Olaf Stursberg

Abstraction and Counterexample-Guided Refinement in Model Checking of Hybrid Systems

Hybrid dynamic systems include both continuous and discrete state variables. Properties of hybrid systems, which have an infinite state space, can often be verified using ordinary model checking together with a finite-state abstraction. Model checking can be inconclusive, however, in which case the abstraction must be refined. This paper presents a new procedure to perform this refinement operation for abstractions of hybrid systems. Following an approach originally developed for finite-state systems [11, 25], the refinement procedure constructs a new abstraction that eliminates a counterexample generated by the model checker. For hybrid systems, analysis of the counterexample requires the computation of sets of reachable states in the continuous state space. We show how such reachability computations with varying degrees of complexity can be used to refine hybrid system abstractions efficiently. Examples illustrate our counterexample-guided refinement procedure. Experimental results for a prototype implementation indicate significant advantages over existing methods.

Continuous-discrete interactions in chemical processing plants

This paper discusses important hybrid aspects of chemical processing plants. It is outlined that discrete phenomena occur both on the physical level and in the control of these plants. As the dynamics of the transformations of energy and material are predominantly continuous, large and complex hybrid systems arise. We focus on three different aspects of dealing with such systems: (1) Modeling and simulation of hybrid systems for the design and optimization of plants, controllers and operating strategies. We present powerful simulation environments that have been developed in recent years. (2) Validation of plant instrumentation and discrete controllers. These systems are largely responsible for the safe and economic operation of chemical plants and the protection of the workforce, and the environment. Techniques for the verification of discrete controllers for continuous processes are discussed, which are based on a discrete approximation of the continuous dynamics. (3) Scheduling of batch plants. For plants that are operated in a discontinuous fashion, the timing and sequencing of the operations are very important for the efficient use of the equipment. This leads to large mixed-integer optimization problems. For a typical example, we show how the process and the constraints can be modeled and describe an efficient solution algorithm.

Efficient representation and computation of reachable sets for hybrid systems

Computing reachable sets is an essential step in most analysis and synthesis techniques for hybrid systems. The representation of these sets has a deciding impact on the computational complexity and thus the applicability of these techniques. This paper presents a new approach for approximating reachable sets using oriented rectangular hulls (ORHs), the orientations of which are determined by singular value decompositions of sample covariance matrices for sets of reachable states. The orientations keep the over-approximation of the reachable sets small in most cases with a complexity of low polynomial order with respect to the dimension of the continuous state space. We show how the use of ORHs can improve the efficiency of reachable set computation significantly for hybrid systems with nonlinear continuous dynamics.

Model-Based Probabilistic Collision Detection in Autonomous Driving

The safety of the planned paths of autonomous cars with respect to the movement of other traffic participants is considered. Therefore, the stochastic occupancy of the road by other vehicles is predicted. The prediction considers uncertainties originating from the measurements and the possible behaviors of other traffic participants. In addition, the interaction of traffic participants, as well as the limitation of driving maneuvers due to the road geometry, is considered. The result of the presented approach is the probability of a crash for a specific trajectory of the autonomous car. The presented approach is efficient as most of the intensive computations are performed offline, which results in a lean online algorithm for real-time application.

Reachability analysis of nonlinear systems with uncertain parameters using conservative linearization

Given an initial set of a nonlinear system with uncertain parameters and inputs, the set of states that can possibly be reached is computed. The approach is based on local linearizations of the nonlinear system, while linearization errors are considered by Lagrange remainders. These errors are added as uncertain inputs, such that the reachable set of the locally linearized system encloses the one of the original system. The linearization error is controlled by splitting of reachable sets. Reachable sets are represented by zonotopes, allowing an efficient computation in relatively high-dimensional space.

An assessment of the current status of algorithmic approaches to the verification of hybrid systems

This paper reviews the current status of implemented verification techniques for hybrid systems. We focus on tools that perform model checking for hybrid systems with varying levels of complexity. Features of the tools are described using a batch reactor example to illustrate what is required to develop an appropriate model for each tool. The concluding section suggests directions for future research and tool development based on the needs of industry for tools to perform verification and validation of designs for embedded control systems.

Verification of hybrid systems based on counterexample-guided abstraction refinement

Hybrid dynamic systems include both continuous and discrete state variables. Properties of hybrid systems, which have an infinite state space, can often be verified using ordinary model checking together with a finite-state abstraction. Model checking can be inconclusive, however, in which case the abstraction must be refined. This paper presents a new procedure to perform this refinement operation for abstractions of infinite-state systems, in particular of hybrid systems. Following an approach originally developed for finite-state systems [1, 2], the refinement procedure constructs a new abstraction that eliminates a counterexample generated by the model checker. For hybrid systems, analysis of the counterexample requires the computation of sets of reachable states in the continuous state space.We showhowsuch reachability computations with varying degrees of complexity can be used to refine hybrid system abstractions efficiently. A detailed example illustrates our counterexample-guided refinement procedure. Experimental results for a prototype implementation of the procedure indicate its advantages over existing methods.

Verification of PLC Programs Given as Sequential Function Charts

Programmable Logic Controllers (PLC) are widespread in the manufacturing and processing industries to realize sequential procedures and to avoid safety-critical states. For the specification and the implementation of PLC programs, the graphical and hierarchical language Sequential Function Charts (SFC) is increasingly used in industry. To investigate the correctness of SFC programs with respect to a given set of requirements, this contribution advocates the use of formal verification. We present two different approaches to convert SFC programs algorithmically into automata models that are amenable to model checking. While the first approach translates untimed SFC into the input language of the tool Cadence SMV, the second converts timed SFC into timed automata which can be analyzed by the tool Uppaal. For different processing system examples, we illustrate the complete verification procedure consisting of controller specification, model transformation, integration of dynamic plant models, and identifying errors in the control program by model checking.

A Case Study in Tool-Aided Analysis of Discretely Controlled Continuous Systems: The Two Tanks Problem

This case study compares the usefulness and applicability of eight computer tools with respect to the validation of logic control programs for continuous processes. Six simulation packages (Taylors Matlab-based simulator, Simulink/StateFlow, gPROMS, Shift, Dymola, and BaSiP) and two verification tools (SMV and HyTech) were applied to a single process control example with non-trivial continuous dynamics. The paper presents a detailed description of this benchmark example. Short introductions to the tools are given and the application results are decribed and discussed with emphasis on the suitability to the problem and the numerical performance.

Verification of logic controllers for continuous plants using timed condition/event-system models

An approach to the formal verification of logic controllers for processes with switched continuous dynamics is presented. The method builds on modular, timed discrete event models of the plant and the controller. Subsystems with continuous dynamics are approximated algorithmically. The formal verification consists of determining the reachable discrete states of the resulting model and comparing it to a set of undesired states. For this purpose, the tool HyTech is applied. The approach is illustrated by the treatment of a process engineering example.