Results 1 
8 of
8
Adaptive Cruise Control: Hybrid, Distributed, and Now Formally Verified
, 2011
"... Car safety measures can be most effective when the cars on a street coordinate their control actions using distributed cooperative control. While each car optimizes its navigation planning locally to ensure the driver reaches his destination, all cars coordinate their actions in a distributed way ..."
Abstract

Cited by 28 (14 self)
 Add to MetaCart
(Show Context)
Car safety measures can be most effective when the cars on a street coordinate their control actions using distributed cooperative control. While each car optimizes its navigation planning locally to ensure the driver reaches his destination, all cars coordinate their actions in a distributed way in order to minimize the risk of safety hazards and collisions. These systems control the physical aspects of car movement using cyber technologies like local and remote sensor data and distributed V2V and V2I communication. They are thus cyberphysical systems. In this paper, we consider a distributed car control system that is inspired by the ambitions of the California PATH project, the CICAS system, SAFESPOT and PReVENT initiatives. We develop a formal model of a distributed car control system in which every car is controlled by adaptive cruise control. One of the major technical difficulties is that faithful models of distributed car control have both distributed systems and hybrid systems dynamics. They form distributed hybrid systems, which makes them very challenging for verification. In a formal proof system, we verify that the control model satisfies its main safety objective and guarantees collision freedom for arbitrarily many cars driving on a street, even if new cars enter the lane from onramps or multilane streets. The system we present is in many ways one of the most complicated cyberphysical systems that has ever been fully verified formally.
Distributed Theorem Proving for Distributed Hybrid Systems ⋆
"... Abstract. Distributed hybrid systems present extraordinarily challenging problems for verification. On top of the notorious difficulties associated with distributed systems, they also exhibit continuous dynamics described by quantified differential equations. All serious proofs rely on decision proc ..."
Abstract

Cited by 8 (5 self)
 Add to MetaCart
(Show Context)
Abstract. Distributed hybrid systems present extraordinarily challenging problems for verification. On top of the notorious difficulties associated with distributed systems, they also exhibit continuous dynamics described by quantified differential equations. All serious proofs rely on decision procedures for real arithmetic, which can be extremely expensive. Quantified Differential Dynamic Logic (QdL) has been identified as a promising approach for getting a handle in this domain. QdL has been proved to be complete relative to quantified differential equations. But important questions remain as to how best to translate this theoretical result into practice: how do we succinctly specify a proof search strategy, and how do we control the computational cost? We address the problem of automated theorem proving for distributed hybrid systems. We identify a simple mode of use of QdL that cuts down on the enormous number of choices that it otherwise allows during proof search. We have designed a powerful strategy and tactics language for directing proof search. With these techniques, we have implemented a new automated theorem prover called KeYmaeraD. To overcome the high computational complexity of distributed hybrid systems verification, KeYmaeraD uses a distributed proving backend. We have experimentally observed that calls to the real arithmetic decision procedure can effectively be made in parallel. In this paper, we demonstrate these findings through an extended case study where we prove absence of collisions in a distributed car control system with a varying number of arbitrarily many cars. 1
SetBased Computation of Vehicle Behaviors for the Online Verification of Autonomous Vehicles
"... Abstract — We compute the set of all possible behaviors of an autonomous vehicle using reachability analysis. A reachable set is the set of states a system can possibly reach for a given set of initial states, disturbances, and sensor noise values. We consider autonomous vehicles which plan trajecto ..."
Abstract

Cited by 5 (5 self)
 Add to MetaCart
(Show Context)
Abstract — We compute the set of all possible behaviors of an autonomous vehicle using reachability analysis. A reachable set is the set of states a system can possibly reach for a given set of initial states, disturbances, and sensor noise values. We consider autonomous vehicles which plan trajectories for a certain lookahead horizon which are followed using feedback control. While a perfectly followed trajectory might not violate specified safety properties (e.g. lane departures or vehicle collisions), there might exist a violating deviation from the planned trajectory. Given the mathematical model of the controlled vehicle and bounds on uncertainty, our approach detects any possible violation. In addition, the approach provides results faster than real time such that maneuvers of vehicles can be checked before they are fully executed. I.
Safe Intersections: At the Crossing of Hybrid Systems and Verification
"... Abstract — Intelligent vehicle systems have interesting prospects for solving inefficiencies and risks in ground transportation, e.g., by making cars aware of their environment and regulating speed intelligently. If the computer control technology reacts fast enough, intelligent control can be used ..."
Abstract

Cited by 5 (3 self)
 Add to MetaCart
(Show Context)
Abstract — Intelligent vehicle systems have interesting prospects for solving inefficiencies and risks in ground transportation, e.g., by making cars aware of their environment and regulating speed intelligently. If the computer control technology reacts fast enough, intelligent control can be used to increase the density of cars on the streets. The technology may also help prevent crashes at intersections, which cost the US $97 Billion in the year 2000. The crucial prerequisite for intelligent vehicle control, however, is that it must be correct, for it may otherwise do more harm than good. Formal verification techniques provide the best reliability guarantees but have had difficulties in the past with scaling to such complex systems. We report our successes with a logical approach to hybrid systems verification, which can capture discrete control decisions and continuous driving dynamics. We present a model for the interaction of two cars and a traffic light at a two lane intersection and verify with a formal proof that our system always ensures collision freedom and that our controller always prevents cars from running red lights. I.
Differential Invariants and Symbolic Integration for Distributed Hybrid Systems
"... We present a formal proof of collision avoidance for a simple distributed hybrid system consisting of an arbitrary finite number of cars on a one dimensional road. Our cars take actions independently from one another and without synchronization, thus behaving in a truly distributed manner. We allow ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
(Show Context)
We present a formal proof of collision avoidance for a simple distributed hybrid system consisting of an arbitrary finite number of cars on a one dimensional road. Our cars take actions independently from one another and without synchronization, thus behaving in a truly distributed manner. We allow cars to enter and exit the road. For the continuous dynamics, we show how differential invariants and symbolic solutions can be used together harmoniously to prove things that neither could prove alone. We have fully mechanized our formal proof within our theorem prover KeYmaeraD. 1.
Preliminary Results on CorrectbyConstruction Control Software Synthesis for Adaptive Cruise Control
"... Abstract — A plethora of driver convenience and safety automation systems are being introduced into production vehicles, such as electronic stability control, adaptive cruise control, lane keeping, and obstacle avoidance. Assuring the seamless and safe integration of each new automation function wi ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
(Show Context)
Abstract — A plethora of driver convenience and safety automation systems are being introduced into production vehicles, such as electronic stability control, adaptive cruise control, lane keeping, and obstacle avoidance. Assuring the seamless and safe integration of each new automation function with existing control functions is a major challenge for vehicle manufacturers. This challenge is compounded by having different suppliers providing software modules for different control functionalities. In this paper, we report on our preliminary steps to address this problem through a fresh perspective combining formal methods, control theory, and correctbyconstruction software synthesis. In particular, we begin the process of synthesizing the control software module for adaptive cruise control from formal specifications given in Linear Temporal Logic. In the longer run, we will endow each interacting software module with an assumeguarantee specification stating under which environment assumptions the module is guaranteed to meet its specifications. These assumeguarantee specifications will then be used to formally prove correctness of the cyberphysical system obtained where the integrated modules interact with the physical dynamics. I.
Actuators Sensors Physical Behavior Physical Processes Toward Autonomous Vehicle Safety Verification from Mobile CyberPhysical Systems Perspective
"... Safety certification of Autonomous Vehicles (AVs) require guarantees on AVs ’ safety at design time. To this effect, this paper proposes modeling abstractions that allow architectural representation of AVs and their surroundings, i.e. representation of different components, and enable safety analysi ..."
Abstract
 Add to MetaCart
(Show Context)
Safety certification of Autonomous Vehicles (AVs) require guarantees on AVs ’ safety at design time. To this effect, this paper proposes modeling abstractions that allow architectural representation of AVs and their surroundings, i.e. representation of different components, and enable safety analysis from such representation without requiring any expertise on formal methods. Toward this direction, AVs are considered as CyberPhysical Systems with Mobile computing nodes (MCPS), where each node (i.e. an AV) can have intentional (as determined by AVs ’ controller) and unintentional (e.g., in case of skids) motion characteristics depending on the physical environment (e.g. road condition). The modeling abstractions are used to analyze safety of passengers in an AV that collides with guard rail due to skid along a curved segment on the AZ83 highway.
Graduate Supervisory Committee:
"... Cyber Physical Systems (CPSs) are systems comprising of computational systems that interact with the physical world to perform sensing, communication, computation and actuation. Common examples of these systems include Body Area Networks (BANs), Autonomous Vehicles (AVs), Power Distribution Systems ..."
Abstract
 Add to MetaCart
(Show Context)
Cyber Physical Systems (CPSs) are systems comprising of computational systems that interact with the physical world to perform sensing, communication, computation and actuation. Common examples of these systems include Body Area Networks (BANs), Autonomous Vehicles (AVs), Power Distribution Systems etc. The close coupling between cyber and physical worlds in a CPS manifests in two types of interactions between computing systems and the physical world: intentional and unintentional. Unintentional interactions result from the physical characteristics of the computing systems and often cause harm to the physical world, if the computing nodes are close to each other, these interactions may overlap thereby increasing the chances of causing a Safety hazard. Similarly, due to mobile nature of computing nodes in a CPS planned and unplanned interactions with the physical world occur. These interactions represent the behavior of a computing node while it is following a planned path and during faulty operations. Both of these interactions change over time due to the dynamics (motion) of the computing node and may overlap thereby causing harm to the physical world. Lack of proper modeling and analysis frameworks for these systems causes system designers to use adhoc techniques thereby further increasing their design and development time. The thesis addresses these problems by taking a holistic approach to model Computational, Physical and Cyber Physical Interactions (CPIs) aspects of a CPS and proposes modeling constructs for them. These constructs are analyzed using a safety analysis algorithm developed as part of the thesis. The algorithm computes the intersection of CPIs for both mobile as well as static computing nodes and determines the safety of the physical system. A framework is developed by extending AADL to support these modeling constructs; the safety analysis algorithm is implemented as OSATE plugin. The applicability of the proposed approach is demonstrated by considering the safety of human tissue during the operations of BAN, and the safety of passengers traveling in an