Cascading Verification Fokion Zervoudakis (UCL) David S. Rosenblum - - PowerPoint PPT Presentation

cascading verification
SMART_READER_LITE
LIVE PREVIEW

Cascading Verification Fokion Zervoudakis (UCL) David S. Rosenblum - - PowerPoint PPT Presentation

Mar 13, 2023 223 likes •554 views

Cascading Verification Fokion Zervoudakis (UCL) David S. Rosenblum (NUS) Sebastian Elbaum (UNL) Anthony Finkelstein (UCL) supported in part by AFOSR-FA9550-09-1-0687 and EOARD-FA8655-10-1-3007 Introduction Enhancing the dependability of

slide-1
SLIDE 1

Cascading Verification

Fokion Zervoudakis (UCL) David S. Rosenblum (NUS) Sebastian Elbaum (UNL) Anthony Finkelstein (UCL)

supported in part by AFOSR-FA9550-09-1-0687 and EOARD-FA8655-10-1-3007

slide-2
SLIDE 2

Introduction Enhancing the dependability of complex missions through automated analysis

Fokion Zervoudakis / David S. Rosenblum / Sebastian Elbaum / Anthony Finkelstein from http://www.asctec.de/

slide-3
SLIDE 3

Introduction Enhancing the dependability of complex missions through automated analysis

Fokion Zervoudakis / David S. Rosenblum / Sebastian Elbaum / Anthony Finkelstein from http://www.asctec.de/

slide-4
SLIDE 4

Introduction Industrial inspection

Fokion Zervoudakis / David S. Rosenblum / Sebastian Elbaum / Anthony Finkelstein from http://www.asctec.de/

slide-5
SLIDE 5

Introduction Aerial mapping

Fokion Zervoudakis / David S. Rosenblum / Sebastian Elbaum / Anthony Finkelstein from http://www.asctec.de/

slide-6
SLIDE 6

Introduction Aerial photography

Fokion Zervoudakis / David S. Rosenblum / Sebastian Elbaum / Anthony Finkelstein from http://www.asctec.de/

slide-7
SLIDE 7
slide-8
SLIDE 8

Cascading Verification Motivation

Complex UAV mission plans can be analyzed with probabilistic model checking.

Fokion Zervoudakis / David S. Rosenblum / Sebastian Elbaum / Anthony Finkelstein

slide-9
SLIDE 9

Cascading Verification Motivation

Fokion Zervoudakis / David S. Rosenblum / Sebastian Elbaum / Anthony Finkelstein

Model checkers (e.g., PRISM) verify system models against a set of desired behavioral properties.

slide-10
SLIDE 10

Cascading Verification Motivation

Problem #1: model checkers support low-level languages that complicate model and property specifications.

slide-11
SLIDE 11

Cascading Verification Motivation

Fokion Zervoudakis / David S. Rosenblum / Sebastian Elbaum / Anthony Finkelstein

Problem #2: specification complexity is exacerbated by the need to encode domain knowledge.

slide-12
SLIDE 12

Cascading Verification Related work

Fokion Zervoudakis / David S. Rosenblum / Sebastian Elbaum / Anthony Finkelstein

Semantic model checking* leverages domain knowledge encoded in OWL to decrease specification costs.

*(Boaro, 2010; Oghabi, 2011; Di Pietro, 2012)

slide-13
SLIDE 13

Cascading Verification Intermission

Web Ontology Language*

*Owl in Winnie the Pooh

Fokion Zervoudakis / David S. Rosenblum / Sebastian Elbaum / Anthony Finkelstein

slide-14
SLIDE 14

Cascading Verification Motivation

Fokion Zervoudakis / David S. Rosenblum / Sebastian Elbaum / Anthony Finkelstein

Problem #3: OWL is constrained by expressive and reasoning limitations.

slide-15
SLIDE 15

Cascading Verification Motivation

Fokion Zervoudakis / David S. Rosenblum / Sebastian Elbaum / Anthony Finkelstein

SWRL* extends OWL with Horn clause-like rules, but OWL+SWRL cannot reason effectively with negation.

*approved by the W3C

slide-16
SLIDE 16

Cascading Verification Motivation

Fokion Zervoudakis / David S. Rosenblum / Sebastian Elbaum / Anthony Finkelstein

Prolog can reason effectively with negation, but lacks the expressivity afforded by OWL.

slide-17
SLIDE 17

Cascading Verification Contribution

Fokion Zervoudakis / David S. Rosenblum / Sebastian Elbaum / Anthony Finkelstein

We have developed an accessible* and effective* method for domain-specific probabilistic model checking called cascading verification.

*see evaluation slides

slide-18
SLIDE 18

Cascading Verification Who cares?

Fokion Zervoudakis / David S. Rosenblum / Sebastian Elbaum / Anthony Finkelstein

Model builders (e.g., UAV mission developers) want an accessible method to verify domain- specific system models.

slide-19
SLIDE 19

Cascading Verification Architecture

Fokion Zervoudakis / David S. Rosenblum / Sebastian Elbaum / Anthony Finkelstein

domain expert

slide-20
SLIDE 20

Cascading Verification Architecture

Fokion Zervoudakis / David S. Rosenblum / Sebastian Elbaum / Anthony Finkelstein

model builder

slide-21
SLIDE 21

Cascading Verification Architecture

Fokion Zervoudakis / David S. Rosenblum / Sebastian Elbaum / Anthony Finkelstein

slide-22
SLIDE 22

Cascading Verification Architecture

Fokion Zervoudakis / David S. Rosenblum / Sebastian Elbaum / Anthony Finkelstein

slide-23
SLIDE 23

Cascading Verification Architecture

Fokion Zervoudakis / David S. Rosenblum / Sebastian Elbaum / Anthony Finkelstein

slide-24
SLIDE 24

Cascading Verification Architecture

Fokion Zervoudakis / David S. Rosenblum / Sebastian Elbaum / Anthony Finkelstein

slide-25
SLIDE 25

Cascading Verification Architecture

Fokion Zervoudakis / David S. Rosenblum / Sebastian Elbaum / Anthony Finkelstein

Action: TraversePathSegmentAction :

  • id: TPSA1

duration: 60 coordinates : [ -118.27017 , 34.04572 ,

  • 118.27279 ,

34.04284]

  • id: TPSA2

duration: 60 coordinates : [ -118.2739 , 34.03928] preconditions : [TPSA1 , TPSA3]

  • id: TPSA3

duration: 60 coordinates : [ -118.26482 , 34.03332 ,

  • 118.27383 ,

34.03824]

  • id: TPSA4

duration: 60 coordinates : [ -118.28204 , 34.0376] preconditions : [TPSA3] PhotoSurveillanceAction :

  • id: PSA5

duration: 50 preconditions : [TPSA3] Asset: Hummingbird :

  • id: H1

actions: [TPSA1 , TPSA2]

  • id: H2

actions: [TPSA3 , TPSA4 , PSA5]

slide-26
SLIDE 26

Cascading Verification Architecture

Fokion Zervoudakis / David S. Rosenblum / Sebastian Elbaum / Anthony Finkelstein

Action: TraversePathSegmentAction :
  • id: TPSA1
duration: 60 coordinates : [ -118.27017 , 34.04572 ,
  • 118.27279 ,
34.04284]
  • id: TPSA2
duration: 60 coordinates : [ -118.2739 , 34.03928] preconditions : [TPSA1 , TPSA3]
  • id: TPSA3
duration: 60 coordinates : [ -118.26482 , 34.03332 ,
  • 118.27383 ,
34.03824]
  • id: TPSA4
duration: 60 coordinates : [ -118.28204 , 34.0376] preconditions : [TPSA3] PhotoSurveillanceAction :
  • id: PSA5
duration: 50 preconditions : [TPSA3] Asset: Hummingbird :
  • id: H1
actions: [TPSA1 , TPSA2]
  • id: H2
actions: [TPSA3 , TPSA4 , PSA5] dtmc const int max_e1 = 120; const int max_d1 = 60; const int max_d2 = 60; const int max_e2 = 120; const int max_d3 = 60; const int max_d4 = 60; const int max_d5 = 50; module Hummingbird1 e1 : [0.. max_e1] init max_e1; [asst1] e1 >0 & d1 >0 -> (e1 ’=e1 -1); [asst1] e1 >0 & d2 >0 -> (e1 ’=e1 -1); [asst1] e1=0 | d2=0 -> true; endmodule module TraversePathSegmentAction1 d1 : [0.. max_d1] init max_d1; [asst1] d1 >0 & e1 >0 -> (d1 ’=d1 -1); [asst1] d1=0
  • > true;
endmodule module TraversePathSegmentAction2 d2 : [0.. max_d2] init max_d2; [asst1] d1 >0
  • > true;
[asst1] d1=0 & d3=0 & d2 >0 & e1 >0 -> (d2 ’=d2 -1); [asst1] d2=0
  • > true;
endmodule module Hummingbird2 e2 : [0.. max_e2] init max_e2; [asst1] e2 >0 & d3 >0 -> (e2 ’=e2 -1); [asst1] e2 >0 & d4 >0 -> (e2 ’=e2 -1); [asst1] e2=0 | d4=0 -> true; endmodule module TraversePathSegmentAction3 d3 : [0.. max_d3] init max_d3; [asst1] d3 >0 & e2 >0 -> (d3 ’=d3 -1); [asst1] d3=0
  • > true;
endmodule module TraversePathSegmentAction4 d4 : [0.. max_d4] init max_d4; [asst1] d3 >0
  • > true;
[asst1] d3=0 & d4 >0 & e2 >0 -> (d4 ’=d4 -1); [asst1] d4=0
  • > true;
endmodule module PhotoSurveillanceAction5 d5 : [0.. max_d5] init max_d5; r5 : bool init false; [asst1] d3 >0
  • > true;
[asst1] d3=0 & d5 >0 & e1 >0 -> (d5 ’=d5 -1)&(r5 ’= true ); [asst1] d5=0
  • > (r5 ’= false );
endmodule const int start4 = 60; const int finish4 = 0; formula actn4_tai = d4 >finish4 & d4 <= start4; module Hummingbird2_Survivability a2d : bool init false; [asst1] !a2d & actn4_tai
  • > 0.99:( a2d ’= false) + 0.01:( a2d ’= true );
[asst1] a2d | !actn4_tai
  • > true;
endmodule formula duration4 = start4 - finish4; formula tkad2 = duration4; module SensorActionCounter2 sad2 : [0.. tkad2] init 0; [asst1] actn4_tai & (r5) & sad2 <tkad2
  • > (sad2 ’= sad2 +1);
[asst1] !actn4_tai | !(r5) -> true; endmodule formula raf2 = sad2 / tkad2; P=? [ F d2=0 & d4=0 & !a2d & raf2>0.6 ]
slide-27
SLIDE 27

Evaluation Accessibility

Fokion Zervoudakis / David S. Rosenblum / Sebastian Elbaum / Anthony Finkelstein

*based on missions developed by DARPA and DRDC

PRISM-to-YAML ratio LOC tokens 58 missions∗ mean ratio 312.7% 449.0% standard deviation 52.4% 95.4% 6 specialist missions mean ratio 393.3% 599.2% standard deviation 24.0% 59.2%

slide-28
SLIDE 28

Fokion Zervoudakis / David S. Rosenblum / Sebastian Elbaum / Anthony Finkelstein

Evaluation Effectiveness

System specification errors include:

  • failure of mission elements to participate in mandatory

relationships (e.g., UAVs must execute at least one action);

  • and failure of mission elements to participate in

specified relationships (e.g., UAVs execute only actions, not other UAVs).

slide-29
SLIDE 29

Fokion Zervoudakis / David S. Rosenblum / Sebastian Elbaum / Anthony Finkelstein

Evaluation Accessibility & effectiveness

System model errors include:

  • incorrect variable declarations;
  • incorrect behavior for single threads of execution;
  • and incorrect synchronization across multiple threads of

execution.

slide-30
SLIDE 30

Cascading Verification Contribution

Fokion Zervoudakis / David S. Rosenblum / Sebastian Elbaum / Anthony Finkelstein

Cascading verification is an accessible and effective method for domain-specific probabilistic model checking.

slide-31
SLIDE 31

Cascading Verification

Fokion Zervoudakis (UCL) David S. Rosenblum (NUS) Sebastian Elbaum (UNL) Anthony Finkelstein (UCL)

supported in part by AFOSR-FA9550-09-1-0687 and EOARD-FA8655-10-1-3007