246 research outputs found
Formal Analysis for Embedded Real-Time Systems
International audienceTimed systems are notoriously hard to de-bug and to verify because the continuous nature of time allows vast numbers of different behaviors; embedded systems must often deal with faults, and these introduce another dimension of complexity. Simulation and testing provide little assurance in these domains because they can visit only a small fraction of the possible behaviors. Formal methods of analysis have some promise, but until recently they could deal only with one dimension at a time: classical model checking could cope with faults but could not model continuous time; model checkers for timed automata could deal with continuous time but not the "case ex-plosion" due to faults. Recently, a new class of "infinite bounded" model checkers has been developed; these show promise that they can cope simultaneously with both continuous time and discrete faults
A Decidable Timeout based Extension of Propositional Linear Temporal Logic
We develop a timeout based extension of propositional linear temporal logic
(which we call TLTL) to specify timing properties of timeout based models of
real time systems. TLTL formulas explicitly refer to a running global clock
together with static timing variables as well as a dynamic variable abstracting
the timeout behavior. We extend LTL with the capability to express timeout
constraints. From the expressiveness view point, TLTL is not comparable with
important known clock based real-time logics including TPTL, XCTL, and MTL,
i.e., TLTL can specify certain properties, which cannot be specified in these
logics (also vice-versa). We define a corresponding timeout tableau for
satisfiability checking of the TLTL formulas. Also a model checking algorithm
over timeout Kripke structure is presented. Further we prove that the validity
checking for such an extended logic remains PSPACE-complete even in the
presence of timeout constraints and infinite state models. Under discrete time
semantics, with bounded timeout increments, the model-checking problem that if
a TLTL-formula holds in a timeout Kripke structure is also PSPACE complete. We
further prove that when TLTL is interpreted over discrete time, it can be
embedded in the monadic second order logic with time, and when TLTL is
interpreted over dense time without the condition of non-zenoness, the
resulting logic becomes -complete
SOTER: A Runtime Assurance Framework for Programming Safe Robotics Systems
The recent drive towards achieving greater autonomy and intelligence in
robotics has led to high levels of complexity. Autonomous robots increasingly
depend on third party off-the-shelf components and complex machine-learning
techniques. This trend makes it challenging to provide strong design-time
certification of correct operation.
To address these challenges, we present SOTER, a robotics programming
framework with two key components: (1) a programming language for implementing
and testing high-level reactive robotics software and (2) an integrated runtime
assurance (RTA) system that helps enable the use of uncertified components,
while still providing safety guarantees. SOTER provides language primitives to
declaratively construct a RTA module consisting of an advanced,
high-performance controller (uncertified), a safe, lower-performance controller
(certified), and the desired safety specification. The framework provides a
formal guarantee that a well-formed RTA module always satisfies the safety
specification, without completely sacrificing performance by using higher
performance uncertified components whenever safe. SOTER allows the complex
robotics software stack to be constructed as a composition of RTA modules,
where each uncertified component is protected using a RTA module.
To demonstrate the efficacy of our framework, we consider a real-world
case-study of building a safe drone surveillance system. Our experiments both
in simulation and on actual drones show that the SOTER-enabled RTA ensures the
safety of the system, including when untrusted third-party components have bugs
or deviate from the desired behavior
Integrated Formal Analysis of Timed-Triggered Ethernet
We present new results related to the verification of the Timed-Triggered Ethernet (TTE) clock synchronization protocol. This work extends previous verification of TTE based on model checking. We identify a suboptimal design choice in a compression function used in clock synchronization, and propose an improvement. We compare the original design and the improved definition using the SAL model checker
From Absolute-Timer to Relative-Countdown: Patterns for Model-Checking
Many specialised formal methods exist for specifying and verifying real-time systems. We propose extending a traditional method in order to model time with a pattern. In order to carry out verification by model-checking, we demonstrate a new instance of a pattern for real-time modelling. The former pattern is useful to carry out verification by theorem proving. The equivalence with the previous version is studied, and interesting properties for model-checking are reviewed. Finally we report on an experimental case-study
Modeling Time in Computing: A Taxonomy and a Comparative Survey
The increasing relevance of areas such as real-time and embedded systems,
pervasive computing, hybrid systems control, and biological and social systems
modeling is bringing a growing attention to the temporal aspects of computing,
not only in the computer science domain, but also in more traditional fields of
engineering.
This article surveys various approaches to the formal modeling and analysis
of the temporal features of computer-based systems, with a level of detail that
is suitable also for non-specialists. In doing so, it provides a unifying
framework, rather than just a comprehensive list of formalisms.
The paper first lays out some key dimensions along which the various
formalisms can be evaluated and compared. Then, a significant sample of
formalisms for time modeling in computing are presented and discussed according
to these dimensions. The adopted perspective is, to some extent, historical,
going from "traditional" models and formalisms to more modern ones.Comment: More typos fixe
Proved Development of the Real-Time Properties of the IEEE 1394 Root Contention Protocol with the Event B Method
International audienceWe present a model of the IEEE 1394 Root Contention Protocol with a proof of Safety. This model has real-time properties which are expressed in the language of the event B method: first-order classical logic and set theory. Verification is done by proof using the event B method and its prover, we also have a way to model-check models. Refinement is used to describe the studied system at different levels of abstraction: first without time to fix the scheduling of events abstracly, and then with more and more time constraints
A Methodology for Evaluating Artifacts Produced by a Formal Verification Process
The goal of this study is to produce a methodology for evaluating the claims and arguments employed in, and the evidence produced by formal verification activities. To illustrate the process, we conduct a full assessment of a representative case study for the Enabling Technology Development and Demonstration (ETDD) program. We assess the model checking and satisfiabilty solving techniques as applied to a suite of abstract models of fault tolerant algorithms which were selected to be deployed in Orion, namely the TTEthernet startup services specified and verified in the Symbolic Analysis Laboratory (SAL) by TTTech. To this end, we introduce the Modeling and Verification Evaluation Score (MVES), a metric that is intended to estimate the amount of trust that can be placed on the evidence that is obtained. The results of the evaluation process and the MVES can then be used by non-experts and evaluators in assessing the credibility of the verification results
- …