Safety Verification Using Hybrid IO Automata

1
Safety Verification Using Hybrid I/O Automata

• Why this method ?
• Automatic verification limited to small subclass
  of hybrid systems which is not expressive enough
• HIOA is expressive
• Actions for discrete state changes
• Trajectories expressed using state space models
• Composition
• External Interface, Abstractions
• Inductive proof techniques standard in
  distributed algorithms
• Proofs decompose into discrete and continuous
  parts nicely
• Not Automatic !

2
The Model Helicopter System

• 3 DoF models manufatured by Quanser
• User Controllers not safe
• Supervisory pitch controller
• Sensor inaccuracies
• Actuator delay
• Limited sampling frequency

3
HIOA model of the system

• New language constructs for specifying
  trajectories
• State models and Activities
• Composition of activities

4
Discrete communication among components
sample control command dequeue
usrCtrl
sensor
sensor
plant
supervisor
actuator
0
D
D
tact
5
Executions in the User and Supervisor modes
Back to User mode
Recovery Phase
Cannot jump from U to outside of R in a single
step
Switch to supervisor settling phase
6
Future Directions
Contributions

• Application of HIOA model to verification
• Realistic dynamics, inaccuracies, delays
• Design of safe Supervisory Controller
• For arbitrary user controller
• Language constructs for HIOA

• Study systems with more complicated discrete
  behavior and dynamics.
• Develop a set of useful lemmas from control
  theory to be directly used in invariant proofs
• Partially automate proofs using theorem provers