Toward Online Hybrid Systems Model Checking of Cyber-Physical Systems Time-Bounded Short-Run Behavior

Lei Bu*, Qixin Wang†, Xin Chen*, Linzhang Wang*, Tian Zhang*, Jianhua Zhao*, and Xuandong Li* *Nanjing University, †The Hong Kong Polytechnic University

{bulei|chenxin|lzwang|ztluck|zhaojh|lxd}@nju.edu.cn, csqwang@comp.polyu.edu.hk

1. Demand: Verification of Cyber-Physical Systems Case 1: Train Control System Case 2: Laser Tracheotomy MDPnP

Safety Rule: No Collision During Emergent Braking! Safety Rule: Cannot Start Laser Scalpel

and Ventilator At The Same Time !

2. Modeling Language

Hybrid Automata

Discrete Control Modes

Continuous Real-time Behavior

3. Offline Modeling & Verification?Case 1: Train Control System Case 2: Laser Tracheotomy MDPnP Problem

1.Train communicate with RBC for new MA every 500ms.2.If a train touches SBD point, brake normally.3.If a train have not get any info in 5s, brake emergently!

1.SpO2 sampling period: 1 second2. Other automata are omitted from this poster due to space limit

Difficult To Verify:

Composed System State Space Explosion

Nonlinear Function High Complexity

Difficult To Model: Nondeterministic Bahavior

Runtime Parameter: Wind Speed, Railway Condition for Train control System, SpO2 for MDPnP are collected online, cannot predict the complete behavior space offline

4. Online Modeling & Verification Case 1: Train Control System Case 2: Laser Tracheotomy MDPnPProcedure

Runtime Control Parameters

Become Fixed Numeric Values

Time-bounded Short Run Behavior

Scenario-Based Time-bounded Static Model

Fast Online Verification Before Model Expire

No need to build model for RBC!

The System to verify has only 3 trains,

Verified by BACH,

Only 58 ms<<500ms!

Verified By PHAVer,

Only 0.27 seconds < 1 second