Presentation is loading. Please wait.

Presentation is loading. Please wait.

Modeling and Verification of Embedded Software Rajeev Alur POPL Mentoring Workshop, Jan 2012 University of Pennsylvania.

Published byJoy Shelton Modified over 9 years ago

Similar presentations

Presentation on theme: "Modeling and Verification of Embedded Software Rajeev Alur POPL Mentoring Workshop, Jan 2012 University of Pennsylvania."— Presentation transcript:

1 Modeling and Verification of Embedded Software Rajeev Alur POPL Mentoring Workshop, Jan 2012 University of Pennsylvania

2 Software: Key to Embedded Revolution Software Inside! Software New features, Automation, Customization Software Bugs, Unpredictability, Recalls

3 Prius Brake Problems Blamed on Software Glitches “Toyota officials described the problem as a "disconnect" in the vehicle's complex anti-lock brake system (ABS) that causes less than a one-second lag. With the delay, a vehicle going 60 mph will have traveled nearly another 90 feet before the brakes begin to take hold” (source: CNN Feb 4, 2010)

4  Correctness is formalized as a mathematical claim to be proved or falsified rigorously always with respect to the given specification  Challenge: Impossibility results for automated verifier Yet impressive success for hardware protocols, systems software Can we have similar success for embedded control software? Verifier software/model correctness specification yes/proof no/bug In Search of the Holy Grail…

5 Embedded Computation  Typical embedded program: cruise control Loop Read the sensors; Compute speed; Compute pressure for brake pedal / accelerator; Transmit the outputs to actuators;  Program has (non-terminating) interaction with the outside world: Reactive computation  Correctness depends on real-time response (does the car brake fast enough?)  Analysis of correctness requires modeling of the dynamics of the car

6 State machines off on + Dynamical systems dx/dt = kx x<70 dx/dt = -k’x x>60 x>68 x<63 Automotive Robotics Systems Biology Coordination Protocols Computer Science  Automata/Logic  Concurrency  Formal verification + Control Theory  Optimal control  Stability analysis  Discrete-event system Software + Environment Hybrid Systems Medical Devices

7 Vehicle Platoons Can we prove correctness of the protocol? Build a rigorous model of the controller Capture environment assumptions (e.g. bounds on acceleration of the car in the front) Requirements: Safe distance, Stability, Absence of deadlocks Validation: Simulation, Model checking

8 Medical Devices  From 1985-2005, nearly 30,000 deaths and 600,000 injuries from device failures  From 1996-2006, the percentage of software-related causes in medical device recalls have grown from 10% to 21% (Complexity ↑ → Potential safety violations ↑ )  There is currently no well-established standards for development of software for medical devices

9 Implantable Pacemaker

10 Uppaal Model of Dual Chamber Pacemaker

11 Talk Outline  Modeling  Symbolic reachability analysis  Conclusions

12 Hybrid Automata l l’l’ jump transformation edge guard continuous dynamics initial condition invariant: hybrid automaton may remain in l as long as X  Inv(l) X  Inv(l’) dX  Flow(l’) X  Inv(l) dX  Flow(l) X  Init(l) e : g(X)  0 J(X, X’) locations or modes (discrete states)

13 Modeling Research  Hierarchical modeling (Charon)  Compositionality and refinement (HIOA)  Heterogeneous modeling (Ptolemy II)  Model based integration

14 Charon Language Features: Modularity  Individual components described as agents Composition, instantiation, and hiding  Individual behaviors described as modes Encapsulation, instantiation, and scoping  Support for concurrency Shared variables as well as message passing  Support for discrete and continuous behavior Differential as well as algebraic constraints Discrete transitions can call Java routines  Compositional semantics with refinement rules Components have precise trace-based observational semantics Properties of the system can be deduced from components

15 Robot Team Approaching a Target T

16 Architectural Hierarchy Robots Monitor pos 1 pos 2 write diff analog position pos 1, pos 2 class position { float x; float y;} Variables Specifiers Range: discrete/analog Computation: diff/alg Access: read/write/local

17 Architectural Hierarchy Robot 1 Robots Robot 2 pos 1 pos 2 r1Est 1 r1Est 2 r2Est 1 r2Est 2 Robots Monitor pos 1 pos 2

18 Behavioral Hierarchy pos r2Est 1 r2Est 2 r1Est 1 r1Est 2 Robot 1 dTimer local diff analog timer awTarget dPlan iAway atTarget dStop iAt arrive pos == target moving dSteer aOmega iFreq sensing dStop iConst sense move arrive pos.x = v * cos(phi) pos.y = v * sin(phi)..

19 Charon Toolkit

20 Talk Outline Modeling  Symbolic reachability analysis  Conclusions

21 Symbolic Safety Verification Goal: Given an initial set I, compute the set of reachable states to check if a bad state in F is reachable Symbolic breadth-first search by applying Post: Post(R): Set of successors of states in R I F

22 Reachability for Hybrid Systems  What’s a suitable representation of regions? Region: subset of R k Main problem: handling continuous dynamics  Precise solutions available for restricted continuous dynamics Timed automata Linear hybrid automata  Even for linear systems, over-approximations of reachable set needed

23 Polyhedral Flow Pipe Approximations X0X0 t1t1 t2t2 t3t3 t4t4 t5t5 t6t6 t7t7 t8t8 t9t9 divide R [0,T] (X 0 ) into [t k,t k+1 ] segments enclose each segment with a convex polytope R M [0,T] (X 0 ) = union of polytopes

24 Challenges for Reachability Analysis  Coping with high dimensionality  Bounding errors due to over-approximations  Handling non-linear dynamics  State-of-the-art toolkit: SpaceEx (spaceex.imag.fr)

25 Conclusions  Modeling is central to design of embedded software systems  Analysis requires handling of time and dynamics  Many emerging applications: e.g. Pacemaker software  There are no papers at POPL on this topic, but great opportunity for PL researchers to impact industrial practice

Download ppt "Modeling and Verification of Embedded Software Rajeev Alur POPL Mentoring Workshop, Jan 2012 University of Pennsylvania."

Similar presentations

Hybrid Systems Modeling and Analysis of Regulatory Pathways Rajeev Alur University of Pennsylvania www.cis.upenn.edu/~alur/ LSB, August 2006.

Hybrid Systems Modeling and Analysis of Regulatory Pathways Rajeev Alur University of Pennsylvania LSB, August 2006.
Catching Bugs in Software Rajeev Alur Systems Design Research Lab University of Pennsylvania www.cis.upenn.edu/~alur/

Catching Bugs in Software Rajeev Alur Systems Design Research Lab University of Pennsylvania
Hybrid System Verification Synchronous Workshop 2003 A New Verification Algorithm for Planar Differential Inclusions Gordon Pace University of Malta December.

Hybrid System Verification Synchronous Workshop 2003 A New Verification Algorithm for Planar Differential Inclusions Gordon Pace University of Malta December.
Timed Automata.

Timed Automata.
Concurrency: introduction1 ©Magee/Kramer 2 nd Edition Concurrency State Models and Java Programs Jeff Magee and Jeff Kramer.

Concurrency: introduction1 ©Magee/Kramer 2 nd Edition Concurrency State Models and Java Programs Jeff Magee and Jeff Kramer.
Zonotopes Techniques for Reachability Analysis Antoine Girard Workshop “Topics in Computation and Control” March 27 th 2006, Santa Barbara, CA, USA

Zonotopes Techniques for Reachability Analysis Antoine Girard Workshop “Topics in Computation and Control” March 27 th 2006, Santa Barbara, CA, USA
Verification of Hybrid Systems An Assessment of Current Techniques Holly Bowen.

Verification of Hybrid Systems An Assessment of Current Techniques Holly Bowen.
ECE 720T5 Fall 2012 Cyber-Physical Systems Rodolfo Pellizzoni.

ECE 720T5 Fall 2012 Cyber-Physical Systems Rodolfo Pellizzoni.
CIS 540 Principles of Embedded Computation Spring 2015 Instructor: Rajeev Alur

CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur
Modular Specification of Hybrid Systems in CHARON R. Alur, R. Grosu, Y. Hur, V. Kumar, I. Lee University of Pennsylvania SDRL and GRASP.

Modular Specification of Hybrid Systems in CHARON R. Alur, R. Grosu, Y. Hur, V. Kumar, I. Lee University of Pennsylvania SDRL and GRASP.
CIS 540 Principles of Embedded Computation Spring 2015 Instructor: Rajeev Alur

CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur
1 Formal Models for Stability Analysis : Verifying Average Dwell Time * Sayan Mitra MIT,CSAIL Research Qualifying Exam 20 th December.

1 Formal Models for Stability Analysis : Verifying Average Dwell Time * Sayan Mitra MIT,CSAIL Research Qualifying Exam 20 th December.
1 Stability of Hybrid Automata with Average Dwell Time: An Invariant Approach Daniel Liberzon Coordinated Science Laboratory University of Illinois at.

1 Stability of Hybrid Automata with Average Dwell Time: An Invariant Approach Daniel Liberzon Coordinated Science Laboratory University of Illinois at.
Systems Engineering for Automating V&V of Dependable Systems John S. Baras Institute for Systems Research University of Maryland College Park 301-405-6606.

Systems Engineering for Automating V&V of Dependable Systems John S. Baras Institute for Systems Research University of Maryland College Park
Integrated Design and Analysis Tools for Software-Based Control Systems Shankar Sastry (PI) Tom Henzinger Edward Lee University of California, Berkeley.

Integrated Design and Analysis Tools for Software-Based Control Systems Shankar Sastry (PI) Tom Henzinger Edward Lee University of California, Berkeley.
Model Checking. Used in studying behaviors of reactive systems Typically involves three steps: Create a finite state model (FSM) of the system design.

Model Checking. Used in studying behaviors of reactive systems Typically involves three steps: Create a finite state model (FSM) of the system design.
DIVES: Design, Implementation and Validation of Embedded Software Alur, Kumar, Lee(PI), Pappas, Sokolsky GRASP/SDRL University of Pennsylvania www.cis.upenn.edu/mobies/

DIVES: Design, Implementation and Validation of Embedded Software Alur, Kumar, Lee(PI), Pappas, Sokolsky GRASP/SDRL University of Pennsylvania
1 University of Pennsylvania Demonstrations Alur, Kumar, Lee, Pappas Rafael Fierro Yerang Hur Franjo Ivancic PK Mishra.

1 University of Pennsylvania Demonstrations Alur, Kumar, Lee, Pappas Rafael Fierro Yerang Hur Franjo Ivancic PK Mishra.
Model Checking for Hybrid Systems Bruce H. Krogh Carnegie Mellon University.

Model Checking for Hybrid Systems Bruce H. Krogh Carnegie Mellon University.
SDRL and GRASP University of Pennsylvania 6/27/00 MoBIES 1 Design, Implementation, and Validation of Embedded Software (DIVES) Contract No. F33615-00-C-1707.

SDRL and GRASP University of Pennsylvania 6/27/00 MoBIES 1 Design, Implementation, and Validation of Embedded Software (DIVES) Contract No. F C-1707.

Similar presentations

Ads by Google