Anytime system level verification via parallel random exhaustive hardware in the loop simulation

System level verification of cyber-physical systems has the goal of verifying that the whole (i.e., software + hardware) system meets the given specifications. Model checkers for hybrid systems cannot handle system level verification of actual systems. Thus, Hardware In the Loop Simulation (HILS) is currently the main workhorse for system level verification. By using model checking driven exhaustive HILS, System Level Formal Verification (SLFV) can be effectively carried out for actual systems. We present a parallel random exhaustive HILS based model checker for hybrid systems that, by simulating all operational scenarios exactly once in a uniform random order, is able to provide, at any time during the verification process, an upper bound to the probability that the System Under Verification exhibits an error in a yet-to-be-simulated scenario (Omission Probability). We show effectiveness of the proposed approach by presenting experimental results on SLFV of the Inverted Pendulum on a Cart and the Fuel Control System examples in the Simulink distribution. To the best of our knowledge, no previously published model checker can exhaustively verify hybrid systems of such a size and provide at any time an upper bound to the Omission Probability

On Model Based Synthesis of Embedded Control Software

Many Embedded Systems are indeed Software Based Control Systems (SBCSs), that is control systems whose controller consists of control software running on a microcontroller device. This motivates investigation on Formal Model Based Design approaches for control software. Given the formal model of a plant as a Discrete Time Linear Hybrid System and the implementation specifications (that is, number of bits in the Analog-to-Digital (AD) conversion) correct-by-construction control software can be automatically generated from System Level Formal Specifications of the closed loop system (that is, safety and liveness requirements), by computing a suitable finite abstraction of the plant. With respect to given implementation specifications, the automatically generated code implements a time optimal control strategy (in terms of set-up time), has a Worst Case Execution Time linear in the number of AD bits $b$, but unfortunately, its size grows exponentially with respect to $b$. In many embedded systems, there are severe restrictions on the computational resources (such as memory or computational power) available to microcontroller devices. This paper addresses model based synthesis of control software by trading system level non-functional requirements (such us optimal set-up time, ripple) with software non-functional requirements (its footprint). Our experimental results show the effectiveness of our approach: for the inverted pendulum benchmark, by using a quantization schema with 12 bits, the size of the small controller is less than 6% of the size of the time optimal one.Comment: Accepted for publication by EMSOFT 2012. arXiv admin note: substantial text overlap with arXiv:1107.5638,arXiv:1207.409

Simulator Semantics for System Level Formal Verification

Many simulation based Bounded Model Checking approaches to System Level Formal Verification (SLFV) have been devised. Typically such approaches exploit the capability of simulators to save computation time by saving and restoring the state of the system under simulation. However, even though such approaches aim to (bounded) formal verification, as a matter of fact, the simulator behaviour is not formally modelled and the proof of correctness of the proposed approaches basically relies on the intuitive notion of simulator behaviour. This gap makes it hard to check if the optimisations introduced to speed up the simulation do not actually omit checking relevant behaviours of the system under verification. The aim of this paper is to fill the above gap by presenting a formal semantics for simulators.Comment: In Proceedings GandALF 2015, arXiv:1509.0685

On minimising the maximum expected verification time

Cyber Physical Systems (CPSs) consist of hardware and software components. To verify that the whole (i.e., software + hardware) system meets the given specifications, exhaustive simulation-based approaches (Hardware In the Loop Simulation, HILS) can be effectively used by first generating all relevant simulation scenarios (i.e., sequences of disturbances) and then actually simulating all of them (verification phase). When considering the whole verification activity, we see that the above mentioned verification phase is repeated until no error is found. Accordingly, in order to minimise the time taken by the whole verification activity, in each verification phase we should, ideally, start by simulating scenarios witnessing errors (counterexamples). Of course, to know beforehand the set of such scenarios is not feasible. In this paper we show how to select scenarios so as to minimise the Worst Case Expected Verification Tim

Religion and Migration in Africa and the African Diaspora

Reflections on migration and religion at a time when migration remains a controversial political issue, whether it concerns disagreements in the US senate over financing President Trump’s proposed wall at the US-Mexico border, the continuing influx of refugees from Africa and the Middle East into Europe, or xenophobia towards African migrants in South Africa and the Royinga in Myanmar. Consequently, continously changing trajectories, net-works and caravans of migration are produced, as a result of peoples differing needs and desires for movement and settlement.Those who have worked in the field of migration know that the migration of people has been a sustained phenomenon that has shaped the ma-king of societies, it has fractured hegemonies and ultimately produced diverse diasporas. This was evident in the works Stuart Hall, Paul Gilroy and Jamaica Kincaid as they have reflected on the fortunes and hardships of the windrush generation in the United Kingdom. Similarly, their predecessors Frantz Fanon, James Baldwin, Aime Cesaire, and Sol Plaatjie wrote widely about the social condition of being black in the world through narratives of migration, where they variously came to confront themselves of the objects of terror, curiosity and the exotic – all tropes that operate to deny black subjectivity. Thus we take as a starting point that transnational migration has significantly shaped the political and intellectual labour has of people of colour

Quantized Feedback Control Software Synthesis from System Level Formal Specifications for Buck DC/DC Converters

Many Embedded Systems are indeed Software Based Control Systems (SBCSs), that is control systems whose controller consists of control software running on a microcontroller device. This motivates investigation on Formal Model Based Design approaches for automatic synthesis of SBCS control software. In previous works we presented an algorithm, along with a tool QKS implementing it, that from a formal model (as a Discrete Time Linear Hybrid System, DTLHS) of the controlled system (plant), implementation specifications (that is, number of bits in the Analog-to-Digital, AD, conversion) and System Level Formal Specifications (that is, safety and liveness requirements for the closed loop system) returns correct-by-construction control software that has a Worst Case Execution Time (WCET) linear in the number of AD bits and meets the given specifications. In this technical report we present full experimental results on using it to synthesize control software for two versions of buck DC-DC converters (single-input and multi-input), a widely used mixed-mode analog circuit.Comment: arXiv admin note: text overlap with arXiv:1107.563

Model Based Synthesis of Control Software from System Level Formal Specifications

Many Embedded Systems are indeed Software Based Control Systems, that is control systems whose controller consists of control software running on a microcontroller device. This motivates investigation on Formal Model Based Design approaches for automatic synthesis of embedded systems control software. We present an algorithm, along with a tool QKS implementing it, that from a formal model (as a Discrete Time Linear Hybrid System) of the controlled system (plant), implementation specifications (that is, number of bits in the Analog-to-Digital, AD, conversion) and System Level Formal Specifications (that is, safety and liveness requirements for the closed loop system) returns correct-by-construction control software that has a Worst Case Execution Time (WCET) linear in the number of AD bits and meets the given specifications. We show feasibility of our approach by presenting experimental results on using it to synthesize control software for a buck DC-DC converter, a widely used mixed-mode analog circuit, and for the inverted pendulum.Comment: Accepted for publication by ACM Transactions on Software Engineering and Methodology (TOSEM

User flexibility aware price policy synthesis for smart grids

In order to optimally manage a modern electricity distribution network, peaks in residential users demand should be avoided, as this can reduce energy and network asset management costs. Furthermore, this must be done without compressing residential users demand. To this aim, in a demand response setting, residential users are given a price policy, which economically motivates them to shift their loads in order to achieve this goal. However, if the price policy for all users is similar, this demand response may result in simply shifting the demand peaks (peak rebound), leaving the problem unsolved. In this paper we propose a novel methodology which i) for each network substation s, automatically computes the desired power profile to be kept in order to optimally manage the network itself, ii) for each network substation s, automatically synthesizes individualized price policies for residential users connected to s, so that s is kept at the desired profile. Note that price policies individualization avoids the peak rebound problem, as different users have different low tariff areas. Furthermore, our methodology measures the flexibility of a residential user as the capacity needed by a home energy storage system (e.g., a battery) to always follow the given price policy, thus mitigating residential users discomfort. We show the feasibility of our approach on a realistic scenario taken from an existing medium voltage Danish distribution network

Parallel statistical model checking for safety verification in smart grids

By using small computing devices deployed at user premises, Autonomous Demand Response (ADR) adapts users electricity consumption to given time-dependent electricity tariffs. This allows end-users to save on their electricity bill and Distribution System Operators to optimise (through suitable time-dependent tariffs) management of the electric grid by avoiding demand peaks. Unfortunately, even with ADR, users power consumption may deviate from the expected (minimum cost) one, e.g., because ADR devices fail to correctly forecast energy needs at user premises. As a result, the aggregated power demand may present undesirable peaks. In this paper we address such a problem by presenting methods and a software tool (APD-Analyser) implementing them, enabling Distribution System Operators to effectively verify that a given time-dependent electricity tariff achieves the desired goals even when end-users deviate from their expected behaviour. We show feasibility of the proposed approach through a realistic scenario from a medium voltage Danish distribution network