Pacti: Scaling Assume-Guarantee Reasoning for System Analysis and Design

Contract-based design is a method to facilitate modular system design. While there has been substantial progress on the theory of contracts, there has been less progress on scalable algorithms for the algebraic operations in this theory. In this paper, we present: 1) principles to implement a contract-based design tool at scale and 2) Pacti, a tool that can efficiently compute these operations. We then illustrate the use of Pacti in a variety of case studies

A framework for assessing and improving the resilience of complex engineered systems during the early design process

As modern systems continue to increase in size and complexity, they pose significant safety and risk management challenges. System engineers and much of the government research efforts are focused on understanding the attributes and characteristics that emerge from the interactions of components and subsystems. As a result, the objective of this research is to develop techniques and supporting tools for the verification of the resilience of complex engineered systems during the early design stages. Specifically, this work focuses on automating the verification of safety requirements to ensure designs are safe, automating the analysis of design topology to increase design robustness against internal failures or external attacks, and allocating appropriate level of redundancy into the design to ensure designs are resilient. In distributed complex systems, a single initiating fault can propagate throughout engineering systems uncontrollably, resulting in severely degraded performance or complete failure. This research is motivated by the fact that there is no formal means to verify the safety and resilience properties, and no provision to incorporate related analysis into the design process

Reasoning About the Reliability of Multi-version, Diverse Real-Time Systems

This paper is concerned with the development of reliable real-time systems for use in high integrity applications. It advocates the use of diverse replicated channels, but does not require the dependencies between the channels to be evaluated. Rather it develops and extends the approach of Little wood and Rush by (for general systems) by investigating a two channel system in which one channel, A, is produced to a high level of reliability (i.e. has a very low failure rate), while the other, B, employs various forms of static analysis to sustain an argument that it is perfect (i.e. it will never miss a deadline). The first channel is fully functional, the second contains a more restricted computational model and contains only the critical computations. Potential dependencies between the channels (and their verification) are evaluated in terms of aleatory and epistemic uncertainty. At the aleatory level the events ''A fails" and ''B is imperfect" are independent. Moreover, unlike the general case, independence at the epistemic level is also proposed for common forms of implementation and analysis for real-time systems and their temporal requirements (deadlines). As a result, a systematic approach is advocated that can be applied in a real engineering context to produce highly reliable real-time systems, and to support numerical claims about the level of reliability achieved

The Stanford how things work project

We provide an overview of the Stanford How Things Work (HTW) project, an ongoing integrated collection of research activities in the Knowledge Systems Laboratory at Stanford University. The project is developing technology for representing knowledge about engineered devices in a form that enables the knowledge to be used in multiple systems for multiple reasoning tasks and reasoning methods that enable the represented knowledge to be effectively applied to the performance of the core engineering task of simulating and analyzing device behavior. The central new capabilities currently being developed in the project are automated assistance with model formulation and with verification that a design for an electro-mechanical device satisfies its functional specification