PALS-Based Analysis of an Airplane Multirate Control System in Real-Time Maude

TL;DR

This paper demonstrates how Multirate PALS can be used with Real-Time Maude to formally verify and improve a multirate distributed hybrid control system for airplane maneuvering, reducing complexity and ensuring correctness.

Contribution

It extends the PALS methodology to multirate systems and applies it to verify and redesign an airplane control system using formal methods.

Findings

Multirate PALS effectively verifies complex DCPS.

Formal analysis identified design flaws in the original system.

Redesign based on verification results improved system performance.

Abstract

Distributed cyber-physical systems (DCPS) are pervasive in areas such as aeronautics and ground transportation systems, including the case of distributed hybrid systems. DCPS design and verification is quite challenging because of asynchronous communication, network delays, and clock skews. Furthermore, their model checking verification typically becomes unfeasible due to the huge state space explosion caused by the system's concurrency. The PALS ("physically asynchronous, logically synchronous") methodology has been proposed to reduce the design and verification of a DCPS to the much simpler task of designing and verifying its underlying synchronous version. The original PALS methodology assumes a single logical period, but Multirate PALS extends it to deal with multirate DCPS in which components may operate with different logical periods. This paper shows how Multirate PALS can be applied to formally verify a nontrivial multirate DCPS. We use Real-Time Maude to formally specify a multirate distributed hybrid system consisting of an airplane maneuvered by a pilot who turns the airplane according to a specified angle through a distributed control system. Our formal analysis revealed that the original design was ineffective in achieving a smooth turning maneuver, and led to a redesign of the system that satisfies the desired correctness properties. This shows that the Multirate PALS methodology is not only effective for formal DCPS verification, but can also be used effectively in the DCPS design process, even before properties are verified.