Enforcement FSMs: specification and verification of non-functional properties of program executions on MPSoCs

Many embedded system applications impose hard real-time, energy or safety requirements on corresponding programs typically concurrently executed on a given MPSoC target platform. Even when mutually isolating applications in space or time, the enforcement of such properties, e.g., by adjusting the number of processors allocated to a program or by scaling the voltage/frequency mode of involved processors, is a difficult problem to solve, particularly in view of typically largely varying environmental input (workload) per execution. In this paper, we formalize the related control problem using finite state machine models for the uncertain environment determining the workload, the system response (feedback), as well as the enforcer strategy. The contributions of this paper are as follows: a) Rather than trace-based simulation, the uncertain environment is modeled by a discrete-time Markov chain (DTMC) as a random process to characterize possible input sequences an application may experience. b) A number of important verification goals to analyze different enforcer FSMs are formulated in PCTL for the resulting stochastic verification problem, i.e., the likelihood of violating a timing or energy constraint, or the expected number of steps for a system to return to a given execution time corridor. c) Applying stochastic model checking, i.e., PRISM to analyze and compare enforcer FSMs in these properties, and finally d) proposing an approach for reducing the environment DTMC by partitioning equivalent environmental states (i.e., input states leading to an equal system response in each MPSoC mode) such that verification times can be reduced by orders of magnitude to just a few ms for real-world examples.

[1]  Michael Glaß,et al.  Language and Compilation of Parallel Programs for *-Predictable MPSoC Execution Using Invasive Computing , 2016, 2016 IEEE 10th International Symposium on Embedded Multicore/Many-core Systems-on-Chip (MCSOC).

[2]  Fred B. Schneider,et al.  Enforceable security policies , 2000, TSEC.

[3]  Samik Basu,et al.  Local Module Checking for CTL Specifications , 2007, Electron. Notes Theor. Comput. Sci..

[4]  Jürgen Teich,et al.  Run-Time Enforcement of Non-Functional Application Requirements in Heterogeneous Many-Core Systems , 2020, 2020 25th Asia and South Pacific Design Automation Conference (ASP-DAC).

[5]  Christel Baier,et al.  On the Logical Characterisation of Performability Properties , 2000, ICALP.

[6]  Radu Calinescu,et al.  Dynamic QoS Management and Optimization in Service-Based Systems , 2011, IEEE Transactions on Software Engineering.

[7]  Yliès Falcone,et al.  Runtime enforcement monitors: composition, synthesis, and enforcement abilities , 2011, Formal Methods Syst. Des..

[8]  Henry Hoffmann,et al.  POET: a portable approach to minimizing energy under soft real-time constraints , 2015, 21st IEEE Real-Time and Embedded Technology and Applications Symposium.

[9]  Jürgen Teich,et al.  Invasive Computing: An Overview , 2011, Multiprocessor System-on-Chip.

[10]  Chao Wang,et al.  Shield Synthesis: Runtime Enforcement for Reactive Systems , 2015, TACAS.

[11]  Radu Calinescu,et al.  Using quantitative analysis to implement autonomic IT systems , 2009, 2009 IEEE 31st International Conference on Software Engineering.

[12]  Partha Pratim Pande,et al.  An Energy-aware Online Learning Framework for Resource Management in Heterogeneous Platforms , 2020, ACM Trans. Design Autom. Electr. Syst..

[13]  Lujo Bauer,et al.  Run-Time Enforcement of Nonsafety Policies , 2009, TSEC.

[14]  Xin Chen,et al.  Toward online hybrid systems model checking of cyber-physical systems' time-bounded short-run behavior , 2011, SIGBED.

[15]  Edmund M. Clarke,et al.  Design and Synthesis of Synchronization Skeletons Using Branching Time Temporal Logic , 2008, 25 Years of Model Checking.

[16]  Jürgen Teich,et al.  Run-Time Enforcement of Non-functional Program Properties on MPSoCs , 2020, A Journey of Embedded and Cyber-Physical Systems.

[17]  David G. Lowe,et al.  Object recognition from local scale-invariant features , 1999, Proceedings of the Seventh IEEE International Conference on Computer Vision.

[18]  Bengt Jonsson,et al.  A logic for reasoning about time and reliability , 1990, Formal Aspects of Computing.

[19]  Bradley R. Schmerl,et al.  Proactive self-adaptation under uncertainty: a probabilistic model checking approach , 2015, ESEC/SIGSOFT FSE.

[20]  Henry Hoffmann,et al.  Automated control of multiple software goals using multiple actuators , 2017, ESEC/SIGSOFT FSE.

[21]  Marta Z. Kwiatkowska,et al.  Quantitative Analysis With the Probabilistic Model Checker PRISM , 2006, QAPL.

[22]  Partha S. Roop,et al.  Securing implantable medical devices with runtime enforcement hardware , 2019, MEMOCODE.

[23]  Marta Z. Kwiatkowska,et al.  PRISM 4.0: Verification of Probabilistic Real-Time Systems , 2011, CAV.

[24]  Partha S. Roop,et al.  Security of Pacemakers using Runtime Verification , 2018, 2018 16th ACM/IEEE International Conference on Formal Methods and Models for System Design (MEMOCODE).

[25]  Yliès Falcone,et al.  What can you verify and enforce at runtime? , 2012, International Journal on Software Tools for Technology Transfer.

[26]  Partha S. Roop,et al.  Runtime enforcement of reactive systems using synchronous enforcers , 2017, SPIN.

[27]  KwiatkowskaMarta,et al.  Quantitative Analysis With the Probabilistic Model Checker PRISM , 2006 .

[28]  Antti Valmari,et al.  The State Explosion Problem , 1996, Petri Nets.

[29]  Partha S. Roop,et al.  Runtime Enforcement of Cyber-Physical Systems , 2017, ACM Trans. Embed. Comput. Syst..

[30]  Jürgen Teich,et al.  A Comparative Evaluation of Latency-Aware Energy Optimization Approaches in Many-Core Systems (Invited Paper) , 2021, NG-RES@HiPEAC.

[31]  Module Checking , 2001, Inf. Comput..