Provable Correct and Adaptive Simplex Architecture for Bounded-Liveness Properties

Benedikt Maderbacher; Stefan Schupp; Ezio Bartocci; Roderick Bloem; Dejan Nickovic; Bettina Könighofer

doi:10.1007/978-3-031-32157-3_8

Provable Correct and Adaptive Simplex Architecture for Bounded-Liveness Properties

Benedikt Maderbacher, Stefan Schupp, Ezio Bartocci, Roderick Bloem, Dejan Nickovic, Bettina Könighofer

Institute of Applied Information Processing and Communications (7050)

Research output: Chapter in Book/Report/Conference proceeding › Conference paper › peer-review

Abstract

We propose an approach to synthesize Simplex architectures that are provably correct for a rich class of temporal specifications, and are high-performant by optimizing for the time the advanced controller is active. We achieve provable correctness by performing a static verification of the baseline controller. The result of this verification is a set of states which is proven to be safe, called the recoverable region. During runtime, our Simplex architecture adapts towards a running advanced controller by exploiting proof-on-demand techniques. Verification of hybrid systems is often overly conservative, resulting in over-conservative recoverable regions that cause unnecessary switches to the baseline controller. To avoid these switches, we invoke targeted reachability queries to extend the recoverable region at runtime. Our offline and online verification relies upon reachability analysis, since it allows observation-based extension of the known recoverable region. However, detecting fix-points for bounded liveness properties is a challenging task for most hybrid system reachability analysis tools. We present several optimizations for efficient fix-point computations that we implemented in the state-of-the-art tool HyPro that allowed us to automatically synthesize verified and performant Simplex architectures for advanced case studies, like safe autonomous driving on a race track.

Original language	English
Title of host publication	Model Checking Software - 29th International Symposium, SPIN 2023, Proceedings
Editors	Georgiana Caltais, Christian Schilling
Publisher	Springer Nature Switzerland AG
Pages	141-160
Number of pages	20
ISBN (Print)	9783031321566
DOIs	https://doi.org/10.1007/978-3-031-32157-3_8
Publication status	Published - May 2023
Event	29th International Symposium on Model Checking of Software: SPIN 2023 - Paris, France Duration: 26 Apr 2023 → 27 Apr 2023

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	13872 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	29th International Symposium on Model Checking of Software
Abbreviated title	SPIN 2023
Country/Territory	France
City	Paris
Period	26/04/23 → 27/04/23

ASJC Scopus subject areas

Theoretical Computer Science
General Computer Science

Access to Document

10.1007/978-3-031-32157-3_8

Provable Correct and Adaptive Simplex Architecture for Bounded-Liveness PropertiesAccepted author manuscript, 1.38 MB

Cite this

Maderbacher, B., Schupp, S., Bartocci, E., Bloem, R., Nickovic, D., & Könighofer, B. (2023). Provable Correct and Adaptive Simplex Architecture for Bounded-Liveness Properties. In G. Caltais, & C. Schilling (Eds.), Model Checking Software - 29th International Symposium, SPIN 2023, Proceedings (pp. 141-160). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 13872 LNCS). Springer Nature Switzerland AG. https://doi.org/10.1007/978-3-031-32157-3_8

Provable Correct and Adaptive Simplex Architecture for Bounded-Liveness Properties. / Maderbacher, Benedikt; Schupp, Stefan; Bartocci, Ezio et al.
Model Checking Software - 29th International Symposium, SPIN 2023, Proceedings. ed. / Georgiana Caltais; Christian Schilling. Springer Nature Switzerland AG, 2023. p. 141-160 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 13872 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference paper › peer-review

Maderbacher, B, Schupp, S, Bartocci, E, Bloem, R, Nickovic, D & Könighofer, B 2023, Provable Correct and Adaptive Simplex Architecture for Bounded-Liveness Properties. in G Caltais & C Schilling (eds), Model Checking Software - 29th International Symposium, SPIN 2023, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 13872 LNCS, Springer Nature Switzerland AG, pp. 141-160, 29th International Symposium on Model Checking of Software, Paris, France, 26/04/23. https://doi.org/10.1007/978-3-031-32157-3_8

Maderbacher B, Schupp S, Bartocci E, Bloem R, Nickovic D, Könighofer B. Provable Correct and Adaptive Simplex Architecture for Bounded-Liveness Properties. In Caltais G, Schilling C, editors, Model Checking Software - 29th International Symposium, SPIN 2023, Proceedings. Springer Nature Switzerland AG. 2023. p. 141-160. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-031-32157-3_8

Maderbacher, Benedikt ; Schupp, Stefan ; Bartocci, Ezio et al. / Provable Correct and Adaptive Simplex Architecture for Bounded-Liveness Properties. Model Checking Software - 29th International Symposium, SPIN 2023, Proceedings. editor / Georgiana Caltais ; Christian Schilling. Springer Nature Switzerland AG, 2023. pp. 141-160 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{bc43547bee9541f1956c0f1ca79cf228,

title = "Provable Correct and Adaptive Simplex Architecture for Bounded-Liveness Properties",

abstract = "We propose an approach to synthesize Simplex architectures that are provably correct for a rich class of temporal specifications, and are high-performant by optimizing for the time the advanced controller is active. We achieve provable correctness by performing a static verification of the baseline controller. The result of this verification is a set of states which is proven to be safe, called the recoverable region. During runtime, our Simplex architecture adapts towards a running advanced controller by exploiting proof-on-demand techniques. Verification of hybrid systems is often overly conservative, resulting in over-conservative recoverable regions that cause unnecessary switches to the baseline controller. To avoid these switches, we invoke targeted reachability queries to extend the recoverable region at runtime. Our offline and online verification relies upon reachability analysis, since it allows observation-based extension of the known recoverable region. However, detecting fix-points for bounded liveness properties is a challenging task for most hybrid system reachability analysis tools. We present several optimizations for efficient fix-point computations that we implemented in the state-of-the-art tool HyPro that allowed us to automatically synthesize verified and performant Simplex architectures for advanced case studies, like safe autonomous driving on a race track.",

author = "Benedikt Maderbacher and Stefan Schupp and Ezio Bartocci and Roderick Bloem and Dejan Nickovic and Bettina K{\"o}nighofer",

year = "2023",

month = may,

doi = "10.1007/978-3-031-32157-3_8",

language = "English",

isbn = "9783031321566",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Nature Switzerland AG",

pages = "141--160",

editor = "Georgiana Caltais and Christian Schilling",

booktitle = "Model Checking Software - 29th International Symposium, SPIN 2023, Proceedings",

address = "Switzerland",

note = "29th International Symposium on Model Checking of Software : SPIN 2023, SPIN 2023 ; Conference date: 26-04-2023 Through 27-04-2023",

}

TY - GEN

T1 - Provable Correct and Adaptive Simplex Architecture for Bounded-Liveness Properties

AU - Maderbacher, Benedikt

AU - Schupp, Stefan

AU - Bartocci, Ezio

AU - Bloem, Roderick

AU - Nickovic, Dejan

AU - Könighofer, Bettina

PY - 2023/5

Y1 - 2023/5

N2 - We propose an approach to synthesize Simplex architectures that are provably correct for a rich class of temporal specifications, and are high-performant by optimizing for the time the advanced controller is active. We achieve provable correctness by performing a static verification of the baseline controller. The result of this verification is a set of states which is proven to be safe, called the recoverable region. During runtime, our Simplex architecture adapts towards a running advanced controller by exploiting proof-on-demand techniques. Verification of hybrid systems is often overly conservative, resulting in over-conservative recoverable regions that cause unnecessary switches to the baseline controller. To avoid these switches, we invoke targeted reachability queries to extend the recoverable region at runtime. Our offline and online verification relies upon reachability analysis, since it allows observation-based extension of the known recoverable region. However, detecting fix-points for bounded liveness properties is a challenging task for most hybrid system reachability analysis tools. We present several optimizations for efficient fix-point computations that we implemented in the state-of-the-art tool HyPro that allowed us to automatically synthesize verified and performant Simplex architectures for advanced case studies, like safe autonomous driving on a race track.

AB - We propose an approach to synthesize Simplex architectures that are provably correct for a rich class of temporal specifications, and are high-performant by optimizing for the time the advanced controller is active. We achieve provable correctness by performing a static verification of the baseline controller. The result of this verification is a set of states which is proven to be safe, called the recoverable region. During runtime, our Simplex architecture adapts towards a running advanced controller by exploiting proof-on-demand techniques. Verification of hybrid systems is often overly conservative, resulting in over-conservative recoverable regions that cause unnecessary switches to the baseline controller. To avoid these switches, we invoke targeted reachability queries to extend the recoverable region at runtime. Our offline and online verification relies upon reachability analysis, since it allows observation-based extension of the known recoverable region. However, detecting fix-points for bounded liveness properties is a challenging task for most hybrid system reachability analysis tools. We present several optimizations for efficient fix-point computations that we implemented in the state-of-the-art tool HyPro that allowed us to automatically synthesize verified and performant Simplex architectures for advanced case studies, like safe autonomous driving on a race track.

UR - http://www.scopus.com/inward/record.url?scp=85161391372&partnerID=8YFLogxK

U2 - 10.1007/978-3-031-32157-3_8

DO - 10.1007/978-3-031-32157-3_8

M3 - Conference paper

SN - 9783031321566

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 141

EP - 160

BT - Model Checking Software - 29th International Symposium, SPIN 2023, Proceedings

A2 - Caltais, Georgiana

A2 - Schilling, Christian

PB - Springer Nature Switzerland AG

T2 - 29th International Symposium on Model Checking of Software

Y2 - 26 April 2023 through 27 April 2023

ER -

Provable Correct and Adaptive Simplex Architecture for Bounded-Liveness Properties

Abstract

Publication series

Conference

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

FATE - Fault-driven Analysis and Testing for Design Robustness and Stability

EU - FOCETA - Foundations for continuous engineering of trustworthy autonomy

ADVANCED - Adaptive Verification and Anomaly Detection for Complex Designs

Cite this

Provable Correct and Adaptive Simplex Architecture for Bounded-Liveness Properties

Abstract

Publication series

Conference

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Projects

FATE - Fault-driven Analysis and Testing for Design Robustness and Stability

EU - FOCETA - Foundations for continuous engineering of trustworthy autonomy

ADVANCED - Adaptive Verification and Anomaly Detection for Complex Designs

Cite this