AVACS Automatic Verification and Analysis of Complex Systems

Transcription

1 AVACS Automatic Verification and Analysis of Complex s Werner Damm AVACS coordinator

2 of Presentation The AVACS Vision Highlights of Phase II 2

3 Complex s Copyright Prevent Project 3 Source: Aramis Project

4 The Application Context Complex Embedded s are key enablers for safe flight and safe ground transportation Exponential growth in system complexity is a challenge for quality assurance AVACS contributes to meeting forthcoming requirements of pertinent safety standards on use of formal analysis methods Methods and tools cover large class of cyber physical systems seen to be highly relevant for addressing societal challenges (health, security, green mobility, ) 4

5 Scalability Evolution Processor Alternating deterministic Existence of winning Safety Depth Safety In The AVACS model- and requirement space

6 The AVACS Vision To Cover the Model- and Requirement Space of Complex Safety Critical s with Automatic Verification Methods Giving Mathematical Evidence of Compliance of Models To Dependability, Coordination, Control and Real-Time Requirements 6

7 Research Areas R Real-Time H Hybrid 7 S Coarse Grain

8 Analysis of Extremely Large State Spaces Heuristic Planning SAT, BDD, AIG Directed Model Checking Abstraction Bernd Becker Bernhard Nebel Andreas Podelski Christoph Scholl Ernst Althaus Bernd Finkbeiner Sebastian Hack Holger Herrmanns Jan Reinecke Sites and PIs - ALBERT-LUDWIGS Viorica Sofrie-Stokkermanns Uwe Waldmann Christoph Weidenbach Reinhard Wilhelm Verena Wolf Three funding periods à 4 years funding third period ,6 Mill Euro s & Models Domain Expertise Specification and verification of aembedded systems Control, Real-Time, Hybrid SAT(T) + MPI Werner Damm Martin Fränzle Ernst-Rüdiger Olderog Oliver Theel Algorithmic Aspects Decision Procedures Constraint solving ILP model checking Abstract Interpretation Shape Analysis

9 Project PA Z 18 Principal Investigators Beyond Timed Automata Timing Analysis, Scheduling and Distribution of Real-Time Tasks Heuristic Search & Abstract Model Checking for Real Time Tasks Constraint Based Verification For Hybrid s Automated Verification of Cooperating Traffic Agents Automatic Verification of Hybrid Compositional Approaches to Verification Communication s Verification of Dependability R1 ERO R2 RW R3 BN H1/2 MF H3 WD H4 OT S1 BF S2 AP S3 HH Steering Board Site Coordinator Freiburg BB Site Coordinator Oldenburg WD Site Coordinator Saarbrücken RW RA Coordinator Olderog RA Coordinator Fränzle RA Coordinator Podelski BB WD BF MF HH KM BN ERO AP GP SR CS VS LT OT UW CW RW RA Real-Time RA Hybrid RA s GForge Server for Cooperating Software Development CVS Repository for Shared Sources Benchmark Repository Publication Repository AVACS Web Site, Mailinglists

10 Selected Highlights of Phase II

11 satisfiability of formula in decidable first-order Evolution In Selected Highlights Phase Alternating II: Existence of winning Scalability Reduce verification of parametrically generated systems to theories Demonstration on train application Processor deterministic Safety Depth Safety

12 requirements local Evolution In Selected Highlights Phase Alternating II: Existence of winning Scalability Formal reduction of safety requirements in of application to controllers deterministic Demonstration Highway Entry Assistant Processor Safety Depth Safety

13 Scalability deterministic Existence of winning Safety Depth Safety ALBERT-LUDWIGS - Formal model of cooperating transportation systems catering Evolution for failures, abstracted car dynamics, evolving shapes Processor Formal automatic synthesis of winning cooperation Demonstrated on Highway-Entry Assistance In Alternating Selected Highlights Phase II:/ structure

14 Scalability Evolution In Processor Alternating Existence of winning Automatic computation deterministic Safety Depth Safety solutions in parametric of closed form model-checking of stochastic systems derive optimal parameters wrt time/reward/cost requirements fully symbolically Selected Highlights Phase II:

15 Scalability Evolution In Processor Alternating deterministic Existence of winning Fully symbolic Safety synthesis of winning Depth Safety in timed- reachability games Outperforms Uppaal- Tiga on standard benchmarks Selected Highlights Phase II:

16 Ordinary Equations Scalability Stochastic constraints Rich Evolution Processor Alternating deterministic Existence of winning Safety Depth Safety Extending solvers for large boolean combinations of linear/non-linear/ transcendental functions In Selected Highlights Phase II: Model s

17 Evolution In Selected Highlights Phase Alternating II: Model Existence of winning s Scalability Processor deterministic Safety Decidability results Quasi-decidability of hybrid system Depth Safety verification with non- linear dynamics Parametric verification of an industrially relevant class of linear hybrid automata is in PTIME

18 Evolution Selected Highlights Phase Alternating II: Model Existence of winning s Scalability Verification of timed systems with complex types lists, arrays, pointers, sets primitive recursive functions Processor uninterpreted functions over reals deterministic Safety satisfying monotonicity Depth Safety and boundedness properties In

19 Proof for Evolution In Hybrid Logic Scalability continous dynamics in #cont. var. discrete updates Evolving shapes Processor Alternating Demonstrated on Highway-Entry Assistance deterministic Existence of winning Safety Depth Safety Selected Highlights Phase II: Specification Logics ALBERT-LUDWIGS -

20 Scalability Evolution In Coordination logic Alternating deterministic Existence of winning Safety Depth Safety Logical representation for all decidable distributed Processor realizability problems Quantification over with incomplete information Explicates level of informedness given to Selected Highlights Phase II: Specification Logics ALBERT-LUDWIGS -

21 Scalability deterministic Evolution First-order quantification over agents Existence of winning Safety Depth Safety Specification Logic for SoS applications Processor In Alternating Quantification over with sets of agents For time-bounded probabilistic reachability of SoS configurations Demonstrated on Highway Entry Assistance s Selected Highlights Phase II: Specification Logics ALBERT-LUDWIGS -

22 Scalability Reasoning about Remorse deterministic Existence of winning Safety Depth Safety Evolution Replacing the un-achievable concept of winning strategy by new ALBERT-LUDWIGS - concept of remorse-free Processor : wrt a given Rich data world Types model and given In Alternating Existence of remorse-free set of observables, no other strategy can do better in comparable situations (i.e. environment moves) Allows to define and test for optimal world models Selected Highlights Phase II: Specification Logics

23 Depth Safety hierarchical in bus architectures Complex processors with out-of-order execution and speculation deterministic Safety Evolution Selected Highlights Phase Alternating II: Existence of winning Scalability Increased scope and precision of safe timing certificates Processor Developed first formal notion of predictability and identified classes of predictable architectures Formal approach for bridging the time gap Anzahl der Steuergeräte: 75 Signalpfade: > 950 Fahrdynamik-e In Komfort-e Zentrale Steuerungssysteme ICM- Q/L DME Headunit ZGW NIVI ALBERT-LUDWIGS - UNIVERSITÄT Infotainment FREIBURG Assistenz und Sicherheit Antrieb

24 Scalability Evolution deterministic Safety Depth Safety Tuning stochastic SMT solving for applications with up to 24 million discrete states and 23 real variables Selected Alternating Highlights Existence Phase of winning II: Scalability Verification of timed automata with complex state spaces Processor 300 fold improvement for coping with parallel composition Fully symbolic and precise verification of hybrid systems with large discrete state spaces outperforming Phaver Dam controller with 11 real variables and discrete states verified in 80 seconds In

25 Scalability deterministic Safety Depth Safety Evolution Fully compositional approach Processor for verification Rich of safety data Types and properties for hybrid controllers ( Transfer Project) In Selected Alternating Highlights Existence Phase of winning II: Scalability Heuristics for falsification of system requirements for timed automata yielding a three orders of magnitude improvement compared to previous phase

26 Increasing Automation 67 tools supporting the AVACS approach to the analysis of complex systems see org/ tools 26