Abstract
Traditionally, extensive vehicle testing is applied to assure the robustness and safety of automotive systems. This approach is highly challenged by increasing system complexity. Formal verification lends a powerful framework for model-based safety assurance, but due to the mixed discrete–continuous behavior of automotive systems, traditional tools for discrete program verification are helpful but not sufficient.
In academia, during the last two decades new approaches arose for the formal verification of such mixed discrete-continuous systems. However, the industry is not fully aware of this development, the tools are seldom tried and their applicability is not well examined. In a Ford–RWTH research alliance project, we aimed at evaluating the potential of knowledge and technology transfer in this area.
This paper has two main objectives. Firstly, we want to report on the state-of-the-art in the above-mentioned academic development in a generally understandable form, targeted to interested potential users. Secondly, we want to share our observations after testing different available tools for their applicability and usability in the automotive sector and as a conclusion devise some recommendations.
References
Ahrendt, W., Beckert, B., Bubel, R., Hähnle, R., Schmitt, P.H., Ulbrich, M. (eds.): Deductive Software Verification – The KeY Book – From Theory to Practice. LNCS, vol. 10001. Springer, Berlin (2016)
Alla, H., David, R.: Continuous and hybrid Petri nets. J. Circuits Syst. Comput. 8(01), 159–188 (1998)
Althoff, M.: An introduction to CORA 2015 (tool presentation). In: Proc. of ARCH’15. EPiC Series in Computing, vol. 34, pp. 120–151. EasyChair (2015)
Althoff, M., Bak, S., Cattaruzza, D., Chen, X., Frehse, G., Ray, R., Schupp, S.: ARCH-COMP17 category report: continuous and hybrid systems with linear continuous dynamics. In: Proc. of ARCH’17. EPiC Series in Computing, vol. 48, pp. 143–159. EasyChair (2017)
Althoff, M., Bak, S., Chen, X., Fan, C., Forets, M., Frehse, G., Kochdumper, N., Li, Y., Mitra, S., Ray, R., Schilling, C., Schupp, S.: ARCH-COMP18 category report: continuous and hybrid systems with linear continuous dynamics. In: Proc. of ARCH’18. EPiC Series in Computing, vol. 54, pp. 23–52. EasyChair (2018)
Althoff, M., Bak, S., Forets, M., Frehse, G., Kochdumper, N., Ray, R., Schilling, C., Schupp, S.: ARCH-COMP19 category report: continuous and hybrid systems with linear continuous dynamics. In: Proc. of ARCH’19. EPiC Series in Computing, vol. 61, pp. 14–40. EasyChair (2019)
Bak, S., Caccamo, M.: Computing reachability for nonlinear systems with HyCreate (2013). Poster at HSCC’13
Bak, S., Duggirala, P.S.: Hylaa: a tool for computing simulation-equivalent reachability for linear systems. In: Proc. of HSCC’17, pp. 173–178. ACM, New York (2017)
Bak, S., Bogomolov, S., Johnson, T.T.: Hyst: a source transformation and translation tool for hybrid automaton models. In: Proc. of HSCC’15, pp. 128–133. ACM, New York (2015)
Ben Makhlouf, I., Kowalewski, S.: Networked cooperative platoon of vehicles for testing methods and verification tools. In: Proc. of ARCH’14. EPiC Series in Computing, vol. 34, pp. 37–42. EasyChair (2014)
Benvenuti, L., Bresolin, D., Casagrande, A., Collins, P., Ferrari, A., Mazzi, E., Sangiovanni-Vincentelli, A., Villa, T.: Reachability computation for hybrid systems with ariadne. IFAC Proc. Vol. 41(2), 8960–8965 (2008)
Berger, P., Katoen, J.P., Ábrahám, E., Waez, M.T.B., Rambow, T.: Verifying auto-generated C code from Simulink. In: Proc. of FM’18, pp. 312–328. Springer, Berlin (2018)
Berger, P., Nellen, J., Katoen, J.P., Ábrahám, E., Waez, M.T.B., Rambow, T.: Multiple analyses, requirements once: simplifying testing and verification in automotive model-based development. In: Proc. of FMICS’19. LNCS, vol. 11687, pp. 59–75. Springer, Berlin (2019)
Bergman, R.N., Ider, Y.Z., Bowden, C.R., Cobelli, C.: Quantitative estimation of insulin sensitivity. Am. J. Physiol: Endocrinol. Metab. 236(6), E667 (1979)
Bergman, R.N., Phillips, L.S., Cobelli, C.: Physiologic evaluation of factors controlling glucose tolerance in man: measurement of insulin sensitivity and beta-cell glucose sensitivity from the response to intravenous glucose. J. Clin. Invest. 68(6), 1456–1467 (1981)
Bergman, R.N., Finegood, D.T., Ader, M.: Assessment of insulin sensitivity in vivo. Endocr. Rev. 6(1), 45–86 (1985)
Bertot, Y., Castéran, P.: Interactive Theorem Proving and Program Development: Coq’Art: The Calculus of Inductive Constructions. Springer, Berlin (2013)
Bogomolov, S., Forets, M., Frehse, G., Potomkin, K., Schilling, C.: JuliaReach: a toolbox for set-based reachability. In: Proc. of HSCC’19, pp. 39–44. ACM, New York (2019)
Chen, X., Ábrahám, E., Sankaranarayanan, S.: Flow*: an analyzer for non-linear hybrid systems. In: Proc. of CAV’13, pp. 258–263. Springer, Berlin (2013)
Chen, X., Schupp, S., Ben Makhlouf, I., Ábrahám, E., Frehse, G., Kowalewski, S.: A benchmark suite for hybrid systems reachability analysis. In: Proc. of NFM’15, pp. 408–414. Springer, Berlin (2015)
Damm, W., Möhlmann, E., Rakow, A.: Component based design of hybrid systems: a case study on concurrency and coupling. In: Proc. of HSCC’14, pp. 145–150. ACM, New York (2014)
Donzé, A., Frehse, G.: Modular, hierarchical models of control systems in SpaceEx. In: Proc. of ECC’13, pp. 4244–4251. IEEE, New York (2013)
Fan, C., Qi, B., Mitra, S., Viswanathan, M., Duggirala, P.S.: Automatic reachability analysis for nonlinear hybrid models with C2E2. In: Proc. of CAV’16, pp. 531–538. Springer, Berlin (2016)
Fehnker, A., Ivančić, F.: Benchmarks for hybrid systems verification. In: Proc. of HSCC’04, pp. 326–341. Springer, Berlin (2004)
Frehse, G., Le Guernic, C., Donzé, A., Cotton, S., Ray, R., Lebeltel, O., Ripado, R., Girard, A., Dang, T., Maler, O.: SpaceEx: scalable verification of hybrid systems. In: Proc. of CAV’11, pp. 379–395. Springer, Berlin (2011)
Fulton, N., Mitsch, S., Quesel, J.D., Völp, M., Platzer, A.: KeYmaera X: an axiomatic tactical theorem prover for hybrid systems. In: Proc. of CADE’15, pp. 527–538. Springer, Berlin (2015)
Henzinger, T.A.: The theory of hybrid automata. In: Verification of Digital and Hybrid Systems, pp. 265–292. Springer, Berlin (2000)
Henzinger, T.A., Kopke, P.W., Puri, A., Varaiya, P.: What’s decidable about hybrid automata? J. Comput. Syst. Sci. 57(1), 94–124 (1998)
Kong, S., Gao, S., Chen, W., Clarke, E.: dReach: \(\delta \)-reachability analysis for hybrid systems. In: Proc. of TACAS’15, pp. 200–205. Springer, Berlin (2015)
Masood, J., Philippsen, R., Duracz, J., Taha, W., Eriksson, H., Grante, C.: Domain analysis for standardised functional safety: a case study on design-time verification of automatic emergency braking. In: Proc. of FISITA’14, pp. 2–6. KIVI (2014)
Meiss, J.D.: Differential Dynamical Systems, vol. 14. SIAM, Philadelphia (2007)
Mishra, A., Roy, S.K.: Towards formal verification of adaptive cruise controller using SpaceEx. In: Proc. of VLSI-SATA’16, pp. 1–6. IEEE, New York (2016)
Müller, A., Mitsch, S., Platzer, A.: Verified traffic networks: component-based verification of cyber-physical flow systems. In: Proc. of ITSC’15, pp. 757–764. IEEE, New York (2015)
Nellen, J., Rambow, T., Waez, M.T.B., Ábrahám, E., Katoen, J.P.: Formal verification of automotive Simulink controller models: empirical technical challenges, evaluation and recommendations. In: Proc. of FM’18, pp. 382–398. Springer, Berlin (2018)
Nipkow, T., Paulson, L.C., Wenzel, M.: Isabelle/HOL: A Proof Assistant for Higher-Order Logic, vol. 2283. Springer, Berlin (2002)
Owre, S., Rushby, J.M., Shankar, N.: Pvs: a prototype verification system. In: Proc. of CADE-11, pp. 748–752. Springer, Berlin (1992)
Pence, B.L., Chen, J.: A framework for control oriented modeling of Pem fuel cells. In: Proc. of DSCC’15, vol. 57250, p. V002T26A002. American Society of Mechanical Engineers, New York (2015)
Platzer, A.: Differential-algebraic dynamic logic for differential-algebraic programs. J. Log. Comput. 20(1), 309–352 (2010)
Ratschan, S., She, Z.: Safety verification of hybrid systems by constraint propagation-based abstraction refinement. ACM Trans. Embed. Comput. Syst. 6(1), 8–31 (2007)
Schupp, S., Ábrahám, E., Ben Makhlouf, I., Kowalewski, S.: HyPro: a C++ library for state set representations for hybrid systems reachability analysis. In: Proc. of NFM’17. LNCS, vol. 10227, pp. 288–294. Springer, Berlin (2017)
Schupp, S., Nellen, J., Ábrahám, E.: Divide and conquer: variable set separation in hybrid systems reachability analysis. In: Proc. of QAPL’17, EPTCS, vol. 250, pp. 1–14. Open Publishing Association (2017)
Schupp, S., Ábrahám, E., Ebert, T.: Recent developments in theory and tool support for hybrid systems verification with hypro. Inf. Comput. 289, 104945 (2022)
Taha, W., Duracz, A., Zeng, Y., Atkinson, K., Bartha, F.A., Brauner, P., Duracz, J., Xu, F., Cartwright, R., Konečnỳ, M., et al.: Acumen: an open-source testbed for cyber-physical systems research. In: Proc. of IIoTS’15, pp. 118–130. Springer, Berlin (2015)
Testylier, R., Dang, T.: NLTOOLBOX: a library for reachability computation of nonlinear dynamical systems. In: Proc. of ATVA’13, pp. 469–473. Springer, Berlin (2013)
Tran, H.D., Nguyen, L.V., Johnson, T.T.: Large-scale linear systems from order-reduction (benchmark proposal). In: Proc. of ARCH’16. EPiC Series in Computing, vol. 43, pp. 60–67. EasyChair (2016)
Westhofen, L., Berger, P., Katoen, J.P.: Benchmarking software model checkers on automotive code. Preprint, CoRR (2020). arXiv:2003.11689
Yang, L., Karnik, A., Pence, B., Waez, M.T.B., Ozay, N.: Fuel cell thermal management: modeling, specifications, and correct-by-construction control synthesis. IEEE Trans. Control Syst. Technol. 28, 1638–1651 (2020)
Acknowledgements
We are grateful to Amey Karnik and his Ford team for sharing the model of the fuel cell system with us. We thank Liren Yang and his University of Michigan team for providing and patiently explaining the controller of this fuel cell system. We appreciate the help of Tristan Ebert, Marta Grobelna, Sergej Neuberger, and Tom Schäfers in the evaluation. We also thank our anonymous reviewers for their detailed feedback.
Funding
Open Access funding enabled and organized by Projekt DEAL. We are thankful for the funding of this work by Ford Motor Company in the course of the project “Safety Verification for Mixed Discrete–Continuous Automotive Systems”.
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher’s Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Open Access This article is licensed under a Creative Commons Attribution 4.0 International License, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made. The images or other third party material in this article are included in the article’s Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article’s Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creativecommons.org/licenses/by/4.0/.
About this article
Cite this article
Schupp, S., Ábrahám, E., Waez, M.T.B. et al. On the applicability of hybrid systems safety verification tools from the automotive perspective. Int J Softw Tools Technol Transfer (2023). https://doi.org/10.1007/s10009-023-00707-0
Accepted:
Published:
DOI: https://doi.org/10.1007/s10009-023-00707-0
Keywords
- Hybrid systems
- Reachability analysis
- Formal methods
- Safety verification