439 research outputs found
Evaluating Model Testing and Model Checking for Finding Requirements Violations in Simulink Models
Matlab/Simulink is a development and simulation language that is widely used
by the Cyber-Physical System (CPS) industry to model dynamical systems. There
are two mainstream approaches to verify CPS Simulink models: model testing that
attempts to identify failures in models by executing them for a number of
sampled test inputs, and model checking that attempts to exhaustively check the
correctness of models against some given formal properties. In this paper, we
present an industrial Simulink model benchmark, provide a categorization of
different model types in the benchmark, describe the recurring logical patterns
in the model requirements, and discuss the results of applying model checking
and model testing approaches to identify requirements violations in the
benchmarked models. Based on the results, we discuss the strengths and
weaknesses of model testing and model checking. Our results further suggest
that model checking and model testing are complementary and by combining them,
we can significantly enhance the capabilities of each of these approaches
individually. We conclude by providing guidelines as to how the two approaches
can be best applied together.Comment: 10 pages + 2 page reference
Data-driven and Model-based Verification: a Bayesian Identification Approach
This work develops a measurement-driven and model-based formal verification
approach, applicable to systems with partly unknown dynamics. We provide a
principled method, grounded on reachability analysis and on Bayesian inference,
to compute the confidence that a physical system driven by external inputs and
accessed under noisy measurements, verifies a temporal logic property. A case
study is discussed, where we investigate the bounded- and unbounded-time safety
of a partly unknown linear time invariant system
Structural Synthesis for GXW Specifications
We define the GXW fragment of linear temporal logic (LTL) as the basis for
synthesizing embedded control software for safety-critical applications. Since
GXW includes the use of a weak-until operator we are able to specify a number
of diverse programmable logic control (PLC) problems, which we have compiled
from industrial training sets. For GXW controller specifications, we develop a
novel approach for synthesizing a set of synchronously communicating
actor-based controllers. This synthesis algorithm proceeds by means of
recursing over the structure of GXW specifications, and generates a set of
dedicated and synchronously communicating sub-controllers according to the
formula structure. In a subsequent step, 2QBF constraint solving identifies and
tries to resolve potential conflicts between individual GXW specifications.
This structural approach to GXW synthesis supports traceability between
requirements and the generated control code as mandated by certification
regimes for safety-critical software. Synthesis for GXW specifications is in
PSPACE compared to 2EXPTIME-completeness of full-fledged LTL synthesis. Indeed
our experimental results suggest that GXW synthesis scales well to
industrial-sized control synthesis problems with 20 input and output ports and
beyond.Comment: The long (including appendix) version being reviewed by CAV'16
program committee. Compared to the submitted version, one author (out of her
wish) is moved to the Acknowledgement. (v2) Corrected typos. (v3) Add an
additional remark over environment assumption and easy corner case
Quantitative Verification: Formal Guarantees for Timeliness, Reliability and Performance
Computerised systems appear in almost all aspects of our daily lives, often in safety-critical scenarios such as embedded control systems in cars and aircraft
or medical devices such as pacemakers and sensors. We are thus increasingly reliant on these systems working correctly, despite often operating in unpredictable or unreliable environments. Designers of such devices need ways to guarantee that they will operate in a reliable and efficient manner.
Quantitative verification is a technique for analysing quantitative aspects of a system's design, such as timeliness, reliability or performance. It applies formal methods, based on a rigorous analysis of a mathematical model of the system, to automatically prove certain precisely specified properties, e.g. ``the airbag will always deploy within 20 milliseconds after a crash'' or ``the probability of both sensors failing simultaneously is less than 0.001''.
The ability to formally guarantee quantitative properties of this kind is beneficial across a wide range of application domains. For example, in safety-critical systems, it may be essential to establish credible bounds on the probability with which certain failures or combinations of failures can occur. In embedded control systems, it is often important to comply with strict constraints on timing or resources. More generally, being able to derive guarantees on precisely specified levels of performance or efficiency is a valuable tool in the design of, for example, wireless networking protocols, robotic systems or power management algorithms, to name but a few.
This report gives a short introduction to quantitative verification, focusing in particular on a widely used technique called model checking, and its generalisation to the analysis of quantitative aspects of a system such as timing, probabilistic behaviour or resource usage.
The intended audience is industrial designers and developers of systems such as those highlighted above who could benefit from the application of quantitative verification,but lack expertise in formal verification or modelling
Global entrainment of transcriptional systems to periodic inputs
This paper addresses the problem of giving conditions for transcriptional
systems to be globally entrained to external periodic inputs. By using
contraction theory, a powerful tool from dynamical systems theory, it is shown
that certain systems driven by external periodic signals have the property that
all solutions converge to a fixed limit cycle. General results are proved, and
the properties are verified in the specific case of some models of
transcriptional systems. The basic mathematical results needed from contraction
theory are proved in the paper, making it self-contained
Automatic Verification Of Linear Controller Software
Many safety-critical cyber-physical systems have a software-based controller at their core. Since the system behavior relies on the operation of the controller, it is imperative to ensure the correctness of the controller to have a high assurance for such systems. Nowadays, controllers are developed in a model-based fashion. Controller models are designed, and their performances are analyzed first at the model level. Once the control design is complete, software implementation is automatically generated from the mathematical model of the controller by a code generator.
To assure the correctness of the controller implementation, it is necessary to check that the code generation is correctly done. Commercial code generators are complex black-box software that are generally not formally verified. Subtle bugs have been found in commercially available code generators that consequently generate incorrect code. In the absence of verified code generators, it is desirable to verify instances of implementations against their original models. Such verification is desired to be performed from the input-output perspective because correct implementations may have different state representations to each other for several possible reasons (e.g., code generator\u27s choice of state representation, optimization used in code generator and code transformation).
In this dissertation, we propose several methods to verify a given controller implementation against its given model from the input-output perspective. First of all, we propose a method to derive assertions from the controller model, and check if the assertions are invariant to the controller implementation via a proposed toolchain based on a popular deductive program verification framework. Moreover, we propose an alternative more scalable method that extracts a model from the controller implementation using the symbolic execution technique, and compare the extracted model to the original controller model using state-of-the-art constraint solvers. Lastly, we extend our latter method to correctly account for the rounding errors in the floating-point computation of the controller implementation. We demonstrate the scalability of our proposed approaches through evaluation with randomly generated controller specifications of realistic size
Bounded Verification with On-the-Fly Discrepancy Computation
Simulation-based verification algorithms can provide formal safety guarantees
for nonlinear and hybrid systems. The previous algorithms rely on user provided
model annotations called discrepancy function, which are crucial for computing
reachtubes from simulations. In this paper, we eliminate this requirement by
presenting an algorithm for computing piece-wise exponential discrepancy
functions. The algorithm relies on computing local convergence or divergence
rates of trajectories along a simulation using a coarse over-approximation of
the reach set and bounding the maximal eigenvalue of the Jacobian over this
over-approximation. The resulting discrepancy function preserves the soundness
and the relative completeness of the verification algorithm. We also provide a
coordinate transformation method to improve the local estimates for the
convergence or divergence rates in practical examples. We extend the method to
get the input-to-state discrepancy of nonlinear dynamical systems which can be
used for compositional analysis. Our experiments show that the approach is
effective in terms of running time for several benchmark problems, scales
reasonably to larger dimensional systems, and compares favorably with respect
to available tools for nonlinear models.Comment: 24 page
Adaptivity in High-Performance Embedded Systems: a Reactive Control Model for Reliable and Flexible Design
International audienceSystem adaptivity is increasingly demanded in high-performance embedded systems, particularly in multimedia System-on-Chip (SoC), due to growing Quality of Service requirements. This paper presents a reactive control model that has been introduced in Gaspard, our framework dedicated to SoC hardware/software co-design. This model aims at expressing adaptivity as well as reconfigurability in systems performing data-intensive computations. It is generic enough to be used for description in the different parts of an embedded system, e.g. specification of how different data-intensive algorithms can be chosen according to some computation modes at the functional level; expression of how hardware components can be selected via the usage of a library of Intellectual Properties (IPs) according to execution performances. The transformation of this model towards synchronous languages is also presented, in order to allow an automatic code generation usable for formal verification, based of techniques such as model checking and controller synthesis as illustrated in the paper. This work, based on Model-Driven Engineering and the standard UML MARTE profile, has been implemented in Gaspard
- …