Formal Verification of Cyber-Physical Systems Matthew Chan , Daniel - - PowerPoint PPT Presentation

Formal Verification of Cyber-Physical Systems

Matthew Chan, Daniel Ricketts, Sorin Lerner, Gregory Malecha University of California, San Diego veridrone.ucsd.edu

Cyber-Physical Systems

Cyber-Physical Systems

Cyber-Physical Systems

Cyber-Physical Systems

Cyber-Physical Systems

Cyber-Physical Systems

Cyber-Physical Systems

Program

Cyber-Physical Systems

World Program

Cyber-Physical Systems

World Program

Sensor

Cyber-Physical Systems

World Program

Actuator Sensor

Cyber-Physical Systems

Program World

Program

World

v t

Program

World

v t

Program

World

v t

Program

World

v t

{

∆

Program

World

x t

{

∆

Program

World

v t

{

∆

Program World

v t

{

∆

Outline

Outline

• How we formalize CPSs in Coq

Outline

• How we formalize CPSs in Coq
• Stability (graphically)

Outline

• How we formalize CPSs in Coq
• Stability (graphically)
• Lyapunov Stability

Outline

• How we formalize CPSs in Coq
• Stability (graphically)
• Lyapunov Stability
• Exponential Stability

Outline

• How we formalize CPSs in Coq
• Stability (graphically)
• Lyapunov Stability
• Exponential Stability
• Proving Stability using Lyapunov Functions

Program

Actuator Sensor

World

Program

Actuator Sensor

World

a! = − v ∆

Program

Actuator Sensor

World

a! = − v ∆

v

Program

Actuator Sensor

World

a! = − v ∆ a!

v

Program

Actuator Sensor

World

a! = − v ∆

∂v ∂t = a a!

v

Program World

a! = − v ∆

∂v ∂t = a

Program World

∨

a! = − v ∆

∂v ∂t = a

Program World

∨

⇤( )

a! = − v ∆

∂v ∂t = a

`

P

Program World

∨

⇤( )

a! = − v ∆ ˙ x = ∂v ∂t = a

`

Safe

Program World

∨

⇤( ) ⇤(

`

Safe

Program World

∨

⇤( )

[Ricketts et al. MEMOCODE 15]

Velocity Height Boundary box …etc

⇤(

`

Program World

∨

⇤( )

Stable

⇤(

Stability

Lyapunov stability

Lyapunov stability

v t

Lyapunov stability

∀α > 0 → ∃

{

α

v t

Lyapunov stability

∀α > 0 → ∃β > 0 ∧ (|x| < β)

{

α

{

β

v t

Lyapunov stability

∀α > 0 → ∃β > 0 ∧ (|x| < β) → ⇤(|x| < α) v t

Lyapunov stability

∀α > 0 → ∃β > 0 ∧ (|x| < β) → ⇤(|x| < α) v t

Lyapunov stability

∀α > 0 → ∃β > 0 ∧ (|x| < β) → ⇤(|x| < α) v t

Lyapunov stability

∀α > 0 → ∃β > 0 ∧ (|x| < β) → ⇤(|x| < α) v t

Proving Lyapunov stability

v t

Proving Lyapunov stability

∀α > 0 → ∃β > 0 ∧ (|x| < β) → ⇤(|x| < α) v t

Proving Lyapunov stability

∀α > 0 → ∃β > 0 ∧ (|x| < β) → ⇤(|x| < α) v t

Proof Sketch

Proof Sketch

Spec = Ctrl ∨ World

Proof Sketch

Spec = Ctrl ∨ World

a! = − v ∆

Proof Sketch

Spec = Ctrl ∨ World

a! = − v ∆ ∂v ∂t = a

Proof Sketch

Spec = Ctrl ∨ World

a! = − v ∆ ∂v ∂t = a

Inv = v < 0 → −vt ≤ x ∧ v ≥ 0 → vt ≤ −x

Proof Sketch

Spec = Ctrl ∨ World

a! = − v ∆ ∂v ∂t = a

Spec ` (Inv ! next(Inv))

Inv = v < 0 → −vt ≤ x ∧ v ≥ 0 → vt ≤ −x

Improving Lyapunov stability

v t

Exponential stability

Displacement (x)

v t

∃α > 0, ∃γ > 0 ∧ ⇤(|v| ≤ αe−γ(t−t0))

Exponential stability

Displacement (x)

v t

∃α > 0, ∃γ > 0 ∧ ⇤(|v| ≤ αe−γ(t−t0))

Exponential stability

Displacement (x)

v t

∃α > 0, ∃γ > 0 ∧ ⇤(|v| ≤ αe−γ(t−t0))

Displacement (x)

Exponential stability

v t

∃α > 0, ∃γ > 0 ∧ ⇤(|v| ≤ αe−γ(t−t0))

Exponential stability

Displacement (x)

v t

∃α > 0, ∃γ > 0 ∧ ⇤(|v| ≤ αe−γ(t−t0))

Exponential stability

Displacement (x)

v t

∃α > 0, ∃γ > 0 ∧ ⇤(|v| ≤ αe−γ(t−t0))

Proving Exponential stability

v t

∃α > 0, ∃γ > 0 ∧ ⇤(|v| ≤ αe−γ(t−t0))

Proving Exponential stability

where v t

∃α > 0, ∃γ > 0 ∧ ⇤(|v| ≤ αe−γ(t−t0))

α = c|v0| γ = 1 ∆

Proving Exponential stability

v t where

∃α > 0, ∃γ > 0 ∧ ⇤(|v| ≤ αe−γ(t−t0))

α = c|v0| γ = 1 ∆

Proving Exponential stability

v t where

∃α > 0, ∃γ > 0 ∧ ⇤(|v| ≤ αe−γ(t−t0))

α = c|v0| γ = 1 ∆

Proving Stability with Lyapunov Functions

The difficulty of proving stability manually is

Proving Stability with Lyapunov Functions

The difficulty of proving stability manually is

• explicit reasoning about time

Proving Stability with Lyapunov Functions

The difficulty of proving stability manually is

• explicit reasoning about time
• complicated inductive invariants

Proving Stability with Lyapunov Functions

The difficulty of proving stability manually is

• explicit reasoning about time
• complicated inductive invariants
• manual proof of Lyapunov stability is 190 lines;

46 lines using Lyapunov function

Lyapunov functions

E(v) v

Lyapunov functions

E(v) v

Lyapunov functions

E(0) = 0

E(v) 0, v 6= 0

Lyapunov functions

E(0) = 0

E(v) 0, v 6= 0

Lyapunov stable: ˙ E(v) ≤ 0

Lyapunov functions

E(0) = 0

E(v) 0, v 6= 0

Lyapunov stable: ˙ E(v) ≤ 0

˙ E(v) ≤ αE(v)

Exponentially stable:

Recap

Recap

• How we formalize CPSs in Coq

Recap

• How we formalize CPSs in Coq
• Stability (graphically)

Recap

• How we formalize CPSs in Coq
• Stability (graphically)
• Lyapunov Stability

Recap

• How we formalize CPSs in Coq
• Stability (graphically)
• Lyapunov Stability
• Exponential Stability

Recap

• How we formalize CPSs in Coq
• Stability (graphically)
• Lyapunov Stability
• Exponential Stability
• Proving Stability with Lyapunov Functions

Lessons learned

Lessons learned

• Coq can be applied to continuous domains
• I learned some Coq
• I learned some control theory

Lessons learned

• Coq can be applied to continuous domains
• I learned some Coq
• I learned some control theory
• Better solvers for real numbers

Lessons learned

• Coq can be applied to continuous domains
• I learned some Coq
• I learned some control theory
• Better solvers for real numbers
• Real analysis library could be modernized and better
• rganized

Thanks!

veridrone.ucsd.edu