Paulo Tabuada

Bio: Paulo Tabuada is an academic researcher from University of California, Los Angeles. The author has contributed to research in topics: Control system & Control theory. The author has an hindex of 60, co-authored 288 publications receiving 20444 citations. Previous affiliations of Paulo Tabuada include University of California, Berkeley & Instituto Superior Técnico.

Symbolic models for unstable nonlinear control systems

Abstract: In this paper we take an important step in our quest to synthesize correct-by-design embedded control software for nonlinear systems. We have shown in previous work that by relying on diverse stability and stabilizability assumptions it is possible to construct finite-state models describing the dynamics of nonlinear control systems. Such finite-state models enable the use of algorithmic techniques to automatically synthesize controllers enforcing control and software requirements. In the present paper, we show that similar results can still be obtained by replacing the stability or stabilizability assumptions by the much weaker assumption of incremental forward completeness. We illustrate the new results by synthesizing a controller for an inverted pendulum subject to a schedulability constraint.

Symmetries and Isomorphisms for Privacy in Control Over the Cloud

Abstract: Cloud computing platforms are being increasingly used for closing feedback control loops, especially when computationally expensive algorithms, such as model-predictive control, are used to optimize performance. Outsourcing of control algorithms entails an exchange of data between the control system and the cloud and, naturally, raises concerns about the privacy of the control system's data (e.g., state trajectory and control objective). Moreover, any attempt at enforcing privacy needs to add minimal computational overhead to avoid degrading control performance. In this article, we propose several transformation-based methods for enforcing data privacy. We also quantify the amount of provided privacy and discuss how much privacy is lost when the adversary has access to side knowledge. We address three different scenarios: 1) the cloud has no knowledge about the system being controlled; 2) the cloud knows what sensors and actuators the system employs but not the system dynamics; and 3) the cloud knows the system dynamics, its sensors, and actuators. In all of these three scenarios, the proposed methods allow for the control over the cloud without compromising private information (which information is considered private depends on the considered scenario).

Underminer: a framework for automatically identifying non-converging behaviors in black box system models

Abstract: Evaluation of industrial embedded control system designs is a time-consuming and imperfect process. While an ideal process would apply a formal verification technique such as model checking or theorem proving, these techniques do not scale to industrial design problems, and it is often difficult to use these techniques to verify performance aspects of control system designs, such as stability or convergence. For industrial designs, engineers rely on testing processes to identify critical or unexpected behaviors. We propose a novel framework called Underminer to improve the testing process; this is an automated technique to identify non-converging behaviors in embedded control system designs. Underminer treats the system as a black box, and lets the designer indicate the model parameters, inputs and outputs that are of interest. It supports a multiplicity of convergence-like notions, such as those based on Lyapunov analysis and those based on temporal logic formulae. Underminer can be applied in the context of testing models created in the controller-design phase, and can also be applied in a scenario such as hardware-in-the-loop testing. We demonstrate the efficacy of Underminer by evaluating its performance on several examples.

Towards a compositional analysis of multi-machine power systems transient stability

Abstract: With this paper we initiate a compositional analysis of multi-machine power systems consisting of the interconnection of generators, loads, and transmission lines. We provide sufficient conditions for transient stability that do not rely on the overall model of the multi-machine power system which can be very complex. Instead, we provide simple conditions that each machine should independently satisfy. These conditions depend only on the machine parameters, the desired equilibrium currents, and the value of one of the loads (typically the largest) in the power system. Our compositional approach offers several advantages over existing alternatives: there is no need for a detailed model of the power system, transmission lines can be lossless or lossy, and we provide a natural Lyapunov function for the power system.

From LTL to rLTL Monitoring: Improved Monitorability through Robust Semantics

Abstract: Runtime monitoring is commonly used to detect the violation of desired properties in safety critical cyber-physical systems by observing its executions. Bauer et al. introduced an influential framework for monitoring Linear Temporal Logic (LTL) properties based on a three-valued semantics: the formula is already satisfied by the given prefix, it is already violated, or it is still undetermined, i.e., it can still be satisfied and violated by appropriate extensions. However, a wide range of formulas are not monitorable under this approach, meaning that they have a prefix for which satisfaction and violation will always remain undetermined no matter how it is extended. In particular, Bauer et al. report that 44% of the formulas they consider in their experiments fall into this category. Recently, a robust semantics for LTL was introduced to capture different degrees by which a property can be violated. In this paper we introduce a robust semantics for finite strings and show its potential in monitoring: every formula considered by Bauer et al. is monitorable under our approach. Furthermore, we discuss which properties that come naturally in LTL monitoring - such as the realizability of all truth values - can be transferred to the robust setting. Lastly, we show that LTL formulas with robust semantics can be monitored by deterministic automata and report on a prototype implementation.

I and i

Abstract: There is, I think, something ethereal about i —the square root of minus one. I remember first hearing about it at school. It seemed an odd beast at that time—an intruder hovering on the edge of reality. Usually familiarity dulls this sense of the bizarre, but in the case of i it was the reverse: over the years the sense of its surreal nature intensified. It seemed that it was impossible to write mathematics that described the real world in …

Information flow and cooperative control of vehicle formations

Abstract: We consider the problem of cooperation among a collection of vehicles performing a shared task using intervehicle communication to coordinate their actions. Tools from algebraic graph theory prove useful in modeling the communication network and relating its topology to formation stability. We prove a Nyquist criterion that uses the eigenvalues of the graph Laplacian matrix to determine the effect of the communication topology on formation stability. We also propose a method for decentralized information exchange between vehicles. This approach realizes a dynamical system that supplies each vehicle with a common reference to be used for cooperative motion. We prove a separation principle that decomposes formation stability into two components: Stability of this is achieved information flow for the given graph and stability of an individual vehicle for the given controller. The information flow can thus be rendered highly robust to changes in the graph, enabling tight formation control despite limitations in intervehicle communication capability.

Event-Triggered Real-Time Scheduling of Stabilizing Control Tasks

Abstract: In this note, we revisit the problem of scheduling stabilizing control tasks on embedded processors. We start from the paradigm that a real-time scheduler could be regarded as a feedback controller that decides which task is executed at any given instant. This controller has for objective guaranteeing that (control unrelated) software tasks meet their deadlines and that stabilizing control tasks asymptotically stabilize the plant. We investigate a simple event-triggered scheduler based on this feedback paradigm and show how it leads to guaranteed performance thus relaxing the more traditional periodic execution requirements.

Coverage control for mobile sensing networks

Abstract: This paper describes decentralized control laws for the coordination of multiple vehicles performing spatially distributed tasks. The control laws are based on a gradient descent scheme applied to a class of decentralized utility functions that encode optimal coverage and sensing policies. These utility functions are studied in geographical optimization problems and they arise naturally in vector quantization and in sensor allocation tasks. The approach exploits the computational geometry of spatial structures such as Voronoi diagrams.

Coverage control for mobile sensing networks

Abstract: This paper presents control and coordination algorithms for groups of vehicles. The focus is on autonomous vehicle networks performing distributed sensing tasks where each vehicle plays the role of a mobile tunable sensor. The paper proposes gradient descent algorithms for a class of utility functions which encode optimal coverage and sensing policies. The resulting closed-loop behavior is adaptive, distributed, asynchronous, and verifiably correct.