Controller Verification and Design with Logical Analysis Support

2018-12-13T19:27:01Z (GMT) by Nikos Arechiga
Modern computer-controlled systems deployed for safety-critical applications<br>are growing increasingly large and complex. Industry professionals submit their<br>designs to rigorous testing procedures to detect possible errors and re-design the<br>system as necessary. Nonetheless, design errors can go undetected and appear in the<br>final product. In safety-critical systems, these errors may cause severe financial and<br>even human losses. As a result, the modern engineering development process needs<br>to address safety specifications as well as performance specifications.<br>This dissertation proposes the use of control envelopes, which are abstractions<br>on the input-output relation of a controller. Control envelopes can be used to verify<br>safety of proposed controllers. Since the control envelope does not depend on<br>any specific controller implementation, it can be reused throughout the system development<br>cycle. As a result, safety specifications can be checked with the control<br>envelope by a static check on the input-output of the controller. Second, control<br>envelopes constitute a reusable specification. Initial effort devoted to computing a<br>good control pays for itself throughout the rest of the development process in terms<br>of flexibility and reusability.<br>We describe a tool called Perseus to automatically check when a controller satisfies<br>a control envelope. We illustrate our approach on control design case studies for<br>autonomous driving scenarios intended to reduce accidents at traffic intersections.<br>Our case studies make use of the theorem prover KeYmaera to verify plants controlled<br>by control envelopes. KeYmaera uses a powerful representation language<br>called differential dynamic logic, which supports symbolic parameters and can handle<br>nonlinear dynamics without resorting to approximation techniques that incur errors.<br>However, KeYmaera (and theorem proving approaches in general) suffer from<br>a lack of automation, and often require specialized knowledge to operate. We propose<br>the addition of a forward invariant cut proof rule to KeYmaera’s reasoning<br>calculus, which allows one to leverage designer insights into proofs of safety of a<br>closed-loop system. We describe the tool Manticore, which aids the search for forward<br>invariants. We illustrate our approach on a case study of a benchmark fuel<br>control system.