Presentation is loading. Please wait.

Presentation is loading. Please wait.

Application of Formal Verification Methods to the analysis of Bearings-only Ballistic Missile Interception Algorithms Eli Bendersky Michael Butvinnik Supervisor:

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Application of Formal Verification Methods to the analysis of Bearings-only Ballistic Missile Interception Algorithms Eli Bendersky Michael Butvinnik Supervisor:"— Presentation transcript:

1 Application of Formal Verification Methods to the analysis of Bearings-only Ballistic Missile Interception Algorithms Eli Bendersky Michael Butvinnik Supervisor: Dr. Mark Moulin

2 Project goals Verify and improve the performance of antimissile interception by using a Formal Verification technique for checking: Interception dynamics consistency Extended Kalman Filter estimation consistency

3 Interception model

4 The polar system equations are given by: True Proportional Navigation guidance law System equations - bearing angle - range - missile acceleration - target acceleration - navigation gain

5 EKF Linearized system equationsMeasurement equation Modified covariance - positive semidefinite pseudo-noise covariance - process noise covariance - white noise

6 Interception scenario and system parameters 0.0051LOS angle rate -0.96LOS angle -1787range rate 80000range 500target velocity 1500missile velocity 3.85navigation constant 8e-8measurement noise variance 0.5process sampling rate 1.0EKF update rate

7 Formal verification Prove that a system obeys its specification Contrast to simulation: Formal verificationSimulation all legal input sequences(large) set of particular cases correctness expressed as correctness usually expressed per set of general propertiesrun (expected results) Methods: theorem proving, model checking

8 Model checking View system as a finite state machine Traverse the state machine to determine the truth or falsity of a specification always (request -> next acknowledge) Provide a counter-example if the specification failed

9 Safety and Liveness properties Safety property: “Something bad never happens.” Useful to check that a tracking error is always lower than some upper bound always (…) Liveness property: “Something good eventually happens.” Useful to verify that a system eventually converges always_in_future_time (…)

10 Bounded Model Checking Bounds the model to a limited amount of cycles Uses a Boolean Satisfiability solver to find counter examples to specifications When used with SAT – very efficient, faster than traditional Model Checking algorithms, can process larger models Can be only used for falsification – finding bugs

11 Boolean Satisfiability (SAT) Well studied NP-Complete problem Given a boolean conjunctive normal form (CNF) formula, looks for assignments to variables so that the formula evaluates to true CNF: Given a property p and running for k cycles, is there a reachable state within k cycles that satisfies  p ?... s0s0 s1s1 s2s2 s k-1 sksk pp p pp p

12 Rulebase formal verification tool Verifies a design, typically control logic, against a set of properties, producing documented fail/pass answer Deals with industrial size designs Used throughout IBM, by external licensees, and in academia IBM Outstanding Research Innovation Award

13 Rulebase (continued) design (HDL) environ. (EDL) spec (sugar) RuleBase pass/fail

14 Rulebase with SAT Design, environment and specifications reduced to a CNF boolean formula Formula passed to a SAT solver The SAT solver runs for a specified amount of cycles Reports a counter example if the specification failed

15 Modeling the system for Rulebase The system was coded in Verilog (a common hardware description language) Floating point operations implemented using fixed point arithmetic (with precision of 0.0001) Specifications coded in the Sugar language (Industry standard)

16 Property 1 - Range always (range=80000 -> next [k] (range < 70000))

17 Property 2 - Acceleration Can be formulated in two ways always ( < 20) exists_at_least_once ( > 20) Rulebase found a counterexample showing a target acceleration that causes the missile acceleration to be after the first 4 seconds of the interception process

18 Properties 3 and 4 – range bias Property 3 always [k] (range_bias < 4000) Property 4 always (for_all ( ) -> within range_bias > 4000)

19 Properties 3 and 4 – results

20 Conclusions A novel powerful technique is introduced to analyze the interception process behavior The system properties are naturally described in a formal specification language The Rulebase verification engine steadily verifies these properties Formal verification is capable of finding heuristic control parameters, and proved to be suitable for checking the bound and corner cases

Download ppt "Application of Formal Verification Methods to the analysis of Bearings-only Ballistic Missile Interception Algorithms Eli Bendersky Michael Butvinnik Supervisor:"

Similar presentations

1 Verification by Model Checking. 2 Part 1 : Motivation.

1 Verification by Model Checking. 2 Part 1 : Motivation.
Sugar 2.0 Formal Specification Language D ana F isman 1,2 Cindy Eisner 1 1 IBM Haifa Research Laboratory 1 IBM Haifa Research Laboratory 2 Weizmann Institute.

Sugar 2.0 Formal Specification Language D ana F isman 1,2 Cindy Eisner 1 1 IBM Haifa Research Laboratory 1 IBM Haifa Research Laboratory 2 Weizmann Institute.
Copyright 2000 Cadence Design Systems. Permission is granted to reproduce without modification. Introduction An overview of formal methods for hardware.

Copyright 2000 Cadence Design Systems. Permission is granted to reproduce without modification. Introduction An overview of formal methods for hardware.
Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
Delta Debugging and Model Checkers for fault localization

Delta Debugging and Model Checkers for fault localization
Introduction to Formal Methods for SW and HW Development 09: SAT Based Abstraction/Refinement in Model-Checking Roberto Sebastiani Based on work and slides.

Introduction to Formal Methods for SW and HW Development 09: SAT Based Abstraction/Refinement in Model-Checking Roberto Sebastiani Based on work and slides.
Introducing Formal Methods, Module 1, Version 1.1, Oct., 1998 1 Formal Specification and Analytical Verification L 5.

Introducing Formal Methods, Module 1, Version 1.1, Oct., Formal Specification and Analytical Verification L 5.
Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:

Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:
An Introduction to the Model Verifier verds Wenhui Zhang September 15 th, 2010.

An Introduction to the Model Verifier verds Wenhui Zhang September 15 th, 2010.
Timed Automata.

Timed Automata.
LIFE CYCLE MODELS FORMAL TRANSFORMATION

LIFE CYCLE MODELS FORMAL TRANSFORMATION
Verification of Hybrid Systems An Assessment of Current Techniques Holly Bowen.

Verification of Hybrid Systems An Assessment of Current Techniques Holly Bowen.
ECE 720T5 Fall 2012 Cyber-Physical Systems Rodolfo Pellizzoni.

ECE 720T5 Fall 2012 Cyber-Physical Systems Rodolfo Pellizzoni.
Extended Kalman Filter (EKF) And some other useful Kalman stuff!

Extended Kalman Filter (EKF) And some other useful Kalman stuff!
SAT and Model Checking. Bounded Model Checking (BMC) A.I. Planning problems: can we reach a desired state in k steps? Verification of safety properties:

SAT and Model Checking. Bounded Model Checking (BMC) A.I. Planning problems: can we reach a desired state in k steps? Verification of safety properties:
Formal Methods in Software Engineering Credit Hours: 3+0 By: Qaisar Javaid Assistant Professor Formal Methods in Software Engineering1.

Formal Methods in Software Engineering Credit Hours: 3+0 By: Qaisar Javaid Assistant Professor Formal Methods in Software Engineering1.
Weizmann Institute Tuning SAT-checkers for Bounded Model-Checking A bounded guided tour Ofer Shtrichman Weizmann Institute & IBM (HRL)

Weizmann Institute Tuning SAT-checkers for Bounded Model-Checking A bounded guided tour Ofer Shtrichman Weizmann Institute & IBM (HRL)
Model Checking. Used in studying behaviors of reactive systems Typically involves three steps: Create a finite state model (FSM) of the system design.

Model Checking. Used in studying behaviors of reactive systems Typically involves three steps: Create a finite state model (FSM) of the system design.
1 Predicate Abstraction of ANSI-C Programs using SAT Edmund Clarke Daniel Kroening Natalia Sharygina Karen Yorav (modified by Zaher Andraus for presentation.

1 Predicate Abstraction of ANSI-C Programs using SAT Edmund Clarke Daniel Kroening Natalia Sharygina Karen Yorav (modified by Zaher Andraus for presentation.
Lecture 4&5: Model Checking: A quick introduction Professor Aditya Ghose Director, Decision Systems Lab School of IT and Computer Science University of.

Lecture 4&5: Model Checking: A quick introduction Professor Aditya Ghose Director, Decision Systems Lab School of IT and Computer Science University of.

Similar presentations

Ads by Google