ABSTRACT
Safety verification of a plant together with its controller is an important part of controller design. If the controller is implemented in software, then a formal model such as hybrid automata is needed to model the composite system. However, classic hybrid automata scale poorly for complex software controllers due to their eager representation of discrete states. In this paper we present safety verification for software controllers without constructing hybrid automata. Our approach targets a common class of software controllers, where the plant is periodically sampled and actuated by the controller. The resulting systems exhibit a regular alternation of discrete steps and fixed length continuous-time evolution. We show that these systems can be verified by a combination of SMT solving and Taylor models. SMT formulas accurately capture control software in a compact form, and Taylor models accurately capture continuous trajectories up to guaranteed error bounds.
- FORMULA. http://formula.codeplex.com.Google Scholar
- M. Berz and K. Makino. Verified integration of odes and flows using differential algebraic methods on high-order taylor models. Reliable Computing, 4(4):361--369, 1998.Google ScholarCross Ref
- O. Bouissou, E. Goubault, S. Putot, K. Tekkal, and F. Vedrine. Hybridfluctuat: A static analyzer of numerical programs within a continuous environment. In Computer Aided Verification, pages 620--626. Springer, 2009. Google ScholarDigital Library
- X. Chen, E. Abrahám, and S. Sankaranarayanan. Taylor model flowpipe construction for non-linear hybrid systems. In Real-Time Systems Symposium, pages 183--192, 2012. Google ScholarDigital Library
- A. Chutinan and B. H. Krogh. Verification of polyhedral-invariant hybrid automata using polygonal flow pipe approximations. In Hybrid Systems: Computation and Control, pages 76--90. 1999. Google ScholarDigital Library
- L. De Moura and N. Bjørner. Z3: An efficient smt solver. In Tools and Algorithms for the Construction and Analysis of Systems, pages 337--340. 2008. Google ScholarCross Ref
- M. Fähndrich and F. Logozzo. Checking compatibility of bit sizes in floating point comparison operations. Electr. Notes Theor. Comput. Sci., 288:15--23, 2012. Google ScholarDigital Library
- M. E. Fisher. A semiclosed-loop algorithm for the control of blood glucose levels in diabetics. IEEE Trans. on Biomedical Engineering, 38(1):57--61, 1991.Google ScholarCross Ref
- M. Fränzle and C. Herde. Hysat: An efficient proof engine for bounded model checking of hybrid systems. Formal Methods in System Design, 30(3):179--198, 2007. Google ScholarDigital Library
- G. Frehse, C. Le Guernic, A. Donzé, S. Cotton, R. Ray, O. Lebeltel, R. Ripado, A. Girard, T. Dang, and O. Maler. Spaceex: Scalable verification of hybrid systems. In Computer Aided Verification, pages 379--395, 2011. Google ScholarCross Ref
- S. Gao, S. Kong, and E. Clarke. dreach: Reachability analysis for nonlinear hybrid systems (tool paper). In Hybrid Systems: Computation and Control, 2013.Google Scholar
- N. Halbwachs, P. Caspi, P. Raymond, and D. Pilaud. The synchronous data flow programming language lustre. Proc. of the IEEE, 79(9):1305--1320, 1991.Google ScholarCross Ref
- T. A. Henzinger, B. Horowitz, and C. M. Kirsch. Giotto: A time-triggered language for embedded programming. Proc. of the IEEE, 91(1):84--99, 2003.Google ScholarCross Ref
- N. Ramdani and N. S. Nedialkov. Computing reachable sets for uncertain nonlinear hybrid systems using interval constraint-propagation techniques. Nonlinear Analysis: Hybrid Systems, 5(2):149--162, 2011.Google ScholarCross Ref
- B. I. Silva and B. H. Krogh. Modeling and verification of sampled-data hybrid systems. In Proc. 4th Int. Conf. on Automation of Mixed Processes: Hybrid Dynamic Systems, pages 237--242, 2000.Google Scholar
- D. Vanoverberghe, N. Bjørner, J. de Halleux, W. Schulte, and N. Tillmann. Using dynamic symbolic execution to improve deductive verification. In SPIN, pages 9--25, 2008. Google ScholarDigital Library
- A. Zutshi, S. Sankaranarayanan, and A. Tiwari. Timed relational abstractions for sampled data control systems. In CAV, pages 343--361, 2012. Google ScholarDigital Library
Index Terms
- A bounded model checking tool for periodic sample-hold systems
Recommendations
Bounded model checking of high-integrity software
HILT '13: Proceedings of the 2013 ACM SIGAda annual conference on High integrity language technologyModel checking [5] is an automated algorithmic technique for exhaustive verification of systems, described as finite state machines, against temporal logic [9] specifications. It has been used successfully to verify hardware at an industrial scale [6]. ...
SMT-Based Bounded Model Checking for Embedded ANSI-C Software
ASE '09: Proceedings of the 24th IEEE/ACM International Conference on Automated Software EngineeringPropositional bounded model checking has been applied successfully to verify embedded software but is limited by the increasing propositional formula size and the loss of structure during the translation. These limitations can be reduced by encoding ...
Bounded model checking of high-integrity software
HILT '13Model checking [5] is an automated algorithmic technique for exhaustive verification of systems, described as finite state machines, against temporal logic [9] specifications. It has been used successfully to verify hardware at an industrial scale [6]. ...
Comments