Results 1  10
of
29
Formal verification of hybrid systems
, 2011
"... In formal verification, a designer first constructs a model, with mathematically precise semantics, of the system under design, and performs extensive analysis with respect to correctness requirements. The appropriate mathematical model for embedded control systems is hybrid systems that combines th ..."
Abstract

Cited by 34 (0 self)
 Add to MetaCart
(Show Context)
In formal verification, a designer first constructs a model, with mathematically precise semantics, of the system under design, and performs extensive analysis with respect to correctness requirements. The appropriate mathematical model for embedded control systems is hybrid systems that combines the traditional statemachine based models for discrete control with classical differentialequations based models for continuously evolving physical activities. In this article, we briefly review selected existing approaches to formal verification of hybrid systems, along with directions for future research.
Logics of Dynamical Systems
"... We study the logic of dynamical systems, that is, logics and proof principles for properties of dynamical systems. Dynamical systems are mathematical models describing how the state of a system evolves over time. They are important in modeling and understanding many applications, including embedded ..."
Abstract

Cited by 18 (17 self)
 Add to MetaCart
We study the logic of dynamical systems, that is, logics and proof principles for properties of dynamical systems. Dynamical systems are mathematical models describing how the state of a system evolves over time. They are important in modeling and understanding many applications, including embedded systems and cyberphysical systems. In discrete dynamical systems, the state evolves in discrete steps, one step at a time, as described by a difference equation or discrete state transition relation. In continuous dynamical systems, the state evolves continuously along a function, typically described by a differential equation. Hybrid dynamical systems or hybrid systems combine both discrete and continuous dynamics. Distributed hybrid systems combine distributed systems with hybrid systems, i.e., they are multiagent hybrid systems that interact through remote communication or physical interaction. Stochastic hybrid systems combine stochastic
Towards Formal Verification of Freeway Traffic Control
"... Abstract—We study how CPS technology can help improve freeway traffic by combining local car GPS positioning, traffic center control decisions, and communication to achieve more tightly coupled feedback control in intelligent speed adaptation. We develop models for an intelligent speed adaptation th ..."
Abstract

Cited by 10 (8 self)
 Add to MetaCart
(Show Context)
Abstract—We study how CPS technology can help improve freeway traffic by combining local car GPS positioning, traffic center control decisions, and communication to achieve more tightly coupled feedback control in intelligent speed adaptation. We develop models for an intelligent speed adaptation that respects variable speed limit control and incident management. We identify safe ranges for crucial design parameters in these systems and, using the theorem prover KeYmaera, formally verify safety of the resulting CPS models. Finally, we show how those parameter ranges can be used to decide tradeoffs for practical system implementations even for design parameters that are not modeled formally. Index Terms—Freeway traffic control, intelligent speed adaptation, hybrid system I.
Using theorem provers to guarantee closedloop system properties
 In ACC
, 2012
"... Abstract — This paper presents a new approach for leveraging the power of theorem provers for formal verification to provide sufficient conditions that can be checked on embedded control designs. Theorem provers are often most efficient when using generic models that abstract away many of the contro ..."
Abstract

Cited by 7 (5 self)
 Add to MetaCart
(Show Context)
Abstract — This paper presents a new approach for leveraging the power of theorem provers for formal verification to provide sufficient conditions that can be checked on embedded control designs. Theorem provers are often most efficient when using generic models that abstract away many of the controller details, but with these abstract models very general conditions can be verified under which desirable properties such as safety can be guaranteed for the closedloop system. We propose an approach in which these sufficient conditions are static conditions that can be checked for the specific controller design, without having to include the dynamics of the plant. We demonstrate this approach using the KeYmaera theorem prover for differential dynamic logic for two examples: an intelligent cruise controller and a cooperative intersection collision avoidance system (CICAS) for leftturn assist. In each case, safety of the closedloop system proved using KeYmaera provides static sufficient conditions that are checked for the controller design. I.
Distributed Theorem Proving for Distributed Hybrid Systems ⋆
"... Abstract. Distributed hybrid systems present extraordinarily challenging problems for verification. On top of the notorious difficulties associated with distributed systems, they also exhibit continuous dynamics described by quantified differential equations. All serious proofs rely on decision proc ..."
Abstract

Cited by 7 (5 self)
 Add to MetaCart
(Show Context)
Abstract. Distributed hybrid systems present extraordinarily challenging problems for verification. On top of the notorious difficulties associated with distributed systems, they also exhibit continuous dynamics described by quantified differential equations. All serious proofs rely on decision procedures for real arithmetic, which can be extremely expensive. Quantified Differential Dynamic Logic (QdL) has been identified as a promising approach for getting a handle in this domain. QdL has been proved to be complete relative to quantified differential equations. But important questions remain as to how best to translate this theoretical result into practice: how do we succinctly specify a proof search strategy, and how do we control the computational cost? We address the problem of automated theorem proving for distributed hybrid systems. We identify a simple mode of use of QdL that cuts down on the enormous number of choices that it otherwise allows during proof search. We have designed a powerful strategy and tactics language for directing proof search. With these techniques, we have implemented a new automated theorem prover called KeYmaeraD. To overcome the high computational complexity of distributed hybrid systems verification, KeYmaeraD uses a distributed proving backend. We have experimentally observed that calls to the real arithmetic decision procedure can effectively be made in parallel. In this paper, we demonstrate these findings through an extended case study where we prove absence of collisions in a distributed car control system with a varying number of arbitrarily many cars. 1
SetBased Computation of Vehicle Behaviors for the Online Verification of Autonomous Vehicles
"... Abstract — We compute the set of all possible behaviors of an autonomous vehicle using reachability analysis. A reachable set is the set of states a system can possibly reach for a given set of initial states, disturbances, and sensor noise values. We consider autonomous vehicles which plan trajecto ..."
Abstract

Cited by 6 (5 self)
 Add to MetaCart
(Show Context)
Abstract — We compute the set of all possible behaviors of an autonomous vehicle using reachability analysis. A reachable set is the set of states a system can possibly reach for a given set of initial states, disturbances, and sensor noise values. We consider autonomous vehicles which plan trajectories for a certain lookahead horizon which are followed using feedback control. While a perfectly followed trajectory might not violate specified safety properties (e.g. lane departures or vehicle collisions), there might exist a violating deviation from the planned trajectory. Given the mathematical model of the controlled vehicle and bounds on uncertainty, our approach detects any possible violation. In addition, the approach provides results faster than real time such that maneuvers of vehicles can be checked before they are fully executed. I.
A small model theorem for rectangular hybrid automata networks
 In FORTE/FMOODS, H. Giese and
, 2012
"... Abstract. Rectangular hybrid automata (RHA) are finite state machines with additional skewed clocks that are useful for modeling realtime systems. This paper is concerned with the uniform verification of safety properties of networks with arbitrarily many interacting RHAs. Each automaton is equipp ..."
Abstract

Cited by 6 (3 self)
 Add to MetaCart
(Show Context)
Abstract. Rectangular hybrid automata (RHA) are finite state machines with additional skewed clocks that are useful for modeling realtime systems. This paper is concerned with the uniform verification of safety properties of networks with arbitrarily many interacting RHAs. Each automaton is equipped with a finite collection of pointers to other automata that enables it to read their state. This paper presents a small model result for such networks that reduces the verification problem for a system with arbitrarily many processes to a system with finitely many processes. The result is applied to verify and discover counterexamples of inductive invariant properties for distributed protocols like Fischer’s mutual exclusion algorithm and the Small Aircraft Transportation System (SATS). We have implemented a prototype tool called Passel relying on the satisfiability modulo theories (SMT) solver Z3 to check inductive invariants automatically.
Safe Intersections: At the Crossing of Hybrid Systems and Verification
"... Abstract — Intelligent vehicle systems have interesting prospects for solving inefficiencies and risks in ground transportation, e.g., by making cars aware of their environment and regulating speed intelligently. If the computer control technology reacts fast enough, intelligent control can be used ..."
Abstract

Cited by 5 (4 self)
 Add to MetaCart
(Show Context)
Abstract — Intelligent vehicle systems have interesting prospects for solving inefficiencies and risks in ground transportation, e.g., by making cars aware of their environment and regulating speed intelligently. If the computer control technology reacts fast enough, intelligent control can be used to increase the density of cars on the streets. The technology may also help prevent crashes at intersections, which cost the US $97 Billion in the year 2000. The crucial prerequisite for intelligent vehicle control, however, is that it must be correct, for it may otherwise do more harm than good. Formal verification techniques provide the best reliability guarantees but have had difficulties in the past with scaling to such complex systems. We report our successes with a logical approach to hybrid systems verification, which can capture discrete control decisions and continuous driving dynamics. We present a model for the interaction of two cars and a traffic light at a two lane intersection and verify with a formal proof that our system always ensures collision freedom and that our controller always prevents cars from running red lights. I.
Formal Verification of Distributed Aircraft Controllers ∗
"... As airspace becomes ever more crowded, air traffic management must reduce both space and time between aircraft to increase throughput, making onboard collision avoidance systems ever more important. These safetycritical systems must be extremely reliable, and as such, many resources are invested i ..."
Abstract

Cited by 5 (5 self)
 Add to MetaCart
(Show Context)
As airspace becomes ever more crowded, air traffic management must reduce both space and time between aircraft to increase throughput, making onboard collision avoidance systems ever more important. These safetycritical systems must be extremely reliable, and as such, many resources are invested into ensuring that the protocols they implement are accurate. Still, it is challenging to guarantee that such a controller works properly under every circumstance. In tough scenarios where a large number of aircraft must execute a collision avoidance maneuver, a human pilot under stress is not necessarily able to understand the complexity of the distributed system and may not take the right course, especially if actions must be taken quickly. We consider a class of distributed collision avoidance controllers designed to work even in environments with arbitrarily many aircraft or UAVs. We prove that the controllers never allow the aircraft to get too close to one another, even when new planes approach an inprogress avoidance maneuver that the new plane may not be aware of. Because these safety guarantees always hold, the aircraft are protected against unexpected emergent behavior which simulation and testing may miss. This is an important step in formally verified, flyable, and distributed air traffic control.
Online Verification of Automated Road Vehicles Using Reachability Analysis
"... Abstract—An approach for formally verifying the safety of automated vehicles is proposed. Due to the uniqueness of each traffic situation, we verify safety online, i.e., during the operation of the vehicle. The verification is performed by predicting the set of all possible occupancies of the automa ..."
Abstract

Cited by 5 (5 self)
 Add to MetaCart
(Show Context)
Abstract—An approach for formally verifying the safety of automated vehicles is proposed. Due to the uniqueness of each traffic situation, we verify safety online, i.e., during the operation of the vehicle. The verification is performed by predicting the set of all possible occupancies of the automated vehicle and other traffic participants on the road. In order to capture all possible future scenarios, we apply reachability analysis to consider all possible behaviors of mathematical models considering uncertain inputs (e.g. sensor noise, disturbances) and partially unknown initial states. Safety is guaranteed with respect to the modeled uncertainties and behaviors if the occupancy of the automated vehicle does not intersect that of other traffic participants for all times. The applicability of the approach is demonstrated by test drives with an automated vehicle of the Robotics Institute at Carnegie Mellon University. Index Terms—Formal verification, reachability analysis, automated vehicles, autonomous cars, setbased computation. I.