Properties of Chaos Nathan Aschbacher @gen_nja _ we suspect - - PowerPoint PPT Presentation

properties of chaos
SMART_READER_LITE
LIVE PREVIEW

Properties of Chaos Nathan Aschbacher @gen_nja _ we suspect - - PowerPoint PPT Presentation

Feb 07, 2023 236 likes •510 views

Properties of Chaos Nathan Aschbacher @gen_nja _ we suspect most users are not working on these kinds of safety-critical systems. -- Chaos Engineering the Book Must Be at Least this 26262 to Ride Functional Safety in

slide-1
SLIDE 1

Properties of Chaos

Nathan Aschbacher @gen_nja

slide-2
SLIDE 2

ಠ_ಠ

slide-3
SLIDE 3

“ ”

  • - Chaos Engineering

the Book …we suspect most users are not working on these kinds of safety-critical systems.

slide-4
SLIDE 4

Must Be at Least this 26262 to Ride

slide-5
SLIDE 5

“Functional Safety in AI Controlled Vehicles: If Not ISO 26262, Then What?”

Joseph Dailey Global Functional Safety Manager Mentor

slide-6
SLIDE 6
slide-7
SLIDE 7

Autonomy / ML / AI Libraries Kernel Drivers Hypervisor Hardware

slide-8
SLIDE 8

Curry-Howard

“227 issues”

slide-9
SLIDE 9

Libraries Kernel Autonomy / ML / AI Drivers Hypervisor Hardware

slide-10
SLIDE 10

On-Vehicle Toolchain

slide-11
SLIDE 11

2019

Must Be at Least this 26262 to Ride

SOTIF

slide-12
SLIDE 12

Fail-Operational

slide-13
SLIDE 13

π Π 𐀆

Dependent Types Higher Order Logic Join Calculus

Mathematical Proof ϕ

Temporal Logic

slide-14
SLIDE 14
slide-15
SLIDE 15

Chaos Engineering is about engineering practices that help us surface those systemic effects.

  • - Casey Rosenthal

Co-author of Chaos Engineering Book

“ ”

slide-16
SLIDE 16

  • - Principles of Chaos

“ ”

Chaos strongly prefers to experiment directly

  • n production traffic.
  • - Chaos Engineering

the Book

“ We don’t expect engineers to inject noise into

the sensors of self-driving cars containing unsuspecting passengers!

slide-17
SLIDE 17

Property Chaosed Testing

slide-18
SLIDE 18

Background:

Given a process Alice And a process Bob And an arbitrary vector of processes Carls And a message capability from Bob to Alice And a message capability from Alice to Bob And the Carls continuously send arbitrary messages to Alice

Scenario: Message delay from unauthorized IPC storm

When Alice sends an arbitrary message to Bob And Bob replies to message from Alice Then the message delay from Bob to Alice must be < 1 ms

slide-19
SLIDE 19

impl Arbitrary for message { fn arbitrary<G: Gen>(g: &mut G) -> message { message { id: u32::arbitrary(g), dlc: u8::arbitrary(g), timestamp: u32::arbitrary(g), data: [u8::arbitrary(g); 8], } } }

slide-20
SLIDE 20

Common Cause Cascading Interference Common Mode

slide-21
SLIDE 21

Perceiving Planning Performing

slide-22
SLIDE 22

Time <

slide-23
SLIDE 23

Before > After

slide-24
SLIDE 24

Autonomy / ML / AI Libraries Kernel Drivers Hypervisor Hardware

Necessarily Probabilistic Terrifyingly Probabilistic

slide-25
SLIDE 25

The robots are coming.

slide-26
SLIDE 26

?