SOTER on ROS: A Run-Time Assurance Framework on the Robot Operating System

We present an implementation of SOTER, a run-time assurance framework for building safe distributed mobile robotic (DMR) systems, on top of the Robot Operating System (ROS). The safety of DMR systems cannot always be guaranteed at design time, especially when complex, off-the-shelf components are used that cannot be verified easily. SOTER addresses this by providing a language-based approach for run-time assurance for DMR systems. SOTER implements the reactive robotic software using the language P, a domain-specific language designed for implementing asynchronous event-driven systems, along with an integrated run-time assurance system that allows programmers to use unfortified components but still provide safety guarantees. We describe an implementation of SOTER for ROS and demonstrate its efficacy using a multi-robot surveillance case study, with multiple run-time assurance modules. Through rigorous simulation, we show that SOTER enabled systems ensure safety, even when using unknown and untrusted components.Comment: 20th International Conference on Runtime Verificatio

AN INTRODUCTION TO FRAMEWORK ADAPTATIONS FOR ADDITIONAL ASSURANCE OF A DEEP NEURAL NETWORK WITHIN NAVAL TEST AND EVALUATION

The complexity of modern warfare has rapidly outmatched the capacity of a human brain to accomplish the required tasks of a defined mission set. Task-shedding mundane tasks would prove immensely beneficial, freeing the warfighter to solve more complex issues; however, most tasks that a human might find menial, and shed-worthy, prove vastly abstract for a computer to solve. Advances in Deep Neural Network technology have demonstrated extensive applications as of late. As DNNs become more capable of accomplishing increasingly complex tasks, and the processors to run those neural nets continue to decrease in size, incorporation of DNN technology into legacy and next-generation aerial Department of Defense platforms has become eminently useful and advantageous. The assimilation of DNN-based systems using traditional testing methods and frameworks to produce artifacts in support of platform certification within Naval Airworthiness, however, proves prohibitive from a cost and time perspective, is not factored for agile development, and would provide an incomplete understanding of the capabilities and limitations of a neural network. The framework presented in this paper provides updated methodologies and considerations for the testing and evaluation and assurance of neural networks in support of the Naval Test and Evaluation process.Commander, United States NavyApproved for public release; distribution is unlimited

Path-sensitive Type Analysis with Backward Analysis for Quality Assurance of Dynamic Typed Language Code

Precise and fast static type analysis for dynamically typed language is very difficult. This is mainly because the lack of static type information makes it difficult to approximate all possible values of a variable. Actually, the existing static type analysis methods are imprecise or slow. In this paper, we propose a novel method to improve the precision of static type analysis for Python code, where a backward analysis is used to obtain the path-sensitivity. By doing so, our method aims to obtain more precise static type information, which contributes to the overall improvement of static analysis. To show the effectiveness of our method, we conducted a preliminary experiment to compare our method implementation and the existing analysis tool with respect to precision and time efficiency. The result shows our method provides more precise type analysis with fewer false positives than the existing static type analysis tool. Also it shows our proposed method increases the analysis time, but it is still within the range of practical use.Comment: 9 pages with 6 figure

Formal Requirements Analysis and Specification-Based Testing in Cyber-Physical Systems

openFormal requirements analysis plays an important role in the design of safety- and security-critical complex systems such as, e.g., Cyber-Physical Systems (CPS). It can help in detecting problems early in the system development life-cycle, reducing time and cost to completion. Moreover, its results can be employed at the end of the process to validate the implemented system, guiding the testing phase. Despite its importance, requirements analysis is still largely carried out manually due to the intrinsic difficulty of dealing with natural language requirements, the most common way to represent them. However, manual reviews are time-consuming and error-prone, reducing the potential benefit of the requirement engineering process. Automation can be achieved with the employment of formal methods, but their application is still limited by their complexity and lack of specialized tools. In this work we focus on the analysis of requirements for the design of CPSs, and on how to automatize some activities related to such analysis. We first study how to formalize requirements expressed in a structured English language, encode them in linear temporal logic, check their consistency with off-the-shelf model checkers, and find minimal set of conflicting requirements in case of inconsistency. We then present a new methodology to automatically generate tests from requirements and execute them on a given system, without requiring knowledge of its internal structure. Finally, we provide a set of tools that implement the studied algorithms and provide easy-to-use interfaces to help their adoption from the users.openXXXIII CICLO - INFORMATICA E INGEGNERIA DEI SISTEMI/ COMPUTER SCIENCE AND SYSTEMS ENGINEERING - Informatica/computer sciencePULINA, LUCAVuotto, Simon

심층신경망 학습 코드의 텐서 형상 에러를 찾아내는 정적분석기

학위논문(석사) -- 서울대학교대학원 : 공과대학 컴퓨터공학부, 2022. 8. 허충길.This thesis presents an automatic static analyzer PyTea that detects tensor-shape errors in PyTorch code. The tensor-shape error is critical in the deep neural net code; much of the training cost and intermediate results are to be lost once a tensor shape mismatch occurs in the midst of the training phase. Given the input PyTorch source, PyTea statically traces every possible execution path, collects tensor shape constraints required by the tensor operation sequence of the path, and decides if the constraints are unsatisfiable (hence a shape error can occur). PyTea’s scalability and precision hinges on the characteristics of real-world PyTorch applications: the number of execution paths after PyTea’s conservative pruning rarely explodes and loops are simple enough to be circumscribed by symbolic abstraction. PyTea is tested against the projects in the official PyTorch repository and some tensor-error code questioned in the StackOverflow. PyTea successfully detects tensor shape errors in these codes, each within a few seconds.본 논문은 PyTorch 코드에서 텐서 형상 오류를 검출하는 자동 정적분석기 PyTea를 소개한다. 텐서 형상 오류는 한번 일어나면 많은 학습 시간과 중간 결과를 잃어버릴 수 있기에 심층신경망 학습에 있어 매우 중요한 부분을 차지한다. PyTea는 PyTorch 코드를 받아 모든 가능한 실행경로를 정적으로 분석하고, 각 경로마다 텐서 연산이 오류없이 수행될 수 있는 텐서 형상의 조건을 모은 뒤, 그 조건들을 전부 만족시킬수 있는지 없는지를 판단하여 텐서 형상 오류가 있는지를 감지한다. PyTea의 확장성과 정확성은 PyTea의 심볼릭 축약 및 경로 단순화 후 남은 경로 갯수가 많지 않으며, 반복문의 실행 횟수도 충분히 작다는 실제 PyTorch 프로그램의 특성에 기반한다. PyTea는 공식 PyTorch 코드 저장소와 StackOverflow의 텐서 오류 코드를 기반으로 테스트 되었으며, 이러한 실험에서 모두 수 초 이내로 텐서 형상 오류를 검출하였다.Abstract 1 Chapter 1 Introduction 8 1.1 Our Goal 8 1.2 Structure of PyTorch Programs 8 1.3 Tensor Shape Errors 9 Chapter 2 Overview of PyTea Analyzer 15 2.1 Assumptions 16 2.2 Handling path explosions 17 2.3 Handling Loops 17 Chapter 3 Analysis Steps 19 3.1 PyTea IR 19 3.2 Constraint generation 20 3.2.1 Constraint generation rules for PyTea IR 22 3.2.2 Constraint types 22 3.2.3 Handling path explosion 25 3.3 Constraint check 26 3.3.1 Online constraint check 26 3.3.2 Offline constraint check 26 Chapter 4 Evaluation 28 4.1 Results 31 4.1.1 PyTea for PyTorch Examples 31 4.1.2 PyTea for StackOverflow questions 32 4.2 Discovered Errors in PyTorch Applications 33 4.2.1 Detecting insufficient data preprocessing 34 4.2.2 Handling path explosion 34 4.2.3 Handling both regular and residual batch sizes in the training loop 35 4.3 Limitation of PyTea 36 Chapter 5 Related Works and Conclusion 38 Chapter A Appendix 41 A.1 Supported Python syntax 41 A.2 Evaluation details 43 A.2.1 Specification of injected shape error 43 A.2.2 Analysis result of complete PyTorch project 44 A.2.3 Complete command-line arguments 45 A.2.4 Code modification points 45 A.2.5 Experiment comparison criteria 46 A.3 Complete definitions of PyTea IR syntax and semantics 47 A.3.1 Syntax 47 A.3.2 Constraint 48 A.3.3 Domain 49 초록 56 Acknowledgements 57석

Property specification patterns at work: verification and inconsistency explanation

Property specification patterns (PSPs) have been proposed to ease the formalization of requirements, yet enable automated verification thereof. In particular, the internal consistency of specifications written with PSPs can be checked automatically with the use of, for example, linear temporal logic (LTL) satisfiability solvers. However, for most practical applications, the expressiveness of PSPs is too restricted to enable writing useful requirement specifications, and proving that a set of requirements is inconsistent can be worthless unless a minimal set of conflicting requirements is extracted to help designers to correct a wrong specification. In this paper, we extend PSPs by considering Boolean as well as atomic numerical assertions, we contribute an encoding from extended PSPs to LTL formulas, and we present an algorithm computing inconsistency explanations, i.e., irreducible inconsistent subsets of the original set of requirements. Our extension enables us to reason about the internal consistency of functional requirements which would not be captured by basic PSPs. Experimental results demonstrate that our approach can check and explain (in)consistencies in specifications with nearly two thousand requirements generated using a probabilistic model, and that it enables effective handling of real-world case studies