© 2013 Carnegie Mellon University Static Analysis of Real-Time Embedded Systems with REK Arie Gurfinkel 1 joint work with Sagar Chaki 1, Ofer Strichman.

Slides:



Advertisements
Similar presentations
Copyright 2000 Cadence Design Systems. Permission is granted to reproduce without modification. Introduction An overview of formal methods for hardware.
Advertisements

Carnegie Mellon University Software Engineering Institute CERT® Knowledgebase Copyright © 1997 Carnegie Mellon University VU#14202 UNIX rlogin with stack.
© 2013 Carnegie Mellon University UFO: From Underapproximations to Overapproximations and Back! Arie Gurfinkel (SEI/CMU) with Aws Albarghouthi and Marsha.
© 2006 Carnegie Mellon University Combining Predicate and Numeric Abstraction for Software Model Checking Software Engineering Institute Carnegie Mellon.
UNCLASSIFIED © 2011 Carnegie Mellon University Building Malware Infection Trees Jose Andre Morales 1, Michael Main 2, Weilang Luo 3, Shouhuai Xu 2,3, Ravi.
1 1 Regression Verification for Multi-Threaded Programs Sagar Chaki, SEI-Pittsburgh Arie Gurfinkel, SEI-Pittsburgh Ofer Strichman, Technion-Haifa Originally.
1 Translation Validation: From Simulink to C Michael RyabtsevOfer Strichman Technion, Haifa, Israel Acknowledgement: sponsored by a grant from General.
© 2014 Microsoft Corporation. All rights reserved.
© 2011 Carnegie Mellon University SPIN: Part /614 Bug Catching: Automated Program Verification Sagar Chaki April 21, 2014.
© 2011 Carnegie Mellon University SPIN: Part /614 Bug Catching: Automated Program Verification Sagar Chaki April 21, 2014.
© 2011 Carnegie Mellon University System of Systems V&V John B. Goodenough October 19, 2011.
© 2010 Carnegie Mellon University B OXES : A Symbolic Abstract Domain of Boxes Arie Gurfinkel and Sagar Chaki Software Engineering Institute Carnegie Mellon.
© 2013 Carnegie Mellon University Academy for Software Engineering Education and Training, 2013 Session Architect: Tony Cowling Session Chair: Nancy Mead.
© 2013 Carnegie Mellon University Measuring Assurance Case Confidence using Baconian Probabilities Charles B. Weinstock John B. Goodenough Ari Z. Klein.
© 2010 Carnegie Mellon University ® CMMI is registered in the U.S. Patent and Trademark Office by Carnegie Mellon University. V&V Principles Verification.
© Carnegie Mellon University The CERT Insider Threat Center.
© 2011 Carnegie Mellon University Time Bounded Analysis of Real-Time Systems Arie Gurfinkel, Sagar Chaki, and Ofer Strichman Software Engineering Institute.
© 2012 Carnegie Mellon University Compositional Sequentialization of Periodic Programs Sagar Chaki 1, Arie Gurfinkel 1, Soonho Kong 2, Ofer Strichman 3.
© 2012 Carnegie Mellon University UFO: Verification with Interpolants and Abstract Interpretation Arie Gurfinkel and Sagar Chaki Software Engineering Institute.
© 2010 Carnegie Mellon University Acquisition Implications of SOA Adoption Software Engineering Institute Carnegie Mellon University Pittsburgh, PA
1 Concurrency Specification. 2 Outline 4 Issues in concurrent systems 4 Programming language support for concurrency 4 Concurrency analysis - A specification.
© 2015 Carnegie Mellon University Property Directed Polyhedral Abstraction Nikolaj Bjørner and Arie Gurfinkel VMCAI 2015.
1 Formal Methods in SE Qaisar Javaid Assistant Professor Lecture 05.
© 2011 Carnegie Mellon University Binary Decision Diagrams Part Bug Catching: Automated Program Verification and Testing Sagar Chaki September.
© 2011 Carnegie Mellon University SPIN: Part Bug Catching: Automated Program Verification and Testing Sagar Chaki November 2, 2011.
© 2011 Carnegie Mellon University Binary Decision Diagrams Part Bug Catching: Automated Program Verification and Testing Sagar Chaki September.
© 2011 Carnegie Mellon University SPIN: Part Bug Catching: Automated Program Verification and Testing Sagar Chaki October 31, 2011.
Chess Review May 11, 2005 Berkeley, CA Composable Code Generation for Distributed Giotto Tom Henzinger Christoph Kirsch Slobodan Matic.
Programmability with Proof-Carrying Code George C. Necula University of California Berkeley Peter Lee Carnegie Mellon University.
© 2011 Carnegie Mellon University Should-Cost: A Use for Parametric Estimates Additional uses for estimation tools Presenters:Bob Ferguson (SEMA) Date:November.
Chapter 13 Embedded Systems
© 2011 Carnegie Mellon University QUELCE: Quantifying Uncertainty in Early Lifecycle Cost Estimation Presenters:Dave Zubrow PhD Bob Ferguson (SEMA) Date:November.
The Rare Glitch Project: Verification Tools for Embedded Systems Carnegie Mellon University Pittsburgh, PA Ed Clarke, David Garlan, Bruce Krogh, Reid Simmons,
CprE 458/558: Real-Time Systems
1 Formal Engineering of Reliable Software LASER 2004 school Tutorial, Lecture1 Natasha Sharygina Carnegie Mellon University.
Model Checking for Embedded Systems Edmund Clarke, CMU High-Confidence Embedded Systems Workshop, May 1 st.
Ipek Ozkaya, COCOMO Forum © 2012 Carnegie Mellon University Affordability and the Value of Architecting Ipek Ozkaya Research, Technology.
© 2010 Carnegie Mellon University Team Software Process.
© 2013 Carnegie Mellon University Verifying Periodic Programs with Priority Inheritance Locks Sagar Chaki 1, Arie Gurfinkel 1, Ofer Strichman 2 FMCAD,
Conditions and Terms of Use
© 2012 Microsoft Corporation. All rights reserved.
1 Description and Schedulability Analysis of the Software Architecture of an Automated Vehicle Control System Stavros Tripakis VERIMAG EMSOFT’02.
Proof Carrying Code Zhiwei Lin. Outline Proof-Carrying Code The Design and Implementation of a Certifying Compiler A Proof – Carrying Code Architecture.
1 of 14 1/15 Synthesis-driven Derivation of Process Graphs from Functional Blocks for Time-Triggered Embedded Systems Master thesis Student: Ghennadii.
Scheduling policies for real- time embedded systems.
Reference: Ian Sommerville, Chap 15  Systems which monitor and control their environment.  Sometimes associated with hardware devices ◦ Sensors: Collect.
Fundamental Programming: Fundamental Programming K.Chinnasarn, Ph.D.
© 2014 Carnegie Mellon University Synthesizing Safe Bit-Precise Invariants Arie Gurfinkel (SEI / CMU) Anton Belov (UCD / Synopsys) Joao Marques-Silva (UCD)
May University of Glasgow Generalising Feature Interactions in Muffy Calder, Alice Miller Dept. of Computing Science University of Glasgow.
Author Software Engineering Institute
© 2015 Carnegie Mellon University Parametric Symbolic Reachability Software Engineering Institute Carnegie Mellon University Pittsburgh, PA Arie.
© 2015 Carnegie Mellon University COCOMO 2015 November 17, 2015 Distribution Statement A: Approved for Public Release; Distribution is Unlimited Causal.
© 2006 Carnegie Mellon University Introduction to CBMC: Part 1 Software Engineering Institute Carnegie Mellon University Pittsburgh, PA Arie Gurfinkel,
© 2006 Carnegie Mellon University Introduction to CBMC: Part 1 Software Engineering Institute Carnegie Mellon University Pittsburgh, PA Arie Gurfinkel,
RTAS 2014 Bounding Memory Interference Delay in COTS-based Multi-Core Systems Hyoseung Kim Dionisio de Niz Bj ӧ rn Andersson Mark Klein Onur Mutlu Raj.
1 CERT BFF: From Start To PoC June 09, 2016 © 2016 Carnegie Mellon University This material has been approved for public release and unlimited distribution.
This document is provided for informational purposes only and Microsoft makes no warranties, either express or implied, in this document. Information.
INTRO. To I.T Razan N. AlShihabi
Data Science: What It Is and How It Can Help Your Company
Secure Software Workforce Development Panel Session
Models for Resources and Management
Author Software Engineering Institute
Temporal Protection in Real-Time Systems
Michael Spiegel, Esq Timothy Shimeall, Ph.D.
Metrics-Focused Analysis of Network Flow Data
Concurrency Specification
Automated Extraction of Inductive Invariants to Aid Model Checking
QUELCE: Quantifying Uncertainty in Early Lifecycle Cost Estimation
Dynamic Cyber Training with Moodle
Verifying Periodic Programs with Priority Inheritance Locks
Presentation transcript:

© 2013 Carnegie Mellon University Static Analysis of Real-Time Embedded Systems with REK Arie Gurfinkel 1 joint work with Sagar Chaki 1, Ofer Strichman 2, and Soonho Kong 1 1 Software Engineering Institute, CMU 2 Technion, Israel Institute of Technology

2 START-REK Gurfinkel © 2013 Carnegie Mellon University NO WARRANTY THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN “AS-IS" BASIS. CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. Use of any trademarks in this presentation is not intended in any way to infringe on the rights of the trademark holder. This Presentation may be reproduced in its entirety, without modification, and freely distributed in written or electronic form without requesting formal permission. Permission is required for any other use. Requests for permission should be directed to the Software Engineering Institute at This work was created in the performance of Federal Government Contract Number FA C-0003 with Carnegie Mellon University for the operation of the Software Engineering Institute, a federally funded research and development center. The Government of the United States has a royalty-free government-purpose license to use, duplicate, or disclose the work, in whole or in part and in any manner, and to have or permit others to do so, for government purposes pursuant to the copyright license under the clause at

3 START-REK Gurfinkel © 2013 Carnegie Mellon University Automated Analysis Automated Analysis Software Model Checking with Predicate Abstraction e.g., Microsoft’s SDV Software Model Checking with Predicate Abstraction e.g., Microsoft’s SDV Automated Software Analysis Correct + Proof Incorrect + Counterexample Abstract Interpretation with Numeric Abstraction e.g., ASTREE, Polyspace Abstract Interpretation with Numeric Abstraction e.g., ASTREE, Polyspace Program Property

4 START-REK Gurfinkel © 2013 Carnegie Mellon University

5 START-REK Gurfinkel © 2013 Carnegie Mellon University Motivation: Real-Time Embedded Systems Avionics Mission System * Rate Monotonic Scheduling (RMS) * Locke, Vogel, Lucas, and Goodenough. “Generic Avionics Software Specification”. SEI/CMU Technical Report CMU/SEI-90-TR-8-ESD-TR , December, 1990 TaskPeriod weapon release10ms radar tracking40ms target tracking40ms aircraft flight data50ms display50ms steering80ms

6 START-REK Gurfinkel © 2013 Carnegie Mellon University Periodic Program An N-task periodic program PP is a set of tasks {  1, …,  N } A task  is a tuple  I, T, P, C, A , where I is a task identifier T is a task body (i.e., code) P is a period C is the worst-case execution time A is the release time: the time at which task becomes first enabled Semantics of PP is given by an asynchronous concurrent program: k i = 0; while (Wait( i, k i )) T i (); k i = k i + 1; k i = 0; while (Wait( i, k i )) T i (); k i = k i + 1; parallel execution w/ priorities parallel execution w/ priorities blocks task i until next arrival time blocks task i until next arrival time

7 START-REK Gurfinkel © 2013 Carnegie Mellon University Task High Priority Task Low Priority Task Priority Periodic Programs Time

8 START-REK Gurfinkel © 2013 Carnegie Mellon University Task Task body Loop-free code (C) Periodic Programs High Priority Task Low Priority Task Time

9 START-REK Gurfinkel © 2013 Carnegie Mellon University Task Period Periodic Programs High Priority Task Low Priority Task Time

10 START-REK Gurfinkel © 2013 Carnegie Mellon University Task WCET Periodic Programs High Priority Task Low Priority Task Time

11 START-REK Gurfinkel © 2013 Carnegie Mellon University Task Arrival Time Periodic Programs High Priority Task Low Priority Task Time

12 START-REK Gurfinkel © 2013 Carnegie Mellon University Preemptive Fixed Priority Scheduling High Priority Task Low Priority Task Time

13 START-REK Gurfinkel © 2013 Carnegie Mellon University Preemptive Fixed Priority Scheduling High Priority Task Low Priority Task Time

14 START-REK Gurfinkel © 2013 Carnegie Mellon University High & low priority jobs arrived together Preemptive Fixed Priority Scheduling High Priority Task Low Priority Task Time

15 START-REK Gurfinkel © 2013 Carnegie Mellon University High priority job is executed first Preemptive Fixed Priority Scheduling High Priority Task Low Priority Task Time

16 START-REK Gurfinkel © 2013 Carnegie Mellon University Low priority job is executed later Preemptive Fixed Priority Scheduling High Priority Task Low Priority Task Time

17 START-REK Gurfinkel © 2013 Carnegie Mellon University High priority job arrived Preemptive Fixed Priority Scheduling High Priority Task Low Priority Task Time

18 START-REK Gurfinkel © 2013 Carnegie Mellon University Preempts low priority job Preemptive Fixed Priority Scheduling High Priority Task Low Priority Task Time

19 START-REK Gurfinkel © 2013 Carnegie Mellon University Lower priority job resumes later Preemptive Fixed Priority Scheduling High Priority Task Low Priority Task Time

20 START-REK Gurfinkel © 2013 Carnegie Mellon University Preemptive Fixed Priority Scheduling High Priority Task Low Priority Task Time

21 START-REK Gurfinkel © 2013 Carnegie Mellon University Preemptive Fixed Priority Scheduling High Priority Task Low Priority Task Time

22 START-REK Gurfinkel © 2013 Carnegie Mellon University 1 Hyper-Period Preemptive Fixed Priority Scheduling High Priority Task Low Priority Task Time

23 START-REK Gurfinkel © 2013 Carnegie Mellon University Case Study: A Metal Stamping Robot a.k.a. LEGO Turing Machine Image courtesy of Taras Kowaliw

24 START-REK Gurfinkel © 2013 Carnegie Mellon University LEGO Turing Machine by Soonho Kong. See for building instructions. BEGIN: READ CJUMP0 CASE_0 CASE_1: WRITE 0 MOVE R JUMP BEGIN CASE_0: WRITE 1 MOVE R JUMP BEGIN BEGIN: READ CJUMP0 CASE_0 CASE_1: WRITE 0 MOVE R JUMP BEGIN CASE_0: WRITE 1 MOVE R JUMP BEGIN

25 START-REK Gurfinkel © 2013 Carnegie Mellon University OSEK/VDX RTOS Offene Systeme und deren Schnittstellen für die Elektronik in Kraftfahrzeugen; ("Open Systems and their Interfaces for the Electronics in Motor Vehicles“) standard software architecture for the electronic control units (ECUs) in a car

26 START-REK Gurfinkel © 2013 Carnegie Mellon University Turing Machine: Task Structure

27 START-REK Gurfinkel © 2013 Carnegie Mellon University Turing Machine (Video)

28 START-REK Gurfinkel © 2013 Carnegie Mellon University Turing Machine: Properties Tape does not move when a bit is read or written Read sensor and Write arm can move concurrently but must not interfere with one another Read sensor’s light is off when not in use Read task WCET is less than 25ms reduced to checking API usage rules No log messages are lost during USB communication each message is delivered to the server before a new one is produced

29 START-REK Gurfinkel © 2013 Carnegie Mellon University When writer flips a bit, the tape motor and read motor should stop. Controller Task Writer Task An Example Property

30 START-REK Gurfinkel © 2013 Carnegie Mellon University Time-Bounded Verification of Periodic Programs Time-Bounded Verification Is an assertion A violated within X milliseconds of a system’s execution from initial state I A, X, I are user specified Periodic Program Collection of periodic tasks Execute concurrently with fixed-priority scheduling Priorities respect RMS Communicate through shared memory Synchronize through preemption and priority ceiling locks Assumptions System is schedulable WCET of each task is given Time-Bounded Analysis of Real-Time Systems, Proc. of FMCAD 2011

31 START-REK Gurfinkel © 2013 Carnegie Mellon University Overall Approach Supports C programs w/ tasks, priorities, priority ceiling protocol, shared variables Works in two stages: 1.Sequentialization – reduction to sequential program w/ prophecy variables 2.Bounded program analysis: bounded C model checker (CBMC, HAVOC, …) SequentializationAnalysis Periodic Program in C Sequential ProgramOK BUG + CEX Periods, WCETs, Initial Condition, Time bound

32 START-REK Gurfinkel © 2013 Carnegie Mellon University START Family REK (2011) OSEK-based programs with Priority Ceiling locks small robotics case study REK-H (2012) compositional sequentialization for harmonic tasks Turing Machine case study REK-PIP (2013) Working on this now Support for Priority-Inheritance-Locks (difficult  ) REK-INF (Future) Extend to complete verification by finding inductive invariants

33 START-REK Gurfinkel © 2013 Carnegie Mellon University Intellectually Defensible Base for Qualification How should automatic verifiers be qualified for certification? What is the base for automatic program analysis (or other automatic formal methods) to replace testing? Verify the verifier (too) expensive verifiers are often very complex tools difficult to continuously adapt tools to project-specific needs Proof-producing (or certifying) verifier Only the proof is important – not the tool that produced it Only the proof-checker needs to be verified/qualified Single proof-checker can be re-used in many projects

34 START-REK Gurfinkel © 2013 Carnegie Mellon University Proof-Producing Verifier Program + Property Verifier No + Counterexample Yes + Proof Proof Checker no need to qualify “easy” to qualify / verify Good Bad But things are not that simple in practice !!!

35 START-REK Gurfinkel © 2013 Carnegie Mellon University Proof Producing Verifier Low level property Program = (Text, Semantics) Verifier Proof Checker Front-End Environment model VC No + Counterexample Yes + Proof GoodBad Compiler Executable Real Env Hardware Good Bad ?=? Hard to verify Hard to get right Diff sem used by diff tools Hard to get right

36 START-REK Gurfinkel © 2013 Carnegie Mellon University Contact Information Presenter Arie Gurfinkel RTSS Telephone: U.S. mail: Software Engineering Institute Customer Relations 4500 Fifth Avenue Pittsburgh, PA USA Web: Customer Relations Telephone: SEI Phone: SEI Fax:

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.