Verification of Digital Twins using Classical and Statistical Model Checking

Abstract: With the increasing adoption of digital techniques, the concept of digital twin (DT) has received a widespread attention in both industry and academia. While several definitions exist for a DT, most definitions focus on the existence of a virtual entity (VE) of a real-world object or process, often comprising interconnected models which interact with each other, undergoing changes continuously owing to the synchronization with the real-world object. These interactions might lead to inconsistencies at execution time, due to their highly stochastic and/or time-critical nature, which may lead to undesirable behavior. In addition, the continuously varying nature of VE owing to its synchronization with the real-world object further contributes to the complexity arising from these interactions and corresponding model execution times, which could possibly affect its overall functioning at runtime. This creates a need to perform (continuous) verification of the VE, to ensure that it behaves consistently at runtime by adhering to desired properties such as deadlock freeness, functional correctness, liveness and timeliness. Some critical properties such as deadlock freeness can only be verified using classical model checking; on the other hand, statistical model checking provides the possibility to model actual stochastic temporal behavior. We therefore propose to use both these techniques to verify the correctness and the fulfillment of desirable properties of VE. We present our observations and findings from applying these techniques on the DT of an autonomously driving truck. Results from these verification techniques suggest that this DT adheres to properties of deadlock freeness and functional correctness, but not adhering to timeliness properties.

Verification of Digital Twins using Classical and Statistical Model Checking

This paper presents a synthesis of classical model checking (CMC) and statistical model checking (SMC) techniques to verify the runtime behavior of digital twins (DTs). Given the complexity associated with DTs due to their continuous synchronization with actual entities and the stochastic nature of interactions within the virtual entity, there is a pressing need for effective verification strategies to ensure consistency and adherence to desired properties like deadlock freeness, functional correctness, and timeliness.

Methodology and Results

The authors embarked on the verification process by modeling a DT for an autonomously driving truck using the UPPAAL toolset. The DT encompasses two behavioral models created in Simulink and a simulation environment represented by Unity, all interfaced through a Python server. This setup exemplifies the intricacies involved in ensuring predictive maintenance and control within an industrial DT environment.

The paper outlines the verification of critical safety properties, with an emphasis on deadlock freeness and essential liveness conditions using CMC. Despite potential state space explosion hazards inherent to CMC, crucial properties such as deadlock freeness were successfully verified, demonstrating the DT's capacity for unhindered operation in an idealized setting.

Conversely, the authors utilized SMC to estimate probabilities related to time-specific behavior and simulate interactions, thus presenting a probabilistic view of the DT's functionality under realistic temporal conditions. The results revealed misalignment with timeliness properties, implying possible inefficiencies or system optimizations needed to prevent operational delays leading to collisions or unexpected behavior.

Comparative Analysis

The authors provide a comparison between CMC and SMC based on their application to the DT case study. While CMC ensures exhaustive state exploration indispensable for verifying the critical properties, its susceptibility to state space explosion limits its application in scenarios with vast temporal variability. SMC offers a probabilistic approach, negating state space issues but imparting probabilistic rather than deterministic guarantees. Notably, SMC demonstrated superior flexibility in modeling actual temporal behaviors, providing insights that helped identify discrepancies unattainable via CMC alone.

Implications and Future Work

The implications of this research extend to the verification and validation of DTs across various domains where real-time data synchronization matters significantly. Notably, the results underscore the necessity for continuous monitoring and verification throughout the DT lifecycle to account for evolving system states and interactions.

Future developments may include employing model learning techniques for enhanced automation in verifiable model extraction from system logs. This potential advancement could alleviate manual complexities and improve verification efficacy. Moreover, further exploration of this combined approach across diverse DT case studies will be crucial in generalizing the findings and optimizing the verification process.

In conclusion, the integration of SMC and CMC provides a comprehensive framework for ensuring reliable DT functionality, balancing deterministic guarantees with realistic probabilistic behavioral insights. This dual approach represents a promising frontier for addressing the dynamic verification needs of complex digital systems in both academia and industry.