isat Benchmark: An Aircraft Collision Avoidance System

iSAT Benchmark: An Aircraft Collision Avoidance System AVACS H1/2 1 Context and Model description A classical case study was given by Tomlin et al....
Author: Alannah Snow
1 downloads 1 Views 132KB Size
iSAT Benchmark: An Aircraft Collision Avoidance System AVACS H1/2

1

Context and Model description

A classical case study was given by Tomlin et al. in [TPS98]. They present a conflict resolution protocol for air traffic management aiming at avoiding collisions between airplanes. The protocol works as follows: In case that the distance between two airplanes, for simplicity both remaining at the same altitude, becomes too small they perform a roundabout avoidance maneuver. Each aircraft turns 90 degrees to its right (or left) and follows a half circle. Thereafter both aircraft turn again 90 degrees thus continuing back on their original route. The kinematic equations of each airplane in this model are given by x˙ = v cos(α), y˙ = v sin(α), α˙ = ω, where x and y model the position, v the velocity, α the angular orientation, and ω the angular velocity. In standard flight mode, ω could take an arbitrary value within certain bounds, while in the collisionavoidance mode for the angular velocities ω1 and ω2 of both airplanes it is required that ω1 = ω2 = c for constant c 6= 0 holds. This constraint guarantees that both airplanes fly on a circle with the same diameter. In [HHMWT00] HyperTech was used to show that the protocol works correctly for some fixed values for the distance when starting the roundabout maneuver (≤ 7 miles), the critical distance (≤ 5 miles), and a fixed relative orientation of both aircraft (90 degrees). If in contrast to this restriction to fixed parameters more variables are allowed, e.g. different starting orientations, the maneuver no longer guarantees safety (cf. [PC07]).

2

Encoding

In order to find counter examples to collision freedom using our iSAT algorithm [FHR+ 07], a predicative encoding of the transition system must be given. The following listing shows the resulting model description together with a target state in which the distance between the two planes drops below a minimum √ value c. The given constants have been chosen rather arbitrarily in this model. Note that neither the initial position nor the initial angles of the planes are constrained. This means that an unsatisfiability of the system would give a general result for all starting points and initial angles within the specified ranges. −− −−

Roundabout c o l l i s i o n −a v o i d a n c e manoeuver i n a i r − t r a f f i c management . Adapted from t h e p r o t o c o l p r e s e n t e d by Tomlin e t a l .

DECL −− A i r c r a f t 1 . d e f i n e v1 = 6 ; f l o a t [ − 1 0 . 0 , 1 0 . 0 ] p1 ; f l o a t [ 0 . 0 , 1 0 0 0 . 0 ] x1 ; f l o a t [ 0 . 0 , 1 0 0 0 . 0 ] y1 ;

−− −− −− −−

velocity angle x position y position

−− A i r c r a f t 2 . d e f i n e v2 = 6 ; f l o a t [ − 1 0 . 0 , 1 0 . 0 ] p2 ; f l o a t [ 0 . 0 , 1 0 0 0 . 0 ] x2 ; f l o a t [ 0 . 0 , 1 0 0 0 . 0 ] y2 ;

−− −− −− −−

velocity angle x position y position

iSAT Benchmark: An Aircraft Collision Avoidance System

−− F u r t h e r define d = define a = define c = define w = define m = boole boole float float

declarations . 1000000; −− s q u a r e o f minimal i n i t i a l d i s t a n c e ( 1 0 0 0 ) 160000; −− s q u a r e o f a l e r t d i s t a n c e ( 4 0 0 ) 78400; −− s q u a r e o f c r i t i c a l d i s t a n c e ( 2 8 0 ) −0.02; −− a n g u l a r v e l o c i t y when b e i n g i n c i r c u l a r f l i g h t −50.0; −− r e c i p r o c a l o f w

jump ; cruise ; [ 0 . 0 , 5 0 0 . 0 ] dt ; [0.0 , 500.0] t ;

INIT −− I n i t i a l l y t h e a i r c r a f t a r e a t l e a s t 1000 u n i t s away from each o t h e r . ( x1 − x2 ) ˆ 2 + ( y1 − y2 ) ˆ 2 >= d ; −− They a r e i n c r u i s e mode . ! jump ; cruise ; −− R e s e t g l o b a l time . t = 0.0; TRANS jump ’ ! jump ; −− T r a n s i t i o n from mode ’ c r u i s e ’ t o ’ c o l l i s i o n a v o i d a n c e ’ . jump and c r u i s e −> ( ( x1 − x2 ) ˆ 2 + ( y1 − y2 ) ˆ 2 f a l s e ; −− C r u i s e mode . Angular v e l o c i t y i s z e r o , i . e . a n g l e r e m a i n s c o n s t a n t . ! jump and c r u i s e −> ( c r u i s e ’ and dt > 0 . 0 and ( x1 ’ − x2 ’ ) ˆ 2 + ( y1 ’ − y2 ’ ) ˆ 2 >= a and p1 ’ = p1 and x1 ’ = v1 ∗ c o s ( p1 ) ∗ dt + x1 and y1 ’ = v1 ∗ s i n ( p1 ) ∗ dt + y1 and p2 ’ = p2 and x2 ’ = v2 ∗ c o s ( p2 ) ∗ dt + x2 and y2 ’ = v2 ∗ s i n ( p2 ) ∗ dt + y2 ) ; −− C o l l i s i o n a v o i d a n c e mode . ! jump and ! c r u i s e −> ( ! c r u i s e ’ and dt > 0 . 0 and dt ∗ −w

Suggest Documents