A Formally Verified Hybrid System for the Next-Generation Airborne Collision Avoidance System

The Next-Generation Airborne Collision Avoidance System ACASi¾?X is intended to be installed on all large aircraft to give advice to pilots and prevent mid-air collisions with other aircraft. It is currently being developed by the Federal Aviation Administration FAA. In this paper we determine the geometric configurations under which the advice given by ACAS X is safe under a precise set of assumptions and formally verify these configurations using hybrid systems theorem proving techniques. We conduct an initial examination of the current version of the real ACAS X system and discuss some cases where our safety theorem conflicts with the actual advisory given by that version, demonstrating how formal, hybrid approaches are helping ensure the safety of ACAS X. Our approach is general and could also be used to identify unsafe advice issued by other collision avoidance systems or confirm their safety.

[1]  Larry Wos,et al.  What Is Automated Reasoning? , 1987, J. Autom. Reason..

[2]  Nancy A. Lynch,et al.  On the formal verification of the TCAS conflict resolution algorithms , 1997, Proceedings of the 36th IEEE Conference on Decision and Control.

[3]  S. Shankar Sastry,et al.  Conflict resolution for air traffic management: a study in multiagent hybrid systems , 1998, IEEE Trans. Autom. Control..

[4]  Rajeev Alur,et al.  A Temporal Logic of Nested Calls and Returns , 2004, TACAS.

[5]  Gilles Dowek,et al.  Provably Safe Coordinated Strategy for Distributed Conflict Resolution , 2005 .

[6]  César A. Muñoz,et al.  Formal Verification of an Optimal Air Traffic Conflict Resolution and Recovery Algorithm , 2007, WoLLIC.

[7]  André Platzer,et al.  KeYmaera: A Hybrid Theorem Prover for Hybrid Systems (System Description) , 2008, IJCAR.

[8]  André Platzer,et al.  Differential Dynamic Logic for Hybrid Systems , 2008, Journal of Automated Reasoning.

[9]  Mykel J. Kochenderfer,et al.  Correlated Encounter Model for Cooperative Aircraft in the National Airspace System Version 1.0 , 2008 .

[10]  Alan Bundy,et al.  Towards Ontology Evolution in Physics , 2008, WoLLIC.

[11]  Edmund M. Clarke,et al.  Formal Verification of Curved Flight Collision Avoidance Maneuvers: A Case Study , 2009, FM.

[12]  B J Chludzinski Evaluation of TCAS II Version 7.1 Using the FAA Fast-Time Encounter Generator Model, Volume 1 , 2009 .

[13]  Ana Cavalcanti,et al.  FM 2009: Formal Methods, Second World Congress, Eindhoven, The Netherlands, November 2-6, 2009. Proceedings , 2009, FM.

[14]  André Platzer,et al.  Logical Analysis of Hybrid Systems - Proving Theorems for Complex Dynamics , 2010 .

[15]  Mykel J. Kochenderfer,et al.  Robust Airborne Collision Avoidance through Dynamic Programming , 2011 .

[16]  Mykel J. Kochenderfer,et al.  Next-Generation Airborne Collision Avoidance System , 2012 .

[17]  André Platzer,et al.  Logics of Dynamical Systems , 2012, 2012 27th Annual IEEE Symposium on Logic in Computer Science.

[18]  Mykel J. Kochenderfer,et al.  Compression of Optimal Value Functions for Markov Decision Processes , 2013, 2013 Data Compression Conference.

[19]  André Platzer,et al.  Formal verification of distributed aircraft controllers , 2013, HSCC '13.

[20]  Mykel J. Kochenderfer,et al.  Optimizing the Next Generation Collision Avoidance System for Safe, Suitable, and Acceptable Operational Performance , 2013 .

[21]  Christian von Essen,et al.  Analyzing the Next Generation Airborne Collision Avoidance System , 2014, TACAS.

[22]  Jean-Baptiste Jeannin,et al.  Hybrid Theorem Proving of Aerospace Systems: Applications and Challenges , 2014, J. Aerosp. Inf. Syst..