CO-EVOLUTION PRESERVING MODEL REDUCTION FOR
UNCERTAIN CYBER-PHYSICAL SYSTEMS
Towards a Framework for Nanoscience
Manuela L. Bujorianu and Marius C. Bujorianu
School of Mathematics, University of Manchester, U.K.
Keywords:
Cyber-physical systems, Adaptive bisimulation, Co-evolution, Stochastic model checking, Qualitative model
reduction, Nanoscience.
Abstract:
The problem of abstracting computational relevant properties from sophisticated mathematical models of
physical environments has become crucial for cyber-physical systems. We approach this problem using
Hilbertean formal methods, a semantic framework that offers intermediate levels of abstractions between the
physical world described in terms of differential equations and the formal methods associated with theories
of computation. Although, Hilbertean formal methods consider both deterministic and stochastic physical
environments, in this paper, we focus on the stochastic case. The abstraction method can be used for verifi-
cation, but also to improve the controller design and to investigate complex interactions between computation
and physics. We define also a computational equivalence relation called adaptive model reduction, because
it considers the co-evolution between a computation device environment and its physical environment during
abstraction.
1 INTRODUCTION
The interaction between physics and computation can
be very subtle. The research experience from ar-
eas like nanoscience (Hornyak e.a. 2008) and quan-
tum computing (Accardi e.a. 2006), or from smart
dust, shows that common principles can be distilled
from these different worlds. At a larger scale, the
general system theory provides a systematic reper-
toire of common properties of the physical and digital
dynamical systems. This experiences give hope for
a sound semantic framework for cyber-physical sys-
tems (CPS). The manifestos on CPS - see, for exam-
ple(Tabuada 2006) - emphasize the need for a funda-
mentally new theoretical foundation. This foundation
should be interdisciplinary and at the right level of ab-
straction: it should offer analytical tools to investigate
physical models, and, at the same time, to be abstract
enough to give semantics for models of computation.
In this paper, we consider Hilbertian For-
mal Methods (HFM) (Bujorianu, Bujorianu 2007a,
2007b) as a semantic framework for CPS model-
ing. HFM represent a logical framework that uses
functional and stochastic analysis to construct logics
for reasoning about qualitative properties of physi-
cal phenomena. These logics can be easily integrated
with specification logics for automata. In this work,
we focus more on the method part of HFM, and less
on the formal aspects. In the HFM framework, we
use hybrid systems to design an abstraction method
that simplifies the physical models whilst the com-
putational properties are simulated. Intuitively, the
computational discrete steps are preserved, while the
mathematical models of the continuous phenomena in
the environment are drastically simplified.
The qualitative model reductions method we pro-
pose is a fundamental step towards stochastic model
checking (SMC) (Bujorianu, Bujorianu 2006) for un-
certain CPS. Stochastic model checking coincides
with probabilistic model checking (Bujorianu, Katoen
2008) for Markov chains. In the case of continuous
or hybrid stochastic dynamical systems, the SMC is
a specialization of the stochastic reachability analy-
sis (Bujorianu 2004) by means of computer science
inspired abstraction (Bujorianu, Lygeros, Bujorianu
2005a) or bisimulation methods (Bujorianu, Lygeros,
Bujorianu 2005b) , (Bujorianu, Bujorianu 2008b).
In the context of uncertain cyber-physical sys-
tems, we introduce a new concept of behavior equiv-
alence called adaptive bisimulation. In the theory
of concurrent discrete processes, bisimulation is a
method for reducing the state space, while the tran-
39
Bujorianu M. and Bujorianu M. (2009).
CO-EVOLUTION PRESERVING ABSTRACT MODEL REDUCTION FOR UNCERTAIN CYBER-PHYSICAL SYSTEMS - Towards a Framework for
Nanoscience.
In Proceedings of the 6th International Conference on Informatics in Control, Automation and Robotics - Signal Processing, Systems Modeling and
Control, pages 39-46
DOI: 10.5220/0002217800390046
Copyright
c
SciTePress
sitions are preserved. Using category theory the con-
cept of bisimulation was defined for continuous and
hybrid dynamical systems (Haghverdi, Tabuada, Pap-
pas 2005). Based on the same categorical machin-
ery, in (Bujorianu, Lygeros, Bujorianu 2005b), bisim-
ulation has been defined for stochastic hybrid sys-
tems. However, in the context of uncertain CPS,
the classical concept of bisimulation seems to be too
strong (i.e., systems that are considered equivalent
by a designer or by an observer, fail to be bisimi-
lar). More appropriate concepts of behavioral equiv-
alence, like approximate bisimulation and behavioral
bisimulation have been proposed in (Bujorianu, Bu-
jorianu, Blom 2008) and (Bujorianu, Lygeros, Bujo-
rianu 2005a). Under approximate bisimulation, the
trajectories of two randomized hybrid systems differ
with a small distance, the measurement being done
according with a suitable metric. For the behavioral
bisimulation, two equivalent systems have the same
probabilities of reaching some specific state sets. Al-
though these bisimulation concepts are better in de-
scribing properties of systems that operate in physical
environments, they do not imply the preservation of
the interaction between computation and physics. The
key point in defining such a bisimulation consists in
modeling this interaction. In this paper, we model this
interaction using an abstract measure called energy,
which is a basic concept of HFM. The energy char-
acterizes globally the cyber physical process, but also
it can discriminate continuous (physical) evolutions,
discrete (computational) transitions and control (the
process killing, in order to start another one). This
last aspect makes the difference between a CPS and
a classical automaton: a computation device has the
capability to influence its physical environment (and
achieving co-evolution in this way). Naturally, the
CPS bisimulation should be related to energy preser-
vation. An intuitive illustration of adaptive bisimu-
lation is given by the following scenario. During its
evolution, a CPS may produce a change of its envi-
ronment. Suppose that for the new dynamical system
modeling the environment is classically bisimilar with
the former one. Then, for an adaptive bisimilar CPS
the computational component will exhibit a equiva-
lent behavior.
The paper road map can be described as follows.
The following section contains the mathematical set-
ting. In Section 3 we formulate the stochastic model
checking problem and we prove two results that make
the problem solvable. In Section 4 we investigate the
qualitative model reductions and bisimulations. The
final section contains some short conclusions.
2 THE MATHEMATICAL
FRAMEWORK
2.1 Uncertain Cyber-physical Systems
The theory of hybrid systems is a well-established
modeling paradigm for embedded systems. Similarly,
the theory of concurrent embedded hybrid systems
(Bujorianu, Lygeros, Bujorianu 2005a) constitutes a
suitable modeling framework for CPS. In the follow-
ing an uncertain cyber-physical system is modeled as
a randomized embedded hybrid system.
There are two major ways to randomize a contin-
uous or hybrid dynamical system: In one approach,
the concept of noise is used to model small random
perturbations. The randomized system has trajecto-
ries that closely resemble those of the deterministic
initial system. The noise based randomization is car-
ried out using stochastic differential equations. When
the influence of the random perturbation changes dra-
matically the system evolution, the randomization is
carried out using stochastic kernels that replace the
concept of reset maps from deterministic hybrid sys-
tem models.
A Ucps U = (Q,X ,F,R,λ) consists of
• a finite set of discrete variables Q;
• a map X : Q → R
d(.)
that sends each q ∈ Q into a
mode (an open subset) X
q
of R
d(q)
, where d(q) is the
Euclidean dimension of the corresponding mode;
• a map F : Q → 2
F
SDE
which specifies the continu-
ous evolution of the automaton in terms of stochastic
differential equations (SDE) over the continuous state
x
q
for each mode;
• a family of stochastic kernels R = (R
q
)
q∈Q
,
R
q
:
X
q
× (∪B (X
j
)| j ∈ Q\{q}) → [0, 1];
• a transition rate function
λ : (∪X
j
| j ∈ Q) → R
+
, (1)
which gives the distributions of the jump times.
The executions of a Ucps can be described as fol-
lows: start with an initial point x
0
∈ X
q
, follow a
solution of the SDE associated to X
q
, jump when
this trajectory hits the boundary or according with
the transition rate λ (the jump time is the minimum
of the boundary hitting time and the time, which is
exponentially distributed with the transition rate λ).
Under standard assumptions, for each initial condi-
tion x ∈ j ∈ Q∪X
j
, the possible trajectories starting
from x, form a stochastic process. Moreover, for all
initial conditions x, the executions of a Ucps form
the semantics, which can be thought of as a Markov
process in a general setting. Let us consider M =
(Ω,F , F
t
,x
t
,P
x
) be the semantics of U. Under mild
ICINCO 2009 - 6th International Conference on Informatics in Control, Automation and Robotics
40
assumptions on the parameters ofU, M can be viewed
as a family of Markov processes with the state space
(X,B ), where X is the union of modes and B is its
Borel σ-algebra. Let B
b
(X) be the lattice of bounded
positive measurable functions on X. The meaning of
the elements of M can be found in any source treat-
ing continuous-parameter Markov processes (see, for
example, (Davis 1993)). Suppose we have given a σ-
finite measure µ on (X,B ).
In the following we give some operator character-
izations of stochastic processes, which are employed
in this paper to define a qualitative model reduction
for Ucps.
2.2 Hilbertean Formal Methods
The HFM abstract away the analytical properties of
deterministic and stochastic differential operators us-
ing the so called kernel operator (defined in the fol-
lowing). Using methods of functional analysis HFM
elegantly generalize both deterministic and stochas-
tic systems. In this work we focus on the stochastic
case. Let us describe briefly the mathematical appara-
tus that is usually employed to study continuous time
continuous space Markov processes.
The transition probability function is p
t
(x,A) =
P
x
(x
t
∈ A), A ∈ B . This is the probability that, if
x
0
= x, x
t
will lie in the set A.
The operator semigroup P is defined by
P
t
f(x) =
Z
f(y)p
t
(x,dy) = E
x
f(x
t
),∀x ∈ X,
where E
x
is the expectation w.r.t. P
x
.
The operator resolvent V = (V
α
)
α≥0
associated with
P is
V
α
f(x) =
Z
∞
0
e
−αt
P
t
f(x)dt,
x ∈ X. Let denote by V the initial operator V
0
of V ,
which is known as the kernel operator of the Markov
process M. The operator resolvent (V
α
)
α≥0
is the
Laplace transform of the semigroup.
The strong generator L is the derivative of P
t
at t = 0.
Let D(L ) ⊂ B
b
(X) be the set of functions f for which
the following limit exists (denoted by L f):
lim
tց0
1
t
(P
t
f − f).
In the HFM, there is developed a semantic frame-
work for concurrent embedded systems constructed
using energy forms. We specialize this theory for
function spaces, reaching in this way the theory of
Dirichlet forms (Ma, Rockner 1990).
A quadratic form E can be associated to the gen-
erator of a Markov process in a natural way.
Let L
2
(X,µ) be the space of square integrable
µ-measurable extended real valued functions on
X, w.r.t. the natural inner product < f, g >
µ
=
R
f(x)g(x)dµ(x).
The quadratic form E :
E ( f, g) = − < L f,g >
µ
, f ∈ D(L ),g ∈ L
2
(X,µ) (2)
defines a closed form. This leads to another way of
parameterizing Markov processes. Instead of writing
down a generator one starts with a quadratic form. As
in the case of a generator it is typically not easy to
fully characterize the domain of the quadratic form.
For this reason one starts by defining a quadratic form
on a smaller space and showing that it can be extended
to a closed form in subset of L
2
(µ). When the Markov
process can be initialized to be stationary, the measure
µ is typically this stationary distribution (see (Davis
1993) p.111). More generally, µ does not have to be a
finite measure.
A coercive closed form is a quadratic form
(E ,D(E )) with D(E ) dense in L
2
(X,µ), which sat-
isfies the: (i) closeness axiom, i.e. its symmetric part
is positive definite and closed in L
2
(X,µ), (ii) con-
tinuity axiom. E is called bilinear functional en-
ergy (BLFE) if, in addition, it satisfies the third ax-
iom: (iii) contraction condition, i.e. ∀u ∈ D(E ),
u
∗
= u
+
∧ 1 ∈ D(E ) and E (u ± u
∗
,u∓ u
∗
) ≥ 0.
For a the general theory of closed forms associated
with Markov processes see (Ma, Rockner 1990).
Let (L ,D(L )) be the generator of a coercive form
(E ,D(E )) on L
2
(X,µ), i.e. the unique closed linear
operator on L
2
(X,µ) such that 1− L is onto, D(L ) ⊂
D(E ) and E (u,v) =< −L u,v > for all u ∈ D(L )
and v ∈ D(E ). Let (T
t
)
t>0
be the strongly continu-
ous contraction semigroup on L
2
(X,µ) generated by
L and (G
α
)
α>0
the corresponding strongly continu-
ous contraction semigroup (which exist according to
the Hille-Yosida theorem).
A right process M with the state space X is as-
sociated with a BLFE (E ,D(E )) on L
2
(X,µ) if the
semigroup (P
t
) of the process M is a µ-version
1
of
the form semigroup (T
t
). It has been proved (Al-
beverio, Ma, Rockner 1993) and (Ma, Rockner 1990)
that only those BLFEs, which satisfy some regularity
conditions can be associated with some right Markov
processes and viceversa (Th.1.9 of (Albeverio, Ma,
Rockner 1993)).
Prop. 4.2 from (Albeverio, Ma, Rockner 1993)
states that two right Markov processes M and M
′
with
state space X associated with a common quasi-regular
BLFE (E , D(E )) are stochastically equivalent (Ma,
Rockner 1990). That means a quasi-regular BLFE
1
I.e., for all f ∈ L
2
(X, µ) the function P
t
f is a µ-version
(differs on a set of µ-measure zero) of T
t
f for all t > 0.
CO-EVOLUTION PRESERVING ABSTRACT MODEL REDUCTION FOR UNCERTAIN CYBER-PHYSICAL
SYSTEMS - Towards a Framework for Nanoscience
41
characterizes a class of stochastically equivalent right
Markov processes.
Let M = (Ω,F , F
t
,x
t
,P
x
) be a right Markov process
with the state space X. Now assume that X is a Lusin
space (i.e. it is homeomorphic to a Borel subset of
a compact metric space) and B (X) or B is its Borel
σ-algebra. Assume also that µ is a σ-finite measure
on (X, B ) and µ is a stationary measure of the process
M. Let X
#
another Lusin space (with B
#
its Borel
σ-algebra) and F : X → X
#
be a measurable function.
Let σ(F) be the sub-σ-algebra of B generated by F. If
µ is a probability measure then the projection operator
between L
2
(X,B ,µ) and L
2
(X,σ(F),µ) is the condi-
tional expectation E
µ
[·|F]. Recall that E
µ
is the expec-
tation defined w.r.t. P
µ
and that P
µ
(A) =
R
P
x
(A)dµ,
A ∈ F . We denote by µ
#
the image of µ under F,
i.e. µ
#
(A
#
) = µ(F
−1
(A
#
)), for all A
#
∈ B
#
. In gen-
eral, anything associated with X
#
will carry the #-
superscript symbol in this section.
Let E be the BLFE on L
2
(X,µ) associated to M.
F induces a form E
#
on L
2
(X
#
,µ
#
) by
E
#
(u
#
,v
#
) = E (u
#
◦ F, v
#
◦ F); (3)
for u
#
,v
#
∈ D[E
#
], where
D[E
#
] = {u
#
∈ L
2
(X
#
,µ
#
)|u
#
◦ F ∈ D[E ]}. (4)
It can be shown (see Prop.1.4 in (Iscoe, McDonald
1990)), under a mild condition on the conditional ex-
pectation operator E
µ
[·|F] that E
#
is a BLFE. If, in
addition, E
#
is quasi-regular then we can associate it
a right Markov process M
#
= (Ω,F , F
t
,x
#
t
,P
#
x
) with
the state space X
#
. The process M
#
is called the in-
duced Markov process w.r.t. to the proper map F. If
the image of M under F is a right Markov process
then x
#
t
= F(x
t
). The process M
#
might have some
different interpretations like a refinement of discrete
transitions structure, or an approximation of continu-
ous dynamics or an abstraction of the entire process.
It is difficult to find a practical condition to impose
on F, which would guarantee that E
#
, as defined by
(3) and (4), is also quasi-regular. To circumvent this
problem, it is possible to restrict the original domain
D[E
#
] and impose some regularity conditions on F
(for more details, see (Iscoe, McDonald 1990)).
Assumption 1. Suppose that E
#
is a quasi-regular
BLFE.
3 THE STOCHASTIC MODEL
CHECKING PROBLEM
Let us consider M = (Ω,F ,F
t
,x
t
,P
x
) a strong
Markov process, which is the semantics of a UCPS.
For this strong Markov process we address a verifica-
tion problem consisting of the stochastic reachability
problem defined as follows. Given a set A ∈ B (X)
and a time horizon T > 0, let us to define (Bujorianu
2004):
Reach
T
(A) = { ω ∈ Ω | ∃t ∈ [0, T] : x
t
(ω) ∈ A}
Reach
∞
(A) = { ω ∈ Ω | ∃t ≥ 0 : x
t
(ω) ∈ A}. (5)
These two sets are the sets of trajectories of M, which
reach the set A (the flow that enters A) in the interval
of time [0,T] or [0,∞).
The reachability problem consists of determining the
probabilities of such sets. The reachability problem
is well-defined, i.e. Reach
T
(A), Reach
∞
(A) are in-
deed measurable sets. Then the probabilities of reach
events are
P(T
A
< T) or P(T
A
< ∞) (6)
where T
A
= inf{t > 0|x
t
∈ A} and P is a probability on
the measurable space (Ω,F ) of the elementary events
associated to M. P can be chosen to be P
x
(if we want
to consider the trajectories, which start in x) or P
µ
(if
we want to consider the trajectories, which start in x
0
given by the distribution µ).
Usually a target set A in the state space is a level
set for a given function F : X → R, i.e. A = {x ∈
X|F(x) > l} (F can be chosen as the Euclidean norm
or as the distance to the boundary of E). The proba-
bility of the set of trajectories, which hit A until time
horizon T > 0 can be expressed as
P(supF(x
t
)|t ∈ [0, T]) > l. (7)
Our goal is to define a new stochastic process M
#
such
that the probabilities (6) are preserved.
Ideally, since (6) can be written as (7), F(x
t
)
would represent the best candidate for defining a pos-
sible qualitative model reduction for M, which pre-
serves the reach set probabilities. The main difficulty
is that F(x
t
) is a Markov process only for special
choices of F (Rogers, Pitman 1981). The problem
is how to choose F well.
Note, if A
#
is open in X
#
and A = F
−1
(A
#
), then
we consider the two first hitting times T
A
(w.r.t. M)
and T
#
A
#
(w.r.t. M
#
) of A and A
#
, respectively. Recall
that T
A
= inf{t > 0|x
t
∈ A}.
The following results show that the stochastic
model checking problem is solvable for uncertain cps.
Proposition 1. Under the assumption.1, if µ is a
probability measure and ξ = +∞ (M has no killing),
then
E
µ
exp(−T
A
) ≤ E
µ
#
exp(−T
#
A
#
) (8)
where E
µ
(resp. E
µ
#
) is the expectation defined w.r.t.
P
µ
(resp. P
µ
#
).
ICINCO 2009 - 6th International Conference on Informatics in Control, Automation and Robotics
42
If M is the semantics of a UCPS U, given a tar-
get state set A ∈ B (X), then the goal in the stochas-
tic reachability analysis is to compute the probability
P
µ
(T
A
≤ T) for a finite horizon time T > 0. We now
translate the relation (8) in terms of probability of the
reachable sets.
Proposition 2. Under the assumption.1, if µ is a
probability measure, then
P
µ
(T
A
≤ T) ≤ eK min{TE
#
(u
#
,u
#
) + (9)
< u
#
,u
#
>
µ
#
|u
#
∈ D(E
#
), u
#
≥ 1, (10)
µ
#
− a.e. on A
#
} (11)
where K > 0 is the sector constant of E .
4 ADAPTING VERIFICATION TO
CO-EVOLUTION
The idea is to apply a “state space reduction” tech-
nique based on the general ‘induced BLFEs’ method
to achieve qualitative model reductions for Ucps.
With this technique, the semantics of Ucps are ‘ap-
proximated’ by a one-dimensional stochastic process
with a much smaller state space.
4.1 Qualitative Model Reduction
The stochastic reachability definition gives the idea to
introduce the following concept of qualitative model
reduction for Ucps.
Definition 1. Given a right Markov process M de-
fined on the Lusin state space (X,B ), and F :
X → R a measurable weight function, suppose that
assumption.1 is fulfilled. The process M
#
associated
to the induced BLFE E
#
under function F is called a
qualitative model reduction of M.
Let U be a UCPS and M its semantics. Suppose
that M is a right Markov process defined on the Lusin
state space (X,B ).
Definition 2. Any UCPS U
#
whose semantics is a
qualitative model reduction of M is called a qualita-
tive model reduction of U.
Let U be a Ucps and M its semantics (that is a
right Markov process, with the state space X).
Proposition 3. If M is a diffusion then any qualitative
model reduction M
#
of M is a diffusion.
Proposition 4. If M is a jump process then any qual-
itative model reduction M
#
of M is again a jump pro-
cess.
Proof. This statement can be obtained as a conse-
quence of the abstract version of the Kolmogorov
backward equations (Davis 1993)
∂
∂t
P
t
f(x) = LP
t
f(x), P
0
f = f, f ∈ D(L ) (12)
and the equality (14). If the equations (12) are as-
sociated to an initial diffusion process (resp. jump
process) then the relation (14) allow to obtain the fact
that the transition probabilities of the induced process
satisfy a similar equation, such that the induced pro-
cess is still a diffusion process (resp. jump process).
The same conclusion can be obtain using the stochas-
tic calculus of BLFEs (Iscoe, McDonald 1990).
Since the semantics of a Ucps is, in most cases, a
stochastic process, which can be viewed an interleav-
ing between some diffusionprocesses and a jump pro-
cess (see (Bujorianu, Lygeros 2004) for a very gen-
eral model for Ucps and its semantics as a Markov
string), we can write the following result as a corol-
lary of Prop.3.
Proposition 5. Any qualitative model reduction of a
Ucps is again a Ucps.
Let (L ,D(L )) and (L
#
,D(L
#
)) be the generators
of E and E
#
, respectively. For the following results
we suppose that the Ass.1 is fulfilled.
Proposition 6. The generators L and L
#
are related
as follows
L (u
#
◦ F) = L
#
u
#
◦ F, ∀u
#
∈ D(L
#
) (13)
Theorem 7. For all A
#
∈ B
#
(X
#
) and for all t > 0 we
have
p
#
t
(Fx, A
#
) = p
t
(x,F
−1
(A
#
)) (14)
where (p
#
t
) and (p
t
) are the transition functions of M
#
and M, respectively.
Proof. Let F
#
be defined as F
#
: B
b
(X
#
) → B
b
(X);
F
#
u
#
= u
#
◦ F. Then (13) becomes (L ◦ F
#
)u
#
=
(F
#
◦ L
#
)u
#
,∀u
#
∈ D(L
#
) (∗∗). For a strong Markov
process, the opus of the kernel operator is the inverse
operator of the infinitesimal generator of the process.
Now, from (∗∗) we get a similar relation between the
kernel operatorsV and V
#
of the processes M and M
#
,
i.e. F
#
◦V
#
= V ◦ F
#
on B
b
(X
#
), or
V
#
u
#
◦ F = V(u
#
◦ F),∀u
#
∈ B
b
(X
#
) (15)
since if u
#
∈ B
b
(X
#
) thenV
#
u
#
∈ D(L
#
). For u
#
= 1
A
#
(the indicator function of A
#
), by the kernel operator
integral definition, we obtain (14).
Relation (15) implies the following corollary:
Corollary8. The semigroups (P
#
t
) and (P
t
) of M
#
and
M are related by
P
#
t
u
#
◦ F = P
t
(u
#
◦ F),∀u
#
∈ B
b
(X
#
). (16)
CO-EVOLUTION PRESERVING ABSTRACT MODEL REDUCTION FOR UNCERTAIN CYBER-PHYSICAL
SYSTEMS - Towards a Framework for Nanoscience
43
4.2 Adaptive Bisimulation
In this subsection we define a new concept of adap-
tive bisimulation for cps. This concept is defined as
measurable relation, which induces equivalentBLFEs
on the quotient spaces. In defining adaptive bisimula-
tion, we do not impose the equivalence of the quotient
processes, which might not have Markovian proper-
ties (Rogers, Pitman 1981), but we impose the equiv-
alence of the qualitative model reductions (that can
differ from the quotient processes) associated with the
induced BLFEs, with respect to the projection maps.
Let (X,B (X)) and (Y,B (Y)) be Lusin spaces and
let R ⊂ X × Y be a relation such that Π
1
(R ) = X
and Π
2
(R ) = Y. We define the equivalence relation
on X that is induced by the relation R ⊂ X × Y, as
the transitive closure of {(x, x
′
)|∃y s.t. (x,y) ∈ R and
(x
′
,y) ∈ R }. Analogously, the induced (by R ) equiv-
alence relation on Y can be defined. We write X/
R
and Y/
R
for the sets of equivalence classes of X and
Y induced by R . We denote the equivalence class of
x ∈ X by [x]. Let
B
#
(X) = B (X) ∩ {A ⊂ X| if x ∈ A and [x] = [x
′
] then
x
′
∈ A}
be the collection of all Borel sets, in which any equiv-
alence class of X is either totally contained or totally
not contained. It can be checked that B
#
(X) is a σ-
algebra. Let π
X
: X → X/
R
be the mapping that maps
each x ∈ X to its equivalence class and let
B (X/
R
) = {A ⊂ X/
R
|π
−1
X
(A) ∈ B
#
(X)}.
Then (X/
R
,B (X/
R
)), which is a measurable space,
is called the quotient space of X w.r.t. R . The quo-
tient space of Y w.r.t. R is defined in a similar way.
We define a bijective mapping ψ : X/
R
→ Y/
R
as
ψ([x]) = [y] if (x, y) ∈ R for some x ∈ [x] and some
y ∈ [y].
We say that the relation R is measurable if X and Y
if for all A ∈ B (X/
R
) we have ψ(A) ∈ B (Y/
R
) and
vice versa, i.e. ψ is a homeomorphism. Then the real
measurable functions defined on X/
R
can be identi-
fied with those defined on Y/
R
through the homeo-
morphism ψ. We can write B
b
(X/
R
)
ψ
∼
=
B
b
(Y/
R
).
Moreover, these functions can be thought of as real
functions defined on X or Y measurable w.r.t. B
#
(X)
or B
#
(Y).
Assumption 2. Suppose that X/
R
and Y/
R
with the
topologies induced by projection mappings are Lusin
spaces.
Suppose we have given two right Markov processes
M and W with the state spaces X and Y. Assume
that µ (resp. ν) is a stationary measure of the pro-
cess M (resp. W). Let µ/
R
(resp. ν/
R
) the image of
µ (resp. ν) under π
X
(resp. π
Y
). Let E (resp. F ) the
quasi-regular BLFE corresponding to M (resp. W).
The equivalence between the induced processes can
be used to define a new bisimulation between Markov
processes, as follows.
Definition 3. Under assumptions 1 and 2, a measur-
able relation R ⊂ X × Y is a bisimulation between
M and W if the mappings π
X
and π
Y
define the same
induced BLFE on L
2
(X/
R
,µ/
R
) and L
2
(Y/
R
,ν/
R
),
respectively.
This definition states that M and W are bisimilar if
E /
R
= F /
R
. Here, E /
R
(resp. F /
R
) is the induced
BLFE of E (resp. F ) under the mapping π
X
(resp.
π
Y
). Clearly, this can be possible iff µ/
R
= ν/
R
.
Assumption 3. Suppose that E /
R
and F /
R
are
quasi-regular BLFE.
Denote the Markov process associated to E /
R
(resp. F /
R
) by M/
R
(resp. W/
R
).
Proposition 9. Under assumptions 1, 2 and 3, M and
W are stochastic bisimilar under R iff their qualita-
tive model reductions M/
R
and W/
R
with respect to
π
X
and, respectively π
Y
are µ/
R
-equivalent.
LetU andU
′
be two UCPSs, with the semantics M
and W, strong Markov processes defined on the state
spaces (X,B (X)) and (Y,B (Y)), respectively.
Definition 4. U and U
′
are called bisimilar if there
exist a bisimulation relation under which their seman-
tics M and W are bisimilar
4.3 An Example
Let us recall the chemically reacting system case
study from (Singh, Hespanha 2005), where it is in-
vestigated using the theory of polynomial stochastic
hybrid systems. Consider a system of n species X
j
,
j = 1,..,n, inside a fixed volume V involved in K re-
actions of the form
(R
i
)u
ai
A
i
+u
i1
X
1
+... + u
in
X
n
c
i
−→ ν
i1
X
1
+... + ν
in
X
n
,∀i ∈ {1,...,K}
where the species A
i
have a constant number of
molecules. The meaning and the assumptions about
the coefficients of the reaction equation are given in
(Singh, Hespanha 2005). c
i
is a reaction parameter
ICINCO 2009 - 6th International Conference on Informatics in Control, Automation and Robotics
44
which is used in defining the probability that a par-
ticular reaction takes place on (t,t + dt). The sys-
tem is characterized by the trivial dynamics
.
x
= 0, x =
[x
1
,x
2
,...,x
n
]
T
, a family of K reset maps x = φ
i
(x
−
),
φ
i
: R
n
→ R
n
, and a corresponding family of tran-
sition intensities λ
i
: R
n
→ [0,∞), ∀i = 1,.., K. For
each i = 1,..,K, the reset map φ
i
and the correspond-
ing λ
i
is uniquely defined by the i
th
reaction equation
and given by x 7→ φ
i
(x), φ
i
(x) = x + [ν
i1
− u
i1
,ν
i2
−
u
i2
,...,ν
in
−u
in
]
T
; λ
i
(x) = c
i
h
i
(x), whereU
i
represents
the number of distinct molecular reactant combina-
tions present in V at time t for the reaction R
i
. The
executions of such a system are defined in (Singh,
Hespanha 2005).
Now we apply the method of qualitative model re-
duction to this process. We can show that executions
of this cps form a particular kind of right Markov
process called jump process (Davis 1993). The ex-
tended generator (Th.1 (Singh, Hespanha 2005)) is
(Lψ)(x) =
∑
K
i=1
(ψ(φ
i
(x)) − ψ(x))λ
i
(x), ψ ∈ D(L).
Let us consider a proper map F : R
n
→ R and write
the generator of the induced process for
ψ
#
◦ F, ψ
#
∈ D(L
#
):
L(ψ
#
◦ F)(x) =
∑
K
i=1
(ψ
#
(F(φ
i
(x))) − ψ
#
(F(x)))λ
i
(x)
Define φ
#
i
: ImF → R by φ
#
i
(Fx) = F(φ
i
(x)) and
λ
#
i
: ImF → R by λ
#
i
(Fx) = λ
i
(x). In order to have
these two function well-defined we need to impose
some compatibility conditions between F and reset
maps φ
i
and their corresponding transition intensities
λ
i
as follows: Fx = Fx
′
⇒ F(φ
i
(x)) = F(φ
i
(x
′
)) and
λ
i
(x) = λ
i
(x
′
). This means that F preserves the jumps
(reset maps and transition intensities), i.e. the pre-
jump locations have the same image under F then the
intensities of transition should be equal and the post-
jump locations have the same image under F. Using
(13), the generator of the induced process is
L
#
ψ
#
(x
#
) =
K
∑
i=1
(ψ
#
(φ
#
i
(x
#
)) − ψ
#
(x
#
))λ
#
i
(x
#
);
x
#
= Fx; x ∈ X.
For simplicity, we suppose that the reactions R
i
are
reversible in time. Then the generator is self-adjoint
(or Hermitian). The (symmetric) quasi-regular energy
bilinear form on L
2
(R
n
,µ) associated to the given pro-
cess (with µ a stationary distribution) can be written
E (ψ,ϕ) =
∑
K
i=1
R
R
n
(ψ(φ
i
(x)) − ψ(x))(ϕ(φ
i
(x)) −
ϕ(x))λ
i
(x)µ(dx)
Then the induced energy bilinear form E
#
on
L
2
(R,µ
#
) (where µ
#
is the image of µ under F) w.r.t.
F is
E
#
(ψ
#
,ϕ
#
) =
K
∑
i=1
Z
R
n
[ψ
#
(φ
#
i
(Fx)) − ψ
#
(Fx)]
[ϕ
#
(φ
#
i
(Fx)) − ϕ
#
(Fx)]λ
#
i
(Fx)
µ(dx)
=
K
∑
i=1
Z
R
[ψ
#
(φ
#
i
(x
#
)) − ψ
#
(x
#
)][ϕ
#
(φ
#
i
(x
#
)) − ϕ
#
(x
#
)]λ
#
i
(x
#
)µ
#
(dx
#
).
Clearly, E
#
is associated to a jump process - thequal-
itative model reduction of the given process. In this
particular case, the induced process is exactly the im-
age under F of the initial jump process.
5 CONCLUSIONS
In this paper, we have used the concept of energy,
which is a key ingredient of Hilbertean formal meth-
ods, to define qua;itative model reduction and behav-
ioral equivalence for cyber-physical systems operat-
ing in random environments. Energy is a versatile an-
alytical concept that characterizes in a subtle way the
interaction between computation and physics, as well
as their co-evolution.
Adaptive bisimulation means the energy preser-
vation of the stochastic processes generated by the
cyber-physical system evolutions. The energy con-
cept can be also used to define qualitative model re-
ductions for cyber-physical systems. Given an quali-
tative model reduction function that reduces the state
space, we have defined a standard construction that
associates a qualitative model reduction (called stan-
dard) on the reduced state space. The mathemati-
cal results from Section 4.1 show that the qualitative
model reduction method preserves important analytic
properties (related to HFM). Two uncertain CPS are
adaptive bisimilar if they have the same energy. The
theorem from Section 4.2 shows that two uncertain
CPS are adaptive bisimilar iff their standard qualita-
tive model reductions are equivalent as Markov pro-
cesses.
We have formulated the stochastic model check-
ing problem (a subproblem of stochastic reachabil-
ity analysis, corresponding to the probabilistic model
checking of Markov chains). We proved two results
that show that the problem is solvable for uncertain
cyber-physical systems. The mathematical results
from Section 3 provide a upper bound for the reach
set probabilities. In this way, one can prove that the
probability of reaching a state in a certain set can be
small enough.
CO-EVOLUTION PRESERVING ABSTRACT MODEL REDUCTION FOR UNCERTAIN CYBER-PHYSICAL
SYSTEMS - Towards a Framework for Nanoscience
45
The most closely related model is that of stochas-
tic hybrid automata (Bujorianu 2004). These au-
tomata are not necessarily embedded systems and
their hybrid behavior is often an internal feature (as
for cars, aircraft, mobile robots and so on) rather than
the interaction with a physical environment (a feature
of embedded systems). Cyber-physical systems are
also networked.
In following work we will refine the formal
framework presented in this paper to be used for
nanoscience.
ACKNOWLEDGEMENTS
This work was funded by the EPSRC project
EP/E050441/1 CICADA.
REFERENCES
Accardi L., Ohya M., Watanabe N., 2006. Quantum Infor-
mation and Computing World Scientific.
Albeverio, S., Ma, Z.M., Rockner, M., 1993. Quasi-regular
Dirichlet Forms and Markov Processes. J. of Func-
tional Analysis 111: 118-154.
Bujorianu, M.C., Bujorianu M.L., 2007a. Towards
Hilbertean Formal Methods Proc. of the 7th Interna-
tional Conference on Application of Concurrency to
System Design ACSD IEEE Press.
Bujorianu, M.C., Bujorianu, M.L., 2007b. An integrated
specification framework for embedded systems, Proc.
of SEFM, IEEE Press.
Bujorianu, M.C., Bujorianu M.L., 2008a. A Randomized
Model for Communicating Embedded Systems. Pro-
ceedings of the 16th Mediterranean Conference on
Control and Automation, IEEE Press.
Bujorianu, M.L., Bujorianu, M.C., 2008b. Bisimulation,
Logic and Mobility for Markovian Systems, In: Proc
of 18th International Symposium on Mathematical
Theory of Networks and Systems (MTNS08), SIAM.
Bujorianu, M.L., Bujorianu, M.C., Blom H., 2008. Ap-
proximate Abstractions of Stochastic Hybrid Systems,
Proc. of the 17th IFAC World Congress, Elsevier.
Bujorianu, M.L., Katoen J., 2008. Symmetry reduction for
stochastic hybrid systems. In: Proc. of IEEE 47th
Conference on Decision and Control, IEEE press.
Bujorianu, M.L., Bujorianu, M.C. 2006. A Model Checking
Strategy for a Performance Measure of Fluid Stochas-
tic Models, In: European Performance Engineering
Workshop (EPEW), Springer LNCS 4054, pp. 93-107.
Bujorianu, M.L., Lygeros, J., 2004. General Stochastic Hy-
brid Systems: Modelling and Optimal Control. Proc.
43th Conference in Decision and Control, IEEE Press:
182-187.
Bujorianu, M.L. 2004. Extended Stochastic Hybrid Systems
and their Reachability Problem. In Hybrid Systems:
Computation and Control, Springer LNCS 2993: 234-
249.
Bujorianu, M.L., Lygeros, J., Bujorianu, M.C., 2005a. Ab-
stractions of Stochastic Hybrid System. Proc. 44th
Conference in Decision and Control. IEEE Press.
Bujorianu, M.L., Lygeros, J., Bujorianu, M.C., 2005b.
Bisimulation for General Stochastic Hybrid Systems.
In Proc. Hybrid Systems: Computation and Control,
Springer LNCS 3414: 198-216.
Davis, M.H.A. 1993. Markov Models and Optimization
Chapman & Hall.
Ethier, S.N., Kurtz, T.G., 1986. Markov Processes: Char-
acterization and Convergence. John Wiley and Sons.
Haghverdi, E., Tabuada, P., Pappas, G.J., 2005. Bisimu-
lation Relations for Dynamical, Control and Hybrid
Systems. Theor. Comput. Science, 342(2-3):229-261.
Hornyak, G., Dutta, J., Tibbals H.J., Rao A.K. 2008. Intro-
duction to Nanoscience CRC Press.
Iscoe, I., McDonald, D., 1990. Induced Dirichlet Forms
and Capacitary Inequalities. Ann. Prob. 18 (3): 1195-
1221.
Ma, M., Rockner, M., 1990. The Theory of (Non-
Symmetric) Dirichlet Forms and Markov Processes
Springer Verlag.
Rogers, L.C.G., Pitman, J.W., 1981. Markov Functions.
Ann. Prob., 9 (4): 573-582.
Singh, A., Hespanha, J.P., 2005. Models for Multi-Specie
Chemical Reactions Using Polynomial Stochastic Hy-
brid Systems. Proc. of 44th Conference in Decision
and Control, IEEE Press.
Tabuada P. 2006. Cyber-Physical Systems: Position Paper
presented at NSF Workshop on Cyber-Physical Sys-
tems.
ICINCO 2009 - 6th International Conference on Informatics in Control, Automation and Robotics
46
