Results 1  10
of
88
Formal verification of hybrid systems
, 2011
"... In formal verification, a designer first constructs a model, with mathematically precise semantics, of the system under design, and performs extensive analysis with respect to correctness requirements. The appropriate mathematical model for embedded control systems is hybrid systems that combines th ..."
Abstract

Cited by 34 (0 self)
 Add to MetaCart
(Show Context)
In formal verification, a designer first constructs a model, with mathematically precise semantics, of the system under design, and performs extensive analysis with respect to correctness requirements. The appropriate mathematical model for embedded control systems is hybrid systems that combines the traditional statemachine based models for discrete control with classical differentialequations based models for continuously evolving physical activities. In this article, we briefly review selected existing approaches to formal verification of hybrid systems, along with directions for future research.
Flow*: An Analyzer for NonLinear Hybrid Systems
"... Abstract. The tool FLOW * performs Taylor modelbased flowpipe construction for nonlinear (polynomial) hybrid systems. FLOW * combines wellknown Taylor model arithmetic techniques for guaranteed approximations of the continuous dynamics in each mode with a combination of approaches for handling mo ..."
Abstract

Cited by 23 (2 self)
 Add to MetaCart
(Show Context)
Abstract. The tool FLOW * performs Taylor modelbased flowpipe construction for nonlinear (polynomial) hybrid systems. FLOW * combines wellknown Taylor model arithmetic techniques for guaranteed approximations of the continuous dynamics in each mode with a combination of approaches for handling mode invariants and discrete transitions. FLOW * supports a wide variety of optimizations including adaptive step sizes, adaptive selection of approximation orders and the heuristic selection of template directions for aggregating flowpipes. This paper describes FLOW * and demonstrates its performance on a series of nonlinear continuous and hybrid system benchmarks. Our comparisons show that FLOW * is competitive with other tools. 1 Overview of FLOW* In this paper, we present the FLOW * tool to generate flowpipes for nonlinear hybrid systems using Taylor Models (TMs). TMs were originally proposed by Berz and Makino [1] to represent functions by means of higherorder Taylor polynomial expansions, bloated by an interval to represent the approximation error. TMs support
Logics of Dynamical Systems
"... We study the logic of dynamical systems, that is, logics and proof principles for properties of dynamical systems. Dynamical systems are mathematical models describing how the state of a system evolves over time. They are important in modeling and understanding many applications, including embedded ..."
Abstract

Cited by 18 (17 self)
 Add to MetaCart
We study the logic of dynamical systems, that is, logics and proof principles for properties of dynamical systems. Dynamical systems are mathematical models describing how the state of a system evolves over time. They are important in modeling and understanding many applications, including embedded systems and cyberphysical systems. In discrete dynamical systems, the state evolves in discrete steps, one step at a time, as described by a difference equation or discrete state transition relation. In continuous dynamical systems, the state evolves continuously along a function, typically described by a differential equation. Hybrid dynamical systems or hybrid systems combine both discrete and continuous dynamics. Distributed hybrid systems combine distributed systems with hybrid systems, i.e., they are multiagent hybrid systems that interact through remote communication or physical interaction. Stochastic hybrid systems combine stochastic
Probabilistic Temporal Logic Falsification of CyberPhysical Systems
"... We present a MonteCarlo optimization technique for finding system behaviors that falsify a Metric Temporal Logic (MTL) property. Our approach performs a random walk over the space of system inputs guided by a robustness metric defined by the MTL property. Robustness is guiding the search for a fals ..."
Abstract

Cited by 14 (12 self)
 Add to MetaCart
(Show Context)
We present a MonteCarlo optimization technique for finding system behaviors that falsify a Metric Temporal Logic (MTL) property. Our approach performs a random walk over the space of system inputs guided by a robustness metric defined by the MTL property. Robustness is guiding the search for a falsifying behavior by exploring trajectories with smaller robustness values. The resulting testing framework can be applied to a wide class of CyberPhysical Systems (CPS). We show through experiments on complex system models that using our framework can help automatically falsify properties with more consistency as compared to other means such as uniform sampling.
Avoiding geometric intersection operations in reachability analysis of hybrid systems
 In Hybrid Systems: Computation and Control
, 2012
"... Although a growing number of dynamical systems studied in various fields are hybrid in nature, the verification of properties, such as stability, safety, etc., is still a challenging problem. Reachability analysis is one of the promising methods for hybrid system verification, which together with ..."
Abstract

Cited by 11 (6 self)
 Add to MetaCart
(Show Context)
Although a growing number of dynamical systems studied in various fields are hybrid in nature, the verification of properties, such as stability, safety, etc., is still a challenging problem. Reachability analysis is one of the promising methods for hybrid system verification, which together with all other verification techniques faces the challenge of making the analysis scale with respect to the number of continuous state variables. The bottleneck of many reachability analysis techniques for hybrid systems is the geometrically computed intersection with guard sets. In this work, we replace the intersection operation by a nonlinear mapping onto the guard, which is not only numerically stable, but also scalable, making it possible to verify systems which were previously out of reach. The approach can be applied to the fairly common class of hybrid systems with piecewise continuous solutions, guard sets modeled as halfspaces, and urgent semantics, i.e. discrete transitions are immediately taken when enabled by guard sets. We demonstrate the usefulness of the new approach by a mechanical system with backlash which has 101 continuous state variables.
HybridSAL Relational Abstracter
"... Abstract. In this paper, we present the HybridSAL relational abstracter – a tool for verifying continuous and hybrid dynamical systems. The input to the tool is a model of a hybrid dynamical system and a safety property. The output of the tool is a discrete state transition system and a safety prope ..."
Abstract

Cited by 11 (3 self)
 Add to MetaCart
(Show Context)
Abstract. In this paper, we present the HybridSAL relational abstracter – a tool for verifying continuous and hybrid dynamical systems. The input to the tool is a model of a hybrid dynamical system and a safety property. The output of the tool is a discrete state transition system and a safety property. The correctness guarantee provided by the tool is that if the output property holds for the output discrete system, then the input property holds for the input hybrid system. The input is in HybridSal input language and the output is in SAL syntax. The SAL model can be verified using the SAL tool suite. This paper describes the HybridSAL relational abstracter – the algorithms it implements, its input, its strength and weaknesses, and its use for verification using the SAL infinite bounded model checker and kinduction prover. 1
Formal verification of phase locked loops using reachability analysis and continuization,”
 in Proceedings of the IEEE/ACM International Conference on ComputerAided Design (ICCAD),
, 2011
"... Abstract We present a scalable and formal technique to verify locking time and stability for chargepump phaselocked loops (PLLs). In contrast to the traditional simulation approach that only validates the PLL at a given operation condition, our proposed technique formally verified the PLL at all ..."
Abstract

Cited by 9 (3 self)
 Add to MetaCart
(Show Context)
Abstract We present a scalable and formal technique to verify locking time and stability for chargepump phaselocked loops (PLLs). In contrast to the traditional simulation approach that only validates the PLL at a given operation condition, our proposed technique formally verified the PLL at all possible operation conditions. The dynamics of the PLL is described by a hybrid automaton, which incorporates the differential equations of the analog circuit elements as well as the switching logic of the digital circuit elements. Existing methods for computing reachable sets for hybrid automata cannot be used to verify the PLL model due to the large number of cycles required for locking. We develop a new method for computing effective overapproximations of the sets of states reached on each cycle by using uncertain parameters in a discretetime model to represent the range of possible switching times, a technique we call continuization. Using this new method for reachability analysis, it is possible to verify locking specifications for a chargepump PLL design for all possible initial states and parameter values in time comparable to the time required for a few simulation runs of the same behavioral model. intRoDuCtion In the standard design flow for analog mixed signal (AMS) circuits, the complete circuit is decomposed into its principal elements or blocks, which are first analyzed and designed using idealized loworder behavioral models. Detailed circuitlevel designs are implemented only after the performance specifications have been verified at the block level over the required range of parameter variations and operating conditions. The goal is to create robust designs to avoid costly redesign cycles in the downstream process. Because of the complexity of the mixed continuous and discrete (i.e., hybrid) AMS dynamics, there are no analytical techniques to verify a given design satisfies the circuit specifications, even for the simplified blocklevel behavioral models. Thus, numerical simulation has been the standard tool for evaluating the performance of behavioral models. Simulation is not completely satisfactory, however, because each simulation run represents the behavior for only one set of values for the initial states and parameters, so many simulations are required to assess the robustness of the design. Moreover, some specifications can be verified only after simulations have run for very long durations, and some specifications such
Powertrain Control Verification Benchmark
 In Proc. of Hybrid Systems: Computation and Control
, 2014
"... Industrial control systems are often hybrid systems that are required to satisfy strict performance requirements. Verifying designs against requirements is a difficult task, and there is a lack of suitable open benchmark models to assess, evaluate, and compare tools and techniques. Benchmark mode ..."
Abstract

Cited by 9 (4 self)
 Add to MetaCart
(Show Context)
Industrial control systems are often hybrid systems that are required to satisfy strict performance requirements. Verifying designs against requirements is a difficult task, and there is a lack of suitable open benchmark models to assess, evaluate, and compare tools and techniques. Benchmark models can be valuable for the hybrid systems research community, as they can communicate the nature and complexity of the problems facing industrial practitioners. We present a collection of benchmark problems from the automotive powertrain control domain that are focused on verification for hybrid systems; the problems are intended to challenge the research community while maintaining a manageable scale. We present three models of a fuel control system, each with a unique level of complexity, along with representative requirements in signal temporal logic (STL). We provide results obtained by applying a state of the art analysis tool to these models, and finally, we discuss challenge problems for the research community.
Enclosing temporal evolution of dynamical systems using numerical methods. under submission
 In RSP. IEEE
, 2012
"... Abstract. Numerical methods are necessary to understand the behaviors of complex hybrid systems used to design controlcommand systems. Especially, numerical integration methods are heavily used in simulation to compute approximations of the solution of differential equations, including nonlinear a ..."
Abstract

Cited by 7 (2 self)
 Add to MetaCart
(Show Context)
Abstract. Numerical methods are necessary to understand the behaviors of complex hybrid systems used to design controlcommand systems. Especially, numerical integration methods are heavily used in simulation to compute approximations of the solution of differential equations, including nonlinear and stiff solutions. Nevertheless, these methods only produce approximate results and they should not be used in formal verification methods as is. We propose a systematic way to make explicit RungeKutta integration method safe with respect to the mathematical solution. As side effect, we can hence compare different integration schemes in order to pick the right one in different situations. 1
Taylor Model Flowpipe Construction for Nonlinear Hybrid Systems
"... Abstract—We propose an approach for verifying nonlinear hybrid systems using higherorder Taylor models that are a combination of bounded degree polynomials over the initial conditions and time, bloated by an interval. Taylor models are an effective means for computing rigorous bounds on the comple ..."
Abstract

Cited by 7 (0 self)
 Add to MetaCart
(Show Context)
Abstract—We propose an approach for verifying nonlinear hybrid systems using higherorder Taylor models that are a combination of bounded degree polynomials over the initial conditions and time, bloated by an interval. Taylor models are an effective means for computing rigorous bounds on the complex time trajectories of nonlinear differential equations. As a result, Taylor models have been successfully used to verify properties of nonlinear continuous systems. However, the handling of discrete (controller) transitions remains a challenging problem. In this paper, we provide techniques for handling the effect of discrete transitions on Taylor model flowpipe construction. We explore various solutions based on two ideas: domain contraction and range overapproximation. Instead of explicitly computing the intersection of a Taylor model with a guard set, domain contraction makes the domain of a Taylor model smaller by cutting away parts for which the intersection is empty. It is complemented by range overapproximation that translates Taylor models into commonly used representations such as template polyhedra or zonotopes, on which intersections with guard sets have been previously studied. We provide an implementation of the techniques described in the paper and evaluate the various design choices over a set of challenging benchmarks. I.