Results 1  10
of
42
Robustness of Temporal Logic Specifications for ContinuousTime Signals
, 2009
"... In this paper, we consider the robust interpretation of Metric Temporal Logic (MTL) formulas over signals that take values in metric spaces. For such signals, which are generated by systems whose states are equipped with nontrivial metrics, for example continuous or hybrid, robustness is not only na ..."
Abstract

Cited by 42 (18 self)
 Add to MetaCart
In this paper, we consider the robust interpretation of Metric Temporal Logic (MTL) formulas over signals that take values in metric spaces. For such signals, which are generated by systems whose states are equipped with nontrivial metrics, for example continuous or hybrid, robustness is not only natural, but also a critical measure of system performance. Thus, we propose multivalued semantics for MTL formulas, which capture not only the usual Boolean satisfiability of the formula, but also topological information regarding the distance, ε, from unsatisfiability. We prove that any other signal that remains εclose to the initial one also satisfies the same MTL specification under the usual Boolean semantics. Finally, our framework is applied to the problem of testing formulas of two fragments of MTL, namely Metric Interval Temporal Logic (MITL) and closed Metric Temporal Logic (clMTL), over continuoustime signals using only discretetime analysis. The motivating idea behind our approach is that if the continuoustime signal fulfills certain conditions and the discrete time signal robustly satisfies the temporal logic specification, then the corresponding continuoustime signal should also satisfy the same temporal logic specification.
Symbolic analysis for improving simulation coverage of simulink/stateflow models
 in EMSOFT ’08: Proceedings of the 8th ACM international conference on Embedded software, 2008
"... Aimed at verifying safety properties and improving simulation coverage for hybrid systems models of embedded control software, we propose a technique that combines numerical simulation and symbolic methods for computing statesets. We consider systems with linear dynamics described in the commercial ..."
Abstract

Cited by 37 (4 self)
 Add to MetaCart
(Show Context)
Aimed at verifying safety properties and improving simulation coverage for hybrid systems models of embedded control software, we propose a technique that combines numerical simulation and symbolic methods for computing statesets. We consider systems with linear dynamics described in the commercial modeling tool Simulink/Stateflow. Given an initial state x, and a discretetime simulation trajectory, our method computes a set of initial states that are guaranteed to be equivalent to x, where two initial states are considered to be equivalent if the resulting simulation trajectories contain the same discrete components at each step of the simulation. We illustrate the benefits of our method on two case studies. One case study is a benchmark proposed in the literature for hybrid systems verification and another is a Simulink demo model from Mathworks.
Formal verification of hybrid systems
, 2011
"... In formal verification, a designer first constructs a model, with mathematically precise semantics, of the system under design, and performs extensive analysis with respect to correctness requirements. The appropriate mathematical model for embedded control systems is hybrid systems that combines th ..."
Abstract

Cited by 34 (0 self)
 Add to MetaCart
(Show Context)
In formal verification, a designer first constructs a model, with mathematically precise semantics, of the system under design, and performs extensive analysis with respect to correctness requirements. The appropriate mathematical model for embedded control systems is hybrid systems that combines the traditional statemachine based models for discrete control with classical differentialequations based models for continuously evolving physical activities. In this article, we briefly review selected existing approaches to formal verification of hybrid systems, along with directions for future research.
Reachability Analysis of Nonlinear Systems with Uncertain Parameters using Conservative Linearization
"... Given an initial set of a nonlinear system with uncertain parameters and inputs, the set of states that can possibly be reached is computed. The approach is based on local linearizations of the nonlinear system, while linearization errors are considered by Lagrange remainders. These errors are adde ..."
Abstract

Cited by 33 (15 self)
 Add to MetaCart
Given an initial set of a nonlinear system with uncertain parameters and inputs, the set of states that can possibly be reached is computed. The approach is based on local linearizations of the nonlinear system, while linearization errors are considered by Lagrange remainders. These errors are added as uncertain inputs, such that the reachable set of the locally linearized system encloses the one of the original system. The linearization error is controlled by splitting of reachable sets. Reachable sets are represented by zonotopes, allowing an efficient computation in relatively highdimensional space.
Falsification of LTL Safety Properties in Hybrid Systems
"... This paper develops a novel computational method for the falsification of safety properties specified by syntactically safe linear temporal logic (LTL) formulas φ for hybrid systems with general nonlinear dynamics and input controls. The method is based on an effective combination of robot motion p ..."
Abstract

Cited by 21 (6 self)
 Add to MetaCart
(Show Context)
This paper develops a novel computational method for the falsification of safety properties specified by syntactically safe linear temporal logic (LTL) formulas φ for hybrid systems with general nonlinear dynamics and input controls. The method is based on an effective combination of robot motion planning and model checking. Experiments on a hybrid robotic system benchmark with nonlinear dynamics show significant speedup over related work. The experiments also indicate significant speedup when using minimized DFA instead of nonminimized NFA, as obtained by standard tools, for representing the violating prefixes of φ.
Generating and Analyzing Symbolic Traces of Simulink/Stateflow Models
"... Abstract. We present a methodology and a toolkit for improving simulation coverage of Simulink/Stateflow models of hybrid systems using symbolic analysis of simulation traces. We propose a novel instrumentation scheme that allows the simulation engine of Simulink/Stateflow to output, along with the ..."
Abstract

Cited by 18 (3 self)
 Add to MetaCart
(Show Context)
Abstract. We present a methodology and a toolkit for improving simulation coverage of Simulink/Stateflow models of hybrid systems using symbolic analysis of simulation traces. We propose a novel instrumentation scheme that allows the simulation engine of Simulink/Stateflow to output, along with the concrete simulation trace, the symbolic transformers needed for our analysis. Given a simulation trace, along with the symbolic transformers, our analysis computes a set of initial states that would lead to traces with the same sequence of discrete components at each step of the simulation. Such an analysis relies critically on the use of convex polyhedra to represent sets of states. However, the exponential complexity of the polyhedral operations implies that the performance of the analysis would degrade rapidly with the increasing size of the model and the simulation traces. We propose a new representation, called the bounded vertex representation, which allows us to perform underapproximate computations while fixing the complexity of the representation a priori. Using this representation we achieve a tradeoff between the complexity of the symbolic computation and the quality of the underapproximation. We demonstrate the benefits of our approach over existing simulation and verification methods with case studies. 1
Verification of Supervisory Control Software Using State Proximity and Merging
 In Submitted to the 11th International Workshop on Hybrid Systems: Computation and Control
, 2008
"... Abstract. This paper describes an approach for boundedtime verification of safety properties of supervisory control software interacting with a continuoustime plant. A combination of software Model Checking and numerical simulation is used to compute a conservative approximation of the reachable s ..."
Abstract

Cited by 17 (2 self)
 Add to MetaCart
(Show Context)
Abstract. This paper describes an approach for boundedtime verification of safety properties of supervisory control software interacting with a continuoustime plant. A combination of software Model Checking and numerical simulation is used to compute a conservative approximation of the reachable states. The technique verifies system properties in the presence of nondeterministic behavior in the software due to, for instance, interleaving of tasks. A notion of program equivalence is used to characterize the behaviors of the controller, and the bisimulation functions of Girard and Pappas are employed to characterize the behaviors of the plant. These notions are used to compute sets of plant states around a trace that are guaranteed to be safe. These sets are determined by a backward analysis that starts from the end of a trace and propagates the safe sets towards the initial states. By using these safe sets, the approach can conservatively merge traces that reach states that are in proximity to each other. The technique has been implemented for the case of affine plant dynamics, which allow efficient operations on ellipsoidal sets based on convex optimizations involving linear matrix inequalities (LMIs). We present an illustrative example for a model of the position controller of an unmanned aerial vehicle (UAV). 1
Computing Reachable Sets of Hybrid Systems Using a Combination of Zonotopes and Polytopes
, 2009
"... The computation of reachable sets for hybrid systems with linear continuous dynamics is addressed. Zonotopes are used for the representation of reachable sets, resulting in an algorithm with low computational complexity with respect to the dimension of the considered system. However, zonotopes have ..."
Abstract

Cited by 15 (3 self)
 Add to MetaCart
(Show Context)
The computation of reachable sets for hybrid systems with linear continuous dynamics is addressed. Zonotopes are used for the representation of reachable sets, resulting in an algorithm with low computational complexity with respect to the dimension of the considered system. However, zonotopes have drawbacks when being intersected with transition guards which determine the discrete behavior of the hybrid system. For this reason, in the proposed approach, reachable sets are represented by polytopes within guard sets as an intermediate step in order to enclose them by zonotopes afterwards. Different methods for the conservative conversion from zonotopes to polytopes and vice versa are proposed and numerically evaluated.
Probabilistic Temporal Logic Falsification of CyberPhysical Systems
"... We present a MonteCarlo optimization technique for finding system behaviors that falsify a Metric Temporal Logic (MTL) property. Our approach performs a random walk over the space of system inputs guided by a robustness metric defined by the MTL property. Robustness is guiding the search for a fals ..."
Abstract

Cited by 14 (12 self)
 Add to MetaCart
(Show Context)
We present a MonteCarlo optimization technique for finding system behaviors that falsify a Metric Temporal Logic (MTL) property. Our approach performs a random walk over the space of system inputs guided by a robustness metric defined by the MTL property. Robustness is guiding the search for a falsifying behavior by exploring trajectories with smaller robustness values. The resulting testing framework can be applied to a wide class of CyberPhysical Systems (CPS). We show through experiments on complex system models that using our framework can help automatically falsify properties with more consistency as compared to other means such as uniform sampling.
Fainekos, “Falsification of temporal properties of hybrid systems using the crossentropy method
 in HSCC. ACM
"... Randomized testing is a popular approach for checking properties of large embedded system designs. It is well known that a uniform random choice of test inputs is often suboptimal. Ideally, the choice of inputs has to be guided by choosing the right input distributions in order to expose cornercas ..."
Abstract

Cited by 12 (5 self)
 Add to MetaCart
(Show Context)
Randomized testing is a popular approach for checking properties of large embedded system designs. It is well known that a uniform random choice of test inputs is often suboptimal. Ideally, the choice of inputs has to be guided by choosing the right input distributions in order to expose cornercase violations. However, this is also known to be a hard problem, in practice. In this paper, we present an application of the crossentropy method for adaptively choosing input distributions for falsifying temporal logic properties of hybrid systems. We present various choices for representing input distribution families for the crossentropy method, ranging from a complete partitioning of the input space into cells to a factored distribution of the input using graphical models. Finally, we experimentally compare the falsification approach using the crossentropy method to other stochastic and heuristic optimization techniques implemented inside the tool STaliro over a set of benchmark systems. The performance of the cross entropy method is quite promising. We find that sampling inputs using the crossentropy method guided by trace robustness can discover violations faster, and more consistently than the other competing methods considered.