ApplicationofFalsificationMethodsontheUxASSystem

CumhurE.Tuncali,GeorgiosFainekos

ArizonaState

University

NASAFormalMethods2018NewportNews,Virginia,USA,April18

BardhHoxha

SouthernIllinoisUniversity

bhoxha@cs.siu.eduwww.bhoxha.com

Guohui Ding,SriramSankaranarayanan

UniversityofColorado

Boulder

Theauthorsauthorizethepublicreleaseofthispresentation

SummerOfInnovation2017

Participantsfromtheindustry,academia,andthegovernmentApplyformalmethodstotheAFRLsUAVmissionplanningsoftwareUxAS

2

Requirementformalization•Formalarchitecturedescription•Methodsforprovingcorrectandsafebehavior•Cyber-securityconsiderations•Real-timescheduling/enforcement•Automatedtestgeneration•Argumentationandassurancecases•Run-timeassurance•

Hybridsystemsanalysis•ImprovementsinmissionandtaskplanningAutomatedtestgeneration

1.UxASandAMASE

FromMissionScenariostoSimulation

4https://github.com/cmcghan/OpenUxAShttps://github.com/cmcghan/OpenAMASE

UxASRoutePlanner

Automation

VehicleAbstract

LineSearchTask

AreaSearchTask

Overwatch Task

…

…

Mission AMASE

Scenario

AvailableVehicles

OperatingRegionsandKeepOutZones

…

AutopilotWaypointTracking

Waypoints

VehicleStates

Tasks

5[Slideadopted/modifiedfromD.Fisher,S52017]

6

Assignment

[Slideadopted/modifiedfromD.Fisher,S52017]

[ASU– SIU– VU] [ADHS2018]

🔥

🔥

🔥

🔥

SynchronizedFirefight

https://youtu.be/rgerTBylMsc

Testing UxAS:KeepOutZoneViolations

8

𝑍"

𝑑$

𝜃$

𝜃&'$𝜃(

𝑥(&(*, 𝑦(&(*

𝑥-(&, 𝑦-(&

𝑍$

𝑣𝑎𝑙𝑡

💨GPS

2.Robustness-GuidedTesting

MethodsandTools

10

FalsificationByOptimization

11-1

01

-1-0.500.51-1

-0.5

0

0.5

1

1.5

2

2.5

3

3.5

x1x2

Robu

sten

ss

|ε||ε|

positiverobustness→ signalsatisfiestheformula

negativerobustness→ signalfalsifiestheformula

RobustnessMetric𝜀 ∈ ℝ ∪ {±∞}

MTL𝜙

[Fainekos andPappas,TCS]

SystemΣx0ÎX0u ÎUy=Δ(x0,u) 𝜙

StochasticOptimizerNext

xE ∈ 𝑋E𝑢 ∈ 𝑈

MinimumRobustnessafterterminationconditionmet

[Abbasetal.TECS]

MetricTemporalLogic• Propositionallogic+TemporalOperators

withtimingintervals• Interpretedovertraces/trajectories

• Ex.𝐺[E,K]𝑝 ∧ 𝐹 ".Q 𝑏:“always from0to5,pistrueandeventually from2to4,bistrue”

Model

Simulink/StateflowUser-definedfunctions

StochasticOptimizationEngine

SimulatedAnnealingCrossEntropyAnt-colony

GradientDescentFlexibleinitialconditionandinputsignal

generation

FeaturesFalsification

ParameterMiningRequirementEngineeringwithViSpec

RuntimeVerificationConformanceTesting

…

S-TALIRO

3.TestingUxAS

KeepOutZones

14

𝑍"

𝑑$

𝜃$

𝜃&'$𝜃(

𝑥(&(*, 𝑦(&(*

𝑥-(&, 𝑦-(&

𝑍$

𝑣𝑎𝑙𝑡

💨GPS

AutonomyMonitors

15

UxASRoutePlanner

AutomationRequest

VehicleAbstract

LineSearch

AreaSearchTask

AutonomyMonitor

…

…

LineSearch AreaSearch

AutonomyMonitor

𝜌$ 𝜌"TaskDependent

NotionofRobustness

𝜌&… …UAVTasksAssigned

UAVTasksCompleted

TestingUxASwithS-TaLiRo

16

𝜙V =X𝑀Z

Z

([$

𝜙 = 𝜙\ ∧ 𝜙VSpecification𝜙:

AutonomyMonitors:

KeepOutZones: 𝜙\ =X𝐺(𝑟( → 𝐹 E,$E ¬𝑟()&

([$

StochasticOptimization

17

AutonomyMonitoringService

PropertyMonitors

TemporalLogic

Properties

StochasticGlobal

Optimizer

SimulatorUxASAMASE

Scenario/TaskSpecifications

Disturbances

Result:Falsification

18https://youtu.be/tVB9TgwrCEc

FutureWork

19

1.ParameterMiningofMTLSpecs[Hoxhaetal.STTT]

𝜙\ =X𝐺(𝑟( → 𝐹 E,b ¬𝑟()&

([$

Whatisthevalueof𝜃?

github.com/pheidlauf/AeroBenchVV

2.MorecomplexvehicledynamicsEx:F16AircraftModel[Bak andHeidlauf]

Acknowledgments

20

GeorgiosFainekos

Cumhur E.Tuncali

SriramSankaranarayanan

GuohuiDing

Sponsors:

AFRL:• DerekKingston• LauraHumphreyVU:• TaylorJohnson• LuanVietNguyenUTAustin:• Ufuk Topcu• MohammedAlshiekhASU:• AdelDokhanchi• Shakiba Yaghoubi

ThankYouQuestions?

www.bit.ly/2HKsMQK

MTLSurveyTesthypothesisthatformalmethodsexpertscanwritecorrectMTLspecificationsfromNL