Hybrid Theorem Proving of Aerospace Systems: Applications and Challenges

DOI: 10.2514/1.I010178 Complex software systems are becoming increasingly prevalent in aerospace applications: in particular, to accomplish critical tasks. Ensuring the safety of these systems is crucial, as they can have subtly different behaviors under slight variations in operating conditions.This paper advocates the use of formal verification techniques and in particulartheoremprovingfor hybridsoftware-intensivesystemsasawell-foundedcomplementaryapproachtothe classical aerospace verification and validation techniques, such as testing or simulation. As an illustration of these techniques, a novel lateral midair collision-avoidance maneuver is studied in an ideal setting, without accounting for the uncertainties of the physical reality. The challenges that naturally arise when applying such technology to industrial-scale applications is then detailed, and proposals are given on how to address these issues.

[1]  L. Dubins On Curves of Minimal Length with a Constraint on Average Curvature, and with Prescribed Initial and Terminal Positions and Tangents , 1957 .

[2]  Martin L. Puterman,et al.  Markov Decision Processes: Discrete Stochastic Dynamic Programming , 1994 .

[3]  Thomas A. Henzinger,et al.  The theory of hybrid automata , 1996, Proceedings 11th Annual IEEE Symposium on Logic in Computer Science.

[4]  R. Lachner,et al.  Collision avoidance as a differential game: real-time approximation of optimal strategies using higher derivatives of the value function , 1997, 1997 IEEE International Conference on Systems, Man, and Cybernetics. Computational Cybernetics and Simulation.

[5]  S. Shankar Sastry,et al.  Conflict resolution for air traffic management: a study in multiagent hybrid systems , 1998, IEEE Trans. Autom. Control..

[6]  Antonio Bicchi,et al.  Decentralized Air Traffic Management Systems: Performance and Fault Tolerance , 1998 .

[7]  Karl D. Bilimoria,et al.  Comparison of Centralized and Decentralized Conflict Resolution Strategies for Multiple-Aircraft Problems , 2000 .

[8]  John Lygeros,et al.  A probabilistic approach to aircraft conflict detection , 2000, IEEE Trans. Intell. Transp. Syst..

[9]  James K. Kuchar,et al.  A review of conflict detection and resolution modeling methods , 2000, IEEE Trans. Intell. Transp. Syst..

[10]  Anna Philippou,et al.  Tools and Algorithms for the Construction and Analysis of Systems , 2018, Lecture Notes in Computer Science.

[11]  Hoyt Lougee,et al.  SOFTWARE CONSIDERATIONS IN AIRBORNE SYSTEMS AND EQUIPMENT CERTIFICATION , 2001 .

[12]  T. Başar,et al.  A New Approach to Linear Filtering and Prediction Problems , 2001 .

[13]  John Lygeros,et al.  Aircraft and weather models for probabilistic collision avoidance in air traffic control , 2002, Proceedings of the 41st IEEE Conference on Decision and Control, 2002..

[14]  Gilles Dowek,et al.  Provably Safe Coordinated Strategy for Distributed Conflict Resolution , 2005 .

[15]  Alexandre M. Bayen,et al.  A time-dependent Hamilton-Jacobi formulation of reachable sets for continuous dynamic games , 2005, IEEE Transactions on Automatic Control.

[16]  Nancy G. Leveson,et al.  Engineering Spacecraft Mission Software using a Model-Based and Safety-Driven Design Methodology , 2006, J. Aerosp. Comput. Inf. Commun..

[17]  Nancy A. Lynch,et al.  Proving Safety Properties of an Aircraft Landing Protocol Using I/O Automata and the PVS Theorem Prover: A Case Study , 2006, FM.

[18]  Inseok Hwang,et al.  Protocol-Based Conflict Resolution for Air Traffic Control , 2007 .

[19]  Nancy A. Lynch,et al.  Safety Verification of an Aircraft Landing Protocol: A Refinement Approach , 2007, HSCC.

[20]  Jean Souyris,et al.  Astrée: From Research to Industry , 2007, SAS.

[21]  Alexandre M. Bayen,et al.  Aircraft Autolander Safety Analysis Through Optimal Control-Based Reach Set Computation , 2007 .

[22]  César A. Muñoz,et al.  Formal Verification of an Optimal Air Traffic Conflict Resolution and Recovery Algorithm , 2007, WoLLIC.

[23]  André Platzer,et al.  KeYmaera: A Hybrid Theorem Prover for Hybrid Systems (System Description) , 2008, IJCAR.

[24]  André Platzer,et al.  Differential Dynamic Logic for Hybrid Systems , 2008, Journal of Automated Reasoning.

[25]  Edmund M. Clarke,et al.  Computing Differential Invariants of Hybrid Systems as Fixedpoints , 2008, CAV.

[26]  Limor Fix,et al.  Fifteen Years of Formal Property Verification in Intel , 2008, 25 Years of Model Checking.

[27]  Virginie Wiels,et al.  Formal Verification of Avionics Software Products , 2009, FM.

[28]  Edmund M. Clarke,et al.  Formal Verification of Curved Flight Collision Avoidance Maneuvers: A Case Study , 2009, FM.

[29]  Eric Goubault,et al.  HybridFluctuat: A Static Analyzer of Numerical Programs within a Continuous Environment , 2009, CAV.

[30]  Edmund M. Clarke,et al.  Computing differential invariants of hybrid systems as fixedpoints , 2008, Formal Methods Syst. Des..

[31]  André Platzer,et al.  European Train Control System: A Case Study in Formal Verification , 2009, ICFEM.

[32]  André Platzer,et al.  Logical Analysis of Hybrid Systems - Proving Theorems for Complex Dynamics , 2010 .

[33]  D. Cofer,et al.  Software model checking takes off , 2010, Commun. ACM.

[34]  André Platzer,et al.  Differential-algebraic Dynamic Logic for Differential-algebraic Programs , 2010, J. Log. Comput..

[35]  Antoine Girard,et al.  SpaceEx: Scalable Verification of Hybrid Systems , 2011, CAV.

[36]  André Platzer,et al.  Stochastic Differential Dynamic Logic for Stochastic Hybrid Programs , 2011, CADE.

[37]  André Platzer,et al.  Adaptive Cruise Control: Hybrid, Distributed, and Now Formally Verified , 2011, FM.

[38]  P. Schrimpf,et al.  Dynamic Programming , 2011 .

[39]  André Platzer,et al.  Safe intersections: At the crossing of hybrid systems and verification , 2011, 2011 14th International IEEE Conference on Intelligent Transportation Systems (ITSC).

[40]  André Platzer,et al.  Towards Formal Verification of Freeway Traffic Control , 2012, 2012 IEEE/ACM Third International Conference on Cyber-Physical Systems.

[41]  Mykel J. Kochenderfer,et al.  Next-Generation Airborne Collision Avoidance System , 2012 .

[42]  André Platzer,et al.  Logics of Dynamical Systems , 2012, 2012 27th Annual IEEE Symposium on Logic in Computer Science.

[43]  Arnaud Venet,et al.  The Gauge Domain: Scalable Analysis of Linear Inequality Invariants , 2012, CAV.

[44]  Peter Kazanzides,et al.  Certifying the safe design of a virtual fixture control algorithm for a surgical robot , 2013, HSCC '13.

[45]  André Platzer,et al.  On Provably Safe Obstacle Avoidance for Autonomous Robotic Ground Vehicles , 2013, Robotics: Science and Systems.

[46]  André Platzer,et al.  Formal verification of distributed aircraft controllers , 2013, HSCC '13.

[47]  Christian von Essen,et al.  Analyzing the Next Generation Airborne Collision Avoidance System , 2014, TACAS.

[48]  André Platzer,et al.  ModelPlex: verified runtime validation of verified cyber-physical system models , 2014, Formal Methods in System Design.

[49]  André Platzer,et al.  Characterizing Algebraic Invariants by Differential Radical Invariants , 2014, TACAS.

[50]  Patrick Cousot,et al.  Static Analysis and Verification of Aerospace Software by Abstract Interpretation , 2010, Found. Trends Program. Lang..

[51]  A. Platzer,et al.  ModelPlex: verified runtime validation of verified cyber-physical system models , 2016, Formal Methods Syst. Des..