ECE 720T5 Fall 2012 Cyber-Physical Systems Rodolfo Pellizzoni.

Slides:



Advertisements
Similar presentations
A Survey of Runtime Verification Jonathan Amir 2004.
Advertisements

ECE 720T5 Fall 2011 Cyber-Physical Systems Rodolfo Pellizzoni.
Timed Automata.
Model Checker In-The-Loop Flavio Lerda, Edmund M. Clarke Computer Science Department Jim Kapinski, Bruce H. Krogh Electrical & Computer Engineering MURI.
Zonotopes Techniques for Reachability Analysis Antoine Girard Workshop “Topics in Computation and Control” March 27 th 2006, Santa Barbara, CA, USA
Combining Symbolic Simulation and Interval Arithmetic for the Verification of AMS Designs Mohamed Zaki, Ghiath Al Sammane, Sofiene Tahar, Guy Bois FMCAD'07.
Modeling and simulation of systems Slovak University of Technology Faculty of Material Science and Technology in Trnava.
Fault Detection in a HW/SW CoDesign Environment Prepared by A. Gaye Soykök.
Establishing IV&V Properties Steve Raque, NASA IV&V Facility Dr. Doron Drusinsky, Naval Postgraduate School 9/4/20091Establishing IV&V Properties.
Robust Hybrid and Embedded Systems Design Jerry Ding, Jeremy Gillula, Haomiao Huang, Michael Vitus, and Claire Tomlin MURI Review Meeting Frameworks and.
SE 450 Software Processes & Product Metrics Reliability: An Introduction.
CS 290C: Formal Models for Web Software Lecture 10: Language Based Modeling and Analysis of Navigation Errors Instructor: Tevfik Bultan.
Model Checking. Used in studying behaviors of reactive systems Typically involves three steps: Create a finite state model (FSM) of the system design.
Behavioral Design Outline –Design Specification –Behavioral Design –Behavioral Specification –Hardware Description Languages –Behavioral Simulation –Behavioral.
ECE Synthesis & Verification1 ECE 667 Spring 2011 Synthesis and Verification of Digital Systems Verification Introduction.
G Robert Grimm New York University Extensibility: SPIN and exokernels.
A Type System for Expressive Security Policies David Walker Cornell University.
System Design Research Laboratory Model-based Testing and Monitoring for Hybrid Embedded Systems Li Tan Jesung Kim Oleg Sokolsky Insup Lee University of.
CSC 402, Fall Requirements Analysis for Special Properties Systems Engineering (def?) –why? increasing complexity –ICBM’s (then TMI, Therac, Challenger...)
November 18, 2004 Embedded System Design Flow Arkadeb Ghosal Alessandro Pinto Daniele Gasperini Alberto Sangiovanni-Vincentelli
Code Generation from CHARON Rajeev Alur, Yerang Hur, Franjo Ivancic, Jesung Kim, Insup Lee, and Oleg Sokolsky University of Pennsylvania.
Database Management Systems (DBMS)
Formal Techniques for Verification Using SystemC By Nasir Mahmood.
02/06/05 “Investigating a Finite–State Machine Notation for Discrete–Event Systems” Nikolay Stoimenov.
Verification technique on SA applications using Incremental Model Checking 컴퓨터학과 신영주.
Cheng/Dillon-Software Engineering: Formal Methods Model Checking.
Timed UML State Machines Ognyana Hristova Tutor: Priv.-Doz. Dr. Thomas Noll June, 2007.
1 DISTRIBUTION A. Approved for public release; Distribution unlimited. (Approval AFRL PA # 88ABW , 09 April 2014) Reducing the Wrapping Effect.
© Siemens AG, CT SE 1, Dr. A. Ulrich C O R P O R A T E T E C H N O L O G Y Research at Siemens CT SE Software & Engineering Development Techniques.
ECE 720T5 Winter 2014 Cyber-Physical Systems Rodolfo Pellizzoni.
1 Performance Evaluation of Computer Networks: Part II Objectives r Simulation Modeling r Classification of Simulation Modeling r Discrete-Event Simulation.
Rodolfo Pellizzoni, Patrick Meredith, Marco Caccamo and Grigore Roşu Department of Computer Science University of Illinois at Urbana-Champaign Hardware.
 1  Outline  stages and topics in simulation  generation of random variates.
Benjamin Gamble. What is Time?  Can mean many different things to a computer Dynamic Equation Variable System State 2.
Transformation of Timed Automata into Mixed Integer Linear Programs Sebastian Panek.
Proof Carrying Code Zhiwei Lin. Outline Proof-Carrying Code The Design and Implementation of a Certifying Compiler A Proof – Carrying Code Architecture.
Intent Specification Intent Specification is used in SpecTRM
Dynamic Analysis of Multithreaded Java Programs Dr. Abhik Roychoudhury National University of Singapore.
Polymorphous Computing Architectures Run-time Environment And Design Application for Polymorphous Technology Verification & Validation (READAPT V&V) Lockheed.
Dynamic software reconfiguration using control supervisors Ugo Buy 13 June 2005.
Introduction to Problem Solving. Steps in Programming A Very Simplified Picture –Problem Definition & Analysis – High Level Strategy for a solution –Arriving.
Writing Systems Software in a Functional Language An Experience Report Iavor Diatchki, Thomas Hallgren, Mark Jones, Rebekah Leslie, Andrew Tolmach.
1 Test Selection for Result Inspection via Mining Predicate Rules Wujie Zheng
Handling Mixed-Criticality in SoC- based Real-Time Embedded Systems Rodolfo Pellizzoni, Patrick Meredith, Min-Young Nam, Mu Sun, Marco Caccamo, Lui Sha.
ECE450 - Software Engineering II1 ECE450 – Software Engineering II Today: Design Patterns VIII Chain of Responsibility, Strategy, State.
Electrical and Computer Engineering University of Cyprus LAB 1: VHDL.
Testing OO software. State Based Testing State machine: implementation-independent specification (model) of the dynamic behaviour of the system State:
Title 11/5/2000 eSimplex Architecture Using MaCS Insup Lee Oleg Sokolsky Moonjoo Kim Anirban Majumdar Sampath Kannan Mahesh Viswanathan Insik Shin and.
OPERATING SYSTEMS CS 3530 Summer 2014 Systems and Models Chapter 03.
CSCI1600: Embedded and Real Time Software Lecture 28: Verification I Steven Reiss, Fall 2015.
SAFE KERNEL EXTENSIONS WITHOUT RUN-TIME CHECKING George C. Necula Peter Lee Carnegie Mellon U.
Grigore Rosu Founder, President and CEO Professor of Computer Science, University of Illinois
ECE/CS 584: Verification of Embedded Computing Systems Model Checking Timed Automata Sayan Mitra Lecture 09.
Quality Assurance in the Presence of Variability Kim Lauenroth, Andreas Metzger, Klaus Pohl Institute for Computer Science and Business Information Systems.
Requirement Analysis SOFTWARE ENGINEERING. What are Requirements? Expression of desired behavior Deals with objects or entities, the states they can be.
Introduction to Hardware Verification ECE 598 SV Prof. Shobha Vasudevan.
Winter 2007SEG2101 Chapter 121 Chapter 12 Verification and Validation.
CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur
Time Management.  Time management is concerned with OS facilities and services which measure real time.  These services include:  Keeping track of.
Efficient Software-Based Fault Isolation Authors: Robert Wahbe Steven Lucco Thomas E. Anderson Susan L. Graham Presenter: Gregory Netland.
1 CEN 4020 Software Engineering PPT4: Requirement analysis.
MOPS: an Infrastructure for Examining Security Properties of Software Authors Hao Chen and David Wagner Appears in ACM Conference on Computer and Communications.
Testing Overview Software Reliability Techniques Testing Concepts CEN 4010 Class 24 – 11/17.
©Ian Sommerville 2000 Software Engineering, 6th edition. Chapter 10Slide 1 Chapter 5:Architectural Design l Establishing the overall structure of a software.
OPERATING SYSTEMS CS 3502 Fall 2017
LPV: a new technique, based on linear programming, to formally prove or disprove safety properties J-L Lambert, valiosys.
runtime verification Brief Overview Grigore Rosu
CSCI1600: Embedded and Real Time Software
CSCI1600: Embedded and Real Time Software
Lecture 10, Computer Networks (198:552)
Presentation transcript:

ECE 720T5 Fall 2012 Cyber-Physical Systems Rodolfo Pellizzoni

/ 16 Topic Today: Models & Verification Remember verification: ensuring that a subsystem (or step in the design) meets the objectives for that subsystem, i.e. it does what we want it to do. How do verify a system/subsystem? –(Exhaustive) testing –Formal verification 2

/ 16 Formal Verification: Key Issues Modeling –Formal verification verifies a model of the system, not the system implementation! –Models must represents both hardware as well as software component. –System-level verification – need architecture description language. –How can different models (ex: differential equations and automata) interact? Complexity –Most applicable techniques scale poorly – allows only for verification of limited-scale subsystems. 3

/ 16 An Alternative Solution: Run-Time Monitoring Divide the system is a set of simple, verifiable safety-critical components and a set of complex, untrusted components. A formal requirement specification is attached to each unverified component. The specification acts as a certificate: if the component behaves according to the specification, the system remain safe. At run-time, we monitor (check) the actual component behavior against its requirement specification expressed as a set of properties. If a requirement violation is detected, we perform a recovery action to restore the system to a safe state. Key idea: it is simpler to check the certificate that to verify the inner working of the unverified component. 4

/ 16 The Big Picture: Event-Based Monitoring 5 Event Generator E1 - - E2 E3 E t Monitor Handler (Recovery) Violation / Validation Event Specification Formula 1.The system to be monitored (HW/SW) 2. User specifies a set of events. Ex: a specified variable is modified 3. Event Generator generates a trace of observed events over time. 4. User specifies a formula using defined events. Ex: (E1 E2) * 5. Monitor checks if formula is validated / violated based on event trace. 6. A recovery handler is called if a validation / violation is detected. System

/ 16 Monitoring Overhead Two main issues: 1.How do we generate the events? Answer – architecture specific. 2.Where do we run the monitors? Most available frameworks use software-based solutions. –Event generation hooks are inserted by the compiler into the code. –Monitors are run in SW either on the same processor or a separate processor. Problem: the overhead is typically not predictable – how many events gets generated? 6

/ 16 Predictable Monitoring Solutions Sampling-based monitoring –Instead of running the monitor every time an event is generated, sample the system periodically. –Analysis is required to ensure that the sampling happens often enough to capture the properties of interest. Hardware-base monitoring –Required for HW components with no corresponding SW code –Run both the event generator and the monitors in HW –Potentially zero timing overhead (if done right) 7

Cyberphysical System Runtime Verification 8

/ 16 Simplex Model Run-time verification for Control Systems. Under normal conditions, run a complex controller. If the complex controller fails, switch to a simpler, verified one. 9

/ 16 Model: Hybrid Automata Similar to timed automata + continuous state –Discrete states and transitions –Timers, guards on transitions, invariants on states –New: continuous-state variables (ex: position, velocity, …) –New: dynamic in each state (differential equations) 10

/ 16 Model: Hybrid Automata Similar to timed automata + continuous state –Discrete states and transitions –Timers, guards on transitions, invariants on states –New: continuous-state variables (ex: position, velocity, …) –New: dynamic in each state (differential equations) 11

/ 16 How does it work? Discretize the continuous state space. From each discretized state space, compute the set of all reachable states in Delta time. 12

/ 16 How does it work? Discretize the continuous state space. From each discretized state space, compute the set of all reachable states in Delta time. 13

/ 16 How does it work? Discretize the continuous state space. From each discretized state space, compute the set of all reachable states in Delta time. 14

/ 16 Model Checking the System Result: we reduce the model to a discrete system (automata). –The automata does not need to keep implicit track of time – time is encoded in the transition overapproximation. We can then apply standard model checking to check that safety is guaranteed – the system can never reach an unsafe state. There are some constraints on the modeled dynamics… –Most importantly, no cyclic dependencies among variables in the dynamic of the system modeled by dx/dt = F(x). –Follow-up paper solves the problem… 15

/ 16 Case Study Autonomous off-road vehicle. John Deere is largest manufacturer of agricultural machinery. Over 30 parameters in the vehicle model. Goal: avoid roll-over. Automatic generation of Decision Module in VHDL. 16

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.