Formal Verification of Cyber-Physical Systems Matthew Chan , Daniel - PowerPoint PPT Presentation

Formal Verification of Cyber-Physical Systems Matthew Chan , Daniel Ricketts, Sorin Lerner, Gregory Malecha University of California, San Diego veridrone.ucsd.edu

Cyber-Physical Systems

Cyber-Physical Systems

Cyber-Physical Systems

Cyber-Physical Systems

Cyber-Physical Systems

Cyber-Physical Systems

Cyber-Physical Systems Program

Cyber-Physical Systems Program World

Cyber-Physical Systems Program World Sensor

Cyber-Physical Systems Actuator Program World Sensor

Cyber-Physical Systems Program World

World Program v t

World Program v t

World Program v t

World Program v { ∆ t

World Program x t { ∆

World Program v t { ∆

Program World v t { ∆

Outline

Outline • How we formalize CPSs in Coq

Outline • How we formalize CPSs in Coq • Stability (graphically)

Outline • How we formalize CPSs in Coq • Stability (graphically) • Lyapunov Stability

Outline • How we formalize CPSs in Coq • Stability (graphically) • Lyapunov Stability • Exponential Stability

Outline • How we formalize CPSs in Coq • Stability (graphically) • Lyapunov Stability • Exponential Stability • Proving Stability using Lyapunov Functions

Actuator Program World Sensor

Actuator Program World Sensor a ! = − v ∆

Actuator Program World Sensor a ! = − v ∆ v

a ! Actuator Program World Sensor a ! = − v ∆ v

a ! Actuator Program World Sensor ∂ v a ! = − v ∂ t = a ∆ v

Program World ∂ v a ! = − v ∂ t = a ∆

∨ Program World ∂ v a ! = − v ∂ t = a ∆

⇤ ( ) ∨ Program World ∂ v a ! = − v ∂ t = a ∆

⇤ ( ) ` ∨ Program World P x = ∂ v a ! = − v ˙ ∂ t = a ∆

⇤ ( ) ⇤ ( ` ∨ Program World Safe

⇤ ( ) ⇤ ( ` ∨ Program World Safe Velocity Height Boundary box …etc [Ricketts et al. MEMOCODE 15]

⇤ ( ) ⇤ ( ` ∨ Program World Stable

Stability

Lyapunov stability

Lyapunov stability v t

Lyapunov stability v ∀ α > 0 → ∃ { α t

Lyapunov stability v ∀ α > 0 → ∃ β > 0 ∧ ( | x | < β ) { { α β t

Lyapunov stability v ∀ α > 0 → ∃ β > 0 ∧ ( | x | < β ) → ⇤ ( | x | < α ) t

Lyapunov stability v ∀ α > 0 → ∃ β > 0 ∧ ( | x | < β ) → ⇤ ( | x | < α ) t

Lyapunov stability v ∀ α > 0 → ∃ β > 0 ∧ ( | x | < β ) → ⇤ ( | x | < α ) t

Lyapunov stability v ∀ α > 0 → ∃ β > 0 ∧ ( | x | < β ) → ⇤ ( | x | < α ) t

Proving Lyapunov stability v t

Proving Lyapunov stability v ∀ α > 0 → ∃ β > 0 ∧ ( | x | < β ) → ⇤ ( | x | < α ) t

Proving Lyapunov stability v ∀ α > 0 → ∃ β > 0 ∧ ( | x | < β ) → ⇤ ( | x | < α ) t

Proof Sketch

Proof Sketch Spec = Ctrl ∨ World

Proof Sketch a ! = − v ∆ Spec = Ctrl ∨ World

Proof Sketch ∂ v a ! = − v ∂ t = a ∆ Spec = Ctrl ∨ World

Proof Sketch ∂ v a ! = − v ∂ t = a ∆ Spec = Ctrl ∨ World Inv = v < 0 → − vt ≤ x ∧ v ≥ 0 → vt ≤ − x

Proof Sketch ∂ v a ! = − v ∂ t = a ∆ Spec = Ctrl ∨ World Inv = v < 0 → − vt ≤ x ∧ v ≥ 0 → vt ≤ − x Spec ` ( Inv ! next ( Inv ))

Improving Lyapunov stability v t

Exponential stability v ∃ α > 0 , ∃ γ > 0 ∧ ⇤ ( | v | ≤ α e − γ ( t − t 0 ) ) Displacement (x) t `

Exponential stability v ∃ α > 0 , ∃ γ > 0 ∧ ⇤ ( | v | ≤ α e − γ ( t − t 0 ) ) Displacement (x) t `

Exponential stability v ∃ α > 0 , ∃ γ > 0 ∧ ⇤ ( | v | ≤ α e − γ ( t − t 0 ) ) Displacement (x) t `

Exponential stability v ∃ α > 0 , ∃ γ > 0 ∧ ⇤ ( | v | ≤ α e − γ ( t − t 0 ) ) Displacement (x) t `

Exponential stability v ∃ α > 0 , ∃ γ > 0 ∧ ⇤ ( | v | ≤ α e − γ ( t − t 0 ) ) Displacement (x) t `

Exponential stability v ∃ α > 0 , ∃ γ > 0 ∧ ⇤ ( | v | ≤ α e − γ ( t − t 0 ) ) Displacement (x) t `

Proving Exponential stability v ∃ α > 0 , ∃ γ > 0 ∧ ⇤ ( | v | ≤ α e − γ ( t − t 0 ) ) t

Proving Exponential stability v ∃ α > 0 , ∃ γ > 0 ∧ ⇤ ( | v | ≤ α e − γ ( t − t 0 ) ) where α = c | v 0 | γ = 1 ∆ t

Proving Exponential stability v ∃ α > 0 , ∃ γ > 0 ∧ ⇤ ( | v | ≤ α e − γ ( t − t 0 ) ) where α = c | v 0 | γ = 1 ∆ t

Proving Exponential stability v ∃ α > 0 , ∃ γ > 0 ∧ ⇤ ( | v | ≤ α e − γ ( t − t 0 ) ) where α = c | v 0 | γ = 1 ∆ t

Proving Stability with Lyapunov Functions The difficulty of proving stability manually is

Proving Stability with Lyapunov Functions The difficulty of proving stability manually is • explicit reasoning about time

Proving Stability with Lyapunov Functions The difficulty of proving stability manually is • explicit reasoning about time • complicated inductive invariants

Proving Stability with Lyapunov Functions The difficulty of proving stability manually is • explicit reasoning about time • complicated inductive invariants • manual proof of Lyapunov stability is 190 lines; 46 lines using Lyapunov function

Lyapunov functions E(v) v

Lyapunov functions E(v) v

Lyapunov functions E (0) = 0 E ( v ) � 0 , v 6 = 0

Lyapunov functions E (0) = 0 E ( v ) � 0 , v 6 = 0 ˙ Lyapunov stable: E ( v ) ≤ 0

Lyapunov functions E (0) = 0 E ( v ) � 0 , v 6 = 0 ˙ Lyapunov stable: E ( v ) ≤ 0 ˙ Exponentially stable: E ( v ) ≤ α E ( v )

Recap

Recap • How we formalize CPSs in Coq

Recap • How we formalize CPSs in Coq • Stability (graphically)

Recap • How we formalize CPSs in Coq • Stability (graphically) • Lyapunov Stability

Recap • How we formalize CPSs in Coq • Stability (graphically) • Lyapunov Stability • Exponential Stability

Recap • How we formalize CPSs in Coq • Stability (graphically) • Lyapunov Stability • Exponential Stability • Proving Stability with Lyapunov Functions

Lessons learned

Lessons learned • Coq can be applied to continuous domains • I learned some Coq • I learned some control theory

Lessons learned • Coq can be applied to continuous domains • I learned some Coq • I learned some control theory • Better solvers for real numbers

Lessons learned • Coq can be applied to continuous domains • I learned some Coq • I learned some control theory • Better solvers for real numbers • Real analysis library could be modernized and better organized

Thanks! veridrone.ucsd.edu