skip to main content
research-article

Real-Time Reachability for Verified Simplex Design

Published:17 February 2016Publication History
Skip Abstract Section

Abstract

The Simplex architecture ensures the safe use of an unverifiable complex/smart controller by using it in conjunction with a verified safety controller and verified supervisory controller (switching logic). This architecture enables the safe use of smart, high-performance, untrusted, and complex control algorithms to enable autonomy without requiring the smart controllers to be formally verified or certified. Simplex incorporates a supervisory controller that will take over control from the unverified complex/smart controller if it misbehaves and use a safety controller. The supervisory controller should (1) guarantee that the system never enters an unsafe state (safety), but should also (2) use the complex/smart controller as much as possible (minimize conservatism). The problem of precisely and correctly defining the switching logic of the supervisory controller has previously been considered either using a control-theoretic optimization approach or through an offline hybrid-systems reachability computation. In this work, we show that a combined online/offline approach that uses aspects of the two earlier methods, along with a real-time reachability computation, also maintains safety, but with significantly less conservatism, allowing the complex controller to be used more frequently. We demonstrate the advantages of this unified approach on a saturated inverted pendulum system, in which the verifiable region of attraction is over twice as large compared to the earlier approach. Additionally, to validate the claims that the real-time reachability approach may be implemented on embedded platforms, we have ported and conducted embedded hardware studies using both ARM processors and Atmel AVR microcontrollers. This is the first ever demonstration of a hybrid-systems reachability computation in real time on actual embedded platforms, which required addressing significant technical challenges.

References

  1. Michael Aiello, John Berryman, Jonathan Grohs, and John Schierman. 2010. Run-time assurance for advanced flight-critical control systems. In Proceedings of the American Institute of Aeronautics and Astronautics Guidance, Navigation, and Control Conference (AIAA’10).Google ScholarGoogle ScholarCross RefCross Ref
  2. R. Alur, C. Courcoubetis, N. Halbwachs, T. A. Henzinger, P.-H. Ho, X. Nicollin, A. Olivero, J. Sifakis, and S. Yovine. 1995. The algorithmic analysis of hybrid systems. Theoretical Computer Science 138, 3--34. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. Rajeev Alur and David L. Dill. 1994. A theory of timed automata. Theoretical Computer Science 126, 183--235. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. Jean-Pierre Aubin. 1991. Viability Theory. Birkhauser Boston Inc., Cambridge, MA. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. R. Bagnara, P. M. Hill, and E. Zaffanella. 2008. The Parma Polyhedra Library: Toward a complete set of numerical abstractions for the analysis and verification of hardware and software systems. Science of Computer Programming 72, 1--2, 3--21. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. Stanley Bak. 2009. Industrial Application of the System-Level Simplex Architecture for Real-Time Embedded System Safety. Master’s thesis. University of Illinois at Urbana-Champaign, Champaign, IL.Google ScholarGoogle Scholar
  7. Stanley Bak. 2013a. HyCreate: A Tool for Overapproximating Reachability of Hybrid Automata. Retrieved January 17, 2016 from http://stanleybak.com/projects/hycreate/hycreate.html.Google ScholarGoogle Scholar
  8. Stanley Bak. 2013b. Verifiable COTS-Based Cyber-Physical Systems. Ph.D. dissertation. University of Illinois at Urbana-Champaign, Urbana, IL.Google ScholarGoogle Scholar
  9. Stanley Bak, Sergiy Bogomolov, and Taylor T. Johnson. 2015. HyST: A source transformation and translation tool for hybrid automaton models. In Proceedings of the 18th International Conference on Hybrid Systems: Computation and Control (HSCC’15). ACM, New York, NY. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. Stanley Bak, Deepti K. Chivukula, Olugbemiga Adekunle, Mu Sun, Marco Caccamo, and Lui Sha. 2009. The system-level Simplex architecture for improved real-time embedded system safety. In 15th IEEE Real-Time and Embedded Technology and Applications Symposium (RTAS’09). Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. Stanley Bak, Ashley Greer, and Sayan Mitra. 2010. Hybrid cyberphysical system verification with Simplex using discrete abstractions. In IEEE Real-Time and Embedded Technology and Applications Symposium, Vol. 0. IEEE Computer Society, Los Alamitos, CA, 143--152. DOI:http://dx.doi.org/10.1109/RTAS.2010.27 Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. Stanley Bak, Taylor T. Johnson, Marco Caccamo, and Lui Sha. 2014. Real-time reachability for verified Simplex design. In IEEE Real-Time Systems Symposium (RTSS’14). IEEE Computer Society, Rome, Italy.Google ScholarGoogle ScholarCross RefCross Ref
  13. Stanley Bak, Karthik Manamcheri, Sayan Mitra, and Marco Caccamo. 2011. Sandboxing controllers for cyber-physical systems. In Proceedings of International Conference on Cyber-Physical Systems (ICCPS’11). Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. Johan Bengtsson, Kim Larsen, Fredrik Larsson, Paul Pettersson, and Wang Yi. 1996. UPPAAL: A tool suite for automatic verification of real-time systems. In Hybrid Systems III, Rajeev Alur, Thomas Henzinger, and Eduardo Sontag (Eds.). Lecture Notes in Computer Science, Vol. 1066. Springer, Berlin, 232--243. DOI:http://dx.doi.org/10.1007/BFb0020949 Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. Luca Benvenuti, Davide Bresolin, Pieter Collins, Alberto Ferrari, Luca Geretti, and Tiziano Villa. 2014. Assume-guarantee verification of nonlinear hybrid systems with Ariadne. International Journal of Robust and Nonlinear Control 24, 4, 699--724. DOI:http://dx.doi.org/10.1002/rnc.2914Google ScholarGoogle ScholarCross RefCross Ref
  16. S. Boyd, L. El Ghaoui, E. Feron, and V. Balakrishnan. 1994. Linear Matrix Inequalities in System and Control Theory. Studies in Applied Mathematics, Vol. 15. SIAM, Philadelphia, PA.Google ScholarGoogle Scholar
  17. M. S. Branicky. 1998. Multiple Lyapunov functions and other analysis tools for switched and hybrid systems. IEEE Transactions on Automatic Control 43, 4, 475--482. DOI:http://dx.doi.org/10.1109/9.664150Google ScholarGoogle ScholarCross RefCross Ref
  18. Lei Bu, Qixin Wang, Xin Chen, Linzhang Wang, Tian Zhang, Jianhua Zhao, and Xuandong Li. 2011. Toward online hybrid systems model checking of cyber-physical systems’ time-bounded short-run behavior. SIGBED Rev 8, 2, 7--10. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. Xin Chen, Erika Abraham, and Sriram Sankaranarayanan. 2012. Taylor model flowpipe construction for non-linear hybrid systems. 2013 IEEE 34th Real-Time Systems Symposium 0, 183--192. DOI:http://dx.doi.org/10.1109/RTSS.2012.70 Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. Matthew Clark, Xenofon Koutsoukos, Ratnesh Kumar, Insup Lee, George Pappas, Lee Pike, Joseph Porter, and Oleg Sokolsky. 2013. Study on Run Time Assurance for Complex Cyber Physical Systems. Technical Report, Air Force Research Lab, Wright-Patterson AFB, OH.Google ScholarGoogle Scholar
  21. Tanya L. Crenshaw, Elsa Gunter, C. L. Robinson, Lui Sha, and P. R. Kumar. 2007. The Simplex reference model: Limiting fault-propagation due to unreliable components in cyber-physical system architectures. In RTSS’07. Washington, DC, 400--412. DOI:http://dx.doi.org/10.1109/RTSS.2007.50 Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. Thao Dang. 2000. Verification et Synthese des Systemes Hybrides. Ph.D. Dissertation. INPG, Grenoble, France.Google ScholarGoogle Scholar
  23. Thao Dang and Oded Maler. 1998. Reachability analysis via face lifting. In Hybrid Systems: Computation and Control (HSCC’98). Lecture Notes in Computer Science, Vol. 1386. Springer, Berlin, 96--109. Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. Thao Dang, Oded Maler, and Romain Testylier. 2010. Accurate hybridization of nonlinear systems. In Proceedings of the 13th ACM International Conference on Hybrid Systems: Computation and Control (HSCC’10). ACM, New York, NY, USA, 11--20. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. Parasara Sridhar Duggirala, Sayan Mitra, Mahesh Viswanathan, and Matthew Potok. 2015. C2E2: A verification tool for stateflow models. In Tools and Algorithms for the Construction and Analysis of Systems, Christel Baier and Cesare Tinelli (Eds.). Lecture Notes in Computer Science, Vol. 9035. Springer, Berlin, 68--82. DOI:http://dx.doi.org/10.1007/978-3-662-46681-0_5Google ScholarGoogle Scholar
  26. Parasara Sridhar Duggirala, Sayan Mitra, and Mahesh Viswanathan. 2013. Verification of annotated models from executions. In Proceedings of the 11th ACM International Conference on Embedded Software (EMSOFT’13). IEEE Press, Piscataway, NJ, Article 26, 10 pages. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. Andreas Eggers, Nacim Ramdani, Nedialko Nedialkov, and Martin Fränzle. 2011. Improving SAT modulo ODE for hybrid systems analysis by combining different enclosure methods. In Software Engineering and Formal Methods, Gilles Barthe, Alberto Pardo, and Gerardo Schneider (Eds.). Lecture Notes in Computer Science, Vol. 7041. Springer Berlin, 172--187. DOI:http://dx.doi.org/10.1007/978-3-642-24690-6_13 Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. Goran Frehse. 2008. PHAVer: Algorithmic verification of hybrid systems past HyTech. International Journal on Software Tools for Technology Transfer (STTT) 10, 3, 263--279. DOI:http://dx.doi.org/10.1007/s10009-007-0062-x Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. Goran Frehse, Colas Le Guernic, Alexandre Donzé, Scott Cotton, Rajarshi Ray, Olivier Lebeltel, Rodolfo Ripado, Antoine Girard, Thao Dang, and Oded Maler. 2011. SpaceEx: Scalable verification of hybrid systems. In Computer Aided Verification (CAV). Lecture Notes in Computer Science. Springer, Berlin. Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. Sicun Gao, Soonho Kong, and Edmund Clarke. 2013. Satisfiability modulo ODEs. In International Conference on Formal Methods in Computer-Aided Design (FMCAD’13). DOI:http://dx.doi.org/10.1109/FMCAD.2008.ECP.14Google ScholarGoogle Scholar
  31. Jeremy H. Gillula, Shahab Kaynama, and Claire J. Tomlin. 2014. Sampling-based approximation of the viability kernel for high-dimensional linear sampled-data systems. In Proceedings of the 17th International Conference on Hybrid Systems: Computation and Control (HSCC’14). ACM, New York, NY, 173--182. DOI:http://dx.doi.org/10.1145/2562059.2562117 Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. Hervé Guéguen, Marie-Anne Lefebvre, Janan Zaytoon, and Othman Nasri. 2009. Safety verification and reachability analysis for hybrid systems. Annual Reviews in Control 33, 1, 25--36. DOI:http://dx.doi.org/DOI:10.1016/j.arcontrol.2009.03.002Google ScholarGoogle ScholarCross RefCross Ref
  33. Thomas A. Henzinger, Pei-Hsin Ho, and Howard Wong-Toi. 1997. HyTech: A model checker for hybrid systems. Journal on Software Tools for Technology Transfer 1, 1, 110--122. DOI:http://dx.doi.org/10.1007/s100090050008Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. Thomas A. Henzinger, Peter W. Kopke, Anuj Puri, and Pravin Varaiya. 1995. What’s decidable about hybrid automata? In Journal of Computer and System Sciences. ACM Press, New York, NY, 373--382. Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. Alan C. Hindmarsh, Peter N. Brown, Keith E. Grant, Steven L. Lee, Radu Serban, Dan E. Shumaker, and Carol S. Woodward. 2005. SUNDIALS: Suite of nonlinear and differential/algebraic equation solvers. ACM Transactions on Mathematical Software 31, 3, 363--396. DOI:http://dx.doi.org/10.1145/1089014.1089020 Google ScholarGoogle ScholarDigital LibraryDigital Library
  36. Taylor T. Johnson and Sayan Mitra. 2014. Anonymized reachability of rectangular hybrid automata networks. In Formal Modeling and Analysis of Timed Systems (FORMATS’14).Google ScholarGoogle Scholar
  37. J. Kapinski and B. H. Krogh. 2002. A new tool for verifying computer controlled systems. In IEEE Conference on Computer-Aided Control System Design. 98--103.Google ScholarGoogle Scholar
  38. H. K. Khalil. 2002. Nonlinear Systems (3rd ed.). Prentice Hall, Upper Saddle River, NJ.Google ScholarGoogle Scholar
  39. Gerardo Lafferriere, George J. Pappas, and Shankar Sastry. 2000. O-minimal hybrid systems. Mathematics of Control, Signals and Systems 13, 1, 1--21.Google ScholarGoogle ScholarCross RefCross Ref
  40. Tao Li, Feng Tan, Qixin Wang, Lei Bu, Jian-Nong Cao, and Xue Liu. 2012. From offline toward real-time: A hybrid systems model checking and CPS co-design approach for medical device plug-and-play (MDPnP). In 2012 IEEE/ACM 3rd International Conference on Cyber-Physical Systems (ICCPS’12). 13--22. DOI:http://dx.doi.org/10.1109/ICCPS.2012.10 Google ScholarGoogle ScholarDigital LibraryDigital Library
  41. Tao Li, Feng Tan, Qixin Wang, Lei Bu, Jian-Nong Cao, and Xue Liu. 2014. From offline toward real time: A hybrid systems model checking and CPS codesign approach for medical device plug-and-play collaborations. IEEE Transactions on Parallel and Distributed Systems 25, 3, 642--652. DOI:http://dx.doi.org/10.1109/TPDS.2013.50 Google ScholarGoogle ScholarDigital LibraryDigital Library
  42. Kwei-Jay Lin, Swaminathan Natarajan, and Jane W.-S. Liu. 1987. Imprecise results: Utilizing partial computations in real-time systems. In RTSS. 210--217.Google ScholarGoogle Scholar
  43. C. L. Liu and J. W. Layland. 1973. Scheduling algorithms for multiprogramming in a hard-real-time environment. Journal of the Association for Computing Machinery 20, 1. Google ScholarGoogle ScholarDigital LibraryDigital Library
  44. J. W. S. Liu, Wei-Kuan Shih, Kwei-Jay Lin, R. Bettati, and J. Y. Chung. 1994. Imprecise computations. Proceedings of the IEEE 82, 1, 83--94. DOI:http://dx.doi.org/10.1109/5.259428Google ScholarGoogle ScholarCross RefCross Ref
  45. J. Löfberg. 2004. YALMIP: A toolbox for modeling and optimization in MATLAB. In Proceedings of the CACSD Conference. Taipei, Taiwan. http://users.isy.liu.se/johanl/yalmip/.Google ScholarGoogle ScholarCross RefCross Ref
  46. Stefan Mitsch and Andre Platzer. 2014. ModelPlex: Verified runtime validation of verified cyber-physical system models. In Runtime Verification, Borzoo Bonakdarpour and Scott A. Smolka (Eds.). Lecture Notes in Computer Science, Vol. 8734. Springer, Berlin, 199--214. DOI:http://dx.doi.org/10.1007/978-3-319-11164-3_17Google ScholarGoogle Scholar
  47. Sibin Mohan, Stanley Bak, Emiliano Betti, Heechul Yun, Lui Sha, and Marco Caccamo. 2013. S3A: Secure system Simplex architecture for enhanced security and robustness of cyber-physical systems. In Proceedings of the 2nd ACM International Conference on High Confidence Networked Systems (HiCoNS’13). 10. DOI:http://dx.doi.org/10.1145/2461446.2461456 Google ScholarGoogle ScholarDigital LibraryDigital Library
  48. R. E. Moore. 1966. Interval Analysis. Prentice-Hall.Google ScholarGoogle Scholar
  49. Abhishek Murthy. 2012. Simplex Architecture for Run Time Assurance of Hybrid Systems. Safe and Secure Systems and Software Symposium (S5).Google ScholarGoogle Scholar
  50. David J. Musliner and Edmund H. Durfee. 1995. World modeling for the dynamic construction of real-time control plans. Artificial Intelligence 74, 1, 83--127. DOI:http://dx.doi.org/10.1016/0004-3702(94)00008-O Google ScholarGoogle ScholarDigital LibraryDigital Library
  51. M. Neher, K. R. Jackson, and N. S. Nedialkov. 2007. On Taylor model based integration of ODEs. SIAM Journal on Numerical Analysis 45. Google ScholarGoogle ScholarDigital LibraryDigital Library
  52. Stefan Ratschan and Zhikun She. 2007. Safety verification of hybrid systems by constraint propagation-based abstraction refinement. ACM Transactions on Embedded Computing Systems 6, 1, Article 8. DOI:http://dx.doi.org/10.1145/1210268.1210276 Google ScholarGoogle ScholarDigital LibraryDigital Library
  53. Danbing Seto, Enrique Ferreira, and Theodore F. Marz. 2000. Case Study: Development of a Baseline Controller for Automatic Landing of an F-16 Aircraft using Linear Matrix Inequalities (LMIs). Carnegie Mellon University Software Engineering Institute, Pittsburgh, PA 15213. Technical report number CMU/SEI-99-TR-020. http://www.sei.cmu.edu/reports/99tr020.pdf.Google ScholarGoogle Scholar
  54. D. Seto and Lui Sha. 1999. A Case Study on Analytical Analysis of the Inverted Pendulum Real-Time Control System. CMU/SEI Technical Report 99-TR-023. Carnegie Mellon University, Pittsburgh, PA.Google ScholarGoogle Scholar
  55. Lui Sha. 2001. Using simplicity to control complexity. IEEE Software 18, 4, 20--28. DOI:http://dx.doi.org/dx.doi.org/10.1109/ MS.2001.936213 Google ScholarGoogle ScholarDigital LibraryDigital Library
  56. T. Söderström and P. Stoica (Eds.). 1988. System Identification. Prentice-Hall, Inc., Upper Saddle River, NJ.Google ScholarGoogle Scholar
  57. O. Stauning. 1997. Automatic Validation of Numerical Solutions. Ph.D. Dissertation. Informatics and Mathematical Modelling, Technical University of Denmark, DTU, Richard Petersens Plads, Building 321, DK-2800 Kgs. Lyngby.Google ScholarGoogle Scholar
  58. Ashish Tiwari. 2008. Abstractions for hybrid systems. Formal Methods in System Design 32, 1, 57--83. DOI:http://dx.doi.org/10.1007/s10703-007-0044-3 Google ScholarGoogle ScholarDigital LibraryDigital Library
  59. K. C. Toh, M. J. Todd, and R. H. Tutuncu. 1999. SDPT3: A MATLAB software package for semidefinite programming. Optimization Methods and Software 11, 545--581.Google ScholarGoogle ScholarCross RefCross Ref
  60. Lieven Vandenberghe, Stephen Boyd, and Shao-Po Wu. 1998. Determinant maximization with linear matrix inequality constraints. SIAM Journal on Matrix Analysis and Applications 19, 2, 499--533. DOI:http://dx.doi.org/10.1137/S0895479896303430 Google ScholarGoogle ScholarDigital LibraryDigital Library
  61. Xiaofeng Wang, N. Hovakimyan, and Lui Sha. 2013. L1Simplex: Fault-tolerant control of cyber-physical systems. In 2013 ACM/IEEE International Conference on Cyber-Physical Systems (ICCPS’13). 41--50. DOI:http://dx.doi.org/10.1109/ICCPS.2013.6603998 Google ScholarGoogle ScholarDigital LibraryDigital Library
  62. Jianguo Yao, Xue Liu, Guchuan Zhu, and Lui Sha. 2013. NetSimplex: Controller fault tolerance architecture in networked control systems. IEEE Transactions on Industrial Informatics 9, 1, 346--356. DOI:http://dx.doi.org/10.1109/TII.2012.2219060Google ScholarGoogle ScholarCross RefCross Ref

Index Terms

  1. Real-Time Reachability for Verified Simplex Design

      Recommendations

      Comments

      Login options

      Check if you have access through your login credentials or your institution to get full access on this article.

      Sign in

      Full Access

      PDF Format

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader
      About Cookies On This Site

      We use cookies to ensure that we give you the best experience on our website.

      Learn more

      Got it!