Presentation is loading. Please wait.

Presentation is loading. Please wait.

© 2013 Carnegie Mellon University Static Analysis of Real-Time Embedded Systems with REK Arie Gurfinkel 1 joint work with Sagar Chaki 1, Ofer Strichman.

Published byNigel Collin McDowell Modified over 9 years ago

Similar presentations

Presentation on theme: "© 2013 Carnegie Mellon University Static Analysis of Real-Time Embedded Systems with REK Arie Gurfinkel 1 joint work with Sagar Chaki 1, Ofer Strichman."— Presentation transcript:

1 © 2013 Carnegie Mellon University Static Analysis of Real-Time Embedded Systems with REK Arie Gurfinkel 1 joint work with Sagar Chaki 1, Ofer Strichman 2, and Soonho Kong 1 1 Software Engineering Institute, CMU 2 Technion, Israel Institute of Technology

2 2 START-REK Gurfinkel © 2013 Carnegie Mellon University NO WARRANTY THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN “AS-IS" BASIS. CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. Use of any trademarks in this presentation is not intended in any way to infringe on the rights of the trademark holder. This Presentation may be reproduced in its entirety, without modification, and freely distributed in written or electronic form without requesting formal permission. Permission is required for any other use. Requests for permission should be directed to the Software Engineering Institute at permission@sei.cmu.edu.permission@sei.cmu.edu This work was created in the performance of Federal Government Contract Number FA8721-05-C-0003 with Carnegie Mellon University for the operation of the Software Engineering Institute, a federally funded research and development center. The Government of the United States has a royalty-free government-purpose license to use, duplicate, or disclose the work, in whole or in part and in any manner, and to have or permit others to do so, for government purposes pursuant to the copyright license under the clause at 252.227-7013.

3 3 START-REK Gurfinkel © 2013 Carnegie Mellon University Automated Analysis Automated Analysis Software Model Checking with Predicate Abstraction e.g., Microsoft’s SDV Software Model Checking with Predicate Abstraction e.g., Microsoft’s SDV Automated Software Analysis Correct + Proof Incorrect + Counterexample Abstract Interpretation with Numeric Abstraction e.g., ASTREE, Polyspace Abstract Interpretation with Numeric Abstraction e.g., ASTREE, Polyspace Program Property

4 4 START-REK Gurfinkel © 2013 Carnegie Mellon University

5 5 START-REK Gurfinkel © 2013 Carnegie Mellon University Motivation: Real-Time Embedded Systems Avionics Mission System * Rate Monotonic Scheduling (RMS) * Locke, Vogel, Lucas, and Goodenough. “Generic Avionics Software Specification”. SEI/CMU Technical Report CMU/SEI-90-TR-8-ESD-TR-90-209, December, 1990 TaskPeriod weapon release10ms radar tracking40ms target tracking40ms aircraft flight data50ms display50ms steering80ms

6 6 START-REK Gurfinkel © 2013 Carnegie Mellon University Periodic Program An N-task periodic program PP is a set of tasks {  1, …,  N } A task  is a tuple  I, T, P, C, A , where I is a task identifier T is a task body (i.e., code) P is a period C is the worst-case execution time A is the release time: the time at which task becomes first enabled Semantics of PP is given by an asynchronous concurrent program: k i = 0; while (Wait( i, k i )) T i (); k i = k i + 1; k i = 0; while (Wait( i, k i )) T i (); k i = k i + 1; parallel execution w/ priorities parallel execution w/ priorities blocks task i until next arrival time blocks task i until next arrival time

7 7 START-REK Gurfinkel © 2013 Carnegie Mellon University Task High Priority Task Low Priority Task Priority Periodic Programs Time

8 8 START-REK Gurfinkel © 2013 Carnegie Mellon University Task Task body Loop-free code (C) Periodic Programs High Priority Task Low Priority Task Time

9 9 START-REK Gurfinkel © 2013 Carnegie Mellon University Task Period Periodic Programs High Priority Task Low Priority Task Time

10 10 START-REK Gurfinkel © 2013 Carnegie Mellon University Task WCET Periodic Programs High Priority Task Low Priority Task Time

11 11 START-REK Gurfinkel © 2013 Carnegie Mellon University Task Arrival Time Periodic Programs High Priority Task Low Priority Task Time

12 12 START-REK Gurfinkel © 2013 Carnegie Mellon University Preemptive Fixed Priority Scheduling High Priority Task Low Priority Task Time

13 13 START-REK Gurfinkel © 2013 Carnegie Mellon University Preemptive Fixed Priority Scheduling High Priority Task Low Priority Task Time

14 14 START-REK Gurfinkel © 2013 Carnegie Mellon University High & low priority jobs arrived together Preemptive Fixed Priority Scheduling High Priority Task Low Priority Task Time

15 15 START-REK Gurfinkel © 2013 Carnegie Mellon University High priority job is executed first Preemptive Fixed Priority Scheduling High Priority Task Low Priority Task Time

16 16 START-REK Gurfinkel © 2013 Carnegie Mellon University Low priority job is executed later Preemptive Fixed Priority Scheduling High Priority Task Low Priority Task Time

17 17 START-REK Gurfinkel © 2013 Carnegie Mellon University High priority job arrived Preemptive Fixed Priority Scheduling High Priority Task Low Priority Task Time

18 18 START-REK Gurfinkel © 2013 Carnegie Mellon University Preempts low priority job Preemptive Fixed Priority Scheduling High Priority Task Low Priority Task Time

19 19 START-REK Gurfinkel © 2013 Carnegie Mellon University Lower priority job resumes later Preemptive Fixed Priority Scheduling High Priority Task Low Priority Task Time

20 20 START-REK Gurfinkel © 2013 Carnegie Mellon University Preemptive Fixed Priority Scheduling High Priority Task Low Priority Task Time

21 21 START-REK Gurfinkel © 2013 Carnegie Mellon University Preemptive Fixed Priority Scheduling High Priority Task Low Priority Task Time

22 22 START-REK Gurfinkel © 2013 Carnegie Mellon University 1 Hyper-Period Preemptive Fixed Priority Scheduling High Priority Task Low Priority Task Time

23 23 START-REK Gurfinkel © 2013 Carnegie Mellon University Case Study: A Metal Stamping Robot a.k.a. LEGO Turing Machine Image courtesy of Taras Kowaliw

24 24 START-REK Gurfinkel © 2013 Carnegie Mellon University LEGO Turing Machine by Soonho Kong. See http://www.cs.cmu.edu/~soonhok for building instructions.http://www.cs.cmu.edu/~soonhok BEGIN: READ CJUMP0 CASE_0 CASE_1: WRITE 0 MOVE R JUMP BEGIN CASE_0: WRITE 1 MOVE R JUMP BEGIN BEGIN: READ CJUMP0 CASE_0 CASE_1: WRITE 0 MOVE R JUMP BEGIN CASE_0: WRITE 1 MOVE R JUMP BEGIN

25 25 START-REK Gurfinkel © 2013 Carnegie Mellon University OSEK/VDX RTOS Offene Systeme und deren Schnittstellen für die Elektronik in Kraftfahrzeugen; ("Open Systems and their Interfaces for the Electronics in Motor Vehicles“) standard software architecture for the electronic control units (ECUs) in a car

26 26 START-REK Gurfinkel © 2013 Carnegie Mellon University Turing Machine: Task Structure

27 27 START-REK Gurfinkel © 2013 Carnegie Mellon University Turing Machine (Video) http://www.youtube.com/watch?v=teDyd0d5M4o

28 28 START-REK Gurfinkel © 2013 Carnegie Mellon University Turing Machine: Properties Tape does not move when a bit is read or written Read sensor and Write arm can move concurrently but must not interfere with one another Read sensor’s light is off when not in use Read task WCET is less than 25ms reduced to checking API usage rules No log messages are lost during USB communication each message is delivered to the server before a new one is produced

29 29 START-REK Gurfinkel © 2013 Carnegie Mellon University When writer flips a bit, the tape motor and read motor should stop. Controller Task Writer Task An Example Property

30 30 START-REK Gurfinkel © 2013 Carnegie Mellon University Time-Bounded Verification of Periodic Programs Time-Bounded Verification Is an assertion A violated within X milliseconds of a system’s execution from initial state I A, X, I are user specified Periodic Program Collection of periodic tasks Execute concurrently with fixed-priority scheduling Priorities respect RMS Communicate through shared memory Synchronize through preemption and priority ceiling locks Assumptions System is schedulable WCET of each task is given Time-Bounded Analysis of Real-Time Systems, Proc. of FMCAD 2011

31 31 START-REK Gurfinkel © 2013 Carnegie Mellon University Overall Approach Supports C programs w/ tasks, priorities, priority ceiling protocol, shared variables Works in two stages: 1.Sequentialization – reduction to sequential program w/ prophecy variables 2.Bounded program analysis: bounded C model checker (CBMC, HAVOC, …) SequentializationAnalysis Periodic Program in C Sequential ProgramOK BUG + CEX Periods, WCETs, Initial Condition, Time bound

32 32 START-REK Gurfinkel © 2013 Carnegie Mellon University START Family REK (2011) OSEK-based programs with Priority Ceiling locks small robotics case study REK-H (2012) compositional sequentialization for harmonic tasks Turing Machine case study REK-PIP (2013) Working on this now Support for Priority-Inheritance-Locks (difficult  ) REK-INF (Future) Extend to complete verification by finding inductive invariants http://www.andrew.cmu.edu/~arieg/Rek

33 33 START-REK Gurfinkel © 2013 Carnegie Mellon University Intellectually Defensible Base for Qualification How should automatic verifiers be qualified for certification? What is the base for automatic program analysis (or other automatic formal methods) to replace testing? Verify the verifier (too) expensive verifiers are often very complex tools difficult to continuously adapt tools to project-specific needs Proof-producing (or certifying) verifier Only the proof is important – not the tool that produced it Only the proof-checker needs to be verified/qualified Single proof-checker can be re-used in many projects

34 34 START-REK Gurfinkel © 2013 Carnegie Mellon University Proof-Producing Verifier Program + Property Verifier No + Counterexample Yes + Proof Proof Checker no need to qualify “easy” to qualify / verify Good Bad But things are not that simple in practice !!!

35 35 START-REK Gurfinkel © 2013 Carnegie Mellon University Proof Producing Verifier Low level property Program = (Text, Semantics) Verifier Proof Checker Front-End Environment model VC No + Counterexample Yes + Proof GoodBad Compiler Executable Real Env Hardware Good Bad ?=? Hard to verify Hard to get right Diff sem used by diff tools Hard to get right

36 36 START-REK Gurfinkel © 2013 Carnegie Mellon University Contact Information Presenter Arie Gurfinkel RTSS Telephone: +1 412-268-5800 Email: arie@cmu.edu U.S. mail: Software Engineering Institute Customer Relations 4500 Fifth Avenue Pittsburgh, PA 15213-2612 USA Web: www.sei.cmu.edu http://www.sei.cmu.edu/contact.cfm Customer Relations Email: info@sei.cmu.edu Telephone: +1 412-268-5800 SEI Phone: +1 412-268-5800 SEI Fax: +1 412-268-6257

Download ppt "© 2013 Carnegie Mellon University Static Analysis of Real-Time Embedded Systems with REK Arie Gurfinkel 1 joint work with Sagar Chaki 1, Ofer Strichman."

Similar presentations

Copyright 2000 Cadence Design Systems. Permission is granted to reproduce without modification. Introduction An overview of formal methods for hardware.

Copyright 2000 Cadence Design Systems. Permission is granted to reproduce without modification. Introduction An overview of formal methods for hardware.
Carnegie Mellon University Software Engineering Institute CERT® Knowledgebase Copyright © 1997 Carnegie Mellon University VU#14202 UNIX rlogin with stack.

Carnegie Mellon University Software Engineering Institute CERT® Knowledgebase Copyright © 1997 Carnegie Mellon University VU#14202 UNIX rlogin with stack.
© 2013 Carnegie Mellon University UFO: From Underapproximations to Overapproximations and Back! Arie Gurfinkel (SEI/CMU) with Aws Albarghouthi and Marsha.

© 2013 Carnegie Mellon University UFO: From Underapproximations to Overapproximations and Back! Arie Gurfinkel (SEI/CMU) with Aws Albarghouthi and Marsha.
© 2006 Carnegie Mellon University Combining Predicate and Numeric Abstraction for Software Model Checking Software Engineering Institute Carnegie Mellon.

© 2006 Carnegie Mellon University Combining Predicate and Numeric Abstraction for Software Model Checking Software Engineering Institute Carnegie Mellon.
UNCLASSIFIED © 2011 Carnegie Mellon University Building Malware Infection Trees Jose Andre Morales 1, Michael Main 2, Weilang Luo 3, Shouhuai Xu 2,3, Ravi.

UNCLASSIFIED © 2011 Carnegie Mellon University Building Malware Infection Trees Jose Andre Morales 1, Michael Main 2, Weilang Luo 3, Shouhuai Xu 2,3, Ravi.
1 1 Regression Verification for Multi-Threaded Programs Sagar Chaki, SEI-Pittsburgh Arie Gurfinkel, SEI-Pittsburgh Ofer Strichman, Technion-Haifa Originally.

1 1 Regression Verification for Multi-Threaded Programs Sagar Chaki, SEI-Pittsburgh Arie Gurfinkel, SEI-Pittsburgh Ofer Strichman, Technion-Haifa Originally.
1 Translation Validation: From Simulink to C Michael RyabtsevOfer Strichman Technion, Haifa, Israel Acknowledgement: sponsored by a grant from General.

1 Translation Validation: From Simulink to C Michael RyabtsevOfer Strichman Technion, Haifa, Israel Acknowledgement: sponsored by a grant from General.
© 2014 Microsoft Corporation. All rights reserved.

© 2014 Microsoft Corporation. All rights reserved.
© 2011 Carnegie Mellon University SPIN: Part 2 15-414/614 Bug Catching: Automated Program Verification Sagar Chaki April 21, 2014.

© 2011 Carnegie Mellon University SPIN: Part /614 Bug Catching: Automated Program Verification Sagar Chaki April 21, 2014.
© 2011 Carnegie Mellon University SPIN: Part 1 15-414/614 Bug Catching: Automated Program Verification Sagar Chaki April 21, 2014.

© 2011 Carnegie Mellon University SPIN: Part /614 Bug Catching: Automated Program Verification Sagar Chaki April 21, 2014.
© 2011 Carnegie Mellon University System of Systems V&V John B. Goodenough October 19, 2011.

© 2011 Carnegie Mellon University System of Systems V&V John B. Goodenough October 19, 2011.
© 2010 Carnegie Mellon University B OXES : A Symbolic Abstract Domain of Boxes Arie Gurfinkel and Sagar Chaki Software Engineering Institute Carnegie Mellon.

© 2010 Carnegie Mellon University B OXES : A Symbolic Abstract Domain of Boxes Arie Gurfinkel and Sagar Chaki Software Engineering Institute Carnegie Mellon.
© 2013 Carnegie Mellon University Academy for Software Engineering Education and Training, 2013 Session Architect: Tony Cowling Session Chair: Nancy Mead.

© 2013 Carnegie Mellon University Academy for Software Engineering Education and Training, 2013 Session Architect: Tony Cowling Session Chair: Nancy Mead.
© 2013 Carnegie Mellon University Measuring Assurance Case Confidence using Baconian Probabilities Charles B. Weinstock John B. Goodenough Ari Z. Klein.

© 2013 Carnegie Mellon University Measuring Assurance Case Confidence using Baconian Probabilities Charles B. Weinstock John B. Goodenough Ari Z. Klein.
© 2010 Carnegie Mellon University ® CMMI is registered in the U.S. Patent and Trademark Office by Carnegie Mellon University. V&V Principles Verification.

© 2010 Carnegie Mellon University ® CMMI is registered in the U.S. Patent and Trademark Office by Carnegie Mellon University. V&V Principles Verification.
© 2007-2011 Carnegie Mellon University The CERT Insider Threat Center.

© Carnegie Mellon University The CERT Insider Threat Center.
© 2011 Carnegie Mellon University Time Bounded Analysis of Real-Time Systems Arie Gurfinkel, Sagar Chaki, and Ofer Strichman Software Engineering Institute.

© 2011 Carnegie Mellon University Time Bounded Analysis of Real-Time Systems Arie Gurfinkel, Sagar Chaki, and Ofer Strichman Software Engineering Institute.
© 2012 Carnegie Mellon University Compositional Sequentialization of Periodic Programs Sagar Chaki 1, Arie Gurfinkel 1, Soonho Kong 2, Ofer Strichman 3.

© 2012 Carnegie Mellon University Compositional Sequentialization of Periodic Programs Sagar Chaki 1, Arie Gurfinkel 1, Soonho Kong 2, Ofer Strichman 3.
© 2012 Carnegie Mellon University UFO: Verification with Interpolants and Abstract Interpretation Arie Gurfinkel and Sagar Chaki Software Engineering Institute.

© 2012 Carnegie Mellon University UFO: Verification with Interpolants and Abstract Interpretation Arie Gurfinkel and Sagar Chaki Software Engineering Institute.
© 2010 Carnegie Mellon University Acquisition Implications of SOA Adoption Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213.

© 2010 Carnegie Mellon University Acquisition Implications of SOA Adoption Software Engineering Institute Carnegie Mellon University Pittsburgh, PA

Similar presentations

Ads by Google