Parametrized Verification of Distributed Cyber-Physical Systems: An Aircraft Landing Protocol Case Study

In this paper, we present the formal modeling and automatic parameterized verification of a distributed air traffic control protocol called the Small Aircraft Transportation System (SATS). Each aircraft is modeled as a timed automaton with (possibly unbounded) counters. SATS is then described as the composition of N such aircraft, where N is a parameter from the natural numbers. We verify several safety properties for arbitrary N, the most important of which is separation assurance, which ensures that no two aircraft may ever collide. The verification methodology relies on computing the set of backward reachable states from the set of unsafe states to a fixed point, and checking emptiness of the intersection of these reachable states and the initial set of states. We used the Model Checker Modulo Theories (MCMT) tool, which implements this technique.

[1]  Kenneth M. Jones,et al.  Small Aircraft Transportation System, Higher Volume Operations Concept: Normal Operations , 2013 .

[2]  S. Shankar Sastry,et al.  Conflict resolution for air traffic management: a study in multiagent hybrid systems , 1998, IEEE Trans. Autom. Control..

[3]  Nancy A. Lynch,et al.  Hybrid I/O automata , 1995, Inf. Comput..

[4]  Parosh Aziz Abdulla,et al.  Parameterized Verification of Infinite-State Processes with Global Conditions , 2007, CAV.

[5]  Victor Carreño,et al.  Formal Analysis of the Operational Concept for the Small Aircraft Transportation System , 2006, RODIN Book.

[6]  Nancy A. Lynch,et al.  Specifying and proving properties of timed I/O automata using Tempo , 2008, Des. Autom. Embed. Syst..

[7]  Bruno Dutertre,et al.  Timed Systems in SAL , 2004 .

[8]  Amir Pnueli,et al.  Model checking and abstraction to the aid of parameterized systems (a survey) , 2004, Comput. Lang. Syst. Struct..

[9]  Edmund M. Clarke,et al.  Formal Verification of Curved Flight Collision Avoidance Maneuvers: A Case Study , 2009, FM.

[10]  Nancy A. Lynch,et al.  Translating Timed I/O Automata Specifications for Theorem Proving in PVS , 2007 .

[11]  Thomas A. Henzinger,et al.  The theory of hybrid automata , 1996, Proceedings 11th Annual IEEE Symposium on Logic in Computer Science.

[12]  Silvio Ghilardi,et al.  MCMT in the Land of Parametrized Timed Automata , 2010, VERIFY@IJCAR.

[13]  S. Shankar Sastry,et al.  O-Minimal Hybrid Systems , 2000, Math. Control. Signals Syst..

[14]  Cesar A. Munoz Hybrid Verification of an Air Traffic Operational Concept , 2005 .

[15]  Krzysztof R. Apt,et al.  Limits for Automatic Verification of Finite-State Concurrent Systems , 1986, Inf. Process. Lett..

[16]  Edmund M. Clarke,et al.  Reasoning about Networks with Many Identical Finite State Processes , 1989, Inf. Comput..

[17]  Edmund M. Clarke,et al.  Model Checking , 1999, Handbook of Automated Reasoning.

[18]  Philippe Schnoebelen,et al.  Well-structured transition systems everywhere! , 2001, Theor. Comput. Sci..

[19]  Silvio Ghilardi,et al.  Backward Reachability of Array-based Systems by SMT solving: Termination and Invariant Synthesis , 2010, Log. Methods Comput. Sci..

[20]  André Platzer,et al.  Quantified Differential Dynamic Logic for Distributed Hybrid Systems , 2010, CSL.

[21]  Silvio Ghilardi,et al.  MCMT: A Model Checker Modulo Theories , 2010, IJCAR.

[22]  Roberto Bruttomesso,et al.  Automated Analysis of Parametric Timing-Based Mutual Exclusion Algorithms , 2012, NASA Formal Methods.

[23]  Nancy A. Lynch,et al.  Self-stabilizing robot formations over unreliable networks , 2009, TAAS.

[24]  Parosh Aziz Abdulla,et al.  Model checking of systems with many identical timed processes , 2003, Theor. Comput. Sci..

[25]  Silvio Ghilardi,et al.  Towards SMT Model Checking of Array-Based Systems , 2008, IJCAR.

[26]  Alexandre M. Bayen,et al.  Aircraft Autolander Safety Analysis Through Optimal Control-Based Reach Set Computation , 2007 .

[27]  Pravin Varaiya,et al.  What's decidable about hybrid automata? , 1995, STOC '95.

[28]  Natarajan Shankar,et al.  PVS: A Prototype Verification System , 1992, CADE.

[29]  Jan Maluszy¿ski Verification, Model Checking, and Abstract Interpretation , 2009, Lecture Notes in Computer Science.

[30]  Rajeev Alur,et al.  A Theory of Timed Automata , 1994, Theor. Comput. Sci..

[31]  Gilles Dowek,et al.  Modeling and verification of an air traffic concept of operations , 2004, ISSTA '04.

[32]  André Platzer,et al.  Adaptive Cruise Control: Hybrid, Distributed, and Now Formally Verified , 2011, FM.

[33]  Alessandro Carioni,et al.  MCMT in the Land of Parameterized Timed Automata , 2010 .

[34]  Nancy A. Lynch,et al.  Proving Safety Properties of an Aircraft Landing Protocol Using I/O Automata and the PVS Theorem Prover: A Case Study , 2006, FM.

[35]  A. Prasad Sistla,et al.  Reasoning about systems with many processes , 1992, JACM.

[36]  Victor Carreño,et al.  Safety Verification of the Small Aircraft Transportation System Concept of Operations , 2005 .

[37]  Helmut Veith,et al.  Environment Abstraction for Parameterized Verification , 2006, VMCAI.

[38]  Taylor T. Johnson,et al.  Safe and Stabilizing Distributed Cellular Flows , 2010, 2010 IEEE 30th International Conference on Distributed Computing Systems.

[39]  Ian M. Mitchell,et al.  Safety verification of conflict resolution manoeuvres , 2001, IEEE Trans. Intell. Transp. Syst..

[40]  Wang Yi,et al.  UPPAAL - a Tool Suite for Automatic Verification of Real-Time Systems , 1996, Hybrid Systems.

[41]  Johann Deneux,et al.  Multi-clock timed networks , 2004, LICS 2004.

[42]  André Platzer,et al.  Quantified differential invariants , 2011, HSCC '11.

[43]  Taylor T. Johnson,et al.  Safe Flocking in Spite of Actuator Faults using Directional Failure Detectors , 2011 .

[44]  S.A. Viken,et al.  Demonstration of four operating capabilities to enable a small aircraft transportation system , 2005, 24th Digital Avionics Systems Conference.

[45]  Nancy A. Lynch,et al.  Safety Verification of an Aircraft Landing Protocol: A Refinement Approach , 2007, HSCC.

[46]  Amir Pnueli,et al.  Model-Checking and Abstraction to the Aid of Parameterized Systems , 2003, VMCAI.