Formally Verified Safe Vertical Maneuvers for Non-deterministic, Accelerating Aircraft Dynamics

  • Yanni KouskoulasEmail author
  • Daniel Genin
  • Aurora Schmidt
  • Jean-Baptiste Jeannin
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10499)


We present the formally verified predicate and strategy used to independently evaluate the safety of the final version (Run 15) of the FAAs next-generation air-traffic collision avoidance system, ACAS X. This approach is a general one that can analyze simultaneous vertical and horizontal maneuvers issued by aircraft collision avoidance systems. The predicate is specialized to analyze sequences of vertical maneuvers, and in the horizontal dimension is modular, allowing it to be safely composed with separately analyzed horizontal dynamics. Unlike previous efforts, this approach enables analysis of aircraft that are turning, and accelerating non-deterministically. It can also analyze the safety of coordinated advisories, and encounters with more than two aircraft. We provide results on the safety evaluation of ACAS X coordinated collision avoidance on a subset of the system state space. This approach can also be used to establish the safety of vertical collision avoidance maneuvers for other systems with complex dynamics.



We gratefully acknowledge Neal Suchy and Josh Silbermann for their leadership and support. We thank André Platzer, Ryan Gardner and Christopher Rouff for their comments and technical discussion.


  1. 1.
    Chludzinski, B.J.: Evaluation of TCAS II version 7.1 using the FAA fast-time encounter generator model. Technical report ATC-346, MIT Lincoln Laboratory (2009)Google Scholar
  2. 2.
    Essen, C., Giannakopoulou, D.: Analyzing the next generation airborne collision avoidance system. In: Ábrahám, E., Havelund, K. (eds.) TACAS 2014. LNCS, vol. 8413, pp. 620–635. Springer, Heidelberg (2014). doi: 10.1007/978-3-642-54862-8_54 CrossRefGoogle Scholar
  3. 3.
    Federal Aviation Administration: Introduction to TCAS II, Version 7.1 (2011)Google Scholar
  4. 4.
    Ghorbal, K., Jeannin, J.B., Zawadzki, E., Platzer, A., Gordon, G.J., Capell, P.: Hybrid theorem proving of aerospace systems: applications and challenges. J. Aerosp. Inf. Syst. 11, 202–713 (2014)Google Scholar
  5. 5.
    Holland, J.E., Kochenderfer, M.J., Olson, W.A.: Optimizing the next generation collision avoidance system for safe, suitable, and acceptable operational performance. Air Traffic Control Q. 21, 275–297 (2014)CrossRefGoogle Scholar
  6. 6.
    Jeannin, J., Ghorbal, K., Kouskoulas, Y., Gardner, R., Schmidt, A., Zawadzki, E., Platzer, A.: Formal verification of ACAS X, an industrial airborne collision avoidance system. In: Girault, A., Guan, N. (eds.) 2015 International Conference on Embedded Software, EMSOFT 2015, Amsterdam, The Netherlands, 4–9 October 2015. ACM (2015)Google Scholar
  7. 7.
    Jeannin, J.-B., Ghorbal, K., Kouskoulas, Y., Gardner, R., Schmidt, A., Zawadzki, E., Platzer, A.: A formally verified hybrid system for the next-generation airborne collision avoidance system. In: Baier, C., Tinelli, C. (eds.) TACAS 2015. LNCS, vol. 9035, pp. 21–36. Springer, Heidelberg (2015). doi: 10.1007/978-3-662-46681-0_2 Google Scholar
  8. 8.
    Kochenderfer, M.J., Chryssanthacopoulos, J.P.: Robust airborne collision avoidance through dynamic programming. Technical report ATC-371, MIT Lincoln Laboratory (2010)Google Scholar
  9. 9.
    Kochenderfer, M.J., Holland, J.E., Chryssanthacopoulos, J.P.: Next generation airborne collision avoidance system. Lincoln Lab. J. 19(1), 17–33 (2012)Google Scholar
  10. 10.
    Lee, R., Kochenderfer, M.J., Mengshoel, O.J., Brat, G.P., Owen, M.P.: Adaptive stress testing of airborne collision avoidance systems. In: 2015 IEEE/AIAA 34th Digital Avionics Systems Conference (DASC), p. 6C2-1. IEEE (2015)Google Scholar
  11. 11.
    Loos, S.M., Renshaw, D.W., Platzer, A.: Formal verification of distributed aircraft controllers. In: HSCC, pp. 125–130. ACM (2013). doi: 10.1145/2461328.2461350
  12. 12.
    Muñoz, C., Narkawicz, A., Chamberlain, J.: A TCAS-II resolution advisory detection algorithm. In: Proceedings of the AIAA Guidance Navigation, and Control Conference and Exhibit 2013, AIAA-2013-4622, Boston, Massachusetts (2013)Google Scholar
  13. 13.
    Narkawicz, A., Muñoz, C.: Formal verification of conflict detection algorithms for arbitrary trajectories. Reliab. Comput. 17, 209–237 (2012)MathSciNetGoogle Scholar
  14. 14.
    Narkawicz, A., Muñoz, C.: A formally verified conflict detection algorithm for polynomial trajectories. In: Proceedings of the 2015 AIAA Infotech@ Aerospace Conference, Kissimmee, Florida (2015)Google Scholar
  15. 15.
    Platzer, A., Clarke, E.M.: Formal verification of curved flight collision avoidance maneuvers: a case study. In: Cavalcanti, A., Dams, D.R. (eds.) FM 2009. LNCS, vol. 5850, pp. 547–562. Springer, Heidelberg (2009). doi: 10.1007/978-3-642-05089-3_35 CrossRefGoogle Scholar
  16. 16.
    Tomlin, C., Pappas, G.J., Sastry, S.: Conflict resolution for air traffic management: a study in multiagent hybrid systems. IEEE Trans. Autom. Control 43(4), 509–521 (1998)MathSciNetCrossRefzbMATHGoogle Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Yanni Kouskoulas
    • 1
    Email author
  • Daniel Genin
    • 1
  • Aurora Schmidt
    • 1
  • Jean-Baptiste Jeannin
    • 2
  1. 1.The Johns Hopkins University Applied Physics LaboratoryLaurelUSA
  2. 2.Samsung Research AmericaCambridgeUSA

Personalised recommendations