Fig 1 - uploaded by François Bobot
Content may be subject to copyright.
Source publication
The Automatic Dependent Surveillance-Broadcast (ADS-B) system allows aircraft to communicate their current state, including position and velocity information, to other aircraft in their vicinity and to ground stations. The Compact Position Reporting (CPR) algorithm is the ADS-B module responsible for the encoding and decoding of aircraft positions....
Contexts in source publication
Context 1
... into zones of approximately 360 nautical miles. There are two different subdivisions of the space in zones, based on the format of the message, either even or odd. The number of zones depends on the format and, in the case of the longitude, also on the current latitude of the target. Each zone is itself divided into 2 17 parts, called bins. Fig. 1 shows how the latitude is divided into 60 zones (for the even subdivision) or into 59 zones (for the odd subdivision) and how each zone is then divided into 2 17 bins. The CPR encoding procedure transforms degree coordinates into CPR coordinates and is parametric with respect to the chosen subdivision (even or odd). The decoding ...
Context 2
... corresponding to the bin where the target is located. The correct zone can be recovered from either a previously known position (for local decoding) or from a matched pair of even and odd messages (for global decoding). The decoding procedures return a coordinate which corresponds to the centerline of the bin where the target is located (see Fig. 1). In a latitude zone (respectively longitude zone), all the latitudes (respectively longitudes) inside a bin have the same encoding. This means that the recovered latitude (respectively longitude) corresponds to the bin centerline. Therefore, the difference between a given position and the result of encoding and decoding should be less ...
Similar publications
![Fig. 2: The data layers for the description of a scenario following [4]...](profile/Christian-Geller/publication/341998248/figure/fig2/AS:900001383321600@1591588459312/The-data-layers-for-the-description-of-a-scenario-following-4-and-7_Q320.jpg)
Simulation is a valuable building block for the verification and validation of automated driving functions (ADF). When simulating urban driving scenarios, simulation maps are one important component. Often, the generation of those road networks is a time consuming and manual effort. Furthermore, typically many variations of a distinct junction or r...
Citations
... Nonetheless, an exception to that status quo is the line of work by Moscato et al. [45,58,56,22,21,55], who formally verified higher-level algorithms in the area of flight control. The approach developed by them is largely automatic: one formalises an algorithm using real numbers in the theorem prover PVS, and then proves it correct at that mathemtaical level. ...
Reasoning about quantitative properties of Markov Decision Processes (MDPs) inevitably requires computations on real or rational numbers. On modern hardware, these are usually efficiently implemented by floating-point numbers. However, due to their finite precision, many floating-point operations lead to small imprecisions. Probabilistic model checkers claim trustworthiness on the ground of a solid theoretical basis, yet prior work has uncovered discrepancies between the claimed and actual accuracy of these systems. How can we trust implementations of model checkers? Our answer is an efficiently executable, formally verified implementation of interval iteration for MDPs. Our correctness proofs span the entire development from the high-level abstract semantics of MDPs to the low-level implementation in LLVM that uses floating-point arithmetic. We use the Isabelle/HOL proof assistant to verify the abstract definition of interval iteration. Next, we employ step-wise refinement to derive an efficient implementation in LLVM code. To that end, we extend the Isabelle Refinement Framework with support for reasoning about floating point arithmetic and directed rounding modes. We experimentally evaluate our implementation on a set of benchmark MDPs. Our results show that the verified implementation is competitive with state-of-the-art tools for MDPs, while providing formal guarantees on the correctness of the results.
This paper discusses the use of formal methods in the context of multi-disciplinary teams. Success stories are presented based on experiences with industry and regulatory agencies. It will be shown that a pragmatic approach based on the use of prototypes driven by executable formal models represents an effective means to present the formal analysis effort to non-experts of formal methods.
The Automatic Dependent Surveillance-Broadcast (ADS-B) system allows aircraft to communicate current state information, including position and velocity messages, to other aircraft in their vicinity and to ground stations. The Compact Position Reporting (CPR) algorithm is the ADS-B protocol responsible for the encoding and decoding of aircraft positions. CPR is sensitive to computer arithmetic since it relies on functions that are intrinsically unstable such as floor and modulus. In this paper, a formal verification of the CPR algorithm is presented. In contrast to previous work, the algorithm presented here encompasses the entire range of message types supported by ADS-B. The paper also presents two implementations of the CPR algorithm, one in double-precision floating-point and one in 32-bit unsigned integers, which are both formally verified against the real-number algorithm. The verification proceeds in three steps. For each implementation, a version of CPR, which is simplified and manipulated to reduce numerical instability and leverage features of the datatypes, is proposed. Then, the Prototype Verification System (PVS) is used to formally prove real conformance properties, which assert that the ideal real-number counterpart of the improved algorithm is mathematically equivalent to the standard CPR definition. Finally, the static analyzer Frama-C is used to verify software conformance properties, which say that the software implementation of the improved algorithm is correct with respect to its idealized real-number counterpart. In concert, the two properties guarantee that the implementation meets the original specification. The two implementations will be included in the revised version of the ADS-B standards document as the reference implementation of the CPR algorithm.
A term Cyber-Physical System (CPS) refers to a mathematically described (specified) real-world process, that combines discrete changes of pre-defined control states (a cyber part) and changes of controllable continuous-time states (a physical part). In this paper, we present a model-checking approach to verification of Cyber-Physical Systems. The primary goal of the paper is to try using SPIN verifier and Promela language to specify and verify a safety property of a CPS for Air Collision Avoidance. The main “obstacle” preventing model checking the CPSs is the absence of a floating-point arithmetic in input languages of model checkers. In this paper, we describe an implementation of a standard floating-point arithmetic in Promela language as well as results of verifying an Air Collusion Avoidance model using this implementation and comparison of our approach with other approaches. Also, we stress an importance of verified standard mathematical functions used in CPSs solutions.
The problem of determining whether or not a point lies inside a given polygon occurs in many applications. In air traffic management concepts, a correct solution to the point-in-polygon problem is critical to geofencing systems for Unmanned Aerial Vehicles and in weather avoidance applications. Many mathematical methods can be used to solve the point-in-polygon problem. Unfortunately, a straightforward floating-point implementation of these methods can lead to incorrect results due to round-off errors. In particular, these errors may cause the control flow of the program to diverge with respect to the ideal real-number algorithm. This divergence potentially results in an incorrect point-in-polygon determination even when the point is far from the edges of the polygon. This paper presents a provably correct implementation of a point-in-polygon method that is based on the computation of the winding number. This implementation is mechanically generated from a source-to-source transformation of the ideal real-number specification of the algorithm. The correctness of this implementation is formally verified within the Frama-C analyzer, where the proof obligations are discharged using the Prototype Verification System (PVS).
