Verification Tools for Embedded Systems

We propose a five-year research initiative at Carnegie Mellon University to create a new generation of formal verification tools that can be integrated into design environments for the complex, high-assurance embedded systems that will be required by future military systems. These systems are increasingly distributed, complex dynamic systems that must operate with a high degree of autonomy and survivability in diverse and unpredictable environments. We will focus on the development of new verification methods and tools to provide a rigorous means for checking the integrity and correctness of designs for these systems before they are deployed on target platforms. Our initiative has three broad research thrusts: Verifying System Integrity. System integrity refers to the correctness of the embedded system operation with respect to the interactions among the distributed software and hardware components. The embedded system must satisfy synchronization constraints, resource constraints, and real-time constraints imposed by the implementation architecture and application requirements. Methods for performing formal verification of these types of constraints that have been successful in hardware and protocol applications will be extended to embedded system applications. Modeling the Environment. Embedded software systems for military applications interact in complex ways with physical systems and adverse environments. It is thus essential to capture correctly and effectively the continuous dynamics, feedback loops, and unpredictable features of the environment in the models used for formal verification. Our research will draw on recent developments in (i) hybrid system verification to integrate continuous state dynamics with discrete-state models used in formal verification; and (ii) probabilistic verification to model and evaluate critical system attributes such as survivability and fault tolerance. Usability. In addition to performing research on fundamental methods in formal verification, we will address the formidable barriers that have kept formal verification techniques beyond the reach of practicing design engineers. We propose to develop tools that will extract automatically models used for verification from models already being constructed by design engineers for simulation studies and software development. We will also develop new methods for presenting and interpreting the results from formal verification tools so that they can be used effectively to evaluate the system and to correct the sources of faulty behaviors. To assure this research initiative addresses the needs of real-time embedded systems in military applications, we have established a partnership with the Honeywell Technology Center (HTC), which will participate with in-kind matching funds. We will meet regularly with HTC researchers who will provide requirements specifications and review research plans and results. HTC will offer challenge problems from real avionics and combat systems and will use tools developed in this project on internal HTC projects to help with the evaluation and guidance of the CMU research. This initiative will also be an integral technical component of the newly formed High Dependability Computing Consortium, a partnership among Carnegie Mellon University, NASA, the Silicon Valley corporate sector, and other private and public sector organizations.

[1]  Edmund M. Clarke,et al.  Design and Synthesis of Synchronization Skeletons Using Branching-Time Temporal Logic , 1981, Logic of Programs.

[2]  R. James Firby,et al.  An Investigation into Reactive Planning in Complex Domains , 1987, AAAI.

[3]  Austin Tate,et al.  O-Plan: The open Planning Architecture , 1991, Artif. Intell..

[4]  David Notkin,et al.  Reconciling environment integration and software evolution , 1992, TSEM.

[5]  Nicola Muscettola,et al.  HSTS: Integrating Planning and Scheduling , 1993 .

[6]  R. I. Bahar,et al.  Algebraic decision diagrams and their applications , 1993, Proceedings of 1993 International Conference on Computer Aided Design (ICCAD).

[7]  Thomas A. Henzinger,et al.  Automatic symbolic verification of embedded systems , 1993, 1993 Proceedings Real-Time Systems Symposium.

[8]  Sérgio Vale Aguiar Campos,et al.  Computing quantitative characteristics of finite-state real-time systems , 1994, 1994 Proceedings Real-Time Systems Symposium.

[9]  Thomas A. Henzinger,et al.  Symbolic Model Checking for Real-Time Systems , 1994, Inf. Comput..

[10]  Edmund M. Clarke,et al.  Verus: a tool for quantitative analysis of finite-state real-time systems , 1995 .

[11]  T. Henzinger,et al.  Algorithmic Analysis of Nonlinear Hybrid Systems , 1998, CAV.

[12]  Pravin Varaiya,et al.  What's decidable about hybrid automata? , 1995, STOC '95.

[13]  Thomas A. Henzinger,et al.  Hybrid Automata with Finite Bisimulatioins , 1995, ICALP.

[14]  P. Pandurang Nayak,et al.  A Model-Based Approach to Reactive Self-Configuring Systems , 1996, AAAI/IAAI, Vol. 2.

[15]  Thomas A. Henzinger,et al.  The theory of hybrid automata , 1996, Proceedings 11th Annual IEEE Symposium on Logic in Computer Science.

[16]  Erann Gat,et al.  ESL: a language for supporting robust plan execution in embedded autonomous agents , 1997, 1997 IEEE Aerospace Conference.

[17]  H. Preisig,et al.  A Mathematical Approach to Discrete-event Dynamic Modelling of Hybrid Systems , 1997 .

[18]  Masahiro Fujita,et al.  Multi-Terminal Binary Decision Diagrams: An Efficient Data Structure for Matrix Representation , 1997, Formal Methods Syst. Des..

[19]  J. M. Schumacher Call for papers Automatica special issue on hybrid systems , 1997, Autom..

[20]  David Garlan,et al.  Towards a Formal Treatment of Implicit Invocation , 1997 .

[21]  Reid G. Simmons,et al.  A task description language for robot control , 1998, Proceedings. 1998 IEEE/RSJ International Conference on Intelligent Robots and Systems. Innovations in Theory, Practice and Applications (Cat. No.98CH36190).

[22]  E. Altman Constrained Markov Decision Processes , 1999 .

[23]  Olaf Stursberg,et al.  Verification of Logic Controllers for Continuous Plants , 1999 .

[24]  Ian M. Mitchell,et al.  Reachability Analysis Using Polygonal Projections , 1999, HSCC.

[25]  Olaf Stursberg,et al.  Reachability Analysis of a Class of Switched Continuous Systems by Integrating Rectangular Approximation and Rectangular Analysis , 1999, HSCC.

[26]  Masahiro Fujita,et al.  Program Slicing of Hardware Description Languages , 1999, CHARME.

[27]  Somesh Jha,et al.  Survivability analysis of network specifications , 2000, Proceeding International Conference on Dependable Systems and Networks. DSN 2000.

[28]  Dawson R. Engler,et al.  Checking system rules using system-specific, programmer-written compiler extensions , 2000, OSDI.

[29]  B. Krogh,et al.  Approximating quotient transition systems for hybrid systems , 2000, Proceedings of the 2000 American Control Conference. ACC (IEEE Cat. No.00CH36334).

[30]  Bruce H. Krogh,et al.  Formal verification of hybrid systems using CheckMate: a case study , 2000, Proceedings of the 2000 American Control Conference. ACC (IEEE Cat. No.00CH36334).

[31]  Joseph S. Miller Decidability and Complexity Results for Timed Automata and Semi-linear Hybrid Automata , 2000, HSCC.

[32]  Reid G. Simmons,et al.  From Livingstone to SMV , 2000, FAABS.

[33]  Pravin Varaiya,et al.  Ellipsoidal Techniques for Reachability Analysis , 2000, HSCC.

[34]  Charles Pecheur,et al.  Automating Model Checking for Autonomous Systems , 2000 .

[35]  Somesh Jha,et al.  Survivability analysis of networked systems , 2001, Proceedings of the 23rd International Conference on Software Engineering. ICSE 2001.

[36]  Jeremy S. Bradbury,et al.  Model Checking Implicit-Invocation Systems: An Approach to the Automatic Analysis of Architectural Styles , 2002 .