1 / 20

AVACS Automatic Verification and Analysis of Complex Systems

ALBERT-LUDWIGS-. UNIVERSITÄT FREIBURG. Menue starters 14 selected delicacies from our International Cuisine Main course 4 specialities. AVACS Automatic Verification and Analysis of Complex Systems. Automatic Translation of CSP-OZ-DC specifications to Phase-Event Automata

judah
Download Presentation

AVACS Automatic Verification and Analysis of Complex Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. ALBERT-LUDWIGS- UNIVERSITÄT FREIBURG Menue starters 14 selected delicacies from our International Cuisine Main course 4 specialities AVACS Automatic Verification and Analysis of Complex Systems

  2. Automatic Translation of CSP-OZ-DC specifications to Phase-Event Automata Constraint-based Semantics of Phase Event Automata Integration with ARMC constraint-based abstraction refinement model-checker Joint work OL-SB CSP Parametetrized Object Z Duration Calculus Real-Time R1 Automatic verification of parameterized real time systems AVACS GVD Survey

  3. Allocate task networks to distributed architecture, and determine scheduling on bus and processor, i.e. the worst case run-time of a task network is less than its time requirement (End-to-End deadline) Successfully applied to systems of up to 45 tasks and architectures with more than 8 nodes to compute optimal solution Supports different paradigms of bus systems (time-triggered, event-triggered) Joint work of Oldenburg and Saarbrücken Publication submitted tDE2E FlexRay 1 CAN CAN 2 MILP 3 SAT t Branch and Bound search Reduction of integer arithmetic Cutting planes Binary search based calling Rounding heuristics R2: Scheduling distributed real-time systems • Binary decision variables for allocation • Scheduling analysis modeled as formulae (over integer) AVACS GVD Survey

  4. Thomas Lundqvist Per Stenström Timing Anomalies in Dynamically Scheduled Microprocessors R2: Automatic identification of Timing Anomalies • First approach to automatically detect timing anamolies • Demonstrated on a mini processor • Two functional units, a Tomasulo scheduler • ADD: 4 cycles • MUL: 12 cycles, 3 if an operand is 0 • Query: prove that a processor with the MUL speed-up disabled cannot overtake • Can compute maximal diameter of processor model needed for detecting timing anamoly • Bounded Model Checker used • The counterexample yields the timing anomaly • Paper being born, expected in March • Cooperation between Saarbrücken and Freiburg AVACS GVD Survey

  5. R3: Highlights in Real-Time Verification Improved PLC automata checking • Deriving heuristics from PLC automata and feeding this into UPPAAL using the cost-optimisation in UPPAAL • For some examples of our benchmarks derived from realistic examples, a speed-up of more than 2 ordrs of magnitude was achieved • submitted to FM05 Integrating automatically derived heuristics in UPPAAL • Using the “ignored delete list” heuristic for BMC of timed automata • Started cooperation with UPPAAL group • Dramatic reduction of actual search space (10-20) compared with UPPAALs BFS and random DFS • No significant time-savings yet (due to prototypical implementation) • submitted to CAV05 Abstraction of Synchronization • Composition with bounded memory as an over-approximation • Search heuristic accounts for synchronization between parallel processes • Dramatic increase in the number of parallel processes that can be model checked in UPPAAL

  6. Automata-based constraint solving accelerated by appropriate decision diagrams Tight bounds on automata size for Presburger arithmetic[Klaedtke 2004] Provides provably optimal automata constructions leading to triple exponential tight bound Proves automata-based constraint solving competitive Constraint-propagation-based abstraction refinement in safety verification of non-linear hybr. syst.[Ratschan & She 2004] Generates (non-linear) constraints from flow-predicates allowing drastic improvements in number of abstraction refinement loops by pruning non-reachable states E.g. non-linear Predator-Prey example proved in 117 seconds H1: FO-constraint solving approach to hybrid syst. verification AVACS GVD Survey

  7. Robust interpretation of validity of metric-time temporal logic [Fränzle & Hansen 2004/2005] Based on Nonstandard semantics of DC characterizing level of slackness in invalidating formula, e.g Defines robust satisfaction as being insensitive to small perturbations of constants Lypschitz continuity and linearity on non-standard semantics allows safe and scalable discrete time underapproaximation of robust dense time satisfaction Proves decidability of robust validity over discrete time H1: Exploiting Robustness in hybrid system verification AVACS GVD Survey

  8. H2: Integrating SAT and LP for BMC of Hybrid Systems Two Accepted Publications (OL and FR) • Optimized schemes for BMC • provide encodings of hybrid dynamics tailored for lazy theorem proving • exploit linear, symmetric structure of BMC formulas to apply custom-made decision strategies and isomorphic replication of learned facts • Lazy integration of pseudo-Boolean SAT and LP plus for solving BMC and IV instances: SAT+LP = HySAT • increase of the tractable unwinding depth by several orders of magnitude • successfully applied to models with up to 15 continuous variables,

  9. H3: Decomposition Theorem for Traffic Collision Avoidance Protocols • Published at FMCO 03 Reduce NC verification <C1||P1>||<C2||P2> |= “no collision” • Cj hybrid automata representing collision avoidance protocol • Pj differential equations characterizing dynamics of traffic agent to verification tasks of type (A) Off-line analysis of the dynamics of the plant assuming worst-cases dynamics (B) Mode invariants for C1|| C2 (C) Real-time properties for Cj (D) Local safety properties, i.e. hybrid verification tasks for Cj ||Pj

  10. H3: Guaranteed Termination in the verification of discrete time non-linear robust hybrid systems • Exploits natural concept of “robust satisfaction” • Full LTL: covers both safety and stability • Fully Automatic Abstraction Refinement Based Approach with guaranteed termination for valid LTL requirements • Submitted, joint between OL and SB AVACS GVD Survey

  11. Automatic approach for proving that plant dynamics eventually converges to desired region R for linear regions and linear hybrid automata Submitted for publication, builds on results published in POPL 2005 ESOP 2005 TACAS 2005 H4: Model Checking for Stability Properties of Linear Hybrid Systems Extract Constraint Based Representation Relational composition and widening until fixpoint is reached Automatic construction of ranking function for mode m by linear constraint solving showing convergence while in m Show that R is maintained when taking transitions  

  12. Heuristics for finding partitioning Automatic construction of quadratic Lyapunov functions to prove exponential stability in region Derive conditions extending local stability to global stability Published in RTAS 2005 H4: Automatic Proofs of exponential stability of linear hybrid systems

  13. S1 Compositional Approaches to System Verification Verification of partial designs Partial designs may contain black-box components with unknown implementations. Is there an implementation that satisfies the specification? (Realizability) Do all implementations satisfy the specification? (Validity) Applications • Accelerated model checking (complex parts are hidden as black boxes) • Early recognition of design errors (before the implementation is complete) • Error localization • Modular correctness proofs 3 1 2 4 5 6 AVACS GVD Survey

  14. Complete characterization of the system architectures for which the verification problem is decidable (submitted) Exact verification algorithm (sound and complete) for the decidable architectures. Approximate verification algorithms (sound but not complete) for all architectures. Different trade-offs between completeness and computational cost. S1 Highlights Complete design Partial design time (sec) Pipelined ALU case study [Nopper/Scholl 2004] Adder, multiplier, and 75% of the register file replaced by black boxes AVACS GVD Survey word width (bits)

  15. S2: Specification of Dynamically Communicating Systems Development of a Modelling Language for Dynamic Communicating Systems, like Car Platoons, ETCS, Ad-hoc Networks,… Submitted to ICALP’05 Cooperation OL+SB • Main Features: • Unbounded Number of Processes • Changing Communication Topology • Strictly more expressive than • CSFM [Brand, Zafiropulo] • Amenable to Formal Verification • Applied to Car Platoon Scenario AVACS GVD Survey

  16. Shape Analysis of DCS Automatic Construction of finite abstraction sufficiently precise to maintain knowledge on roles in DCS and their interrelation Allows to automatically proof properties such as Maneuvers guarantee shape of Platoons There is always a unique leader Submitted for publication Automatic finite state abstraction of DCS by symmetry reduction and folding Journal publication Can use shape invariances to increase preciseness of abstraction First experimental results abstraction It is never the case that two cars, that are in the follower mode, consider each other to be each other's leader. S2: Analysis of DCS

  17. S3: Formal Analysis of Dependability ETCS application study Symbolic Fault injection and analysis requirement & system definition methodology VIS (symbolic) extended Statechart model joint effort Model checking question: Is the risk to violate a critical distance margin due to wireless miss-communication low enough? GSM-R

  18. prototypical Tool Chain OL Statemate++ VIS (symbolic) symbolic stochastic branching minimizer joint effort FR UdS prototype model checker (symbolic state) ETMCC model checker (explicit state) S3: Formal Analysis of DependabilityFirst results ETCS application study • Consistent model checking results • via approximative and • simulation-based checks • Identification of • critical verification parameters MPI and UdS

  19. Complete System Verification AVACS Knowledge Layers Complex Systems Future European Train Systems Standard ERTMS/ETCS Level 3 Models of Complex Systems real-time – hybrid –distributed system architectures Verification of RT Systems Combining V&A Technology ( x1&x2& …xn for s )* xj  v&a kernel technologies, s  systems ALBERT-LUDWIGS- UNIVERSITÄT FREIBURG V&A Kernel Technologies Abstraction – BDDs – Constraint Solving – Heuristic Search – Integer Linear Programming – Model Checking – Lyapunov Method – SAT Solver – Decision Procedures Master complexity of analysis problems by focused combination of powerful v&a kernel technologies and focused extension of verification engines AVACS Verification of Hybrid Systems • Apply divide-and-conquer approach: • Tackle in first phase each dimension of complexity in isolation • Establish decomposition results

  20. The AVACS Vision To Cover the Model- and Requirement Space of Complex Safety Critical Systems with Automatic Verification Methods Giving Mathematical Evidence of Compliance of Models To Reliability, Coordination, Control and Real-Time Requirements AVACS GVD Survey

More Related