Sarah M. Loos
André Platzer
ABSTRACT
As airspace becomes ever more crowded, air traffic management must reduce both space and time between aircraft to increase throughput, making on-board collision avoidance systems ever more important. These safety-critical systems must be extremely reliable, and as such, many resources are invested into ensuring that the protocols they implement are accurate. Still, it is challenging to guarantee that such a controller works properly under every circumstance. In tough scenarios where a large number of aircraft must execute a collision avoidance maneuver, a human pilot under stress is not necessarily able to understand the complexity of the distributed system and may not take the right course, especially if actions must be taken quickly. We consider a class of distributed collision avoidance controllers designed to work even in environments with arbitrarily many aircraft or UAVs. We prove that the controllers never allow the aircraft to get too close to one another, even when new planes approach an in-progress avoidance maneuver that the new plane may not be aware of. Because these safety guarantees always hold, the aircraft are protected against unexpected emergent behavior which simulation and testing may miss. This is an important step in formally verified, flyable, and distributed air traffic control.
Supplemental Material
Available for Download
Our paper presents two case studies for distributed aircraft controllers. This zip file contains the associated theorems (big_disc.dl and small_discs.dl) and their proof scripts (big_disc.dl.scala and small_discs.dl.scala), which can be loaded into the distributed theorem prover KeYmaeraD.
- Tomlin, C., Pappas, G.J., Sastry, S.: Conflict resolution for air traffic management. IEEE T. Automat. Contr.textbf43 (1998) 509--521Google Scholar
- Hu, J., Prandini, M., Sastry, S.: Probabilistic safety analysis in three-dimensional aircraft flight. In: CDC. (2003)Google Scholar
- Dowek, G., Munoz, C., Carreno, V.A.: Provably safe coordinated strategy for distributed conflict resolution. In: AIAA-2005--6047. (2005)Google Scholar
- Umeno, S., Lynch, N.A.: Proving safety properties of an aircraft landing protocol using I/O automata and the PVS theorem prover. In Misra, J., Nipkow, T., Sekerinski, E., eds.: FM. Volume 4085 of LNCS., Springer (2006) 64--80 Google ScholarDigital Library
- Galdino, A.L., Mu\ noz, C., Ayala-Rincón, M.: Formal verification of an optimal air traffic conflict resolution and recovery algorithm. In Leivant, D., de Queiroz, R., eds.: WoLLIC. Volume 4576 of LNCS., Springer (2007) 177--188 Google ScholarDigital Library
- Hwang, I., Kim, J., Tomlin, C.: Protocol-based conflict resolution for air traffic control. Air Traffic Control Quarterlytextbf15 (2007) 1--34Google Scholar
- Umeno, S., Lynch, N.A.: Safety verification of an aircraft landing protocol: A refinement approach. In Bemporad, A., Bicchi, A., Buttazzo, G., eds.: HSCC. Volume 4416 of LNCS., Springer (2007) 557--572 Google ScholarDigital Library
- Johnson, T., Mitra, S.: Parameterized verification of distributed cyber-physical systems:an aircraft landing protocol case study. In: ACM/IEEE ICCPS. (2012) Google ScholarDigital Library
- Duperret, J.M., Hafner, M.R., Del Vecchio, D.: Formal design of a provably safe roundabout system. (In: IEEE/RSJ IROS) 2006--2011Google Scholar
- Platzer, A., Clarke, E.M.: Formal verification of curved flight collision avoidance maneuvers: A case study. In: FM. Volume 5850 of LNCS., Springer (2009) 547--562 Google ScholarDigital Library
- Pallottino, L., Scordio, V., Frazzoli, E., Bicchi, A.: Decentralized cooperative policy for conflict resolution in multi-vehicle systems. IEEE Trans. on Roboticstextbf23 (2007) Google ScholarDigital Library
- Kosecká, J., Tomlin, C., Pappas, G., Sastry, S.: 2--1/2D conflict resolution maneuvers for ATMS. In: CDC. Volume 3., Tampa, FL, USA (1998) 2650--2655Google Scholar
- Bicchi, A., Pallottino, L.: On optimal cooperative conflict resolution for air traffic management systems. IEEE Trans. ITStextbf1 (2000) 221--231 Google ScholarDigital Library
- Hu, J., Prandini, M., Sastry, S.: Optimal coordinated motions of multiple agents moving on a plane. SIAM Journal on Control and Optimization 42 (2003) 637--668 Google ScholarDigital Library
- Massink, M., Francesco, N.D.: Modelling free flight with collision avoidance. In Andler, S.F., Offutt, J., eds.: ICECCS, Los Alamitos, IEEE (2001) 270--280 Google ScholarDigital Library
- Platzer, A.: Quantified differential dynamic logic for distributed hybrid systems. In Dawar, A., Veith, H., eds.: CSL. Volume 6247 of LNCS., Springer (2010) 469--483 Google ScholarDigital Library
- Platzer, A.: A complete axiomatization of quantified differential dynamic logic for distributed hybrid systems. Logical Methods in Computer Sciencetextbf8 (2012) 1--44Google Scholar
- Loos, S.M., Platzer, A., Nistor, L.: Adaptive cruise control: Hybrid, distributed, and now formally verified. In Butler, M., Schulte, W., eds.: FM. LNCS, Springer (2011) 42--56 Google ScholarDigital Library
- Renshaw, D.W., Loos, S.M., Platzer, A.: Distributed theorem proving for distributed hybrid systems. In Qin, S., Qiu, Z., eds.: ICFEM. Volume 6991 of LNCS., Springer (2011) 356--371 Google ScholarDigital Library
- Platzer, A.: Quantified differential invariants. In Frazzoli, E., Grosu, R., eds.: HSCC, ACM (2011) 63--72 Google ScholarDigital Library
- Dubins, L.E.: On curves of minimal length with a constraint on average curvature, and with prescribed initial and terminal positions and tangents. Am J Math 79 (1957) pp. 497--516Google ScholarCross Ref
- Electronic proofs: www.ls.cs.cmu.edu/discworld.Google Scholar
- David Renshaw, Sarah M. Loos, A.P.: Formal verification of distributed aircraft controllers. Technical Report Carnegie Mellon University-CS-12--132, Carnegie Mellon (2012)Google Scholar
- Platzer, A.: Differential-algebraic dynamic logic for differential-algebraic programs. J. Log. Comput. 20 (2010) 309--352 Google ScholarDigital Library
Index Terms
- Formal verification of distributed aircraft controllers
Recommendations
Probabilistic Formal Verification of the SATS Concept of Operation
NFM 2016: Proceedings of the 8th International Symposium on NASA Formal Methods - Volume 9690The objective of NASA's Small Aircraft Transportation System SATS Concept of Operations ConOps is to facilitate High Volume Operation HVO of advanced small aircraft operating in non-towered non-radar airports. Given the safety-critical nature of SATS, ...
Towards Probabilistic Formal Analysis of SATS-Simultaneously Moving Aircraft (SATS-SMA)
The objective of NASA's Small Aircraft Transportation System (SATS) Concept of Operations (ConOps) is to facilitate high volume operation of advanced small aircraft operating in non-towered, non-radar airports. This system can provide improved and ...
NNLander-VeriF: A Neural Network Formal Verification Framework for Vision-Based Autonomous Aircraft Landing
NASA Formal MethodsAbstractIn this paper, we consider the problem of formally verifying a Neural Network (NN) based autonomous landing system. In such a system, a NN controller processes images from a camera to guide the aircraft while approaching the runway. A central ...
Comments