How to Stall a Motor:
Information-Based Optimization for
Safety Refutation of Hybrid Systems
Todd W. Neller
Knowledge Systems Laboratory
Stanford University
Outline





Defining the problem: Will the critical satellite
motor stall?
Generalizing the problem: Hybrid Systems
Reformulating the problem: Optimizing for failure
Describing the tool we need: Information-Based
Optimization
Exciting Conclusion: Why should a power
screwdriver be inspiring?
Stepper Motors


a.k.a. “step motors”
Title:
sms tep2.fig
Creator:
fig2dev Version 3.1 Patchlevel 2
Preview :
This EPS picture w as not saved
w ith a preview included in it.
Comment:
This EPS picture w ill print to a
PostScript printer, but not to
other ty pes of printers .
Title:
s tepgraph.fig
Creator:
fig2dev Version 3.1 Patchlevel 2
Prev iew :
This EPS picture w as not s av ed
w ith a preview inc luded in it.
Comment:
This EPS picture w ill print to a
Pos tSc ript printer, but not to
other ty pes of printers.
t
The Problem




Dan Goldin, head of NASA: “Smaller,
Faster, Better, Cheaper” 
microsatellites, autonomy, C.O.T.S.
SSDL’s OPAL: Orbiting Picosatellite
Automated Launcher
Problem: Will the motor stall while
accelerating the picosatellite?
How to find good research problems:
?
specific  general
Hybrid Systems




Hybrid = Discrete + Continuous
Example: Bouncing Ball
Fast Continuous Change  Discrete Change
More Interesting Example: Mode Switching
Controllers
Title:
sms tep2.fig
Creator:
fig2dev Version 3.1 Patchlevel 2
Preview :
This EPS picture w as not saved
w ith a preview included in it.
Comment:
This EPS picture w ill print to a
PostScript printer, but not to
other ty pes of printers .
Safety
Safety property - Something that is always
true about a system
 Another view: A set of states the system
never leaves
 Safe/unsafe states, desired/undesired states
 Initial Safety property - Safety over an
initial duration of time

Verification, Refutation
Verification of safety: Proving that the
system can never leave safe states
 Verification through simulation?
 Refutation of safety: Proving that the
system can leave safe states
 Proof by counterexample

Stepper Motor Safety Refutation

Given:
Stepper motor simulator and acceleration table
 Bounds on stepper motor system parameters
and initial state
 Set of stall states


Find:

Title:
s tepgraph.fig
Creator:
fig2dev Version 3.1 Patchlevel 2
Prev iew :
This EPS picture w as not s av ed
w ith a preview inc luded in it.
Comment:
This EPS picture w ill print to a
Pos tSc ript printer, but not to
other ty pes of printers.
Parameters and initial conditions such that the
motor enters a stall state during acceleration
General Problem Statement

Given:




Hybrid system simulator for
initial time duration
Bounds on initial conditions
(parameters and variable
assignments)
Set of unsafe states
Title:
refutation.fig
Creator:
fig2dev Version 3.1 Patchlevel 2
Preview :
This EPS picture w as not saved
w ith a preview included in it.
Comment:
This EPS picture w ill print to a
PostScript printer, but not to
other ty pes of printers .
Find:

Initial conditions such that the system enters an unsafe
state during initial time
Tools for Initial Safety
Refutation of Hybrid Systems

Generate and Test
(There has to be a better way, right?)
Distance from Unsafe States

Make use of simple knowledge of problem
domain to provide landscape helpful to search
Title:
s teptest1flat.eps
Creator:
MATLAB, The Mathw orks, Inc.
Prev iew :
This EPS picture w as not s av ed
w ith a preview inc luded in it.
Comment:
This EPS picture w ill print to a
Pos tSc ript printer, but not to
other ty pes of printers.
Refutation through Optimization


Transform refutation
problem into an
optimization problem
with a heuristic (i.e.
estimated) measure of
relative safety
Apply efficient global
optimization
Title:
heuropt-portrait.fig
Creator:
fig2dev Version 3.1 Patchlevel 2
Preview :
This EPS picture w as not saved
w ith a preview included in it.
Comment:
This EPS picture w ill print to a
PostScript printer, but not to
other ty pes of printers .
Problem Reformulation

Given:



Hybrid system simulator for initial time t
Possible initial conditions I
Heuristic evaluation function f which takes an initial
condition as input and returns a relative safety ranking
of the resulting trajectory
simulation
evaluation
initial condition  trajectory  ranking

Find:

f
Initial condition x in I, such that f(x) = 0
Problem: Simulation isn’t Cheap




f(x) is usually assumed cheap to compute.
Most methods store and use very little data.
Solution: Use simulation intelligently.
General principle: Information gained at great cost
should be treated with great value.
Satisficing




General optimization seeks
an unknown optimum.
We don’t know our optimum,
but we have a goal value
we’re seeking to satisfy.
Satisficing (= “satisfying”,
economist Herbert Simon)
This knowledge can be
leveraged to make our
optimization more efficient.
Title:
satisficing
Creator:
fig2dev Version 3.1 Patchleve
Preview :
This EPS picture w as not sav
w ith a preview included in it.
Comment:
This EPS picture w ill print to a
PostScript printer, but not to
other ty pes of printers .
Information-Based Approach
Assume: continuous, flat functions more likely
Title:
infoappr3
Creator:
fig2dev Version 3.1 Patchlevel 2
Preview :
This EPS picture w as not saved
w ith a preview included in it.
Comment:
This EPS picture w ill print to a
Information-Based Optimization

Information-Based Optimization (Neimark and Strongin, 1966;
Strongin and Sergeyev, 1992; Mockus, 1994)



Previous function evaluations shape probability
distribution over possible functions.
But we needn’t deal with probabilities. Ranking
candidates is enough.
Prefer smooth functions  Prefer candidate which
minimizes slope at goal value
Title:
infoappr2.fig
Creator:
fig2dev Version 3.1 Patchlevel 2
Problem: Only Good for One Dimension



In 1-D, candidates are
ranked with respect to
immediate neighbors.
What are “immediate
neighbors” in multidimensional space?
Intuition: Closer points
have greater relevance.
Title:
pinnacle
Creator:
fig2dev Version 3.1
Prev iew :
This EPS picture w as
w ith a preview inc lu
Comment:
Solution: Shadowing

Point b shadows point a from
point d if:
 b is closer to d than a, and
 the slope between a and b is
greater than the slope
between a and d.
Title:
shadow 1.fig
Creator:
fig2dev Version 3.1 Patchlevel 2
Preview :
This EPS picture w as not saved
w ith a preview included in it.
Comment:
This EPS picture w ill print to a
PostScript printer, but not to
other ty pes of printers .
Multidimensional Information-Based
Optimization




Choose initial point x
and evaluate f(x)
Iterate: Pick next point x
according to ranking
function g(x) and evaluate
f(x)
Excellent for efficiently
finding zeros when not rare.
Problem: Slow convergence
for rare zeros, points
clustered near minima
Title:
parabola1.eps
Creator:
MATLAB, The Mathw orks, Inc.
Prev iew :
This EPS picture w as not s av ed
w ith a preview inc luded in it.
Comment:
This EPS picture w ill print to a
Pos tSc ript printer, but not to
other ty pes of printers.
Solution: Multilevel Optimization


Perform a local optimization for each top level
function evaluation
Summarize information  tractability
Title:
mllofig1.fig
Creator:
fig2dev Version 3.1 Patchlevel 2
Prev iew :
This EPS picture w as not s av ed
w ith a preview inc luded in it.
Comment:
This EPS picture w ill print to a
Pos tSc ript printer, but not to
other ty pes of printers.

Multilevel Optimization: Generalize to n levels,
with each level expediting search for level above
Summary


Initial safety refutation of hybrid system can be
reformulated as satisficing optimization given a
heuristic measure of relative safety.
Information-based optimization



is suited to such optimization, and
can be extended to multidimensions with shadowing
and sampling.
Convergence to rare unsafe trajectories: Multilevel
optimization
Using an Optimization Toolbox


You have a set of optimization methods.
You have a set of observations during optimization (e.g.
function evals, local minima).
Monte Carlo
Optimization
Monte Carlo w/
Local Optimization
Information-Based
Optimization
Information-Based w/
Local Optimization
Challenge Problem: Method Switching

Given:
a set of iterative optimization procedures
 a distribution of optimization problems
 a set of optimization features


Learn:

a policy for dynamically switching between
procedures which minimizes time to solution
for such a distribution
Conclusion





The computer is a power tool for the mind.
Power screwdrivers with Phillips bits don’t
work well with slotted screws.
Understand the assumptions of the tools you
apply.
You can design new bits suited to new tasks.
One new bit can change the world of
computing!
Other Approaches
Few minima: Random Local Optimization
 Many minima: Simulated Annealing with
Local Optimization (Desai and Patil, 1996)
 For higher dimensions, you’re forever
searching corners!
 Direction Set Methods: Successive 1D
minimizations in different directions.

How to Stall a Motor:
Information-Based Optimization for
Safety Refutation of Hybrid Systems
Todd W. Neller
Knowledge Systems Laboratory, Stanford University
Gettysburg College, January 21, 2000
How to Stall a Motor:
Information-Based Optimization for
Safety Refutation of Hybrid Systems
Todd W. Neller
Knowledge Systems Laboratory, Stanford University
Colgate University, January 25, 2000
How to Stall a Motor:
Information-Based Optimization for
Safety Refutation of Hybrid Systems
Todd W. Neller
Knowledge Systems Laboratory, Stanford University
Lafayette College, January 27, 2000
How to Stall a Motor:
Information-Based Optimization for
Safety Refutation of Hybrid Systems
Todd W. Neller
Knowledge Systems Laboratory, Stanford University
Bowdoin College, January 31, 2000
How to Stall a Motor:
Information-Based Optimization for
Safety Refutation of Hybrid Systems
Todd W. Neller
Knowledge Systems Laboratory, Stanford University
Williams College, February 11, 2000