SlideShare a Scribd company logo

Contract-Based Integration of Cyber-Physical Analyses

Ivan Ruchkin
Ivan Ruchkin

The document proposes an approach called analysis contracts to address the problem of integrating different cyber-physical analyses. The approach involves formally specifying the dependencies, assumptions, and guarantees of each analysis. The assumptions of one analysis must be verified against the guarantees of any analyses it depends on. This ensures the correct ordering of analyses and that assumption violations do not occur. The approach is implemented in a framework and evaluated on examples involving scheduling and battery analyses, demonstrating it is effective, extensible, and scalable.

Software
1 of 29
Download to read offline
1 Contract-Based Integration of Cyber-Physical Analyses Ivan Ruchkin Dionisio De Niz Sagar Chaki David Garlan October 14, 2014 14th International Conference on Embedded Software
2 Copyright 2014 ACM This material is based upon work funded and supported by the Department of Defense under Contract No. FA8721-05-C-0003 with Carnegie Mellon University for the operation of the Software Engineering Institute, a federally funded research and development center. NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN “AS-IS” BASIS. CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. This material has been approved for public release and unlimited distribution. This material may be reproduced in its entirety, without modification, and freely distributed in written or electronic form without requesting formal permission. Permission is required for any other use. Requests for permission should be directed to the Software Engineering Institute at permission@sei.cmu.edu. Carnegie Mellon® is registered in the U.S. Patent and Trademark Office by Carnegie Mellon University. DM-0001714
3 Outline ● Analysis integration problem ● Analysis contracts approach – Specification – Verification ● Experimental results
4 Model integration in CPS Energy Scheduling Aerodynamics ● Subtle mismatches between technical domains ● Lead to costly fixes or failures
5 Analytic aspect of integration Sensor Sampling PID Controller Actuator Controller Communication bus Sensor board CPU Actuator board System Analysis Bin packing Frequency scaling Power Exec Time Analysis Allocates Adjusts frequency ● Frequency scaling is applicable only when: – used after Bin packing – the system is behaviorally deadline-monotonic ● Otherwise, frequency scaling may render the system unschedulable
6 Frequency scaling assumption ● Behavioral equivalence to deadline-monotonic scheduling RMS ≠ DMS P=D D P RMS = DMS P=D P=D P=D P=D P=D P=D, Harmonic, Sync P=D EDF ≠ DMS EDF = DMS
7 Analysis integration problem System Analysis Analysis Analysis Analysis Domain 1 ● Out-of-order execution Domain 2 ● Invalidation of assumptions
8 Existing solutions ● Assume-guarantee component composition does not handle analytic integration of tools [1][2]. ● Architectural views tackle model consistency, not analytic tool consistency [3][4] ● Meta-level AADL languages do not allow domain-specific semantics [5] ● Previous work on analysis contracts: single domain only, unsound and incomplete verification [6] [1] Frehse et al. Assume-guarantee reasoning for hybrid I/O-automata by over-approximation of continuous interaction, 2004 [2] Sangiovanni-Vincentelli et al. Taming Dr. Frankenstein: contract-based design for cyber-physical systems, 2013 [3] Torngren et al. Integrating viewpoints in the development of mechatronic products, 2013 [4] Rajhans et al. Supporting heterogeneity in cyber-physical systems architectures, 2014 [5] Boddy et al. The FUSED meta-language and tools for complex system engineering, 2011 [6] Nam et al. Resource allocation contracts for open analytic runtime models, 2011
9 Running example Scheduling Battery Battery Scheduling Discharge Charge Bin packing Data Data security security x x
10 Outline ● Analysis integration problem ● Analysis contracts approach – Specification – Verification ● Experimental results
11 Analysis contracts approach 1. Formalize analysis domains 2. Specify dependencies, assumptions, and guarantees of analyses 3. Determine correct ordering of analyses 4. Verify assumptions and guarantees of analyses
12 Outline ● Analysis integration problem ● Analysis contracts approach – Specification – Verification ● Experimental results
13 Running example Scheduling Battery Battery Scheduling Discharge Charge Bin packing Data Data security security x x
14 Running example Scheduling domain σsched Battery domain σbatt Battery Scheduling Discharge Charge Bin packing Data Data security security x x
15 Verification domain Domain σ is a many-sorted signature (A, S, R, T, ⦃⦄σ): – A – set of atoms: ℬ, ℤ, Threads, Batteries, SchedPol – S – static functions: Period, Dline, CPUBind, Voltage – R – runtime functions CanPrmpt: Threads x Threads → ℬ – T – execution semantics ● set of sequences of R assignments – ⦃⦄σ and ⦃⦄m – domain and model interpretations ● ⦃SchedPol⦄σ = {RMS, DMS, EDF} ● ⦃CPUBind⦄m = { (Ctrl1, CPU1), (Ctrl2, CPU2), ... }
16 Analysis contract ● Given a domain σ, analysis contract C is a tuple (I, O, A, G) – Inputs I ⊆ A ∪ S – Outputs O ⊆ A ∪ S – Assumptions A ⊆ Fσ – Guarantees G ⊆ Fσ ● Where: – Fσ ::= {∀|ⱻ} v1..vn•φ | {∀|ⱻ} v1..vn•φ : ψ – φ is a static predicate formula over A and S – ψ is an LTL formula over A, S, and R – E.g.: ∀ t1, t2: Threads • t1 ≠ t2 ∧ CPUBind(t1) = CPUBind(t2) : G (CanPrmpt(t1, t2) ⇒ Dline(t1) < Dline(t2))
17 Outline ● Analysis integration problem ● Analysis contracts approach – Specification – Verification ● Experimental results
18 Running example Scheduling domain σsched Battery domain σbatt Battery Scheduling Discharge Charge Bin packing Data Data security security x x
19 Assumption verification ● Goal: ∀ t1, t2: Threads • t1 ≠ t2 ∧ CPUBind(t1) = CPUBind(t2) : G (CanPrmpt(t1, t2) ⇒ Dline(t1) < Dline(t2)) ● SMT solver finds solutions for static fragment φ – ∀ t1, t2:Threads | t1 ≠ t2 ∧ CPUBind(t1) = CPUBind(t2) ● Model checking property ψ in a behavioral Promela model for each SMT solution: – G (CanPrmpt(t1, t2) ⇒ Dline(t1) < Dline(t2))
20 Battery modeling Battery domain σbatt Battery Scheduling Discharge Charge ● Abstraction: circuits ● Selects a scheduler for cell connections ● Oblivious of heat: treats any configuration as acceptable heat-wise ● Restrictions on acceptable thermal configurations ● Guarantee: unacceptable ones don't occur ● Abstraction: geometry ● Simulates heat propagation ● Cannot scale to dynamic scheduling: simulates only fixed cell configurations
21 Battery scheduling guarantee ● G: “Bad thermal configurations are not reachable” ● TN(b, i) ∈ R – number of cells in b with i thermal neighbors ● K(b, i) ∈ S – experimental weight for TN(b, i) ● G = {∀ b: Batteries • G ( Σ i=0..3 K(b, i)*TN(b, i) ) ≥ 0}
22 Battery modeling Battery domain σbatt Battery Scheduling Discharge Charge Selects a battery scheduler G: ∀ b: Batteries • G ( Σ i=0..3 K(b, i)*TN(b, i) ) ≥ 0 Verified with battery Promela/Spin model K(b, i) Determines K(b, i) via simulation
23 Outline ● Analysis integration problem ● Analysis contracts approach – Specification – Verification ● Experimental results
24 Framework implementation
25 Scalability evaluation ● SMT solving typically takes less than 0.1 second ● Spin model checking times: σsched : σbatt : Threads (R/D)MS time EDF time 3 0.01 0.01 4 0.01 0.52 5 0.07 33.4 6 0.37 2290.0 7 2.18 Out Mem 8 12.4 Out Mem 9 71.2 Out Mem 10 421 Out Mem 11 Out Mem Out Mem Cells FGURR time FGWRR time GPWRR time 9 0.13 0.15 0.15 12 0.61 2.34 3.94 16 44 31.4 127 20 1060 619 Out Mem 25 Out Mem Out Mem Out Mem All times are in seconds
26 Summary ● Analysis integration is error-prone – Incorrect ordering – Violation of implicit assumptions ● Our solution: – Contract specification language – Contract verification algorithm – Framework implementation ● Effective, extensible, and scalable
27 Verification domain ● Domain σ is a many-sorted signature (A, S, R, T, ⦃⦄σ): – A: set of sorts – system elements and standard sorts ● E.g.: ℬ, ℤ, Threads, Batteries, SchedPol – S: Ai x ... x An → Ak – static functions that encode design properties ● E.g.: Period, Dline, CPUBind, Voltage – R: Ai x ... x An → Ak – runtime functions that encode dynamic properties ● E.g.: CanPrmpt: Threads x Threads → ℬ TN: Batteries x ℤ → ℤ
28 Verification domain ● Domain σ is a many-sorted signature (A, S, R, T, ⦃⦄σ): – T: execution semantics – set of sequences of R assignments ● E.g.: thread scheduler state model for σsched battery state model for for σbatt – ⦃⦄σ: domain interpretation for A and S ● E.g.: ⦃SchedPol⦄σ = {RMS, DMS, EDF} ● Architectural model m is an interpretation ⦃⦄m of A, S, and T – E.g.: ⦃Threads⦄m = { SensorSample, Ctrl1, Ctrl2 } ⦃CPUBind⦄m = { (Ctrl1, CPU1), (Ctrl2, CPU2), ... } – ⦃⦄σ ∪ ⦃⦄m is a full interpretation
29 Contracts

Recommended

Cs 331 Data Structures
Cs 331 Data StructuresCs 331 Data Structures
Cs 331 Data Structures
National Institute of Technology Durgapur
 
CFD Cornell Energy Workshop - M.F. Campuzano Ochoa
CFD Cornell Energy Workshop - M.F. Campuzano OchoaCFD Cornell Energy Workshop - M.F. Campuzano Ochoa
CFD Cornell Energy Workshop - M.F. Campuzano Ochoa
Mario Felipe Campuzano Ochoa
 
Unit7 & 8 Performance and optimization
Unit7 & 8 Performance and optimization Unit7 & 8 Performance and optimization
Unit7 & 8 Performance and optimization
leenachandra
 
Bloem defense.v16.slides
Bloem defense.v16.slidesBloem defense.v16.slides
Bloem defense.v16.slides
mbloem
 
Thesis F. Redaelli UIC Slides EN
Thesis F. Redaelli UIC Slides ENThesis F. Redaelli UIC Slides EN
Thesis F. Redaelli UIC Slides EN
Marco Santambrogio
 
HLPW2-sasanapuri
HLPW2-sasanapuriHLPW2-sasanapuri
HLPW2-sasanapuri
Vijay Kumar
 
Lecture04
Lecture04Lecture04
Lecture04
sean chen
 
Computational Fluid Dynamics (CFD)
Computational Fluid Dynamics (CFD)Computational Fluid Dynamics (CFD)
Computational Fluid Dynamics (CFD)
Khusro Kamaluddin
 

Recommended

Cs 331 Data Structures
Cs 331 Data StructuresCs 331 Data Structures
Cs 331 Data Structures
National Institute of Technology Durgapur
 
CFD Cornell Energy Workshop - M.F. Campuzano Ochoa
CFD Cornell Energy Workshop - M.F. Campuzano OchoaCFD Cornell Energy Workshop - M.F. Campuzano Ochoa
CFD Cornell Energy Workshop - M.F. Campuzano Ochoa
Mario Felipe Campuzano Ochoa
 
Unit7 & 8 Performance and optimization
Unit7 & 8 Performance and optimization Unit7 & 8 Performance and optimization
Unit7 & 8 Performance and optimization
leenachandra
 
Bloem defense.v16.slides
Bloem defense.v16.slidesBloem defense.v16.slides
Bloem defense.v16.slides
mbloem
 
Thesis F. Redaelli UIC Slides EN
Thesis F. Redaelli UIC Slides ENThesis F. Redaelli UIC Slides EN
Thesis F. Redaelli UIC Slides EN
Marco Santambrogio
 
HLPW2-sasanapuri
HLPW2-sasanapuriHLPW2-sasanapuri
HLPW2-sasanapuri
Vijay Kumar
 
Lecture04
Lecture04Lecture04
Lecture04
sean chen
 
Computational Fluid Dynamics (CFD)
Computational Fluid Dynamics (CFD)Computational Fluid Dynamics (CFD)
Computational Fluid Dynamics (CFD)
Khusro Kamaluddin
 
Poster: Contract-Based Integration of Cyber-Physical Analyses
Poster: Contract-Based Integration of Cyber-Physical AnalysesPoster: Contract-Based Integration of Cyber-Physical Analyses
Poster: Contract-Based Integration of Cyber-Physical Analyses
Ivan Ruchkin
 
Architectural Optimizations for High Performance and Energy Efficient Smith-W...
Architectural Optimizations for High Performance and Energy Efficient Smith-W...Architectural Optimizations for High Performance and Energy Efficient Smith-W...
Architectural Optimizations for High Performance and Energy Efficient Smith-W...
NECST Lab @ Politecnico di Milano
 
Six Sigma Mechanical Tolerance Analysis 1
Six Sigma Mechanical Tolerance Analysis 1Six Sigma Mechanical Tolerance Analysis 1
Six Sigma Mechanical Tolerance Analysis 1
David Panek
 
24-02-18 Rejender pratap.pdf
24-02-18 Rejender pratap.pdf24-02-18 Rejender pratap.pdf
24-02-18 Rejender pratap.pdf
FrangoCamila
 
lecture1.ppt
lecture1.pptlecture1.ppt
lecture1.ppt
SagarDR5
 
C++ Notes PPT.ppt
C++ Notes PPT.pptC++ Notes PPT.ppt
C++ Notes PPT.ppt
Alpha474815
 
Confidence Composition for Monitors of Verification Assumptions
Confidence Composition for Monitors of Verification AssumptionsConfidence Composition for Monitors of Verification Assumptions
Confidence Composition for Monitors of Verification Assumptions
Ivan Ruchkin
 
CFDProcess.ppt
CFDProcess.pptCFDProcess.ppt
CFDProcess.ppt
RammoganM
 
CFDProcess (1).ppt
CFDProcess (1).pptCFDProcess (1).ppt
CFDProcess (1).ppt
RammoganM
 
Staroletov Design by Contract, verification of Cyber-physical systems
Staroletov Design by Contract, verification of Cyber-physical systemsStaroletov Design by Contract, verification of Cyber-physical systems
Staroletov Design by Contract, verification of Cyber-physical systems
Sergey Staroletov
 
Dependable Systems - Structure-Based Dependabiilty Modeling (6/16)
Dependable Systems - Structure-Based Dependabiilty Modeling (6/16)Dependable Systems - Structure-Based Dependabiilty Modeling (6/16)
Dependable Systems - Structure-Based Dependabiilty Modeling (6/16)
Peter Tröger
 
Biochip
BiochipBiochip
Biochip
nayakslideshare
 
Framework for Inter-Model Analysis of Cyber-Physical Systems
Framework for Inter-Model Analysis of Cyber-Physical SystemsFramework for Inter-Model Analysis of Cyber-Physical Systems
Framework for Inter-Model Analysis of Cyber-Physical Systems
Ivan Ruchkin
 
Accelerate Reed-Solomon coding for Fault-Tolerance in RAID-like system
Accelerate Reed-Solomon coding for Fault-Tolerance in RAID-like systemAccelerate Reed-Solomon coding for Fault-Tolerance in RAID-like system
Accelerate Reed-Solomon coding for Fault-Tolerance in RAID-like system
Shuai Yuan
 
[ppt]
[ppt][ppt]
[ppt]
butest
 
Parallel Programming for Multi- Core and Cluster Systems - Performance Analysis
Parallel Programming for Multi- Core and Cluster Systems - Performance AnalysisParallel Programming for Multi- Core and Cluster Systems - Performance Analysis
Parallel Programming for Multi- Core and Cluster Systems - Performance Analysis
Shah Zaib
 
Fall 2016 Insurance Case Study – Finance 360Loss ControlLoss.docx
Fall 2016 Insurance Case Study – Finance 360Loss ControlLoss.docxFall 2016 Insurance Case Study – Finance 360Loss ControlLoss.docx
Fall 2016 Insurance Case Study – Finance 360Loss ControlLoss.docx
lmelaine
 
3D-DRESD R4R
3D-DRESD R4R3D-DRESD R4R
3D-DRESD R4R
Marco Santambrogio
 
Transfer defect learning
Transfer defect learningTransfer defect learning
Transfer defect learning
Sung Kim
 
Project seminar ppt_steelcasting
Project seminar ppt_steelcastingProject seminar ppt_steelcasting
Project seminar ppt_steelcasting
Rudra Narayan Paul
 
Language-Enhanced Latent Representations for Out-of-Distribution Detection in...
Language-Enhanced Latent Representations for Out-of-Distribution Detection in...Language-Enhanced Latent Representations for Out-of-Distribution Detection in...
Language-Enhanced Latent Representations for Out-of-Distribution Detection in...
Ivan Ruchkin
 
​Poster: Zero-shot Safety Prediction for Autonomous Robots with Foundation Wo...
​Poster: Zero-shot Safety Prediction for Autonomous Robots with Foundation Wo...​Poster: Zero-shot Safety Prediction for Autonomous Robots with Foundation Wo...
​Poster: Zero-shot Safety Prediction for Autonomous Robots with Foundation Wo...
Ivan Ruchkin
 

More Related Content

Similar to Contract-Based Integration of Cyber-Physical Analyses

Poster: Contract-Based Integration of Cyber-Physical Analyses
Poster: Contract-Based Integration of Cyber-Physical AnalysesPoster: Contract-Based Integration of Cyber-Physical Analyses
Poster: Contract-Based Integration of Cyber-Physical Analyses
Ivan Ruchkin
 
Architectural Optimizations for High Performance and Energy Efficient Smith-W...
Architectural Optimizations for High Performance and Energy Efficient Smith-W...Architectural Optimizations for High Performance and Energy Efficient Smith-W...
Architectural Optimizations for High Performance and Energy Efficient Smith-W...
NECST Lab @ Politecnico di Milano
 
Six Sigma Mechanical Tolerance Analysis 1
Six Sigma Mechanical Tolerance Analysis 1Six Sigma Mechanical Tolerance Analysis 1
Six Sigma Mechanical Tolerance Analysis 1
David Panek
 
24-02-18 Rejender pratap.pdf
24-02-18 Rejender pratap.pdf24-02-18 Rejender pratap.pdf
24-02-18 Rejender pratap.pdf
FrangoCamila
 
lecture1.ppt
lecture1.pptlecture1.ppt
lecture1.ppt
SagarDR5
 
C++ Notes PPT.ppt
C++ Notes PPT.pptC++ Notes PPT.ppt
C++ Notes PPT.ppt
Alpha474815
 
Confidence Composition for Monitors of Verification Assumptions
Confidence Composition for Monitors of Verification AssumptionsConfidence Composition for Monitors of Verification Assumptions
Confidence Composition for Monitors of Verification Assumptions
Ivan Ruchkin
 
CFDProcess.ppt
CFDProcess.pptCFDProcess.ppt
CFDProcess.ppt
RammoganM
 
CFDProcess (1).ppt
CFDProcess (1).pptCFDProcess (1).ppt
CFDProcess (1).ppt
RammoganM
 
Staroletov Design by Contract, verification of Cyber-physical systems
Staroletov Design by Contract, verification of Cyber-physical systemsStaroletov Design by Contract, verification of Cyber-physical systems
Staroletov Design by Contract, verification of Cyber-physical systems
Sergey Staroletov
 
Dependable Systems - Structure-Based Dependabiilty Modeling (6/16)
Dependable Systems - Structure-Based Dependabiilty Modeling (6/16)Dependable Systems - Structure-Based Dependabiilty Modeling (6/16)
Dependable Systems - Structure-Based Dependabiilty Modeling (6/16)
Peter Tröger
 
Biochip
BiochipBiochip
Biochip
nayakslideshare
 
Framework for Inter-Model Analysis of Cyber-Physical Systems
Framework for Inter-Model Analysis of Cyber-Physical SystemsFramework for Inter-Model Analysis of Cyber-Physical Systems
Framework for Inter-Model Analysis of Cyber-Physical Systems
Ivan Ruchkin
 
Accelerate Reed-Solomon coding for Fault-Tolerance in RAID-like system
Accelerate Reed-Solomon coding for Fault-Tolerance in RAID-like systemAccelerate Reed-Solomon coding for Fault-Tolerance in RAID-like system
Accelerate Reed-Solomon coding for Fault-Tolerance in RAID-like system
Shuai Yuan
 
[ppt]
[ppt][ppt]
[ppt]
butest
 
Parallel Programming for Multi- Core and Cluster Systems - Performance Analysis
Parallel Programming for Multi- Core and Cluster Systems - Performance AnalysisParallel Programming for Multi- Core and Cluster Systems - Performance Analysis
Parallel Programming for Multi- Core and Cluster Systems - Performance Analysis
Shah Zaib
 
Fall 2016 Insurance Case Study – Finance 360Loss ControlLoss.docx
Fall 2016 Insurance Case Study – Finance 360Loss ControlLoss.docxFall 2016 Insurance Case Study – Finance 360Loss ControlLoss.docx
Fall 2016 Insurance Case Study – Finance 360Loss ControlLoss.docx
lmelaine
 
3D-DRESD R4R
3D-DRESD R4R3D-DRESD R4R
3D-DRESD R4R
Marco Santambrogio
 
Transfer defect learning
Transfer defect learningTransfer defect learning
Transfer defect learning
Sung Kim
 
Project seminar ppt_steelcasting
Project seminar ppt_steelcastingProject seminar ppt_steelcasting
Project seminar ppt_steelcasting
Rudra Narayan Paul
 

Similar to Contract-Based Integration of Cyber-Physical Analyses (20)

Poster: Contract-Based Integration of Cyber-Physical Analyses
Poster: Contract-Based Integration of Cyber-Physical AnalysesPoster: Contract-Based Integration of Cyber-Physical Analyses
Poster: Contract-Based Integration of Cyber-Physical Analyses
 
Architectural Optimizations for High Performance and Energy Efficient Smith-W...
Architectural Optimizations for High Performance and Energy Efficient Smith-W...Architectural Optimizations for High Performance and Energy Efficient Smith-W...
Architectural Optimizations for High Performance and Energy Efficient Smith-W...
 
Six Sigma Mechanical Tolerance Analysis 1
Six Sigma Mechanical Tolerance Analysis 1Six Sigma Mechanical Tolerance Analysis 1
Six Sigma Mechanical Tolerance Analysis 1
 
24-02-18 Rejender pratap.pdf
24-02-18 Rejender pratap.pdf24-02-18 Rejender pratap.pdf
24-02-18 Rejender pratap.pdf
 
lecture1.ppt
lecture1.pptlecture1.ppt
lecture1.ppt
 
C++ Notes PPT.ppt
C++ Notes PPT.pptC++ Notes PPT.ppt
C++ Notes PPT.ppt
 
Confidence Composition for Monitors of Verification Assumptions
Confidence Composition for Monitors of Verification AssumptionsConfidence Composition for Monitors of Verification Assumptions
Confidence Composition for Monitors of Verification Assumptions
 
CFDProcess.ppt
CFDProcess.pptCFDProcess.ppt
CFDProcess.ppt
 
CFDProcess (1).ppt
CFDProcess (1).pptCFDProcess (1).ppt
CFDProcess (1).ppt
 
Staroletov Design by Contract, verification of Cyber-physical systems
Staroletov Design by Contract, verification of Cyber-physical systemsStaroletov Design by Contract, verification of Cyber-physical systems
Staroletov Design by Contract, verification of Cyber-physical systems
 
Dependable Systems - Structure-Based Dependabiilty Modeling (6/16)
Dependable Systems - Structure-Based Dependabiilty Modeling (6/16)Dependable Systems - Structure-Based Dependabiilty Modeling (6/16)
Dependable Systems - Structure-Based Dependabiilty Modeling (6/16)
 
Biochip
BiochipBiochip
Biochip
 
Framework for Inter-Model Analysis of Cyber-Physical Systems
Framework for Inter-Model Analysis of Cyber-Physical SystemsFramework for Inter-Model Analysis of Cyber-Physical Systems
Framework for Inter-Model Analysis of Cyber-Physical Systems
 
Accelerate Reed-Solomon coding for Fault-Tolerance in RAID-like system
Accelerate Reed-Solomon coding for Fault-Tolerance in RAID-like systemAccelerate Reed-Solomon coding for Fault-Tolerance in RAID-like system
Accelerate Reed-Solomon coding for Fault-Tolerance in RAID-like system
 
[ppt]
[ppt][ppt]
[ppt]
 
Parallel Programming for Multi- Core and Cluster Systems - Performance Analysis
Parallel Programming for Multi- Core and Cluster Systems - Performance AnalysisParallel Programming for Multi- Core and Cluster Systems - Performance Analysis
Parallel Programming for Multi- Core and Cluster Systems - Performance Analysis
 
Fall 2016 Insurance Case Study – Finance 360Loss ControlLoss.docx
Fall 2016 Insurance Case Study – Finance 360Loss ControlLoss.docxFall 2016 Insurance Case Study – Finance 360Loss ControlLoss.docx
Fall 2016 Insurance Case Study – Finance 360Loss ControlLoss.docx
 
3D-DRESD R4R
3D-DRESD R4R3D-DRESD R4R
3D-DRESD R4R
 
Transfer defect learning
Transfer defect learningTransfer defect learning
Transfer defect learning
 
Project seminar ppt_steelcasting
Project seminar ppt_steelcastingProject seminar ppt_steelcasting
Project seminar ppt_steelcasting
 

More from Ivan Ruchkin

Language-Enhanced Latent Representations for Out-of-Distribution Detection in...
Language-Enhanced Latent Representations for Out-of-Distribution Detection in...Language-Enhanced Latent Representations for Out-of-Distribution Detection in...
Language-Enhanced Latent Representations for Out-of-Distribution Detection in...
Ivan Ruchkin
 
​Poster: Zero-shot Safety Prediction for Autonomous Robots with Foundation Wo...
​Poster: Zero-shot Safety Prediction for Autonomous Robots with Foundation Wo...​Poster: Zero-shot Safety Prediction for Autonomous Robots with Foundation Wo...
​Poster: Zero-shot Safety Prediction for Autonomous Robots with Foundation Wo...
Ivan Ruchkin
 
Curating Naturally Adversarial Datasets for Learning-Enabled Medical Cyber-Ph...
Curating Naturally Adversarial Datasets for Learning-Enabled Medical Cyber-Ph...Curating Naturally Adversarial Datasets for Learning-Enabled Medical Cyber-Ph...
Curating Naturally Adversarial Datasets for Learning-Enabled Medical Cyber-Ph...
Ivan Ruchkin
 
Repairing Learning-Enabled Controllers While Preserving What Works
Repairing Learning-Enabled Controllers While Preserving What WorksRepairing Learning-Enabled Controllers While Preserving What Works
Repairing Learning-Enabled Controllers While Preserving What Works
Ivan Ruchkin
 
Poster: Conservative Safety Monitors of Stochastic Dynamical Systems
Poster: Conservative Safety Monitors of Stochastic Dynamical SystemsPoster: Conservative Safety Monitors of Stochastic Dynamical Systems
Poster: Conservative Safety Monitors of Stochastic Dynamical Systems
Ivan Ruchkin
 
Poster: How Safe Am I Given What I See? Calibrated Prediction of Safety Chanc...
Poster: How Safe Am I Given What I See? Calibrated Prediction of Safety Chanc...Poster: How Safe Am I Given What I See? Calibrated Prediction of Safety Chanc...
Poster: How Safe Am I Given What I See? Calibrated Prediction of Safety Chanc...
Ivan Ruchkin
 
Verify-then-Monitor: Calibration Guarantees for Safety Confidence
Verify-then-Monitor: Calibration Guarantees for Safety ConfidenceVerify-then-Monitor: Calibration Guarantees for Safety Confidence
Verify-then-Monitor: Calibration Guarantees for Safety Confidence
Ivan Ruchkin
 
Causal Repair of Learning-Enabled Cyber-physical Systems
Causal Repair of Learning-Enabled Cyber-physical SystemsCausal Repair of Learning-Enabled Cyber-physical Systems
Causal Repair of Learning-Enabled Cyber-physical Systems
Ivan Ruchkin
 
Conservative Safety Monitors of Stochastic Dynamical Systems
Conservative Safety Monitors of Stochastic Dynamical SystemsConservative Safety Monitors of Stochastic Dynamical Systems
Conservative Safety Monitors of Stochastic Dynamical Systems
Ivan Ruchkin
 
Overcoming Heterogeneity in Autonomous Cyber-Physical Systems
Overcoming Heterogeneity in Autonomous Cyber-Physical SystemsOvercoming Heterogeneity in Autonomous Cyber-Physical Systems
Overcoming Heterogeneity in Autonomous Cyber-Physical Systems
Ivan Ruchkin
 
High-Confidence Data Programming for Evaluating Suppression of Physiological ...
High-Confidence Data Programming for Evaluating Suppression of Physiological ...High-Confidence Data Programming for Evaluating Suppression of Physiological ...
High-Confidence Data Programming for Evaluating Suppression of Physiological ...
Ivan Ruchkin
 
Data Generation with PROSPECT: a Probability Specification Tool
Data Generation with PROSPECT: a Probability Specification ToolData Generation with PROSPECT: a Probability Specification Tool
Data Generation with PROSPECT: a Probability Specification Tool
Ivan Ruchkin
 
Confidence Monitoring and Composition for Dynamic Assurance of Learning-Enabl...
Confidence Monitoring and Composition for Dynamic Assurance of Learning-Enabl...Confidence Monitoring and Composition for Dynamic Assurance of Learning-Enabl...
Confidence Monitoring and Composition for Dynamic Assurance of Learning-Enabl...
Ivan Ruchkin
 
Confidence Composition (CoCo) for Dynamic Assurance of Learning-Enabled Auton...
Confidence Composition (CoCo) for Dynamic Assurance of Learning-Enabled Auton...Confidence Composition (CoCo) for Dynamic Assurance of Learning-Enabled Auton...
Confidence Composition (CoCo) for Dynamic Assurance of Learning-Enabled Auton...
Ivan Ruchkin
 
Confidence Monitoring and Composition for Dynamic Assurance of Learning-Enabl...
Confidence Monitoring and Composition for Dynamic Assurance of Learning-Enabl...Confidence Monitoring and Composition for Dynamic Assurance of Learning-Enabl...
Confidence Monitoring and Composition for Dynamic Assurance of Learning-Enabl...
Ivan Ruchkin
 
On the Role of Assumptions in Engineering Smart Systems
On the Role of Assumptions in Engineering Smart SystemsOn the Role of Assumptions in Engineering Smart Systems
On the Role of Assumptions in Engineering Smart Systems
Ivan Ruchkin
 
Compositional Probabilistic Analysis of Temporal Properties over Stochastic D...
Compositional Probabilistic Analysis of Temporal Properties over Stochastic D...Compositional Probabilistic Analysis of Temporal Properties over Stochastic D...
Compositional Probabilistic Analysis of Temporal Properties over Stochastic D...
Ivan Ruchkin
 
Overview of Epidemic Models for COVID-19
Overview of Epidemic Models for COVID-19Overview of Epidemic Models for COVID-19
Overview of Epidemic Models for COVID-19
Ivan Ruchkin
 
Thesis Defense: Integration of Modeling Methods for Cyber-Physical Systems
Thesis Defense: Integration of Modeling Methods for Cyber-Physical SystemsThesis Defense: Integration of Modeling Methods for Cyber-Physical Systems
Thesis Defense: Integration of Modeling Methods for Cyber-Physical Systems
Ivan Ruchkin
 
Towards a Formal Framework for Hybrid Planning in Self-Adaptation
Towards a Formal Framework for Hybrid Planning in Self-AdaptationTowards a Formal Framework for Hybrid Planning in Self-Adaptation
Towards a Formal Framework for Hybrid Planning in Self-Adaptation
Ivan Ruchkin
 

More from Ivan Ruchkin (20)

Language-Enhanced Latent Representations for Out-of-Distribution Detection in...
Language-Enhanced Latent Representations for Out-of-Distribution Detection in...Language-Enhanced Latent Representations for Out-of-Distribution Detection in...
Language-Enhanced Latent Representations for Out-of-Distribution Detection in...
 
​Poster: Zero-shot Safety Prediction for Autonomous Robots with Foundation Wo...
​Poster: Zero-shot Safety Prediction for Autonomous Robots with Foundation Wo...​Poster: Zero-shot Safety Prediction for Autonomous Robots with Foundation Wo...
​Poster: Zero-shot Safety Prediction for Autonomous Robots with Foundation Wo...
 
Curating Naturally Adversarial Datasets for Learning-Enabled Medical Cyber-Ph...
Curating Naturally Adversarial Datasets for Learning-Enabled Medical Cyber-Ph...Curating Naturally Adversarial Datasets for Learning-Enabled Medical Cyber-Ph...
Curating Naturally Adversarial Datasets for Learning-Enabled Medical Cyber-Ph...
 
Repairing Learning-Enabled Controllers While Preserving What Works
Repairing Learning-Enabled Controllers While Preserving What WorksRepairing Learning-Enabled Controllers While Preserving What Works
Repairing Learning-Enabled Controllers While Preserving What Works
 
Poster: Conservative Safety Monitors of Stochastic Dynamical Systems
Poster: Conservative Safety Monitors of Stochastic Dynamical SystemsPoster: Conservative Safety Monitors of Stochastic Dynamical Systems
Poster: Conservative Safety Monitors of Stochastic Dynamical Systems
 
Poster: How Safe Am I Given What I See? Calibrated Prediction of Safety Chanc...
Poster: How Safe Am I Given What I See? Calibrated Prediction of Safety Chanc...Poster: How Safe Am I Given What I See? Calibrated Prediction of Safety Chanc...
Poster: How Safe Am I Given What I See? Calibrated Prediction of Safety Chanc...
 
Verify-then-Monitor: Calibration Guarantees for Safety Confidence
Verify-then-Monitor: Calibration Guarantees for Safety ConfidenceVerify-then-Monitor: Calibration Guarantees for Safety Confidence
Verify-then-Monitor: Calibration Guarantees for Safety Confidence
 
Causal Repair of Learning-Enabled Cyber-physical Systems
Causal Repair of Learning-Enabled Cyber-physical SystemsCausal Repair of Learning-Enabled Cyber-physical Systems
Causal Repair of Learning-Enabled Cyber-physical Systems
 
Conservative Safety Monitors of Stochastic Dynamical Systems
Conservative Safety Monitors of Stochastic Dynamical SystemsConservative Safety Monitors of Stochastic Dynamical Systems
Conservative Safety Monitors of Stochastic Dynamical Systems
 
Overcoming Heterogeneity in Autonomous Cyber-Physical Systems
Overcoming Heterogeneity in Autonomous Cyber-Physical SystemsOvercoming Heterogeneity in Autonomous Cyber-Physical Systems
Overcoming Heterogeneity in Autonomous Cyber-Physical Systems
 
High-Confidence Data Programming for Evaluating Suppression of Physiological ...
High-Confidence Data Programming for Evaluating Suppression of Physiological ...High-Confidence Data Programming for Evaluating Suppression of Physiological ...
High-Confidence Data Programming for Evaluating Suppression of Physiological ...
 
Data Generation with PROSPECT: a Probability Specification Tool
Data Generation with PROSPECT: a Probability Specification ToolData Generation with PROSPECT: a Probability Specification Tool
Data Generation with PROSPECT: a Probability Specification Tool
 
Confidence Monitoring and Composition for Dynamic Assurance of Learning-Enabl...
Confidence Monitoring and Composition for Dynamic Assurance of Learning-Enabl...Confidence Monitoring and Composition for Dynamic Assurance of Learning-Enabl...
Confidence Monitoring and Composition for Dynamic Assurance of Learning-Enabl...
 
Confidence Composition (CoCo) for Dynamic Assurance of Learning-Enabled Auton...
Confidence Composition (CoCo) for Dynamic Assurance of Learning-Enabled Auton...Confidence Composition (CoCo) for Dynamic Assurance of Learning-Enabled Auton...
Confidence Composition (CoCo) for Dynamic Assurance of Learning-Enabled Auton...
 
Confidence Monitoring and Composition for Dynamic Assurance of Learning-Enabl...
Confidence Monitoring and Composition for Dynamic Assurance of Learning-Enabl...Confidence Monitoring and Composition for Dynamic Assurance of Learning-Enabl...
Confidence Monitoring and Composition for Dynamic Assurance of Learning-Enabl...
 
On the Role of Assumptions in Engineering Smart Systems
On the Role of Assumptions in Engineering Smart SystemsOn the Role of Assumptions in Engineering Smart Systems
On the Role of Assumptions in Engineering Smart Systems
 
Compositional Probabilistic Analysis of Temporal Properties over Stochastic D...
Compositional Probabilistic Analysis of Temporal Properties over Stochastic D...Compositional Probabilistic Analysis of Temporal Properties over Stochastic D...
Compositional Probabilistic Analysis of Temporal Properties over Stochastic D...
 
Overview of Epidemic Models for COVID-19
Overview of Epidemic Models for COVID-19Overview of Epidemic Models for COVID-19
Overview of Epidemic Models for COVID-19
 
Thesis Defense: Integration of Modeling Methods for Cyber-Physical Systems
Thesis Defense: Integration of Modeling Methods for Cyber-Physical SystemsThesis Defense: Integration of Modeling Methods for Cyber-Physical Systems
Thesis Defense: Integration of Modeling Methods for Cyber-Physical Systems
 
Towards a Formal Framework for Hybrid Planning in Self-Adaptation
Towards a Formal Framework for Hybrid Planning in Self-AdaptationTowards a Formal Framework for Hybrid Planning in Self-Adaptation
Towards a Formal Framework for Hybrid Planning in Self-Adaptation
 

Recently uploaded

Mobile App Development Company In Noida | Drona Infotech
Mobile App Development Company In Noida | Drona InfotechMobile App Development Company In Noida | Drona Infotech
Mobile App Development Company In Noida | Drona Infotech
Drona Infotech
 
Oracle Database 19c New Features for DBAs and Developers.pptx
Oracle Database 19c New Features for DBAs and Developers.pptxOracle Database 19c New Features for DBAs and Developers.pptx
Oracle Database 19c New Features for DBAs and Developers.pptx
Remote DBA Services
 
Lecture 2 - software testing SE 412.pptx
Lecture 2 - software testing SE 412.pptxLecture 2 - software testing SE 412.pptx
Lecture 2 - software testing SE 412.pptx
TaghreedAltamimi
 
UI5con 2024 - Keynote: Latest News about UI5 and it’s Ecosystem
UI5con 2024 - Keynote: Latest News about UI5 and it’s EcosystemUI5con 2024 - Keynote: Latest News about UI5 and it’s Ecosystem
UI5con 2024 - Keynote: Latest News about UI5 and it’s Ecosystem
Peter Muessig
 
Hand Rolled Applicative User Validation Code Kata
Hand Rolled Applicative User Validation Code KataHand Rolled Applicative User Validation Code Kata
Hand Rolled Applicative User Validation Code Kata
Philip Schwarz
 
Energy consumption of Database Management - Florina Jonuzi
Energy consumption of Database Management - Florina JonuziEnergy consumption of Database Management - Florina Jonuzi
Energy consumption of Database Management - Florina Jonuzi
Green Software Development
 
fiscal year variant fiscal year variant.
fiscal year variant fiscal year variant.fiscal year variant fiscal year variant.
fiscal year variant fiscal year variant.
AnkitaPandya11
 
Microservice Teams - How the cloud changes the way we work
Microservice Teams - How the cloud changes the way we workMicroservice Teams - How the cloud changes the way we work
Microservice Teams - How the cloud changes the way we work
Sven Peters
 
14 th Edition of International conference on computer vision
14 th Edition of International conference on computer vision14 th Edition of International conference on computer vision
14 th Edition of International conference on computer vision
ShulagnaSarkar2
 
How Can Hiring A Mobile App Development Company Help Your Business Grow?
How Can Hiring A Mobile App Development Company Help Your Business Grow?How Can Hiring A Mobile App Development Company Help Your Business Grow?
How Can Hiring A Mobile App Development Company Help Your Business Grow?
ToXSL Technologies
 
Modelling Up - DDDEurope 2024 - Amsterdam
Modelling Up - DDDEurope 2024 - AmsterdamModelling Up - DDDEurope 2024 - Amsterdam
Modelling Up - DDDEurope 2024 - Amsterdam
Alberto Brandolini
 
Top Benefits of Using Salesforce Healthcare CRM for Patient Management.pdf
Top Benefits of Using Salesforce Healthcare CRM for Patient Management.pdfTop Benefits of Using Salesforce Healthcare CRM for Patient Management.pdf
Top Benefits of Using Salesforce Healthcare CRM for Patient Management.pdf
VALiNTRY360
 
如何办理(hull学位证书)英国赫尔大学毕业证硕士文凭原版一模一样
如何办理(hull学位证书)英国赫尔大学毕业证硕士文凭原版一模一样如何办理(hull学位证书)英国赫尔大学毕业证硕士文凭原版一模一样
如何办理(hull学位证书)英国赫尔大学毕业证硕士文凭原版一模一样
gapen1
 
UI5con 2024 - Bring Your Own Design System
UI5con 2024 - Bring Your Own Design SystemUI5con 2024 - Bring Your Own Design System
UI5con 2024 - Bring Your Own Design System
Peter Muessig
 
8 Best Automated Android App Testing Tool and Framework in 2024.pdf
8 Best Automated Android App Testing Tool and Framework in 2024.pdf8 Best Automated Android App Testing Tool and Framework in 2024.pdf
8 Best Automated Android App Testing Tool and Framework in 2024.pdf
kalichargn70th171
 
在线购买加拿大英属哥伦比亚大学毕业证本科学位证书原版一模一样
在线购买加拿大英属哥伦比亚大学毕业证本科学位证书原版一模一样在线购买加拿大英属哥伦比亚大学毕业证本科学位证书原版一模一样
在线购买加拿大英属哥伦比亚大学毕业证本科学位证书原版一模一样
mz5nrf0n
 
All you need to know about Spring Boot and GraalVM
All you need to know about Spring Boot and GraalVMAll you need to know about Spring Boot and GraalVM
All you need to know about Spring Boot and GraalVM
Alina Yurenko
 
Malibou Pitch Deck For Its €3M Seed Round
Malibou Pitch Deck For Its €3M Seed RoundMalibou Pitch Deck For Its €3M Seed Round
Malibou Pitch Deck For Its €3M Seed Round
sjcobrien
 
Artificia Intellicence and XPath Extension Functions
Artificia Intellicence and XPath Extension FunctionsArtificia Intellicence and XPath Extension Functions
Artificia Intellicence and XPath Extension Functions
Octavian Nadolu
 
E-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian Companies
E-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian CompaniesE-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian Companies
E-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian Companies
Quickdice ERP
 

Recently uploaded (20)

Mobile App Development Company In Noida | Drona Infotech
Mobile App Development Company In Noida | Drona InfotechMobile App Development Company In Noida | Drona Infotech
Mobile App Development Company In Noida | Drona Infotech
 
Oracle Database 19c New Features for DBAs and Developers.pptx
Oracle Database 19c New Features for DBAs and Developers.pptxOracle Database 19c New Features for DBAs and Developers.pptx
Oracle Database 19c New Features for DBAs and Developers.pptx
 
Lecture 2 - software testing SE 412.pptx
Lecture 2 - software testing SE 412.pptxLecture 2 - software testing SE 412.pptx
Lecture 2 - software testing SE 412.pptx
 
UI5con 2024 - Keynote: Latest News about UI5 and it’s Ecosystem
UI5con 2024 - Keynote: Latest News about UI5 and it’s EcosystemUI5con 2024 - Keynote: Latest News about UI5 and it’s Ecosystem
UI5con 2024 - Keynote: Latest News about UI5 and it’s Ecosystem
 
Hand Rolled Applicative User Validation Code Kata
Hand Rolled Applicative User Validation Code KataHand Rolled Applicative User Validation Code Kata
Hand Rolled Applicative User Validation Code Kata
 
Energy consumption of Database Management - Florina Jonuzi
Energy consumption of Database Management - Florina JonuziEnergy consumption of Database Management - Florina Jonuzi
Energy consumption of Database Management - Florina Jonuzi
 
fiscal year variant fiscal year variant.
fiscal year variant fiscal year variant.fiscal year variant fiscal year variant.
fiscal year variant fiscal year variant.
 
Microservice Teams - How the cloud changes the way we work
Microservice Teams - How the cloud changes the way we workMicroservice Teams - How the cloud changes the way we work
Microservice Teams - How the cloud changes the way we work
 
14 th Edition of International conference on computer vision
14 th Edition of International conference on computer vision14 th Edition of International conference on computer vision
14 th Edition of International conference on computer vision
 
How Can Hiring A Mobile App Development Company Help Your Business Grow?
How Can Hiring A Mobile App Development Company Help Your Business Grow?How Can Hiring A Mobile App Development Company Help Your Business Grow?
How Can Hiring A Mobile App Development Company Help Your Business Grow?
 
Modelling Up - DDDEurope 2024 - Amsterdam
Modelling Up - DDDEurope 2024 - AmsterdamModelling Up - DDDEurope 2024 - Amsterdam
Modelling Up - DDDEurope 2024 - Amsterdam
 
Top Benefits of Using Salesforce Healthcare CRM for Patient Management.pdf
Top Benefits of Using Salesforce Healthcare CRM for Patient Management.pdfTop Benefits of Using Salesforce Healthcare CRM for Patient Management.pdf
Top Benefits of Using Salesforce Healthcare CRM for Patient Management.pdf
 
如何办理(hull学位证书)英国赫尔大学毕业证硕士文凭原版一模一样
如何办理(hull学位证书)英国赫尔大学毕业证硕士文凭原版一模一样如何办理(hull学位证书)英国赫尔大学毕业证硕士文凭原版一模一样
如何办理(hull学位证书)英国赫尔大学毕业证硕士文凭原版一模一样
 
UI5con 2024 - Bring Your Own Design System
UI5con 2024 - Bring Your Own Design SystemUI5con 2024 - Bring Your Own Design System
UI5con 2024 - Bring Your Own Design System
 
8 Best Automated Android App Testing Tool and Framework in 2024.pdf
8 Best Automated Android App Testing Tool and Framework in 2024.pdf8 Best Automated Android App Testing Tool and Framework in 2024.pdf
8 Best Automated Android App Testing Tool and Framework in 2024.pdf
 
在线购买加拿大英属哥伦比亚大学毕业证本科学位证书原版一模一样
在线购买加拿大英属哥伦比亚大学毕业证本科学位证书原版一模一样在线购买加拿大英属哥伦比亚大学毕业证本科学位证书原版一模一样
在线购买加拿大英属哥伦比亚大学毕业证本科学位证书原版一模一样
 
All you need to know about Spring Boot and GraalVM
All you need to know about Spring Boot and GraalVMAll you need to know about Spring Boot and GraalVM
All you need to know about Spring Boot and GraalVM
 
Malibou Pitch Deck For Its €3M Seed Round
Malibou Pitch Deck For Its €3M Seed RoundMalibou Pitch Deck For Its €3M Seed Round
Malibou Pitch Deck For Its €3M Seed Round
 
Artificia Intellicence and XPath Extension Functions
Artificia Intellicence and XPath Extension FunctionsArtificia Intellicence and XPath Extension Functions
Artificia Intellicence and XPath Extension Functions
 
E-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian Companies
E-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian CompaniesE-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian Companies
E-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian Companies
 

Contract-Based Integration of Cyber-Physical Analyses

  • 1. 1 Contract-Based Integration of Cyber-Physical Analyses Ivan Ruchkin Dionisio De Niz Sagar Chaki David Garlan October 14, 2014 14th International Conference on Embedded Software
  • 2. 2 Copyright 2014 ACM This material is based upon work funded and supported by the Department of Defense under Contract No. FA8721-05-C-0003 with Carnegie Mellon University for the operation of the Software Engineering Institute, a federally funded research and development center. NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN “AS-IS” BASIS. CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. This material has been approved for public release and unlimited distribution. This material may be reproduced in its entirety, without modification, and freely distributed in written or electronic form without requesting formal permission. Permission is required for any other use. Requests for permission should be directed to the Software Engineering Institute at permission@sei.cmu.edu. Carnegie Mellon® is registered in the U.S. Patent and Trademark Office by Carnegie Mellon University. DM-0001714
  • 3. 3 Outline ● Analysis integration problem ● Analysis contracts approach – Specification – Verification ● Experimental results
  • 4. 4 Model integration in CPS Energy Scheduling Aerodynamics ● Subtle mismatches between technical domains ● Lead to costly fixes or failures
  • 5. 5 Analytic aspect of integration Sensor Sampling PID Controller Actuator Controller Communication bus Sensor board CPU Actuator board System Analysis Bin packing Frequency scaling Power Exec Time Analysis Allocates Adjusts frequency ● Frequency scaling is applicable only when: – used after Bin packing – the system is behaviorally deadline-monotonic ● Otherwise, frequency scaling may render the system unschedulable
  • 6. 6 Frequency scaling assumption ● Behavioral equivalence to deadline-monotonic scheduling RMS ≠ DMS P=D D P RMS = DMS P=D P=D P=D P=D P=D P=D, Harmonic, Sync P=D EDF ≠ DMS EDF = DMS
  • 7. 7 Analysis integration problem System Analysis Analysis Analysis Analysis Domain 1 ● Out-of-order execution Domain 2 ● Invalidation of assumptions
  • 8. 8 Existing solutions ● Assume-guarantee component composition does not handle analytic integration of tools [1][2]. ● Architectural views tackle model consistency, not analytic tool consistency [3][4] ● Meta-level AADL languages do not allow domain-specific semantics [5] ● Previous work on analysis contracts: single domain only, unsound and incomplete verification [6] [1] Frehse et al. Assume-guarantee reasoning for hybrid I/O-automata by over-approximation of continuous interaction, 2004 [2] Sangiovanni-Vincentelli et al. Taming Dr. Frankenstein: contract-based design for cyber-physical systems, 2013 [3] Torngren et al. Integrating viewpoints in the development of mechatronic products, 2013 [4] Rajhans et al. Supporting heterogeneity in cyber-physical systems architectures, 2014 [5] Boddy et al. The FUSED meta-language and tools for complex system engineering, 2011 [6] Nam et al. Resource allocation contracts for open analytic runtime models, 2011
  • 9. 9 Running example Scheduling Battery Battery Scheduling Discharge Charge Bin packing Data Data security security x x
  • 10. 10 Outline ● Analysis integration problem ● Analysis contracts approach – Specification – Verification ● Experimental results
  • 11. 11 Analysis contracts approach 1. Formalize analysis domains 2. Specify dependencies, assumptions, and guarantees of analyses 3. Determine correct ordering of analyses 4. Verify assumptions and guarantees of analyses
  • 12. 12 Outline ● Analysis integration problem ● Analysis contracts approach – Specification – Verification ● Experimental results
  • 13. 13 Running example Scheduling Battery Battery Scheduling Discharge Charge Bin packing Data Data security security x x
  • 14. 14 Running example Scheduling domain σsched Battery domain σbatt Battery Scheduling Discharge Charge Bin packing Data Data security security x x
  • 15. 15 Verification domain Domain σ is a many-sorted signature (A, S, R, T, ⦃⦄σ): – A – set of atoms: ℬ, ℤ, Threads, Batteries, SchedPol – S – static functions: Period, Dline, CPUBind, Voltage – R – runtime functions CanPrmpt: Threads x Threads → ℬ – T – execution semantics ● set of sequences of R assignments – ⦃⦄σ and ⦃⦄m – domain and model interpretations ● ⦃SchedPol⦄σ = {RMS, DMS, EDF} ● ⦃CPUBind⦄m = { (Ctrl1, CPU1), (Ctrl2, CPU2), ... }
  • 16. 16 Analysis contract ● Given a domain σ, analysis contract C is a tuple (I, O, A, G) – Inputs I ⊆ A ∪ S – Outputs O ⊆ A ∪ S – Assumptions A ⊆ Fσ – Guarantees G ⊆ Fσ ● Where: – Fσ ::= {∀|ⱻ} v1..vn•φ | {∀|ⱻ} v1..vn•φ : ψ – φ is a static predicate formula over A and S – ψ is an LTL formula over A, S, and R – E.g.: ∀ t1, t2: Threads • t1 ≠ t2 ∧ CPUBind(t1) = CPUBind(t2) : G (CanPrmpt(t1, t2) ⇒ Dline(t1) < Dline(t2))
  • 17. 17 Outline ● Analysis integration problem ● Analysis contracts approach – Specification – Verification ● Experimental results
  • 18. 18 Running example Scheduling domain σsched Battery domain σbatt Battery Scheduling Discharge Charge Bin packing Data Data security security x x
  • 19. 19 Assumption verification ● Goal: ∀ t1, t2: Threads • t1 ≠ t2 ∧ CPUBind(t1) = CPUBind(t2) : G (CanPrmpt(t1, t2) ⇒ Dline(t1) < Dline(t2)) ● SMT solver finds solutions for static fragment φ – ∀ t1, t2:Threads | t1 ≠ t2 ∧ CPUBind(t1) = CPUBind(t2) ● Model checking property ψ in a behavioral Promela model for each SMT solution: – G (CanPrmpt(t1, t2) ⇒ Dline(t1) < Dline(t2))
  • 20. 20 Battery modeling Battery domain σbatt Battery Scheduling Discharge Charge ● Abstraction: circuits ● Selects a scheduler for cell connections ● Oblivious of heat: treats any configuration as acceptable heat-wise ● Restrictions on acceptable thermal configurations ● Guarantee: unacceptable ones don't occur ● Abstraction: geometry ● Simulates heat propagation ● Cannot scale to dynamic scheduling: simulates only fixed cell configurations
  • 21. 21 Battery scheduling guarantee ● G: “Bad thermal configurations are not reachable” ● TN(b, i) ∈ R – number of cells in b with i thermal neighbors ● K(b, i) ∈ S – experimental weight for TN(b, i) ● G = {∀ b: Batteries • G ( Σ i=0..3 K(b, i)*TN(b, i) ) ≥ 0}
  • 22. 22 Battery modeling Battery domain σbatt Battery Scheduling Discharge Charge Selects a battery scheduler G: ∀ b: Batteries • G ( Σ i=0..3 K(b, i)*TN(b, i) ) ≥ 0 Verified with battery Promela/Spin model K(b, i) Determines K(b, i) via simulation
  • 23. 23 Outline ● Analysis integration problem ● Analysis contracts approach – Specification – Verification ● Experimental results
  • 25. 25 Scalability evaluation ● SMT solving typically takes less than 0.1 second ● Spin model checking times: σsched : σbatt : Threads (R/D)MS time EDF time 3 0.01 0.01 4 0.01 0.52 5 0.07 33.4 6 0.37 2290.0 7 2.18 Out Mem 8 12.4 Out Mem 9 71.2 Out Mem 10 421 Out Mem 11 Out Mem Out Mem Cells FGURR time FGWRR time GPWRR time 9 0.13 0.15 0.15 12 0.61 2.34 3.94 16 44 31.4 127 20 1060 619 Out Mem 25 Out Mem Out Mem Out Mem All times are in seconds
  • 26. 26 Summary ● Analysis integration is error-prone – Incorrect ordering – Violation of implicit assumptions ● Our solution: – Contract specification language – Contract verification algorithm – Framework implementation ● Effective, extensible, and scalable
  • 27. 27 Verification domain ● Domain σ is a many-sorted signature (A, S, R, T, ⦃⦄σ): – A: set of sorts – system elements and standard sorts ● E.g.: ℬ, ℤ, Threads, Batteries, SchedPol – S: Ai x ... x An → Ak – static functions that encode design properties ● E.g.: Period, Dline, CPUBind, Voltage – R: Ai x ... x An → Ak – runtime functions that encode dynamic properties ● E.g.: CanPrmpt: Threads x Threads → ℬ TN: Batteries x ℤ → ℤ
  • 28. 28 Verification domain ● Domain σ is a many-sorted signature (A, S, R, T, ⦃⦄σ): – T: execution semantics – set of sequences of R assignments ● E.g.: thread scheduler state model for σsched battery state model for for σbatt – ⦃⦄σ: domain interpretation for A and S ● E.g.: ⦃SchedPol⦄σ = {RMS, DMS, EDF} ● Architectural model m is an interpretation ⦃⦄m of A, S, and T – E.g.: ⦃Threads⦄m = { SensorSample, Ctrl1, Ctrl2 } ⦃CPUBind⦄m = { (Ctrl1, CPU1), (Ctrl2, CPU2), ... } – ⦃⦄σ ∪ ⦃⦄m is a full interpretation