Specification: The Biggest Bottleneck in Formal Methods and Autonomy 1
|
|
- Anissa Booker
- 6 years ago
- Views:
Transcription
1 Specification: The Biggest Bottleneck in Formal Methods and Autonomy 1 Kristin Yvonne Rozier Iowa State University February 13, For expansions on these ideas, see: K.Y.Rozier. Specification: The Biggest Bottleneck in Formal Methods and Autonomy. VSTTE, 2016.
2 Successes Origins? Quality? Usage? Organization? Future Challenges Design-Time Verification! Expected design-time component Recommended in DO-178B/C, D0-254 standards for Successfully applied in many aerospace contexts... Temporal Logic Kristin Yvonne Rozier Specification: The Biggest Bottleneck in FM & Autonomy
3 Successes Origins? Quality? Usage? Organization? Future Challenges Runtime Verification and System Health Management! Required for Autonomy New: Intelligent Interfaces Hot topic: UTM, Mars, NextGen,... Temporal Logic Kristin Yvonne Rozier Specification: The Biggest Bottleneck in FM & Autonomy
4 A Recent Motivation... Crash of ESA s ExoMars Schiaparelli Lander October 19, 2016
5 A Recent Motivation... Crash of ESA s ExoMars Schiaparelli Lander October 19, 2016 parachute deployed at: altitude of 7.5 miles (12 km) speed of 1,1075 mph (1,730 km/h)
6 A Recent Motivation... Crash of ESA s ExoMars Schiaparelli Lander October 19, 2016 parachute deployed at: altitude of 7.5 miles (12 km) speed of 1,1075 mph (1,730 km/h) heat shield ejected at altitude of 4.85 miles (7.8 km)
7 A Recent Motivation... Crash of ESA s ExoMars Schiaparelli Lander October 19, 2016 parachute deployed at: altitude of 7.5 miles (12 km) speed of 1,1075 mph (1,730 km/h) heat shield ejected at altitude of 4.85 miles (7.8 km) IMU miscalculated saturation-maximum period (by 1 sec)
8 A Recent Motivation... Crash of ESA s ExoMars Schiaparelli Lander October 19, 2016 parachute deployed at: altitude of 7.5 miles (12 km) speed of 1,1075 mph (1,730 km/h) heat shield ejected at altitude of 4.85 miles (7.8 km) IMU miscalculated saturation-maximum period (by 1 sec) Navigation system calculated a negative altitude premature release of parachute & backshell firing of braking thrusters activation of on-ground systems at 2 miles (3.7 km) altitude
9 A Recent Motivation... Crash of ESA s ExoMars Schiaparelli Lander October 19, 2016 parachute deployed at: altitude of 7.5 miles (12 km) speed of 1,1075 mph (1,730 km/h) heat shield ejected at altitude of 4.85 miles (7.8 km) IMU miscalculated saturation-maximum period (by 1 sec) Navigation system calculated a negative altitude premature release of parachute & backshell firing of braking thrusters activation of on-ground systems at 2 miles (3.7 km) altitude Crash at 185 mph (300 km/h)
10 A Recent Motivation... Crash of ESA s ExoMars Schiaparelli Lander Sanity Checks Relevant to this Mission: The altitude cannot be negative. The rate of change of descent can t be faster than gravity. The δ altitude must be within nominal parameters; it cannot change from 2 miles to a negative value in one time step. The saturation-maximum has an a priori known temporal bound. These sanity checks could have prevented the crash. Capability of such observations is required for autonomy.
11 Enabling Autonomy What do the humans do? 1 Pilot/control the system (on-board or remotely) 2 Provide self-awareness 3 Respond to off-nominal conditions 4 Make tough judgment calls
12 Enabling Autonomy What do the humans do? And how do we automate that? 1 Pilot/control the system (on-board or remotely) Autopilot 2 Provide self-awareness Runtime System Health Management (SHM) 3 Respond to off-nominal conditions Automated replanning and learning 4 Make tough judgment calls Algorithms like TCAS beat humans Ethical decisions are an open problem... Analysis from design-time and runtime is required for autonomy.
13 Successes Origins? Quality? Usage? Organization? Future Challenges Specifications: Required for Formal Methods and Autonomy! Formal Methodology 2 1 specification language 2 repertoire of proof methods make early precise decisions about major functionalities remove ambiguities from the description of expected behavior 2 Manna & Pnueli. The Temporal Logic of Reactive and Concurrent Systems: Specification. Springer, Temporal Logic Kristin Yvonne Rozier Specification: The Biggest Bottleneck in FM & Autonomy
14 Successes Origins? Quality? Usage? Organization? Future Challenges Specifications: Required for Formal Methods and Autonomy! Formal Methodology 2 1 specification language Linear Temporal Logic 2 repertoire of proof methods make early precise decisions about major functionalities remove ambiguities from the description of expected behavior 2 Manna & Pnueli. The Temporal Logic of Reactive and Concurrent Systems: Specification. Springer, Temporal Logic Kristin Yvonne Rozier Specification: The Biggest Bottleneck in FM & Autonomy
15 A Goal Aerospace System Design Process 3 M = Formal System Model Model Validation via Model Checking REVISE Model Validation Specification SPEC DEBUGGING System Design Model Check Model Verification Specification ERROR SPEC DEBUGGING NO Build Prototype Testing and ERROR... NO Simulation YES USE SPECIFICATIONS FOR RUNTIME MONITORING YES 3 Zhao & Rozier. Formal Specification and Verification of a Coordination Protocol for an Automated Air Traffic Control System. Science of Computer Programming Journal (96:3), pg , Elsevier, 2014.
16 A Goal Aerospace System Design Process 3 M = Formal System Model Model Validation via Model Checking REVISE Model Validation Specification SPEC DEBUGGING System Design Model Check Model Verification Specification ERROR SPEC DEBUGGING NO Build Prototype Testing and ERROR... NO Simulation YES USE SPECIFICATIONS FOR RUNTIME MONITORING... Garbage in, garbage out! YES 3 Zhao & Rozier. Formal Specification and Verification of a Coordination Protocol for an Automated Air Traffic Control System. Science of Computer Programming Journal (96:3), pg , Elsevier, 2014.
17 The Bottom Line Bottom Line: INPUTS to formal analysis are the BIGGEST challenge System Design M = Formal System Model Model Check Model Verification Specification... ERROR......
18 Synthesis! Model checking: check M = φ Problems: 4 Designing M is hard and expensive Re-designing M when M φ is hard and expensive Synthesis: start from φ, design M such that M = φ Simplifies verification No re-design For algorithmic derivations: no design! 4 M.Y.Vardi. From Verification to Synthesis. VSTTE 2008.
19 Synthesis! Model checking: check M = φ Problems: 4 Designing M is hard and expensive Re-designing M when M φ is hard and expensive Synthesis: start from φ, design M such that M = φ Simplifies verification No re-design For algorithmic derivations: no design! What about φ? 4 M.Y.Vardi. From Verification to Synthesis. VSTTE 2008.
20 Synthesis! Model checking: check M = φ Problems: 4 Designing M is hard and expensive Re-designing M when M φ is hard and expensive Synthesis: start from φ, design M such that M = φ Simplifies verification No re-design For algorithmic derivations: no design! What about φ? We need LTL Genesis! 4 M.Y.Vardi. From Verification to Synthesis. VSTTE 2008.
21 Specification Origins Where will we get specifications from? 5 Some critical systems are designed without formal requirements Some design processes don t formally define requirements until the testing phase Early specifications often mix many different objectives levels of detail/abstraction how the system is defined vs how the system should behave legal-speak on why the system satisfies rules desires/opinions of designers 5 Panel: Future Directions of Specifications for Formal Methods. In NFM 2014, J.Badger and K.Y.Rozier, eds.
22 Specification Origins Specification Extraction Strategies Human Authorship: Train system designers to write formal specifications first Pair designers with formal methods team to write specifications Natural Language Processing: extract formal specifications from English Operational Concepts 6 Highly input-dependent: assumptions, implied/arbitrary functions Hard to measure correctness, completeness Specification Mining: extract behaviors from existing systems Static Analysis: map all paths of a program Hard to differentiate normal usage from exceptions Learning/Dynamic Invariants: analyze actual executions; observe use-cases Specification Wizard: Semi-automated exploration of system facets, guided by human input 6 S.Ghosh, N.Shankar, P.Lincoln, D.Elenius, W.Li, and W.Steiener. Automatic Requirements Specification Extraction from Natural Language (ARSENAL). SRI International, Menlo Park CA, 2014.
23 Specification Origins Specifications for Free? 7 Combine specification mining, test-case generation, static analysis, and dynamic invariants to extract specifications automatically! Can use specifications mined from code Specification validation == software defect detection Promising for software runtime verification Still need code... What about early design time? What about cyber-physical system specifications? Can use specifications extracted from last version for new designs Challenges with specialization/levels of abstraction/relevance Other challenges: Scalability Efficiency Expressiveness 7 A. Zeller. Specifications for Free. NFM 2011.
24 Specification Quality How should we measure specification quality? 8 How can we know when we re done? How good are the specifications? How can we measure the completeness, correctness, coverage, or general quality of a set of specifications? 8 Panel: Future Directions of Specifications for Formal Methods. In NFM 2014, J.Badger and K.Y.Rozier, eds.
25 Specification Quality Sanity Checks Satisfiability Vacuity Realizability Coverage
26 Specification Usage How do we best use specifications? 9 Design lifecycles for different cyber-physical systems? How to indoctrinate formal specification into diverse teams of system designers? Barriers to adoption: time to write/validate learning curves culture Need an end-to-end process for specification extraction, usage What should our roadmap look like for a future full of well-specified (formally analyzable) critical systems? 9 Panel: Future Directions of Specifications for Formal Methods. In NFM 2014, J.Badger and K.Y.Rozier, eds.
27 Specification Usage Specification Use Strategies Property-Based Design: from specifications to systems Synthesis: generate M such that M = φ For cyber-physical systems? Specification-Based Testing: use specifications in test-case generation From Design- to Run-Time: carry specifications through the design cycle Specification design lifecycle? Maintenance: using specifications in system up-keep Maintenance of specifications?
28 Specification Patterns! Specifications: Classes 10 Others: Safety Response Reactivity Safety/Liveness/Guarantee/Obligation Fairness/Justice/Compassion Still too coarse and tied to syntax for practical use; need functional and hierarchical specification Manna & Pnueli. The Temporal Logic of Reactive and Concurrent Systems: Specification. Springer, 1992.
29 Specification Patterns! Specifications: Formula Patterns 11 Leverage experience with design and coding patterns Define specification pattern system capture recurring solutions; generalize across specific/domain problems encourage re-use make transparent the means by which requirements are satisfied name, intent, logic (language), scope (time interval), relationship to other patterns Characterized by: Solves a Specific Problem, e.g. not too abstract Proven Concept effective in practice Not Obvious or direct application of basic principles Describes Relationships, not single components Generative, describes how to construct a solution Organized in a hierarchy based on semantics 11 M.B. Dwyer, G.S. Avrunin, and J.C. Corbett. Property specification patterns for finite-state verification. Formal methods in software practice, pp ACM, 1998.
30 Specification Patterns! Specifications: Automata Patterns 12 Challenges Remain with Translational Semantics: Formula patterns are not compositional Need consistency with semantics of informal definitions Automata-based patterns: Compositional: based on compositions of patterns (logic executions) and scopes (time) Homogeneous: don t flatten key patterns/scopes separation Extensible: compositional semantics allow adding patterns & scopes Generic: can combine any pattern and any scope Faithful: formal guarantee that the translated temporal formula is faithful to the intended natural semantics 12 K.C. Castillos, F. Dadeau, J. Julliand, B. Kanso, and S. Taha. A compositional automata-based semantics for property patterns. ifm, pp , 2013.
31 Specification Patterns! Specifications: Automata Patterns 12 Challenges Remain with Translational Semantics: Formula patterns are not compositional Need consistency with semantics of informal definitions Automata-based patterns: Compositional: based on compositions of patterns (logic executions) and scopes (time) Homogeneous: don t flatten key patterns/scopes separation Extensible: compositional semantics allow adding patterns & scopes Generic: can combine any pattern and any scope Faithful: formal guarantee that the translated temporal formula is faithful to the intended natural semantics What about runtime specifications for autonomous systems? 12 K.C. Castillos, F. Dadeau, J. Julliand, B. Kanso, and S. Taha. A compositional automata-based semantics for property patterns. ifm, pp , 2013.
32 Specification Patterns! Specifications: Functional Patterns? Work on specification patterns focuses mostly on design time Formula patterns are not compositional Automata patterns are not decomposable hard for cyber-physical systems during runtime sanity checks are more complex What if that is a functional pattern? Are there different patterns for specification functions, e.g., between design time and runtime?
33 Specification Patterns! Runtime Functional Specification Patterns 13 Rates Ranges Relationships Control Sequences Consistency Checks 13 K.Y.Rozier. Specification: The Biggest Bottleneck in Formal Methods and Autonomy. VSTTE, 2016.
34 Specification Patterns! Runtime Functional Specification Patterns 13 Rates Ranges Relationships Control Sequences Consistency Checks 13 K.Y.Rozier. Specification: The Biggest Bottleneck in Formal Methods and Autonomy. VSTTE, 2016.
35 Specification Patterns! Runtime Functional Specification Patterns 13 Rates Velocity Ranges Relationships Velocity Control Sequences Consistency Checks 13 K.Y.Rozier. Specification: The Biggest Bottleneck in Formal Methods and Autonomy. VSTTE, 2016.
36 Specification Patterns! Runtime Functional Specification Patterns 13 Rates Ranges Relationships Control Sequences Consistency Checks 13 K.Y.Rozier. Specification: The Biggest Bottleneck in Formal Methods and Autonomy. VSTTE, 2016.
37 Specification Patterns! Runtime Functional Specification Patterns 13 Rates Ranges? Relationships Control Sequences Consistency Checks 13 K.Y.Rozier. Specification: The Biggest Bottleneck in Formal Methods and Autonomy. VSTTE, 2016.
38 Specification Patterns! Runtime Functional Specification Patterns 13 Rates Ranges? Relationships Control Sequences Consistency Checks We need to expand specification patterns to runtime! 13 K.Y.Rozier. Specification: The Biggest Bottleneck in Formal Methods and Autonomy. VSTTE, 2016.
39 Specification Patterns! R2U2: Runtime Specification Patterns in the Field 14 1 TL Observers: Efficient temporal reasoning 1 Asynchronous: output t, {0, 1} 2 Synchronous: output t, {0, 1,?} Logics: MTL, pt-mtl, Mission-time LTL Variables: Booleans (from system bus), sensor filter outputs 2 Bayes Nets: Efficient decision making Variables: outputs of TL observers, sensor filters, Booleans Output: most-likely status + probability 14 T. Reinbacher, K. Y. Rozier, and J. Schumann. Temporal-Logic Based Runtime Observer Pairs for System Health Management of Real-Time Systems. TACAS 14, pg
40 Specification Patterns! R2U2: Runtime Specification Patterns in the Field 14 1 TL Observers: Efficient temporal reasoning 1 Asynchronous: output t, {0, 1} 2 Synchronous: output t, {0, 1,?} Logics: MTL, pt-mtl, Mission-time LTL Variables: Booleans (from system bus), sensor filter outputs 2 Bayes Nets: Efficient decision making Variables: outputs of TL observers, sensor filters, Booleans Output: most-likely status + probability How do we organize R2U2 specifications? 14 T. Reinbacher, K. Y. Rozier, and J. Schumann. Temporal-Logic Based Runtime Observer Pairs for System Health Management of Real-Time Systems. TACAS 14, pg
41 Specification Patterns! R2U2: Runtime Specification Patterns in the Field 15 Health Nodes / Failure Modes H FG magnetometer sensor H FC RxUR Receiver underrun H FC RxOVR Receiver overrun H FG TxOVR Transmitter overrun in sensor H FG TxErr Transmitter error in in sensor H_FG H_FC_RxUR H_FC_RxOVR H_FG_TxOVR H_FG_TxErr S4 S5 S6 S3 S1 S2 We combine specifications in a way that is: hierarchical/structured compositional cross-language 15 J. Geist, K.Y. Rozier, and J. Schumann. Runtime Observer Pairs and Bayesian Network Reasoners On-board FPGAs: Flight-Certifiable System Health Management for Embedded Systems. RV 14.
42 How should we organize specifications? How do we store specifications in an accessible way? Allow for automated analysis, including verification? Enable re-use: design-time runtime future systems How do we pair English and Formal specifications? How do we preserve the hierarchical structure, compositionality, and relationships between specifications? Can we do this in a performable way?
43 Specification Organization Strategies Scenario Definition Languages
44 Specification Organization Strategies Scenario Definition Languages M vs φ?
45 Specification Organization Strategies Scenario Definition Languages M vs φ? Matlab/Simulink not scalable not backwards-compatible for long specification lifecycles not designed for this (kludgy)...
46 Specification Organization Strategies Scenario Definition Languages M vs φ? Matlab/Simulink not scalable not backwards-compatible for long specification lifecycles not designed for this (kludgy)... Database: SQL relationships are inherently non-tabular requires flattening the database requires extensive JOINs; non-performable
47 Specification Organization Strategies Scenario Definition Languages M vs φ? Matlab/Simulink not scalable not backwards-compatible for long specification lifecycles not designed for this (kludgy)... Database: SQL relationships are inherently non-tabular requires flattening the database requires extensive JOINs; non-performable None of these solve the organization problem!
48 Big Data of Specifications? If we do it right, specifications are everywhere! How do we organize specifications for each subsystem subcomponent level of abstraction How do we mine specifications for data patterns statistical analysis coverage How do we search specifications? How do we sort specifications? How do we integrate specification languages for different purposes? How do we make specifications available for reuse? We have a Big Data of Specifications problem!
49 Neo4j: Property Graph Database 16 A property graph G = {N, P, R} where N is a set of nodes, P is a set of properties, R is a set of relationships, Node: document contain sets of properties Properties: key/value pair Key: string Value: arbitrary data type Relationships: connect & structure nodes direction label start node end node [properties] 16
50 Specification Challenges: to Infinity and Beyond! You are here Coverage Quality Specifications Where are we now? Continuously re-assess... Where will we get specifications from? Correctness How should we measure specification quality? How do we best use specifications? How should we organize specifications? Completeness
51 Specification Challenges: to Infinity and Beyond! You are here Coverage Quality Specifications Where are we now? Continuously re-assess... Where will we get specifications from? Correctness How should we measure specification quality? How do we best use specifications? How should we organize specifications?... in the context of cyber-physical, autonomous systems? Completeness
Specification: The Biggest Bottleneck in Aerospace V&V and Autonomy
Specification: The Biggest Bottleneck in Aerospace V&V and Autonomy Kristin Yvonne Rozier University of Cincinnati May 6, 2016 Successes Challenges Future Challenges Design-Time Verification! Expected
More informationSoftware Model Checking: Theory and Practice
Software Model Checking: Theory and Practice Lecture: Specification Checking - Specification Patterns Copyright 2004, Matt Dwyer, John Hatcliff, and Robby. The syllabus and all lectures for this course
More informationTest and Evaluation of Autonomous Systems in a Model Based Engineering Context
Test and Evaluation of Autonomous Systems in a Model Based Engineering Context Raytheon Michael Nolan USAF AFRL Aaron Fifarek Jonathan Hoffman 3 March 2016 Copyright 2016. Unpublished Work. Raytheon Company.
More informationA Tutorial on Runtime Verification and Assurance. Ankush Desai EECS 219C
A Tutorial on Runtime Verification and Assurance Ankush Desai EECS 219C Outline 1. Background on Runtime Verification 2. Challenges in Programming Robotics System Drona). 3. Solution 1: Combining Model
More informationSoftware. Is
Software Is Details @KevlinHenney Any program is a model of a model within a theory of a model of an abstraction of some portion of the world or of some universe of discourse. Meir M Lehman "Programs,
More informationApplications of Program analysis in Model-Based Design
Applications of Program analysis in Model-Based Design Prahlad Sampath (Prahlad.Sampath@mathworks.com) 2018 by The MathWorks, Inc., MATLAB, Simulink, Stateflow, are registered trademarks of The MathWorks,
More informationModel Checking. Automatic Verification Model Checking. Process A Process B. when not possible (not AI).
Sérgio Campos scampos@dcc.ufmg.br Why? Imagine the implementation of a complex hardware or software system: A 100K gate ASIC perhaps 100 concurrent modules; A flight control system dozens of concurrent
More informationFlight Systems are Cyber-Physical Systems
Flight Systems are Cyber-Physical Systems Dr. Christopher Landauer Software Systems Analysis Department The Aerospace Corporation Computer Science Division / Software Engineering Subdivision 08 November
More informationIntegration of Formal Methods into Design and Implementation of Aerospace Systems
Integration of Formal Methods into Design and Implementation of Aerospace Systems Rice University December 11, 2014 Successes Bottlenecks Need for a New Direction Future Challenges Formal Methods Have
More informationA Path Planning Algorithm to Enable Well-Clear Low Altitude UAS Operation Beyond Visual Line of Sight
A Path Planning Algorithm to Enable Well-Clear Low Altitude UAS Operation Beyond Visual Line of Sight Swee Balachandran National Institute of Aerospace, Hampton, VA Anthony Narkawicz, César Muñoz, María
More informationCommunication-Based Design
Communication-Based Design Motivation System-level verification of large component-oriented designs will be very costly. We cannot afford to debug interface mismatches between internal components... especially
More informationHardware Design Verification: Simulation and Formal Method-Based Approaches William K Lam Prentice Hall Modern Semiconductor Design Series
Design Verification An Introduction Main References Hardware Design Verification: Simulation and Formal Method-Based Approaches William K Lam Prentice Hall Modern Semiconductor Design Series A Roadmap
More informationModel Checking with Automata An Overview
Model Checking with Automata An Overview Vanessa D Carson Control and Dynamical Systems, Caltech Doyle Group Presentation, 05/02/2008 VC 1 Contents Motivation Overview Software Verification Techniques
More informationAgent-Oriented Software Engineering
Agent-Oriented Software Engineering Lin Zuoquan Information Science Department Peking University lz@is.pku.edu.cn http://www.is.pku.edu.cn/~lz/teaching/stm/saswws.html Outline Introduction AOSE Agent-oriented
More informationIntroduction to Linear-Time Temporal Logic. CSE 814 Introduction to LTL
Introduction to Linear-Time Temporal Logic CSE 814 Introduction to LTL 1 Outline Motivation for TL in general Types of properties to be expressed in TL Structures on which LTL formulas are evaluated Syntax
More informationIntroduction to Formal Methods
2008 Spring Software Special Development 1 Introduction to Formal Methods Part I : Formal Specification i JUNBEOM YOO jbyoo@knokuk.ac.kr Reference AS Specifier s Introduction to Formal lmethods Jeannette
More informationA Formal Model Approach for the Analysis and Validation of the Cooperative Path Planning of a UAV Team
A Formal Model Approach for the Analysis and Validation of the Cooperative Path Planning of a UAV Team Antonios Tsourdos Brian White, Rafał Żbikowski, Peter Silson Suresh Jeyaraman and Madhavan Shanmugavel
More informationQuantitative Verification and Synthesis of Systems
Quantitative Verification and Synthesis of Systems Sanjit A. Seshia Assistant Professor EECS, UC Berkeley Software-at-Scale Workshop August 2010 Quantitative Analysis / Verification Does the brake-by-wire
More informationHardware Design and Simulation for Verification
Hardware Design and Simulation for Verification by N. Bombieri, F. Fummi, and G. Pravadelli Universit`a di Verona, Italy (in M. Bernardo and A. Cimatti Eds., Formal Methods for Hardware Verification, Lecture
More informationContemporary Design. Traditional Hardware Design. Traditional Hardware Design. HDL Based Hardware Design User Inputs. Requirements.
Contemporary Design We have been talking about design process Let s now take next steps into examining in some detail Increasing complexities of contemporary systems Demand the use of increasingly powerful
More informationFoundation of Contract for Things
Foundation of Contract for Things C.Sofronis, O.Ferrante, A.Ferrari, L.Mangeruca ALES S.r.l. Rome The Internet of System Engineering INCOSE-IL Seminar, Herzliya, Israel 15 September, 2011 Software Platform
More informationThe Maude LTL Model Checker and Its Implementation
The Maude LTL Model Checker and Its Implementation Steven Eker 1,José Meseguer 2, and Ambarish Sridharanarayanan 2 1 Computer Science Laboratory, SRI International Menlo Park, CA 94025 eker@csl.sri.com
More informationSoftware Engineering: Integration Requirements
Software Engineering: Integration Requirements AYAZ ISAZADEH Department of Computer Science Tabriz University Tabriz, IRAN Abstract: - This paper presents a discussion of software integration requirements,
More informationPetri Nets ~------~ R-ES-O---N-A-N-C-E-I--se-p-te-m--be-r Applications.
Petri Nets 2. Applications Y Narahari Y Narahari is currently an Associate Professor of Computer Science and Automation at the Indian Institute of Science, Bangalore. His research interests are broadly
More informationFormal Methods in Software Engineering. Lecture 07
Formal Methods in Software Engineering Lecture 07 What is Temporal Logic? Objective: We describe temporal aspects of formal methods to model and specify concurrent systems and verify their correctness
More informationCOMPASS: FORMAL METHODS FOR SYSTEM-SOFTWARE CO-ENGINEERING
COMPASS: FORMAL METHODS FOR SYSTEM-SOFTWARE CO-ENGINEERING Viet Yen Nguyen Lehrstuhl für Informatik 2, RWTH Aachen University nguyen@cs.rwth-aachen.de Technology Innovation Days, ESA/ESTEC, 2011 ABOUT
More informationQ Body of techniques supported by. R precise mathematics. R powerful analysis tools. Q Rigorous, effective mechanisms for system.
Introduction to Formal Methods 1 Introduction to Formal Methods 2 Formal Specification Requirements specification R notational statement of system services Software specification R formal abstract depiction
More informationBy: Chaitanya Settaluri Devendra Kalia
By: Chaitanya Settaluri Devendra Kalia What is an embedded system? An embedded system Uses a controller to perform some function Is not perceived as a computer Software is used for features and flexibility
More informationORACLE MESSAGEQ ORACLE DATA SHEET KEY FEATURES AND BENEFITS
ORACLE MESSAGEQ KEY FEATURES AND BENEFITS With Oracle MessageQ, you can translate your inventory of diverse applications into a strategic advantage. FEATURES Interoperability with IBM platforms via TCP/IP
More informationSoftware. Is
Software Is Details @KevlinHenney Any program is a model of a model within a theory of a model of an abstraction of some portion of the world or of some universe of discourse. Meir M Lehman "Programs,
More informationJust-In-Time Certification
Just-In-Time Certification John Rushby Computer Science Laboratory SRI International Menlo Park, California, USA John Rushby, SR I Just-In-Time Certification: 1 Certification Provides assurance that deploying
More informationCodesign Framework. Parts of this lecture are borrowed from lectures of Johan Lilius of TUCS and ASV/LL of UC Berkeley available in their web.
Codesign Framework Parts of this lecture are borrowed from lectures of Johan Lilius of TUCS and ASV/LL of UC Berkeley available in their web. Embedded Processor Types General Purpose Expensive, requires
More informationCITS5501 Software Testing and Quality Assurance Formal methods
CITS5501 Software Testing and Quality Assurance Formal methods Unit coordinator: Arran Stewart May 1, 2018 1 / 49 Sources Pressman, R., Software Engineering: A Practitioner s Approach, McGraw-Hill, 2005
More informationLeveraging Formal Verification Throughout the Entire Design Cycle
Leveraging Formal Verification Throughout the Entire Design Cycle Verification Futures Page 1 2012, Jasper Design Automation Objectives for This Presentation Highlight several areas where formal verification
More informationSoftware Architectures. Lecture 6 (part 1)
Software Architectures Lecture 6 (part 1) 2 Roadmap of the course What is software architecture? Designing Software Architecture Requirements: quality attributes or qualities How to achieve requirements
More informationUsing Hybrid Automata for Early Spacecraft Design Evaluation
Seminar Operating Systems: Winter Semester 18/19 Using Hybrid Automata for Early Spacecraft Design Evaluation Jafar Akhundov Motivation Motivation: Spacecraft Modelling Gaia - mission to chart a 3d-map
More informationVoid main Technologies
SNO TITLE Domain 1. A Hybrid Approach for Detecting Automated Spammers in Twitter Data mining 2. A Key-Policy Attribute-Based Temporary Keyword Search scheme for Secure Storage 3. A Lightweight Secure
More informationMike Whalen Program Director, UMSEC University of Minnesota
Formal Analysis for Communicating Medical Devices Mike Whalen Program Director, UMSEC University of Minnesota Research Topics Multi-Domain Analysis of System Architecture Models Compositional Assume-Guarantee
More informationA Novel Approach for Software Property Validation
A Novel Approach for Software Property Validation Salamah Salamah Department of Computer and Software Engineering, Embry-Riddle Aeronautical University, salamahs@erau.edu. Irbis Gallegos, Omar Ochoa Computer
More informationISO compliant verification of functional requirements in the model-based software development process
requirements in the model-based software development process Hans J. Holberg SVP Marketing & Sales, BTC Embedded Systems AG An der Schmiede 4, 26135 Oldenburg, Germany hans.j.holberg@btc-es.de Dr. Udo
More informationSystem Design and Methodology/ Embedded Systems Design (Modeling and Design of Embedded Systems)
Design&Methodologies Fö 1&2-1 Design&Methodologies Fö 1&2-2 Course Information Design and Methodology/ Embedded s Design (Modeling and Design of Embedded s) TDTS07/TDDI08 Web page: http://www.ida.liu.se/~tdts07
More informationLecture 11 Lecture 11 Nov 5, 2014
Formal Verification/Methods Lecture 11 Lecture 11 Nov 5, 2014 Formal Verification Formal verification relies on Descriptions of the properties or requirements Descriptions of systems to be analyzed, and
More informationis easing the creation of new ontologies by promoting the reuse of existing ones and automating, as much as possible, the entire ontology
Preface The idea of improving software quality through reuse is not new. After all, if software works and is needed, just reuse it. What is new and evolving is the idea of relative validation through testing
More informationThe Need for Speed: Understanding design factors that make multicore parallel simulations efficient
The Need for Speed: Understanding design factors that make multicore parallel simulations efficient Shobana Sudhakar Design & Verification Technology Mentor Graphics Wilsonville, OR shobana_sudhakar@mentor.com
More informationCover Page. The handle holds various files of this Leiden University dissertation
Cover Page The handle http://hdl.handle.net/1887/22891 holds various files of this Leiden University dissertation Author: Gouw, Stijn de Title: Combining monitoring with run-time assertion checking Issue
More informationSoftwaretechnik. Lecture 08: Testing and Debugging Overview. Peter Thiemann SS University of Freiburg, Germany
Softwaretechnik Lecture 08: Testing and Debugging Overview Peter Thiemann University of Freiburg, Germany SS 2012 Literature Essential Reading Why Programs Fail: A Guide to Systematic Debugging, A Zeller
More informationSoftwaretechnik. Lecture 08: Testing and Debugging Overview. Peter Thiemann SS University of Freiburg, Germany
Softwaretechnik Lecture 08: Testing and Debugging Overview Peter Thiemann University of Freiburg, Germany SS 2012 Literature Essential Reading Why Programs Fail: A Guide to Systematic Debugging, A Zeller
More informationComplexity-Reducing Design Patterns for Cyber-Physical Systems. DARPA META Project. AADL Standards Meeting January 2011 Steven P.
Complexity-Reducing Design Patterns for Cyber-Physical Systems DARPA META Project AADL Standards Meeting 24-27 January 2011 Steven P. Miller Delivered to the Government in Accordance with Contract FA8650-10-C-7081
More informationHigh-Level Information Interface
High-Level Information Interface Deliverable Report: SRC task 1875.001 - Jan 31, 2011 Task Title: Exploiting Synergy of Synthesis and Verification Task Leaders: Robert K. Brayton and Alan Mishchenko Univ.
More informationSWE 760 Lecture 1: Introduction to Analysis & Design of Real-Time Embedded Systems
SWE 760 Lecture 1: Introduction to Analysis & Design of Real-Time Embedded Systems Hassan Gomaa References: H. Gomaa, Chapters 1, 2, 3 - Real-Time Software Design for Embedded Systems, Cambridge University
More informationThe University of Iowa Fall CS:5810 Formal Methods in Software Engineering. Introduction
The University of Iowa Fall 2017 CS:5810 Formal Methods in Software Engineering Introduction Copyright 2017, Cesare Tinelli, Pierre-Loïc Garoche, Reiner Hänle, Steven Miller These notes are copyrighted
More informationHCI in the software process
chapter 6 HCI in the software process HCI in the software process Software engineering and the process for interactive systems Usability engineering Iterative and prototyping Design rationale the software
More informationHCI in the software. chapter 6. HCI in the software process. The waterfall model. the software lifecycle
HCI in the software process chapter 6 HCI in the software process Software engineering and the process for interactive systems Usability engineering Iterative and prototyping Design rationale the software
More informationDistributed Consensus in Multivehicle Cooperative Control: Theory and Applications
Distributed Consensus in Multivehicle Cooperative Control: Theory and Applications Wei Ren and Randal W. Beard Springer ISBN: 978-1-84800-014-8 Tutorial Slides Prepared by Wei Ren Department of Electrical
More informationChap 2. Introduction to Software Testing
Chap 2. Introduction to Software Testing 2.1 Software Testing Concepts and Processes 2.2 Test Management 1 2.1 Software Testing Concepts and Processes 1. Introduction 2. Testing Dimensions 3. Test Concepts
More informationECE 587 Hardware/Software Co-Design Lecture 11 Verification I
ECE 587 Hardware/Software Co-Design Spring 2018 1/23 ECE 587 Hardware/Software Co-Design Lecture 11 Verification I Professor Jia Wang Department of Electrical and Computer Engineering Illinois Institute
More informationHuman Computer Interaction Lecture 14. HCI in Software Process. HCI in the software process
Human Computer Interaction Lecture 14 HCI in Software Process HCI in the software process Software engineering and the design process for interactive systems Usability engineering Iterative design and
More informationTo be or not programmable Dimitri Papadimitriou, Bernard Sales Alcatel-Lucent April 2013 COPYRIGHT 2011 ALCATEL-LUCENT. ALL RIGHTS RESERVED.
To be or not programmable Dimitri Papadimitriou, Bernard Sales Alcatel-Lucent April 2013 Introduction SDN research directions as outlined in IRTF RG outlines i) need for more flexibility and programmability
More informationInvestigation of System Timing Concerns in Embedded Systems: Tool-based Analysis of AADL Models
Investigation of System Timing Concerns in Embedded Systems: Tool-based Analysis of AADL Models Peter Feiler Software Engineering Institute phf@sei.cmu.edu 412-268-7790 2004 by Carnegie Mellon University
More informationPliny and Fixr Meeting. September 15, 2014
Pliny and Fixr Meeting September 15, 2014 Fixr: Mining and Understanding Bug Fixes for App-Framework Protocol Defects (TA2) University of Colorado Boulder September 15, 2014 Fixr: Mining and Understanding
More informationLearning-Based Assume-Guarantee Verification (Tool Paper)
-Based Assume-Guarantee Verification (Tool Paper) Dimitra Giannakopoulou and Corina S. Păsăreanu NASA Ames Research Center, Moffett Field, CA 94035-1000, USA 1 Introduction Despite significant advances
More informationArchitectural Blueprint
IMPORTANT NOTICE TO STUDENTS These slides are NOT to be used as a replacement for student notes. These slides are sometimes vague and incomplete on purpose to spark a class discussion Architectural Blueprint
More informationAutomated Refinement Checking of Asynchronous Processes. Rajeev Alur. University of Pennsylvania
Automated Refinement Checking of Asynchronous Processes Rajeev Alur University of Pennsylvania www.cis.upenn.edu/~alur/ Intel Formal Verification Seminar, July 2001 Problem Refinement Checking Given two
More informationTsmart-BIPEX: An Integrated Graphical Design Toolkit for Software Systems
Tsmart-BIPEX: An Integrated Graphical Design Toolkit for Software Systems Huafeng Zhang 1, Yu Jiang 1, Han Liu 1, Ming Gu 1, and Jiaguang Sun 1 School of Software, Tsinghua University, China Abstract.
More informationProving the Correctness of Distributed Algorithms using TLA
Proving the Correctness of Distributed Algorithms using TLA Khushboo Kanjani, khush@cs.tamu.edu, Texas A & M University 11 May 2007 Abstract This work is a summary of the Temporal Logic of Actions(TLA)
More informationMarkus Völter
of Markus Völter voelter@acm.org www.voelter.de @markusvoelter Examples 1 Healthcare Context & Motivation Mobile Apps that help patients w/ treatments Monitor side-effects and recommend actions Manage
More informationTechniques for the unambiguous specification of software
Formal Techniques for the unambiguous of software Objectives To explain why formal techniques help discover problems in system requirements To describe the use of algebraic techniques for interface To
More informationt Bench for Robotics and Autonomy Andrea Merlo
t Bench for Robotics and Autonomy Andrea Merlo Agenda Introduction TBRA Overview Objectives Architecture / Technical Description Status Test Results Roadmap he context of a Rover, dance, Navigation and
More informationThis project has received funding from the European Union s Horizon 2020 research and innovation programme under grant agreement No
This project has received funding from the European Union s Horizon 2020 research and innovation programme under grant agreement No 643921. TOOLS INTEGRATION UnCoVerCPS toolchain Goran Frehse, UGA Xavier
More informationHierarchical Multi-Objective Planning For Autonomous Vehicles
Hierarchical Multi-Objective Planning For Autonomous Vehicles Alberto Speranzon United Technologies Research Center UTC Institute for Advanced Systems Engineering Seminar Series Acknowledgements and References
More informationHuman Computer Interaction Lecture 06 [ HCI in Software Process ] HCI in the software process
Human Computer Interaction Lecture 06 [ HCI in Software Process ] Imran Ihsan Assistant Professor www.imranihsan.com aucs.imranihsan.com HCI06 - HCI in Software Process 1 HCI in the software process Software
More informationAddressing Verification Bottlenecks of Fully Synthesized Processor Cores using Equivalence Checkers
Addressing Verification Bottlenecks of Fully Synthesized Processor Cores using Equivalence Checkers Subash Chandar G (g-chandar1@ti.com), Vaideeswaran S (vaidee@ti.com) DSP Design, Texas Instruments India
More informationDescribing the architecture: Creating and Using Architectural Description Languages (ADLs): What are the attributes and R-forms?
Describing the architecture: Creating and Using Architectural Description Languages (ADLs): What are the attributes and R-forms? CIS 8690 Enterprise Architectures Duane Truex, 2013 Cognitive Map of 8090
More informationJava-MOP: A Monitoring Oriented Programming Environment for Java
Java-MOP: A Monitoring Oriented Programming Environment for Java Feng Chen and Grigore Roşu Department of Computer Science, University of Illinois at Urbana - Champaign, USA {fengchen, grosu}@uiuc.edu
More informationCyber Physical System Verification with SAL
Cyber Physical System Verification with July 22, 2013 Cyber Physical System Verification with Outline 1 2 3 4 5 Cyber Physical System Verification with Table of Contents 1 2 3 4 5 Cyber Physical System
More informationFormal Technology in the Post Silicon lab
Formal Technology in the Post Silicon lab Real-Life Application Examples Haifa Verification Conference Jamil R. Mazzawi Lawrence Loh Jasper Design Automation Focus of This Presentation Finding bugs in
More informationAutomated Software Synthesis for Complex Robotic Systems
Automated Software Synthesis for Complex Robotic Systems Indranil Saha Department of Computer Science and Engineering Indian Institute of Technology Kanpur Indranil Saha Automated Software Synthesis for
More informationDistributed Systems Programming (F21DS1) Formal Verification
Distributed Systems Programming (F21DS1) Formal Verification Andrew Ireland Department of Computer Science School of Mathematical and Computer Sciences Heriot-Watt University Edinburgh Overview Focus on
More informationArchitectural Blueprint The 4+1 View Model of Software Architecture. Philippe Kruchten
Architectural Blueprint The 4+1 View Model of Software Architecture Philippe Kruchten Model What is a model? simplified abstract representation information exchange standardization principals (involved)
More informationFormal Verification of Intelligent Systems Modeled as Decision Procedures. Siddhartha Bhattacharyya, Thomas C. Eskridge and Marco Carvalho
Formal Verification of Intelligent Systems Modeled as Decision Procedures Siddhartha Bhattacharyya, Thomas C. Eskridge and Marco Carvalho Motivation Autonomous agents are controlling or coordinating autonomous
More informationTime-Triggered Ethernet
Time-Triggered Ethernet Chapters 42 in the Textbook Professor: HONGWEI ZHANG CSC8260 Winter 2016 Presented By: Priyank Baxi (fr0630) fr0630@wayne.edu Outline History Overview TTEthernet Traffic Classes
More informationSystemVerilog Assertions in the Design Process 213
SystemVerilog Assertions in the Design Process 213 6.6 RTL Design Assertions, generated during the architectural planning phases, greatly facilitate the writing of the RTL implementation because they help
More informationLabVIEW Based Embedded Design [First Report]
LabVIEW Based Embedded Design [First Report] Sadia Malik Ram Rajagopal Department of Electrical and Computer Engineering University of Texas at Austin Austin, TX 78712 malik@ece.utexas.edu ram.rajagopal@ni.com
More informationSimulation and Verification of Timed and Hybrid Systems
Simulation and Verification of Timed and Hybrid Systems Bert van Beek and Koos Rooda Systems Engineering Group Eindhoven University of Technology ISC 2007 Delft 11 June 2007 Bert van Beek and Koos Rooda
More informationA Mini Challenge: Build a Verifiable Filesystem
A Mini Challenge: Build a Verifiable Filesystem Rajeev Joshi and Gerard J. Holzmann Laboratory for Reliable Software, Jet Propulsion Laboratory, California Institute of Technology, Pasadena, CA 91109,
More informationLibrary-Based Scalable Refinement Checking for Contract-Based Design
Library-Based Scalable Refinement Checking for Contract-Based Design Antonio Iannopollo Pierluigi Nuzzo Stavros Tripakis Alberto Sangiovanni-Vincentelli EXCAPE ANNUAL MEETING 10-11 MARCH 2014 UC BERKELEY
More informationCOMP 763. Eugene Syriani. Ph.D. Student in the Modelling, Simulation and Design Lab School of Computer Science. McGill University
Eugene Syriani Ph.D. Student in the Modelling, Simulation and Design Lab School of Computer Science McGill University 1 OVERVIEW In the context In Theory: Timed Automata The language: Definitions and Semantics
More informationLet s build. like they build. Markus Völter Bernd Kolb
Let s build like they build Markus Völter voelter@acm.org www.voelter.de @markusvoelter Bernd Kolb kolb@itemis.de www.itemis.de @berndkolb B 0 Motivation Examples 1 M Healthcare Context & Motivation Mobile
More informationLab #1: Introduction to Design Methodology with FPGAs part 1 (80 pts)
Nate Pihlstrom, npihlstr@uccs.edu Lab #1: Introduction to Design Methodology with FPGAs part 1 (80 pts) Objective The objective of this lab assignment is to introduce and use a methodology for designing
More informationBinary Decision Diagrams and Symbolic Model Checking
Binary Decision Diagrams and Symbolic Model Checking Randy Bryant Ed Clarke Ken McMillan Allen Emerson CMU CMU Cadence U Texas http://www.cs.cmu.edu/~bryant Binary Decision Diagrams Restricted Form of
More informationSafety and Reliability of Software-Controlled Systems Part 14: Fault mitigation
Safety and Reliability of Software-Controlled Systems Part 14: Fault mitigation Prof. Dr.-Ing. Stefan Kowalewski Chair Informatik 11, Embedded Software Laboratory RWTH Aachen University Summer Semester
More informationM. De Wulf, L. Doyen,J.-F. Raskin Université Libre de Bruxelles Centre Fédéré en Vérification
Systematic Implementation of Real-Time Models M. De Wulf, L. Doyen,J.-F. Raskin Université Libre de Bruxelles Centre Fédéré en Vérification Model-based Development for Controllers Make a model of the environment
More informationConceptual Data Modeling for the Functional Decomposition of Mission Capabilities
Conceptual Data Modeling for the Functional Decomposition of Mission Capabilities February 27, 2018 Andrew Battigaglia Andrew.Battigaglia@gtri.gatech.edu 1 Motivation Describing Data The purpose of a functional
More informationVerification of Intelligent Software
Verification of Intelligent Software Charles Pecheur (RIACS / NASA Ames) Charles Pecheur 2003 1 Contents Model Checking for Intelligent Software Why? Intelligent software, how to verify it? What? A bird's-eye
More informationStreamBox: Modern Stream Processing on a Multicore Machine
StreamBox: Modern Stream Processing on a Multicore Machine Hongyu Miao and Heejin Park, Purdue ECE; Myeongjae Jeon and Gennady Pekhimenko, Microsoft Research; Kathryn S. McKinley, Google; Felix Xiaozhu
More informationCompositionality in system design: interfaces everywhere! UC Berkeley
Compositionality in system design: interfaces everywhere! Stavros Tripakis UC Berkeley DREAMS Seminar, Mar 2013 Computers as parts of cyber physical systems cyber-physical ~98% of the world s processors
More informationAn Introduction to Software Architecture. David Garlan & Mary Shaw 94
An Introduction to Software Architecture David Garlan & Mary Shaw 94 Motivation Motivation An increase in (system) size and complexity structural issues communication (type, protocol) synchronization data
More informationFormal Methods and their role in Software and System Development. Riccardo Sisto, Politecnico di Torino
Formal Methods and their role in Software and System Development Riccardo Sisto, Politecnico di Torino What are Formal Methods? Rigorous (mathematical) methods for modelling and analysing (computer-based)
More informationMulti-Board Systems Design
Multi-Board Systems Design D A T A S H E E T MAJOR BENEFITS: Xpedition optimizes multi-board system design from logical system definition through manufacturing. Overview Electronic multi-board systems
More informationEE382N (20): Computer Architecture - Parallelism and Locality Spring 2015 Lecture 14 Parallelism in Software I
EE382 (20): Computer Architecture - Parallelism and Locality Spring 2015 Lecture 14 Parallelism in Software I Mattan Erez The University of Texas at Austin EE382: Parallelilsm and Locality, Spring 2015
More information