Results 1  10
of
36
Robust Test Generation and Coverage for Hybrid Systems
, 2007
"... Testing is an important tool for validation of the system design and its implementation. Modelbased test generation allows to systematically ascertain whether the system meets its design requirements, particularly the safety and correctness requirements of the system. In this paper, we develop a fr ..."
Abstract

Cited by 28 (8 self)
 Add to MetaCart
Testing is an important tool for validation of the system design and its implementation. Modelbased test generation allows to systematically ascertain whether the system meets its design requirements, particularly the safety and correctness requirements of the system. In this paper, we develop a framework for generating tests from hybrid systems’ models. The core idea of the framework is to develop a notion of robust test, where one nominal test can be guaranteed to yield the same qualitative behavior with any other test that is close to it. Our approach offers three distinct advantages. 1) It allows for computing and formally quantifying the robustness of some properties, 2) it establishes a method to quantify the test coverage for every test case, and 3) the procedure is parallelizable and therefore, very scalable. We demonstrate our framework by generating tests for a navigation benchmark application.
Symbolic Analysis for Improving Simulation Coverage of Simulink/Stateflow Models
"... Aimed at verifying safety properties and improving simulation coverage for hybrid systems models of embedded control software, we propose a technique that combines numerical simulation and symbolic methods for computing statesets. We consider systems with linear dynamics described in the commercial ..."
Abstract

Cited by 20 (3 self)
 Add to MetaCart
Aimed at verifying safety properties and improving simulation coverage for hybrid systems models of embedded control software, we propose a technique that combines numerical simulation and symbolic methods for computing statesets. We consider systems with linear dynamics described in the commercial modeling tool Simulink/Stateflow. Given an initial state x, and a discretetime simulation trajectory, our method computes a set of initial states that are guaranteed to be equivalent to x, where two initial states are considered to be equivalent if the resulting simulation trajectories contain the same discrete components at each step of the simulation. We illustrate the benefits of our method on two case studies. One case study is a benchmark proposed in the literature for hybrid systems verification and another is a Simulink demo model from Mathworks.
Approximately bisimilar symbolic models for nonlinear control systems
 In 46th IEEE Conference on Decision and Control
, 2007
"... Abstract. Control systems are usually modeled by differential equations describing how physical phenomena can be influenced by certain control parameters or inputs. Although these models are very powerful when dealing with physical phenomena, they are less suitable to describe software and hardware ..."
Abstract

Cited by 16 (6 self)
 Add to MetaCart
Abstract. Control systems are usually modeled by differential equations describing how physical phenomena can be influenced by certain control parameters or inputs. Although these models are very powerful when dealing with physical phenomena, they are less suitable to describe software and hardware interfacing the physical world. For this reason there is a growing interest in describing control systems through symbolic models that are abstract descriptions of the continuous dynamics, where each “symbol ” corresponds to an “aggregate ” of states in the continuous model. Since these symbolic models are of the same nature of the models used in computer science to describe software and hardware, they provide a unified language to study problems of control in which software and hardware interact with the physical world. Furthermore the use of symbolic models enables one to leverage techniques from supervisory control and algorithms from game theory for controller synthesis purposes. In this paper we show that every incrementally globally asymptotically stable nonlinear control system is approximately equivalent (bisimilar) to symbolic model. The approximation error is a design parameter in the construction of the symbolic model and can be rendered as small as desired. We also show that for digital control systems, and under the stronger assumption of incremental input–to–state stability, the symbolic models can be constructed through a suitable quantization of the inputs. 1.
Approximately Bisimilar Symbolic Models for Incrementally Stable Switched Systems
"... Switched systems constitute an important modeling paradigm faithfully describing many engineering systems in which software interacts with the physical world. Despite considerable progress on stability and stabilization of switched systems, the constant evolution of technology demands that we make s ..."
Abstract

Cited by 14 (2 self)
 Add to MetaCart
Switched systems constitute an important modeling paradigm faithfully describing many engineering systems in which software interacts with the physical world. Despite considerable progress on stability and stabilization of switched systems, the constant evolution of technology demands that we make similar progress with respect to different, and perhaps more complex, objectives. This paper describes one particular approach to address these different objectives based on the construction of approximately equivalent (bisimilar) symbolic models for a switched system. The main contribution of this paper consists in showing that under standard assumptions ensuring incremental stability of a switched system (i.e. existence of common or multiple Lyapunov functions), it is possible to construct a symbolic model that is approximately bisimilar to the original switched system with a precision that can be chosen a priori. To support the computational merits of the proposed approach we present a realistic example of a boost dcdc converter and show how to synthesize a switched controller that regulates the output voltage at a desired level.
Temporal Logic Motion Planning for Dynamic Robots
, 2007
"... In this paper, we address the temporal logic motion planning problem for point robots that are modeled by second order dynamics. Temporal logic specifications can capture the usual control specifications such as reachability and invariance as well as more complex specifications like sequencing and o ..."
Abstract

Cited by 14 (6 self)
 Add to MetaCart
In this paper, we address the temporal logic motion planning problem for point robots that are modeled by second order dynamics. Temporal logic specifications can capture the usual control specifications such as reachability and invariance as well as more complex specifications like sequencing and obstacle avoidance. In order to solve this problem, we follow a hierarchical approach that enables the control of the second order system by designing control laws for a fully actuated kinematic model. Our approach consists of three basic steps. First, we design a control law that enables the dynamic model to track a simpler kinematic model with a globally bounded error. Second, we built a robust temporal logic specification that takes into account the tracking errors of the first step. Finally, we solve the new robust temporal logic path planning problem for the kinematic model using automata theory and simple local vector fields. The resulting continuous time trajectory is provably guaranteed to satisfy the initial user specification.
Temporal Logic Verification Using Simulation
 In Proc. FORMATS’06
, 2006
"... Abstract. In this paper, we consider a novel approach to the temporal logic verification problem of continuous dynamical systems. Our methodology has the distinctive feature that enables the verification of the temporal properties of a continuous system by verifying only a finite number of its (simu ..."
Abstract

Cited by 13 (5 self)
 Add to MetaCart
Abstract. In this paper, we consider a novel approach to the temporal logic verification problem of continuous dynamical systems. Our methodology has the distinctive feature that enables the verification of the temporal properties of a continuous system by verifying only a finite number of its (simulated) trajectories. The proposed framework comprises two main ideas. First, we take advantage of the fact that in metric spaces we can quantify how close are two different states. Based on that, we define robust, multivalued semantics for MTL (and LTL) formulas. These capture not only the usual Boolean satisfiability of the formula, but also topological information regarding the distance from unsatisfiability. Second, we use the recently developed notion of bisimulation functions to infer the behavior of a set of trajectories that lie in the neighborhood of the simulated one. If the latter set of trajectories is bounded by the tube of robustness, then we can infer that all the trajectories in the neighborhood of the simulated one satisfy the same temporal specification as the simulated trajectory. The interesting and promising feature of our approach is that the more robust the system is with respect to the temporal logic specification, the less is the number of simulations that are required in order to verify the system. 1
Verification of Supervisory Control Software Using State Proximity and Merging
 In Submitted to the 11th International Workshop on Hybrid Systems: Computation and Control
, 2008
"... Abstract. This paper describes an approach for boundedtime verification of safety properties of supervisory control software interacting with a continuoustime plant. A combination of software Model Checking and numerical simulation is used to compute a conservative approximation of the reachable s ..."
Abstract

Cited by 12 (2 self)
 Add to MetaCart
Abstract. This paper describes an approach for boundedtime verification of safety properties of supervisory control software interacting with a continuoustime plant. A combination of software Model Checking and numerical simulation is used to compute a conservative approximation of the reachable states. The technique verifies system properties in the presence of nondeterministic behavior in the software due to, for instance, interleaving of tasks. A notion of program equivalence is used to characterize the behaviors of the controller, and the bisimulation functions of Girard and Pappas are employed to characterize the behaviors of the plant. These notions are used to compute sets of plant states around a trace that are guaranteed to be safe. These sets are determined by a backward analysis that starts from the end of a trace and propagates the safe sets towards the initial states. By using these safe sets, the approach can conservatively merge traces that reach states that are in proximity to each other. The technique has been implemented for the case of affine plant dynamics, which allow efficient operations on ellipsoidal sets based on convex optimizations involving linear matrix inequalities (LMIs). We present an illustrative example for a model of the position controller of an unmanned aerial vehicle (UAV). 1
On comparing the power of robots
 International Journal of Robotics Research. Under review
"... Robots must complete their tasks in spite of unreliable actuators and limited, noisy sensing. In this paper, we consider the information requirements of such tasks. What sensing and actuation abilities are needed to complete a given task? Are some robot systems provably “more powerful, ” in terms of ..."
Abstract

Cited by 11 (3 self)
 Add to MetaCart
Robots must complete their tasks in spite of unreliable actuators and limited, noisy sensing. In this paper, we consider the information requirements of such tasks. What sensing and actuation abilities are needed to complete a given task? Are some robot systems provably “more powerful, ” in terms of the tasks they can complete, than others? Can we find meaningful equivalence classes of robot systems? This line of research is inspired by the theory of computation, which has produced similar results for abstract computing machines. The basic idea is a dominance relation over robot systems that formalizes the idea that some robots are stronger than others. This comparison, which is based on the how the robots progress through their information spaces, induces a partial order over the set of robot systems. We prove some basic properties of this partial order and show that it is directly related to the robots’ ability to complete tasks. We give examples to demonstrate the theory, including a detailed analysis of a limitedsensing global localization problem. 1
Approximate bisimulation relations for constrained linear systems
 AUTOMATICA
, 2007
"... In this paper, we define the notion of approximate bisimulation relation between two systems, extending the well established exact bisimulation relations for discrete and continuous systems. Exact bisimulation requires that the observations of two systems are and remain identical, approximate bisi ..."
Abstract

Cited by 10 (4 self)
 Add to MetaCart
In this paper, we define the notion of approximate bisimulation relation between two systems, extending the well established exact bisimulation relations for discrete and continuous systems. Exact bisimulation requires that the observations of two systems are and remain identical, approximate bisimulation allows the observation to be different provided they are and remain arbitrarily close. Approximate bisimulation relations are conveniently defined as level sets of a function called bisimulation function. For the class of linear systems with constrained initial states and constrained inputs, we develop effective characterizations for bisimulation functions that can be interpreted in terms of linear matrix inequalities, set inclusion and games. We derive a computationally effective algorithm to evaluate the precision of the approximate bisimulation between a constrained linear system and its projection. This algorithm has been implemented in a MATLAB toolbox: MATISSE. Two examples of use of the toolbox in the context of safety verification are shown.
Formal verification of hybrid systems
, 2011
"... In formal verification, a designer first constructs a model, with mathematically precise semantics, of the system under design, and performs extensive analysis with respect to correctness requirements. The appropriate mathematical model for embedded control systems is hybrid systems that combines th ..."
Abstract

Cited by 10 (0 self)
 Add to MetaCart
In formal verification, a designer first constructs a model, with mathematically precise semantics, of the system under design, and performs extensive analysis with respect to correctness requirements. The appropriate mathematical model for embedded control systems is hybrid systems that combines the traditional statemachine based models for discrete control with classical differentialequations based models for continuously evolving physical activities. In this article, we briefly review selected existing approaches to formal verification of hybrid systems, along with directions for future research.