proving and explaining the unfeasibility of message
play

Proving and Explaining the Unfeasibility of Message Sequence Charts - PowerPoint PPT Presentation

Mar 28, 2024 •133 likes •893 views

Proving and Explaining the Unfeasibility of Message Sequence Charts for Hybrid Systems Alessandro Cimatti Sergio Mover Stefano Tonetta Fondazione Bruno Kessler October 31, 2011 Sergio Mover (FBK) Unfeasibility and Explanations of MSC

  1. Proving and Explaining the Unfeasibility of Message Sequence Charts for Hybrid Systems Alessandro Cimatti Sergio Mover Stefano Tonetta Fondazione Bruno Kessler October 31, 2011 Sergio Mover (FBK) Unfeasibility and Explanations of MSC October 31, 2011 1 / 28

  2. Motivations Hybrid Systems Mix discrete (e.g. hardware) and Rod 1 Rod 2 x = 0 x = 0 continuous (e.g. sensor) behaviors. Ready Ready ˙ x ∈ [ 0 . 9 , 1 . 1 ] x ∈ [ 0 . 9 , 1 . 1 ] ˙ TRUE TRUE x ≥ 16 /τ/ x ′ := x Add 1 / x ′ := 0 x ≥ 16 /τ/ x ′ := x Add 2 / x ′ := 0 Recovering In Recovering In ˙ ˙ ˙ ˙ Complex critical systems: train control x ∈ [ 0 . 9 , 1 . 1 ] Remove 1 / x ′ := 0 x ∈ [ 0 . 9 , 1 . 1 ] x ∈ [ 0 . 9 , 1 . 1 ] Remove 2 / x ′ := 0 x ∈ [ 0 . 9 , 1 . 1 ] x ≤ 16 x ≤ 5 . 9 x ≤ 16 x ≤ 5 . 9 Rod1 Rod2 system (ETCS), airplane traffic control Add 1 , Remove 1 Add 2 , Remove 2 system (TCAS), . . . x = 0 x ≥ 16 / Add 1 / x ′ := 0 x ≥ 16 / Add 2 / x ′ := 0 Rod 1 No Rod Rod 2 ˙ x ∈ [ 0 . 9 , 1 . 1 ] ˙ x ∈ [ 0 . 9 , 1 . 1 ] x ∈ [ 0 . 9 , 1 . 1 ] ˙ x ≤ 5 . 9 x ≤ 16 x ≤ 5 . 9 x ∈ [ 5 , 5 . 9 ] / Remove 1 / x ∈ [ 5 , 5 . 9 ] / Remove 2 / Network of components. x ′ := 0 x ′ := 0 Controller Controller Scenario-verification Rod 1 Controller Rod 2 Add 1 Is there a run of the system compatible with the Rem 1 time ≤ 19 scenario? Add 2 time ≥ 19 If such a run exists, the scenario is feasible. Rem 2 Add 1 Rem 1 time ≥ 80 Sergio Mover (FBK) Unfeasibility and Explanations of MSC October 31, 2011 2 / 28

  3. Motivations Existing approaches: Reduction to reachability: 1 Can prove both feasibility and unfeasibility. Inefficient. Scenario-based encoding [CAV11]: 2 Cannot prove unfeasibility. Efficient. Our contribution is a SMT-based technique that: Efficiently proves unfeasibility. Extracts explanations for the unfeasibility. Sergio Mover (FBK) Unfeasibility and Explanations of MSC October 31, 2011 3 / 28

  4. Outline Background 1 SMT analysis of Hybrid Systems Scenario-Verification Proving the unfeasibility of scenarios 2 Explanations of Unfeasibility 3 Experimental Evaluation 4 Conclusions and future work 5 Sergio Mover (FBK) Unfeasibility and Explanations of MSC October 31, 2011 4 / 28

  5. Outline Background 1 SMT analysis of Hybrid Systems Scenario-Verification Proving the unfeasibility of scenarios 2 Explanations of Unfeasibility 3 Experimental Evaluation 4 Conclusions and future work 5 Sergio Mover (FBK) Unfeasibility and Explanations of MSC October 31, 2011 5 / 28

  6. Outline Background 1 SMT analysis of Hybrid Systems Scenario-Verification Proving the unfeasibility of scenarios 2 Explanations of Unfeasibility 3 Experimental Evaluation 4 Conclusions and future work 5 Sergio Mover (FBK) Unfeasibility and Explanations of MSC October 31, 2011 6 / 28

  7. Hybrid Automata Hybrid automata ([Henzinger 96]): Framework for representing hybrid systems. Discrete instantaneous mode switches. Continuous evolution according to flow conditions. x Recovering x = 0 3 2 Ready ˙ x ∈ [ 0 . 9 , 1 . 1 ] 1 TRUE time 0 x ≥ 16 /τ/ x ′ := x 0 1 2 3 4 5 6 7 8 9 Add 1 / x ′ := 0 location Recovering In ˙ ˙ x ∈ [ 0 . 9 , 1 . 1 ] x ∈ [ 0 . 9 , 1 . 1 ] Remove 1 / x ′ := 0 Recovering x ≤ 16 x ≤ 5 . 9 In Rod1 Ready time 0 1 2 3 4 5 6 7 8 9 Sergio Mover (FBK) Unfeasibility and Explanations of MSC October 31, 2011 7 / 28

  8. Hybrid Automata Network Network of hybrid automata H = H 1 || . . . || H n : Move asynchronously on local events ( τ ). Synchronize on shared events. Rod 1 Rod 2 x = 0 x = 0 Ready Ready x ∈ [ 0 . 9 , 1 . 1 ] ˙ x ∈ [ 0 . 9 , 1 . 1 ] ˙ TRUE TRUE x ≥ 16 /τ/ x ′ := x x ≥ 16 /τ/ x ′ := x Add 1 / x ′ := 0 Add 2 / x ′ := 0 Recovering In Recovering In x ∈ [ 0 . 9 , 1 . 1 ] ˙ ˙ x ∈ [ 0 . 9 , 1 . 1 ] x ∈ [ 0 . 9 , 1 . 1 ] ˙ ˙ x ∈ [ 0 . 9 , 1 . 1 ] Remove 1 / x ′ := 0 Remove 2 / x ′ := 0 x ≤ 16 x ≤ 5 . 9 x ≤ 16 x ≤ 5 . 9 Rod1 Rod2 Add 1 , Remove 1 Add 2 , Remove 2 x = 0 x ≥ 16 / Add 1 / x ′ := 0 x ≥ 16 / Add 2 / x ′ := 0 Rod 1 No Rod Rod 2 ˙ ˙ ˙ x ∈ [ 0 . 9 , 1 . 1 ] x ∈ [ 0 . 9 , 1 . 1 ] x ∈ [ 0 . 9 , 1 . 1 ] x ≤ 5 . 9 x ≤ 16 x ≤ 5 . 9 x ∈ [ 5 , 5 . 9 ] / Remove 1 / x ∈ [ 5 , 5 . 9 ] / Remove 2 / x ′ := 0 x ′ := 0 Controller Controller Different semantics: Global-time ([Henzinger 96]). 1 Local-time ([Bengstsson 98]). 2 Sergio Mover (FBK) Unfeasibility and Explanations of MSC October 31, 2011 8 / 28

  9. Local-time semantics The time evolves independently in each automaton: Local time scale. The continuous evolution is a local transition. The local time of the automata must be the same: On synchronizations. At the end of a run. 12 12 12 11 1 11 1 11 1 10 2 10 2 10 2 9 3 9 3 9 3 τ τ A τ B τ 8 4 8 4 8 4 7 5 7 5 7 5 6 6 6 11 12 1 11 12 1 11 12 1 10 2 10 2 10 2 9 3 9 3 9 3 τ 8 4 A 8 4 B 8 4 7 5 7 5 7 5 6 6 6 τ = local event (no stutter or time). Sergio Mover (FBK) Unfeasibility and Explanations of MSC October 31, 2011 9 / 28

  10. SMT analysis of Hybrid Systems Each automaton is encoded in a symbolic transition system H i = � Init i , Trans i � . Bounded model checking: T T T T T ... BMC H 1 ( k ) 1 2 3 4 k . . . T T T T T ... BMC H 2 ( k ) 1 2 3 4 k k-induction. Base case: BMC up to k . Inductive case: BMC and simple path condition up to k + 1. Use SMT solvers as decision procedure. Sergio Mover (FBK) Unfeasibility and Explanations of MSC October 31, 2011 10 / 28

  11. Outline Background 1 SMT analysis of Hybrid Systems Scenario-Verification Proving the unfeasibility of scenarios 2 Explanations of Unfeasibility 3 Experimental Evaluation 4 Conclusions and future work 5 Sergio Mover (FBK) Unfeasibility and Explanations of MSC October 31, 2011 11 / 28

  12. Constrained Message Sequence Charts � m , φ � : Message sequence chart m with constraints φ . Rod 1 Controller Rod 2 m : parallel composition of instances. Add 1 φ = φ g ∧ φ 1 ∧ . . . ∧ φ n : formulas over the Rem 1 time ≤ 19 network variables on synchronization. Add 2 time ≥ 19 Global ( φ g ): over all the network Rem 2 variables. Add 1 Local φ i : over variable of H i . Rem 1 time ≥ 80 Sergio Mover (FBK) Unfeasibility and Explanations of MSC October 31, 2011 12 / 28

  13. MSC verification via reachability The CMSC is translated in a monitor automaton S m . The automaton is composed with the network. Enables off-the-shelf verification techniques: BMC: feasibility. k-induction: unfeasibility. � l 0 1 , l 0 2 , l 0 3 , l 0 σ 1 σ 2 σ 3 σ 4 τ 4 � B A A B � l 1 1 , l 1 2 , l 0 3 , l 0 � l 0 1 , l 0 2 , l 1 3 , l 1 τ 4 � 4 � τ B C C A � l 1 1 , l 1 2 , l 1 3 , l 1 � l 0 1 , l 0 2 , l 2 3 , l 2 τ 4 � 4 � τ C D A τ � l 1 1 , l 1 2 , l 2 3 , l 2 4 � D � l 1 1 , l 2 2 , l 3 3 , l 2 4 � m = σ 1 || σ 2 || σ 3 || σ 4 Sergio Mover (FBK) Unfeasibility and Explanations of MSC October 31, 2011 13 / 28

  14. MSC verification via reachability The CMSC is translated in a monitor automaton S m . The automaton is composed with the network. Enables off-the-shelf verification techniques: BMC: feasibility. k-induction: unfeasibility. � l 0 1 , l 0 2 , l 0 3 , l 0 σ 1 σ 2 σ 3 σ 4 τ 4 � B A A B τ � l 1 1 , l 1 2 , l 0 3 , l 0 � l 0 1 , l 0 2 , l 1 3 , l 1 τ 4 � 4 � B C C A � l 1 1 , l 1 2 , l 1 3 , l 1 � l 0 1 , l 0 2 , l 2 3 , l 2 τ 4 � 4 � τ D C A � l 1 1 , l 1 2 , l 2 3 , l 2 τ 4 � D � l 1 1 , l 2 2 , l 3 3 , l 2 4 � Cut: � l 0 1 , l 0 2 , l 0 3 , l 0 4 � Sergio Mover (FBK) Unfeasibility and Explanations of MSC October 31, 2011 13 / 28

  15. MSC verification via reachability The CMSC is translated in a monitor automaton S m . The automaton is composed with the network. Enables off-the-shelf verification techniques: BMC: feasibility. k-induction: unfeasibility. � l 0 1 , l 0 2 , l 0 3 , l 0 σ 1 σ 2 σ 3 σ 4 τ 4 � B A A B τ � l 1 1 , l 1 2 , l 0 3 , l 0 � l 0 1 , l 0 2 , l 1 3 , l 1 τ 4 � 4 � B C C A � l 1 1 , l 1 2 , l 1 3 , l 1 � l 0 1 , l 0 2 , l 2 3 , l 2 τ 4 � 4 � τ D C A � l 1 1 , l 1 2 , l 2 3 , l 2 τ 4 � D � l 1 1 , l 2 2 , l 3 3 , l 2 4 � Cut: � l 1 1 , l 1 2 , l 0 3 , l 0 4 � Sergio Mover (FBK) Unfeasibility and Explanations of MSC October 31, 2011 13 / 28

  16. MSC verification via reachability The CMSC is translated in a monitor automaton S m . The automaton is composed with the network. Enables off-the-shelf verification techniques: BMC: feasibility. k-induction: unfeasibility. � l 0 1 , l 0 2 , l 0 3 , l 0 σ 1 σ 2 σ 3 σ 4 τ 4 � B A A B τ � l 1 1 , l 1 2 , l 0 3 , l 0 � l 0 1 , l 0 2 , l 1 3 , l 1 τ 4 � 4 � B C C A � l 1 1 , l 1 2 , l 1 3 , l 1 � l 0 1 , l 0 2 , l 2 3 , l 2 τ 4 � 4 � τ D C A � l 1 1 , l 1 2 , l 2 3 , l 2 τ 4 � D � l 1 1 , l 2 2 , l 3 3 , l 2 4 � Cut: � l 1 1 , l 1 2 , l 1 3 , l 1 4 � Sergio Mover (FBK) Unfeasibility and Explanations of MSC October 31, 2011 13 / 28

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Proving Copyless Message Passing Jules Villard 1 tienne Lozes 1 Cristiano Calcagno 2 1 LSV, ENS

Proving Copyless Message Passing Jules Villard 1 tienne Lozes 1 Cristiano Calcagno 2 1 LSV, ENS

Proving Copyless Message Passing Jules Villard 1 tienne Lozes 1 Cristiano Calcagno 2 1 LSV, ENS Cachan, CNRS 2 Imperial College, London ANR PANDA Sept. 10 PPS Outline Copyless Message Passing Language Highlights Contracts Local

1.08k views • 60 slides
1 Message Encryption- see Table 11.1 in the book Message Encryption if public-key encryption

1 Message Encryption- see Table 11.1 in the book Message Encryption if public-key encryption

Message Authentication CPE 542: CRYPTOGRAPHY & NETWORK SECURITY message authentication is concerned with: protecting the integrity of a message Chapter 11 Message Authentication and validating identity of originator Hash

462 views • 6 slides
On Theorem Proving for Program Checking Historical perspective and recent developments Maria

On Theorem Proving for Program Checking Historical perspective and recent developments Maria

Outline Introduction Where is theorem proving in program checking Inside theorem proving Big and little engines together: a new theorem proving style Decision procedures with speculative inferences Current and future challenges On Theorem

944 views • 69 slides
Visual theorem proving with the Incredible Proof Machine The idea Theorem Proving without

Visual theorem proving with the Incredible Proof Machine The idea Theorem Proving without

Interactive Theorem Proving, Nancy August 22, 2016 Joachim Breitner Karlsruhe Institute of Technology University of Pennsylvania, Philadelphia Visual theorem proving with the Incredible Proof Machine The idea Theorem Proving without Syntax

579 views • 43 slides
Learning theorem proving through self-play Stanisaw Purga Overview AlphaZero Proving

Learning theorem proving through self-play Stanisaw Purga Overview AlphaZero Proving

Learning theorem proving through self-play Stanisaw Purga Overview AlphaZero Proving game adjusting MCTS for proving game some results 2019-10 1 Neural black box game state S move policy expected outcome R n v

455 views • 45 slides
Lecture Notes: Message Management 1 Slide 1: Message Management Message Management A critical

Lecture Notes: Message Management 1 Slide 1: Message Management Message Management A critical

Lecture Notes: Message Management 1 Slide 1: Message Management Message Management A critical aspect of successful advocacy is the ability to create and deliver a message. While your passion matters greatly, your coalitions make the work

487 views • 15 slides
4.5: Proving the Correctness of Grammars In this section, we consider techniques for proving the

4.5: Proving the Correctness of Grammars In this section, we consider techniques for proving the

4.5: Proving the Correctness of Grammars In this section, we consider techniques for proving the correctness of grammars, i.e., for proving that grammars generate the languages we want them to. 1 / 21 Definition of Suppose G is a grammar and

324 views • 21 slides
Groundwater Contamination Litigation: Proving Groundwater Contamination Litigation: Proving And

Groundwater Contamination Litigation: Proving Groundwater Contamination Litigation: Proving And

Presenting a live 90 minute webinar with interactive Q&A Groundwater Contamination Litigation: Proving Groundwater Contamination Litigation: Proving And Defending Against Liability for Clean Up Costs Demonstrating Nexus, Causation and

940 views • 62 slides
Topic 11: A message What Is a Message in Communication? In rhetorical and communication studies,

Topic 11: A message What Is a Message in Communication? In rhetorical and communication studies,

Topic 11: A message What Is a Message in Communication? In rhetorical and communication studies, a message is defined as information conveyed by words (in speech or writing), and/or other signs and symbols. A message (verbal or nonverbal, or

485 views • 17 slides
GSM Short Message Service GSM Short Message Service GSM Short Message Service GSM Short Message

GSM Short Message Service GSM Short Message Service GSM Short Message Service GSM Short Message

National Taiwan University Department of Computer Science and Information Engineering GSM Short Message Service GSM Short Message Service GSM Short Message Service GSM Short Message Service Phone Lin Phone Lin Ph.D. Ph.D. Email:

360 views • 13 slides
A successful self explaining roads project i N in New Zealand; but Z l d b t what is next?

A successful self explaining roads project i N in New Zealand; but Z l d b t what is next?

A successful self explaining roads project i N in New Zealand; but Z l d b t what is next? what is next? Hamish Mackie i h ki Thi This presentation... i 1. Quick re cap: What are Self Explaining Roads? What arnt they? 2. Pt

597 views • 27 slides
Proving In fi nite Satis fi ability Peter Baumgartner Joshua Bax Goal Theorem Proving in

Proving In fi nite Satis fi ability Peter Baumgartner Joshua Bax Goal Theorem Proving in

Proving In fi nite Satis fi ability Peter Baumgartner Joshua Bax Goal Theorem Proving in Hierarchic Combinations of Speci fi cations Dis Background theory linear integer arithmetic Data structures ? Conjecture list axioms/arrays

443 views • 15 slides
Automated Theorem Proving 1/4: Introduction and Propositional Theorem Proving A.L. Lamprecht

Automated Theorem Proving 1/4: Introduction and Propositional Theorem Proving A.L. Lamprecht

Automated Theorem Proving 1/4: Introduction and Propositional Theorem Proving A.L. Lamprecht Course Program Semantics and Verfication 2020, Utrecht University September 21, 2020 Lecture Notes Automated Reasoning by Gerard A.W. Vreeswijk.

609 views • 40 slides
Automated Theorem Proving 2/4: First-Order Theorem Proving A.L. Lamprecht Course Program

Automated Theorem Proving 2/4: First-Order Theorem Proving A.L. Lamprecht Course Program

Automated Theorem Proving 2/4: First-Order Theorem Proving A.L. Lamprecht Course Program Semantics and Verfication 2020, Utrecht University September 23, 2020 Lecture Notes Automated Reasoning by Gerard A.W. Vreeswijk. Available for

1.03k views • 54 slides
Proving that Artinian implies Noetherian without proving that Artinian implies finite length

Proving that Artinian implies Noetherian without proving that Artinian implies finite length

Proving that Artinian implies Noetherian without proving that Artinian implies finite length Chris Conidis University of Waterloo April 1, 2012 Chris Conidis Proving that Artinian implies Noetherian without proving that Artinian Background

1.01k views • 76 slides
ping Program ICMP Message Format Available at /usr/sbin/ping Test whether another host is

ping Program ICMP Message Format Available at /usr/sbin/ping Test whether another host is

ICMP Internet Control Message Protocol ICMP is a protocol used for exchanging control messages. CSCE 515: Two main categories Query message Computer Network Error message Programming Usage of an ICMP message is determined by

473 views • 10 slides
Lecture 20 Computing with GPUs Supercomputing Final Exam Review Announcements The Final is

Lecture 20 Computing with GPUs Supercomputing Final Exam Review Announcements The Final is

Lecture 20 Computing with GPUs Supercomputing Final Exam Review Announcements The Final is on Tue March 15 th from 3pm to 6pm 4 Bring photo ID 4 You may bring a single sheet of notebook sized paper 8x10 inches with notes on both

637 views • 31 slides
Operating Systems ECE344 Ding Yuan Announcements & reminders Lab schedule is out

Operating Systems ECE344 Ding Yuan Announcements & reminders Lab schedule is out

1/13/13 Operating Systems ECE344 Ding Yuan Announcements & reminders Lab schedule is out Form your group of 2 by this Friday (18 th ), 5PM Grading policy: Final exam: 50% Midterm exam: 25% Lab assignment: 25%

433 views • 28 slides
Chapter 8: Main Memory Chapter 8: Memory Management Background Swapping

Chapter 8: Main Memory Chapter 8: Memory Management Background Swapping

Chapter 8: Main Memory Chapter 8: Memory Management Background Swapping Contiguous Memory Allocation Segmentation Paging Structure of the Page Table Example: The Intel 32 and 64-bit Architectures

936 views • 72 slides
Session 1 Definition and Structure of Operating Systems Sbastien Combfis Winter 2020 This

Session 1 Definition and Structure of Operating Systems Sbastien Combfis Winter 2020 This

SS201 Introduction to the Internal Design of Operating Systems Session 1 Definition and Structure of Operating Systems Sbastien Combfis Winter 2020 This work is licensed under a Creative Commons Attribution NonCommercial

707 views • 47 slides
15-853:Algorithms in the Real World Announcement (reminder): There is recitation this week:

15-853:Algorithms in the Real World Announcement (reminder): There is recitation this week:

15-853:Algorithms in the Real World Announcement (reminder): There is recitation this week: HW3 solution discussion and a few problems Exam: Nov. 26 5-pages of cheat sheet allowed Need not use all 5 pages of course! At

1.13k views • 94 slides
INTERCONNECTION IN ALBANIA AND ANIX 17/11/2018 (2018 UPDATE) Daniele Arena d.arena@namex.it

INTERCONNECTION IN ALBANIA AND ANIX 17/11/2018 (2018 UPDATE) Daniele Arena d.arena@namex.it

INTERCONNECTION IN ALBANIA AND ANIX 17/11/2018 (2018 UPDATE) Daniele Arena d.arena@namex.it Kledi Andoni kledi@anix.al ALNOG Albanian Network Operators Group TIRANA, 14th November 2018 - 1 - LAST YEAR - 2 - - 2 - TIRANA,

583 views • 18 slides
Dominant Species Embedded Information Technology Embedded = most processors! Systems 300

Dominant Species Embedded Information Technology Embedded = most processors! Systems 300

Dominant Species Embedded Information Technology Embedded = most processors! Systems 300 million PC and server Jakob Engblom 9000 million embedded Adj. Lektor, IT-inst Business Development Manager, Virtutech

559 views • 10 slides
CSEE 3827: Fundamentals of Computer Systems Information Representation Number systems: Base 10

CSEE 3827: Fundamentals of Computer Systems Information Representation Number systems: Base 10

CSEE 3827: Fundamentals of Computer Systems Information Representation Number systems: Base 10 (Decimal) 10 digits = {0,1,2,3,4,5,6,7,8,9} example: 4537.8 = (4537.8) 10 4 5 3 7 . 8 Number systems: Base 10 (Decimal) 10 digits

424 views • 25 slides

More recommend