Formal verification of distributed aircraft controllers

As airspace becomes ever more crowded, air traffic management must reduce both space and time between aircraft to increase throughput, making on-board collision avoidance systems ever more important. These safety-critical systems must be extremely reliable, and as such, many resources are invested into ensuring that the protocols they implement are accurate. Still, it is challenging to guarantee that such a controller works properly under every circumstance. In tough scenarios where a large number of aircraft must execute a collision avoidance maneuver, a human pilot under stress is not necessarily able to understand the complexity of the distributed system and may not take the right course, especially if actions must be taken quickly. We consider a class of distributed collision avoidance controllers designed to work even in environments with arbitrarily many aircraft or UAVs. We prove that the controllers never allow the aircraft to get too close to one another, even when new planes approach an in-progress avoidance maneuver that the new plane may not be aware of. Because these safety guarantees always hold, the aircraft are protected against unexpected emergent behavior which simulation and testing may miss. This is an important step in formally verified, flyable, and distributed air traffic control.

[1]  L. Dubins On Curves of Minimal Length with a Constraint on Average Curvature, and with Prescribed Initial and Terminal Positions and Tangents , 1957 .

[2]  S. Shankar Sastry,et al.  Conflict resolution for air traffic management: a study in multiagent hybrid systems , 1998, IEEE Trans. Autom. Control..

[3]  George J. Pappas,et al.  2 1/2 D conflict resolution maneuvers for ATMS , 1998, Proceedings of the 37th IEEE Conference on Decision and Control (Cat. No.98CH36171).

[4]  Antonio Bicchi,et al.  On optimal cooperative conflict resolution for air traffic management systems , 2000, IEEE Trans. Intell. Transp. Syst..

[5]  Mieke Massink,et al.  Modelling free flight with collision avoidance , 2001, Proceedings Seventh IEEE International Conference on Engineering of Complex Computer Systems.

[6]  S. Shankar Sastry,et al.  Optimal Coordinated Motions of Multiple Agents Moving on a Plane , 2003, SIAM J. Control. Optim..

[7]  S. Shankar Sastry,et al.  Probabilistic safety analysis in three dimensional aircraft flight , 2003, 42nd IEEE International Conference on Decision and Control (IEEE Cat. No.03CH37475).

[8]  Gilles Dowek,et al.  Provably Safe Coordinated Strategy for Distributed Conflict Resolution , 2005 .

[9]  Nancy A. Lynch,et al.  Proving Safety Properties of an Aircraft Landing Protocol Using I/O Automata and the PVS Theorem Prover: A Case Study , 2006, FM.

[10]  Inseok Hwang,et al.  Protocol-Based Conflict Resolution for Air Traffic Control , 2007 .

[11]  Antonio Bicchi,et al.  Decentralized Cooperative Policy for Conflict Resolution in Multivehicle Systems , 2007, IEEE Transactions on Robotics.

[12]  Nancy A. Lynch,et al.  Safety Verification of an Aircraft Landing Protocol: A Refinement Approach , 2007, HSCC.

[13]  César A. Muñoz,et al.  Formal Verification of an Optimal Air Traffic Conflict Resolution and Recovery Algorithm , 2007, WoLLIC.

[14]  Edmund M. Clarke,et al.  Formal Verification of Curved Flight Collision Avoidance Maneuvers: A Case Study , 2009, FM.

[15]  André Platzer,et al.  Quantified Differential Dynamic Logic for Distributed Hybrid Systems , 2010, CSL.

[16]  Domitilla Del Vecchio,et al.  Formal design of a provably safe robotic roundabout system , 2010, 2010 IEEE/RSJ International Conference on Intelligent Robots and Systems.

[17]  André Platzer,et al.  Differential-algebraic Dynamic Logic for Differential-algebraic Programs , 2010, J. Log. Comput..

[18]  André Platzer,et al.  Adaptive Cruise Control: Hybrid, Distributed, and Now Formally Verified , 2011, FM.

[19]  André Platzer,et al.  Distributed Theorem Proving for Distributed Hybrid Systems , 2011, ICFEM.

[20]  André Platzer,et al.  Quantified differential invariants , 2011, HSCC '11.

[21]  Taylor T. Johnson,et al.  Parametrized Verification of Distributed Cyber-Physical Systems: An Aircraft Landing Protocol Case Study , 2012, 2012 IEEE/ACM Third International Conference on Cyber-Physical Systems.

[22]  André Platzer,et al.  A Complete Axiomatization of Quantified Differential Dynamic Logic for Distributed Hybrid Systems , 2012, Log. Methods Comput. Sci..