50,132 research outputs found
HyPLC: Hybrid Programmable Logic Controller Program Translation for Verification
Programmable Logic Controllers (PLCs) provide a prominent choice of
implementation platform for safety-critical industrial control systems. Formal
verification provides ways of establishing correctness guarantees, which can be
quite important for such safety-critical applications. But since PLC code does
not include an analytic model of the system plant, their verification is
limited to discrete properties. In this paper, we, thus, start the other way
around with hybrid programs that include continuous plant models in addition to
discrete control algorithms. Even deep correctness properties of hybrid
programs can be formally verified in the theorem prover KeYmaera X that
implements differential dynamic logic, dL, for hybrid programs. After verifying
the hybrid program, we now present an approach for translating hybrid programs
into PLC code. The new tool, HyPLC, implements this translation of discrete
control code of verified hybrid program models to PLC controller code and, vice
versa, the translation of existing PLC code into the discrete control actions
for a hybrid program given an additional input of the continuous dynamics of
the system to be verified. This approach allows for the generation of real
controller code while preserving, by compilation, the correctness of a valid
and verified hybrid program. PLCs are common cyber-physical interfaces for
safety-critical industrial control applications, and HyPLC serves as a
pragmatic tool for bridging formal verification of complex cyber-physical
systems at the algorithmic level of hybrid programs with the execution layer of
concrete PLC implementations.Comment: 13 pages, 9 figures. ICCPS 201
Extending Hybrid CSP with Probability and Stochasticity
Probabilistic and stochastic behavior are omnipresent in computer controlled
systems, in particular, so-called safety-critical hybrid systems, because of
fundamental properties of nature, uncertain environments, or simplifications to
overcome complexity. Tightly intertwining discrete, continuous and stochastic
dynamics complicates modelling, analysis and verification of stochastic hybrid
systems (SHSs). In the literature, this issue has been extensively
investigated, but unfortunately it still remains challenging as no promising
general solutions are available yet. In this paper, we give our effort by
proposing a general compositional approach for modelling and verification of
SHSs. First, we extend Hybrid CSP (HCSP), a very expressive and process
algebra-like formal modeling language for hybrid systems, by introducing
probability and stochasticity to model SHSs, which is called stochastic HCSP
(SHCSP). To this end, ordinary differential equations (ODEs) are generalized by
stochastic differential equations (SDEs) and non-deterministic choice is
replaced by probabilistic choice. Then, we extend Hybrid Hoare Logic (HHL) to
specify and reason about SHCSP processes. We demonstrate our approach by an
example from real-world.Comment: The conference version of this paper is accepted by SETTA 201
Formalization and Validation of Safety-Critical Requirements
The validation of requirements is a fundamental step in the development
process of safety-critical systems. In safety critical applications such as
aerospace, avionics and railways, the use of formal methods is of paramount
importance both for requirements and for design validation. Nevertheless, while
for the verification of the design, many formal techniques have been conceived
and applied, the research on formal methods for requirements validation is not
yet mature. The main obstacles are that, on the one hand, the correctness of
requirements is not formally defined; on the other hand that the formalization
and the validation of the requirements usually demands a strong involvement of
domain experts. We report on a methodology and a series of techniques that we
developed for the formalization and validation of high-level requirements for
safety-critical applications. The main ingredients are a very expressive formal
language and automatic satisfiability procedures. The language combines
first-order, temporal, and hybrid logic. The satisfiability procedures are
based on model checking and satisfiability modulo theory. We applied this
technology within an industrial project to the validation of railways
requirements
Proceedings of the Sixth NASA Langley Formal Methods (LFM) Workshop
Today's verification techniques are hard-pressed to scale with the ever-increasing complexity of safety critical systems. Within the field of aeronautics alone, we find the need for verification of algorithms for separation assurance, air traffic control, auto-pilot, Unmanned Aerial Vehicles (UAVs), adaptive avionics, automated decision authority, and much more. Recent advances in formal methods have made verifying more of these problems realistic. Thus we need to continually re-assess what we can solve now and identify the next barriers to overcome. Only through an exchange of ideas between theoreticians and practitioners from academia to industry can we extend formal methods for the verification of ever more challenging problem domains. This volume contains the extended abstracts of the talks presented at LFM 2008: The Sixth NASA Langley Formal Methods Workshop held on April 30 - May 2, 2008 in Newport News, Virginia, USA. The topics of interest that were listed in the call for abstracts were: advances in formal verification techniques; formal models of distributed computing; planning and scheduling; automated air traffic management; fault tolerance; hybrid systems/hybrid automata; embedded systems; safety critical applications; safety cases; accident/safety analysis
Software Tools for Technology Transfer manuscript No. (will be inserted by the editor) How to Prove Complex Properties of Hybrid Systems with KeYmaera: A Tutorial
The date of receipt and acceptance will be inserted by the editor Abstract. This paper is a tutorial on how to model and prove complex properties of complex hybrid systems in KeYmaera, an automatic and interactive formal verification tool for hybrid systems implementing differential dynamic logic. Hybrid systems can model highly nontrivial controllers of physical plants, whose behaviors are often safety critical such as trains, cars, airplanes, or medical devices. Formal methods can help design systems that work correctly. This paper illustrates how KeYmaera can be used to systematically model, validate, and verify hybrid systems. We develop tutorial examples that illustrate challenges arising in many realworld systems. In the context of this tutorial, we identify the impact that modeling decisions have on the suitability of the model for verification purposes. We show how the interactive features of KeYmaera can help users understand their system designs better and prove complex properties for which the automatic prover of KeYmaera still takes an impractical amount of time. We hope this paper is a helpful resource for designers of embedded and cyber-physical systems and that it illustrates how to master common practical challenges in hybrid systems verification.
A Formal Methodology for Engineering Heterogeneous Railway Signalling Systems
Ph. D. Thesis.Over the last few decades, the safety assurance of cyber-physical systems has become one of the
biggest challenges in the field of model-based system engineering. The challenge arises from an
immense complexity of cyber-physical systems which have deeply intertwined physical, software
and network system aspects.
With significant improvements in a wireless communication and microprocessor technologies,
the railway domain has become one of the frontiers for deploying cyber-physical signalling
systems. However, because of the safety-critical nature of railway signalling systems, the
highest level of safety assurance is essential. This study attempts to address the challenge of
guaranteeing the safety of cyber-physical railway signalling systems by proposing a development
methodology based on formal methods. In particular, this study is concerned with the safety
assurance of heterogeneous cyber-physical railway signalling systems, which have emerged by
gradually replacing outdated signalling systems and integrating mainline with urban signalling
systems. The main contribution of this work is a formal development methodology of railway
signalling systems. The methodology is based on the Event-B modelling language, which
provides an expressive modelling language, a stepwise model development and a proof-based
model verification. At the core of the methodology is a generic communication-based railway
signalling Event-B model, which can be further refined to capture specific heterogeneous or
homogeneous railway signalling configurations. In order to make signalling modelling more
systematic we developed communication and hybrid railway signalling modelling patterns.
The proposed methodology and modelling patterns have been evaluated on two case studies.
The evaluation shows that the methodology does provide a system-level railway signalling
modelling and verification method. This is crucial for verifying the safety of cyber-physical
systems, as safety is dependent on interactions between different subsystems. However, the study
has also shown that automatic formal verification of hybrid systems is still a major challenge and
must be addressed in the future work in order to make this methodology more practical.(EPSRC and Siemens
Rail Automation
Accelerating cerification of cyber-physical systems using symmetry
Autonomous systems are increasingly being deployed in safety-critical applications such as transportation and medicine. Numerous approaches to analyze their safety have been considered including testing, falsification, and formal verification. The major challenge for all of these approaches is scalability to large and complex models. To address this challenge, we propose to use the symmetry naturally present in the dynamics of many of these systems.
Reachability-based safety analysis simulates the dynamical models of the autonomous systems, such as differential equations or hybrid automata, and checks if any of their reachable states is unsafe. Symmetries in dynamical systems are maps that transform any of their trajectories to other trajectories. In this thesis, we show how to use known symmetries of autonomous systems to cache their reachable states and abstract their dynamical models to accelerate their safety analysis.
The main contributions of this thesis are as follows: 1. Augmenting a state-of-the-art data-driven safety verification algorithm with a cache to reuse computed sets of reachable states. The proposed algorithm uses symmetries of the model under verification to increase the cache hit rate. 2. Augmenting traditional hybrid automata safety verification algorithms with a cache to reuse computed sets of reachable states. The proposed algorithm uses symmetries to share computed reachable sets between different modes and automata being verified. 3. Abstracting hybrid automata by combining modes with symmetric dynamics in the same abstract modes. 4. Designing a symmetry-based counter-example guided abstraction-refinement (CEGAR) algorithm for hybrid automata with symmetric continuous dynamics to accelerate their safety verification. 5. Finally, designing an efficient testing algorithm for autonomous systems that uses a cache to share symmetric trajectories among the test cases of a test suite, avoiding repetition of high-fidelity simulations.
The algorithmic contributions of this thesis come with theoretical guarantees that ensure their soundness and completeness. The algorithms presented build on top of state-of-the-art reachability analysis and verification algorithms. They accelerate their computations, without affecting their soundness and completeness guarantees.
Finally, we present software implementations and empirical analyses of the different algorithms presented, showing up to orders of magnitude speedup in verification and testing time of different dynamical models including a car, fixed-wing aircraft, a neural network-controlled quadrotor, and a Gazebo-based Hector quadrotor
Automatic Verification of Wireless Control in a Mining Ventilation System
International audienceWe address a wireless networked control problem for a mine ventilation system. Ventilation control is essential for the control of the operation of a mine for safety and energy optimization. The main control objective is to guarantee safety of the closed loop system. This test-case is simple enough to be computationally tractable, and yet it exposes the main difficulties encountered when using wireless networked systems for safety-critical applications. The focus of this paper is the formal verification of the operation of a closed loop control system for the so called secondary ventilation system that ensures air flow in the chambers of the mine where extraction takes place. The secondary ventilation system is modeled conservatively in the sense that if the formal verification process provides a positive answer then the system is guaranteed to work correctly while the converse is not necessarily true. For control, we use a simple threshold scheme. The overall closed-loop system is described by a hybrid model that takes into account the effects of time-delay, transmission errors and allows the precise formulation of the safety constraints. To ensure that the formal verification process is computationally tractable, we reason in the framework of temporal logics, and apply abstraction techniques and model checking tools that we developed previously
- …