Invisible formal methods for embedded control systems

Embedded control systems typically comprise continuous control laws combined with discrete mode logic. These systems are modeled using a hybrid automaton formalism, which is obtained by combining the discrete transition system formalism with continuous dynamical systems. This paper develops automated analysis techniques for asserting correctness of hybrid system designs. Our approach is based on symbolic representation of the state space of the system using mathematical formulas in an appropriate logic. Such formulas are manipulated using symbolic theorem proving techniques. It is important that formal analysis should be unobtrusive and acceptable to engineering practice. We motivate a methodology called invisible formal methods that provides a graded sequence of formal analysis technologies ranging from extended typechecking, through approximation and abstraction, to model checking and theorem proving. As an instance of invisible formal methods, we describe techniques to check inductive invariants, or extended types, for hybrid systems and compute discrete finite state abstractions automatically to perform reachability set computation. The abstract system is sound with respect to the formal semantics of hybrid automata. We also discuss techniques for performing analysis on nonstandard semantics of hybrid automata. We also briefly discuss the problem of translating models in Simulink/Stateflow language, which is widely used in practice, into the modeling formalisms, like hybrid automata, for which analysis tools are being developed.

[1]  Rajeev Alur,et al.  Analysis of Recursive State Machines , 2001, CAV.

[2]  Steven D. Johnson,et al.  Formal methods in computer-aided design : third international conference, FMCAD 2000, Austin, TX, USA, November 1-3, 2000 : proceedings , 2000 .

[3]  Scott McCallum,et al.  An Improved Projection Operation for Cylindrical Algebraic Decomposition of Three-Dimensional Space , 1988, J. Symb. Comput..

[4]  S. Shankar Sastry,et al.  O-Minimal Hybrid Systems , 2000, Math. Control. Signals Syst..

[5]  Alain Finkel,et al.  Computer Aided Verification: 13th International Conference, CAV 2001, Paris, France, July 18-22, 2001. Proceedings , 2001 .

[6]  Robert L. Grossman,et al.  Timed Automata , 1999, CAV.

[7]  Panos J. Antsaklis,et al.  Hybrid Systems IV , 1997, Lecture Notes in Computer Science.

[8]  D. Lazard An Improved Projection for Cylindrical Algebraic Decomposition , 1994 .

[9]  Alan J. Hu,et al.  Formal Methods in Computer-Aided Design , 2004, Lecture Notes in Computer Science.

[10]  David Harel,et al.  Statecharts: A Visual Formalism for Complex Systems , 1987, Sci. Comput. Program..

[11]  Amnon Naamad,et al.  The STATEMATE semantics of statecharts , 1996, TSEM.

[12]  Hirokazu Anai,et al.  Reach Set Computations Using Real Quantifier Elimination , 2001, HSCC.

[13]  Rajeev Alur,et al.  A Theory of Timed Automata , 1994, Theor. Comput. Sci..

[14]  Ashish Tiwari,et al.  Series of Abstractions for Hybrid Automata , 2002, HSCC.

[15]  Bruce H. Krogh,et al.  Verification of Polyhedral-Invariant Hybrid Automata Using Polygonal Flow Pipe Approximations , 1999, HSCC.

[16]  Javier Esparza,et al.  Reachability Analysis of Pushdown Automata: Application to Model-Checking , 1997, CONCUR.

[17]  Panos J. Antsaklis,et al.  Hybrid Systems II , 1994, Lecture Notes in Computer Science.

[18]  P. Varaiya,et al.  What ' s Decidable about Hybrid Automata ? 1 , 1995 .

[19]  Thomas A. Henzinger,et al.  The Algorithmic Analysis of Hybrid Systems , 1995, Theor. Comput. Sci..

[20]  Thomas Brihaye,et al.  On O-Minimal Hybrid Systems , 2004, HSCC.

[21]  Ashish Tiwari,et al.  A Technique for Invariant Generation , 2001, TACAS.

[22]  Mats Jirstrand,et al.  Nonlinear Control System Design by Quantifier Elimination , 1997, J. Symb. Comput..

[23]  Pravin Varaiya,et al.  What's decidable about hybrid automata? , 1995, STOC '95.

[24]  M. Jirstrand Algebraic Methods for Modeling and Design in Control , 1996 .

[25]  Pravin Varaiya,et al.  Driving safely in smart cars , 1995, Proceedings of 1995 American Control Conference - ACC'95.

[26]  Dafydd Gibbon,et al.  1 User’s guide , 1998 .

[27]  A. Tarski A Decision Method for Elementary Algebra and Geometry , 2023 .

[28]  George E. Collins,et al.  Quantifier elimination for real closed fields by cylindrical algebraic decomposition , 1975 .

[29]  Ian M. Mitchell,et al.  Level Set Methods for Computation in Hybrid Systems , 2000, HSCC.

[30]  H. Hong An improvement of the projection operator in cylindrical algebraic decomposition , 1990, ISSAC '90.

[31]  Mats Jirstrand Cylindrical Algebraic Decomposition - an Introduction , 1995 .

[32]  Thomas A. Henzinger,et al.  Hybrid Systems III , 1995, Lecture Notes in Computer Science.

[33]  Mark R. Greenstreet,et al.  Hybrid Systems: Computation and Control , 2002, Lecture Notes in Computer Science.

[34]  Gerardo Lafferriere,et al.  Symbolic Reachability Computation for Families of Linear Vector Fields , 2001, J. Symb. Comput..

[35]  A. Tiwari Formal Semantics and Analysis Methods for Simulink Stateflow Models , 2001 .

[36]  George J. Pappas,et al.  Discrete abstractions of hybrid systems , 2000, Proceedings of the IEEE.

[37]  Yassine Lakhnech,et al.  Hierarchical Automata as Model for Statecharts , 1997, ASIAN.