Model-Based Design of Connected and Autonomous Vehicles

Similar documents
Model-Based Design Challenges for Cyber-Physical Systems

Using Heterogeneous Formal Methods in Model-Based Development LCCC Workshop on Formal Verification of Embedded Control Systems

Applications of Program analysis in Model-Based Design

Automated Requirements-Based Testing

What's new in MATLAB and Simulink for Model-Based Design

Introduction to Control Systems Design

This project has received funding from the European Union s Horizon 2020 research and innovation programme under grant agreement No

From Design to Production

Test and Evaluation of Autonomous Systems in a Model Based Engineering Context

Simulation-based Test Management and Automation Sang-Ho Yoon Senior Application Engineer

CSE 20 DISCRETE MATH. Fall

Automatic Code Generation Technology Adoption Lessons Learned from Commercial Vehicle Case Studies

Flight Systems are Cyber-Physical Systems

High-Level Information Interface

Design Specification of Cyber-Physical Systems: Towards a Domain-Specific Modeling Language based on Simulink, Eclipse Modeling Framework, and Giotto

What s New in Simulink in R2015b and R2016a

Tools for Formally Reasoning about Systems. June Prepared by Lucas Wagner

[Ch 6] Set Theory. 1. Basic Concepts and Definitions. 400 lecture note #4. 1) Basics

Modeling Complex Systems Using SimEvents. Giovanni Mancini SimEvents Product Marketing Manager The MathWorks 2006 The MathWorks, Inc.

A Tutorial on Runtime Verification and Assurance. Ankush Desai EECS 219C

VS 3 : SMT Solvers for Program Verification

CSE 20 DISCRETE MATH. Winter

What s New with the MATLAB and Simulink Product Families. Marta Wilczkowiak & Coorous Mohtadi Application Engineering Group

Turning an Automated System into an Autonomous system using Model-Based Design Autonomous Tech Conference 2018

Verification and Validation Introducing Simulink Design Verifier

Xuandong Li. BACH: Path-oriented Reachability Checker of Linear Hybrid Automata

Software Engineering of Robots

Simulink as Your Enterprise Simulation Platform

Resource-bound process algebras for Schedulability and Performance Analysis of Real-Time and Embedded Systems

for a Fleet of Driverless Vehicles

DRYING CONTROL LOGIC DEVELOPMENT USING MODEL BASED DESIGN

Developing Algorithms for Robotics and Autonomous Systems

Guidelines for deployment of MathWorks R2010a toolset within a DO-178B-compliant process

WHITE PAPER. 10 Reasons to Use Static Analysis for Embedded Software Development

A Tabular Expression Toolbox for Matlab/Simulink

!"#$"%"& When can a UAV get smart with its operator, and say 'NO!'? Jerry Ding**, Jonathan Sprinkle*, Claire J. Tomlin**, S.

LOGIC AND DISCRETE MATHEMATICS

Safe Path Planning for an Autonomous Agent in a Hostile Environment a.k.a Save PacMan!

Compositionality in system design: interfaces everywhere! UC Berkeley

Verification of Cyber-Physical Controller Software Using the AVM Meta Tool Suite and HybridSAL

Weapon System Fault Detection, Isolation, and Analysis using Stateflow

What s New in MATLAB and Simulink

A set-based approach to robust control and verification of piecewise affine systems subject to safety specifications

Connecting MATLAB & Simulink with your SystemVerilog Workflow for Functional Verification

Industrial Verification Using the KIND Model Checker Lucas Wagner Jedidiah McClurg

Temporal logic-based decision making and control. Jana Tumova Robotics, Perception, and Learning Department (RPL)

Model-Based Design for effective HW/SW Co-Design Alexander Schreiber Senior Application Engineer MathWorks, Germany

4 Basis, Subbasis, Subspace

What s New in MATLAB & Simulink. Prashant Rao Technical Manager MathWorks India

Theorem proving. PVS theorem prover. Hoare style verification PVS. More on embeddings. What if. Abhik Roychoudhury CS 6214

Summary of Course Coverage

Automated Driving Development

Verifiable Hierarchical Protocols with Network Invariants on Parametric Systems

Sciduction: Combining Induction, Deduction and Structure for Verification and Synthesis

CSC 501 Semantics of Programming Languages

Translation validation: from Simulink to C

ExCuSe A Method for the Model-Based Safety Assessment of Simulink and Stateflow Models

Contents 1 Introduction 2 Functional Verification: Challenges and Solutions 3 SystemVerilog Paradigm 4 UVM (Universal Verification Methodology)

Model Checking for Hybrid Systems

Virtual Validation of Cyber Physical Systems

On partial order semantics for SAT/SMT-based symbolic encodings of weak memory concurrency

Topological space - Wikipedia, the free encyclopedia

Model-Based Design for High Integrity Software Development Mike Anthony Senior Application Engineer The MathWorks, Inc.

What s New in MATLAB and Simulink Young Joon Lee Principal Application Engineer

Verification, Validation and Test in Model Based Design Manohar Reddy

Automating Best Practices to Improve Design Quality

SIMULATION ENVIRONMENT

Designing and Targeting Video Processing Subsystems for Hardware

On the Generation of Test Cases for Embedded Software in Avionics or Overview of CESAR

Wireless Environments

Mike Whalen Program Director, UMSEC University of Minnesota

Hybrid Systems Analysis of Periodic Control Systems using Continuization

Learning Driving Styles for Autonomous Vehicles for Demonstration

Team-Based Collaboration in Simulink Chris Fillyaw Application Engineer Detroit, MI

Figure 1. Closed-loop model.

A Formal Model Approach for the Analysis and Validation of the Cooperative Path Planning of a UAV Team

MathWorks Technology Session at GE Physical System Modeling with Simulink / Simscape

Distributed Systems Programming (F21DS1) Formal Verification

Parametric Real Time System Feasibility Analysis Using Parametric Timed Automata

AADL Graphical Editor Design

Automating Best Practices to Improve Design Quality

PROJECT HIGHLIGHTS, EXPECTED IMPACT & FUTURE DIRECTIONS

Volvo Car Group Jonn Lantz Agile by Models

Interplay Between Language and Formal Verification

Addressing Verification Bottlenecks of Fully Synthesized Processor Cores using Equivalence Checkers

RECURSIVE AND BACKWARD REASONING IN THE VERIFICATION ON HYBRID SYSTEMS

Optimizing Simulink R Models

Formal Verification: Practical Exercise Model Checking with NuSMV

Simulink 를이용한 효율적인레거시코드 검증방안

How Real-Time Testing Improves the Design of a PMSM Controller

Lecture 17: Continuous Functions

Lecture : Topological Space

Leveraging Formal Methods Based Software Verification to Prove Code Quality & Achieve MISRA compliance

What s New in MATLAB and Simulink Prashant Rao Technical Manager MathWorks India

Specifications Part 1

Ad Hoc Distributed Simulation of Surface Transportation Systems

Lecture 11 COVERING SPACES

Ch 1: The Architecture Business Cycle

Logic and its Applications

Introductory logic and sets for Computer scientists

Transcription:

Model-Based Design of Connected and Autonomous Vehicles Akshay Rajhans, PhD Senior Research Scientist Advanced Research and Technology Office MathWorks https://arajhans.github.io 2 nd IEEE Summer School on Connected and Autonomous Vehicles May 19, 2017 2017 The MathWorks, Inc. 1

How do we design safe and reliable cyber-physical systems? 2

Model-based design (MBD) Analyze and understand the requirements specification Develop computational model(s) of the system Check the model against the real system ``are you are building the right thing?'' (validation) Check the model against specifications ``are you building it right?'' (verification) Build a prototype test the prototype in the actual working environment Production 3

https://crashstats.nhtsa.dot.gov/api/public/viewpublication/812384 4

https://crashstats.nhtsa.dot.gov/api/public/viewpublication/812384 5

https://crashstats.nhtsa.dot.gov/api/public/viewpublication/812384 6

?? https://crashstats.nhtsa.dot.gov/api/public/viewpublication/812384 7

Cooperative Intersection Collision Avoidance System: Stop-Sign Assist (CICAS-SSA) Can we assist in the decision making? http://www.dot.state.mn.us/guidestar/2006_2010/cicas/cicas-ssa%20report%202.pdf 8

CICAS-SSA Schematic Y Prototypical heterogeneous CPS Sensing Communication Computation Physical dynamics lag ß Roadside Unit Can we formally verify such a system? n lanes à gap lag Dynamic sign next to stop sign Intersection area Instrumented area 9 9

Formal Verification Model Specification Analysis Procedure Yes With formal guarantee No Counterexample or some feedback Don t Know 10

Formal Verification Model Specification Analysis Procedure Yes With formal guarantee No Counterexample or some feedback Don t Know 11

Heterogeneity in modeling formalisms and analysis techniques CICAS-SSA Different formalisms suited for different aspects of system design Each model represents some design aspect well Models make interdependent assumptions Tools work only with their formalisms How do we ensure correctness of the system? 12

Cyber-Physical System Architecture MPM 09 There is no system model, but there is a system architecture CPS architectural style palette in AcmeStudio 13

Architectural views Models as architectural views ERTS2 10 Structural consistency using graph morphisms ICCPS 11 Model structure vs system structure Analysis: Consistency, completeness 1414

Semantic domains of models and specifications : semantic interpretation of M in a behavior domain B Model M A behavior b that M exhibits 1) overshoot is no more than 1.3 units and settling time is less than τ 2) (x < 1.3) τ (x [1±ϵ]) x 1.3 1 ±ϵ : semantic interpretation of S in B Specification S τ A behavior b that S allows time Behavior domains B precisely defined in behavior formalisms B (e.g., discrete traces, continuous trajectories, hybrid traces) 15

The semantic domain of a dynamic system Points, [ ] On N On R x N Intervals, [ ñ (á ñ, á ]) On R MATLAB, Stateflow Discrete time Simulink SimEvents Simulink Hybrid point/interval On R Simulink, Simscape On R x N Simulink, Simscape 16

Abstraction and Implication Model M 1 abstracts M 0 in B, written if Specification S 1 implies S 0 in B, written if 17

Mappings between semantic domains via behavior relations Approach: Create behavior relations between domains R 1 B 0 X B 1 Given R 1 B 0 X B 1 set-based inverse map R 1-1 ( α )={c,d, } B 0 : 1-d continuous trajectories in x B 1 ={α, α,}* {α, α,} ω 18

Heterogeneous Abstraction and Implication Heterogeneous extensions of behavior-set inclusions A B C Heterogeneous Abstract level C (in words) A (pictorially) B Detailed level 19

Multi-model Verification Problem 20

Multi-model conjunctive and disjunctive heterogeneous verification Typical use case Each model captures a different aspect Specs pertain to only the relevant one Typical use case Each model captures a different subset of behaviors, e.g., a specific nondeterministic choice HSCC 12 21

Hierarchical Verification Conjunctive and disjunctive verification constructs can be nested arbitrarily 22

Heterogeneous Verification of CICAS Time-to-exitintersection Time-tointersection Order POV SV Discrete Protocol SV and POV not in the intersection at the same time Single POV (POV initial condition safe) /\ \/* Single POV (POV initial SV and POV not condition unsafe in the intersection Only stay stopped) at the same time (trivially safe) N models with one lane each /\ /\ SV and POV not /\ in the intersection at the same time Node 21 Node 22 Node 23 Driver behavior model (empirical information) Driver response time \/ SV and another car not in the intersection at the same time Node 13 Computation model Verification model Computation time with hybrid dynamics /\ Sensing model Sensing error Communication model Communication delay Universal system model (cannot be created in practice) SV and another car not in the intersection at the same time /\ conjunctive abstraction \/ disjunctive coverage \/* discrete coverage with inter-model switching Model info Spec 23

Verification Problem MN-dimensional vector - - - - Verification objective: SV and another car are never in the intersection at the same time 24

Disjunctive Heterogeneous Verification - - - - - - 25

Heterogeneous verification of CICAS-SSA SV and POV not in the intersection at the same time Time-to-exitintersection Time-tointersection Order Node 52 Discrete POV SV Protocol Node 51 Node 53 Single POV (POV initial condition safe) /\ Node 41 \/* Single POV (POV initial SV and POV not condition unsafe in the intersection Only stay stopped) at the same time (trivially safe) N models with one lane each /\ /\ SV and POV not /\ in the intersection at the same time Driver behavior model (empirical information) SV and another car not in the intersection at the same time Computation model Computation time \/ Verification model with hybrid dynamics Sensing model Sensing error Communication model Communication delay Driver response time /\ Universal system model (cannot be created in practice) SV and another car not in the intersection at the same time /\ conjunctive abstraction \/ disjunctive coverage \/* discrete coverage with inter-model switching Model info Spec 26

Conjunctive Heterogeneous Verification Node 52 Node 51 Node 53 Node 41 - - : 27

Leveraging Compositionality for Heterogeneous Abstraction Objective: Conclude heterogeneous abstraction of the composition by establishing that of the components Rationale: Component s local semantics defined in a behavior domain of smaller dimension Schematic Need Behavior abstraction functions A : behavior relations that are also functions Mappings between local/global behavior domains of the same type Mappings between local/global abstraction functions 28 28

Compositionality Conditions Centralized Development Start with A, localize to get A P, A Q If localizations of A are A P and A Q, then compositional heterogeneous abstraction via A holds Decentralized Development Models as composition of components Analysis: Compositional Abstraction Start with A P, A Q, globalize to get A If globalizations of A P, A Q are consistent (call it A ), then compositional heterogeneous abstraction via A holds HSCC 13 29

Semantic Assumptions as Parameter Constraints Senor (look-up table) Physics-based Verification Network Software Problem Semantic interdependencies across formalisms Consistency How far off are sensor readings? How fast can the SV accelerate? How old are the sensor readings? What s the computation time? Challenge Formal representation that is universal to all modeling formalisms Dependencies that cut across modeling formalisms can be captured as parameter constraints CDC 11 Approach interdependencies as an auxiliary constraint on parameters Find effective constraint on given model/spec. parameters (existential quantification) Use SMT solvers or theorem provers to prove consistency Ensures semantic (parameter) consistency using external SMT solvers or provers 30 30

Parametric Verification of CICAS 1. Explicitly identify model parameters e.g. speed limits, intersection geometry, minimum acceleration, and spec. parameters, e.g., POV min. timeto-intersection, SV max. time-to-clearintersection /\ 2. Model interdependencies as an auxiliary constraint e.g., those dictated by speed limits, newton s laws and intersection geometry on time-to-intersection, 3. Project global constraints and interdependencies (aux. constraint) onto local sets of parameters HSCC 12 Proved semantic consistency in theorem prover KeYmaera 31 31

Semantic and Structural Hierarchies Semantic side Structural side TAC 14 (CPS Special Issue) 32

Summary Cyber-Physical Systems present a major paradigm shift with systems that are Adaptive, Autonomous, Connected, and Collaborative Model-based design critical for safe and efficient design process Open-ness and heterogeneity pose research challenges Contributions for supporting heterogeneity in MBD of CPS Architectural modeling: high-level structural representation [MPM 09] Model structures as architectural views for comparing structure [ERTS 10] Semantic mappings using behavior relations enable (compositional) heterogeneous verification [HSCC 12, HSCC 13] Constraint consistency for consistent simplifying assumptions [CDC 11, HSCC 12] Many challenges still remain 33 33

References* MPM 09 ERTS2 10 ICCPS 11 CDC 11 HSCC 12 HSCC 13 TAC:CPS 13 (submitted) *Other work available at https://arajhans.github.io 34 34

35

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback