Validation of Automotive Control Applications using Formal Methods - - PowerPoint PPT Presentation

Validation of Automotive Control Applications using Formal Methods and metamodeling techniques

❖ Simone Silvetti, Esteco Spa & University Udine ❖ Mariapia Marchi, Esteco Spa

www.caeconference.com

MDB (Model Based Development)

❖ process aimed at designing complex systems ❖ cost reduction ❖ reduce development time

www.caeconference.com

MDB (Model Based Development)

www.caeconference.com

MDB (Model Based Development)

www.caeconference.com

MDB (Model Based Development)

www.caeconference.com

MDB (Model Based Development)

www.caeconference.com

MDB (Model Based Development)

www.caeconference.com

MDB (Model Based Development)

www.caeconference.com

Validation Process

www.caeconference.com

Validation Process

❖ Use of block diagram tools (Simulink, Gt suite) ❖ Powerful Tools but complex

www.caeconference.com

Validation Process

❖ Use of block diagram tools (Simulink, Gt suite) ❖ Use of natural languages ❖ Involves time events... ❖ Powerful Tools but complex ❖ Not rigorous ❖ Not Machine interpretable

www.caeconference.com

Validation Process

❖ Use of block diagram tools (Simulink, Gt suite) ❖ Use of natural languages ❖ Involves time events... ❖ Powerful Tools but complex ❖ Not rigurous ❖ Not Machine interpretable

www.caeconference.com

Validation Process

❖ Use of block diagram tools (Simulink, Gt suite) ❖ Use of natural languages ❖ Involves time events... ❖ Powerful Tools but complex ❖ Not rigurous ❖ Not Machine interpretable

FORMAL METHODS !

✓

www.caeconference.com

Validation Process

www.caeconference.com

Validation Process

www.caeconference.com

Validation Process

φ

www.caeconference.com

Validation Process

φ

www.caeconference.com

Validation Process

“If the engine speed (w) is always less than k1 then vehicle speed (v) can not exceed k2 in less than T sec” ᅟᅠᆨ(F[0,T] (v ≥ k2) ⋀ G(w ≤ k1))

φ

www.caeconference.com

Robustness Semantics

φ ⊧ ?

www.caeconference.com

Robustness Semantics

φ ⊧ ?

Boolean yes/no

k F( f>k )

www.caeconference.com

Robustness Semantics

φ ⊧ ?

Boolean Robustness yes/no +30 / -30

More Information!

+30 k F( f>k )

www.caeconference.com

The goal

f M M(f)

www.caeconference.com

The goal

f M M(f) min [M(f), φ ]

f ∈ F

The optimization Problem

R =

www.caeconference.com

The goal

f M M(f) min [M(f), φ ]

f ∈ F

The optimization Problem

R =

R

Counterexample Safe!

≤ 0 ≥ 0

www.caeconference.com

The optimization process

www.caeconference.com

The optimization process

Challenges

❖

Low number of model execution

❖

Inputs are functions (temporal series)!!

www.caeconference.com

The optimization process

Challenges

❖

Low number of model execution

❖

Inputs are functions (temporal series)!!

www.caeconference.com

The optimization process

Challenges

❖

Low number of model execution

❖

Inputs are functions (temporal series)!! GP-UCB Adaptive Control Point Parametrization

www.caeconference.com

The Control Point Parametrization

Fix the times interpolation

www.caeconference.com

The Control Point Parametrization

Fix the times interpolation n Control Points n Variable to optimize

www.caeconference.com

The Control Point Parametrization

Fix the times interpolation n Control Points n Variable to optimize

www.caeconference.com

The adaptive Control Point Param.

n Control Points 2n Variable to optimize interpolation

www.caeconference.com

Doubled the variables

Problem

Increase the expressivity but...

www.caeconference.com

Doubled the variables

Problem Solution

GP-UCB Optimizer

Increase the expressivity but...

www.caeconference.com

GP-UCB

www.caeconference.com

GP-UCB

www.caeconference.com

GP-UCB

www.caeconference.com

GP-UCB

P(x,y)

www.caeconference.com

GP-UCB

P(x,y)

www.caeconference.com

GP-UCB

P(x,y)

www.caeconference.com

GP-UCB

P(x,y)

www.caeconference.com

GP-UCB

P(x,y)

www.caeconference.com

GP-UCB

P(x,y)

www.caeconference.com

GP-UCB

P(x,y)

www.caeconference.com

Reduce Input Space Doubled the variables

www.caeconference.com

Schema

GP - UCB N

• Rob. ?

✓

N++

www.caeconference.com

Input Space

Adaptive Idea

www.caeconference.com

Input Space

Adaptive Idea

1

www.caeconference.com

Input Space

Adaptive Idea

2

www.caeconference.com

Input Space

Adaptive Idea

2

www.caeconference.com

Input Space

Adaptive Idea

2

www.caeconference.com

Input Space

Adaptive Idea

3

www.caeconference.com

Input Space

Adaptive Idea

3

www.caeconference.com

Input Space

Adaptive Idea

4

www.caeconference.com

Input Space

Adaptive Idea

www.caeconference.com

Automatic transmission

www.caeconference.com

Automatic transmission

www.caeconference.com

Automatic transmission

69 blocks: 2 integrators, 3 look-up tables, 3 2D look-up tables, Stateflow Chart

www.caeconference.com

Results

www.caeconference.com

aCPP reduces minimum number of evaluations by 50-70%

GP-UCB is slow.

Results

✓

www.caeconference.com

Results

Time = {#Simulations} x {Simulation Time} + {Optimizer time}

GP-UCB is slow

www.caeconference.com

Results

Time = {#Simulations} x {Simulation Time} + {Optimizer time}

GP-UCB is slow

Future work

❖ from Matlab to Java (parallelization) ❖ multi-objective approach ❖ using fmi as simulator

www.caeconference.com

Acknowledges

Esteco

Alberto Policriti Luca Bortolussi

www.caeconference.com

….and use Formal Methods