© Charles Pecheur 1 SAS 2001 Verification and Validation of Model-Based Autonomous Systems Charles Pecheur, RIACS (ARC)

Slides:

Advertisements

Similar presentations

Copyright 2000 Cadence Design Systems. Permission is granted to reproduce without modification. Introduction An overview of formal methods for hardware.

Advertisements

Auto-Generation of Test Cases for Infinite States Reactive Systems Based on Symbolic Execution and Formula Rewriting Donghuo Chen School of Computer Science.

A Survey of Runtime Verification Jonathan Amir 2004.

© Charles Pecheur 1 Dagstuhl 5-9 Nov 2001 Symbolic Model Checking of Domain Models for Autonomous Spacecrafts Charles Pecheur (RIACS / NASA Ames)

Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.

UIUC CS 497: Section EA Lecture #2 Reasoning in Artificial Intelligence Professor: Eyal Amir Spring Semester 2004.

1 Symbolic Execution for Model Checking and Testing Corina Păsăreanu (Kestrel) Joint work with Sarfraz Khurshid (MIT) and Willem Visser (RIACS)

1/20 Generalized Symbolic Execution for Model Checking and Testing Charngki PSWLAB Generalized Symbolic Execution for Model Checking and Testing.

MBD in real-world system… Self-Configuring Systems Meir Kalech Partially based on slides of Brian Williams.

Carnegie Mellon University Java PathFinder and Model Checking of Programs Guillaume Brat, Dimitra Giannakopoulou, Klaus Havelund, Mike Lowry, Phil Oh,

Efficient Reachability Analysis for Verification of Asynchronous Systems Nishant Sinha.

Verification of Hybrid Systems An Assessment of Current Techniques Holly Bowen.

WPI CS534 Showcase Jeff Martin. * Computer Software on Deep Space 1 * Used to execute plans/mission objectives * Model based * Constraint based * Fault.

1 Formal Methods in SE Qaisar Javaid Assistant Professor Lecture 05.

Research Heaven, West Virginia 1 Static Analysis of Software for Autonomous Spacecrafts Supratik Mukhopadhyay Research Heaven, West.

© 2011 Carnegie Mellon University Binary Decision Diagrams Part Bug Catching: Automated Program Verification and Testing Sagar Chaki September.

Testing Generation at UPenn Testing Hybrid System: Phase I Randomized test generator=Randomized Simulator+ Coverage Checker. 1. Local ramdomization 1.

ECE Synthesis & Verification1 ECE 667 Spring 2011 Synthesis and Verification of Digital Systems Verification Introduction.

Sanjit A. Seshia and Randal E. Bryant Computer Science Department

The Rare Glitch Project: Verification Tools for Embedded Systems Carnegie Mellon University Pittsburgh, PA Ed Clarke, David Garlan, Bruce Krogh, Reid Simmons,

CSC 402, Fall Requirements Analysis for Special Properties Systems Engineering (def?) –why? increasing complexity –ICBM’s (then TMI, Therac, Challenger...)

1 Formal Engineering of Reliable Software LASER 2004 school Tutorial, Lecture1 Natasha Sharygina Carnegie Mellon University.

Optimizing Symbolic Model Checking for Constraint-Rich Systems Randal E. Bryant Bwolen Yang, Reid Simmons, David R. O’Hallaron Carnegie Mellon University.

1 Software Testing Techniques CIS 375 Bruce R. Maxim UM-Dearborn.

Formal Techniques for Verification Using SystemC By Nasir Mahmood.

Introduction to Software Testing Chapter 9.4 Model-Based Grammars Paul Ammann & Jeff Offutt

Hunt for Molecules, Paris, 2005-Sep-20 Software Development for ALMA Robert LUCAS IRAM Grenoble France.

1 Lyle H. Ungar, University of Pennsylvania What is AI? “Artificial Intelligence is the study of how to make computers do things at which, at the moment,

Planning and Verification for Stochastic Processes with Asynchronous Events Håkan L. S. Younes Carnegie Mellon University.

Static and Dynamic Analysis at JPL Klaus Havelund.

Planning and Execution with Phase Transitions Håkan L. S. Younes Carnegie Mellon University Follow-up paper to Younes & Simmons’ “Solving Generalized Semi-Markov.

.1 RESEARCH & TECHNOLOGY DEVELOPMENT CENTER SYSTEM AND INFORMATION SCIENCES JHU/MIT Proprietary Titan MESSENGER Autonomy Experiment.

Final Version Micro-Arcsecond Imaging Mission, Pathfinder (MAXIM-PF) Mission Operations Tim Rykowski Jeffrey Hosler May 13-17, 2002.

All rights reserved © Altec ExoMars 2018 Rover Operations Control Centre Planned Organization of ROCC Operations I. Musso.

Verifying Autonomous Planning Systems Even the best laid plans need to be verified Prepared for the 2005 Software Assurance Symposium (SAS) DS1 MSL EO1.

A Language for Task-Level Executives Reid Simmons David Apfelbaum Carnegie Mellon University.

Verifying AI Plan Models Even the best laid plans need to be verified Margaret Smith – PI Gordon Cucullu Gerard Holzmann Benjamin Smith Prepared for the.

1 Jillian Redfern Orbital Express Presentation TITAN All-Hands 07/08/2003.

16.412J/6.835 Intelligent Embedded Systems Prof. Brian Williams Rm Rm NE Prof. Brian Williams Rm Rm NE43-838

Testing Generation at UPenn Model-Based Test Generation Temp. Prop. Translator Controller Model Checker Witness generator  1 Æ.

Sept Tracing Status Update - Sept Montreal - Timothy Lethbridge Trace-Directed Modelling Status Update Timothy C. Lethbridge University.

Symbolic Execution with Abstract Subsumption Checking Saswat Anand College of Computing, Georgia Institute of Technology Corina Păsăreanu QSS, NASA Ames.

Learning Symbolic Interfaces of Software Components Zvonimir Rakamarić.

Intelligent Systems Software Assurance Symposium 2004 Bojan Cukic & Yan Liu, Robyn Lutz & Stacy Nelson, Chris Rouff, Johann Schumann, Margaret Smith July.

Project Design Alain Esteva-Ramirez School of Computing and Information Sciences Florida International University Bárbara Morales-Quiñones Department of.

- 1 -  P. Marwedel, Univ. Dortmund, Informatik 12, 05/06 Universität Dortmund Validation - Formal verification -

Chapter 10. The Explorer System in Cognitive Systems, Christensen et al. Course: Robots Learning from Humans On, Kyoung-Woon Biointelligence Laboratory.

Using Symbolic PathFinder at NASA Corina Pãsãreanu Carnegie Mellon/NASA Ames.

Discovery and Systems Health Technical Area NASA Ames Research Center - Computational Sciences Division Automated Diagnosis Sriram Narasimhan University.

Robotic Space Explorers: To Boldly Go Where No AI System Has Gone Before A Story of Survival J/6.834J September 19, 2001.

USING MODEL CHECKING TO DISCOVER AUTOMATION SURPRISES Java class User: - getExpectation() - checkExpectation() FAULTY EXECUTION start incrMCPAlt pullAltKnob.

1 Science Definition Team Meeting National Aerospace Institute Hampton, VA Dec 1-3, 2015.

Outline Deep Space One and Remote Agent Model-based Execution OpSat and the ITMS Model-based Reactive Planning Space Robotics.

Space Systems Laboratory Massachusetts Institute of Technology AUTONOMY MIT Graduate Student Open House March 24, 2000.

SAS_05_Contingency_Lutz_Tal1 Contingency Software in Autonomous Systems Robyn Lutz, JPL/Caltech & ISU Doron Tal, USRA at NASA Ames Ann Patterson-Hine,

( = “unknown yet”) Our novel symbolic execution framework: - extends model checking to programs that have complex inputs with unbounded (very large) data.

Research Heaven, West Virginia 1 Translation Validation of Compilers for Model-based Programming Supratik Mukhopadhyay Research Heaven,

Formal Approaches to Swarm Technologies Technical Briefing Christopher Rouff, Amy Vanderbilt - SAIC Walt Truszkowski, James Rash - NASA GSFC, Code 588.

Copyright B. Williams J/6.834J, Fall 02 Lecture 3: Immobile Robots and Space Explorers Prof. Brian Williams Rm Wednesday, September 11 th,

Finding bugs with a constraint solver daniel jackson. mandana vaziri mit laboratory for computer science issta 2000.

Autonomy: Executive and Instruments Life in the Atacama 2004 Science & Technology Workshop Nicola Muscettola NASA Ames Reid Simmons Carnegie Mellon.

CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur

1 Science Goal Monitor (SGM) Code 588 / Jenny Geiger.

Presentation Title 2/4/2018 Software Verification using Predicate Abstraction and Iterative Refinement: Part Bug Catching: Automated Program Verification.

CS 4700: Foundations of Artificial Intelligence

NASA Ames Research Center

Intelligent Systems Software Assurance Symposium 2004

AI in Space – Lessons From NASA’s Deep Space 1 Mission

Discrete Controller Synthesis

10 Design Verification and Test

Presentation transcript:

© Charles Pecheur 1 SAS 2001 Verification and Validation of Model-Based Autonomous Systems Charles Pecheur, RIACS (ARC)

© Charles Pecheur 2 SAS 2001 Project Profile 3-year project, FY99 to FY01 Performed by ARC, With grant to CMU (Reid Simmons), Delivered to KSC. Goal: support V&V of Livingstone-based applications by the application developers (not by V&V experts) Two complementary approaches: –Symbolic model checking of models –Closed-loop verification of applications

© Charles Pecheur 3 SAS 2001 Model-Based Autonomy Based on AI technology General reasoning engine + application-specific model Use model to respond to unanticipated situations Reasoning Engine Model commandsstatus Spacecraft Autonomous controller model of

© Charles Pecheur 4 SAS 2001 MRMI Command Discretized Observations Mode updates Goals Model Reconfig Command current state Plan Execution System High level operational plan Livingstone Courtesy Autonomous Systems Group, NASA Ames The Livingstone MIR Remote Agent's model-based fault recovery sub-system

© Charles Pecheur 5 SAS 2001 MPL2SMV Livingstone Model SMV Model Livingstone Requirement SMV Requirement Livingstone Trace SMV Trace Livingstone SMV MPL2SMVMPL2SMV Autonomy Verification

© Charles Pecheur 6 SAS 2001 Livingstone to SMV Translation MODULE valve VAR mode: {Open,Closed, StuckO,StuckC}; cmd: {open,close}; DEFINEfaults:={StuckO,StuckC}; TRANS (mode=Closed & cmd=open) -> (next(mode)=Open | next(mode) in faults) ClosedValveOpen Stuckopen Stuckclosed openclose Livingstone ModelSMV Model (defcomponent valve () (:inputs (cmd :type valve-cmd))... (Closed :type ok-mode :transitions ((do-open :when (open cmd) :next Open)...)) (StuckC :type :fault-mode...)...) Livingstone Autonomous Controller SMV Symbolic Model Checker

© Charles Pecheur 7 SAS 2001 Symbolic Model Checking Manipulates sets of states, Represented as boolean formulas, Encoded as binary decision diagrams. Can handle larger state spaces (10 50 and up). BDD computations: –Good in average but exponential in worst case. –Computation time depends on BDD size => number of variables, complexity of formulas, but not directly state space size. Example: SMV (Carnegie Mellon U.) x y x=2  y=1 10 x=2 y=1

© Charles Pecheur 8 SAS 2001 From Livingstone Models to SMV Models Co-developed with CMU Based on Livingstone 1 (Lisp) 4K lines of Lisp Similar nature => translation is easy Properties in temporal logic + pre-defined patterns Temporal queries –e.g. "what faults imply eventual recovery" –Proof-of-concept prototype (done at CMU) –deceptive results so far Migration to Livingstone 2 (in progress)

© Charles Pecheur 9 SAS 2001 Use atmosphere from Mars to make fuel for return flight. Livingstone controller developed at NASA KSC. Components are tanks, reactors, valves, sensors... Exposed several (known and unknown) modelling errors. Latest model is states. Live experience of V&V methods used by non-specialists. Application In-Situ Propellant Production CO 2 + 2H 2 —> CH 4 + O 2 Mars atmosphere oxidizer fuel on-board

© Charles Pecheur 10 SAS 2001 Closed-Loop Verification Principle Start from conventional testing (the real program). Instrument the code to be able to do full model checking (or as close as possible). status Spacecraft Simulator Model commands MIRModel Livingstone Executive Stub Plan Model Checking Engine get state set state single step TESTBEDTESTBED

© Charles Pecheur 11 SAS 2001 Livingstone PathFinder (LPF) Closed-loop verification for Livingstone. In Java, using Livingstone 2 (C++ via Java JNI). –Uses Livingstone 2 checkpointing. Scenario: (sequence of commands)  (choice of faults) Livingstone-based simulator. –Supports under-constrained models. Open API between testbed and model checker – Re-use parts of Java model checker.

© Charles Pecheur 12 SAS 2001 Publications and Presentations 3 Papers on Livingstone-to-SMV translator –Simmons & Pecheur, AAAI Spring Symposium (03/00) –Pecheur & Simmons, Goddard FAABS Workshop (04/00, book chapter in preparation) –Simmons & Pecheur, IROS Conference (11/00) 3 Presentations on V&V of ISPP –Engrand & Pecheur, Goddard FAABS workshop (poster, 04/00) –Engrand, RIACS V&V of A&A workshop (invited, 12/00) –Engrand, AAAI Spring Symposium MVI (03/01) 1 Survey paper on V&V of MBAS (to be submitted) –Pecheur, NASA/TM Papers on ISPP including V&V –Gross et al., IAC 1999 (09/99) –Clancy et al., Technology 2009 (11/99) 2 Workshops on V&V of MBAS –RIACS V&V of Autonomous and Adaptive Systems (Pecheur, Simmons, Visser, 12/00) –AAAI Model-based Validation of Intelligence (Khatib, Pecheur, 03/01) 2 Tutorials on V&V including V&V of MBAS –Pecheur, Simmons, Visser & Havelund, Langley FM 2000 (06/00) –Pecheur & Visser, ASE 2000 (09/00)

© Charles Pecheur 13 SAS 2001 Future Directions MPL2SMV: –FMEA analysis from Livingstone models. –Use SAT-solving and bounded model checking. –More user guidance (patterns, verification process tool). Temporal Queries: –Can it be made useful? More experiments, improve tool. Livingstone PathFinder: –Explore different exploration strategies, case studies. Publications –survey paper, temporal queries, closed-loop verification,...

© Charles Pecheur 14 SAS 2001 Autonomous Systems "Faster, better, cheaper" spacecrafts => add on-board intelligence From self-diagnosis to on-board science. Smaller mission control crews => reduced cost Less reliance on control link => OK for deep space