Automatic Verification of Finite Precision Implementations of Linear Controllers

  • Junkil ParkEmail author
  • Miroslav Pajic
  • Oleg Sokolsky
  • Insup Lee
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10205)


We consider the problem of verifying finite precision implementation of linear time-invariant controllers against mathematical specifications. A specification may have multiple correct implementations which are different from each other in controller state representation, but equivalent from a perspective of input-output behavior (e.g., due to optimization in a code generator). The implementations may use finite precision computations (e.g. floating-point arithmetic) which cause quantization (i.e., roundoff) errors. To address these challenges, we first extract a controller’s mathematical model from the implementation via symbolic execution and floating-point error analysis, and then check approximate input-output equivalence between the extracted model and the specification by similarity checking. We show how to automatically verify the correctness of floating-point controller implementation in C language using the combination of techniques such as symbolic execution and convex optimization problem solving. We demonstrate the scalability of our approach through evaluation with randomly generated controller specifications of realistic size.


Symbolic Execution Symbolic Expression Linear Time Invariant System Linear Time Invariant Finite Precision 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.



This work was supported in part by NSF CNS-1505799, NSF CNS-1505701, and the Intel-NSF Partnership for Cyber-Physical Systems Security and Privacy. This material is based on research sponsored by DARPA under agreement number FA8750-12-2-0247. The U.S. Government is authorized to reproduce and distribute reprints for Governmental purposes notwithstanding any copyright notation thereon. The views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of DARPA or the U.S. Government. This research was supported in part by Global Research Laboratory Program through the National Research Foundation of Korea (NRF) funded by the Ministry of Science, ICT and Future Planning (2013K1A1A2A02078326) with DGIST.


  1. 1.
    IEEE standard for floating-point arithmetic. IEEE Std 754-2008, pp. 1–70 (2008)Google Scholar
  2. 2.
  3. 3.
    Anta, A., Majumdar, R., Saha, I., Tabuada, P.: Automatic verification of control system implementations. In: Proceedings of 10th ACM International Conference on Embedded Software, EMSOFT 2010, pp. 9–18 (2010)Google Scholar
  4. 4.
    Araiza-Illan, D., Eder, K., Richards, A.: Formal verification of control systems’ properties with theorem proving. In: UKACC International Conference on Control (CONTROL), pp. 244–249 (2014)Google Scholar
  5. 5.
    Blanchet, B., Cousot, P., Cousot, R., Feret, J., Mauborgne, L., Miné, A., Monniaux, D., Rival, X.: A static analyzer for large safety-critical software. ACM SIGPLAN Not. 38, 196–207 (2003). ACMCrossRefzbMATHGoogle Scholar
  6. 6.
    Botella, B., Gotlieb, A., Michel, C.: Symbolic execution of floating-point computations. Softw. Test. Verif. Reliab. 16(2), 97–121 (2006)CrossRefGoogle Scholar
  7. 7.
    Clarke, L.: A system to generate test data and symbolically execute programs. IEEE Trans. Softw. Eng. 3, 215–222 (1976)MathSciNetCrossRefGoogle Scholar
  8. 8.
    Corbett, J.C., Dwyer, M.B., Hatcliff, J., Laubach, S., Păsăreanu, C.S., Bby, R., Zheng, H.: Bandera: extracting finite-state models from Java source code. In: Proceedings of the 2000 International Conference on Software Engineering, pp. 439–448. IEEE (2000)Google Scholar
  9. 9.
    Darulova, E., Kuncak, V.: Sound compilation of reals. ACM SIGPLAN Not. 49, 235–248 (2014). ACMzbMATHGoogle Scholar
  10. 10.
    Darulova, E., Kuncak, V., Majumdar, R., Saha, I.: Synthesis of fixed-point programs. In: Proceedings of 11th ACM International Conference on Embedded Software, EMSOFT 2013, pp. 22:1–22:10 (2013)Google Scholar
  11. 11.
    Daumas, M., Melquiond, G.: Certification of bounds on expressions involving rounded operators. ACM Trans. Math. Softw. (TOMS) 37(1), 2 (2010)MathSciNetCrossRefGoogle Scholar
  12. 12.
    Eldib, H., Wang, C.: An SMT based method for optimizing arithmetic computations in embedded software code. IEEE Trans. Comput. Aided Des. Integr. Circuits Syst. 33(11), 1611–1622 (2014)CrossRefGoogle Scholar
  13. 13.
    Feret, J.: Static analysis of digital filters. In: Schmidt, D. (ed.) ESOP 2004. LNCS, vol. 2986, pp. 33–48. Springer, Heidelberg (2004). doi: 10.1007/978-3-540-24725-8_4 CrossRefGoogle Scholar
  14. 14.
    Feron, E.: From control systems to control software. IEEE Control Syst. 30(6), 50–71 (2010)MathSciNetCrossRefGoogle Scholar
  15. 15.
    Goualard, F.: How do you compute the midpoint of an interval? ACM Trans. Math. Softw. (TOMS) 40(2), 11 (2014)MathSciNetCrossRefzbMATHGoogle Scholar
  16. 16.
    Goubault, E., Putot, S.: Static analysis of finite precision computations. In: Jhala, R., Schmidt, D. (eds.) VMCAI 2011. LNCS, vol. 6538, pp. 232–247. Springer, Heidelberg (2011). doi: 10.1007/978-3-642-18275-4_17 CrossRefGoogle Scholar
  17. 17.
    Grant, M., Boyd, S.: CVX: Matlab software for disciplined convex programming, version 2.1.
  18. 18.
    Herencia-Zapana, H., Jobredeaux, R., Owre, S., Garoche, P.L., Feron, E., Perez, G., Ascariz, P.: PVS linear algebra libraries for verification of control software algorithms in C/ACSL. In: NASA Formal Methods, pp. 147–161 (2012)Google Scholar
  19. 19.
    Holzmann, G.J., Smith, M.H.: Software model checking: extracting verification models from source code. Softw. Test. Verif. Reliab. 11(2), 65–79 (2001)CrossRefGoogle Scholar
  20. 20.
    Holzmann, G.J., Smith, M.H.: An automated verification method for distributed systems software based on model extraction. IEEE Trans. Softw. Eng. 28(4), 364–377 (2002)CrossRefGoogle Scholar
  21. 21.
    King, J.C.: Symbolic execution and program testing. Commun. ACM 19(7), 385–394 (1976)MathSciNetCrossRefzbMATHGoogle Scholar
  22. 22.
    Majumdar, R., Saha, I., Shashidhar, K., Wang, Z.: CLSE: closed-loop symbolic execution. In: NASA Formal Methods, pp. 356–370 (2012)Google Scholar
  23. 23.
    Majumdar, R., Saha, I., Ueda, K., Yazarel, H.: Compositional equivalence checking for models and code of control systems. In: 52nd Annual IEEE Conference on Decision and Control (CDC), pp. 1564–1571 (2013)Google Scholar
  24. 24.
    Majumdar, R., Saha, I., Zamani, M.: Synthesis of minimal-error control software. In: Proceedings of 10th ACM International Conference on Embedded Software, EMSOFT 2012, pp. 123–132 (2012)Google Scholar
  25. 25.
  26. 26.
    Pajic, M., Park, J., Lee, I., Pappas, G.J., Sokolsky, O.: Automatic verification of linear controller software. In: 12th International Conference on Embedded Software (EMSOFT), pp. 217–226. IEEE Press (2015)Google Scholar
  27. 27.
    Park, J.: Step function example.
  28. 28.
    Park, J., Pajic, M., Lee, I., Sokolsky, O.: Scalable verification of linear controller software. In: Chechik, M., Raskin, J.-F. (eds.) TACAS 2016. LNCS, vol. 9636, pp. 662–679. Springer, Heidelberg (2016). doi: 10.1007/978-3-662-49674-9_43 CrossRefGoogle Scholar
  29. 29.
    Pichler, J.: Specification extraction by symbolic execution. In: 2013 20th Working Conference on Reverse Engineering (WCRE), pp. 462–466. IEEE (2013)Google Scholar
  30. 30.
    Rugh, W.J.: Linear System Theory. Prentice Hall, Upper Saddle River (1996)zbMATHGoogle Scholar
  31. 31.
    Ryabtsev, M., Strichman, O.: Translation validation: from Simulink to C. In: Bouajjani, A., Maler, O. (eds.) CAV 2009. LNCS, vol. 5643, pp. 696–701. Springer, Heidelberg (2009). doi: 10.1007/978-3-642-02658-4_57 CrossRefGoogle Scholar
  32. 32.
    Sangiovanni-Vincentelli, A., Di Natale, M.: Embedded system design for automotive applications. IEEE Comput. 10, 42–51 (2007)CrossRefGoogle Scholar
  33. 33.
    Solovyev, A., Jacobsen, C., Rakamarić, Z., Gopalakrishnan, G.: Rigorous estimation of floating-point round-off errors with symbolic Taylor expansions. In: Bjørner, N., de Boer, F. (eds.) FM 2015. LNCS, vol. 9109, pp. 532–550. Springer, Heidelberg (2015). doi: 10.1007/978-3-319-19249-9_33 CrossRefGoogle Scholar
  34. 34.
    Wang, S., Dwarakanathan, S., Sokolsky, O., Lee, I.: High-level model extraction via symbolic execution. Technical reports (CIS) paper 967, University of Pennsylvania, (2012).
  35. 35.
    Wang, T., Jobredeaux, R., Herencia, H., Garoche, P.L., Dieumegard, A., Feron, E., Pantel, M.: From design to implementation: an automated, credible autocoding chain for control systems (2013). arXiv preprint: arXiv:1307.2641
  36. 36.
    Wang, T.E., Ashari, A.E., Jobredeaux, R.J., Feron, E.M.: Credible autocoding of fault detection observers. In: American Control Conference (ACC), pp. 672–677 (2014)Google Scholar
  37. 37.
    Williams, N., Marre, B., Mouy, P., Roger, M.: PathCrawler: automatic generation of path tests by combining static and dynamic analysis. In: Cin, M., Kaâniche, M., Pataricza, A. (eds.) EDCC 2005. LNCS, vol. 3463, pp. 281–292. Springer, Heidelberg (2005). doi: 10.1007/11408901_21 CrossRefGoogle Scholar

Copyright information

© Springer-Verlag GmbH Germany 2017

Authors and Affiliations

  • Junkil Park
    • 1
    Email author
  • Miroslav Pajic
    • 2
  • Oleg Sokolsky
    • 1
  • Insup Lee
    • 1
  1. 1.Department of Computer and Information ScienceUniversity of PennsylvaniaPhiladelphiaUSA
  2. 2.Department of Electrical and Computer EngineeringDuke UniversityDurhamUSA

Personalised recommendations