SMT-Based Analysis of Virtually Synchronous Distributed Hybrid Systems

Kyungmin Bae, Peter Csaba Ölveczky, Soonho Kong, Sicun Gao, Edmund M. Clarke
2016 Proceedings of the 19th International Conference on Hybrid Systems: Computation and Control - HSCC '16  
This paper presents general techniques for verifying virtually synchronous distributed control systems with interconnected physical environments. Such cyber-physical systems (CPSs) are notoriously hard to verify, due to their combination of nontrivial continuous dynamics, network delays, imprecise local clocks, asynchronous communication, etc. To simplify their analysis, we first extend the PALS methodology-that allows to abstract from the timing of events, asynchronous communication, network
more » ... lays, and imprecise clocks, as long as the infrastructure guarantees bounds on the network delays and clock skews-from real-time to hybrid systems. We prove a bisimulation equivalence between Hybrid PALS synchronous and asynchronous models. We then show how various verification problems for synchronous Hybrid PALS models can be reduced to SMT solving over nonlinear theories of the real numbers. We illustrate the Hybrid PALS modeling and verification methodology on a number of CPSs, including a control system for turning an airplane. Keywords Distributed hybrid systems; SMT; synchronizers; PALS To summarize, the new contributions in this paper (also compared to [5] ) are: (i) more refined and complete Hybrid PALS models; (ii) a bisimulation result between synchronous and asynchronous Hybrid PALS models; (iii) general SMT techniques for analyzing synchronous Hybrid PALS models (as opposed to showing only concrete analysis of toy examples in [5]); and (iv) illustrating the effectiveness of Hybrid PALS and the proposed verification methodology on complex examples and hybrid systems benchmarks. The rest of the paper is organized as follows. Section 2 discusses related work. Section 3 gives a background on PALS. Section 4 introduces Hybrid PALS. Section 5 shows SMT encodings for Hybrid PALS models and their analysis. Section 6 gives an overview of the Hybrid PALS case studies. Finally, Section 7 gives some concluding remarks. PALS [1, 3, 15] targets distributed real-time systems, whose absence of continuous behaviors means that the timing of events, and hence local clocks, can be abstracted away in the synchronous models, which can therefore be verified by standard model checking techniques. In contrast, (synchronous) Hybrid PALS models must take both continuous behaviors and clock skews into account and therefore cannot be analyzed using such techniques for discrete systems. RELATED WORK The initial steps towards a hybrid extension of PALS were taken in [5] . However, the formal models of Hybrid PALS in [5] are very different from the models in this work, so that a bisimulation equivalence could not be provided in [5] . In this paper, Hybrid PALS models are significantly redefined to obtain a bisimulation between synchronous and distributed hybrid models, and to allow more general sampling and response times of sensors and actuators. For example, components in the same synchronous state may have different local times in [5] , but those times are synchronized in this paper to properly model the continuous behavior for tightly coupled environments. Furthermore, [5] shows that two interconnected thermostats can be verified using dReal, but does not present general SMT techniques for analyzing synchronous Hybrid PALS models. Our case studies on networks of identical hybrid systems are related to symmetry-reduction approaches for networks of timed or hybrid automata (e.g., [6, 11, 13] ), and their compositional analysis for any number of identical processes is related to [12] . Such work uses hybrid or timed automata where communication is specified using joint synchronous actions, whereas our work focuses on time-triggered systems with nonlinear dynamics where communication is governed by real-time constraints, taking into account network delays, execution times, and clock skews, and where the local environments of tightly coupled components continuously interact with each other. In addition, Hybrid PALS considers general virtually synchronous distributed hybrid systems (e.g., the airplane example in our paper), besides symmetric distributed hybrid systems. PRELIMINARIES ON PALS
doi:10.1145/2883817.2883849 dblp:conf/hybrid/BaeOKGC16 fatcat:gxsicqecpfhixk6oh22moh7diu