A formally verified hybrid system for safe advisories in the next-generation airborne collision avoidance system

  • Jean-Baptiste Jeannin
  • Khalil Ghorbal
  • Yanni Kouskoulas
  • Aurora Schmidt
  • Ryan Gardner
  • Stefan Mitsch
  • André  Platzer
TACAS 2015

Abstract

The Next-Generation Airborne Collision Avoidance System (ACAS X) is intended to be installed on all large aircraft to give advice to pilots and prevent mid-air collisions with other aircraft. It is currently being developed by the Federal Aviation Administration (FAA). In this paper, we determine the geometric configurations under which the advice given by ACAS X is safe under a precise set of assumptions and formally verify these configurations using hybrid systems theorem proving techniques. We consider subsequent advisories and show how to adapt our formal verification to take them into account. We examine the current version of the real ACAS X system and discuss some cases where our safety theorem conflicts with the actual advisory given by that version, demonstrating how formal hybrid systems proving approaches are helping to ensure the safety of ACAS X. Our approach is general and could also be used to identify unsafe advice issued by other collision avoidance systems or confirm their safety.

Keywords

Aircraft collision avoidance Next-generation airborne collision avoidance system (ACAS X) Formal verification Hybrid systems Continuous dynamics 

References

  1. 1.
    Chludzinski, B.J.: Evaluation of TCAS II version 7.1 using the FAA fast-time encounter generator model. Tech. Rep. ATC-346, MIT Lincoln Laboratory (2009)Google Scholar
  2. 2.
    Collins, G.E.: Hauptvortrag: quantifier elimination for real closed fields by cylindrical algebraic decomposition. In: Automata Theory and Formal Languages, LNCS, vol. 33, pp. 134–183. Springer (1975)Google Scholar
  3. 3.
    Dowek, G., Muñoz, C., Carreño, V.: Provably safe coordinated strategy for distributed conflict resolution. In: AIAA Guidance Navigation, and Control Conference and Exhibit (2005)Google Scholar
  4. 4.
    von Essen, C., Giannakopoulou, D.: Analyzing the next generation airborne collision avoidance system. In: TACAS, LNCS, vol. 8413, pp. 620–635. Springer (2014). doi:10.1007/978-3-642-54862-8_54
  5. 5.
    Federal Aviation Administration.: Introduction to TCAS II. Version 7.1 (2011)Google Scholar
  6. 6.
    Federal Aviation Administration TCAS Program Office.: Algorithm design description for the surveillance and tracking module of ACAS X. Run12 (2014)Google Scholar
  7. 7.
    Federal Aviation Administration TCAS Program Office.: Algorithm design description for the threat resolution module of ACAS X. Version 3 Rev. 1 (2014)Google Scholar
  8. 8.
    Felty, A., Middeldorp, A. (eds.): International Conference on Automated Deduction, CADE’15, Berlin, Germany, Proceedings, LNCS, vol. 9195. Springer (2015)Google Scholar
  9. 9.
    Fulton, N., Mitsch, S., Quesel, J.D., Völp, M., Platzer, A.: KeYmaera X: an axiomatic tactical theorem prover for hybrid systems. In: Felty and Middeldorp [8], pp. 527–538. doi:10.1007/978-3-319-21401-6_36
  10. 10.
    Galdino, A., Muñoz, C., Ayala, M.: Formal verification of an optimal air traffic conflict resolution and recovery algorithm. In: WoLLIC, LNCS, vol. 4576. Springer (2007)Google Scholar
  11. 11.
    Ghorbal, K., Jeannin, J.B., Zawadzki, E., Platzer, A., Gordon, G.J., Capell, P.: Hybrid theorem proving of aerospace systems: applications and challenges. J. Aerosp. Inf. Syst. (2014)Google Scholar
  12. 12.
    Holland, J.E., Kochenderfer, M.J., Olson, W.A.: Optimizing the next generation collision avoidance system for safe, suitable, and acceptable operational performance. Air Traffic Control Q. (2014)Google Scholar
  13. 13.
    Jeannin, J.B., Ghorbal, K., Kouskoulas, Y., Gardner, R., Schmidt, A., Zawadzki, E., Platzer, A.: A formally verified hybrid system for the next-generation airborne collision avoidance system. In: Baier, C., Tinelli, C. (eds.) TACAS, LNCS, vol. 9035, pp. 21–36. Springer (2015). doi:10.1007/978-3-662-46680-3_2
  14. 14.
    Kochenderfer, M.J., Chryssanthacopoulos, J.P.: Robust airborne collision avoidance through dynamic programming. Tech. Rep. ATC-371, MIT Lincoln Laboratory (2010)Google Scholar
  15. 15.
    Kochenderfer, M.J., Espindle, L.P., Kuchar, J.K., Griffith, J.D.: Correlated encounter model for cooperative aircraft in the national airspace system version 1.0. Tech. Rep. ATC-344, MIT Lincoln Laboratory (2008)Google Scholar
  16. 16.
    Kochenderfer, M.J., Holland, J.E., Chryssanthacopoulos, J.P.: Next generation airborne collision avoidance system. Linc. Lab. J. 19(1), 17–33 (2012)Google Scholar
  17. 17.
    Kochenderfer, M.J., Monath, N.: Compression of optimal value functions for Markov decision processes. In: Data Compression Conference. Snowbird, Utah (2013)Google Scholar
  18. 18.
    Loos, S.M., Renshaw, D.W., Platzer, A.: Formal verification of distributed aircraft controllers. In: HSCC, pp. 125–130. ACM (2013). doi:10.1145/2461328.2461350
  19. 19.
    Lygeros, J., Lynch, N.: On the formal verification of the TCAS conflict resolution algorithms. In: IEEE Decision and Control, vol. 2, pp. 1829–1834. IEEE (1997). doi:10.1109/CDC.1997.657846
  20. 20.
    Platzer, A.: Differential dynamic logic for hybrid systems. J. Autom. Reas. 41(2), 143–189 (2008). doi:10.1007/s10817-008-9103-8 MathSciNetCrossRefMATHGoogle Scholar
  21. 21.
    Platzer, A.: Logical analysis of hybrid systems: Proving theorems for complex dynamics. Springer (2010). doi:10.1007/978-3-642-14509-4
  22. 22.
    Platzer, A.: Logics of dynamical systems. In: LICS, pp. 13–24. IEEE (2012). doi:10.1109/LICS.2012.13
  23. 23.
    Platzer, A.: A uniform substitution calculus for differential dynamic logic. In: Felty and Middeldorp [8], pp. 467–481. doi:10.1007/978-3-319-21401-6_32
  24. 24.
    Platzer, A., Clarke, E.M.: Formal verification of curved flight collision avoidance maneuvers: A case study. In: FM, LNCS, vol. 5850, pp. 547–562. Springer (2009). doi:10.1007/978-3-642-05089-3_35
  25. 25.
    Tomlin, C., Pappas, G.J., Sastry, S.: Conflict resolution for air traffic management: A study in multiagent hybrid systems. IEEE Trans. Autom. Control 43(4), 509–521 (1998)MathSciNetCrossRefMATHGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2016

Authors and Affiliations

  • Jean-Baptiste Jeannin
    • 1
  • Khalil Ghorbal
    • 2
  • Yanni Kouskoulas
    • 3
  • Aurora Schmidt
    • 3
  • Ryan Gardner
    • 3
  • Stefan Mitsch
    • 4
  • André  Platzer
    • 4
  1. 1.Samsung Research AmericaMountain ViewUSA
  2. 2.INRIARennesFrance
  3. 3.The Johns Hopkins University Applied Physics LaboratoryLaurelUSA
  4. 4.Carnegie Mellon UniversityPittsburghUSA

Personalised recommendations