1 Compositional Verification of Hybrid Systems Using Simulation Relations Doctorate Defense Goran Frehse Radboud Universiteit, Nijmegen, Oct. 10, 2005.

Slides:

Advertisements

Similar presentations

Copyright 2000 Cadence Design Systems. Permission is granted to reproduce without modification. Introduction An overview of formal methods for hardware.

Advertisements

Hierarchical, distributed and multi-agent control for ATM

1 October 16 th, 2009 Meaning to motion: Transforming specifications to provably-correct control Hadas Kress-Gazit Cornell University George Pappas University.

Introducing Formal Methods, Module 1, Version 1.1, Oct., Formal Specification and Analytical Verification L 5.

Hybrid System Verification Synchronous Workshop 2003 A New Verification Algorithm for Planar Differential Inclusions Gordon Pace University of Malta December.

Timed Automata.

Zonotopes Techniques for Reachability Analysis Antoine Girard Workshop “Topics in Computation and Control” March 27 th 2006, Santa Barbara, CA, USA

Verification of Hybrid Systems An Assessment of Current Techniques Holly Bowen.

Reachability Analysis for AMS Verification using Hybrid Support Function and SMT- based Method Honghuang Lin, Peng Li Dept. of ECE, Texas A&M University.

Aditya Zutshi Sriram Sankaranarayanan Ashish Tiwari TIMED RELATIONAL ABSTRACTIONS FOR SAMPLED DATA CONTROL SYSTEMS.

Combining Symbolic Simulation and Interval Arithmetic for the Verification of AMS Designs Mohamed Zaki, Ghiath Al Sammane, Sofiene Tahar, Guy Bois FMCAD'07.

HSCC 03 MIT LCS Safety Verification of Model Helicopter Controller Using Hybrid Input/Output Automata Sayan Mitra MIT Hybrid Systems: Computation and Control.

CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur

Multiple Shooting, CEGAR-based Falsification for Hybrid Systems

An Introduction to Programming and Object Oriented Design using Java 2 nd Edition. May 2004 Jaime Niño Frederick Hosch Chapter 0 : Introduction to Object.

MaC Monitoring and Checking at Runtime Presented By Usa Sammapun CIS 700 Oct 10, 2005.

1 Formal Models for Stability Analysis : Verifying Average Dwell Time * Sayan Mitra MIT,CSAIL Research Qualifying Exam 20 th December.

1 Stability of Hybrid Automata with Average Dwell Time: An Invariant Approach Daniel Liberzon Coordinated Science Laboratory University of Illinois at.

1 Verification and Synthesis of Hybrid Systems Thao Dang October 10, 2000.

Intelligent Vehicle-Highway Systems

Robust Hybrid and Embedded Systems Design Jerry Ding, Jeremy Gillula, Haomiao Huang, Michael Vitus, and Claire Tomlin MURI Review Meeting Frameworks and.

1 8. Safe Query Languages Safe program – its semantics can be at least partially computed on any valid database input. Safety is tied to program verification,

Automatic Rectangular Refinement of Affine Hybrid Automata Tom Henzinger EPFL Laurent Doyen ULB Jean-François Raskin ULB FORMATS 2005 – Sep 27 th - Uppsala.

Self-Collision Detection and Prevention for Humanoid Robots James Kuffner et al. presented by Jinsung Kwon.

Approximate Abstraction for Verification of Continuous and Hybrid Systems Antoine Girard Guest lecture ESE601: Hybrid Systems 03/22/2006

Design of a Certifiably Dependable Next- Generation Air Transportation System Stephen A. JacklinMichelle M. Eshow Michael R. LowryDave McNally Ewen Denny.

Decentralized Optimization, with application to Multiple Aircraft Coordination Decision Making Under Uncertainty MURI Review, July 2002 Gökhan Inalhan,

©Ian Sommerville 2000Software Engineering, 6/e, Chapter 91 Formal Specification l Techniques for the unambiguous specification of software.

Describing Syntax and Semantics

Router modeling using Ptolemy Xuanming Dong and Amit Mahajan May 15, 2002 EE290N.

Model Checking for Embedded Systems Edmund Clarke, CMU High-Confidence Embedded Systems Workshop, May 1 st.

Antoine Girard VAL-AMS Project Meeting April 2007 Behavioral Metrics for Simulation-based Circuit Validation.

Traffic Alert and Collision Avoidance System TCAS

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 10 Slide 1 Formal Specification.

By D. Beyer et. al. Simon Fraser University (Spring 09) Presentation By: Pashootan Vaezipoor.

TCAS SSGT Hromek. TCAS = Traffic Collision Avoidance System.

1 DISTRIBUTION A. Approved for public release; Distribution unlimited. (Approval AFRL PA # 88ABW , 09 April 2014) Reducing the Wrapping Effect.

ECE 720T5 Winter 2014 Cyber-Physical Systems Rodolfo Pellizzoni.

Pushing the Security Boundaries of Ubiquitous Computing ACSF 2006 —————— 13 th July 2006 —————— David Llewellyn-Jones, Madjid Merabti, Qi Shi, Bob Askwith.

Instructor: Rajeev Alur

Workshop on FORMAL METHODS IN AEROSPACE, Eindhoven,November 3, 2009 Observability and Diagnosability of Hybrid Automata, and their application in Air Traffic.

1 Challenges in the Verification of Pre-Existing Aerospace Systems Jean-Baptiste Jeannin Challenges in the Verification of Pre-Existing Aerospace Systems.

Benjamin Gamble. What is Time?  Can mean many different things to a computer Dynamic Equation Variable System State 2.

Department of Mechanical Engineering The University of Strathclyde, Glasgow Hybrid Systems: Modelling, Analysis and Control Yan Pang Department of Mechanical.

Framework for the Development and Testing of Dependable and Safety-Critical Systems IKTA 065/ Supported by the Information and Communication.

WXGE6103 Software Engineering Process and Practice Formal Specification.

Ecological Interface Design in Aviation Domains Improving Pilot Trust in Automated Collision Detection and Avoidance Advanced Interface Design Laboratory.

Lazy Abstraction Jinseong Jeon ARCS, KAIST CS750b, KAIST2/26 References Lazy Abstraction –Thomas A. Henzinger et al., POPL ’02 Software verification.

Program Development Cycle Modern software developers base many of their techniques on traditional approaches to mathematical problem solving. One such.

Timed I/O Automata: A Mathematical Framework for Modeling and Analyzing Real-Time Systems Frits Vaandrager, University of Nijmegen joint work with Dilsun.

Convergence of Model Checking & Program Analysis Philippe Giabbanelli CMPT 894 – Spring 2008.

Formal Methods in Software Engineering Credit Hours: 3+0 By: Qaisar Javaid Assistant Professor.

CC Kick-Off Meeting Grenoble 24-25/1/2002. CC: Partners VERIMAG (Oded Maler) ETH Zurich (Manfred Morari) Lund (Anders Rantzer) PARADES (Alberto SV) CWI.

Author: Alex Groce, Daniel Kroening, and Flavio Lerda Computer Science Department, Carnegie Mellon University Pittsburgh, PA Source: R. Alur and.

Localization and Register Sharing for Predicate Abstraction Himanshu Jain Franjo Ivančić Aarti Gupta Malay Ganai.

Verification & Validation By: Amir Masoud Gharehbaghi

Hybrid Systems Controller Synthesis Examples EE291E Tomlin/Sastry.

Reachability for Linear Hybrid Automata Using Iterative Relaxation Abstraction Sumit K. Jha, Bruce H. Krogh, James E. Weimer, Edmund M. Clarke Carnegie.

2.8 Two-Variable Inequalities In some situations you need to compare quantities. You can use inequalities for situations that involve these relationships:

ECE/CS 584: Verification of Embedded Computing Systems Model Checking Timed Automata Sayan Mitra Lecture 09.

CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur

Variants of LTL Query Checking Hana ChocklerArie Gurfinkel Ofer Strichman IBM Research SEI Technion Technion - Israel Institute of Technology.

FORMAL METHOD. Formal Method Formal methods are system design techniques that use rigorously specified mathematical models to build software and hardware.

COMPUTER SCIENCE AND AIRPLANES - TRAFFIC COLLISION AVOIDANCE SYSTEM (TCAS) YIXIN ZENG.

Mathematical Models and Proof/Analysis Methods for Timing-Based Systems And… Their Application to Communication, Fault-Tolerant Distributed Computing,

Abstraction and Abstract Interpretation. Abstraction (a simplified view) Abstraction is an effective tool in verification Given a transition system, we.

Formal Specification.

Software Design Methodology

Property Directed Reachability with Word-Level Abstraction

Chapter 0 : Introduction to Object Oriented Design

Presentation transcript:

1 Compositional Verification of Hybrid Systems Using Simulation Relations Doctorate Defense Goran Frehse Radboud Universiteit, Nijmegen, Oct. 10, 2005

2 Example 1: Überlingen, July 1, 2002 Boeing & Tupolew crossing 21:33:03 –Alarm from Collision Avoidance System (TCAS) B TU154M !

3 Example 1: Überlingen, July 1, 2002 Boeing & Tupolew crossing 21:33:03 –Alarm from Collision Avoidance System (TCAS) 21:34:49 –Human controller command B TU154M !

4 Example 1: Überlingen, July 1, 2002 Boeing & Tupolew crossing 21:33:03 –Alarm from Collision Avoidance System (TCAS) 21:34:49 –Human controller command 21:34:56 –TCAS recommendation B TU154M !

5 Example 1: Überlingen, July 1, 2002 Boeing & Tupolew crossing 21:33:03 –Alarm from Collision Avoidance System (TCAS) 21:34:49 –Human controller command 21:34:56 –TCAS recommendation 21:35:32 –Collision B TU154M !

6 ! Example 1: Überlingen, July 1, 2002 Boeing & Tupolew crossing 21:33:03 –Alarm from Collision Avoidance System (TCAS) 21:34:49 –Human controller command 21:34:56 –TCAS recommendation 21:35:32 –Collision Official Recommendation: “pilots are to obey and follow TCAS advisories, regardless of whether contrary instruction is given” Trust a computer!? Official Recommendation: “pilots are to obey and follow TCAS advisories, regardless of whether contrary instruction is given” Trust a computer!? B TU154M

7 Formal Verification Characteristics –mathematical rigour –sound proofs & algorithms Hybrid System –continuous environment –discrete software Problems –only computable for certain types of models –must check all possibilities  computational complexity Solution –abstraction –compositionality Model of Environment Model of Software Precise Specification Hybrid System

8 Formal Verification Characteristics –mathematical rigour –sound proofs & algorithms Hybrid System –continuous environment –discrete software Problems –only computable for certain types of models –must check all possibilities  computational complexity Solution –abstraction –compositionality Model of Environment Model of Software Proof (algorithmic) Precise Specification Hybrid System

9 Formal Verification Characteristics –mathematical rigour –sound proofs & algorithms Hybrid System –continuous environment –discrete software Problems –only computable for certain types of models –must check all possibilities  computational complexity Solution –abstraction –compositionality Model of Environment Model of Software Proof (algorithmic) Guaranteed Correctness Precise Specification Hybrid System TCAS verified in part Livadas, Lygeros, Lynch, ‘00

10 Example 2: Join Manoeuvre [Tomlin et al.] Traffic Coordination Problem –join paths at different speed Goals –avoid collision –join with sufficient separation

11 Example 2: Join Manoeuvre [Tomlin et al.] Traffic Coordination Problem –join paths at different speed Goals –avoid collision –join with sufficient separation Models –Environment: Planes –Software: Controller switches fast/slow Specification –keep min. distance

12 Abstraction and Simulation Relations Goal –check all possibilities Abstraction  simplified model –here: linear bounds on direction disturbances

13 Abstraction and Simulation Relations Goal –check all possibilities Abstraction  simplified model –here: linear bounds on direction –bounds on trajectories bounds on direction original trajectory bounds on trajectories of abstraction disturbances

14 Abstraction and Simulation Relations Goal –check all possibilities Abstraction  simplified model –here: linear bounds on direction –bounds on trajectories Simulation Relation  formal relationship between original and abstraction –everything possible in implementation is also possible in abstraction –specification = abstraction original trajectory bounds on direction bounds on trajectories of abstraction disturbances

15 Compositionality From Components to Systems –Simulation relations must hold after composition Original Plane Abstract Plane satisfies Original Controller Abstract Controller satisfies while active do if altitude > check distance else if speed >= 10 check heading check distance else warning end while while active do check distance end while

16 Compositionality From Components to Systems –Simulation relations must hold after composition Original Controller Original Plane Abstract Plane Abstract Controller Original Plane Abstract Plane satisfies sat. Original Controller Abstract Controller satisfies while active do if altitude > check distance else if speed >= 10 check heading check distance else warning end while while active do check distance end while composed system composed abstraction

17 Compositionality From Components to Systems –Simulation relations must hold after composition Benefits –modular verification –advanced deduction techniques possible Difficulty –formalisms must fit together hybrid system simulation relation composition Original Controller Original Plane Abstract Plane Abstract Controller Original Plane Abstract Plane satisfies sat. Original Controller Abstract Controller satisfies while active do if altitude > check distance else if speed >= 10 check heading check distance else warning end while while active do check distance end while composed system composed abstraction

18 Contribution of this Thesis Formal Framework for Compositional Verification –simulation relations for hybrid systems –semi-computable for linear bounds time collision possible! safety margin

19 Contribution of this Thesis Formal Framework for Compositional Verification –simulation relations for hybrid systems –semi-computable for linear bounds Verification Tool: PHAVer (Polyhedral Hybrid Automaton Verifier) –compute simulation relations and reachable states –most powerful verification tool for hybrid systems time collision possible! safety margin

20 Contribution of this Thesis Formal Framework for Compositional Verification –simulation relations for hybrid systems –semi-computable for linear bounds Verification Tool: PHAVer (Polyhedral Hybrid Automaton Verifier) –compute simulation relations and reachable states –most powerful verification tool for hybrid systems Future Work –compositional over- approximations (submitted) –efficiency & applications time collision possible! safety margin