Verification of Control Systems Implemented in Simulink with Assertion Checks and Theorem Proving: A Case Study

TL;DR

This paper introduces a two-stage verification approach for Simulink control systems using assertion checks and theorem proving, enhancing the assurance of high-level requirements like stability.

Contribution

It presents a novel combined verification method integrating assertion checks and theorem proving with an automatic translation tool from Simulink to Why3.

Findings

Theorem proving covers the entire state space for verification.

Assertion checks are effective for specific sub-requirements.

The approach successfully verified stability in a case study.

Abstract

This paper presents the verification of control systems implemented in Simulink. The goal is to ensure that high-level requirements on control performance, like stability, are satisfied by the Simulink diagram. A two stage process is proposed. First, the high-level requirements are decomposed into specific parametrized sub-requirements and implemented as assertions in Simulink. Second, the verification takes place. On one hand, the sub-requirements are verified through assertion checks in simulation. On the other hand, according to their scope, some of the sub-requirements are verified through assertion checks in simulation, and others via automatic theorem proving over an ideal mathematical model of the diagram. We compare performing only assertion checks against the use of theorem proving, to highlight the advantages of the latter. Theorem proving performs verification by computing a mathematical proof symbolically, covering the entire state space of the variables. An automatic translation tool from Simulink to the language of the theorem proving tool Why3 is also presented. The paper demonstrates our approach by verifying the stability of a simple discrete linear system.