A Formally Verified Hybrid System for the Next-Generation Airborne Collision Avoidance System

Jeannin, Jean-Baptiste; Ghorbal, Khalil; Kouskoulas, Yanni; Gardner, Ryan W.; Schmidt, Aurora; Zawadzki, Erik; Platzer, André

doi:10.1007/978-3-662-46681-0_2

Cited by 58 publications

(40 citation statements)

References 14 publications

(9 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…PMC provides complete evaluations of the properties and their probabilities of occurrence. Other studies have used hybrid systems theorem proving (HSTP), which models encounters as hybrid systems with idealized advisories and continuous dynamics then formally proves whether the system always avoids collision or whether a collision is possible [6] [7]. The advice of core components of ACAS X is then compared to that of the idealized system in different states to identify cases where the advice given by core ACAS X components may not avoid NMAC.…”

Section: Related Workmentioning

confidence: 99%

Differential Adaptive Stress Testing of Airborne Collision Avoidance Systems

Lee

Mengshoel

Saksena

et al. 2018

2018 AIAA Modeling and Simulation Technologies Conference

Self Cite

View full text Add to dashboard Cite

The next-generation Airborne Collision Avoidance System (ACAS X) is currently being developed and tested to replace the Traffic Alert and Collision Avoidance System (TCAS) as the next international standard for collision avoidance. To validate the safety of the system, stress testing in simulation is one of several approaches for analyzing near mid-air collisions (NMACs). Understanding how NMACs can occur is important for characterizing risk and informing development of the system. Recently, adaptive stress testing (AST) has been proposed as a way to find the most likely path to a failure event. The simulation-based approach accelerates search by formulating stress testing as a sequential decision process then optimizing it using reinforcement learning. The approach has been successfully applied to stress test a prototype of ACAS X in various simulated aircraft encounters. In some applications, we are not as interested in the system's absolute performance as its performance relative to another system. Such situations arise, for example, during regression testing or when deciding whether a new system should replace an existing system. In our collision avoidance application, we are interested in finding cases where ACAS X fails but TCAS succeeds in resolving a conflict. Existing approaches do not provide an efficient means to perform this type of analysis. This paper extends the AST approach to differential analysis by searching two simulators simultaneously and maximizing the difference between their outcomes. We call this approach differential adaptive stress testing (DAST). We apply DAST to compare a prototype of ACAS X against TCAS and show examples of encounters found by the algorithm.

show abstract

Section: Related Workmentioning

confidence: 99%

Differential Adaptive Stress Testing of Airborne Collision Avoidance Systems

Lee

Mengshoel

Saksena

et al. 2018

2018 AIAA Modeling and Simulation Technologies Conference

Self Cite

View full text Add to dashboard Cite

show abstract

“…KeYmaera and KeYmaera X have been used for verifying a number of interesting applications, including Airborne Collision Avoidance System ACAS X [14], [15], roundabout type aircraft maneuvers [16], the European Train Control System ETCS [17], several automotive systems (e.g., provably safe adaptive cruise controllers for cars on highways [18]), mobile robot navigation with the dynamic window algorithm [19], and a surgical robotic system for skull-base surgery [20].…”

Section: Applicationsmentioning

confidence: 99%

“…The Airborne Collision Avoidance System ACAS X, for example, has been subjected to a formal verification study [14], [15] using differential dynamic logic proofs. ACAS X is a challenging industrial system, a canonical hybrid system in principle, but-with its half a trillion discrete statesoverwhelmingly large.…”

Section: Applicationsmentioning

confidence: 99%

How to prove hybrid systems and why that matters

Platzer

2015

2015 International Conference on Complex Systems Engineering (ICCSE)

View full text Add to dashboard Cite

show abstract

“…In recent years, verification technology for hybrid systems has seen significant advances and a number of interesting case studies have been reported, e.g. verification of train control systems [20,29], aircraft collision avoidance protocols [13,1], descent guidance control software in a lunar lander [28] and satellite rendezvous manoeuvres [14], to give a few examples. However, non-linear ODEs appearing in hybrid system models often present a serious challenge to verification due to their inherent complexity.…”

Section: Introductionmentioning

confidence: 99%

Decoupling Abstractions of Non-linear Ordinary Differential Equations

Sogokon

Ghorbal

Johnson

2016

FM 2016: Formal Methods

Self Cite

View full text Add to dashboard Cite

Abstract. We investigate decoupling abstractions, by which we seek to simulate (i.e. abstract) a given system of ordinary differential equations (ODEs) by another system that features completely independent (i.e. uncoupled) sub-systems, which can be considered as separate systems in their own right. Beyond a purely mathematical interest as a tool for the qualitative analysis of ODEs, decoupling can be applied to verification problems arising in the fields of control and hybrid systems. Existing verification technology often scales poorly with dimension. Thus, reducing a verification problem to a number of independent verification problems for systems of smaller dimension may enable one to prove properties that are otherwise seen as too difficult. We show an interesting correspondence between Darboux polynomials and decoupling simulating abstractions of systems of polynomial ODEs and give a constructive procedure for automatically computing the latter.

show abstract

A Formally Verified Hybrid System for the Next-Generation Airborne Collision Avoidance System

Cited by 58 publications

References 14 publications

Differential Adaptive Stress Testing of Airborne Collision Avoidance Systems

Differential Adaptive Stress Testing of Airborne Collision Avoidance Systems

How to prove hybrid systems and why that matters

Decoupling Abstractions of Non-linear Ordinary Differential Equations

Contact Info

Product

Resources

About