Procedure-modular specification and verification of temporal safety properties

This paper describes ProMoVer, a tool for fully automated procedure-modular verification of Java programs equipped with method-local and global assertions that specify safety properties of sequences of method invocations. Modularity at the procedure-level is a natural instantiation of the modular verification paradigm, where correctness of global properties is relativized on the local properties of the methods rather than on their implementations. Here, it is based on the construction of maximal models for a program model that abstracts away from program data. This approach allows global properties to be verified in the presence of code evolution, multiple method implementations (as arising from software product lines), or even unknown method implementations (as in mobile code for open platforms). ProMoVer automates a typical verification scenario for a previously developed tool set for compositional verification of control flow safety properties, and provides appropriate pre- and post-processing. Both linear-time temporal logic and finite automata are supported as formalisms for expressing local and global safety properties, allowing the user to choose a suitable format for the property at hand. Modularity is exploited by a mechanism for proof reuse that detects and minimizes the verification tasks resulting from changes in the code and the specifications. The verification task is relatively light-weight due to support for abstraction from private methods and automatic extraction of candidate specifications from method implementations. We evaluate the tool on a number of applications from the domains of Java Card and web-based application

Reasoning about history based access control policy using past time operators of interval temporal logic

Interval Temporal Logic (ITL) is a flexible notation for the propositional and first-order logical reasoning about periods of time that exist in specifications of hardware and software systems. ITL is different from other temporal logics since it can deal with both sequential and parallel composition and provides powerful and extensible specification and verification methods for reasoning about properties such as safety, time projection and liveness. Most imperative programming constructs can be seen as ITL formula that form the basis of an executable framework called Tempura that is used for the development and testing of ITL specifications.\\ ITL has only future operators, but the use of past operators make specifications referring to history more succinct; that is, there are classes of properties that can be expressed by means of much shorter formulas. What is more, statements are easier to express (simplicity) when past operators are included. Moreover, using past operators does not increase the complexity of interval temporal logic regarding the formula size and the simplicity. This thesis introduces past time of interval temporal logic where, instead of future time operators Chop, Chopstar, and Skip, we have past operators past Chop, past Chopstar and past Skip. The syntax and semantics of past time ITL are given together with its axiom and proof system. Furthermore, Security Analysis Toolkit for Agents (SANTA) operators such always-followed-by and the strong version of it has been given history based semantics using past time operators. In order to evaluate past time interval temporal logic, the problem of specification, verification of history based access control policies has been selected. This problem has already been solved using future time of interval temporal logic ITL but the drawback is that policy rules are not succinct and simple. However, the use of past time operators of ITL produces simple and succinct policy rules. The verification technique used to proof the safety property of history based access control policies is adapted for past time ITL to show that past time operators of interval temporal logic can specify and verify a security scenario such as history based access control policy

From Uncertainty Data to Robust Policies for Temporal Logic Planning

We consider the problem of synthesizing robust disturbance feedback policies for systems performing complex tasks. We formulate the tasks as linear temporal logic specifications and encode them into an optimization framework via mixed-integer constraints. Both the system dynamics and the specifications are known but affected by uncertainty. The distribution of the uncertainty is unknown, however realizations can be obtained. We introduce a data-driven approach where the constraints are fulfilled for a set of realizations and provide probabilistic generalization guarantees as a function of the number of considered realizations. We use separate chance constraints for the satisfaction of the specification and operational constraints. This allows us to quantify their violation probabilities independently. We compute disturbance feedback policies as solutions of mixed-integer linear or quadratic optimization problems. By using feedback we can exploit information of past realizations and provide feasibility for a wider range of situations compared to static input sequences. We demonstrate the proposed method on two robust motion-planning case studies for autonomous driving

Prescribed Performance Control Guided Policy Improvement for Satisfying Signal Temporal Logic Tasks

Signal temporal logic (STL) provides a user-friendly interface for defining complex tasks for robotic systems. Recent efforts aim at designing control laws or using reinforcement learning methods to find policies which guarantee satisfaction of these tasks. While the former suffer from the trade-off between task specification and computational complexity, the latter encounter difficulties in exploration as the tasks become more complex and challenging to satisfy. This paper proposes to combine the benefits of the two approaches and use an efficient prescribed performance control (PPC) base law to guide exploration within the reinforcement learning algorithm. The potential of the method is demonstrated in a simulated environment through two sample navigational tasks.Comment: This is the extended version of the paper accepted to the 2019 American Control Conference (ACC), Philadelphia (to be published

Formalization and Validation of Safety-Critical Requirements

The validation of requirements is a fundamental step in the development process of safety-critical systems. In safety critical applications such as aerospace, avionics and railways, the use of formal methods is of paramount importance both for requirements and for design validation. Nevertheless, while for the verification of the design, many formal techniques have been conceived and applied, the research on formal methods for requirements validation is not yet mature. The main obstacles are that, on the one hand, the correctness of requirements is not formally defined; on the other hand that the formalization and the validation of the requirements usually demands a strong involvement of domain experts. We report on a methodology and a series of techniques that we developed for the formalization and validation of high-level requirements for safety-critical applications. The main ingredients are a very expressive formal language and automatic satisfiability procedures. The language combines first-order, temporal, and hybrid logic. The satisfiability procedures are based on model checking and satisfiability modulo theory. We applied this technology within an industrial project to the validation of railways requirements

Decentralized Motion Planning with Collision Avoidance for a Team of UAVs under High Level Goals

This paper addresses the motion planning problem for a team of aerial agents under high level goals. We propose a hybrid control strategy that guarantees the accomplishment of each agent's local goal specification, which is given as a temporal logic formula, while guaranteeing inter-agent collision avoidance. In particular, by defining 3-D spheres that bound the agents' volume, we extend previous work on decentralized navigation functions and propose control laws that navigate the agents among predefined regions of interest of the workspace while avoiding collision with each other. This allows us to abstract the motion of the agents as finite transition systems and, by employing standard formal verification techniques, to derive a high-level control algorithm that satisfies the agents' specifications. Simulation and experimental results with quadrotors verify the validity of the proposed method.Comment: Submitted to the IEEE International Conference on Robotics and Automation (ICRA), Singapore, 201

Model-Based Testing of Safety Critical Real-Time Control Logic Software

The paper presents the experience of the authors in model based testing of safety critical real-time control logic software. It describes specifics of the corresponding industrial settings and discusses technical details of usage of UniTESK model based testing technology in these settings. Finally, we discuss possible future directions of safety critical software development processes and a place of model based testing techniques in it.Comment: In Proceedings MBT 2012, arXiv:1202.582