1 / 20

Compositional Verification of Hybrid Systems Using Simulation Relations Doctorate Defense

Compositional Verification of Hybrid Systems Using Simulation Relations Doctorate Defense. Goran Frehse Radboud Universiteit, Nijmegen, Oct. 10, 2005. Example 1: Ü berlingen, July 1, 2002. Boeing & Tupolew crossing 21:33:03 Alarm from Collision Avoidance System (TCAS). B757-200. TU154M.

Download Presentation

Compositional Verification of Hybrid Systems Using Simulation Relations Doctorate Defense

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Compositional Verification of Hybrid SystemsUsing Simulation RelationsDoctorate Defense Goran Frehse Radboud Universiteit, Nijmegen, Oct. 10, 2005

  2. Example 1: Überlingen, July 1, 2002 • Boeing & Tupolew crossing • 21:33:03 • Alarm from Collision Avoidance System (TCAS) B757-200 TU154M !

  3. Example 1: Überlingen, July 1, 2002 • Boeing & Tupolew crossing • 21:33:03 • Alarm from Collision Avoidance System (TCAS) • 21:34:49 • Human controller command B757-200 TU154M !

  4. Example 1: Überlingen, July 1, 2002 • Boeing & Tupolew crossing • 21:33:03 • Alarm from Collision Avoidance System (TCAS) • 21:34:49 • Human controller command • 21:34:56 • TCAS recommendation B757-200 TU154M !

  5. Example 1: Überlingen, July 1, 2002 • Boeing & Tupolew crossing • 21:33:03 • Alarm from Collision Avoidance System (TCAS) • 21:34:49 • Human controller command • 21:34:56 • TCAS recommendation • 21:35:32 • Collision B757-200 TU154M !

  6. Example 1: Überlingen, July 1, 2002 • Boeing & Tupolew crossing • 21:33:03 • Alarm from Collision Avoidance System (TCAS) • 21:34:49 • Human controller command • 21:34:56 • TCAS recommendation • 21:35:32 • Collision B757-200 TU154M Official Recommendation: “pilots are to obey and follow TCAS advisories, regardless of whether contrary instruction is given” Trust a computer!? !

  7. Model of Environment Model of Software Formal Verification Hybrid System • Characteristics • mathematical rigour • sound proofs & algorithms • Hybrid System • continuous environment • discrete software • Problems • only computable for certain types of models • must check all possibilities • computational complexity • Solution • abstraction • compositionality Precise Specification

  8. Model of Environment Model of Software Formal Verification Hybrid System • Characteristics • mathematical rigour • sound proofs & algorithms • Hybrid System • continuous environment • discrete software • Problems • only computable for certain types of models • must check all possibilities • computational complexity • Solution • abstraction • compositionality Precise Specification Proof (algorithmic)

  9. Model of Environment Model of Software Formal Verification Hybrid System • Characteristics • mathematical rigour • sound proofs & algorithms • Hybrid System • continuous environment • discrete software • Problems • only computable for certain types of models • must check all possibilities • computational complexity • Solution • abstraction • compositionality Precise Specification Proof (algorithmic) TCAS verified in part Livadas, Lygeros, Lynch, ‘00 Guaranteed Correctness

  10. Example 2: Join Manoeuvre [Tomlin et al.] • Traffic Coordination Problem • join paths at different speed • Goals • avoid collision • join with sufficient separation

  11. Example 2: Join Manoeuvre [Tomlin et al.] • Traffic Coordination Problem • join paths at different speed • Goals • avoid collision • join with sufficient separation • Models • Environment: Planes • Software: Controller • switches fast/slow • Specification • keep min. distance

  12. Abstraction and Simulation Relations • Goal • check all possibilities • Abstraction • simplified model • here: linear bounds on direction disturbances

  13. Abstraction and Simulation Relations • Goal • check all possibilities • Abstraction • simplified model • here: linear bounds on direction • bounds on trajectories disturbances bounds on direction original trajectory bounds on trajectories of abstraction

  14. Abstraction and Simulation Relations • Goal • check all possibilities • Abstraction • simplified model • here: linear bounds on direction • bounds on trajectories • Simulation Relation • formal relationship between original and abstraction • everything possible in implementation is also possible in abstraction • specification = abstraction disturbances bounds on direction original trajectory bounds on trajectories of abstraction

  15. Original Plane Abstract Plane satisfies Original Controller Abstract Controller while active do if altitude > 13000 check distance else if speed >= 10 check heading check distance else warning end while while active do check distance end while satisfies Compositionality • From Components to Systems • Simulation relations must hold after composition

  16. Original Plane Abstract Plane satisfies Original Controller Abstract Controller while active do if altitude > 13000 check distance else if speed >= 10 check heading check distance else warning end while while active do check distance end while satisfies Compositionality • From Components to Systems • Simulation relations must hold after composition Original Plane Original Controller Abstract Plane Abstract Controller sat. composed system composed abstraction

  17. Original Plane Abstract Plane satisfies Original Controller Abstract Controller while active do if altitude > 13000 check distance else if speed >= 10 check heading check distance else warning end while while active do check distance end while satisfies Compositionality • From Components to Systems • Simulation relations must hold after composition • Benefits • modular verification • advanced deduction techniques possible • Difficulty • formalisms must fit together • hybrid system • simulation relation • composition Original Plane Original Controller Abstract Plane Abstract Controller sat. composed system composed abstraction

  18. Contribution of this Thesis • Formal Framework for Compositional Verification • simulation relations for hybrid systems • semi-computable for linear bounds collision possible! time safety margin

  19. Contribution of this Thesis • Formal Framework for Compositional Verification • simulation relations for hybrid systems • semi-computable for linear bounds • Verification Tool: PHAVer (Polyhedral Hybrid Automaton Verifier) • compute simulation relations and reachable states • most powerful verification tool for hybrid systems collision possible! time safety margin

  20. Contribution of this Thesis • Formal Framework for Compositional Verification • simulation relations for hybrid systems • semi-computable for linear bounds • Verification Tool: PHAVer (Polyhedral Hybrid Automaton Verifier) • compute simulation relations and reachable states • most powerful verification tool for hybrid systems • Future Work • compositional over-approximations (submitted) • efficiency & applications collision possible! time safety margin

More Related