumptions (1) and (2), there exist pwl functions \(\mathcal {F} \) such that Synthesis \((\mathcal {F}, 0)\) results in \(\mathcal {H}\).
5 Experimental Results
Synthesis results for two automaton models. The original model is shown in blue. The synthesis result after 10 iterations is shown in bright red, and after another 90 iterations in dark red. On the bottom left we show three sample executions starting from the same point (top: original model, bottom: synthesized model after 100 iterations). We used \(\varepsilon = 0.2\) in all cases. Numbers are rounded to two places.
Case Study: Online Synthesis. We evaluate the precision of our algorithm by collecting data from the executions of existing linear hybrid automata. For each given automaton, we randomly sample ten executions and pass them to our algorithm, which then constructs a new model. After that, we run our algorithm with another 90 executions, but we reuse the intermediate model, thus demonstrating the online feature of the algorithm. We show the different models for two handcrafted examples in Table 1. We tried both sampling from random states and from a fixed state. The examples show the latter case, which makes sampling the complete statespace and thus learning a precise model harder.
Case Study: Cell Model. For our case study we synthesize a hybrid automaton from voltage traces of excitable cells. Excitable cells are an important class of cells comprising neurons, cardiac cells, and other muscle cells. The main property of excitable cells is that they exhibit electrical activity which in the case of neurons enables signal transmission and in the case of muscle cells allows them to contract. The excitation signal usually follows distinct dynamics called action potential. Grosu et al. construct a cycliclinear hybrid automaton from actionpotential traces of cardiac cells [8]. In their model they identify six modes, two of which exhibit the same dynamics and are just used to model an input signal.
Our algorithm successfully synthesizes a model, depicted in Fig. 5, consisting of five modes that roughly match the normal phases of an action potential. We evaluate the quality of the synthesized model by simulating random executions and visually comparing to the original data (see the bottom of Fig. 5).
6 Conclusion
In this paper we have presented two fully automatic approaches to synthesize a linear hybrid automaton from data. As key features, the synthesized automaton captures the data up to a userdefined bound and is tight. Moreover, the online feature of the membershipbased approach allows to combine the approach with alternative synthesis techniques, e.g., for constructing initial models.
A future line of work is to design a methodology for identification of weak generalizations in the model, and use them for driving the experiments and, in consequence, adjusting the model. We would first synthesize a model as before, but then identify the aspects of the model that are least substantiated by the data (e.g., areas in the state space or specific sequences in the executions). Then we would query the system for data about those aspects, and repair the model accordingly. As another line of work, we plan to extend the approach to go from dynamics defined by piecewiseconstant differential equations toward linear envelopes. Our approach can be seen as a generalization, to lha, of Angluin’s algorithm for constructing a finitestate machine from finite traces [3], and we plan to pursue this connection further.
References
 1.Alur, R., Courcoubetis, C., Henzinger, T.A., Ho, P.H.: Hybrid automata: an algorithmic approach to the specification and verification of hybrid systems. In: Grossman, R.L., Nerode, A., Ravn, A.P., Rischel, H. (eds.) HS 19911992. LNCS, vol. 736, pp. 209–229. Springer, Heidelberg (1993). https://doi.org/10.1007/3540573186_30CrossRefGoogle Scholar
 2.Alur, R., Kurshan, R.P., Viswanathan, M.: Membership questions for timed and hybrid automata. In: RTSS, pp. 254–263. IEEE Computer Society (1998). https://doi.org/10.1109/REAL.1998.739751
 3.Angluin, D.: Learning regular sets from queries and counterexamples. Inf. Comput. 75(2), 87–106 (1987). https://doi.org/10.1016/08905401(87)900526MathSciNetCrossRefzbMATHGoogle Scholar
 4.Bagnara, R., Hill, P.M., Zaffanella, E.: The Parma Polyhedra Library: toward a complete set of numerical abstractions for the analysis and verification of hardware and software systems. Sci. Comput. Program. 72(1–2), 3–21 (2008). https://doi.org/10.1016/j.scico.2007.08.001MathSciNetCrossRefGoogle Scholar
 5.Bemporad, A., Garulli, A., Paoletti, S., Vicino, A.: A boundederror approach to piecewise affine system identification. IEEE Trans. Autom. Control 50(10), 1567–1580 (2005). https://doi.org/10.1109/TAC.2005.856667MathSciNetCrossRefzbMATHGoogle Scholar
 6.Douglas, D.H., Peucker, T.K.: Algorithms for the reduction of the number of points required to represent a digitized line or its caricature. Cartographica 10(2), 112–122 (1973)CrossRefGoogle Scholar
 7.Garulli, A., Paoletti, S., Vicino, A.: A survey on switched and piecewise affine system identification. IFAC Proc. Vol. 45(16), 344–355 (2012). https://doi.org/10.3182/201207113BE2027.00332CrossRefGoogle Scholar
 8.Grosu, R., Mitra, S., Ye, P., Entcheva, E., Ramakrishnan, I.V., Smolka, S.A.: Learning cyclelinear hybrid automata for excitable cells. In: Bemporad, A., Bicchi, A., Buttazzo, G. (eds.) HSCC 2007. LNCS, vol. 4416, pp. 245–258. Springer, Heidelberg (2007). https://doi.org/10.1007/9783540714934_21CrossRefzbMATHGoogle Scholar
 9.Hakimi, S.L., Schmeichel, E.F.: Fitting polygonal functions to a set of points in the plane. CVGIP Graph. Model. Image Process. 53(2), 132–136 (1991). https://doi.org/10.1016/10499652(91)90056PCrossRefzbMATHGoogle Scholar
 10.Hashambhoy, Y., Vidal, R.: Recursive identification of switched ARX models with unknown number of models and unknown orders. In: CDC, pp. 6115–6121 (2005). https://doi.org/10.1109/CDC.2005.1583140
 11.Henzinger, T.A.: The theory of hybrid automata. In: Inan, M.K., Kurshan, R.P. (eds.) Verification of Digital and Hybrid Systems. NATO ASI Series (Series F: Computer and Systems Sciences), vol. 170, pp. 265–292. Springer, Berlin, Heidelberg (2000). https://doi.org/10.1007/9783642596155_13
 12.Lamrani, I., Banerjee, A., Gupta, S.K.S.: HyMn: mining linear hybrid automata from input output traces of cyberphysical systems. In: ICPS, pp. 264–269. IEEE (2018). https://doi.org/10.1109/ICPHYS.2018.8387670
 13.Liberzon, D.: Switching in Systems and Control. Birkhäuser, Boston (2003). https://doi.org/10.1007/9781461200178CrossRefzbMATHGoogle Scholar
 14.Ly, D.L., Lipson, H.: Learning symbolic representations of hybrid dynamical systems. JMLR 13, 3585–3618 (2012). http://dl.acm.org/citation.cfm?id=2503356MathSciNetzbMATHGoogle Scholar
 15.Medhat, R., Ramesh, S., Bonakdarpour, B., Fischmeister, S.: A framework for mining hybrid automata from input/output traces. In: EMSOFT, pp. 177–186. IEEE (2015). https://doi.org/10.1109/EMSOFT.2015.7318273
 16.Niggemann, O., Stein, B., Vodencarevic, A., Maier, A., Kleine Büning, H.: Learning behavior models for hybrid timed systems. In: AAAI. AAAI Press (2012). http://www.aaai.org/ocs/index.php/AAAI/AAAI12/paper/view/4993
 17.Ozay, N.: An exact and efficient algorithm for segmentation of ARX models. In: ACC, pp. 38–41. IEEE (2016). https://doi.org/10.1109/ACC.2016.7524888
 18.Paoletti, S., Juloski, A.L., FerrariTrecate, G., Vidal, R.: Identification of hybrid systems: a tutorial. Eur. J. Control 13(2–3), 242–260 (2007). https://doi.org/10.3166/ejc.13.242260CrossRefzbMATHGoogle Scholar
 19.Skeppstedt, A., Lennart, L., Millnert, M.: Construction of composite models from observed data. Int. J. Control 55(1), 141–152 (1992). https://doi.org/10.1080/00207179208934230MathSciNetCrossRefzbMATHGoogle Scholar
 20.Summerville, A., Osborn, J.C., Mateas, M.: CHARDA: causal hybrid automata recovery via dynamic analysis. In: IJCAI, pp. 2800–2806. ijcai.org (2017). https://doi.org/10.24963/ijcai.2017/390
 21.Verwer, S.: Efficient identification of timed automata: theory and practice. Ph.D. thesis, Delft University of Technology, Netherlands (2010). http://resolver.tudelft.nl/uuid:61d9f1997b0145bea6ed04498113a212
 22.Vidal, R., Anderson, B.D.O.: Recursive identification of switched ARX hybrid models: exponential convergence and persistence of excitation. In: CDC, vol. 1, pp. 32–37 (2004). https://doi.org/10.1109/CDC.2004.1428602
Copyright information
Open Access This chapter is licensed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if changes were made.
The images or other third party material in this chapter are included in the chapter's Creative Commons license, unless indicated otherwise in a credit line to the material. If material is not included in the chapter's Creative Commons license and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder.