13,623 research outputs found
Safety verification of a fault tolerant reconfigurable autonomous goal-based robotic control system
Fault tolerance and safety verification of control
systems are essential for the success of autonomous robotic
systems. A control architecture called Mission Data System
(MDS), developed at the Jet Propulsion Laboratory, takes
a goal-based control approach. In this paper, a method for
converting goal network control programs into linear hybrid
systems is developed. The linear hybrid system can then be
verified for safety in the presence of failures using existing
symbolic model checkers. An example task is simulated in
MDS and successfully verified using HyTech, a symbolic model
checking software for linear hybrid systems
Desynchronization: Synthesis of asynchronous circuits from synchronous specifications
Asynchronous implementation techniques, which measure logic delays at run time and activate registers accordingly, are inherently more robust than their synchronous counterparts, which estimate worst-case delays at design time, and constrain the clock cycle accordingly. De-synchronization is a new paradigm to automate the design of asynchronous circuits from synchronous specifications, thus permitting widespread adoption of asynchronicity, without requiring special design skills or tools. In this paper, we first of all study different protocols for de-synchronization and formally prove their correctness, using techniques originally developed for distributed deployment of synchronous language specifications. We also provide a taxonomy of existing protocols for asynchronous latch controllers, covering in particular the four-phase handshake protocols devised in the literature for micro-pipelines. We then propose a new controller which exhibits provably maximal concurrency, and analyze the performance of desynchronized circuits with respect to the original synchronous optimized implementation. We finally prove the feasibility and effectiveness of our approach, by showing its application to a set of real designs, including a complete implementation of the DLX microprocessor architectur
Runtime Enforcement for Component-Based Systems
Runtime enforcement is an increasingly popular and effective dynamic
validation technique aiming to ensure the correct runtime behavior (w.r.t. a
formal specification) of systems using a so-called enforcement monitor. In this
paper we introduce runtime enforcement of specifications on component-based
systems (CBS) modeled in the BIP (Behavior, Interaction and Priority)
framework. BIP is a powerful and expressive component-based framework for
formal construction of heterogeneous systems. However, because of BIP
expressiveness, it remains difficult to enforce at design-time complex
behavioral properties.
First we propose a theoretical runtime enforcement framework for CBS where we
delineate a hierarchy of sets of enforceable properties (i.e., properties that
can be enforced) according to the number of observational steps a system is
allowed to deviate from the property (i.e., the notion of k-step
enforceability). To ensure the observational equivalence between the correct
executions of the initial system and the monitored system, we show that i) only
stutter-invariant properties should be enforced on CBS with our monitors, ii)
safety properties are 1-step enforceable. Given an abstract enforcement monitor
(as a finite-state machine) for some 1-step enforceable specification, we
formally instrument (at relevant locations) a given BIP system to integrate the
monitor. At runtime, the monitor observes and automatically avoids any error in
the behavior of the system w.r.t. the specification. Our approach is fully
implemented in an available tool that we used to i) avoid deadlock occurrences
on a dining philosophers benchmark, and ii) ensure the correct placement of
robots on a map.Comment: arXiv admin note: text overlap with arXiv:1109.5505 by other author
Polychronous Interpretation of Synoptic, a Domain Specific Modeling Language for Embedded Flight-Software
The SPaCIFY project, which aims at bringing advances in MDE to the satellite
flight software industry, advocates a top-down approach built on a
domain-specific modeling language named Synoptic. In line with previous
approaches to real-time modeling such as Statecharts and Simulink, Synoptic
features hierarchical decomposition of application and control modules in
synchronous block diagrams and state machines. Its semantics is described in
the polychronous model of computation, which is that of the synchronous
language Signal.Comment: Workshop on Formal Methods for Aerospace (FMA 2009
Reachability under Contextual Locking
The pairwise reachability problem for a multi-threaded program asks, given
control locations in two threads, whether they can be simultaneously reached in
an execution of the program. The problem is important for static analysis and
is used to detect statements that are concurrently enabled. This problem is in
general undecidable even when data is abstracted and when the threads (with
recursion) synchronize only using a finite set of locks. Popular programming
paradigms that limit the lock usage patterns have been identified under which
the pairwise reachability problem becomes decidable. In this paper, we consider
a new natural programming paradigm, called contextual locking, which ties the
lock usage to calling patterns in each thread: we assume that locks are
released in the same context that they were acquired and that every lock
acquired by a thread in a procedure call is released before the procedure
returns. Our main result is that the pairwise reachability problem is
polynomial-time decidable for this new programming paradigm as well. The
problem becomes undecidable if the locks are reentrant; reentrant locking is a
\emph{recursive locking} mechanism which allows a thread in a multi-threaded
program to acquire the reentrant lock multiple times.Comment: A preliminary version appears in TACAS 201
Mechanizing a Process Algebra for Network Protocols
This paper presents the mechanization of a process algebra for Mobile Ad hoc
Networks and Wireless Mesh Networks, and the development of a compositional
framework for proving invariant properties. Mechanizing the core process
algebra in Isabelle/HOL is relatively standard, but its layered structure
necessitates special treatment. The control states of reactive processes, such
as nodes in a network, are modelled by terms of the process algebra. We propose
a technique based on these terms to streamline proofs of inductive invariance.
This is not sufficient, however, to state and prove invariants that relate
states across multiple processes (entire networks). To this end, we propose a
novel compositional technique for lifting global invariants stated at the level
of individual nodes to networks of nodes.Comment: This paper is an extended version of arXiv:1407.3519. The
Isabelle/HOL source files, and a full proof document, are available in the
Archive of Formal Proofs, at http://afp.sourceforge.net/entries/AWN.shtm
Lipschitz Robustness of Finite-state Transducers
We investigate the problem of checking if a finite-state transducer is robust
to uncertainty in its input. Our notion of robustness is based on the analytic
notion of Lipschitz continuity --- a transducer is K-(Lipschitz) robust if the
perturbation in its output is at most K times the perturbation in its input. We
quantify input and output perturbation using similarity functions. We show that
K-robustness is undecidable even for deterministic transducers. We identify a
class of functional transducers, which admits a polynomial time
automata-theoretic decision procedure for K-robustness. This class includes
Mealy machines and functional letter-to-letter transducers. We also study
K-robustness of nondeterministic transducers. Since a nondeterministic
transducer generates a set of output words for each input word, we quantify
output perturbation using set-similarity functions. We show that K-robustness
of nondeterministic transducers is undecidable, even for letter-to-letter
transducers. We identify a class of set-similarity functions which admit
decidable K-robustness of letter-to-letter transducers.Comment: In FSTTCS 201
SystemC Model Generation for Realistic Simulation of Networked Embedded Systems
Verification and design-space exploration of today's embedded systems require the simulation of heterogeneous aspects of the system, i.e., software, hardware, communications. This work shows the use of SystemC to simulate a model-driven specification of the behavior of a networked embedded system together with a complete network scenario consisting of the radio channel, the IEEE 802.15.4 protocol for wireless personal area networks and concurrent traffic sharing the medium. The paper describes the main issues addressed to generate SystemC modules from Matlab/Stateflow descriptions and to integrate them in a complete network scenario. Simulation results on a healthcare wireless sensor network show the validity of the approach
- âŠ