Proofs from simulations and modular annotations

Huang, Zhengxu; Mitra, Sayan

doi:10.1145/2562059.2562126

Cited by 25 publications

(31 citation statements)

References 23 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For discrete or discretized systems, translations to formal models like extended input/output automata have been developed [19]. Some recent simulation-based verification, testing, and falsification approaches in hybrid systems and CPS like those in S-TaLiRo, Breach, and C2E2 can be viewed as forms of dynamic analysis (potentially with additional annotations and proof steps) [26,28,29,[39][40][41]. Additionally, there are alternative methods for finding specifications for SLSF models [29,39].…”

Section: Related Workmentioning

confidence: 99%

Cyber-physical specification mismatch identification with dynamic analysis

Johnson

Bak

Drager

2015

Proceedings of the ACM/IEEE Sixth International Conference on Cyber-Physical Systems

View full text Add to dashboard Cite

Embedded systems use increasingly complex software and are evolving into cyber-physical systems (CPS) with sophisticated interaction and coupling between physical and computational processes. Many CPS operate in safety-critical environments and have stringent certification, reliability, and correctness requirements. These systems undergo changes throughout their lifetimes, where either the software or physical hardware is updated in subsequent design iterations. One source of failure in safety-critical CPS is when there are unstated assumptions in either the physical or cyber parts of the system, and new components do not match those assumptions. In this work, we present an automated method towards identifying unstated assumptions in CPS. Dynamic specifications in the form of candidate invariants of both the software and physical components are identified using dynamic analysis (executing and/or simulating the system implementation or model thereof). A prototype tool called Hynger (for HYbrid iNvariant GEneratoR) was developed that instruments Simulink/Stateflow (SLSF) model diagrams to generate traces in the input format compatible with the Daikon invariant inference tool, which has been extensively applied to software systems. Hynger, in conjunction with Daikon, is able to detect candidate invariants of several CPS case studies. We use the running example of a DC-to-DC power converter, and demonstrate that Hynger can detect a specification mismatch where a tolerance assumed by the software is violated due to a plant change.

show abstract

Section: Related Workmentioning

confidence: 99%

Cyber-physical specification mismatch identification with dynamic analysis

Johnson

Bak

Drager

2015

Proceedings of the ACM/IEEE Sixth International Conference on Cyber-Physical Systems

View full text Add to dashboard Cite

show abstract

“…First of all, we will use the definition of Input-to-State (IS) discrepancy function [27], which enables us to use annotations for individual modules in a dynamical system to then check invariants of the composed system. The IS discrepancy function for a location of A (or for a dynamical system) bounds the distance between two trajectories in location from different initial states, as a function of time and the inputs they receive.…”

Section: Is Discrepancy and Approximationsmentioning

confidence: 99%

“…The result is generalized to dynamical systems with N modules connected in general network topologies [27], where the IS approximation is (N + 1)-dimensional.…”

Section: Is Discrepancy and Approximationsmentioning

confidence: 99%

“…The resulting algorithm enjoys scalability and relative completeness: if the system satisfies the invariant robustly, then the algorithm is guaranteed to terminate. The burden of finding discrepancy functions for large models is partly alleviated in [27] for nonlinear differential equations. That paper proposes input-to-state (IS) discrepancy functions for each module A i of a larger system A = A 1 .…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Invariant Verification of Nonlinear Hybrid Automata Networks of Cardiac Cells

Huang

Fan

Mereacre

et al. 2014

Computer Aided Verification

Self Cite

View full text Add to dashboard Cite

Abstract. Verification algorithms for networks of nonlinear hybrid automata (HA) can aid understanding and controling of biological processes such as cardiac arrhythmia, formation of memory, and genetic regulation. We present an algorithm for over-approximating reach sets of networks of nonlinear HA which can be used for sound and relatively complete invariant checking. First, it uses automatically computed input-to-state discrepancy functions for the individual automata modules in the network A for constructing a low-dimensional model M. Simulations of both A and M are then used to compute the reach tubes for A. These techniques enable us to handle a challenging verification problem involving a network of cardiac cells, where each cell has four continuous variables and 29 locations. Our prototype tool can check bounded-time invariants for networks with 5 cells (20 continuous variables, 295 locations) typically in less than 15 minutes for up to reasonable time horizons. From the computed reach tubes we can infer biologically relevant properties of the network from a set of initial states.

show abstract

“…Further, it is important that the over-approximation can be made more precise so that false positives can be eliminated. To turn this idea into an algorithm, we introduced the notion of discrepancy which (a) upper bounds the distance between two neighboring behaviors and (b) the bound converges to zero as the parameter choices for the two behaviors get closer and closer [6], [8]. It has been shown that, for an expressive class of models, indeed one can find discrepancy functions that meet these criteria [7].…”

Section: Introductionmentioning

confidence: 99%

Simulation-Based Verification of Cardiac Pacemakers With Guaranteed Coverage

et al. 2015

Self Cite

View full text Add to dashboard Cite

Design and testing of pacemaker is challenging because of the need to capture the interaction between the physical processes (e.g. voltage signal in cardiac tissue) and the embedded software (e.g. a pacemaker). At the same time, there is a growing need for design and certification methodologies that can provide quality assurance for the embedded software. We describe recent progress in simulation-based techniques that are capable of ensuring guaranteed coverage. Our methods employ discrepancy functions, which impose bounds on system dynamics, and proceed through iteratively constructing over-approximations of the reachable set of states. We are able to prove time bounded safety or produce counterexamples. We illustrate the techniques by analyzing a family of pacemaker designs against time duration requirements and synthesize safe parameter ranges. We conclude by outlining the potential uses of this technology to improve the safety of medical device designs.

show abstract

Proofs from simulations and modular annotations

Cited by 25 publications

References 23 publications

Cyber-physical specification mismatch identification with dynamic analysis

Cyber-physical specification mismatch identification with dynamic analysis

Invariant Verification of Nonlinear Hybrid Automata Networks of Cardiac Cells

Simulation-Based Verification of Cardiac Pacemakers With Guaranteed Coverage

Contact Info

Product

Resources

About