Copilot: monitoring embedded systems

Runtime verification (RV) is a natural fit for ultra-critical systems that require correct software behavior. Due to the low reliability of commodity hardware and the adversity of operational environments, it is common in ultra-critical systems to replicate processing units (and their hosted software) and incorporate fault-tolerant algorithms to compare the outputs, even if the software is considered to be fault-free. In this paper, we investigate the use of software monitoring in distributed fault-tolerant systems and the implementation of fault-tolerance mechanisms using RV techniques. We describe the Copilot language and compiler that generates monitors for distributed real-time systems, and we discuss two case-studies in which Copilot-generated monitors were used to detect onboard software and hardware faults and monitor air-ground data link messaging protocols.

[1]  Daniel Kroening,et al.  A Tool for Checking ANSI-C Programs , 2004, TACAS.

[2]  Koen Claessen,et al.  QuickCheck: a lightweight tool for random testing of Haskell programs , 2000, ICFP.

[3]  Zoltán Horváth,et al.  Feldspar: A domain specific language for digital signal processing algorithms , 2010, Eighth ACM/IEEE International Conference on Formal Methods and Models for Codesign (MEMOCODE 2010).

[4]  Michael Norrish,et al.  seL4: formal verification of an OS kernel , 2009, SOSP '09.

[5]  Michael R. Elliott,et al.  Object-oriented software considerations in airborne systems and equipment certification , 2010, SPLASH/OOPSLA Companion.

[6]  Robert S. Boyer,et al.  MJRTY: A Fast Majority Vote Algorithm , 1991, Automated Reasoning: Essays in Honor of Woody Bledsoe.

[7]  John M. Rushby,et al.  Software Verification and System Assurance , 2009, 2009 Seventh IEEE International Conference on Software Engineering and Formal Methods.

[8]  Leslie Lamport,et al.  The Byzantine Generals Problem , 1982, TOPL.

[9]  Insup Lee,et al.  RT-MaC: runtime monitoring and checking of quantitative and probabilistic properties , 2005, 11th IEEE International Conference on Embedded and Real-Time Computing Systems and Applications (RTCSA'05).

[10]  Grigore Rosu,et al.  Java-MOP: A Monitoring Oriented Programming Environment for Java , 2005, TACAS.

[11]  Alwyn E. Goodloe,et al.  Copilot: A Hard Real-Time Runtime Monitor , 2010, RV.

[12]  E. D. Giorgi Selected Papers , 2006 .

[13]  Tom Hawkins,et al.  Controlling Hybrid Vehicles with Haskell , 2008, Proceedings of the 13th ACM SIGPLAN international conference on Functional programming.

[14]  John M. Rushby,et al.  Runtime Certification , 2008, RV.

[15]  Ezio Bartocci,et al.  Runtime Verification with State Estimation , 2011, RV.

[16]  Ingolf Krüger,et al.  Runtime Verification of Interactions: From MSCs to Aspects , 2007, RV.

[17]  Klaus Havelund,et al.  Runtime Verification of C Programs , 2008, TestCom/FATES.

[18]  Michael Norrish,et al.  seL4: formal verification of an operating-system kernel , 2010, Commun. ACM.

[19]  Bashar Nuseibeh,et al.  Soapbox: Ariane 5: Who Dunnit? , 1997 .

[20]  Marcelo d'Amorim,et al.  Checking and Correcting Behaviors of Java Programs at Runtime with Java-MOP , 2006, RV@CAV.

[21]  Hanêne Ben-Abdallah,et al.  Formally specified monitoring of temporal properties , 1999, Proceedings of 11th Euromicro Conference on Real-Time Systems. Euromicro RTS'99.

[22]  Sebastian Fischmeister,et al.  Sampling-Based Runtime Verification , 2011, FM.

[23]  Nicolas Halbwachs,et al.  Validation of Synchronous Reactive Systems: From Formal Verification to Automatic Testing , 1999, ASIAN.

[24]  Lee Pike,et al.  Experience report: a do-it-yourself high-assurance compiler , 2012, ICFP.

[25]  Sebastian Fischmeister,et al.  Sampling-based program execution monitoring , 2010, LCTES '10.

[26]  Borzoo Bonakdarpour,et al.  SYCRAFT: A Tool for Synthesizing Distributed Fault-Tolerant Programs , 2008, CONCUR.

[27]  G. B. Finelli,et al.  The Infeasibility of Quantifying the Reliability of Life-Critical Real-Time Software , 1993, IEEE Trans. Software Eng..

[28]  Theo Tryfonas,et al.  Frontiers in Artificial Intelligence and Applications , 2009 .

[29]  Peyton Jones,et al.  Haskell 98 language and libraries : the revised report , 2003 .

[30]  Madeline Diep,et al.  Reducing the Cost of Path Property Monitoring Through Sampling , 2008, 2008 23rd IEEE/ACM International Conference on Automated Software Engineering.

[31]  Paul Caspi,et al.  Formal System Development with Lustre: Framework and Example , 2005 .

[32]  Hassan A. Farhat Digital Design and Computer Organization , 2003 .

[33]  Rajeev Alur,et al.  A Temporal Logic of Nested Calls and Returns , 2004, TACAS.

[34]  Andy Gill,et al.  Type-safe observable sharing in Haskell , 2009, Haskell.

[35]  Bashar Nuseibeh Ariane 5: Who Dunnit? , 1997, IEEE Software.

[36]  Hoyt Lougee,et al.  SOFTWARE CONSIDERATIONS IN AIRBORNE SYSTEMS AND EQUIPMENT CERTIFICATION , 2001 .

[37]  Nancy G. Leveson,et al.  An investigation of the Therac-25 accidents , 1993, Computer.