Application of Formal Verification Methods to the analysis of Bearings-only Ballistic Missile Interception Algorithms Eli Bendersky Michael Butvinnik Supervisor:

Slides:

Advertisements

Similar presentations

1 Verification by Model Checking. 2 Part 1 : Motivation.

Advertisements

Sugar 2.0 Formal Specification Language D ana F isman 1,2 Cindy Eisner 1 1 IBM Haifa Research Laboratory 1 IBM Haifa Research Laboratory 2 Weizmann Institute.

Copyright 2000 Cadence Design Systems. Permission is granted to reproduce without modification. Introduction An overview of formal methods for hardware.

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?

Delta Debugging and Model Checkers for fault localization

Introduction to Formal Methods for SW and HW Development 09: SAT Based Abstraction/Refinement in Model-Checking Roberto Sebastiani Based on work and slides.

Introducing Formal Methods, Module 1, Version 1.1, Oct., Formal Specification and Analytical Verification L 5.

Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:

An Introduction to the Model Verifier verds Wenhui Zhang September 15 th, 2010.

Timed Automata.

LIFE CYCLE MODELS FORMAL TRANSFORMATION

Verification of Hybrid Systems An Assessment of Current Techniques Holly Bowen.

ECE 720T5 Fall 2012 Cyber-Physical Systems Rodolfo Pellizzoni.

Extended Kalman Filter (EKF) And some other useful Kalman stuff!

SAT and Model Checking. Bounded Model Checking (BMC) A.I. Planning problems: can we reach a desired state in k steps? Verification of safety properties:

Formal Methods in Software Engineering Credit Hours: 3+0 By: Qaisar Javaid Assistant Professor Formal Methods in Software Engineering1.

Weizmann Institute Tuning SAT-checkers for Bounded Model-Checking A bounded guided tour Ofer Shtrichman Weizmann Institute & IBM (HRL)

Model Checking. Used in studying behaviors of reactive systems Typically involves three steps: Create a finite state model (FSM) of the system design.

1 Predicate Abstraction of ANSI-C Programs using SAT Edmund Clarke Daniel Kroening Natalia Sharygina Karen Yorav (modified by Zaher Andraus for presentation.

Lecture 4&5: Model Checking: A quick introduction Professor Aditya Ghose Director, Decision Systems Lab School of IT and Computer Science University of.

ECE Synthesis & Verification1 ECE 667 Spring 2011 Synthesis and Verification of Digital Systems Verification Introduction.

Temporal Logic of Actions (TLA) Leslie Lamport

Prepared By: Kevin Meier Alok Desai

Presented by: Hatem Halaoui

Empirical Virtual Sliding Target Guidance law Presented by: Jonathan Hexner Itay Kroul Supervisor: Dr. Mark Moulin.

Chris Wilson and David L. Dill Computer Systems Laboratory Stanford University June, 2000 Reliable Verification Using Symbolic Simulation with Scalar Values.

Course AE4-T40 Lecture 5: Control Apllication

Novel approach to nonlinear/non- Gaussian Bayesian state estimation N.J Gordon, D.J. Salmond and A.F.M. Smith Presenter: Tri Tran

School of Computer ScienceG53FSP Formal Specification1 Dr. Rong Qu Introduction to Formal Specification

CS 267: Automated Verification Lecture 13: Bounded Model Checking Instructor: Tevfik Bultan.

Formal verification Marco A. Peña Universitat Politècnica de Catalunya.

Abstract Verification is traditionally done by determining the truth of a temporal formula (the specification) with respect to a timed transition system.

Short Course on Introduction to Meteorological Instrumentation and Observations Techniques QA and QC Procedures Short Course on Introduction to Meteorological.

272: Software Engineering Fall 2012 Instructor: Tevfik Bultan Lecture 4: SMT-based Bounded Model Checking of Concurrent Software.

Adaptive Signal Processing Class Project Adaptive Interacting Multiple Model Technique for Tracking Maneuvering Targets Viji Paul, Sahay Shishir Brijendra,

SAT Solver Math Foundations of Computer Science. 2 Boolean Expressions  A Boolean expression is a Boolean function  Any Boolean function can be written.

Introduction to High-Level Language Programming

Muhammad Moeen YaqoobPage 1 Moment-Matching Trackers for Difficult Targets Muhammad Moeen Yaqoob Supervisor: Professor Richard Vinter.

Cheng/Dillon-Software Engineering: Formal Methods Model Checking.

ECE 720T5 Winter 2014 Cyber-Physical Systems Rodolfo Pellizzoni.

1 The Theory of NP-Completeness 2012/11/6 P: the class of problems which can be solved by a deterministic polynomial algorithm. NP : the class of decision.

Verification and Validation Overview References: Shach, Object Oriented and Classical Software Engineering Pressman, Software Engineering: a Practitioner’s.

1 Automatic Refinement and Vacuity Detection for Symbolic Trajectory Evaluation Orna Grumberg Technion Haifa, Israel Joint work with Rachel Tzoref.

Kalman Filter (Thu) Joon Shik Kim Computational Models of Intelligence.

B. Fernández, D. Darvas, E. Blanco Formal methods appliedto PLC code verification Automation seminar CERN – IFAC (CEA) 02/06/2014.

CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur

Properties of OLS How Reliable is OLS?. Learning Objectives 1.Review of the idea that the OLS estimator is a random variable 2.How do we judge the quality.

Introduction to Formal Verification using Rulebase April 18, 2001 Rebecca Gott eServer I/O Development Hardware Verification

Introduction to Problem Solving. Steps in Programming A Very Simplified Picture –Problem Definition & Analysis – High Level Strategy for a solution –Arriving.

Algorithms & Flowchart

1 The Theory of NP-Completeness 2 Cook ’ s Theorem (1971) Prof. Cook Toronto U. Receiving Turing Award (1982) Discussing difficult problems: worst case.

NP-Complete Problems. Running Time v.s. Input Size Concern with problems whose complexity may be described by exponential functions. Tractable problems.

Author: Alex Groce, Daniel Kroening, and Flavio Lerda Computer Science Department, Carnegie Mellon University Pittsburgh, PA Source: R. Alur and.

NCAF Manchester July 2000 Graham Hesketh Information Engineering Group Rolls-Royce Strategic Research Centre.

Lecture 5 1 CSP tools for verification of Sec Prot Overview of the lecture The Casper interface Refinement checking and FDR Model checking Theorem proving.

Verification & Validation By: Amir Masoud Gharehbaghi

Principles of Radar Tracking Using the Kalman Filter to locate targets.

1 Temporal logic. 2 Prop. logic: model and reason about static situations. Example: Are there truth values that can be assigned to x,y simultaneously.

Chapter 11 Introduction to Computational Complexity Copyright © 2011 The McGraw-Hill Companies, Inc. Permission required for reproduction or display. 1.

Custom Computing Machines for the Set Covering Problem Paper Written By: Christian Plessl and Marco Platzner Swiss Federal Institute of Technology, 2002.

SAT Solving As implemented in - DPLL solvers: GRASP, Chaff and

Colorado Center for Astrodynamics Research The University of Colorado 1 STATISTICAL ORBIT DETERMINATION Kalman Filter with Process Noise Gauss- Markov.

Robust Localization Kalman Filter & LADAR Scans

Computability Examples. Reducibility. NP completeness. Homework: Find other examples of NP complete problems.

Bernd Fischer RW714: SAT/SMT-Based Bounded Model Checking of Software.

CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur

Hardware Acceleration of A Boolean Satisfiability Solver

Learning Invariants using Decision Trees and Implication Counterexamples Pranav Garg Amazon India.

Verification and Validation Overview

NP-Completeness Proofs

Presentation transcript:

Application of Formal Verification Methods to the analysis of Bearings-only Ballistic Missile Interception Algorithms Eli Bendersky Michael Butvinnik Supervisor: Dr. Mark Moulin

Project goals Verify and improve the performance of antimissile interception by using a Formal Verification technique for checking: Interception dynamics consistency Extended Kalman Filter estimation consistency

Interception model

The polar system equations are given by: True Proportional Navigation guidance law System equations - bearing angle - range - missile acceleration - target acceleration - navigation gain

EKF Linearized system equationsMeasurement equation Modified covariance - positive semidefinite pseudo-noise covariance - process noise covariance - white noise

Interception scenario and system parameters LOS angle rate -0.96LOS angle -1787range rate 80000range 500target velocity 1500missile velocity 3.85navigation constant 8e-8measurement noise variance 0.5process sampling rate 1.0EKF update rate

Formal verification Prove that a system obeys its specification Contrast to simulation: Formal verificationSimulation all legal input sequences(large) set of particular cases correctness expressed as correctness usually expressed per set of general propertiesrun (expected results) Methods: theorem proving, model checking

Model checking View system as a finite state machine Traverse the state machine to determine the truth or falsity of a specification always (request -> next acknowledge) Provide a counter-example if the specification failed

Safety and Liveness properties Safety property: “Something bad never happens.” Useful to check that a tracking error is always lower than some upper bound always (…) Liveness property: “Something good eventually happens.” Useful to verify that a system eventually converges always_in_future_time (…)

Bounded Model Checking Bounds the model to a limited amount of cycles Uses a Boolean Satisfiability solver to find counter examples to specifications When used with SAT – very efficient, faster than traditional Model Checking algorithms, can process larger models Can be only used for falsification – finding bugs

Boolean Satisfiability (SAT) Well studied NP-Complete problem Given a boolean conjunctive normal form (CNF) formula, looks for assignments to variables so that the formula evaluates to true CNF: Given a property p and running for k cycles, is there a reachable state within k cycles that satisfies  p ?... s0s0 s1s1 s2s2 s k-1 sksk pp p pp p

Rulebase formal verification tool Verifies a design, typically control logic, against a set of properties, producing documented fail/pass answer Deals with industrial size designs Used throughout IBM, by external licensees, and in academia IBM Outstanding Research Innovation Award

Rulebase (continued) design (HDL) environ. (EDL) spec (sugar) RuleBase pass/fail

Rulebase with SAT Design, environment and specifications reduced to a CNF boolean formula Formula passed to a SAT solver The SAT solver runs for a specified amount of cycles Reports a counter example if the specification failed

Modeling the system for Rulebase The system was coded in Verilog (a common hardware description language) Floating point operations implemented using fixed point arithmetic (with precision of ) Specifications coded in the Sugar language (Industry standard)

Property 1 - Range always (range= > next [k] (range < 70000))

Property 2 - Acceleration Can be formulated in two ways always ( < 20) exists_at_least_once ( > 20) Rulebase found a counterexample showing a target acceleration that causes the missile acceleration to be after the first 4 seconds of the interception process

Properties 3 and 4 – range bias Property 3 always [k] (range_bias < 4000) Property 4 always (for_all ( ) -> within range_bias > 4000)

Properties 3 and 4 – results

Conclusions A novel powerful technique is introduced to analyze the interception process behavior The system properties are naturally described in a formal specification language The Rulebase verification engine steadily verifies these properties Formal verification is capable of finding heuristic control parameters, and proved to be suitable for checking the bound and corner cases