Results 1  10
of
37
Computing differential invariants of hybrid systems as fixedpoints
, 2008
"... Abstract. We introduce a fixedpoint algorithm for verifying safety properties of hybrid systems with differential equations whose righthand sides are polynomials in the state variables. In order to verify nontrivial systems without solving their differential equations and without numerical errors, ..."
Abstract

Cited by 58 (21 self)
 Add to MetaCart
Abstract. We introduce a fixedpoint algorithm for verifying safety properties of hybrid systems with differential equations whose righthand sides are polynomials in the state variables. In order to verify nontrivial systems without solving their differential equations and without numerical errors, we use a continuous generalization of induction, for which our algorithm computes the required differential invariants. As a means for combining local differential invariants into global system invariants in a sound way, our fixedpoint algorithm works with a compositional verification logic for hybrid systems. To improve the verification power, we further introduce a saturation procedure that refines the system dynamics successively with differential invariants until safety becomes provable. By complementing our symbolic verification algorithm with a robust version of numerical falsification, we obtain a fast and sound verification procedure. We verify roundabout maneuvers in air traffic management and collision avoidance in train control.
Symbolic analysis for improving simulation coverage of simulink/stateflow models
 in EMSOFT ’08: Proceedings of the 8th ACM international conference on Embedded software, 2008
"... Aimed at verifying safety properties and improving simulation coverage for hybrid systems models of embedded control software, we propose a technique that combines numerical simulation and symbolic methods for computing statesets. We consider systems with linear dynamics described in the commercial ..."
Abstract

Cited by 37 (4 self)
 Add to MetaCart
(Show Context)
Aimed at verifying safety properties and improving simulation coverage for hybrid systems models of embedded control software, we propose a technique that combines numerical simulation and symbolic methods for computing statesets. We consider systems with linear dynamics described in the commercial modeling tool Simulink/Stateflow. Given an initial state x, and a discretetime simulation trajectory, our method computes a set of initial states that are guaranteed to be equivalent to x, where two initial states are considered to be equivalent if the resulting simulation trajectories contain the same discrete components at each step of the simulation. We illustrate the benefits of our method on two case studies. One case study is a benchmark proposed in the literature for hybrid systems verification and another is a Simulink demo model from Mathworks.
Formal verification of hybrid systems
, 2011
"... In formal verification, a designer first constructs a model, with mathematically precise semantics, of the system under design, and performs extensive analysis with respect to correctness requirements. The appropriate mathematical model for embedded control systems is hybrid systems that combines th ..."
Abstract

Cited by 34 (0 self)
 Add to MetaCart
(Show Context)
In formal verification, a designer first constructs a model, with mathematically precise semantics, of the system under design, and performs extensive analysis with respect to correctness requirements. The appropriate mathematical model for embedded control systems is hybrid systems that combines the traditional statemachine based models for discrete control with classical differentialequations based models for continuously evolving physical activities. In this article, we briefly review selected existing approaches to formal verification of hybrid systems, along with directions for future research.
Robust Satisfaction of Temporal Logic over RealValued Signals
"... Abstract. We consider temporal logic formulae specifying constraints in continuous time and space on the behaviors of continuous and hybrid dynamical system admitting uncertain parameters. We present several variants of robustness measures that indicate how far a given trajectory stands, in space an ..."
Abstract

Cited by 31 (7 self)
 Add to MetaCart
(Show Context)
Abstract. We consider temporal logic formulae specifying constraints in continuous time and space on the behaviors of continuous and hybrid dynamical system admitting uncertain parameters. We present several variants of robustness measures that indicate how far a given trajectory stands, in space and time, from satisfying or violating a property. We present a method to compute these robustness measures as well as their sensitivity to the parameters of the system or parameters appearing in the formula. Combined with an appropriate strategy for exploring the parameter space, this technique can be used to guide simulationbased verification of complex nonlinear and hybrid systems against temporal properties. Our methodology can be used for other nontraditional applications of temporal logic such as characterizing subsets of the parameter space for which a system is guaranteed to satisfy a formula with a desired robustness degree. 1
Analog/MixedSignal Circuit Verification Using Models Generated from Simulation Traces ⋆
"... Abstract. Formal and semiformal verification of analog/mixedsignal circuits is complicated by the difficulty of obtaining circuit models suitable for analysis. We propose a method to generate a formal model from simulation traces. The resulting model is conservative in that it includes all of the ..."
Abstract

Cited by 22 (6 self)
 Add to MetaCart
(Show Context)
Abstract. Formal and semiformal verification of analog/mixedsignal circuits is complicated by the difficulty of obtaining circuit models suitable for analysis. We propose a method to generate a formal model from simulation traces. The resulting model is conservative in that it includes all of the original simulation traces used to generate it plus additional behavior. Information obtained during the model generation process can also be used to refine the simulation and verification process. 1
Generating and Analyzing Symbolic Traces of Simulink/Stateflow Models
"... Abstract. We present a methodology and a toolkit for improving simulation coverage of Simulink/Stateflow models of hybrid systems using symbolic analysis of simulation traces. We propose a novel instrumentation scheme that allows the simulation engine of Simulink/Stateflow to output, along with the ..."
Abstract

Cited by 18 (3 self)
 Add to MetaCart
(Show Context)
Abstract. We present a methodology and a toolkit for improving simulation coverage of Simulink/Stateflow models of hybrid systems using symbolic analysis of simulation traces. We propose a novel instrumentation scheme that allows the simulation engine of Simulink/Stateflow to output, along with the concrete simulation trace, the symbolic transformers needed for our analysis. Given a simulation trace, along with the symbolic transformers, our analysis computes a set of initial states that would lead to traces with the same sequence of discrete components at each step of the simulation. Such an analysis relies critically on the use of convex polyhedra to represent sets of states. However, the exponential complexity of the polyhedral operations implies that the performance of the analysis would degrade rapidly with the increasing size of the model and the simulation traces. We propose a new representation, called the bounded vertex representation, which allows us to perform underapproximate computations while fixing the complexity of the representation a priori. Using this representation we achieve a tradeoff between the complexity of the symbolic computation and the quality of the underapproximation. We demonstrate the benefits of our approach over existing simulation and verification methods with case studies. 1
Verification of Supervisory Control Software Using State Proximity and Merging
 In Submitted to the 11th International Workshop on Hybrid Systems: Computation and Control
, 2008
"... Abstract. This paper describes an approach for boundedtime verification of safety properties of supervisory control software interacting with a continuoustime plant. A combination of software Model Checking and numerical simulation is used to compute a conservative approximation of the reachable s ..."
Abstract

Cited by 17 (2 self)
 Add to MetaCart
(Show Context)
Abstract. This paper describes an approach for boundedtime verification of safety properties of supervisory control software interacting with a continuoustime plant. A combination of software Model Checking and numerical simulation is used to compute a conservative approximation of the reachable states. The technique verifies system properties in the presence of nondeterministic behavior in the software due to, for instance, interleaving of tasks. A notion of program equivalence is used to characterize the behaviors of the controller, and the bisimulation functions of Girard and Pappas are employed to characterize the behaviors of the plant. These notions are used to compute sets of plant states around a trace that are guaranteed to be safe. These sets are determined by a backward analysis that starts from the end of a trace and propagates the safe sets towards the initial states. By using these safe sets, the approach can conservatively merge traces that reach states that are in proximity to each other. The technique has been implemented for the case of affine plant dynamics, which allow efficient operations on ellipsoidal sets based on convex optimizations involving linear matrix inequalities (LMIs). We present an illustrative example for a model of the position controller of an unmanned aerial vehicle (UAV). 1
Computing Reachable Sets of Hybrid Systems Using a Combination of Zonotopes and Polytopes
, 2009
"... The computation of reachable sets for hybrid systems with linear continuous dynamics is addressed. Zonotopes are used for the representation of reachable sets, resulting in an algorithm with low computational complexity with respect to the dimension of the considered system. However, zonotopes have ..."
Abstract

Cited by 15 (3 self)
 Add to MetaCart
(Show Context)
The computation of reachable sets for hybrid systems with linear continuous dynamics is addressed. Zonotopes are used for the representation of reachable sets, resulting in an algorithm with low computational complexity with respect to the dimension of the considered system. However, zonotopes have drawbacks when being intersected with transition guards which determine the discrete behavior of the hybrid system. For this reason, in the proposed approach, reachable sets are represented by polytopes within guard sets as an intermediate step in order to enclose them by zonotopes afterwards. Different methods for the conservative conversion from zonotopes to polytopes and vice versa are proposed and numerically evaluated.
Probabilistic Temporal Logic Falsification of CyberPhysical Systems
"... We present a MonteCarlo optimization technique for finding system behaviors that falsify a Metric Temporal Logic (MTL) property. Our approach performs a random walk over the space of system inputs guided by a robustness metric defined by the MTL property. Robustness is guiding the search for a fals ..."
Abstract

Cited by 14 (12 self)
 Add to MetaCart
(Show Context)
We present a MonteCarlo optimization technique for finding system behaviors that falsify a Metric Temporal Logic (MTL) property. Our approach performs a random walk over the space of system inputs guided by a robustness metric defined by the MTL property. Robustness is guiding the search for a falsifying behavior by exploring trajectories with smaller robustness values. The resulting testing framework can be applied to a wide class of CyberPhysical Systems (CPS). We show through experiments on complex system models that using our framework can help automatically falsify properties with more consistency as compared to other means such as uniform sampling.
Synthesizing Switching Logic for Safety and DwellTime Requirements
"... Cyberphysical systems (CPS) can be usefully modeled as hybrid automata combining the physical dynamics within modes with discrete switching behavior between modes. CPS designs must satisfy safety and performance requirements. While the dynamics within each mode is usually defined by the physical pl ..."
Abstract

Cited by 14 (8 self)
 Add to MetaCart
(Show Context)
Cyberphysical systems (CPS) can be usefully modeled as hybrid automata combining the physical dynamics within modes with discrete switching behavior between modes. CPS designs must satisfy safety and performance requirements. While the dynamics within each mode is usually defined by the physical plant, the tricky design problem often involves getting the switching logic right. In this paper, we present a new approach to assist designers by synthesizing the switching logic, given a partial system model, using a combination of fixpoint computation, numerical simulation, and machine learning. Our technique begins with an overapproximation of the guards on transitions between modes. In successive iterations, the overapproximations are refined by eliminating points that will cause the system to reach unsafe states, and such refinement is performed using numerical simulation and machine learning. In addition to safety requirements, we synthesize models to satisfy dwelltime constraints, which impose upper and/or lower bounds on the amount of time spent within a mode. We demonstrate using case studies that our technique quickly generates intuitive system models and that dwelltime constraints can help to tune the performance of a design. Categories and Subject Descriptors C.3 [SpecialPurpose and ApplicationBased Systems]: Realtime and embedded systems; I.2.2 [Artificial Intelligence]: