Formal Verification of a Gain Scheduling Control Scheme

Gain scheduling is a commonly used closed-loop control approach for safety critical non-linear systems, such as commercial gas turbine engines. It is preferred over more advanced control strategies due to a known route to certification. Nonetheless, the stability of the system is hard to prove analytically, and consequently, safety and airworthiness is achieved by burdensome extensive testing. Model checking can aid in bringing down development costs of such a control system and simultaneously improve safety by providing guarantees on properties of embedded control systems. Due to model-checking exhaustive verification capabilities, it has long been recognised that coverage and error-detection rate can be increased compared to traditional testing methods. However, the statespace explosion is still a major computational limitation when applying model-checking to verify dynamic system behaviour. A practical methodology to incrementally design and formally verify control system requirements for a gain scheduling scheme is demonstrated in this paper, overcoming the computational constraints traditionally imposed by model checking. In this manner, the gain-scheduled controller can be efficiently and safely generated with the aid of the model checker.