Formal verification of ACAS X, an industrial airborne collision avoidance system

Formal verification of industrial systems is very challenging, due to reasons ranging from scalability issues to communication difficulties with engineering-focused teams. More importantly, industrial systems are rarely designed for verification, but rather for operational needs. In this paper we present an overview of our experience using hybrid systems theorem proving to formally verify ACAS X, an airborne collision avoidance system for airliners scheduled to be operational around 2020. The methods and proof techniques presented here are an overview of the work already presented in [8], while the evaluation of ACAS X has been significantly expanded and updated to the most recent version of the system, run 13. The effort presented in this paper is an integral part of the ACAS X development and was performed in tight collaboration with the ACAS X development team.

[1]  Jean-Baptiste Jeannin,et al.  Hybrid Theorem Proving of Aerospace Systems: Applications and Challenges , 2014, J. Aerosp. Inf. Syst..

[2]  Nancy A. Lynch,et al.  On the formal verification of the TCAS conflict resolution algorithms , 1997, Proceedings of the 36th IEEE Conference on Decision and Control.

[3]  S. Shankar Sastry,et al.  Conflict resolution for air traffic management: a study in multiagent hybrid systems , 1998, IEEE Trans. Autom. Control..

[4]  Jean-Baptiste Jeannin,et al.  A Formally Verified Hybrid System for the Next-Generation Airborne Collision Avoidance System , 2015, TACAS.

[5]  Mykel J. Kochenderfer,et al.  Robust Airborne Collision Avoidance through Dynamic Programming , 2011 .

[6]  B J Chludzinski Evaluation of TCAS II Version 7.1 Using the FAA Fast-Time Encounter Generator Model, Volume 1 , 2009 .

[7]  André Platzer,et al.  KeYmaera: A Hybrid Theorem Prover for Hybrid Systems (System Description) , 2008, IJCAR.

[8]  Mykel J. Kochenderfer,et al.  Correlated Encounter Model for Cooperative Aircraft in the National Airspace System Version 1.0 , 2008 .

[9]  Christian von Essen,et al.  Analyzing the Next Generation Airborne Collision Avoidance System , 2014, TACAS.

[10]  André Platzer,et al.  Formal verification of distributed aircraft controllers , 2013, HSCC '13.

[11]  André Platzer,et al.  ModelPlex: verified runtime validation of verified cyber-physical system models , 2014, Formal Methods in System Design.

[12]  Mykel J. Kochenderfer,et al.  Next-Generation Airborne Collision Avoidance System , 2012 .

[13]  César A. Muñoz,et al.  Formal Verification of an Optimal Air Traffic Conflict Resolution and Recovery Algorithm , 2007, WoLLIC.

[14]  André Platzer,et al.  Differential Dynamic Logic for Hybrid Systems , 2008, Journal of Automated Reasoning.

[15]  Edmund M. Clarke,et al.  Formal Verification of Curved Flight Collision Avoidance Maneuvers: A Case Study , 2009, FM.

[16]  Mykel J. Kochenderfer,et al.  Optimizing the Next Generation Collision Avoidance System for Safe, Suitable, and Acceptable Operational Performance , 2013 .

[17]  Gilles Dowek,et al.  Provably Safe Coordinated Strategy for Distributed Conflict Resolution , 2005 .