TY - GEN
T1 - Real-time reachability for verified simplex design
AU - Bak, Stanley
AU - Johnson, Taylor T.
AU - Caccamo, Marco
AU - Sha, Lui
N1 - Publisher Copyright:
© 2014 IEEE.
PY - 2015/1/14
Y1 - 2015/1/14
N2 - The Simplex Architecture ensures the safe use of an unverifiable complex controller by using a verified safety controller and verified switching logic. This architecture enables the safe use of high-performance, untrusted, and complex control algorithms without requiring them to be formally verified. Simplex incorporates a supervisory controller and safety controller that will take over control if the unverified logic misbehaves. The supervisory controller should (1) guarantee the system never enters and unsafe state (safety), but (2) use the complex controller as much as possible (minimize conservatism). The problem of precisely and correctly defining this switching logic has previously been considered either using a control-theoretic optimization approach, or through an offline hybrid systems reach ability computation. In this work, we prove that a combined online/offline approach, which uses aspects of the two earlier methods along with a real-time reach ability computation, also maintains safety, but with significantly less conservatism. We demonstrate the advantages of this unified approach on a saturated inverted pendulum system, where the usable region of attraction is 227% larger than the earlier approach.
AB - The Simplex Architecture ensures the safe use of an unverifiable complex controller by using a verified safety controller and verified switching logic. This architecture enables the safe use of high-performance, untrusted, and complex control algorithms without requiring them to be formally verified. Simplex incorporates a supervisory controller and safety controller that will take over control if the unverified logic misbehaves. The supervisory controller should (1) guarantee the system never enters and unsafe state (safety), but (2) use the complex controller as much as possible (minimize conservatism). The problem of precisely and correctly defining this switching logic has previously been considered either using a control-theoretic optimization approach, or through an offline hybrid systems reach ability computation. In this work, we prove that a combined online/offline approach, which uses aspects of the two earlier methods along with a real-time reach ability computation, also maintains safety, but with significantly less conservatism. We demonstrate the advantages of this unified approach on a saturated inverted pendulum system, where the usable region of attraction is 227% larger than the earlier approach.
KW - hybrid systems
KW - model checking
KW - online
KW - reachability computation
KW - real-time reachability
KW - verification
UR - http://www.scopus.com/inward/record.url?scp=84936951807&partnerID=8YFLogxK
U2 - 10.1109/RTSS.2014.21
DO - 10.1109/RTSS.2014.21
M3 - Conference contribution
AN - SCOPUS:84936951807
T3 - Proceedings - Real-Time Systems Symposium
SP - 138
EP - 148
BT - Proceedings - IEEE 35th Real-Time Systems Symposium, RTSS 2014
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 35th IEEE Real-Time Systems Symposium, RTSS 2014
Y2 - 2 December 2014 through 5 December 2014
ER -