ABSTRACT
Modern cyber-physical systems (CPS) interact with the physical world, hence their correctness is important. In this work, we build upon the Simplex Architecture, where control authority may switch from an unverified and potentially unsafe advanced controller to a verified-safe baseline controller in order to maintain system safety. We take the approach further by lifting the requirement that the baseline controller must be verified or even correct, instead also treating it as a black-box component. This change is important; there are many types of powerful control techniques---model predictive control and neural network controllers---that often work well in practice, but are unlikely to be formally proven correct due to complexity. We prove such an architecture maintains safety, and present case studies where model-predictive control provides safety for multi-robot coordination, and unverified neural networks provably prevent collisions for groups of F-16 aircraft.
- Stanley Bak, Taylor T. Johnson, Marco Caccamo, and Lui Sha. 2014. Real-Time Reachability for Verified Simplex Design. In 35th IEEE Real-Time Systems Symposium (RTSS 2014). IEEE Computer Society, Rome, Italy.Google Scholar
- Matthew Clark, Xenofon Koutsoukos, Joseph Porter, Ratnesh Kumar, George Pappas, Oleg Sokolsky, Insup Lee, and Lee Pike. 2013. A study on run time assurance for complex cyber physical systems. Technical Report. Air Force Research Laboratory, Aerospace Systems Directorate.Google Scholar
- Mykel J Kochenderfer and JP Chryssanthacopoulos. 2011. Robust airborne collision avoidance through dynamic programming. Massachusetts Institute of Technology, Lincoln Laboratory, Project Report ATC-371 130 (2011).Google Scholar
- Qin Lin, Xin Chen, Aman Khurana, and John Dolan. 2020. ReachFlow: An Online Safety Assurance Framework for Waypoint-Following of Self-driving Cars. In 2020 IEEE/RSJ International Conference on Intelligent Robots and Systems (IROS).Google Scholar
- Usama Mehmood, Stanley Bak, Scott A. Smolka, and Scott D. Stoller. 2021. Safe CPS from Unsafe Controllers. arXiv:2102.12981 [cs.SE]Google Scholar
- L. Sha. 2001. Using Simplicity to Control Complexity. IEEE Software 18, 4 (2001), 20--28. Google ScholarDigital Library
Recommendations
Real-Time Reachability for Verified Simplex Design
Special Issue on Innovative Design, Special Issue on MEMOCODE 2014 and Special Issue on M2M/IOTThe Simplex architecture ensures the safe use of an unverifiable complex/smart controller by using it in conjunction with a verified safety controller and verified supervisory controller (switching logic). This architecture enables the safe use of smart,...
Verifiably-safe software-defined networks for CPS
HiCoNS '13: Proceedings of the 2nd ACM international conference on High confidence networked systemsNext generation cyber-physical systems (CPS) are expected to be deployed in domains which require scalability as well as performance under dynamic conditions. This scale and dynamicity will require that CPS communication networks be programmatic (i.e., ...
Towards Building Verifiable CPS using Lingua Franca
Special Issue ESWEEK 2023Formal verification of cyber-physical systems (CPS) is challenging because it has to consider real-time and concurrency aspects that are often absent in ordinary software. Moreover, the software in CPS is often complex and low-level, making it hard to ...
Comments