Systematic testing for control applications

Software controllers for physical processes are at the core of many safety-critical systems such as avionics, automotive engine control, and process control. Despite their importance, the design and implementation of software controllers remains an art form; dependability is generally poor, and the cost of verifying systems is prohibitive. We illustrate the potential of applying program analysis tools on problems in controller design and implementation by focusing on concolic execution, a technique for systematic testing for software. In particular, we demonstrate how a concolic execution tool can be modified to automatically analyze controller implementations and (a) produce test cases achieving a coverage goal, (b) synthesize ranges for controller variables that can be used to allocate bits in a fixed-point implementation, and (c) verify robustness of an implementation under input uncertainties. We have implemented these algorithms on top of the Splat test generation tool and have carried out preliminary experiments on control software that demonstrates feasibility of the techniques.

[1]  Wayne Luk,et al.  Automatic Accuracy-Guaranteed Bit-Width Optimization for Fixed and Floating-Point Systems , 2007, 2007 International Conference on Field Programmable Logic and Applications.

[2]  Sriram Sankaranarayanan,et al.  Robustness of Model-Based Simulations , 2009, 2009 30th IEEE Real-Time Systems Symposium.

[3]  Songtao Xia,et al.  Automated test generation for engineering applications , 2005, ASE '05.

[4]  Sumit Gulwani,et al.  Continuity analysis of programs , 2010, POPL '10.

[5]  Markus Rupp,et al.  Automated floating-point to fixed-point conversion with the fixify environment , 2005, 16th IEEE International Workshop on Rapid System Prototyping (RSP'05).

[6]  Daniel Kroening,et al.  Mixed abstractions for floating-point arithmetic , 2009, 2009 Formal Methods in Computer-Aided Design.

[7]  Wayne Luk,et al.  Ieee Transactions on Computer-aided Design of Integrated Circuits and Systems Accuracy Guaranteed Bit-width Optimization Abstract— We Present Minibit, an Automated Static Approach for Optimizing Bit-widths of Fixed-point Feedforward Designs with Guaranteed Accuracy. Methods to Minimize Both the In- , 2022 .

[8]  Bertrand Jeannet,et al.  Apron: A Library of Numerical Abstract Domains for Static Analysis , 2009, CAV.

[9]  Rob A. Rutenbar,et al.  Fast, Accurate Static Analysis for Fixed-Point Finite-Precision Effects in DSP Designs , 2003, ICCAD.

[10]  Nicola Nicolici,et al.  Finite Precision bit-width allocation using SAT-Modulo Theory , 2009, 2009 Design, Automation & Test in Europe Conference & Exhibition.

[11]  P. McLane,et al.  Decentralized feedback controls for the brakeless operation of multilocomotive powered trains , 1976 .

[12]  Eric Goubault,et al.  HybridFluctuat: A Static Analyzer of Numerical Programs within a Continuous Environment , 2009, CAV.

[13]  Patrice Godefroid,et al.  Compositional dynamic test generation , 2007, POPL '07.

[14]  Rupak Majumdar,et al.  Testing for buffer overflows with length abstraction , 2008, ISSTA '08.

[15]  Rupak Majumdar,et al.  Symbolic Robustness Analysis , 2009, 2009 30th IEEE Real-Time Systems Symposium.

[16]  Patrice Godefroid,et al.  Proving memory safety of floating-point computations by combining static and dynamic program analysis , 2010, ISSTA '10.

[17]  Koushik Sen DART: Directed Automated Random Testing , 2009, Haifa Verification Conference.

[18]  Songtao Xia,et al.  Predicate Abstraction of Programs with Non-linear Computation , 2006, ATVA.

[19]  Patrice Godefroid,et al.  Active property checking , 2008, EMSOFT '08.

[20]  Koushik Sen,et al.  CUTE: a concolic unit testing engine for C , 2005, ESEC/FSE-13.

[21]  Hai Zhou,et al.  Low-Power Optimization by Smart Bit-Width Allocation in a SystemC-Based ASIC Design Environment , 2007, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.

[22]  Daniel Liberzon,et al.  Switching in Systems and Control , 2003, Systems & Control: Foundations & Applications.

[23]  Martin Fränzle,et al.  HySAT: An efficient proof engine for bounded model checking of hybrid systems , 2007, Formal Methods Syst. Des..

[24]  De Figueiredo,et al.  Self-validated numerical methods and applications , 1997 .

[25]  Kiam Heong Ang,et al.  PID control system analysis and design , 2006, IEEE Control Systems.

[26]  S. Ramesh,et al.  Randomized directed testing (REDIRECT) for Simulink/Stateflow models , 2008, EMSOFT '08.

[27]  Rupak Majumdar,et al.  Symbolic execution algorithms for test generation , 2009 .

[28]  Octavio Nieto-Taladriz,et al.  Improved Interval-Based Characterization of Fixed-Point LTI Systems With Feedback Loops , 2007, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.

[29]  Patrick Cousot,et al.  A static analyzer for large safety-critical software , 2003, PLDI.

[30]  Arnaud Gotlieb,et al.  Symbolic execution of floating‐point computations , 2006, Softw. Test. Verification Reliab..

[31]  Hoyt Lougee,et al.  SOFTWARE CONSIDERATIONS IN AIRBORNE SYSTEMS AND EQUIPMENT CERTIFICATION , 2001 .

[32]  George C. Necula,et al.  CIL: Intermediate Language and Tools for Analysis and Transformation of C Programs , 2002, CC.

[33]  Sriram Sankaranarayanan,et al.  Generating and Analyzing Symbolic Traces of Simulink/Stateflow Models , 2009, CAV.

[34]  Eric Goubault,et al.  Towards an Industrial Use of FLUCTUAT on Safety-Critical Avionics Software , 2009, FMICS.

[35]  Dawson R. Engler,et al.  EXE: automatically generating inputs of death , 2006, CCS '06.