Compositional Verification of Hybrid Systems Using Simulation Relations Doctorate Defense
20
1 Compositional Verification of Hybrid Systems Using Simulation Relations Doctorate Defense Goran Frehse Radboud Universiteit, Nijmegen, Oct. 10, 2005
-
Upload
cathleen-lang -
Category
Documents
-
view
38 -
download
0
description
Compositional Verification of Hybrid Systems Using Simulation Relations Doctorate Defense. Goran Frehse Radboud Universiteit, Nijmegen, Oct. 10, 2005. Example 1: Ü berlingen, July 1, 2002. Boeing & Tupolew crossing 21:33:03 Alarm from Collision Avoidance System (TCAS). B757-200. TU154M. - PowerPoint PPT Presentation
Transcript of Compositional Verification of Hybrid Systems Using Simulation Relations Doctorate Defense
1
Compositional Verification of Hybrid SystemsUsing Simulation Relations
Doctorate Defense
Goran Frehse
Radboud Universiteit, Nijmegen, Oct. 10, 2005
2
Example 1: Überlingen, July 1, 2002
• Boeing & Tupolew crossing• 21:33:03
– Alarm from Collision Avoidance System (TCAS)
B757-200 TU154M
!
3
Example 1: Überlingen, July 1, 2002
• Boeing & Tupolew crossing• 21:33:03
– Alarm from Collision Avoidance System (TCAS)
• 21:34:49– Human controller command
B757-200 TU154M
!
4
Example 1: Überlingen, July 1, 2002
• Boeing & Tupolew crossing• 21:33:03
– Alarm from Collision Avoidance System (TCAS)
• 21:34:49– Human controller command
• 21:34:56– TCAS recommendation
B757-200 TU154M
!
5
Example 1: Überlingen, July 1, 2002
• Boeing & Tupolew crossing• 21:33:03
– Alarm from Collision Avoidance System (TCAS)
• 21:34:49– Human controller command
• 21:34:56– TCAS recommendation
• 21:35:32– Collision
B757-200 TU154M
!
6
!
Example 1: Überlingen, July 1, 2002
• Boeing & Tupolew crossing• 21:33:03
– Alarm from Collision Avoidance System (TCAS)
• 21:34:49– Human controller command
• 21:34:56– TCAS recommendation
• 21:35:32– Collision
Official Recommendation:
“pilots are to obey and follow TCAS advisories, regardless of whether
contrary instruction is given”
Trust a computer!?
Official Recommendation:
“pilots are to obey and follow TCAS advisories, regardless of whether
contrary instruction is given”
Trust a computer!?
B757-200 TU154M
7
Formal Verification
• Characteristics– mathematical rigour– sound proofs & algorithms
• Hybrid System– continuous environment– discrete software
• Problems– only computable for certain
types of models– must check all possibilities
computational complexity
• Solution– abstraction– compositionality
Model of Environment
Model ofSoftware
Precise Specification
Hybrid System
8
Formal Verification
• Characteristics– mathematical rigour– sound proofs & algorithms
• Hybrid System– continuous environment– discrete software
• Problems– only computable for certain
types of models– must check all possibilities
computational complexity
• Solution– abstraction– compositionality
Model of Environment
Model ofSoftware
Proof(algorithmic)
Precise Specification
Hybrid System
9
Formal Verification
• Characteristics– mathematical rigour– sound proofs & algorithms
• Hybrid System– continuous environment– discrete software
• Problems– only computable for certain
types of models– must check all possibilities
computational complexity
• Solution– abstraction– compositionality
Model of Environment
Model ofSoftware
Proof(algorithmic)
GuaranteedCorrectness
Precise Specification
Hybrid System
TCAS verifiedin part
Livadas, Lygeros, Lynch, ‘00
10
Example 2: Join Manoeuvre [Tomlin et al.]
• Traffic Coordination Problem– join paths at different speed
• Goals – avoid collision
– join with sufficient separation
11
Example 2: Join Manoeuvre [Tomlin et al.]
• Traffic Coordination Problem– join paths at different speed
• Goals – avoid collision
– join with sufficient separation
• Models– Environment: Planes
– Software: Controller
• switches fast/slow
• Specification– keep min. distance
12
Abstraction and Simulation Relations
• Goal– check all possibilities
• Abstraction simplified model
– here: linear bounds on direction
disturbances
13
Abstraction and Simulation Relations
• Goal– check all possibilities
• Abstraction simplified model
– here: linear bounds on direction
– bounds on trajectoriesbounds on direction
original trajectory
bounds on trajectories of abstraction
disturbances
14
Abstraction and Simulation Relations
• Goal– check all possibilities
• Abstraction simplified model
– here: linear bounds on direction
– bounds on trajectories
• Simulation Relation formal relationship between
original and abstraction
– everything possible in implementation is also possible in abstraction
– specification = abstraction
original trajectory
bounds on direction
bounds on trajectories of abstraction
disturbances
15
Compositionality
• From Components to Systems– Simulation relations must
hold after compositionOriginalPlane
AbstractPlane
satisfies
OriginalController
AbstractController
satisfieswhile active do if altitude > 13000 check distance else if speed >= 10 check heading check distance else warningend while
while active do check distanceend while
16
Compositionality
• From Components to Systems– Simulation relations must
hold after composition
OriginalController
OriginalPlane
AbstractPlane
AbstractController
OriginalPlane
AbstractPlane
satisfies
sat.
OriginalController
AbstractController
satisfieswhile active do if altitude > 13000 check distance else if speed >= 10 check heading check distance else warningend while
while active do check distanceend while
composedsystem
composedabstraction
17
Compositionality
• From Components to Systems– Simulation relations must
hold after composition
• Benefits – modular verification
– advanced deduction techniques possible
• Difficulty– formalisms must fit together
• hybrid system• simulation relation• composition
OriginalController
OriginalPlane
AbstractPlane
AbstractController
OriginalPlane
AbstractPlane
satisfies
sat.
OriginalController
AbstractController
satisfieswhile active do if altitude > 13000 check distance else if speed >= 10 check heading check distance else warningend while
while active do check distanceend while
composedsystem
composedabstraction
18
Contribution of this Thesis
• Formal Framework for Compositional Verification– simulation relations for hybrid
systems
– semi-computable for linear bounds
time
collision possible!
safetymargin
19
Contribution of this Thesis
• Formal Framework for Compositional Verification– simulation relations for hybrid
systems
– semi-computable for linear bounds
• Verification Tool: PHAVer (Polyhedral Hybrid Automaton Verifier)
– compute simulation relations and reachable states
– most powerful verification tool for hybrid systems
time
collision possible!
safetymargin
20
Contribution of this Thesis
• Formal Framework for Compositional Verification– simulation relations for hybrid
systems– semi-computable for linear
bounds• Verification Tool: PHAVer
(Polyhedral Hybrid Automaton Verifier)
– compute simulation relations and reachable states
– most powerful verification tool for hybrid systems
• Future Work– compositional over-
approximations (submitted)– efficiency & applications
time
collision possible!
safetymargin
