Some future challenges in the validation of control systems (original) (raw)

Static Analysis of the Accuracy in Control Systems: Principles and Experiments

Lecture Notes in Computer Science, 2008

Finite precision computations can severely affect the accuracy of computed solutions. We present a complete survey of a static analysis based on abstract interpretation, and a prototype implementing this analysis for C code, for studying the propagation of rounding errors occurring at every intermediary step in floating-point computations. In the first part of this paper, we briefly present the domains and techniques used in the implemented analyzer, called FLUCTUAT. We describe in the second part, the experiments made on real industrial codes, at Institut de Radioprotection et de Sûreté Nucléaire and at Hispano-Suiza, respectively coming from the nuclear industry and from aeronautics industry. This paper aims at filling in the gaps between some theoretical aspects of the static analysis of floating-point computations that have been described in , and the necessary choices of algorithms and implementation, in accordance with practical motivations drawn from real industrial cases.

Robustness Analysis of Finite Precision Implementations

Lecture Notes in Computer Science, 2013

A desirable property of control systems is to be robust to inputs, that is small perturbations of the inputs of a system will cause only small perturbations on its outputs. But it is not clear whether this property is maintained at the implementation level, when two close inputs can lead to very different execution paths. The problem becomes particularly crucial when considering finite precision implementations, where any elementary computation can be affected by a small error. In this context, almost every test is potentially unstable, that is, for a given input, the computed (finite precision) path may differ from the ideal (same computation in real numbers) path. Still, state-of-the-art error analyses do not consider this possibility and rely on the stable test hypothesis, that control flows are identical. If there is a discontinuity between the treatments in the two branches, that is the conditional block is not robust to uncertainties, the error bounds can be unsound. We propose here a new abstract-interpretation based error analysis of finite precision implementations, relying on the analysis of [16] for rounding error propagation in a given path, but which is now made sound in presence of unstable tests. It automatically bounds the discontinuity error coming from the difference between the float and real values when there is a path divergence, and introduces a new error term labeled by the test that introduced this potential discontinuity. This gives a tractable error analysis, implemented in our static analyzer FLUCTUAT: we present results on representative extracts of control programs.

Automatic Verification of Finite Precision Implementations of Linear Controllers

Springer eBooks, 2017

We consider the problem of verifying finite precision implementation of linear time-invariant controllers against mathematical specifications. A specification may have multiple correct implementations which are different from each other in controller state representation, but equivalent from a perspective of input-output behavior (e.g., due to optimization in a code generator). The implementations may use finite precision computations (e.g. floating-point arithmetic) which cause quantization (i.e., roundoff) errors. To address these challenges, we first extract a controller's mathematical model from the implementation via symbolic execution and floating-point error analysis, and then check approximate input-output equivalence between the extracted model and the specification by similarity checking. We show how to automatically verify the correctness of floating-point controller implementation in C language using the combination of techniques such as symbolic execution and convex optimization problem solving. We demonstrate the scalability of our approach through evaluation with randomly generated controller specifications of realistic size. Disciplines Computer Engineering | Computer Sciences Comments

Numerical Robustness Evaluation of Floating-Point Closed-Loop Control Based on Interval Analysis

Electronics

Power-electronics-based systems have penetrated into several critical sectors, such as the industry, power generation, energy transmission and distribution, and transportation. In this context, the system’s control, often implemented in real-time processing units, has to meet stringent requirements in terms of safety and repeatability. Given the growing complexity of the implemented algorithms, floating-point arithmetic is being increasingly adopted for high-performance systems. This paper proposes to assess the numerical stability of the control algorithms by means of an interval analysis. The case study of an electric drive is considered, given the wide adoption of such systems and the importance they hold for the safety of the applications. In particular, two different control strategies—the resonant control and the vector space decomposition—are examined, and a sensitivity analysis based on the proposed technique highlights the different characteristics of the two with respect t...

Automatic verification of control system implementations

2010

Software implementations of controllers for physical subsystems form the core of many modern safety-critical systems such as aircraft flight control and automotive engine control. A fundamental property of such implementations is stability, the guarantee that the physical plant converges to a desired behavior under the actions of the controller. We present a methodology and a tool to perform automated static analysis of embedded controller code for stability of the controlled physical system.

The sensitivity of computational control problems

IEEE Control Systems, 2004

lthough numerical methods have been used for many centuries to solve problems in science and engineering, the importance of computation grew tremendously with the advent of digital computers. It became immediately clear that many of the classical analytical and numerical methods and algorithms could not be implemented directly as computer codes, although they were well suited for hand computations. What was the reason? When doing computations by hand a person can choose the accuracy of each elementary calculation and then estimate, based on intuition and experience, its influence on the final result. In contrast, when computations are done automatically, intuitive error control is usually not possible and the effect of errors on the intermediate calculations must be estimated in a more systematic way. Due to this observation, starting Basic Concepts of Numerical Analysis Three factors determine the accuracy of the results of a numerical computation: floating point arithmetic, conditioning, and stability. Some Basics of Floating Point Arithmetic A digital computer has only a finite number of internal states, and hence it can operate with a finite, although possibly large, set of numbers called machine numbers. As a result, we have the so-called machine arithmetic, which consists of the set of machine numbers together

Verification of Numerical Programs: From Real Numbers to Floating Point Numbers

Lecture Notes in Computer Science, 2013

Numerical algorithms lie at the heart of many safety-critical aerospace systems. The complexity and hybrid nature of these systems often requires the use of interactive theorem provers to verify that these algorithms are logically correct. Usually, proofs involving numerical computations are conducted in the infinitely precise realm of the field of real numbers. However, numerical computations in these algorithms are often implemented using floating point numbers. The use of a finite representation of real numbers introduces uncertainties as to whether the properties verified in the theoretical setting hold in practice. This short paper describes work in progress aimed at addressing these concerns. Given a formally proven algorithm, written in the Program Verification System (PVS), the Frama-C suite of tools is used to identify sufficient conditions and verify that under such conditions the rounding errors arising in a C implementation of the algorithm do not affect its correctness. The technique is illustrated using an algorithm for detecting loss of separation among aircraft.

Control software analysis, Part I Open-loop properties

Computing Research Repository, 2008

As the digital world enters further into everyday life, questions are raised about the increasing challenges brought by the interaction of real-time software with physical devices. Many accidents and incidents encountered in areas as diverse as medical systems, transportation systems or weapon systems are ultimately attributed to "software failures". Since real-time software that interacts with physical systems might as well be called control software, the long litany of accidents due to real-time software failures might be taken as an equally long list of opportunities for control systems engineering. In this paper, we are interested only in run-time errors in those pieces of software that are a direct implementation of control system specifications: For well-defined and well-understood control architectures such as those present in standard textbooks on digital control systems, the current state of theoretical computer science is well-equipped enough to address and analyze control algorithms. It appears that a central element to these analyses is Lyapunov stability theory, which translate into invariant theory in computer implementations.