Design and Verification of Clock Domain Crossing Interfaces

The clock distribution network is an essential component in every synchronous digital system. The design of this network is becoming an increasingly sophisticated and difficult task due to the increasing logic capacity of chips and due to the fact that this network has to reach out to each and every memory element in the chip. Multiclock domain circuits with Clock Domain Crossing (CDC) interfaces are emerging as an alternative to circuits with a global clock. The design of CDC interfaces is a challenging task due to the difficulty of dealing with two possibly unrelated clock domains and the possibility of propagating metastability into the communicating blocks making CDC interfaces difficult to design and verify. In this work, we present a hybrid FIFO-asynchronous method for constructing robust CDC interfaces. This method avoids the shortcomings of previous interfaces and provides reliable transfer of data and control signals between different clock domains. A complete design is proposed, fully implemented using 90nm TSMC CMOS technology, and simulated using SPICE. Extensive simulations confirmed the robustness of the interface at different temperatures, different workloads, and varying frequency ratios. The reported implementation provides a maximum throughput of 606 Mitems/s. Moreover, we also address the challenging task of the verification of CDC interfaces. Most RTL simulation tools available today are incapable of simulating these interfaces. In this thesis, we present a framework for the formal verification of CDC interfaces. The framework explicitly models metastability by taking advantage of the unique features of probabilistic model checking. The framework is applied to common CDC interfaces by verifying them using the PRISM model checker

Towards Real-Time, On-Board, Hardware-Supported Sensor and Software Health Management for Unmanned Aerial Systems

For unmanned aerial systems (UAS) to be successfully deployed and integrated within the national airspace, it is imperative that they possess the capability to effectively complete their missions without compromising the safety of other aircraft, as well as persons and property on the ground. This necessity creates a natural requirement for UAS that can respond to uncertain environmental conditions and emergent failures in real-time, with robustness and resilience close enough to those of manned systems. We introduce a system that meets this requirement with the design of a real-time onboard system health management (SHM) capability to continuously monitor sensors, software, and hardware components. This system can detect and diagnose failures and violations of safety or performance rules during the flight of a UAS. Our approach to SHM is three-pronged, providing: (1) real-time monitoring of sensor and software signals; (2) signal analysis, preprocessing, and advanced on-the-fly temporal and Bayesian probabilistic fault diagnosis; and (3) an unobtrusive, lightweight, read-only, low-power realization using Field Programmable Gate Arrays (FPGAs) that avoids overburdening limited computing resources or costly re-certification of flight software. We call this approach rt-R2U2, a name derived from its requirements. Our implementation provides a novel approach of combining modular building blocks, integrating responsive runtime monitoring of temporal logic system safety requirements with model-based diagnosis and Bayesian network-based probabilistic analysis. We demonstrate this approach using actual flight data from the NASA Swift UAS

Modelling and analyzing adaptive self-assembling strategies with Maude

Building adaptive systems with predictable emergent behavior is a challenging task and it is becoming a critical need. The research community has accepted the challenge by introducing approaches of various nature: from software architectures, to programming paradigms, to analysis techniques. We recently proposed a conceptual framework for adaptation centered around the role of control data. In this paper we show that it can be naturally realized in a reflective logical language like Maude by using the Reflective Russian Dolls model. Moreover, we exploit this model to specify, validate and analyse a prominent example of adaptive system: robot swarms equipped with self-assembly strategies. The analysis exploits the statistical model checker PVeStA

Towards Real-time, On-board, Hardware-Supported Sensor and Software Health Management for Unmanned Aerial Systems

Unmanned aerial systems (UASs) can only be deployed if they can effectively complete their missions and respond to failures and uncertain environmental conditions while maintaining safety with respect to other aircraft as well as humans and property on the ground. In this paper, we design a real-time, on-board system health management (SHM) capability to continuously monitor sensors, software, and hardware components for detection and diagnosis of failures and violations of safety or performance rules during the flight of a UAS. Our approach to SHM is three-pronged, providing: (1) real-time monitoring of sensor and/or software signals; (2) signal analysis, preprocessing, and advanced on the- fly temporal and Bayesian probabilistic fault diagnosis; (3) an unobtrusive, lightweight, read-only, low-power realization using Field Programmable Gate Arrays (FPGAs) that avoids overburdening limited computing resources or costly re-certification of flight software due to instrumentation. Our implementation provides a novel approach of combining modular building blocks, integrating responsive runtime monitoring of temporal logic system safety requirements with model-based diagnosis and Bayesian network-based probabilistic analysis. We demonstrate this approach using actual data from the NASA Swift UAS, an experimental all-electric aircraft

R2U2: Tool Overview

R2U2 (Realizable, Responsive, Unobtrusive Unit) is an extensible framework for runtime System HealthManagement (SHM) of cyber-physical systems. R2U2 can be run in hardware (e.g., FPGAs), or software; can monitorhardware, software, or a combination of the two; and can analyze a range of different types of system requirementsduring runtime. An R2U2 requirement is specified utilizing a hierarchical combination of building blocks: temporal formula runtime observers (in LTL or MTL), Bayesian networks, sensor filters, and Boolean testers. Importantly, the framework is extensible; it is designed to enable definitions of new building blocks in combination with the core structure. Originally deployed on Unmanned Aerial Systems (UAS), R2U2 is designed to run on a wide range of embedded platforms, from autonomous systems like rovers, satellites, and robots, to human-assistive ground systems and cockpits. R2U2 is named after the requirements it satisfies; while the exact requirements vary by platform and mission, the ability to formally reason about realizability, responsiveness, and unobtrusiveness is necessary for flight certifiability, safety-critical system assurance, and achievement of technology readiness levels for target systems. Realizability ensures that R2U2 is suficiently expressive to encapsulate meaningful runtime requirements while maintaining adaptability to run on different platforms, transition between different mission stages, and update quickly between missions. Responsiveness entails continuously monitoring the system under test, real-time reasoning, reporting intermediate status, and as-early-as-possible requirements evaluations. Unobtrusiveness ensures compliance with the crucial properties of the target architecture: functionality, certifiability, timing, tolerances, cost, or other constraints

Macdonald processes, quantum integrable systems and the Kardar-Parisi-Zhang universality class

Integrable probability has emerged as an active area of research at the interface of probability/mathematical physics/statistical mechanics on the one hand, and representation theory/integrable systems on the other. Informally, integrable probabilistic systems have two properties: 1) It is possible to write down concise and exact formulas for expectations of a variety of interesting observables (or functions) of the system. 2) Asymptotics of the system and associated exact formulas provide access to exact descriptions of the properties and statistics of large universality classes and universal scaling limits for disordered systems. We focus here on examples of integrable probabilistic systems related to the Kardar-Parisi-Zhang (KPZ) universality class and explain how their integrability stems from connections with symmetric function theory and quantum integrable systems.Comment: Proceedings of the ICM, 31 pages, 10 figure

Modeling and Analysis of Mixed Synchronous/Asynchronous Systems

Practical safety-critical distributed systems must integrate safety critical and non-critical data in a common platform. Safety critical systems almost always consist of isochronous components that have synchronous or asynchronous interface with other components. Many of these systems also support a mix of synchronous and asynchronous interfaces. This report presents a study on the modeling and analysis of asynchronous, synchronous, and mixed synchronous/asynchronous systems. We build on the SAE Architecture Analysis and Design Language (AADL) to capture architectures for analysis. We present preliminary work targeted to capture mixed low- and high-criticality data, as well as real-time properties in a common Model of Computation (MoC). An abstract, but representative, test specimen system was created as the system to be modeled

Agents and Robots for Reliable Engineered Autonomy

This book contains the contributions of the Special Issue entitled "Agents and Robots for Reliable Engineered Autonomy". The Special Issue was based on the successful first edition of the "Workshop on Agents and Robots for reliable Engineered Autonomy" (AREA 2020), co-located with the 24th European Conference on Artificial Intelligence (ECAI 2020). The aim was to bring together researchers from autonomous agents, as well as software engineering and robotics communities, as combining knowledge from these three research areas may lead to innovative approaches that solve complex problems related to the verification and validation of autonomous robotic systems

Learning and testing stochastic discrete event

Dissertação de mestrado em Engenharia de InformáticaSistemas de eventos discretos (DES) são uma importante subclasse de sistemas (à luz da teoria dos sistemas). Estes têm sido usados, particularmente na indústria para analisar e modelar um vasto conjunto de sistemas reais, tais como, sistemas de produção, sistemas de computador, sistemas de controlo de tráfego e sistemas híbridos. O nosso trabalho explora uma extensão de DES com ênfase nos processos estocásticos, comummente chamado como sistemas de eventos discretos estocásticos (SDES). Existe assim a necessidade de estabelecer uma abstração estocástica através do uso de processos semi-Markovianos generalizados (GSMP) para SDES. Assim, o objetivo do nosso trabalho é propor uma metodologia e um conjunto de algoritmos para aprendizagem de GSMP, usar técnicas de model-checking estatístico para a verificação e propor duas novas abordagens para teste de DES e SDES (respetivamente, não estocasticamente e estocasticamente). Este trabalho também introduz uma noção de modelação, analise e verificação de sistemas contínuos e modelos de perturbação no contexto da verificação por model-checking estatístico.Discrete event systems (DES) are an important subclass of systems (in systems theory). They have been used, particularly in industry, to analyze and model a wide variety of real systems, such as production systems, computer systems, traffic systems, and hybrid systems. Our work explores an extension of DES with an emphasis on stochastic processes, commonly called stochastic discrete event systems (SDES). There was a need to establish a stochastic abstraction for SDES through generalized semi-Markov processes (GSMP). Thus, the aim of our work is to propose a methodology and a set of algorithms for GSMP learning, using model checking techniques for verification, and to propose two new approaches for testing DES and SDES (non-stochastically and stochastically). This work also introduces a notion of modeling, analysis, and verification of continuous systems and disturbance models in the context of verifiable statistical model checking