MIXED-TIME SIGNAL TEMPORAL LOGIC FORMATS 2019 Thomas Ferrre IST - PowerPoint PPT Presentation

MIXED-TIME SIGNAL TEMPORAL LOGIC FORMATS 2019 Thomas Ferrère – IST Austria Oded Maler – VERIMAG Dejan Nickovic – AIT Austrian Institute of Technology

INTRODUCTION • Cyber-Physical Systems (CPS) • Heterogeneous components Informal Requirement • SW, Sensors, Actuations, uC, etc. Input Stimuli • CPS are often safety critical STL • → model -based development (MBD) Specification • → verification and testing • Specification-based testing for CPS SUT • Signal Temporal Logic (STL) Monitor • Declarative properties of CPS p1 p2 • STL monitoring as basic technology Parameters Verdict 2

HETEROGENEITY OF CPS • • Heterogeneous components in CPS Specification-based testing for CPS • • MBD with heterogeneous models of STL: only dense interpretation of time • computation Sensors, actuators, analog components • • Dense time Ptolemy • Digital controllers • MathWorks tools • Discrete (clocked) time • Simulink, SimScape, SimEvents, etc. • Scade • • Verilog AMS, VHDL AMS How to specify and evaluate system- level properties with different time domains? • What about verification and testing? 05/09/2019 3

MOTIVATING EXAMPLE • Bounded stabilization property • Digital command 𝑑𝑛𝑒 • Analog response 𝑦 • Whenever 𝑑𝑛𝑒 is on its rising edge, the absolute value of 𝑦 must become lower than 1 within 600 time units and remain continuously within that range for at least 300 time units • Sampling period 𝑈 = 200 time units 05/09/2019 4

MIXED-TIME SIGNAL TEMPORAL LOGIC (STL-MX) • • Two specification layers Syntax 𝑌 𝜒 𝑄 𝜒 𝜒 1 𝑉𝜒 2 𝜒 1 𝑇𝜒 2 | @ 𝑑𝑒 (𝛽) 𝜒 ≔ 𝑞 ¬𝜒 𝜒 1 ∨ 𝜒 2 • Discrete-time layer 𝜒 𝛽 1 𝑇 𝐽 𝛽 2 | @ 𝑒𝑑 (𝜒) 𝛽 ≔ 𝑦 ≼ 𝑑 ¬𝑏 𝛽 1 ∨ 𝛽 2 𝛽 1 𝑉 𝐽 𝛽 2 • LTL with past • Continuous-time layer 𝛽 • 𝑌 – next, 𝑄 – previously, 𝑉 – until, 𝑇 – since • STL with past • Time mapping operators to “switch” • Other combinatorial and temporal operators derived in between layers standard way • @ 𝒆𝒅 - from discrete to continuous-time ∧, →, ↔ • • 𝐻 – always, 𝐺 – eventually layer • 𝐼 – historically, 𝑃 - once @ 𝒅𝒆 - from continuous to discrete-time • layer 05/09/2019 5

STL-MX SEMANTICS Time mapping operators 𝑞 = @ 𝑑𝑒 (𝑧) 𝑧 = @ 𝑒𝑑 (𝑞) • • 𝑧 𝑧 𝑞 𝑞 05/09/2019 6

MOTIVATING EXAMPLE REVISITED • Whenever 𝑑𝑛𝑒 is on its rising edge, the absolute value of 𝑦 must become lower than 1 within 600 time units and remain continuously within that range for at least 300 time units • Sampling period 𝑈 = 200 time units • STL-MX specification 𝐻( 𝑄¬𝑑𝑛𝑒 ∧ 𝑑𝑛𝑒 → @ 𝑑𝑒 𝐺 0,600 𝐻 0,300 𝑦 ≤ 1 ) 05/09/2019 7

STL-MX FORMULA EQUIVALENCE • Discrete-time formula equivalence 𝜒 ∼ 𝜒 ′ iff for all signals 𝑣 , 𝑥 and time indices 𝑗 , 𝑣, 𝑥, 𝑗 ⊨ 𝑒 𝜒 ↔ 𝑣, 𝑥, 𝑗 ⊨ 𝑒 𝜒′ • • Continuous-time formula equivalence 𝛽 ∼ 𝛽 ′ iff for all signals 𝑣 , 𝑥 and real time values 𝑢 , 𝑣, 𝑥, 𝑢 ⊨ 𝑑 𝛽 ↔ 𝑣, 𝑥, 𝑢 ⊨ 𝑑 𝛽′ • 05/09/2019 8

STL-MX PROPERTIES For all 𝜒 , 𝜒 = @ 𝑑𝑒 @ 𝑒𝑑 (𝜒) There exists 𝛽 , s.t. 𝛽 ≠ @ 𝑒𝑑 @ 𝑑𝑒 (𝛽) • • 𝑧 𝑞 @ 𝑑𝑒 (𝑞) @ 𝑑𝑒 (𝑧) @ 𝑑𝑒 @ 𝑒𝑑 (𝑞) @ 𝑒𝑑 @ 𝑑𝑒 (𝑧) 05/09/2019 9

STL-MX PROPERTIES • Time mapping operators commute over Boolean connectives @ 𝑒𝑑 ¬𝜒 = ¬@ 𝑒𝑑 (𝜒) @ 𝑒𝑑 𝜒 1 ∨ 𝜒 2 = @ 𝑒𝑑 𝜒 1 ∨ @ 𝑒𝑑 (𝜒 2 ) @ 𝑑𝑒 ¬𝛽 = ¬@ 𝑑𝑒 (𝛽) @ 𝑑𝑒 𝛽 1 ∨ 𝛽 2 = @ 𝑑𝑒 𝛽 1 ∨ @ 𝑑𝑒 (𝛽 2 ) 05/09/2019 10

EXPRESSIVITY OF STL-MX • STL-MX ≈ STL + clock event 𝑑𝑚𝑙 STL-MX to STL mapping • • Example: clock event 𝑑𝑚𝑙 with period 𝑈 is 𝜏 𝑞 = 𝑞 continuous time signal • 𝜏 𝑌𝜒 = ¬𝑑𝑚𝑙𝑉 (0,∞) 𝑑𝑚𝑙 ∧ 𝜏 𝜒 • 𝑢𝑠𝑣𝑓 at multiples of 𝑈 • 𝜏 𝜒 1 𝑉𝜒 2 = 𝜏 𝜒 2 ∨ (𝜏 𝜒 1 𝑉 0,∞ 𝜏 𝜒 2 ) • 𝑔𝑏𝑚𝑡𝑓 otherwise 𝜏 @ 𝑑𝑒 𝛽 • = ¬𝑑𝑚𝑙 𝑇(𝑑𝑚𝑙 ∧ 𝜏 𝛽 ) • Every STL-MX formula can be mapped to STL • Syntactic mapping 𝜏 • → Polynomial -time reduction 05/09/2019 11

MONITORING STL-MX • Discrete-time part Monitor for the bounded stabilization property • → LTL monitor – temporal testers • Dense-time part LTL Monitor • → STL monitor – temporal testers ¬ 𝑄 ∧ → • Combining LTL + STL monitors • → time mapping operators @ 𝑑𝑒 Time mapping operator • Monitor for @ 𝒅𝒆 Monitor for @ 𝒆𝒅 • | ⋅ | < 1 𝐻 [0,300] 𝐺 [0,600] STL Monitor 05/09/2019 12

MONITORING STL-MX Monitor for @ 𝒅𝒆 Monitor for @ 𝒆𝒅 • • Input: CT signal 𝑣 , sampling period 𝑈 Input: DT signal 𝑥 , sampling period 𝑈 • Output: DT signal 𝑥 = @ 𝑑𝑒 (𝑣) • Output: CT signal 𝑣 = @ 𝑒𝑑 (𝑥) • • 𝐽 𝑣 = 𝐽 1 ⋅ 𝐽 2 ⋯ 𝐽 𝑜 is a time partition consistent for every time index 𝑙 in 𝑥 with 𝑣 • 𝐽 𝑙 = [𝑙𝑈, 𝑙 + 1 𝑈) • 𝑙 ∶= 0 • 𝑣 𝐽 𝑙 = 𝑥(𝑙) • for every time interval 𝐽 𝑘 • while 𝑙𝑈 ∈ 𝐽 𝑘 • 𝑥 𝑙 = 𝑣(𝐽 𝑘 ) • 𝑙 ∶= 𝑙 + 1 05/09/2019 13

CASE STUDY: Δ − Σ MODULATOR • Δ − Σ modulator • Subtractor • 𝑣 Δ (𝑢) = 𝑣 𝑗𝑜 𝑢 − 𝑣 𝑞𝑚𝑡 (𝑢) • Integrator 𝑢 𝑣 Δ 𝑢 ′ 𝑒𝑢′ • 𝑣 Σ 𝑢 = 𝐵 ⋅ ׬ 0 • Threshold 𝑞 𝑝𝑣𝑢 𝑗 = ቊ1, 𝑣 Σ 𝑗𝑈 ≥ 𝑤 0 • 0, 𝑝𝑢ℎ𝑓𝑠𝑥𝑗𝑡𝑓 • Pulse 𝑢 𝑢 𝑣 𝑞𝑚𝑡 𝑢 = ቐ 𝑤 1 , 𝑞 𝑝𝑣𝑢 𝑈 − 1 = 0 ∧ 𝑞 𝑝𝑣𝑢 = 1 • 𝑈 𝑤 0 , 𝑝𝑢ℎ𝑓𝑠𝑥𝑗𝑡𝑓 • Sampling period 𝑈 = 3.2𝜈𝑡 05/09/2019 14

CASE STUDY: PROPERTY SPECIFICATION Property 1 Property 2 • • When we observe a rising edge in the When the input voltage is above 1.05𝑊 output, the voltage out of the integrator for 12.8𝜈𝑡 the output must have a has to return to a value below the sequence of two consecutive spikes threshold at the next clock tick starting over that time frame • • STL-MX specification 𝜒 1 : STL-MX specification 𝜒 2 : 𝐻( 𝑄¬𝑞 𝑝𝑣𝑢 ∧ 𝑞 𝑝𝑣𝑢 → 𝑌@ 𝑑𝑒 (𝑣 Σ < 𝑤 0 ) 𝐻(𝐻 0,12.8 𝑣 𝑗𝑜 > 1.05 → 𝐺 0,12.8 @ 𝑒𝑑 ¬𝑞 𝑝𝑣𝑢 ∧ 𝑌𝑞 𝑝𝑣𝑢 ∧ 𝑌 2 ¬𝑞 𝑝𝑣𝑢 ∧ 𝑌 3 𝑞 𝑝𝑣𝑢 ) 05/09/2019 15

CASE STUDY: SIMULATION AND EVALUATION 𝒗 𝒋𝒐 𝒖 = 𝟏. 𝟕 𝒅𝒑𝒕 𝟐𝟏𝟏𝟏 ⋅ 𝟑𝝆 ⋅ 𝒖 + 𝟏. 𝟕 𝒗 𝒋𝒐 𝒖 = 𝟏. 𝟖 𝒅𝒑𝒕 𝟐𝟏𝟏𝟏 ⋅ 𝟑𝝆 ⋅ 𝒖 + 𝟏. 𝟖 𝝌 𝟐 satisfied 𝝌 𝟐 violated 05/09/2019 16

CASE STUDY: EXECUTION TIMES Property Sim # 𝒗 𝚻 𝒗 𝒋𝒐 𝒒 𝒑𝒗𝒖 time( 𝒏𝒕 ) 𝜒 1 1 20,470 727 143 𝜒 1 2 2,771 58 104 𝜒 2 3 26,207 971 45 𝜒 2 4 27,926 971 50 𝜒 2 5 29,495 971 51 𝜒 2 6 31,298 1,212 58 𝜒 2 7 32,133 1,212 59 𝜒 2 8 33,005 1,212 61 05/09/2019 17

CASE STUDY: STL-MX VS. STL • STL-MX specification 𝜒 2 : 𝐻(𝐻 0,12.8 𝑣 𝑗𝑜 > 1.05 → 𝐺 0,12.8 @ 𝑒𝑑 ¬𝑞 𝑝𝑣𝑢 ∧ 𝑌𝑞 𝑝𝑣𝑢 ∧ 𝑌 2 ¬𝑞 𝑝𝑣𝑢 ∧ 𝑌 3 𝑞 𝑝𝑣𝑢 ) • STL specification 𝜏 𝜒 2 : ¬𝑞 𝑝𝑣𝑢 ∧ ¬𝑑𝑚𝑙𝑉(𝑑𝑚𝑙 ∧ 𝑞 𝑝𝑣𝑢 ) ∧ 𝐻(𝐻 0,12.8 𝑣 𝑗𝑜 > 1.05 → 𝐺 0,12.8 ) ¬𝑑𝑚𝑙𝑉𝑑𝑚𝑙 ∧ (¬𝑑𝑚𝑙𝑉 𝑑𝑚𝑙 ∧ ¬𝑞 𝑝𝑣𝑢 ) ∧ ¬𝑑𝑚𝑙𝑉𝑑𝑚𝑙 ∧ (¬𝑑𝑚𝑙𝑉 𝑑𝑚𝑙 ∧ ¬𝑑𝑚𝑙𝑉 𝑑𝑚𝑙 ∧ 𝑞 𝑝𝑣𝑢 ) 05/09/2019 18

FUTURE WORK • Automatic insertion of @cd and @dc conversion operators based on type inference • Facilitate use of the specification language • More sophisticated conversion operators • Instead of periodic sample and hold. • Truth value of discrete signal depends on integrating values at continuous time in some interval around it • Event-based conversion in asynchronous style • Tighter interaction between the monitoring procedure and the simulators • Equipping STL-mx with quantitative semantics 05/09/2019 19

CONCLUSIONS • STL-MX • Syntactic and semantic constructs • Co-existence of discrete and continuous-time specifications • Main application - runtime monitoring of CPS and mixed signal designs • Step towards system-wide specification-based verification 05/09/2019 20

THANK YOU! Lecturer, Date