Automated verification of model-based programs under uncertainty

Highly robust embedded systems have been enabled through software executives that have the ability to reason about their environment. Those that employ the modelbased autonomy paradigm automatically diagnose and plan future actions, based on models of themselves and their environment. This includes autonomous systems that must operate in harsh and dynamic environments, like deep space. Such systems must be robust to a large space of possible failure scenarios. This large state space poses difficulties for traditional scenario-based testing, leading to a need for new approaches to verification and validation. We propose a novel verification approach that generates an analysis of the most likely failure scenarios for a model-based program. By finding only the most likely failures, we increase the relevance and reduce the quantity of information the developer must examine. First, we provide the ability to verify a stochastic system that encodes both off-nominal and nominal scenarios. We incorporate uncertainty into the verification process by acknowledging that all such programs may fail, but in different ways, with different likelihoods. The verification process is one of finding the most likely executions that fail the specification. Second, we provide a capability for verifying executable specifications that are fault-aware. We generalize offline plant model verification to the verification of model-based programs, which consist of both a plant model that captures the physical plant’s nominal and off-nominal states and a control program that specifies its desired behavior. Third, we verify these specifications through execution of the RMPL executive itself. We therefore circumvent the difficulty of formalizing the behavior of complex software executives. We present the RMPLVerifier, a tool for verification of model-based programs written in the Reactive Model-based Programming Language (RMPL) for the Titan execution kernel. Using greedy forward-directed search, this tool finds as counterexamples to the program’s goal specification the most likely executions that do not

[1]  Charles Pecheur,et al.  Simulation-Based Verification of Livingstone Applications , 2003 .

[2]  G. Gordon Schulmeyer,et al.  Verification and Validation of Modern Software Systems , 2000 .

[3]  Doron Drusinsky,et al.  The Temporal Rover and the ATG Rover , 2000, SPIN.

[4]  Gérard Berry,et al.  The Esterel Synchronous Programming Language: Design, Semantics, Implementation , 1992, Sci. Comput. Program..

[5]  Klaus Havelund,et al.  Model Checking Programs , 2004, Automated Software Engineering.

[6]  Martin Peschke,et al.  Design and Validation of Computer Protocols , 2003 .

[7]  Edmund M. Clarke,et al.  Symbolic Model Checking: 10^20 States and Beyond , 1990, Inf. Comput..

[8]  Kenneth L. McMillan,et al.  Symbolic model checking: an approach to the state explosion problem , 1992 .

[9]  Keith Golden,et al.  Plan Execution, Monitoring, and Adaptation for Planetary Rovers , 2000, Electron. Trans. Artif. Intell..

[10]  David Harel,et al.  Statecharts: A Visual Formalism for Complex Systems , 1987, Sci. Comput. Program..

[11]  P. Pandurang Nayak,et al.  Remote Agent: To Boldly Go Where No AI System Has Gone Before , 1998, Artif. Intell..

[12]  Gerard J. Holzmann,et al.  Design and validation of computer protocols , 1991 .

[13]  Grigore Rosu,et al.  Monitoring Java Programs with Java PathExplorer , 2001, RV@CAV.

[14]  Brian C. Williams,et al.  Timed model-based programming: executable specifications for robust mission-critical sequences , 2003 .

[15]  John Penix,et al.  Formal Analysis of the Remote Agent Before and After Flight , 2000 .

[16]  BerryGérard,et al.  The ESTEREL synchronous programming language , 1992 .

[17]  Reid G. Simmons,et al.  From Livingstone to SMV: Formal Verification for Autonomous Spacecrafts , 2000 .

[18]  P. Pandurang Nayak,et al.  A Model-Based Approach to Reactive Self-Configuring Systems , 1996, AAAI/IAAI, Vol. 2.

[19]  Brian C. Williams,et al.  Model-based programming of intelligent embedded systems and robotic space explorers , 2003, Proc. IEEE.

[20]  Paul Harrison Elliott,et al.  An efficient projected minimal conflict generator for projected prime implicate and implicant generation , 2004 .

[21]  Michael R. Lowry,et al.  Experimental Evaluation of Verification and Validation Tools on Martian Rover Software , 2013, Formal Methods Syst. Des..