Toward Online Hybrid Systems Model Checking of
Cyber-Physical Systems Time-Bounded Short-Run Behavior
Lei Bu*, Qixin Wang†, Xin Chen*, Linzhang Wang*, Tian Zhang*, Jianhua Zhao*, and Xuandong Li*
*Nanjing University, †The Hong Kong Polytechnic University
{bulei|chenxin|lzwang|ztluck|zhaojh|lxd}@nju.edu.cn, [email protected]
1. Demand: Verification of Cyber-Physical Systems
Case 1: Train Control System
2. Modeling Language
Case 2: Laser Tracheotomy MDPnP
Discrete
Control
Modes
Safety Rule: No Collision During Emergent Braking!
Continuous
Real-time
Behavior
Hybrid
Automata
Safety Rule: Cannot Start Laser Scalpel
and Ventilator At The Same Time !
3. Offline Modeling & Verification?
Case 1: Train Control System
Case 2: Laser Tracheotomy MDPnP
Problem
Difficult To Verify:
Composed System State
Space Explosion
Nonlinear Function
High Complexity
Difficult To Model:
Nondeterministic Bahavior
Runtime Parameter: Wind Speed, Railway
Condition for Train control System, SpO2 for
1.Train communicate with RBC for new MA every 500ms.
MDPnP are collected online, cannot predict the
2.If a train touches SBD point, brake normally.
1.SpO2 sampling period: 1 second
complete behavior space offline
3.If a train have not get any info in 5s, brake emergently! 2. Other automata are omitted from this poster due to space limit
4. Online Modeling & Verification
Procedure
Case 1: Train Control System
Case 2: Laser Tracheotomy MDPnP
Runtime Control Parameters
Become Fixed Numeric Values
Time-bounded Short Run Behavior
Scenario-Based Time-bounded Static Model
Fast Online Verification Before Model Expire
No need to build model for RBC!
The System to verify has only 3 trains,
Verified by BACH,
Only 58 ms<<500ms!
Verified By PHAVer,
Only 0.27 seconds < 1 second