AVACS Automatic Verification and Analysis of Complex Systems

1
AVACS Automatic Verification and Analysis of
Complex Systems
Menue starters 14 selected delicacies from
our International Cuisine Main course 4
specialities
2
R1 Automatic verification of parameterized real
time systems

• Automatic Translation of CSP-OZ-DC specifications
  to Phase-Event Automata
• Constraint-based Semantics of Phase Event
  Automata
• Integration with ARMC constraint-based
  abstraction refinement model-checker
• Joint work OL-SB

3
R2 Scheduling distributed real-time systems

• Allocate task networks to distributed
  architecture, and
• determine scheduling on bus and processor,
• i.e. the worst case run-time of a task network is
  less than its time requirement (End-to-End
  deadline)

• Binary decision variables for allocation
• Scheduling analysis modeled as formulae (over
  integer)

• Successfully applied to systems of up to 45 tasks
  and architectures with more than 8 nodes to
  compute optimal solution
• Supports different paradigms of bus systems
  (time-triggered, event-triggered)
• Joint work of Oldenburg and Saarbrücken
• Publication submitted

4
R2 Automatic identification of Timing Anomalies

• First approach to automatically detect timing
  anamolies
• Demonstrated on a mini processor
• Two functional units, a Tomasulo scheduler
• ADD 4 cycles
• MUL 12 cycles, 3 if an operand is 0
• Query prove that a processor with the MUL
  speed-up disabled cannot overtake
• Can compute maximal diameter of processor model
  needed for detecting timing anamoly
• Bounded Model Checker used
• The counterexample yields the timing anomaly
• Paper being born, expected in March
• Cooperation between Saarbrücken and Freiburg

5
R3 Highlights in Real-Time Verification

• Improved PLC automata checking
• Deriving heuristics from PLC automata and feeding
  this into UPPAAL using the cost-optimisation in
  UPPAAL
• For some examples of our benchmarks derived from
  realistic examples, a speed-up of more than 2
  ordrs of magnitude was achieved
• submitted to FM05
• Integrating automatically derived heuristics in
  UPPAAL
• Using the ignored delete list heuristic for BMC
  of timed automata
• Started cooperation with UPPAAL group
• Dramatic reduction of actual search space (10-20)
  compared with UPPAALs BFS and random DFS
• No significant time-savings yet (due to
  prototypical implementation)
• submitted to CAV05
• Abstraction of Synchronization
• Composition with bounded memory as an
  over-approximation
• Search heuristic accounts for synchronization
  between parallel processes
• Dramatic increase in the number of parallel
  processes that can be model checked in UPPAAL

6
H1 FO-constraint solving approach to hybrid
syst. verification

• Constraint-propagation-based abstraction
  refinement in safety verification of non-linear
  hybr. syst. Ratschan She 2004
• Generates (non-linear) constraints from
  flow-predicates allowing drastic improvements in
  number of abstraction refinement loops by pruning
  non-reachable states
• E.g. non-linear Predator-Prey example proved in
  117 seconds

• Automata-based constraint solving accelerated by
  appropriate decision diagrams
• Tight bounds on automata size for Presburger
  arithmetic Klaedtke 2004
• Provides provably optimal automata constructions
  leading to triple exponential tight bound
• Proves automata-based constraint solving
  competitive

7
H1 Exploiting Robustness in hybrid system
verification

• Lypschitz continuity and linearity on
  non-standard semantics allows safe and scalable
  discrete time underapproaximation of robust dense
  time satisfaction
• Proves decidability of robust validity over
  discrete time

• Robust interpretation of validity of metric-time
  temporal logic Fränzle Hansen 2004/2005
• Based on Nonstandard semantics of DC
  characterizing level of slackness in invalidating
  formula, e.g
• Defines robust satisfaction as being insensitive
  to small perturbations of constants

8
H2 Integrating SAT and LP for BMC of Hybrid
Systems

• Two Accepted Publications (OL and FR)
• Optimized schemes for BMC
• provide encodings of hybrid dynamics tailored for
  lazy theorem proving
• exploit linear, symmetric structure of BMC
  formulas to apply custom-made decision strategies
  and isomorphic replication of learned facts
• Lazy integration of pseudo-Boolean SAT and LP
  plus for solving BMC and IV instances SATLP
  HySAT
• increase of the tractable unwinding depth by
  several orders of magnitude
• successfully applied to models with up to 15
  continuous variables,

9
H2 Tight coupling of BDDs and 0-1 Integer Linear
Programming

• Becker, Behle, Eisenbrand, Wimmer 2004/2005
• uses BDDs for generation of strong generic
  cutting planes for 0-1 ILP
• significantly outperforms CPLEX on hard (though
  up to now small) 0-1 ILP instances

cutting plane
10
H3 Decomposition Theorem for Traffic Collision
Avoidance Protocols
Published at FMCO 03

• Reduce NC verification
• ltC1P1gtltC2P2gt no collision
• Cj hybrid automata representing collision
  avoidance protocol
• Pj differential equations characterizing dynamics
  of traffic agent
• to verification tasks of type
• (A) Off-line analysis of the dynamics of the
  plant assuming worst-cases dynamics
• (B) Mode invariants for C1 C2
• (C) Real-time properties for Cj
• (D) Local safety properties, i.e. hybrid
  verification tasks for Cj Pj

11
H3 Guaranteed Termination in the verification of
discrete time non-linear robust hybrid systems

• Exploits natural concept of robust satisfaction
• Full LTL covers both safety and stability
• Fully Automatic Abstraction Refinement Based
  Approach with guaranteed termination for valid
  LTL requirements
• Submitted, joint between OL and SB

12
H4 Model Checking for Stability Properties of
Linear Hybrid Systems
Extract Constraint Based Representation

• Automatic approach for proving that plant
  dynamics eventually converges to desired region R
  for linear regions and linear hybrid automata
• Submitted for publication, builds on results
  published in
• POPL 2005
• ESOP 2005
• TACAS 2005

Relational composition and widening until
fixpoint is reached
Automatic construction of ranking function for
mode m by linear constraint solving showing
convergence while in m
Show that R is maintained when taking transitions
?
?
13
H4 Automatic Proofs of exponential stability of
linear hybrid systems

• Heuristics for finding partitioning
• Automatic construction of quadratic Lyapunov
  functions to prove exponential stability in
  region
• Derive conditions extending local stability to
  global stability
• Published in RTAS 2005

14
S1 Compositional Approaches to System Verification

• Verification of partial designs
• Partial designs may contain black-box components
• with unknown implementations.
• Is there an implementation that satisfies the
  specification? (Realizability)
• Do all implementations satisfy the specification?
  (Validity)
• Applications
• Accelerated model checking
• (complex parts are hidden as black boxes)
• Early recognition of design errors
• (before the implementation is complete)
• Error localization
• Modular correctness proofs

2
1
3
5
4
6
15
S1 Highlights
Complete design Partial design
time (sec)

• Complete characterization of the system
  architectures for which the verification problem
  is decidable (submitted)
• Exact verification algorithm (sound and complete)
  for the decidable architectures.
• Approximate verification algorithms (sound but
  not complete) for all architectures.
• Different trade-offs between completeness and
  computational cost.

• Pipelined ALU case study
• Nopper/Scholl 2004
• Adder, multiplier, and 75 of the register file
  replaced by black boxes

word width (bits)
16
S2 Specification of Dynamically Communicating
Systems
Development of a Modelling Language for Dynamic
Communicating Systems, like Car Platoons, ETCS,
Ad-hoc Networks,
Submitted to ICALP05
Cooperation OLSB

• Main Features
• Unbounded Number of Processes
• Changing Communication Topology
• Strictly more expressive than
• CSFM Brand, Zafiropulo
• Amenable to Formal Verification
• Applied to Car Platoon Scenario

17
S2 Analysis of DCS

• Automatic finite state abstraction of DCS by
  symmetry reduction and folding
• Journal publication
• Can use shape invariances to increase preciseness
  of abstraction
• First experimental results

• Shape Analysis of DCS
• Automatic Construction of finite abstraction
  sufficiently precise to maintain knowledge on
  roles in DCS and their interrelation
• Allows to automatically proof properties such as
• Maneuvers guarantee shape of Platoons
• There is always a unique leader
• Submitted for publication

18
S3 Formal Analysis of Dependability
Symbolic Fault injection and analysis
ETCS application study
requirement system definition
methodology
VIS (symbolic)
extended Statechart model
joint effort

Model checking question Is the risk to violate
a critical distance margin due to wireless
miss-communication low enough?
GSM-R
19
S3 Formal Analysis of Dependability
First results
ETCS application study

• Consistent model checking results
• via approximative and
• simulation-based checks
• Identification of
• critical verification parameters

MPI and UdS
20
AVACS
Master complexity of analysis problems by
focused combination of powerful va kernel
technologies and focused extension of
verification engines
Verification of Hybrid Systems
Apply divide-and-conquer approach Tackle in
first phase each dimension of complexity in
isolation Establish decomposition results
21
(No Transcript)
22
The AVACS Vision

• To Cover the Model- and Requirement Space of
  Complex Safety Critical Systems
• with Automatic Verification Methods
• Giving Mathematical Evidence
• of Compliance of Models
• To Reliability, Coordination, Control
• and Real-Time Requirements